this post was submitted on 22 Jul 2024
43 points (100.0% liked)

Programmer Humor

32266 readers
114 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
[email protected]
[email protected]
43
crowdStrikeIsAVerbNow (lemmy.world)
submitted 2 months ago by [email protected] to c/[email protected]
32 comments fedilink hide all child comments
 
top 32 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 2 months ago* (last edited 2 months ago) (4 children)

On Friday, as we were running around the hospital where we work trying to get every computer working again, we were following the work-around to rename the Crowdstrike folder under C:\Windows\system32\drivers to "bad-CrowdStrike".

When my coworker was typing the rename command, instead of typing "cro TAB", he started typing "clo TAB". He'd ask me why it wasn't finding it, and I'd point out the typo.

I started saying, it's not "CloudStrike", it's "CrowdStrike".

By the end of the day, we were both a little loopy. I started typing "CloudStrike", and cursing him out for screwing with my head. By the end of the day I wasn't sure what it was either.

CloudStrike

CrownStrike

ClownStrike

It occurred to us that CrowdStrike is an absolutely terrible name. It sounds like a terrorist attack. Of course, it felt like one on Friday.

[–] [email protected] 5 points 2 months ago (1 children)

It occurred to us that CrowdStrike is an absolutely terrible name. It sounds like a terrorist attack. Of course, it felt like one on Friday.

When I first heard about what was going on, I assumed that "CrowdStrike" was not the name of the software/company, but rather some sort of advanced DDOS-like attack where they used systems they'd previously hacked and had them all do the same thing at once to another target.

[–] [email protected] 3 points 2 months ago

not the name of the software/company, but rather some sort of advanced DDOS-like attack

As we've discovered, both can be true.

[–] [email protected] 2 points 2 months ago (2 children)

CloudStrike

CrownStrike

ClownStrike

ClownStrife

[–] [email protected] 2 points 2 months ago

CloudStrife

[–] [email protected] 1 points 2 months ago

Ah yes, the guy from FFVII

[–] [email protected] 2 points 2 months ago (1 children)

ClownStrike

A fitting rename after such a pathetic and catastrophic failure, that's for sure.

[–] [email protected] 1 points 2 months ago

Yeah, let's not key them get away with it. Clownstrike forever on

[–] [email protected] -1 points 2 months ago

Yeah, I'm usually a big stickler for making sure I'm saying something right, but that name was tongue twistering me from the first time I tried to say it out loud. And we don't even use them and weren't hit in any way lol

[–] [email protected] 5 points 2 months ago (3 children)

funny thing is I, and probably most people, had never even heard that there was something called "CrowdStrike" until Friday of last week

[–] [email protected] 2 points 2 months ago

I'm a Formula One fan. The Mercedes team are sponsored by them. You see their logo every time you see an on board shot of the cars.

I had no idea until this weekend.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

I knew of falcond as the service that makes my work mac run slow.

Unfortunately, having a mac meant i didn't get friday off unlike most of the rest of the company

[–] [email protected] 0 points 2 months ago

Oh, if you worked at a company that uses them (which is a lot of companies), you'd definitely be familiar with them as they hog up a ton of fucking CPU/disk. I basically had an entire CPU core dedicated to running their bullshit.

[–] [email protected] 3 points 2 months ago

They struck the whole crowd for sure

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

an operating system that allows third-party ring 0 access

Linux with eBPF:

[–] [email protected] 1 points 2 months ago

Shush, this is an opportunity for people to dump on Microsoft, if you take it from them they'll turn on you.

[–] [email protected] 0 points 2 months ago (1 children)

CrowdStroke

[–] [email protected] 1 points 2 months ago

CrowdStricken

[–] [email protected] -3 points 2 months ago (3 children)

So why is this considered a crowdstrike issue and not a Microsoft fuckup?

[–] [email protected] 2 points 2 months ago (2 children)

Windows: exists

Crowdstrike: stabs

You: why would Microsoft stab themselves?

