1y ago

CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed

www.neowin.net

A widespread Blue Screen of Death (BSOD) issue on Windows PCs disrupted operations across various sectors, notably impacting airlines, banks, and healthcare providers. The issue was caused by a problematic channel file delivered via an update from the popular cybersecurity service provider, CrowdStrike. CrowdStrike confirmed that this crash did not impact Mac or Linux PCs.

It turns out that similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company's software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.

Technology @lemmy.world

Hal-5700X @sh.itjust.works

1y ago

CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed

www.neowin.net /news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

Hacker News @lemmy.smeargle.fans

bot @lemmy.smeargle.fans

BOT

1y ago

CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed

www.neowin.net /news/crowdstrike-broke-debian-and-rocky-linux-months-ago-but-no-one-noticed/

61 comments

The analysis revealed that the Debian Linux configuration was not included in their test matrix.
You might as well say you don't support Linux.
"Crowdstrike's model seems to be 'we push software to your machines any time we want, whether or not it's urgent, without testing it'," lamented the team member.
I wonder how this shit works on NixOS.
- If I'm remembering right, RHEL is Crowdstrike's primary Linux target. And NixOS wouldn't even be a factor since it's basically just not enterprise grade.
  That said, they need a serious revision of their QA processes.
  
  RHEL, Ubuntu, & Debian cover the vast majority of enterprise installs I imagine, and provide a solid testing base for developers in the Linux business software space.
  Maybe you add Gentoo, some post-CentOS clones/forks, or other more niche industry/workload specific distros, but how you do skip Debian?
Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company's software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.
Hot take: maybe bossware is a fucking drain on society, and people should stop buying it.
- Yeah, but our leadership had a really nice lunch with their sales rep! Licenses for everyone!
  
  It's sad how accurate this is.
  
  After getting a referral from your cyber insurance rep right?
- Well, if the executive leech class wants workers to have bossware, there's not all that much people can do about it. Can't just decide to not use it if your employer demands it
  
  Worse, my employer doesn't care about this shit but our clients are demanding we have the bossware installed.
  
  I didn't mean the average worker. I meant the "executive leech class," because downtime of this scale means lost profits, which is something they care deeply about.
The software is not the problem. Software breaks all the time. The problem is monocultures and centralization. Building entire industry ecosystems all around a single point of failure. This is the just-in-time manufacturing supply chain disruptions and fragility all over again.
Who knew, a diverse ecosystem was a strength, not a weakness.
- The software is the problem if it's produced with a corporate mentality of "ship first, fix later".
  
  Yep, at this point the "security" companies can do with imitating malware development practices.
- Everyone got an MBA and failed to realize it was just corporate brainwashing.
- Nature has been telling us all long, but we don't listen!
"I don't test often but when I do I test on the entire planet"
rootkit doing rootkit things
- Oh but they did. Turns out that this is specifically caused by one driver expecting another to be installed, the other one being for another of their products. If you have the other product installed, it doesn't crash, so it didn't crash on their machines because they have all their products installed and apparently not a single element of their test matrix has the single most common configuration they service
  
  Do you have a source for that? I'm intrigued. Their own blog post is only talking about a "logic error".
It's a well assembled article, but mostly based on a few comments in a hackernews post from yesterday. I would like to know how widespread it was.
- Check the news
  It was everwhere
  
  I am not the author of the article.
The article implies that CrowdStrike issue impacted only Debian and Rocky 9.4. Debian I can see. But how did something impact Rocky but not RHEL itself or Alma or Oracle?
Is Rocky actually different from RHEL now? Their entire brand promise is that they are the same.
It also broke windows the other day…
😂
- Believe me, people noticed that one.
Nobody breaks Rocky ok (spoken in a gruff, low, mumbling voice)
@lemmeein I can't find any news about this. Just a statement in a forum and everyone basing subsequent articles on that. It appears to have been limited to a single company? Is there any support for this claim?
- Based on the article, it seems like the issue only happens on a specific distro. Is it only Rocky or other Debians?
  I wonder if other distros experience similar issues. Maybe linux based users don't even install CS at all and try to leave their OS as lean as possible.

61 comments