this post was submitted on 19 Jul 2024
2 points (100.0% liked)

Technology

59566 readers
4839 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

All our servers and company laptops went down at pretty much the same time. Laptops have been bootlooping to blue screen of death. It's all very exciting, personally, as someone not responsible for fixing it.

Apparently caused by a bad CrowdStrike update.

Edit: now being told we (who almost all generally work from home) need to come into the office Monday as they can only apply the fix in-person. We'll see if that changes over the weekend...

you are viewing a single comment's thread
view the rest of the comments
[–] jedibob5@lemmy.world 0 points 4 months ago (8 children)

Reading into the updates some more... I'm starting to think this might just destroy CloudStrike as a company altogether. Between the mountain of lawsuits almost certainly incoming and the total destruction of any public trust in the company, I don't see how they survive this. Just absolutely catastrophic on all fronts.

[–] rozodru@lemmy.ca 0 points 4 months ago (3 children)

It's just amatuer hour across the board. Were they testing in production? no code review or even a peer review? they roll out for a Friday? It's like basic level start up company "here's what not to do" type shit that a junior dev fresh out of university would know. It's like "explain to the project manager with crayons why you shouldn't do this" type of shit.

It just boggles my mind that if you're rolling out an update to production that there was clearly no testing. There was no review of code cause experts are saying it was the result of poorly written code.

Regardless if you're low level security then apparently you can just boot into safe and rename the crowdstrike folder and that should fix it. higher level not so much cause you're likely on bitlocker which...yeah don't get me started no that bullshit.

regardless I called out of work today. no point. it's friday, generally nothing gets done on fridays (cause we know better) and especially today nothing is going to get done.

[–] Revan343@lemmy.ca 0 points 4 months ago

explain to the project manager with crayons why you shouldn't do this

Can't; the project manager ate all the crayons

[–] skittle07crusher@sh.itjust.works 0 points 4 months ago (1 children)

Was it not possible for MS to design their safe mode to still “work” when Bitlocker was enabled? Seems strange.

[–] catloaf@lemm.ee 0 points 4 months ago

I'm not sure what you'd expect to be able to do in a safe mode with no disk access.

[–] candybrie@lemmy.world 0 points 4 months ago (2 children)

Why is it bad to do on a Friday? Based on your last paragraph, I would have thought Friday is probably the best week day to do it.

[–] rozodru@lemmy.ca 0 points 4 months ago (1 children)

Because if you roll out something to production on a friday whose there to fix it on the Saturday and Sunday if it breaks? Friday is the WORST day of the week to roll anything out. you roll out on Tuesday or Wednesday that way if something breaks you got people around to jump in and fix it.

[–] debil@lemmy.world 0 points 4 months ago

And hence the term read-only Friday.

[–] Lightor@lemmy.world 0 points 4 months ago

Most companies, money included, try to roll out updates during the middle of start of a week. That way if there are issues the full team is available to address them.

[–] Bell@lemmy.world 0 points 4 months ago (2 children)

Don't we blame MS at least as much? How does MS let an update like this push through their Windows Update system? How does an application update make the whole OS unable to boot? Blue screens on Windows have been around for decades, why don't we have a better recovery system?

[–] sandalbucket@lemmy.world 0 points 4 months ago

Crowdstrike runs at ring 0, effectively as part of the kernel. Like a device driver. There are no safeguards at that level. Extreme testing and diligence is required, because these are the consequences for getting it wrong. This is entirely on crowdstrike.

[–] wizardbeard@lemmy.dbzer0.com 0 points 4 months ago* (last edited 4 months ago)

This didn't go through Windows Update. It went through the ctowdstrike software directly.

[–] IsThisAnAI@lemmy.world 0 points 4 months ago (2 children)

What lawsuits do you think are going to happen?

[–] Cryophilia@lemmy.world 0 points 4 months ago (1 children)

Forget lawsuits, they're going to be in front of congress for this one

[–] IsThisAnAI@lemmy.world 0 points 4 months ago

For what? At best it would be a hearing on the challenges of national security with industry.

[–] Nachorella@lemmy.sdf.org 0 points 4 months ago (1 children)

They can have all the clauses they like but pulling something like this off requires a certain amount of gross negligence that they can almost certainly be held liable for.

[–] IsThisAnAI@lemmy.world 0 points 4 months ago (1 children)

Whatever you say my man. It's not like they go through very specific SLA conversations and negotiations to cover this or anything like that.

[–] Nachorella@lemmy.sdf.org 0 points 4 months ago (1 children)

I forgot that only people you have agreements with can sue you. This is why Boeing hasn't been sued once recently for their own criminal negligence.

[–] IsThisAnAI@lemmy.world 0 points 4 months ago
[–] Wooki@lemmy.world 0 points 4 months ago (1 children)

Testing is production will do that

[–] TheBat@lemmy.world 0 points 4 months ago (1 children)

Not everyone is fortunate enough to have a seperate testing environment, you know? Manglement has to cut cost somewhere.

[–] Blisterexe@lemmy.zip 0 points 4 months ago

Manglement is the good term lmao

[–] RegalPotoo@lemmy.world 0 points 4 months ago (2 children)

Agreed, this will probably kill them over the next few years unless they can really magic up something.

They probably don't get sued - their contracts will have indemnity clauses against exactly this kind of thing, so unless they seriously misrepresented what their product does, this probably isn't a contract breach.

