CrowdStrike Update Causes Global Microsoft Outage Affecting Banks, Airlines And More (www.forbes.com)
from AnActOfCreation@programming.dev to technology@lemmy.world on 19 Jul 2024 12:52
https://programming.dev/post/17068083

#technology

threaded - newest

n3cr0@lemmy.world on 19 Jul 2024 13:29 next collapse

And that’s why the IT dept needs to test all software updates before rolling them out on the productive systems.

Ok_imagination@lemmy.world on 19 Jul 2024 13:34 next collapse

If they’re as slow to roll out the updates to CS as they are the rest of the updates we’ll be a year behind on CS updates haha.

BarbecueCowboy@lemmy.world on 19 Jul 2024 14:11 collapse

Been awhile since we’ve POCed Crowdstrike, but I don’t think you can set the cadence on updates for Crowdstrike. I believe Crowdstrike enforces auto-updates, it was at least the default setting.

themeatbridge@lemmy.world on 19 Jul 2024 13:37 next collapse

Yeah, a lot of people are (understandably) mad at Crowdstrike right now, but I want to drag some c-suite executives into a conference room and impress upon them the value of allocating budget for test environments and disaster recovery. Banks, airlines, service providers, these aren’t mom-and-pop bakeries and plumbers who don’t have time for all that nonsense. Every service that went down should be looking for the fuckwit in their organization, and they’re probably in the executive lounge. Anyone can make a mistake, but it takes dedication to systematically ignore the best advice of top experts in the field and run your infrastructure on a shoestring budget.

teft@lemmy.world on 19 Jul 2024 14:00 next collapse

IT is just a cost center to most executives.

melroy@kbin.melroy.org on 19 Jul 2024 14:51 collapse

Software development is also a cost center in my company I work for.

elvith@feddit.org on 19 Jul 2024 14:11 next collapse

… value of allocating budget for test environments and disaster recovery …

I mean, they do have a test environment. Everyone does have one!

They’re just missing a separated production environment…

Crackhappy@lemmy.world on 19 Jul 2024 15:06 next collapse

Man, money for a test environment is pretty low on my list of priorities right now. I’m trying to row a 20 man boat with one other person.

paraphrand@lemmy.world on 19 Jul 2024 17:45 collapse

The CTO of Clownstrike presided over a similar disaster in 2010 too. AFAIK.

TimeSquirrel@kbin.melroy.org on 19 Jul 2024 13:49 next collapse

Yes, don't do what I do at home and edit live PHP with users on the server...

NOT_RICK@lemmy.world on 19 Jul 2024 14:06 next collapse

Nah real men commit straight to prod. Why yes, I do have 13 bastard children, condoms are also for cowards

Lost_My_Mind@lemmy.world on 19 Jul 2024 14:19 collapse

Guys…this is TOTALLY Rick. He’s just avoiding his child support payments.

NOT_RICK@lemmy.world on 19 Jul 2024 14:26 collapse

I invoke the shaggy defense

melroy@kbin.melroy.org on 19 Jul 2024 14:51 next collapse

Deploy to prd! I'm on holiday.

[deleted] on 20 Jul 2024 03:24 collapse

.

Montagge@lemmy.zip on 19 Jul 2024 13:34 next collapse

Who knew that having one operating system running everything would be a bad idea

Aatube@kbin.melroy.org on 19 Jul 2024 13:39 next collapse

One security system with forced automatic updates *

Edit: with kernel permissions

melroy@kbin.melroy.org on 19 Jul 2024 14:49 collapse

Even then. This software isnt for Linux. Dammit, it is..

mosiacmango@lemm.ee on 19 Jul 2024 15:13 next collapse

It is. It has linux AV available, but 99% of its install base is going to be windows.

melroy@kbin.melroy.org on 19 Jul 2024 19:58 collapse

Avoid using it for Linux that is for sure after today! If this will happen to all linux device, there is no working internet anymore.

catloaf@lemm.ee on 19 Jul 2024 15:35 collapse

www.crowdstrike.com/partners/falcon-for-red-hat/

melroy@kbin.melroy.org on 19 Jul 2024 19:58 collapse

"Reduce exposure", they take that very seriously.

CalcProgrammer1@lemmy.ml on 19 Jul 2024 13:46 collapse

Who knew that allowing, no, PAYING third parties to inject whatever the fuck they want encrypted proprietary binary blobs into the highest privilege and most dangerous level of your operating system without any user acknowledgement or third party code review could possibly have negative consequences?

This is also why we shouldn’t be allowing kernel anticheat games on our PCs by the way. One day Crowdstrike, the next day it could be Riot Vanguard. Proprietary shitware has no place in your kernel (though in Windows’ case the entire kernel itself is proprietary, maybe do something about that next).

paraphrand@lemmy.world on 19 Jul 2024 17:48 collapse

Yes, Riot is going to take down infrastructure.

[deleted] on 20 Jul 2024 03:26 collapse

.

altima_neo@lemmy.zip on 19 Jul 2024 13:37 next collapse

What is crowd strike and is it a Microsoft product?

Aatube@kbin.melroy.org on 19 Jul 2024 13:39 collapse

CrowdStrike is a popular third-party suite of security software that has forced OTA updates. https://www.cnn.com/2024/07/19/tech/crowdstrike-update-global-outage-explainer/index.html It’s not a Microsoft product.

0x0@programming.dev on 19 Jul 2024 13:45 next collapse

Cmon guys, it’s Crowdstrike implementing the 4 day week.

candybrie@lemmy.world on 19 Jul 2024 15:26 collapse

Or the 7 day week if you’re in IT.

melroy@kbin.melroy.org on 19 Jul 2024 14:48 next collapse

Luckily I'm using Linux!

prettydarknwild@lemmy.world on 19 Jul 2024 17:11 collapse

crowdstrike doing just a little of tomfoolery