[–] [email protected] 3 points 2 months ago

To be fair, kernel level access by third party software is kind of frowned upon in the Linux world. Ask any desktop Linux user how they feel about NVIDIA (the only third party kernel code an average Linux user will install) and their drivers randomly causing strange issues on their systems up to and including kernel panics compared to the experience on AMD where the driver is open and built into the kernel itself. For security software that needs low level visibility, there is eBPF, direct kernel level access isn't needed (though I believe CrowdStrike uses it, and thay actually did CrowdStrike Debian and Rocky Linux systems some time back).

MacOS blocked the majority of kernel extensions a few years ago as well.

Windows is the only OS where it has been designed in a way where kernel level access is the rule rather than the exception. So design flaws are at least partially at fault here.

[–] [email protected] 2 points 2 months ago

Windows: exists

Crowdstrike: exists

Windows: open belly, right here!

Crowdstrike: stabs

Crowdstrike released bad code into prod without giving it some hours of testing in local machines or whatever. Incredible fuckup, inimaginable. But, let's not take blame out of Microsoft, if a driver is faulty the system should be resilient enough no to crap the bed on login. At least enough for IT to be able to remotely access the system and fix it. The manual work the IT world has had to do because it's lost remote access to workstations is insane.

[–] [email protected] 0 points 2 months ago (1 children)

Can you explain why you think this is a Microsoft issue?

[–] [email protected] -1 points 2 months ago (1 children)

Doesn’t Microsoft allow crowdstrike to make updates? Being such a critical part of the OS it’s up to Microsoft to ensure their procedures are robust and being followed.

[–] [email protected] 0 points 2 months ago* (last edited 2 months ago) (1 children)

How do you implement that? How is it feasible that Microsoft tests all the third party drivers?

Don't get me wrong I believe Microsoft is partly to blame for this problem as well but for making it so hard for system admins to go around the system and solve things (as compared to Linux where you can do anything). I think sys admins would have solved this much faster if they were using Linux systems

I was just probing your argument because I guessed it was the typical nonsense of Microsoft bad, Linux good, without a good explanation

[–] [email protected] 0 points 2 months ago* (last edited 2 months ago) (1 children)

I think if it’s going on every windows computer windows should have a process in place to prevent what happened from happening. Windows are for profit, they have the money to do it right but they got greedy. A staggered rollout would have prevented most of it and is a very simple thing to require. Also if it’s going on every windows computer or most I wouldn’t consider that a third party anymore even if that’s how they keep liabilities at arms length

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

I think if it’s going on every windows computer

It's not, its just popular. Its not windows job to police what software you choose to run on it.

However Windows does actually have an optional certification program called WHQL for kernal level drivers. Getting this certification lets updates get posted via windows' internal updater. It checks the driver calls apis correctly and doesn't misbehave with interrupt handling among other tests. Crowdstrike driver did pass this, and in fact there was no bug with the driver, the bug was with the configuration file. The configuration file updates about once an hour (and it really needs to do that), and does so outside the windows update process, making windows powerless to control its rollout. whql certification takes a few days to run and configuration files aren't really in scope.

[–] [email protected] 2 points 2 months ago

Thanks for the info, i didn’t know that and understand it a bit better now.

[–] [email protected] 0 points 2 months ago (1 children)

Same thing would happen on Linux if someone wrote a bad kernel module and integrated it into the OS. In fact, Crowdstrike did have a similar problem a few months ago on Linux.

I'm no fan of Microsoft, but this isn't their fault.

[–] [email protected] 0 points 2 months ago (1 children)

An OS should not have to require a 3rd party driver for security.

Microsoft should be writing that driver as an OS component. Drivers should be restricted for taking to hardware.

[–] [email protected] 0 points 2 months ago (1 children)

I thought only people who subscribed to CrowdStrike's services had that driver installed.

[–] [email protected] 1 points 2 months ago

That is true. The issue is that because there are so many permission escalation issues in windows, that many anti malware products must run as kernel drivers.