this post was submitted on 19 Jul 2024
830 points (98.5% liked)

Technology

59427 readers
4429 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
830
CrowdStrike downtime apparently caused by update that replaced a file with 42kb of zeroes (twiiit.com)
submitted 4 months ago* (last edited 4 months ago) by Aatube@kbin.melroy.org to c/technology@lemmy.world
190 comments fedilink hide all child comments
 

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

you are viewing a single comment's thread
view the rest of the comments
[–] Takios@discuss.tchncs.de 17 points 4 months ago (17 children)

Problem is that software cannot deal with unexpected situations like a human brain can. Computers do exactly what a programmer tells it to do, nothing more nothing less. So if a situation arises that the programmer hasn't written code for, then there will be a crash.

[–] deadbeef79000@lemmy.nz 2 points 4 months ago (16 children)

Poorly written code can't.

In this case:

  1. Load config data
  2. If data is valid:
    1. Use config data
  3. If data is invalid:
    1. Crash entire OS

Is just poor code.

[–] 5C5C5C@programming.dev 14 points 4 months ago (4 children)

When talking about the driver level, you can't always just proceed to the next thing when an error happens.

Imagine if you went in for open heart surgery but the doctor forgot to put in the new valve while he was in there. He can't just stitch you up and tell you to get on with it, you'll be bleeding away inside.

In this specific case we're talking about security for business devices and critical infrastructure. If a security driver is compromised, in a lot of cases it may legitimately be better for the computer to not run at all, because a security compromise could mean it's open season for hackers on your sensitive device. We've seen hospitals held random, we've seen customer data swiped from major businesses. A day of downtime is arguably better than those outcomes.

The real answer here is crowdstrike needs a more reliable CI/CD pipeline. A failure of this magnitude is inexcusable and represents a major systemic failure in their development process. But the OS crashing as a result of that systemic failure may actually be the most reasonable desirable outcome compared to any other possible outcome.

[–] deadbeef79000@lemmy.nz 2 points 4 months ago

But the OS crashing as a result of that systemic failure may actually be the most reasonable desirable outcome compared to any other possible outcome.

In which case this should've been documented behaviour and probably configurable.

load more comments (3 replies)
load more comments (14 replies)
load more comments (14 replies)