Conversation

Notices

1. Embed this notice
   Pissed Hippo (sun@shitposter.world)'s status on Thursday, 25-Jul-2024 01:19:56 JST Pissed Hippo
   https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/?guccounter=1
   
   Crowdstrike offers a 10 dollar ubereats card because of outage, there have been reports of failures redeeming cards. :acat_insane:
   • Embed this notice
     racist teto (teto@cawfee.club)'s status on Thursday, 25-Jul-2024 01:23:32 JST racist teto

     in reply to
     @sun what a great company
     Pissed Hippo likes this.
   • Embed this notice
     mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius: (mangeurdenuage@shitposter.world)'s status on Thursday, 25-Jul-2024 01:23:40 JST mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius:

     in reply to
     @sun
     >Crowdstrike offers a 10 dollar ubereats card because of outage
     Pissed Hippo likes this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 25-Jul-2024 01:34:57 JST 翠星石

     in reply to

     • Dumb Idiot Retard
     @idiot @sun More accurately;
     >Distribute configuration file filled with zeros in the wrong places.
     >Distribute gift cards filled with zeros in the wrong places.
     Pissed Hippo likes this.
   • Embed this notice
     Dumb Idiot Retard (idiot@shitposter.world)'s status on Thursday, 25-Jul-2024 01:34:58 JST Dumb Idiot Retard

     in reply to
     @sun >Distribute driver filled with zeros
     >Distribute gift cards filled with zeros
   • Embed this notice
     whiteline (whiteline@shitposter.world)'s status on Thursday, 25-Jul-2024 01:35:49 JST whiteline

     in reply to
     @sun is this some horrible legal thing where if you accept it you can't sue them or what
     Pissed Hippo likes this.
   • Embed this notice
     mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius: (mangeurdenuage@shitposter.world)'s status on Thursday, 25-Jul-2024 01:35:52 JST mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius:

     in reply to

     • racist teto
     @teto @sun You'd think they'd offer pizzas but no.
     Pissed Hippo likes this.
   • Embed this notice
     djsumdog (djsumdog@djsumdog.com)'s status on Thursday, 25-Jul-2024 01:57:03 JST djsumdog

     in reply to
     People will probably keep using their garbage because you gotta check a compliance to do list and they're already sucked into the sunk cost.
   • Embed this notice
     Zettour (zettour@gearlandia.haus)'s status on Thursday, 25-Jul-2024 02:02:52 JST Zettour

     in reply to

     • whiteline
     @whiteline @sun They already waived liability when signing up for service, this is just a token gesture that they're sorry.
   • Embed this notice
     lainy (lain@lain.com)'s status on Thursday, 25-Jul-2024 02:04:16 JST lainy

     in reply to
     @sun how can they fuck this up so hard
   • Embed this notice
     narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Thursday, 25-Jul-2024 02:05:40 JST narcolepsy and alcoholism :flag:

     in reply to

     • lainy
     @lain @sun light wood laminate! light wood laminate! light wood laminate! light wood laminate! light wood laminate!
   • Embed this notice
     EdBoatConnoisseur (edboatconnoisseur@poa.st)'s status on Thursday, 25-Jul-2024 02:09:16 JST EdBoatConnoisseur

     in reply to

     • 翠星石
     • Dumb Idiot Retard

     @Suiseiseki @idiot @sun I am slow, i know crowdstrike causes an outage every once in a year since like 2019, but what exactly does crodwstrike falcon do? I've read it is "real time ai ready malware protection" and also read it has caused outages on debian servers because they did not test the update on debian stable servers, which were supposedly a supported platform and configuration...

     But what does that shit do on the kernel space and why is it even used?

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 25-Jul-2024 02:09:16 JST 翠星石

     in reply to

     • EdBoatConnoisseur
     @EdBoatConnoisseur >what exactly does crodwstrike falcon do?
     I'm not exactly sure, but from what I've read it's a rootkit kernel module that goes and tries to scan signatures of exploits and tries to stop/report such exploits (as windows is Swiss cheese and countless remote-explotation vulnerabilities are constantly being exploited as I type this), with automated remote reporting and automatic updating of signatures.
     
     To implement this "feature", it needs to have kernel-level access and as a result, the kernel module is pretty much a rootkit that adds the computer to their botnet.
     
     Apparently after receiving their spying logs, they noticed that there was a massive infection campaign utilizing a vulnerability of named pipes on windows, so one of the verified-incompetent developers went and went and hastily whipped up a signature file to match the current infection wave and pushed it out in a panic to all computers without testing it.
     
     The new signature files of course ended up being corrupted, but with a valid header - which the module at least verified, but due how the ingestion parser was poorly programmed, it choked on the invalid input and tried to de-reference a low pointer in memory that it's not allowed to access, which the NT kernel responds by triggering a BSOD.
     
     Of course, every time windows rebooted, that module would be loaded and eventually it would get around to try to parse the corrupted files - although if the corrupted file is deleted, there's no longer a BSOD and if the computer is rebooted 15 or so times, eventually the driver manages to remotely download a correction patch to replace/delete x files before the crash occurs.
     
     >also read it has caused outages on debian servers because they did not test the update on debian stable servers, which were supposedly a supported platform and configuration... But what does that shit do on the kernel space and why is it even used?
     There is a GNU/Linux version as well, but that bug was completed different.
     
     Rootkits really need to have proper root access to work, so previously it was implemented as a Linux module, except the clownstrike developers are so bad at programming and don't actually test anything, so many versions of the driver caused a kernel panic (very difficult to do, as de-referencing a null pointer for example just causes a kernel oops).
     
     Many suckers after seeing a name appear in strings worked out that modules were being compiled on a developers personal machine and then pushed out without any testing.
     
     The current version is now implemented as a eBPF program, as that VM/static analyzer is designed to make it difficult or impossible for anything running in the VM to crash Linux - but I'm sure they'll pull it off.
     
     The main difference with the GNU/Linux version is that the sucker at least has control over when updates are installed and can test them on one machine before rolling them out to all of them.