this post was submitted on 19 Jul 2024
9 points (100.0% liked)

linuxmemes

28540 readers
1740 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
  • Don't get baited into back-and-forth insults. We are not animals.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn, no politics, no trolling or ragebaiting.
  • Don't come looking for advice, this is not the right community.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
    • 5. 🇬🇧 Language/язык/Sprache
  • This is primarily an English-speaking community. 🇬🇧🇦🇺🇺🇸
  • Comments written in other languages are allowed.
  • The substance of a post should be comprehensible for people who only speak English.
  • Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
    • 6. (NEW!) Regarding public figuresWe all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.
  • Keep discussions polite and free of disparagement.
  • We are never in possession of all of the facts. Defamatory comments will not be tolerated.
  • Discussions that get too heated will be locked and offending comments removed.
    •  

    Please report posts and comments that break these rules!

    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

    founded 2 years ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    9
    IT outage: banks, airlines and media hit by issues linked to Windows PCs (lemmy.world)
    submitted 1 year ago by veganpizza69@lemmy.world to c/linuxmemes@lemmy.world
    23 comments fedilink hide all child comments
     

    A global IT outage has caused chaos at airports, banks, railways andbusinesses around the world as a wide range of services were taken offline and millions of people were affected.

    In one of the most widespread IT crashes ever to hit companies and institutions globally, air transport ground to a halt, hospitals were affected and large numbers of workers were unable to access their computers. In the UK Sky News was taken off air temporarily and the NHS GP booking system was down.

    Microsoft’s Windows service was at the centre of the outage, with experts linking the problem to a software update from cybersecurity firm Crowdstrike that has affected computer systems around the world. Experts said the outage could take days from which to recover because every PC may have to be fixed manually.

    Overnight, Microsoft confirmed it was investigating an issue with its services and apps, with the organisation’s service health website warning of “service degradation” that meant users may not be able to access many of the company’s most popular services, used by millions of business and people around the world.

    Among the affected firms are Ryanair, Europe’s largest airline, which said on its website: “Potential disruptions across the network (Fri 19 July) due to a global third party system outage … We advise passengers to arrive at the airport three hours in advance of their flight to avoid any disruptions.”

    https://www.theguardian.com/australia-news/article/2024/jul/19/microsoft-windows-pcs-outage-blue-screen-of-death

    top 23 comments
    sorted by: hot top controversial new old
    [–] azenyr@lemmy.world 4 points 1 year ago (3 children)

    Having half of the world depend on a corporate proprietary single company is the stupidest thing ever. They will learn nothing with this, sadly

    [–] ImplyingImplications@lemmy.ca 2 points 1 year ago

    Reminds me of when Canada lost internet to 12 million of it's 33 million people because one company messed up doing maintenance.

    [–] Thorry84@feddit.nl 2 points 1 year ago (1 children)

    While you are right, this outage has basically nothing to do with Windows or Microsoft. It's a Crowdstrike issue.

    [–] Diplomjodler3@lemmy.world 0 points 1 year ago (1 children)

    It also has to do with software updates being performed without the user having any control over them.

    [–] Thorry84@feddit.nl 2 points 1 year ago* (last edited 1 year ago) (2 children)

    Agreed, but again these updates were done by the Crowdstrike software. Nothing to do with Microsoft or Windows.

    In this case it was an update to the security component which is specifically designed to protect against exploits on the endpoint. You'd want your security system to be up to date to protect as much as possible against new exploits. So updating this every day is a normal thing. In a corporate environment you do not want you end users to be able to block or postpone security updates.

    With Microsoft updates they get rolled out to different so called rings, which get bigger and bigger with each ring. This means every update is already in use by a smaller population, which reduces the chances of an update destroying the world like this greatly.

    [–] Botzo@lemmy.world 1 points 1 year ago

    Best part? George Kurtz (crowdstrike CEO) won't be available for handling the fallout. He's busy racing this weekend.

    Car #04 in the entry list https://www.gt-world-challenge-america.com/event/95/virginia-international-raceway

    [–] cron@feddit.org 1 points 1 year ago (1 children)

    I absolutely expect vendors to push out new patterns automatically and as fast as possible.

    But in this case, a new system driver was rolled out. And when updating system software, I absolutely expect security vendors to use a staged rollout like everyone else.

