this post was submitted on 19 Jul 2024
783 points (94.4% liked)

Linux

48220 readers
814 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

This isn't a gloat post. In fact, I was completely oblivious to this massive outage until I tried to check my bank balance and it wouldn't log in.

Apparently Visa Paywave, banks, some TV networks, EFTPOS, etc. have gone down. Flights have had to be cancelled as some airlines systems have also gone down. Gas stations and public transport systems inoperable. As well as numerous Windows systems and Microsoft services affected. (At least according to one of my local MSMs.)

Seems insane to me that one company's messed up update could cause so much global disruption and so many systems gone down :/ This is exactly why centralisation of services and large corporations gobbling up smaller companies and becoming behemoth services is so dangerous.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 79 points 4 months ago (4 children)

While I don’t totally disagree with you, this has mostly nothing to do with Windows and everything to do with a piece of corporate spyware garbage that some IT Manager decided to install. If tools like that existed for Linux, doing what they do to to the OS, trust me, we would be seeing kernel panics as well.

[–] [email protected] 24 points 4 months ago (1 children)

I wouldn't call Crowdstrike a corporate spyware garbage. I work as a Red Teamer in cybersecurity, and EDRs are bane of my existence - they are useful, and pretty good at what they do. In the last few years, I'm struggling more and more to with engagements we do, because EDRs just get in the way and catch a lot of what would pass undetected a month ago. Staying on top of them with our tooling is getting more and more difficult, and I would call that a good thing.

I've recently tested a company without EDR, and boy was it a treat. Not defending Crowdstrike, to call that a major fuckup is great understatement, but calling it "corporate spyware garbage" feels a little bit unfair - EDRs do make a difference, and this wasn't an issue with their product in itself, but with irresponsibility of their patch management.

[–] [email protected] 2 points 4 months ago

Fair enough.

Still this fiasco proved once again that the biggest thread to IT sometimes is on the inside. At the end of the day a bunch of people decided to buy Crowdstrike and got screwed over. Some of them actually had good reason to use a product like that, others it was just paranoia and FOMO.

[–] [email protected] -2 points 4 months ago (3 children)

How is it not a window problem?

[–] [email protected] 3 points 4 months ago

It is on the sense that Windows admins are the ones that like to buy this kind of shit and use it. It's not on the sense that Windows was broken somehow.

[–] [email protected] 15 points 4 months ago* (last edited 3 months ago)

The fault seems to be 90/10 CS, MS.

MS allegedly pushed a bad update. Ok, it happens. Crowdstrike's initial statement seems to be blaming that.

CS software csagent.sys took exception to this and royally shit the bed, disabling the entire computer. I don't think it should EVER do that, so the weight of blame must lie with them.

The really problematic part is, of course, the need to manually remediate these machines. I've just spent the morning of my day off doing just that. Thanks, Crowdstrike.

EDIT: Turns out it was 100% Crowdstrike, and the update was theirs. The initial press release from CS seemed to be blaming Microsoft for an update, but that now looks to be misleading.

[–] [email protected] 19 points 4 months ago (1 children)

Why should it be? A faulty software update from a 3rd party crashes the operating system. The exact same thing could happen to Linux hosts as well with how much access those IPSec programms usually get.

[–] [email protected] 32 points 4 months ago (1 children)

Hate to break it to you, but most IT Managers don't care about crowdstrike: they're forced to choose some kind of EDR to complete audits. But yes things like crowdstrike, huntress, sentinelone, even Microsoft Defender all run on Linux too.

[–] [email protected] 4 points 4 months ago

Yeah, you’re right.

[–] [email protected] 64 points 4 months ago (2 children)

Hate to break it to you, but CrowdStrike falcon is used on Linux too...

[–] [email protected] 12 points 4 months ago

And Macs, we have it on all three OSs. But only Windows was affected by this.

[–] [email protected] 55 points 4 months ago* (last edited 4 months ago) (2 children)

And if it was a kernel-level driver that failed, Linux machines would fail to boot too. The amount of people seeing this and saying “MS Bad,” (which is true, but has nothing to do with this) instead of “how does an 83 billion dollar IT security firm push an update this fucked” is hilarious

[–] [email protected] 10 points 4 months ago* (last edited 4 months ago) (2 children)

Falcon uses eBPF on Linux nowadays. It's still an irritating piece of software, but it no make your boxen fail to boot.

edit: well, this is a bad take. I should avoid commenting on shit when I'm sleep deprived and filled with meeting dread.

[–] [email protected] 11 points 4 months ago (1 children)

It was panicking RHEL 9.4 boxes a month ago.

[–] [email protected] 4 points 4 months ago (1 children)

Were you using the kernel module? We're using Flatcar which doesn't support their .ko, and we haven't been getting panics on any of our machines (of which there are many).

[–] [email protected] 6 points 4 months ago

Nah it was specifically related to their usage of BPF with the Red Hat kernel, since fixed by Red Hat. Symptom was, you update your system and then it panics. Still usable if you selected a previous kernel at boot though.

[–] [email protected] -1 points 4 months ago (1 children)

You're asking the wrong question: why does a security nightmare need a 90 billion dollar company to unfuck it?

[–] [email protected] 3 points 4 months ago (1 children)

What’s your solution to cyberattacks?