this post was submitted on 21 Aug 2024
1 points (100.0% liked)

Linux

4966 readers
285 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
1
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update (arstechnica.com)
submitted 4 weeks ago by [email protected] to c/[email protected]
39 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 4 weeks ago (1 children)

Waiting for the MS apologists to say this is a Crowdstrike problem or some other fucking dumbass shit.

Microsoft by and large are just computational cancer at this point. Bloat, crud, fud, and junk.

[–] [email protected] 0 points 4 weeks ago (1 children)

The Crowdstrike problem was in fact a Crowdstrike problem. It affected Linux too, but of course there are vastly fewer users of Crowdstrike on Linux: https://www.google.com/amp/s/www.theregister.com/AMP/2024/07/21/crowdstrike_linux_crashes_restoration_tools/

This is pretty obviously a Microsoft problem.

[–] [email protected] 0 points 4 weeks ago (2 children)

Well… yes and no.

The fact that Crowdstrike very obviously and intentionally fuzzed the line between ring 0 drivers and app metadata simply could not have been done without MS’s tacit (at the very least) approval. The initial version where Cloudstrike introduced that side loading threat definition update vector should have been flagged as an issue - more specifically, they should have held them to a FAR more rigorous testing and resiliency standard than they were. This is fairly standard practice (and in many cases enforced as regulatory measures) for highly critical systems and components in a lot of industries, and I’ve worked in two of those industries.

[–] [email protected] 0 points 3 weeks ago (1 children)

Microsoft creates secure boot: “we should be able to run whatever we want on our hardware!”

Microsoft lets users install crowdstrike on their computer: “Microsoft shouldn’t let us run this on our hardware!”

[–] [email protected] 0 points 3 weeks ago* (last edited 3 weeks ago)

Way to miss the nuance lol

What I’m saying is that if a system claims to rigorously validate code that runs in a particular sensitive domain (here, ring 0), it should actually rigorously validate code. This was a process failure at the end of the day.

[–] [email protected] 0 points 4 weeks ago

Yeah, that part is pretty wild and definitely Microsoft's fault.