Someone left the lid off the snakeoil and it all evaporated. :happy:

This company Crowdstrike sure did choose a fitting name. Crowd strike...

In case one needed an example to point to of why one prefers not to have kernel-level shit for drm and/or anti-cheat.

If such a huge security company cannot get this right, there's no way in hell one can trust a game company to do so.

Last edited by emphy on 19 Jul 2024 at 10:31 am UTC

Quoting: emphyIn case one needed an example to point to of why one prefers not to have kernel-level shit for drm and/or anti-cheat.

If such a huge security company can get this right, there's no way in hell one can trust a game company to do so.

I haven't thought of that until now...

Don't let companies control your computers seems to be the lesson here.

Yeah.... just don't mention that to the Steam community, you'll get shot down faster than you can say DRM if you suggest companies should use less invasive DRM or that kernel level anti-cheats are bad. As I found out the hard way. :grin:

Last edited by BlackBloodRum on 19 Jul 2024 at 10:39 am UTC

On the bright side..... Issues like this will only draw more peoples attention to the dangers of digital currency and digital IDs and everything going digital........ Im sure they will forget in 48 hours........ But hopefully more than few will keep remembering........

holy moly!

For me personally the whole situation is like hearing about a tsunami or a hurricane causing catastrophic damage in a country 5000km away.

Also I wonder if they had used Linux instead in affected places if there would have been the need for such a security framework in the first place or if this is all to be blamed on the flawed system architecture of MS Windows?

Quoting: Vortex_AcheronticAlso I wonder if they had used Linux instead in affected places if there would have been the need for such a security framework in the first place or if this is all to be blamed on the flawed system architecture of MS Windows?

The issue comes when [Microsoft makes multi billion dollar deals with countries to create "Cyber Shields" for the countries cyber defences........](https://www.skynews.com.au/australia-news/defence-and-foreign-affairs/microsofts-5-billion-defence-deal-to-build-cyber-shield-for-australia/video/1e48253e16bded04104a5406035b9e2b) Things like this will never ever be blamed on Microsoft or the Windows architecture...... EVER.......

Quoting: Vortex_AcheronticFor me personally the whole situation is like hearing about a tsunami or a hurricane causing catastrophic damage in a country 5000km away.

Also I wonder if they had used Linux instead in affected places if there would have been the need for such a security framework in the first place or if this is all to be blamed on the flawed system architecture of MS Windows?

Yes, fully.
The big boy security business works different than you might expect.
A hack can cost billions and your career if when and you don't know when or where it will come, but because of the risk if you can't proof you've a strategy against it you will have a problem.
As such the relevant authority figures will (understandably) simply try to buy it off, because when you've bought protection you can simply show the receipts and say: "they were just too strong".

This is true for Linux and windows.
Linux/windows hacks exist.
As such Linux/windows security products exist.

Now what would a (legit) linux security product offer.
A sanitized 3rd party backup of all the data and clean images of the relevant programs against ransomware.
Company specific monitoring.
If I can measure enough legit activity I can make a stricter permission structure.
If due to measuring I find out that the director of hr never queries the age of people and only their salaries I can revoke their access to it, so that if they get hacked an attack will be harder.
etc.

Quoting: WorMzySomeone left the lid off the snakeoil and it all evaporated. :happy:

I actually argue that, since it can accidentally crash a computer it's more likely to not be snakeoil.
Security is in its very basic about restricting things and people.
E2E encryption restricts anyone without the relevant private key from reading.
signature schemes restrict anyone without the relevant private key from editing.
Cloud strike is about restricting unauthorized computers from reading a select set of files.
What I expect happened is that someone made a mistake and restricted something that should've been kept available.

Snakeoil is really easy to keep from crashing computers.
Just make it do nothing and don't put it in the boot section.

What will happen to the company? Is there any way to keep trusting a company to provide security if they pushed a broken (and seemingly completely untested) patch to production systems around the world? If they can cause that much damage by accident, how can they protect everyone against some malicious actor that uses their own system for a deliberate attack?

And why does everyone want to use the same security system for all systems?

Because this is a Linux site I can see the happiness on some of the comments, but it hit us too in April, all the Debian 12 machines went down, also Rocky Linux 9.4 and Alma Linux was affected.

This is the first news on [ddg](https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/) a [Reddit](https://www.reddit.com/r/debian/comments/1c8db7l/linuximage61020_killed_all_my_debian_vms/) one

I experience it first hand and was a shitty shitty day, if you want to have all the certification in place for the audits and don't want to spend a shit ton of money you need Crowdstrike, it make you check all the boxes and all management is happy.

Now it has change the way that it works a different way so will be harder to break the kernel boot.

But we are facing the same issues on our side of the fence.

Quoting: redmanBecause this is a Linux site I can see the happiness on some of the comments, but it hit us too in April, all the Debian 12 machines went down, also Rocky Linux 9.4 and Alma Linux was affected.

This is the first news on [ddg](https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/) a [Reddit](https://www.reddit.com/r/debian/comments/1c8db7l/linuximage61020_killed_all_my_debian_vms/) one

I experience it first hand and was a shitty shitty day, if you want to have all the certification in place for the audits and don't want to spend a shit ton of money you need Crowdstrike, it make you check all the boxes and all management is happy.

Now it has change the way that it works a different way so will be harder to break the kernel boot.

But we are facing the same issues on our side of the fence.

So I guess the actual question is if CrowdStrike is a viable business partner then and some should maybe look for alternate solutions?

Quoting: redmanBecause this is a Linux site I can see the happiness on some of the comments, but it hit us too in April, all the Debian 12 machines went down, also Rocky Linux 9.4 and Alma Linux was affected.

This is the first news on [ddg](https://www.neowin.net/news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/) a [Reddit](https://www.reddit.com/r/debian/comments/1c8db7l/linuximage61020_killed_all_my_debian_vms/) one

I experience it first hand and was a shitty shitty day, if you want to have all the certification in place for the audits and don't want to spend a shit ton of money you need Crowdstrike, it make you check all the boxes and all management is happy.

Now it has change the way that it works a different way so will be harder to break the kernel boot.

But we are facing the same issues on our side of the fence.

Wait those losers first crashed Linux servers and were like:
this is fiiine and pushed the update to windows too.
:dizzy:

Edit: also apparently linux servers are better tested than windows server.
For the linux servers it resulted in an angry call from QA for the windows servers it resulted in world wide outages.
Linux the racing stripe of a server.

Last edited by LoudTechie on 22 Jul 2024 at 11:37 am UTC

I wonder how this affects monthly usage statistics. Statcounter counts page views. So, if a lot of these servers go down, does that mean people will spend more time then usual surfing the internet for cat gifs increasing the daily traffic or just log off for the day thus lowering the daily traffic?