    [–] Thorry84@feddit.nl 0 points 1 year ago (2 children)

    100% agreed, Crowdstrike fucked up with this one. I'm very interested to hear what went wrong. I assume they test their device drivers before deploying them to millions of customers, so something must have gone wrong between testing and deployment.

    Something like this simply cannot happen and this will cost them customers. Your reputation is everything in the security business, you trust you security provider to protect your systems. If the trust is gone, they are gone.

    [–] x1gma@lemmy.world 1 points 1 year ago

    I'm very interested to hear what went wrong.

    We'll probably never know. Given the impact of this fuck up, the most that crowdstrike will probably publish is a lawyer-corpo-talk how they did an oopsie doopsie, how complicated, unforseen, and absolutely unavoidable this issue has been, and how they are absolutely not responsible for it, but because they are such a great company and such good guys, they will implement measures that this absolutely, never ever again will happen.

    If they admit any smallest wrongdoing whatsoever they will be piledrived by more lawyers than even they'd be able to handle. That's a lot of CEO yachts in compensations if they will be held responsible.

    [–] thisbenzingring@lemmy.sdf.org 0 points 1 year ago (1 children)

    One time years ago, Sophos provided an update the blocked every updater on the machine. Each computer had to be manually updated. They are still in business. My point is that this isnt the first and wont be the last time it happens.

    [–] Thorry84@feddit.nl 1 points 1 year ago

    Yeah, I mean Microsoft can release something like Windows 11 and still be in business, so I don't expect a lot will change. But if you had any stocks in Crowdstrike, RIP.

    [–] drathvedro@lemm.ee 0 points 1 year ago (1 children)

    It's great to have alternatives. If it was all linux, and linux got hit, then it'd be the entire world in danger. Too bad M$ is just not good enough for it's second most popular position.

    [–] jj4211@lemmy.world 1 points 1 year ago

    Well, we got to see roughly something play out with the xz thing. In which case only redhat were going to be impacted because they were the only ones to patch ssh that way.

    Most examples I can think of only end of affecting one slice or another of the Linux ecosystem. So a Linux based heterogenous market would likely be more diverse than this.

    Of course, this was a relative nothing burger for companies that used windows but not crowdstrike. Including my own company. Well except a whole lot fewer emails from clients today compared to typical Fridays...

    [–] slazer2au@lemmy.world 1 points 1 year ago (1 children)

    Windows PC running Crowdstrike.

    [–] deathmetal27@lemmy.world 0 points 1 year ago (1 children)

    Shhh

    [–] jmcs@discuss.tchncs.de 1 points 1 year ago (1 children)

    The OS getting fully bricked because of a third party software update is still very much a OS level fuck up.

    [–] Robin@lemmy.world 1 points 1 year ago (2 children)

    Depends. Since this is security software it probably has a kernel driver component. I think in linux a 3rd party kernel module could do the same. But the community would not accept closed source security software, especially not in the kernel.

    [–] jmcs@discuss.tchncs.de 1 points 1 year ago* (last edited 1 year ago)
    [–] bjoern_tantau@swg-empire.de 1 points 1 year ago

    They even have a version for Linux, which is a kernel module.

    [–] Nikls94@lemmy.world 0 points 1 year ago* (last edited 1 year ago) (3 children)

    Everyone shitting on windows, yet this thing exists on Linux as well… I also started to dislike windows, yet this is not the time to be against windows users, this is to go against Cloudstrike together for even letting this happen.

    [–] doubletwist@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

    Exactly, the blame here is entirely on Crowdstrike. they could just as easily have made similar mistake in an update for the Linux agent that would crash the system and bring down half the planet.

    I will say, the problem MIGHT have been easier to fix or work around on the Linux systems.

    [–] ianhclark510@lemmy.blahaj.zone 1 points 1 year ago

    Citation needed, my NUC running Fedora made it through this without a hitch

    [–] renzev@lemmy.world 1 points 1 year ago

    I agree. I also think part of the blame can be placed on the system administrators who failed to make a recovery plan for circumstances like these -- it's not good to blindly place your trust in software that can be remotely updated.

    In Linux, this type of scenario could be prevented by configuring servers to make copy-on-write snapshots before every software upgrade (e.g. with BTRFS or LVM), and automatically switching back to the last good snapshot if a kernel panic or other error is detected. Do you know if something similar can be achieved under Windows?