this post was submitted on 19 Jul 2024
2021 points (99.1% liked)

linuxmemes

21222 readers
98 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     

    CrowdStrike effectively bricked windows, Mac and Linux today.

    Windows machines won’t boot, and Mac and Linux work is abandoned because all their users are on twitter making memes.

    Incredible work.

    top 50 comments
    sorted by: hot top controversial new old
    [–] SexualPolytope@lemmy.sdf.org 173 points 3 months ago (3 children)

    Come on, it was right in their name. CrowdStrike. They were threatening us all this time.

    [–] mortemtyrannis@lemmy.ml 45 points 3 months ago* (last edited 3 months ago)

    We formed a crowd, then BAM, they striked.

    We should have seen this coming!!!

    [–] El_guapazo@lemmy.world 16 points 3 months ago

    Clown strike

    load more comments (1 replies)
    [–] Klanky@sopuli.xyz 133 points 3 months ago (2 children)

    I wish my Windows work machine wouldn’t boot. Everything worked fine for us. :-(

    [–] Affidavit@lemm.ee 55 points 3 months ago (2 children)

    Could be worse. I was the only member of my entire team who didn't get stuck in a boot loop, meaning I had to do their work as well as my own... Can't even blame being on Linux as my work computer is Windows 11, I got 'lucky'; I just got a couple of BSODs and the system restarted just fine.

    [–] Rivalarrival 57 points 3 months ago (1 children)

    Funny, mine did a couple BSODs then restarted just fine, at first. Then a fist shaped hole appeared in the monitor and it wouldn't turn on again.

    Weird bug.

    [–] Ransack@lemmy.dbzer0.com 25 points 3 months ago (3 children)

    Lol why is it always the monitor to get beat. It only has one job, just to show you what the computer is outputting lol

    [–] ChickenLadyLovesLife@lemmy.world 38 points 3 months ago (3 children)

    why is it always the monitor to get beat

    Because it's within arm's reach and the developers aren't.

    load more comments (3 replies)
    load more comments (2 replies)
    [–] StupidBrotherInLaw@lemmy.world 21 points 3 months ago (1 children)

    You're a much more honest person than I am. I'd have just claimed mine was BSODing too.

    load more comments (1 replies)
    load more comments (1 replies)
    [–] snausagesinablanket@lemmy.world 113 points 3 months ago (7 children)

    Imagine this happening during open heart surgery and all the monitors go blue!

    [–] AnxiousOtter@lemmy.world 131 points 3 months ago (4 children)

    Good lord I would hope critical surgical computers like that aren't networked externally... Somehow I'm guessing I'm wrong.

    [–] Hupf@feddit.de 120 points 3 months ago (2 children)

    Fear not, that's why we deploy extra security software to these critical systems. It's called Crowdsource or something.

    [–] harrys_balzac@lemmy.dbzer0.com 47 points 3 months ago (3 children)
    [–] BakedCatboy@lemmy.ml 32 points 3 months ago (3 children)
    load more comments (3 replies)
    load more comments (2 replies)
    load more comments (1 replies)
    [–] LaFinlandia@sopuli.xyz 52 points 3 months ago (1 children)

    Maybe not everywhere, but all of ours are air gapped.

    [–] AnxiousOtter@lemmy.world 35 points 3 months ago

    Good, they absolutely should be.

    load more comments (2 replies)
    [–] half@lemy.lol 26 points 3 months ago (5 children)

    Anecdotal, but my spouse was in surgery during the outage and it went fine, so I imagine they take precautions (like probably having a test machine for updates before they install anything on the real one, maybe)

    [–] Blank@lemmy.world 37 points 3 months ago

    There were no test rings for this one and it wasn't a user controlled update. It was pushed by CS in a way that couldn't be intercepted/tested/vetted by the consumer unless your device either doesn't have CS installed or isn't on an external network.. or I suppose you could block CS connections at the firewall. 🤷‍♂️

    load more comments (4 replies)
    load more comments (5 replies)
    [–] danc4498@lemmy.world 79 points 3 months ago (4 children)

    Is there a good eli5 on what crowdstrike is, why it is so massively used, why it seems to be so heavily associated with Microsoft and what the hell happened?

    [–] Baggie@lemmy.zip 100 points 3 months ago (2 children)

    Gonna try my best here:

    Crowdstrike is an anti-virus program that everyone in the corporate world uses for their windows machines. They released a update that made the program fail badly enough that windows crashes. When it crashes like this, it tries to restart in case it fixes the issue, but here it doesn't, and computers get stuck in a loop of restarting.

    Because anti-virus programs are there to prevent bad things from happening, you can't just automatically disable the program when it crashes. This means a lot of computers cannot start properly, which means you also cannot tell the computers to fix the problem remotely like you usually would.

    The end result is a bunch of low level techs are spending their weekends manually going to each computer individually, and swapping out the bad update file so the computer can boot. It's a massive failure on crowdstrikes part, and a good reason you shouldn't outsource all your IT like people have been doing.

    [–] themeatbridge@lemmy.world 78 points 3 months ago (4 children)

    It's also a strong indicator that companies are not doing enough to protect their own infrastructure. Production servers shouldn't have third party software that auto-updates without going through a test environment. It's one thing to push emergency updates if there is a timely concern or vulnerability, but routine maintenance should go through testing before being promoted to prod.

    [–] PainInTheAES@lemmy.world 41 points 3 months ago (1 children)

    It's because this got pushed as a virus definition update and not a client update bypassing even customer staging rules that should prevent issues like this. Makes it a little more understandable because you'd want to be protected against current threats. But, yeah should still hit testing first if possible.

