r00ty

Yeah, I have a problem too! No, wait. It's because I don't have an X/Twitter/whatever account.

Thanks. That explains a lot of what I didn't think was right regarding the almost simultaneous failures.

I don't write kernel code at all for a living. But, I do understand the rationale behind it, and it seems to me this doesn't fit that expectation. Now, it's a lot of hypothetical. But if I were writing this software, any processing of these files would happen in userspace. This would mean that any rejection of bad/badly formatted data, or indeed if it managed to crash the processor it would just be an app crash.

The general rule I've always heard is that you want to keep the minimum required work in the kernel code. So I think processing/rejection should have been happening in userspace (and perhaps even using code written in a higher level language with better memory protections etc) and then a parsed and validated set of data would be passed to the kernel code for actioning.

But, I admit I'm observing from the outside, and it could be nothing like this. But, on the face of it, it does seem to me like they were processing too much in the kernel code.

That's interesting. We use crowdstrike, but I'm not in IT so don't know about the configuration. Is a channel file, somehow similar to AV definitions? That would make sense, and I guess means this was a bug in the crowdstrike code in parsing the file somehow?

I think it's most likely a little of both. It seems like the fact most systems failed at around the same time suggests that this was the default automatic upgrade /deployment option.

So, for sure the default option should have had upgrades staggered within an organisation. But at the same time organisations should have been ensuring they aren't upgrading everything at once.

As it is, the way the upgrade was deployed made the software a single point of failure that completely negated redundancies and in many cases hobbled disaster recovery plans.

My favourite thing has been watching sky news (UK) operate without graphics, trailers, adverts or autocue. Back to basics.

It might not even be that. A lot of places have many servers (and even more virtual servers) running crowdstrike. Some places also seem to have it on endpoints too.

That's a lot of machines to manually fix.

Apparently at work "some servers are experiencing problems". Sadly, none of the ones I need to use :(

He thinks he's a lot of things. In reality, he's just a living, breathing example of Dunning-Kruger in action.

Yeah, basically as soon as money changes hands, a recommendation becomes an ad.

Too late, I voted against him. If only I saw this before I left!

Humans? I knew it! Even when it was the bears, I knew it was them!

Killing for your government: Government will track you down, kick your door in and throw you in prison for refusing to.

Fixed thar for you :P