So what you're saying is that conservatives are once again holding up stop signs when progress presents itself.
riskable
joined 1 year ago
"OK kids, today we're going to go over how the Bible was used to justify slavery in the early colonies, continuing on until the civil war. Then we're going to cover how that was the reason why the Southern Baptist Church was founded..."
They never even got a license to do it in the first place!
Maybe we should take a page from the Trumpers here and declare it a conspiracy!
The deep state doesn't want people following Harris! They don't want you to know about it. They think they know better than you!
"Let me tell you, folks, I know how to follow people and this Twitter situation smells. I know all about smelling. Smells. Smelling. Smell... Ling! The word just sounds awful, right? They want you to smell things. They're coming for your smells!"
Haha, yeah... This is Elon Musk's X.com we're talking about. It's just sheer incompetence and the usual buggy bullshit. We should expect this as normal X behavior at this point. Is anyone really surprised that X is suddenly throwing errors when users try basic functionality? Come on. The platform is garbage and that's not even taking account the garbage present on the platform.
He wormed his own way out.
At my company I use a virtual desktop and it was restored from a nightly snapshot a few hours before I logged in that day (and presumably, they also applied a post-restore temp fix). This action was performed on all the virtual desktops at the entire company and took approximately 30 minutes (though, probably like 4 hours to get the approval to run that command, LOL).
It all took place before I even logged in that day. I was actually kind of impressed... We don't usually act that fast.
what common "basic hygiene" practices would've helped
Not using a proprietary, unvetted, auto-updating, 3rd party kernel module in essential systems would be a good start.
Back in the day companies used to insist upon access to the source code for such things along with regular 3rd party code audits but these days companies are cheap and lazy and don't care as much. They'd rather just invest in "security incident insurance" and hope for the best 🤷
Sometimes they don't even go that far and instead just insist upon useless indemnification clauses in software licenses. ...and yes, they're useless:
(Important part indicating why they're useless should be highlighted)
I don't think anybody is facing any consequences for contracting with CrowdStrike.
This is the myth! As we all know there were very serious consequences as a result of this event. End users, customers, downstream companies, entire governments, etc were all severely impacted and they don't give a shit that it was Crowdstrike's mistake that caused the outages.
From their perspective it was the companies that had the upstream outages that caused the problem. The vendor behind the underlying problem is irrelevant. When your plan is to point the proverbial finger at some 3rd party you chose that finger still--100% always--points to yourself.
When the CEO of Baxter International testified before Congress to try to explain why people died from using tainted Heparin he tried to hand wave it away, "it was the Chinese supplier that caused this!" Did everyone just say, "oh, then that's understandable!" Fuck no.
Baxter chose that Chinese supplier and didn't test their goods. They didn't do due diligence. Baxter International fucked up royally, not the Chinese vendor! The Chinese vendor scammed them for sure but it was Baxter International's responsibility to ensure the drug was, well, the actual drug and not something else or contaminated.
Reference: https://en.wikipedia.org/wiki/2008_Chinese_heparin_adulteration
everyone's real time, budget, energy, and attention is almost always focused on ~~the next big release, or bug fixes in app code, and/or routine desktop support issues~~ pointless meetings, unnecessary approval steps that could've been automated, and bureaucratic tasks that have nothing to do with your actual job.
FTFY.
Crowdstrike has clients that run on MacOS and Linux. Only the Windows version requires kernel level access. I believe it has something to do with the absolute shitshow that is Windows security model but it might also be because it runs a 31-year-old filesystem that still doesn't allow one process to read another process's files while they're open.
...says the copy.
Just chew on some willow bark?