• azertyfun@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          Corporate behemoths are going to keep doing what they do best.

          Their ISO-whatever certification says they gotta get that kind of software, so they do. Whether it is found to actually increase business risk does not matter in the slightest, what matters is that a box is checked for the audit.

          It’s like Oracle or IBM, who did not contribute anything of value to the world since about 2005 and notoriously have some of the most aggressive licensing lawyers on the planet. But there are lots of companies out there who sort a product segment from Old to New and pick the first result on account of the fact that it’s “established”, “reputable” and “reliable”, every other consideration be damned.

    • Drusas@kbin.run
      link
      fedilink
      arrow-up
      4
      ·
      5 months ago

      Somebody’s getting fired and that company is getting sued. I’m very curious how much this outage will have ended up costing the global economy.

    • greyfox@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      5 months ago

      This was a separate outage unrelated to CrowdStrike a few hours earlier that took down a couple of airlines as well.

      A majority of the VMs in the Azure CentralUS datacenter went down due to some sort of backend storage issue.

      Edit: I guess I should have read the article they do say CrowdStrike. They seem to be implying that they were one event when the cloud services outage was earlier and unrelated. I had heard about grounded flights during the first outage as well. So they likely are combining the two events here.

    • Nomecks@lemmy.ca
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      2
      ·
      5 months ago

      Dude, every bit of critical infrastructure around you is running Windows XP and McAfee ePO. The shit hidden in segregated control networks would make a security researcher from 2009 cringe.

  • Aradina [She/They]@lemmy.ml
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    3
    ·
    edit-2
    5 months ago

    Clearly didn’t resolve it that well considering that most of a continent is out now

    Edit: world, not continent now

  • HeyJoe@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    2
    ·
    5 months ago

    I am thrilled right now that our company only started relying on cloud resources a few years ago and still don’t use services like this… I hope this is a wake-up call to them, so we never use something like this. I know the execs finally realized the cloud is not cost effective, and I hope we keep it a mixed bag instead of going in fully. I have been in IT for 18 years now, and thankfully, I have never had to deal with a disaster like this. Another close call was outsourcing our IT service desk to a company, and they wanted us to put agents on our pc’s so they could do their job easier. Luckily, our network team said absolutely not. Sure enough, that same year at Christmas time, they got hit with a crypto attack, and instead of having to deal with the agents, we just shut down the tunnel, and we’re fine. A lot of their clients were not so lucky. Screw the cloud and 3rd party services… it doesn’t save what you think, and you get poor services in return a lot of the time.

    • Creat@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      22
      ·
      5 months ago

      It isn’t a Microsoft issue in the first place. Doesn’t mean switching to alternatives isn’t a good idea, but this one isn’t on them for a change.

        • rottingleaf@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          5 months ago

          Monocultures are like this, yes. The reason bananas are less tasty than they were 100 years ago.

      • Evil_incarnate@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        17
        ·
        5 months ago

        In a way it is a Microsoft problem. Windows can’t handle live updates to the system like Linux can. Security updates mean downtime to be scheduled. So they need a program to do security, so CrowdStrike comes in to do security for these companies since Microsoft can’t protect them. And mistakes happen.

        • Creat@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          10
          ·
          5 months ago

          Ah so it’s a linux problem when the gpu driver causes instability, cause NVidia is making a shitty and proprietary linux driver and the market share is too small to warrant putting more effort in. Linux doesn’t have it’s own fully-featured graphics driver, so that company has to come in and provide their own since linux can’t supply it. And mistakes happen. Roughly the same logic.

          That’s not linux fault. Neither is it Microsofts fault when a company selling a security product decides it has to run in kernel mode and then they don’t properly test a release and just decide to yolo it.

          • Evil_incarnate@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            5
            ·
            5 months ago

            Yes. You’re right. All OSs have their faults. But this is one of window’s faults.

            But this is a Microsoft problem mostly because all the news reports are saying it is.

            Anyone in Microsoft sales or marketing is going to have a tough time for a while.

            • conciselyverbose@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              You know the kind of companies that do this nonsense on windows have the same incentives and give the same access to third party “security” tools on Linux?

              Windows sucks. But the fact that it’s windows they broke is dumb luck.

        • lud@lemm.ee
          link
          fedilink
          English
          arrow-up
          8
          ·
          5 months ago

          Security definition updates can be installed without rebooting.

          And Crowdstrike is a more advanced system compared to normal antivirus you would use at home. It’s an endpoint protection system that does more than scan for viruses.

          Microsoft offers their own alternative called Microsoft Defender for Endpoint.

          Both Crowdstrike and Microsoft Defender for Endpoint are available on Windows, MacOS, and Linux.

    • ramble81@lemm.ee
      link
      fedilink
      English
      arrow-up
      15
      ·
      5 months ago

      Incidentally CrowdStrike has a Linux agent and my previous company was pushing us to install it to check another box on their Cyberliability insurance form. So this could just as easy happen there too.

    • whoisearth@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Security software is by and large theatre. There I said it.

      Install TempleOS in your production environment I guarantee no one is writing viruses for that lol