• Norgur
    link
    fedilink
    1035 months ago

    See, Netflix? You don’t need to ramble on for two seasons to tell a fucking Story.

    • Pennomi
      link
      English
      135 months ago

      I bet we could stretch each tweet into a season.

    • @Cosmos7349
      link
      English
      65 months ago

      idunno the advertising metrics say that people didn’t engage with this story as long.

  • Justin
    link
    fedilink
    English
    565 months ago

    The real blame lies on the fact that Windows lets hundreds of companies like Crowdstrike ship kernel-level software to millions of computers. The fact that this incident was caused by an accidental bug is hilarious, but we’re lucky that it wasn’t someone pushing malicious software instead.

    Windows drivers are a huge liability and I wouldn’t be surprised if the next time is a state actor like Russia pushing kernel-level malware.

    • @NOT_RICK
      link
      English
      435 months ago

      I hate how many video games come with kernel level anti cheat, it’s an attractive target for hacks

      • @Broken_Monitor
        link
        English
        165 months ago

        The helldivers community fucking hates me for pointing this out. Don’t buy helldivers, or any other game packaged with such bullshit.

        • Justin
          link
          fedilink
          English
          65 months ago

          Is helldivers anticheat kernel level? I play it just fine on Linux.

          • @Broken_Monitor
            link
            English
            115 months ago

            Yup. NProtect Gameguard. They got called out for it on day one, but then everyone was like “wow this game is good, so never mind!” Arrowhead CEO outright admitted to it but claimed it’s normal and necessary.

            To me it’s like if some company wanted to dig through my mail whenever they wanted and defended themselves with “but we won’t do anything malicious! Its to keep you safe!” They can fuck right off with that nonsense.

    • @[email protected]
      link
      fedilink
      English
      23
      edit-2
      5 months ago

      The real fuck up is that Crowdstrike Falcon can auto update through its own updater, and doesn’t have any kind of control panel for management that could be used for change control. If their customers could have tested this update first, none of this would be happening.

      • Pennomi
        link
        English
        175 months ago

        Or if they were smart enough to do a phased rollout to a small percentage of users before deploying worldwide. That catches most issues quickly.

        • Justin
          link
          fedilink
          English
          55 months ago

          Or if Microsoft reviewed drivers before signing them.

          • KmlSlmk64
            link
            English
            45 months ago

            I think they do (or at least I’ve seen it mentioned), but this wa apparently caused a by a bad configuration fil for that driver. (A 40-something kB file pf pure zeroes)

      • @quinkin
        link
        English
        45 months ago

        Yep. A lot of customers were running n-1 or even n-2 of their falcon sensor release to mitigate risk. Doesn’t count for shit though if the “deployed content” bypasses all of that.

      • sunnie
        link
        fedilink
        English
        2
        edit-2
        5 months ago

        an antivirus-like software is something you want auto updates for in my opinion

    • subignition
      link
      fedilink
      11
      edit-2
      5 months ago

      Let’s be real, Microsoft wouldn’t do a hell of a lot better even if they had that stuff locked down. Their fuckups just tend to hit the general public a little more frequently than enterprise customers.

      Edit: I wrote this before I learned about yesterday’s Azure outage lol. That definitely adds to my point.

    • sunnie
      link
      fedilink
      English
      25 months ago

      so you’re saying you shouldn’t be able to install any software with drivers? there’s nothing microsoft can do about mass installing a program with elevated privileges, especially if it had actual uses like this

      • Justin
        link
        fedilink
        English
        15 months ago

        The average person or IT dept should not have to, no. It is very rare to install third party drivers on MacOS and Linux, and the fact that it’s even needed for an antivirus is insane.

  • NickwithaC
    link
    English
    275 months ago

    Grand opening, grand closing.

  • @givesomefucks
    link
    English
    16
    edit-2
    5 months ago

    A press conference where they explain it by bringing this guy up and saying:

    First of all, Fillibuster

    And just let this dude walk up and ramble about nonsense would be awesome.

    *Obviously the post has to be a joke, and the name probably is too