Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Patroncast - S04E29 - Could the CrowdStrike outage have happened to Linux? Yes and no (Patreon)

Published:
2024-07-22 10:41:38
Imported:
2024-07

Downloads

Content

Hey everyone!

In this one, I discuss the recent Crowdstrike issue, mostly from a "how does this type of stuff happen" perspective, but also looking at ow it could have, or couldn't have affected Linux (spoiler: it could and couldn't at the same time), and finally, I'll talk about the "fixed kernel version" model which is relevant to this conversation, I swear.

I'll conclude by a few funny things that happened in the wake of this incident.

I hope you'll enjoy, and as always, if you have deeper knowledge of the problem, let me know!

Comments

Steve C

Very well explained! Although I'm not sure I'd say it isn't a "rant". ;-) It should be absolutely a red flag when anything needs kernel level privileges. Performance obsession is our enemy. That's on users and consumers, because we all obsess over performance, and corporations, being afraid of bad benchmarks, are forced to pull out all the stops to maximize performance. The tricks they have to use almost always compromise or cripple security.

UsernamesAreHard

Pretty interesting patreoncast. I didn't consider that distros using older kernels wouldn't have the manpower to properly backport bugfixes in the kernel they use compared to the kernel development team working on a newer kernel. This makes me wonder now, how bad is it that Android devices and Chromebooks usually use very old Linux kernels, Samsung and Google probably have a lot more manpower to do bugfixes but it's probably costly for them, so how secure is the kernel on smartphones really?

Stephen Linsley

I’m not a Linux developer, however I develop control system software, for machinery, with a lean towards open standards. Popular vendors and their software have been known to be attacked from external sources with Malware etc. I have seen the same problems in my industry, where people just say we want everything from brand ‘X’. This leads you to vendor lock in and also system reliance, as there are never any backup plans put in place to work around not being able to repair or replace hardware or software. As a minimum, any customer or business needs to be able to take one piece of their system off and replace it with another open source type component and be up and running in a matter of a couple of hours. But in my industry no one plans for this and no one has the ability to do it when they need to. The I.T industry isn’t alone in a Crowdstrike type of situation.