What We Can LEARN About the CrowdStrike Outage

preview_player
Показать описание
The global outage caused by CrowdStrike is major wakeup call. We can and should learn from the issue, and today I share my thoughts.
#crowdstrike #windows #software

00:00 - What Happened?
05:30 - Similarities to CrowdStrike and Manifest V3
08:55 - Too Much Reliance on Third Parties
10:05 - Too Much Trust in Automatic Updates
12:55 - Too Much Trust in Third Parties

-----------
Support Switched to Linux!
-----------
Social Media:
🐦 Twitter: @switchedtolinux
🐸 Gab: @switchedtolinux
💡 Minds: @switchedtolinux
Reddit: /r/switchedtolinux
-----------

  1. Switched to Linux
  2. Switched to Linux
  3. Technology
  4. Privacy
  5. Linux
  6. Crowdstrike
Рекомендации по теме
What We Can 0:01:16

What We Can Learn From Leonardo

What We Can 0:03:21

What We Can Learn From Nature | Janine Beynus

Jane Goodall on 0:00:38

Jane Goodall on What We Can Learn From Chimpanzees

🚀 What you 0:16:51

🚀 What you can learn from Elon Musk? Uncovering the secrets of success

What We Can 0:02:07

What We Can Learn About Life From A Potato, Eggs, And Coffee ft. Jay Shetty

What can we 0:06:26

What can we learn from toddlers? ⏲️ 6 Minute English

What we can 0:01:43

What we can learn from counterfactual history

What We Can 0:01:00

What We Can Learn from Elite Athletes

From Rough Neighborhoods 0:00:55

From Rough Neighborhoods to Millionaire Success: What We Can Learn from NFL, NBA, and MLB Stars...

What we can 0:13:04

What we can learn about coronavirus from analyzing sewage water | COVID-19 Special

What we can 0:09:11

What we can learn from the African philosophy of Ubuntu - BBC REEL

How We Can 0:13:32

How We Can Learn As Adults | Rachel Wu | TEDxUCR

What we can 0:00:58

What we can learn from Peter and Andrew

What we can 0:04:09

What we can learn about someone in a brief encounter | Joanna Zhang | TEDxYouth@WISS

What We Can 0:01:52

What We Can Learn From Fish

Lessons we can 0:04:49

Lessons we can Learn from Nature | Matthew White | TEDxYouth@AISR

What we can 0:10:34

What we can learn from narcissists | Keith Campbell | TEDxUGA

Curtis Kelly - 0:41:57

Curtis Kelly - Keeping what matters: What we can learn from the neuroscience of learning

What We Can 0:03:08

What We Can Learn From Bees For Words As Sweet As Honey | Karen Ehman

What We Can 0:06:28

What We Can Learn From Iceland

5 Life Lessons 0:04:50

5 Life Lessons We Can Learn From the Wolves - Best Motivational Video

What We Can 0:03:23

What We Can Learn from Horses

Eckhart Tolle on 0:10:48

Eckhart Tolle on What We Can Learn from Betrayal

What we can 0:08:14

What we can learn from the story of Joseph!

Комментарии
Автор

Lots of people were yelling about crowdstrike 5 years ago. No one listened. I've been telling everyone I can about the dangers of over reliance on proprietary centralized systems longer than that. No one listens. And that's fine. Everyone is free to make their own decisions, including bad ones. Wheat and chaff and all that.

prorityfeed
Автор

Another real-world example, in a long line of examples, of why monopolies...I mean "centralization" is dangerous. And yet, nothing will change.

janice-ldpf
Автор

Isn't it funny how these companies end up living up to its name?

PhinAI
Автор

"unified security system" proceeds to destroy a boat load of computers around the world because of lack of proper testing.

HackManJay
Автор

"What We Can LEARN About the CrowdStrike Outage?"

"That anyone still using Windows is a complete fecking eejit."

terrydaktyllus
Автор

Hang on, so this happened before by the same company a few years ago?
And everyone still uses these clowns?

paulov
Автор

What we learn about this Outtage, is that we were right all the time about use Linux-base Operational Systems, Microsoft shows how fragile, obsolete and vulnerablie that old OS, and we shows that Closed Source Software are a

fabricio
Автор

"what can we learn"
DON'T BLOODY UPDATE DIRECTLY TO PRODUCTION.

asdion
Автор

And the fact CloudStrike moved its development to India in February 2024 I’m sure is in no way related to a bad code drop in July.


Right

shawngrinter
Автор

We were talking about this in the bar last night...

The objective of NIST Special Publication 800-53 is to provide a set of security controls that can satisfy the breadth and depth of security requirements levied on organizations, mission/business processes, and information systems and that is consistent with and complementary to other established information security standards

Organizations have the responsibility to select the appropriate security controls, to implement the controls correctly, and to demonstrate the effectiveness of the controls in satisfying established security requirements

The security controls facilitate the development of assessment methods and procedures that can be used to demonstrate control effectiveness in a consistent/repeatable manner—thus contributing to the organization’s confidence that security requirements continue to be satisfied on an ongoing basis

Use security controls to protect the confidentiality, integrity, and availability of information that is processed, stored or transmitted

security controls satisfy security requirements

...just my opinion

donjaksa
Автор

you don't have to trust anyone. that is the starting assumption for resilience planning. things break, ask what happens next and how do you cope.

grokitall
Автор

That graphic at 9.07 hilarious and hope things like planes and big ships don't use crowdsrike/windows of the comments here are gold.

minion
Автор

I agree with you point on automatic updates. The IT department of a company should be able to vet updates before it's deployed. If that was the case this disaster would not have happened. Any mistake of God forbid, security breach of a software vendor can cause massive damage

Johnny-esxg
Автор

You can stop the automatic install of OS updates in the developer settings of stock Android on pixel in developer settings. I don't use Graphine anymore but it's worth a look to see if it has an option as well

DavidJacka-icrd
Автор

Dave's garage has a good rundown on the Crowdstrike issue. is a retired Win 95 developer. he explains code is basically y run in kernel mode without being tested as Win normally does. Linux has ClamAV ; does it run in kernel mode or user mode ? btw nice coverage Tom on this issue..

rickforges
Автор

Apple doesn't allow kernel drivers by other people

jamespong
Автор

Off topic: its good to see NVIDIA drivers open sourced. What can we expect? Who would be working on that?

alekjwrgnwekfgn
Автор

any driver can kill any kernel.

the problem is that the kernel does not detect it and block it next reboot.

then the solution is to just power cycle the machine.

grokitall
Автор

Not sure which distro(s), but one or more of my Linux systems allowed for security updates only.

Nofanboyz
Автор

The issue is: don't push nothing directly to production. Test if first!
And beside that, many modern Linux Distribution comes with automatic updates enable and, worst, required a reboot.
Let me chosse whatever I want update or not ok?
Thanks.

gilbertnf
welcome to shbcf.ru