If you are running crowdstrike, it's probably because you have some regulatory obligations and an auditor to appease - you aren't going to be able to just turn it off overnight, but I'm sure there are going to be some pretty awkward meetings when it comes to contract renewals in the next year, and I can't imagine them seeing much growth

[–] jedibob5@lemmy.world 0 points 4 months ago* (last edited 4 months ago)

Don't most indemnity clauses have exceptions for gross negligence? Pushing out an update this destructive without it getting caught by any quality control checks sure seems grossly negligent.

[–] Skydancer@pawb.social 0 points 4 months ago (1 children)

Nah. This has happened with every major corporate antivirus product. Multiple times. And the top IT people advising on purchasing decisions know this.

[–] SupraMario@lemmy.world 0 points 4 months ago

Yep. This is just uninformed people thinking this doesn't happen. It's been happening since av was born. It's not new and this will not kill CS they're still king.

[–] Munkisquisher@lemmy.nz 0 points 4 months ago (1 children)

Yeah saw that several steel mills have been bricked by this, that's months and millions to restart

[–] gazter@aussie.zone 0 points 4 months ago (2 children)

Got a link? I find it hard to believe that a process like that would stop because of a few windows machines not booting.

[–] TheBat@lemmy.world 0 points 4 months ago (1 children)

a few windows machines with controller application installed

That's the real kicker.

[–] drspod@lemmy.ml 0 points 4 months ago (2 children)

Those machines should be airgapped and no need to run Crowdstrike on them. If the process controller machines of a steel mill are connected to the internet and installing auto updates then there really is no hope for this world.

[–] Munkisquisher@lemmy.nz 0 points 4 months ago

I work in an environment where the workstations aren't on the Internet there's a separate network, there's still a need for antivirus and we were hit with bsod yesterday

[–] TheBat@lemmy.world 0 points 4 months ago (1 children)

But daddy microshoft says i gotta connect the system to the internet uwu

[–] wizardbeard@lemmy.dbzer0.com 0 points 4 months ago

No, regulatory auditors have boxes that need checking, regardless of the reality of the technical infrastructure.

[–] conciselyverbose@sh.itjust.works 0 points 4 months ago

There are a lot of heavy manufacturing tools that are controlled and have their interface handled by Windows under the hood.

They're not all networked, and some are super old, but a more modernized facility could easily be using a more modern version of Windows and be networked to have flow of materials, etc more tightly integrated into their systems.

The higher precision your operation, the more useful having much more advanced logs, networked to a central system, becomes in tracking quality control. Imagine after the fact, you can track some .1% of batches that are failing more often and look at the per second logs of temperature they were at during the process, and see that there's 1° temperature variance between the 30th to 40th minute that wasn't experience by the rest of your batches. (Obviously that's nonsense because I don't know anything about the actual process of steel manufacturing. But I do know that there's a lot of industrial manufacturing tooling that's an application on top of windows, and the higher precision your output needs to be, the more useful it is to have high quality data every step of the way.)

[–] NaibofTabr@infosec.pub 0 points 4 months ago (1 children)

If all the computers stuck in boot loop can't be recovered... yeah, that's a lot of cost for a lot of businesses. Add to that all the immediate impact of missed flights and who knows what happening at the hospitals. Nightmare scenario if you're responsible for it.

This sort of thing is exactly why you push updates to groups in stages, not to everything all at once.

[–] rxxrc@lemmy.ml 0 points 4 months ago (2 children)

Looks like the laptops are able to be recovered with a bit of finagling, so fortunately they haven't bricked everything.

And yeah staged updates or even just... some testing? Not sure how this one slipped through.

[–] dactylotheca@suppo.fi 0 points 4 months ago (1 children)

Not sure how this one slipped through.

I'd bet my ass this was caused by terrible practices brought on by suits demanding more "efficient" releases.

"Why do we do so much testing before releases? Have we ever had any problems before? We're wasting so much time that I might not even be able to buy another yacht this year"

[–] GoofSchmoofer@lemmy.world 0 points 4 months ago (1 children)

At least nothing like this happens in the airline industry

[–] dactylotheca@suppo.fi 0 points 4 months ago

Certainly not! Or other industries for that matter. It's a good thing executives everywhere aren't just concentrating on squeezing the maximum amount of money out of their companies and funneling it to themselves and their buddies on the board.

Sure, let's "rightsize" the company by firing 20% of our workforce (but not management!) and raise prices 30%, and demand that the remaining employees maintain productivity at the level it used to be before we fucked things up. Oh and no raises for the plebs, we can't afford it. Maybe a pizza party? One slice per employee though.

[–] Confused_Emus@lemmy.dbzer0.com 0 points 4 months ago

One of my coworkers, while waiting on hold for 3+ hours with our company’s outsourced helpdesk, noticed after booting into safe mode that the Crowdstrike update had triggered a snapshot that she was able to roll back to and get back on her laptop. So at least that’s a potential solution.

[–] ThrowawaySobriquet@lemmy.world 0 points 4 months ago (1 children)

I think you're on the nose, here. I laughed at the headline, but the more I read the more I see how fucked they are. Airlines. Industrial plants. Fucking governments. This one is big in a way that will likely get used as a case study.

[–] Cryophilia@lemmy.world 0 points 4 months ago

The London Stock Exchange went down. They're fukd.