A faulty software update issued by cybersecurity firm CrowdStrike affected computers running Microsoft Windows, grounding flights and disrupting systems worldwide.
I’ve seen a weird number of people blaming Microsoft for this today, and an even weirder number of people making fun of people saying this isn’t on Microsoft
If you had a Samsung fridge, and you willingly put a bomb in the fridge, would you blame Samsung when your fridge explodes?
Microsoft gives you the freedom to install software that runs with the same level of privilege as the kernel itself. You’re the one that chose to install defective software, and then give it kernel level permissions. You put a bomb in your computer and now you’re blaming Microsoft after the bomb exploded.
Microsoft didn’t make the decision to allow the faulty input, the person who installed the software did, when they gave it permission to run in kernel mode.
It’s what happens when you put too many eggs in one basket. You see a similar house of cards when you look at package managers in the software dev space. Single point of failure.
The reality though is that Windows computers not running the CrowdStrike agent were not affected. This one falls on CS, but there is a much larger problem at play. Also, auto-updates are a plague, especially on a kernel level. That’s just insanity.
Yeah the issue is that so many companies were at the intersection of two monopolies – either one failing has catastrophic effects, and there’s no backup plan.
I mean any technology solution can suffer the same fate, but you would hope that it wouldnt be an issue at the same time if they’re separate tech stacks.
Well crowdstrike sent out an automatic update. Sure I won’t say that Microsoft is 0% to blame. They contract with these people for their product. But many people work with many tools and companies that turn out not reliable. It’s unfortunately a fact of life. This one turned out more catastrophic, and I doubt crowdstrike is going to be a well reputable company ever again tbh.
Sure Microsoft has some involvement in the actions that got to this point. But I would argue crowdstrike is 99% to blame
Because Microsoft isn’t responsible for every program that runs on their OS.
CrowdStrike is an EDR that enterprises choose to install. The bug was caused by a dodgy content bundle update, which is something that’s meant to be 100% safe but evidently they found and triggered a bug.
Microsoft is an insecure monopolistic grift. Hopefully it takes down capitalism with it.
I don’t disagree, but today the blame lies with CrowdStrike, not Windows. As much as I hate defending Windows.
I’ve seen a weird number of people blaming Microsoft for this today, and an even weirder number of people making fun of people saying this isn’t on Microsoft
Microsoft chose to work with these people and accepted their faulty input. How is it not Microsoft’s fault?
If you had a Samsung fridge, and you willingly put a bomb in the fridge, would you blame Samsung when your fridge explodes?
Microsoft gives you the freedom to install software that runs with the same level of privilege as the kernel itself. You’re the one that chose to install defective software, and then give it kernel level permissions. You put a bomb in your computer and now you’re blaming Microsoft after the bomb exploded.
Microsoft didn’t make the decision to allow the faulty input, the person who installed the software did, when they gave it permission to run in kernel mode.
Most of who got hit though was people who contracted with crowd strike directly though. Its not like Microsoft pushed crowdstrike onto people.
It’s what happens when you put too many eggs in one basket. You see a similar house of cards when you look at package managers in the software dev space. Single point of failure.
The reality though is that Windows computers not running the CrowdStrike agent were not affected. This one falls on CS, but there is a much larger problem at play. Also, auto-updates are a plague, especially on a kernel level. That’s just insanity.
Yeah the issue is that so many companies were at the intersection of two monopolies – either one failing has catastrophic effects, and there’s no backup plan.
A backup plan probably involves using some other company/service that can suffer the same fate 😭
I mean any technology solution can suffer the same fate, but you would hope that it wouldnt be an issue at the same time if they’re separate tech stacks.
The real solution is to not make anything that’s mission-critical reliant on Windows.
Well crowdstrike sent out an automatic update. Sure I won’t say that Microsoft is 0% to blame. They contract with these people for their product. But many people work with many tools and companies that turn out not reliable. It’s unfortunately a fact of life. This one turned out more catastrophic, and I doubt crowdstrike is going to be a well reputable company ever again tbh.
Sure Microsoft has some involvement in the actions that got to this point. But I would argue crowdstrike is 99% to blame
Because Microsoft isn’t responsible for every program that runs on their OS.
CrowdStrike is an EDR that enterprises choose to install. The bug was caused by a dodgy content bundle update, which is something that’s meant to be 100% safe but evidently they found and triggered a bug.