Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Flying Teasets]

Why did I wake up to "y2k" today?

[pisskop]

https://www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html

Crowdstrike and through it microsoft

[Flying Teasets]

https://www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html

Crowdstrike and through it microsoft

But WHY did I wake up to find such systemic weakness in international IT infrastructure? Why wasn't that XKCD and the sentiment behind it taken seriously? At least it wasn't total or we wouldn't be talking here.

[pisskop]

Theyre staying pretty mum about it.  And saying it was a problem with their update.

Assuming thats the extent of it, buying crowdstrike rn is tempting.  Which makes me think it isnt.


AFA: why people didnt take any particular WSC seriously... well it costs upkeep to stay vigilant.  Realistically we cant always be watching for everything, there's a certain amount of uncertainty we accept.  We get into our cars and accept that while people follow most of the rules of the road most of the time, it only takes one.

Companies love talking about how efficient they are and secure they are, but the two often contradict each other.  Cant have redundancies and be more efficient than the people who accept a tiny risk of a problem and dont have redundancies.

[Great Order]

Didn't sleep when I napped, I sort of hovered on the edge of consciousness and it was really weird. My brain was running on dream logic, but it was always pertaining to something real and anxiety-inducing, and I was also aware that the logic didn't work out but I couldn't think straight either.

[McTraveller]

It's why the first thing I do on any new computer install I have, or installing almost any "modern" software package, is to disable auto updates.

I'm waiting for software to finally start requiring Professional Engineer licenses for "infrastructure" software. The damage the current operating procedures can wreak on society is at least as severe as the damage poor civil engineering can wreak, and civil engineering has required PEs for a long time even when the worst it could impact was some very local area. Software issues can literally bring down the entire world simultaneously; not to be morbid, but the worst a bridge can do is hurt whoever was on the bridge.

[heydude6]

If I ever start my own business, I'll be putting everything on Linux. Microsoft has consistently shown that they have no idea how to design good software anymore.

[bloop_bleep]

Theyre staying pretty mum about it.  And saying it was a problem with their update.

Assuming thats the extent of it, buying crowdstrike rn is tempting.  Which makes me think it isnt.


AFA: why people didnt take any particular WSC seriously... well it costs upkeep to stay vigilant.  Realistically we cant always be watching for everything, there's a certain amount of uncertainty we accept.  We get into our cars and accept that while people follow most of the rules of the road most of the time, it only takes one.

Companies love talking about how efficient they are and secure they are, but the two often contradict each other.  Cant have redundancies and be more efficient than the people who accept a tiny risk of a problem and dont have redundancies.

It seems you may be thinking it's a security attack, which no evidence currently suggests is the case.

[Akura]

My mom is certainly dead-set convinced that it's a cyber-attack, since it's shut down hospitals, airlines, police, her favorite TV channel...

[pisskop]

I mean, there's no evidence of that.  We dont know anything much, but the solution of 'roll back to before July 19th' indicates that its not.

[Jopax]

So Age of Mythology Retold is coming out in about a month, they're doing what appears to be the standard for new releases now with pay extra to play it early and get some other shit too. Among the other shit too is having the legacy god portraits from the old game, which considering the vast majority of the new ones look like shit and suspiciously like AI generated shit is a bit of an annoyance.

"Hey let's remake this beloved game, make the art worse and ask for extra to give you the option of keeping the old art"

A novel approach to milking a fanbase I'd say.

[Lord Shonus]

If I ever start my own business, I'll be putting everything on Linux. Microsoft has consistently shown that they have no idea how to design good software anymore.

This isn't a Microsoft problem. It was a widely used third-party security software that caused the problem. Linux doesn't prevent the user from installing bad software.

[Frumple]

I mean... linux historically has a habit of preventing the user from installing software at all, so I'm not sure that's 100% accurate

[wierd]

Theyre staying pretty mum about it.  And saying it was a problem with their update.

Assuming thats the extent of it, buying crowdstrike rn is tempting.  Which makes me think it isnt.


AFA: why people didnt take any particular WSC seriously... well it costs upkeep to stay vigilant.  Realistically we cant always be watching for everything, there's a certain amount of uncertainty we accept.  We get into our cars and accept that while people follow most of the rules of the road most of the time, it only takes one.

Companies love talking about how efficient they are and secure they are, but the two often contradict each other.  Cant have redundancies and be more efficient than the people who accept a tiny risk of a problem and dont have redundancies.

It seems you may be thinking it's a security attack, which no evidence currently suggests is the case.

"efficiency" and "Security" are still exclusive, even when we are talking about this kind of outage.

"Efficiency" with a single, (and thus, defacto-standardized) ERP provider, means less opportunity losses (because of interoperability issues), and fewer issues with your middle-men making bad middleware picks (with increased overhead due to predatory licensing-- SO LONG as you are not being hit by onerous monopoly pricing structures.)  It WORKS GREAT, up until your SINGLE POINT OF FAILURE, then in fact, FAILS.

(as happened yesterday.)

"Security" in the context of "fault tolerance", especially as it relates to WHOLE DAMN INDUSTRIES, and MULTIPLE INDUSTRIES AT ONCE (like happened yesterday...) means that you SHOULD have multiple competing providers, so that if one suffers a mishap like this, the whole system does not break down.


Efficient organizations are fragile organizations.

This is true for both reliability, AND for actual security.

I mean... linux historically has a habit of preventing the user from installing software at all, so I'm not sure that's 100% accurate

Not really. Linux does not stop a user from installing software. It prevents people who lack appropriate credentials from doing so, and enforces a separation from daily driving user credentials and "No, THIS IS FOR SYSTEM ADMINISTRATION DUMBASS" administrator credentials. 

This is what Super User DO is for. (sudo) It allows your limited user to perform an administrative function as a one-off, and challenges for the needed security token, then lets you do the needful.

EG, if you want to install the GNU solitaire app, (on a debian-like), its a simple matter of

sudo apt-get install aisleriot

it does the needful, and boom-- solitaire shows up in your games list. Easy peasy.

Occassionally, you will have to compile some specialist software from source, and use "make install" to get it, but this is exceedingly rare these days.

[feelotraveller]

hahahahahhaaahha

The idiocy of auto-updates taken to an extreme.  Pity none of us can review the code...

https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue

The root cause appears to be an update to the kernel-level driver that CrowdStrike uses to secure Windows machines.

I guess an auto-updating linux is possible but I've never encountered it, and you'd have to look far and wide.  At least at the distro level the code is reviewed independently before being pushed to a wider audience.  Think of it as a form of QA - sure shit still slips through sometimes but nothing widespread and critical like this

One of my favourite ditties:
https://www.youtube.com/embed/oHNKTlz1lps?autoplay=1&feature=oembed&wmode=opaque

community decided it was good code

That bit is totally lacking when dealing with the closed source, for profit 'shovelware', typically associated with windoze.

And the reason the internet did not crash... it runs on linux.