The annoying aspect from somebody with decades of IT experience is - what should happen is that crowdstrike gets sued into oblivion, and people responsible for buying that shit should have an epihpany and properly look at how they are doing their infra.
But will happen is that they'll just buy a new crwodstrike product that promises to mitigate the fallout of them fucking up again.
I isn't even a Linux vs Windows thing but a competent at your job vs don't know what the fuck you are doing thing. Critical systems are immutable and isolated or as close as reasonably possible. They don't do live updates of third party software and certainly not software that is running privileged and can crash the operating system.
I couldn't face working in corporate IT with this sort of bullshit going on.
This is just like "what not to do in IT/dev/tech 101" right here. Every since I've been in the industry for literally decades at this point I was always told, even when in school, "Never test in production, never roll anything out to production on a Friday, if you're unsure have someone senior code review" of which, Crowdstrike, failed to do all of the above. Even the most junior of junior devs should know better. So the fact that this update was allowed go through...I mean blame the juniors, the seniors, the PM's, the CTO's, everyone. If your shit is so critical that a couple bad lines of poorly written code (which apparently is what it was) can cripple the majority of the world....yeah crowdstrike is done.
It’s incredible how an issue of this magnitude didn’t get discovered before they shipped it. It’s not exactly an issue that happens in some niche cases. It’s happening on all Windows computers!
This can only happen if they didn’t test their product at all before releasing to production. Or worse: maybe they did test, got the error, and they just “eh, it’s probably just something wrong with test systems”, and then shipped anyway.
This is just stupid.
It's also a "don't allow third party proprietary shit into your kernel" issue. If the driver was open source it would actually go through a public code review and the issue would be more likely to get caught. Even if it did slip through people would publically have a fix by now with all the eyes on the code. It also wouldn't get pushed to everyone simultaneously under the control of a single company, it would get tested and packaged by distributions before making it to end users.
I couldn't face working in corporate IT with this sort of bullshit going on.
im taking you don't work in IT anymore then?
More generally: delegate anything critical to a 3rd party and you've just put your business at the mercy of the quality (or lack thereof) of their own business processes which you do not control, which is especially dangerous in the current era of "cheapest as possible" hiring practices.
Having been in IT for almost 3 decades, a lesson I have learned long ago and which I've also been applying to my own things (such as having my own domain for my own e-mail address rather than using something like Google) was that you should avoid as much as possible to have your mission critical or hard to replace stuff dependent on a 3rd Party, especially if the dependency is Live (i.e. activelly connected rather than just buying and installing their software).
I've managed to avoid quite a lot of the recent enshittification exactly because I've been playing it safe in this domain for 2 decades.
Didn't Crowdstrike have a bad update to Debian systems back in April this year that caused a lot of problems? I don't think it was a big thing since not as many companies are using Crowdstrike on Debian.
Sounds like the issue here is Crowdstrike and not Windows.
They didn’t even bother to do a gradual rollout, like even small apps do.
The level of company-wide incompetence is astounding, but considering how organizations work and disregard technical people’s concerns, I’m never surprised when these things happen. It’s a social problem more than a technical one.
They didn't even bother to test their stuff, must have pushed to prod
(Technically, test in prod)
Everyone has a test environment
Some are lucky enough to also have a separate production environment
A crowdstrike update killed a bunch of our Linux VMs that had a newer kernel a month or so ago.
I've just spent the past 6 hours booting into safe mode and deleting crowd strike files on servers.
Feel you there. 4 hours here. All of them cloud instances whereby getting acces to the actual console isn't as easy as it should be, and trying to hit F8 to get the menu to get into safe mode can take a very long time.
Crowdstrike already killed some Linux machines. Let's not pretend Windows is at fault here or Linux is magically better in this area. No one is immune from software that can run as a kernel module going bad.
But, my superiority!
I work in hospitality and our systems are completely down. No POS, no card processing, no reservations, we're completely f'ked.
Our only saving grace is the fact that we are in a remote location and we have power outages frequently. So operating without a POS is semi-normal for us.
I've worked with POS systems my whole career and I still can't help think Piece Of Shit whenever I see it
I love how everyone understands the issue wrong. It's not about being on Windows or Linux. It's about the ecosystem that is common place and people are used to on Windows or Linux. On windows it's accepted that every stupid anticheat can drop its filthy paws into ring 0 and normies don't mind. Linux has a fostered a less clueless community, but ultimately it's a reminder to keep vigilant and strive for pure and well documented open source with the correct permissions.
