Skip to main content

Search

Items tagged with: Crowdstrike


For the love of everything that’s good please stop sharing links to Zach Vorhies’ X thread “analyzing” the #CrowdStrike bug by explaining null pointers exception with no evidence that’s what actually caused the outage. At the end he goes off on his usual rant that only white men should be allowed to code he became famous for in the first place.

He might be technically right but nothing is worth spreading his parting bile further. Several online news article have already taken the bait.


In an unexpected turn of events, a sensible take on #Crowdstrike from the Orange Site.
Screenshot of a Hacker News comment. Text follows:

So CrowdStrike is deployed as third party software into the critical path of mission critical systems and then left to update itself. It's easy to blame CrowdStrike but that seems too easy on both the orgs that do this but also the upstream forces that compel them to do it.
My org which does mission critical healthcare just deployed ZScaler on every computer which is now in the critical path of every computer starting up and then in the critical path of every network connection the computer makes. The risk of ZScaler being a central point of failure is not considered. But - the risk of failing the compliance checkbox it satisfies is paramount.
All over the place I'm seeing checkbox compliance being prioritised above actual real risks from how the compliance is implemented. Orgs are doing this because they are more scared of failing an audit than they are of the consequences failure of the underlying systems the audits are supposed to be protecting. So we need to hold regulatory bodies accountable as well - when they frame regulation such that organisations are cornered into this they get to be part of the culpability here too.


#Crowdstrike #oopsie explained over on X: Null pointer. Le sigh. https://threadreaderapp.com/thread/1814376668095754753?refresh=1721471819


“Global IT outage” should not be a concept that exists.

This has nothing to do with windows vs linux or whatever, it’s about how introducing a single point of failure is a terrible idea. A single entity should not have the power to fuck things up this badly.

#crowdstrike


Recent #cybersecurity incident around #CrowdStrike and #Windows #Azure shows the problem around monocultures and control over its one technology.

It is important for Europe to evaluate own dependencies and support administrations, business and citizens alike to run secure IT. For this #softwarefreedom plays an important role.


Ich finde ja, dass #Crowdstrike so ein bisschen wie ein Hashtag klingt, unter dem man einen weltweiten Generalstreik organisiert… | #Blah