this post was submitted on 23 Jul 2024
51 points (94.7% liked)

Europe

1682 readers
415 users here now

News and information from Europe 🇪🇺

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in !yurop@lemm.ee. (They're cool, you should subscribe there too!)
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)

(This list may get expanded when necessary.)

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the mods: @federalreverse@feddit.org, @poVoq@slrpnk.net, or @anzo@programming.dev.

founded 6 months ago
MODERATORS
 

cross-posted from: https://awful.systems/post/1965658

Kind of sharing this because the headline is a little sensationalist and makes it sound like MS is hard right (they are, but not like this) and anti-EU.

I mean, they probably are! Especially if it means MS is barred from monopolies and vertical integration.

all 15 comments
sorted by: hot top controversial new old
[–] connaisseur@feddit.org 58 points 5 months ago (1 children)

Soooo… EU is responsible to write Crowdstrike code with bugs that gets deployed without any QA? Interesting. And EU is directing rules for the rest of the world as well, where the same issue happened as within EU? This is populist bullshit in full swing.

[–] KasimirDD@feddit.org 44 points 5 months ago* (last edited 5 months ago) (2 children)

As far as I understand it, the EU is to blame because it forced Microsoft to open up the Windows kernel for software such as Crowdstrike's. Why the Linux kernel has protection against precisely the flaw that has occurred and the Windows kernel does not, however, remains MS's secret.

[–] connaisseur@feddit.org 31 points 5 months ago* (last edited 5 months ago)

The regulation only states that there must be a level playing field with respect to API access and possibilities in comparison for Microsoft tools and 3rd party tools. The regulation does not state that the APIs have to be inherently insecure and unstable if used in a wrong way, which is what happened. Crowdstrike released a buggy update that crashed their own driver, which is just showing how bad their software as a whole really is.

[–] misk@sopuli.xyz 7 points 5 months ago (1 children)

Linux has the same issue and was also affected by Crowdstrike earlier this year.

[–] KasimirDD@feddit.org 10 points 5 months ago

I know, but someone (KP Singh, I think?) already provided a fix for this. In the end, it's not about any system being error-free, but about how these errors are dealt with. Crowdstrike screwed up and Microsoft could have fixed this vulnerability after the Linux kernel incident. Maybe. But now pointing the finger at an uninvolved third party is just PR.

[–] TheBronko@lemmy.world 42 points 5 months ago* (last edited 5 months ago) (2 children)

The EU is not responsible for the QA failure of the market. Does Microsoft employ lunatics that do not recognise the reality?

[–] uebquauntbez@lemmy.world 9 points 5 months ago

Watching USA lately, I think it's an special American feature being off-reality.

[–] misk@sopuli.xyz 28 points 5 months ago* (last edited 5 months ago) (1 children)

All that EU mandates is equal access to system features by the competitors.

What Microsoft is saying is that they would never fuck up like Crowdstrike did. That's bullshit - they are human too and need security enforced at an architectural level. The other thing that Microsoft is saying is that they could not prevent this. That's also bullshit because others did.

Windows and Linux allow third party apps to run at kernel / driver level and consequences of that are on those operating systems. It wasn't even the first time this happened. Crowdstrike was responsible for similar issue on Linux earlier this year and it was also caused by a kernel module crash.

Apple doesn't allow kernel / driver level access for apps and replaced those with API few years ago. It's no coincidence Crowdstrike didn't manage to break MacOS so far. There's nothing stopping Microsoft from implementing something similar.

Obviously Crowdstrike is at fault here but so is Microsoft.

[–] BananaTrifleViolin@lemmy.world 13 points 5 months ago* (last edited 5 months ago) (1 children)

This whole story is just PR bullshit and spin by Microsoft.

They're trying to draw attention away from the major problem: that they are a monopoly and with Crowdstrike they're forming a duopoly for their customerbase which has caused great over reliance and vulnerability in global systems and services.

Microsoft are trying to preempt the solution to this problem - opening up access further for competitors so companies have viable choices for cloud based platforms and services if they use Microsoft windows.

The problem was not that Microsoft has to give access so competitors are able to develop security products. Its that anti-competitive behaviour has caused homogenous systems for big companies allowing a point failure that has caused massive financial damage.

MacOS is not really relevant in this - this is about cloud services and platforms so Microsoft, Amazon and Google.

[–] misk@sopuli.xyz 3 points 5 months ago

MacOS is relevant to this specific issue. It's an example of an OS that mitigated risk in a way that would be compliant with EU requirements Microsoft is blaming this on.

[–] fushuan@lemm.ee 2 points 5 months ago

Yet, faulty drivers crapoing your bed without a way for IT remotely being able to access the pc isnkinda your fault, they could have done that with zero EU violations...

[–] autotldr@lemmings.world 1 points 5 months ago

This is the best summary I could come up with:


A 2009 agreement insisted on by the European Commission meant that Microsoft could not make security changes that would have blocked the update from cybersecurity firm Crowdstrike that caused an estimated 8.5 million computers to fail, the Big Tech giant said in comments to the Wall Street Journal newspaper.

Thousands of flights were delayed or cancelled, leaving passengers stranded at airports worldwide, the UK's NHS service was affected and contactless payments failed to work.

Microsoft has Windows Defender, its in-house alternative to CrowdStrike, but because of the 2009 agreement made to avoid a European competition investigation, had allowed multiple security providers to install software at the kernel level.

Microsoft's main competitor, Apple, in 2020 blocked access to the kernel on its Mac computers, arguing it would improve security and reliability.

Speaking to the Wall Street Journal, a Microsoft spokesman said the company could not make a similar change because of the EU agreement.

Under its new Digital Markets Act, Europe is currently trying to force Apple to give access to its iPhone to allow alternative app stores and web browsers to be used.


The original article contains 348 words, the summary contains 183 words. Saved 47%. I'm a bot and I'm open source!

[–] DogPeePoo@lemm.ee 1 points 5 months ago