BSODs won't come from userspace software
While that is true, it makes sense for antivirus/edr software to run in kernelspace. This is a fuck-up of a giant company that sells very expensive software. I wholeheartedly agree with your sentiment, but I mostly see this as a cautionary tale against putting excessive trust and power in the hands of one organization/company.
Imagine if this was actually malicious instead of the product of incompetence, and the update instead ran ransomware.
I am born too late to understand what Y2K problem was, this (the result) might be what people thought could happen.
Yep pretty much but on a larger scale.
1st please do not believe the bull that there was no problem. Many folks like me were paid to fix it before it was an issue. So other than a few companies, few saw the result, not because it did not exist. But because we were warned. People make jokes about the over panic. But if that had not happened, it would hav been years to fix, not days. Because without the panic, most corporations would have ignored it. Honestly, the panic scared shareholders. So boards of directors had to get experts to confirm the systems were compliant. And so much dependent crap was found running it was insane.
But the exaggerations of planes falling out of the sky etc. Was also bull. Most systems would have failed but BSOD would be rare, but code would crash and some works with errors shutting it down cleanly, some undiscovered until a short while later. As accounting or other errors showed up.
As other have said. The issue was that since the 1960s, computers were set up to treat years as 2 digits. So had no expectation to handle 2000 other than assume it was 1900. While from the early 90s most systems were built with ways to adapt to it. Not all were, as many were only developing top layer stuff. And many libraries etc had not been checked for this issue. Huge amounts of the infra of the world's IT ran on legacy systems. Especially in the financial sector where I worked at the time.
The internet was a fairly new thing. So often stuff had been running for decades with no one needing to change it. Or having any real knowledge of how it was coded. So folks like me were forced to hunt through code or often replace systems that were badly documented or more often not at all.
A lot of modern software development practices grew out of discovering what a fucking mess can grow if people accept an "if it ain't broke, don't touch it" mentality.
Am on holiday this week - called in to help deal with this shit show :(
Don't worry, George Kurtz (crowdstrike CEO) is unavailable today. He's got racing to do #04 https://www.gt-world-challenge-america.com/event/95/virginia-international-raceway
Would you really be paying for Crowdstrike for use at home?
I wanted to share the article with friends and copy a part of the text I wanted to draw attention to but the asshole site has selection disabled. Now I will not do that and timesnownews can go fuck themselves
It is annoying. Some possible solutions:
On desktop: Using Shift + ALT you often can overrule this and select text anyway.
On mobile: Using the reader mode or the Print preview often works. It does for me on this website.
It's also reported in Danish news now: https://www.dr.dk/nyheder/udland/store-it-problemer-flere-steder-i-verden
Same here. I was totally busy writing software in a new language and a new framework, and had a gazillion tabs on Google and stackexchange open. I didn't notice any network issues until I was on my way home, and the windows f-up was the one big thing in the radio news. Looks like Windows admins will have a busy weekend.
Only if they manage Crowdstrike systems, thankfully.
US and UK flights are grounded because of the issue, banks, media and some businesses not fully functioning. Likely we'll see more effects as the day goes on.
after reading all the comments I still have no idea what the hell crowdstrike is
Seems to be some sort of kernel-embedded threat detection system. Which is why it was able to easily fuck the OS. It was running in the most trusted space.
Company offering new-age antivirus solutions, which is to say that instead of being mostly signature-based, it tries to look at application behavior instead. If Word was exploited because some user opened not_a_virus_please_open.docx from their spam folder, Word might be exploited and end up running some malware that tries to encrypt the entire drive. It's supposed to sniff out that 1. Word normally opens and saves like one document at a time and 2. some unknown program is being overly active. And so it should stop that and ring some very loud alarm bells at the IT department.
Basically they doubled down on the heuristics-based detection and by that, they claim to be able to recognize and stop all kinds of new malware that they haven't seen yet. My experience is that they're always the outlier on the top-end of false positives in business AV tests (eg AV-Comparatives Q2 2024) and their advantage has mostly disappeared since every AV has implemented that kind of behavior-based detection nowadays.
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0