    [–] suction@lemmy.world 22 points 3 months ago (2 children)

    If a company disguises a software update as a virus definition update, that be a huge scandal and no serious company should ever work with them again…are you sure that’s what happened?

    [–] Gestrid@lemmy.ca 20 points 3 months ago

    It wasn't a virus definitions update. It was a driver update. The driver is used to identify and block threats incoming from wifi and wired internet.

    The "Outage" section of the Wikipedia article goes into more detail: https://en.wikipedia.org/wiki/2024_CrowdStrike_incident#Outage

    load more comments (1 replies)
    load more comments (3 replies)
    load more comments (1 replies)
    [–] captain_aggravated@sh.itjust.works 68 points 3 months ago (18 children)

    Crowdstrike is a cybersecurity company that makes security software for Windows. It apparently operates at the kernel-level, so it's running in the critical path of the OS. So if their software crashes, it takes Windows down with it.

    This is very popular software. Many large entities including fortune 500 companies, transport authorities, hospitals etc. use this software.

    They pushed a bad update which caused their software to crash, which took Windows down with it on an extremely large number of machines worldwide.

    Hilariously bad.

    [–] ipkpjersi@lemmy.ml 16 points 3 months ago (3 children)

    Honestly it is kind of hilarious, with how many people I have had make fun of me for using Linux, and now here I am laughing from my Linux desktop lol

    load more comments (3 replies)
    load more comments (17 replies)
    load more comments (2 replies)
    [–] bappity@lemmy.world 76 points 3 months ago* (last edited 3 months ago) (17 children)

    ~~cloudstrike~~ crowdstrike should be sued into hell

    [–] GregorTacTac@lemm.ee 25 points 3 months ago (1 children)
    [–] Prunebutt@slrpnk.net 46 points 3 months ago (2 children)
    [–] Land_Strider@lemmy.world 23 points 3 months ago (1 children)

    Counter Stri... no not that.

    [–] bappity@lemmy.world 22 points 3 months ago

    "the bomb has been planted" - the intern that pushed the update at crowd strike or whatever

    load more comments (1 replies)
    [–] ChairmanMeow@programming.dev 19 points 3 months ago (1 children)

    Better rebrand to Clownstrife I guess.

    load more comments (1 replies)
    load more comments (15 replies)
    [–] Lucidlethargy@sh.itjust.works 39 points 3 months ago

    Lol, they only bricked specific machines running their product. Everyone else was fine.

    This was a business problem, not a user problem.

    [–] PrettyFlyForAFatGuy@feddit.uk 35 points 3 months ago* (last edited 3 months ago) (1 children)

    As a career QA, i just do not understand how this got through? Do they not use their own software? Do they not have a UAT program?

    Heads will roll for this

    [–] HyperMegaNet@lemm.ee 21 points 3 months ago (4 children)

    From what I've read, it sounds like the update file that was causing the problems was entirely filled with zeros; the patched file was the same size but had data in it.

    My entirely speculative theory is that the update file that they intended to deploy was okay (and possibly passed internal testing), but when it was being deployed to customers there was some error which caused the file to be written incorrectly (or somehow a blank dummy file was used). Meaning the original update could have been through testing but wasn't what actually ended up being deployed to customers.

    I also assume that it's very difficult for them to conduct UAT given that a core part of their protection comes from being able to fix possible security issues before they are exploited. If they did extensive UAT prior to deploying updates, it would both slow down the speed with which they can fix possible issues (and therefore allow more time for malicious actors to exploit them), but also provide time for malicious parties to update their attacks in response to the upcoming changes, which may become public knowledge when they are released for UAT.

    There's also just an issue of scale; they apparently regularly release several updates like this per day, so I'm not sure how UAT testing could even be conducted at that pace. Granted I've only ever personally involved with UAT for applications that had quarterly (major) updates, so there might be ways to get it done several times a day that I'm not aware of.

    None of that is to take away from the fact that this was an enormous cock up, and that whatever processes they have in place are clearly not sufficient. I completely agree that whatever they do for testing these updates has failed in a monumental way. My work was relatively unaffected by this, but I imagine there are lots of angry customers who are rightly demanding answers for how exactly this happened, and how they intend to avoid something like this happening again.

    [–] WhyFlip@lemmy.world 17 points 3 months ago (1 children)

    If only there were a way to check a file's integrity.

    load more comments (1 replies)
    load more comments (3 replies)
    [–] db2@lemmy.world 23 points 3 months ago (11 children)

    They make software for both of them also though, IMO they're at fault for sure but so should be Microsoft for making a trash operating system.

    [–] sylver_dragon@lemmy.world 59 points 3 months ago (6 children)

    Not saying Windows isn't trash, but considering what CrowdStrike's software is, they could have bricked Mac or Linux just as hard. The CrowdStrike agent has pretty broad access to modify and block execution of system files. Nuke a few of the wrong files, and any OS is going to grind to a halt.

    [–] Djtecha@lemm.ee 19 points 3 months ago (7 children)

    Probably would have been worse if this was on Linux. That's like 90% of the internet.

    load more comments (7 replies)
    load more comments (5 replies)
    [–] Montagge@lemmy.zip 16 points 3 months ago

    I'd say the issue isn't that Windows is a trash OS, but everyone using the exact same trash OS and same trash security program.

    load more comments (9 replies)
    load more comments
    view more: next ›