this post was submitted on 19 Jul 2024
1198 points (99.5% liked)

Technology

59429 readers
3079 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

All our servers and company laptops went down at pretty much the same time. Laptops have been bootlooping to blue screen of death. It's all very exciting, personally, as someone not responsible for fixing it.

Apparently caused by a bad CrowdStrike update.

Edit: now being told we (who almost all generally work from home) need to come into the office Monday as they can only apply the fix in-person. We'll see if that changes over the weekend...

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 4 months ago (2 children)

I was quite surprised when I heard the news. I had been working for hours on my PC without any issues. It pays off not to use Windows.

[–] [email protected] 1 points 4 months ago

Yeah, my work also survived perfectly fine.

It pays off to use Windows and Microsoft Defender for Endpoint and not Crowdstrike.

[–] [email protected] 38 points 4 months ago (3 children)

It's not a flaw with Windows causing this.

The issue is with a widely used third party security software that installs as a kernel level driver. It had an auto update that causes bluescreening moments after booting into the OS.

This same software is available for Linux and Mac, and had similar issues with specific Linux distros a month ago. It just didn't get reported on because it didn't have as wide of an impact.

[–] [email protected] 1 points 4 months ago

They skimp on QA?

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago) (1 children)

had similar issues with specific Linux distros a month ago. It just didn’t get reported on because it didn’t have as wide of an impact.

Because most data center admins using linux are not so stupid to subscribe to remote updates from a third party. Linux issues happen when critical package vulnerabilities make it into the repo.

[–] [email protected] 2 points 4 months ago (1 children)

Subscribe to

Tell me how you haven't worked as a sysadmin again.

This wasn't some switchable feature. The only way I've seen to stop this software from auto updating (per some comments on Hacker News/Y Combinator) as it chooses is by blocking the update servers at the firewall or through DNS black holing.

And yes, they chose to use this software. Look. Crowdstrike bought a fucking SuperBowl ad, a bunch of executives drank the kool aid, and a lot of tech departments were told that they'd be rolling this software out. That's just how corporate IT works sometimes.

[–] [email protected] 1 points 4 months ago

I was saying:

most data center admins using linux are not so stupid to subscribe to remote updates from a third party

Your response is not related in any way to that. If a third party software - running on system rights - forces auto-updates, that's called a "rootkit" and any sane admin would refuse to install such a package.

Competent here also meaning "if the upper management refuses to listen to my advice, I leave because I have other options". People who implement stupid policies - and especially technological solutions - against their principles are a cancer to democracy. Those are the people that enable tech-illiterate morons to implement totalitarian regimes.