1y ago

CrowdStrike’s Falcon Sensor linked to Linux crashes, too • The Register

www.theregister.com

CrowdStrike’s Falcon Sensor linked to Linux crashes, too

20 comments

they seem extremely competent at writing bad software
- Line mus go up
  
  That line isn't going to recover for a while now
- Not sure if it's the devs to blame when there's statements like:
  Kurtz therefore has the possibly unique and almost-certainly-unwanted distinction of having presided over two major global outage events caused by bad software updates.
  So, I'm guessing it's the business that's not supporting good dev->test->release practices.
  But, I agree with your point; their overall software quality is terrible.
  
  true true. If the general business pressures are not conducive to proper software release practices, no amount of programming skill can help them.
"The most secure system is a system that's not live. Crowdstrike, bringing you the best-in-class security."
- "I don't test often but when I do it is in production"
Ofc it is. And can't do any updates because Crowdstrike doesn't support newer kernels. Apparently security means running out of date packages. 🤡
- That first issue was triggered by falcon, but was legitimately a bug in Red Hat’s kernel triggered by bpf.
Nobody:
Crowdstrike:
Difference between open source software and closed source software:
CrowdStrike bad coding make Linux crashes -> sysadmin has control over the system and can rapidly fix the issue by disabling CrowdStrike module -> downtime is limited
CrowdStrike bad coding make Windows crashes -> sysadmin has limited control over the system and rely on Windows/CrowdStrike people to fix the issue -> the demand is too high cause the issue happened with many computers around the world at the same time -> huge downtime while few people on Microsoft and/or CrowdStrike fix the issue one by one manually
- This is a laughably bad take.
  You do realize sysadmins were fixing the Windows issue and not just waiting on Microsoft and CrowdStrike - right? They just had to delete a file.
  
  Oh! That's why the outage could demand long time to recover! Just delete a file takes so long!
  I'm glad you said it!
- Sysadmin here. Wtf are you talking about? All we did was "rapidly fix the issue by disabling Crowdstrike module." Or really, just the one bad file. We were back online before most people even woke up.
  What do you think Crowdstrike can do from their end to stop a boot loop?
- ...what?
  A busted kernel module/driver/plug-in/whatever that triggers a bootloop is going to require intervention on any platform no matter whether the code happens to be published somewhere out on the internet or not. On top of that, Windows allows you to control/remove 3rd party kernel drivers just like on Linux, which is exactly what many of us have been stuck doing on endless devices for the last three days.
  I fully advocate for open-source software and use it where I can, but I also think we should do that by talking about its actual advantages instead of just making up nonsense that will make experienced sysadmins spit out their coffee.
- The fix on windows was just removing the bad file, there was no reliance on crowdstrike to fix the initial issue that I know of.
- I've kept having to make this point repeatedly every time someone writes "It's not a Microsoft/closed source problem, it happened to Linux too".

20 comments