view the rest of the comments
World News
A community for discussing events around the World
Rules:
-
Rule 1: posts have the following requirements:
- Post news articles only
- Video links are NOT articles and will be removed.
- Title must match the article headline
- Not United States Internal News
- Recent (Past 30 Days)
- Screenshots/links to other social media sites (Twitter/X/Facebook/Youtube/reddit, etc.) are explicitly forbidden, as are link shorteners.
-
Rule 2: Do not copy the entire article into your post. The key points in 1-2 paragraphs is allowed (even encouraged!), but large segments of articles posted in the body will result in the post being removed. If you have to stop and think "Is this fair use?", it probably isn't. Archive links, especially the ones created on link submission, are absolutely allowed but those that avoid paywalls are not.
-
Rule 3: Opinions articles, or Articles based on misinformation/propaganda may be removed. Sources that have a Low or Very Low factual reporting rating or MBFC Credibility Rating may be removed.
-
Rule 4: Posts or comments that are homophobic, transphobic, racist, sexist, anti-religious, or ableist will be removed. “Ironic” prejudice is just prejudiced.
-
Posts and comments must abide by the lemmy.world terms of service UPDATED AS OF 10/19
-
Rule 5: Keep it civil. It's OK to say the subject of an article is behaving like a (pejorative, pejorative). It's NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.
-
Rule 6: Memes, spam, other low effort posting, reposts, misinformation, advocating violence, off-topic, trolling, offensive, regarding the moderators or meta in content may be removed at any time.
-
Rule 7: We didn't USED to need a rule about how many posts one could make in a day, then someone posted NINETEEN articles in a single day. Not comments, FULL ARTICLES. If you're posting more than say, 10 or so, consider going outside and touching grass. We reserve the right to limit over-posting so a single user does not dominate the front page.
We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.
All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.
Lemmy World Partners
News !news@lemmy.world
Politics !politics@lemmy.world
World Politics !globalpolitics@lemmy.world
Recommendations
For Firefox users, there is media bias / propaganda / fact check plugin.
https://addons.mozilla.org/en-US/firefox/addon/media-bias-fact-check/
- Consider including the article’s mediabiasfactcheck.com/ link
CrowdStrike will ultimately have contract terms that put responsibility on the companies, and truth be told the companies should be able to handle this situation with relative ease. Maybe the discussion here should be on the fragility of Windows and why Linux is a better option.
Linux could have easily been bricked in a similar fashion by pushing a bad kernel or kernel module update that wasn't tested enough. Not saying it's the same as Windows, but this particular scenario where someone can push a system component just like that can fuck up both.
Yes it can, but a kernel update is a completely different scenario, and managed individually by companies as part of their upgrades. It is usually tested and rolled out incrementally.
Furthermore, Linux doesn't blue screen. I know some scenarios where Linux has issues, but I can count on one finger the amount of times I've had an update cause issues booting... and that was because I was using some newer encryption settings as part of systemd.
However, it would take all my fingers & toes, and then some, to count the number of blue screens I've gotten with Windows... and I don't think I'm alone in that regard.
Linux doesn't blue screen, no. A kernel panic is a black screen.
And you're running corporate kernel level security software on your encrypted Linux server?
I guess it depends on what you consider corporate kernel level security. Would that include AppArmor, SELinux, and other tools that are open-source but used in some of the most secure corporate and government environments? Or are you asking if I'm running proprietary untrusted code on a Linux server with access to the system kernel?
Tell me you’ve never administered at scale without telling me you’ve never administered at scale.
Bruh, disk encryption is not optional in many environments and dealing with unbootable LUKS Linux is pretty much on par with an unbootable Bitlocker Windows machine.
In this case, it's really not a Linux/windows thing except by the most tenuous reasoning.
A corrupted piece of kernel level software is going to cause issues in any OS.
Cloudstrike itself has actually caused kernel panics on Linux before, albeit less because of a corrupted driver and more because of programming choices interacting with kernel behavior. (Two bugs: you shouldn't have done that, and it shouldn't have let you).
Tenuously, Linux is a better choice because it doesn't need this type of software as much. It's easier and more efficient to do packet inspection via dedicated firewall for infrastructure, and the other parts are already handled by automation and reporting tools you already use.
You still need something in this category if you need to solve the exact problem of "realtime network and filesystem event monitoring on each host", but Linux makes it easier to get right up to that point without diving into the kernel.
Also vendors managing auto update is just less of a thing on Linux, so it's more the cultural norm to manage updates in a way that's conducive to staggering that would have caught this.
Contract wise, I'm less confident that crowd strike has favorable terms.
It's usually consumers who are straddled with atrocious terms because they neither have power nor the interest in digging into the specifics too far.
Businesses, particularly ones that need or are interested in this category of software, inevitably have lawyers to go over contract terms in much more detail and much more ability to refuse terms and have it matter to the vendor. United airlines isn't going to accept the contract terms of caveat emptor.
You assume that businesses operate in good faith. That they thoroughly review contracts to ensure that they are fair and in the best interests of all its employees. Do you really think Greg, a VP of Cloud Solutions that makes 500k a year, who gets his IT advice on the golf course by AWS, Microsoft, & Oracle reps. Who gets wined & dined almost weekly by these reps, and a speaking spot at re:Invent, and believes Gartner when it says spending $5 million a month on cloud hosting and $90/TB on Egress traffic is normal, has the company's best interests in mind?
I've seen companies pay millions for things they never used, or that weren't ever provided by the vendor. You go to your managers, and say... "hey, why are we paying for this?" and suddenly you're the bad guy. I'd love for you to prove me wrong. I've found pieces of progress before, within isolated teams when a manager wanted to actually accomplish something. It never lasts though... its like being an ice cube in a glass full of warm water.
There's a big difference between "buying stuff you don't need", and "not having legal review a contract", or "accepting terms that include no liability".
Buying stuff you don't need is in the authority of a VP seeing as their job is to make choices. Bypassing legal review and accounting diligence controls typically isn't at any company big enough to matter.
I trust your hypothetical VP to not want to get fired from his nice job by skipping the paperwork for a done deal.
Do you honestly think that Amazon just didn't read the contract? Microsoft? Google? The US government?
They're getting sued, and they're gonna have to pay some money. Cynicism is one thing, but taking it to the degree of believing that people are signing unread contracts that waive liability for direct, attributable damage caused by unprofessional negligence is just assinine.
Terms which should be void as this update was pushed to systems that explicitly disabled automatic updates.
Companies were literally raped by Crowdstrike.
/edit Sauce (bottom paragraph)
Companies were not raped by CrowdStrike. They were raped by their own ineptitude.
No where have I seen evidence where these updates were disabled and still got pushed. I'm not saying it is impossible, but unlikely if they followed any common sense and best practices. Usually, you'd be monitoring traffic and asking yourself why it is still checking for updates despite being disabled before deploying it to your entire IT infrastructure.
I see a lot of bad faith arguments here against CrowdStrike. I agree that they messed up, but it pales in comparison in my book to how messed up these companies are for not doing any basic planning around IT infrastructure & automation to be able to recover quickly.