|
| ▲ | Kranar 4 days ago | parent | next [-] |
| Plenty of companies have gone bankrupt or lost a great deal of credibility due to a single bug or single failure. I don't see why CrowdStrike would be any different in this regard. The number of bugs/failures is not a meaningful metric, it's the significance of that failure that matters, and in the case of CrowdStrike that single failure was such a catastrophe that any claims they make should be scrutinized. The fact that we can not scrutinize their claim in this instance since the details are not public makes this allegation very weak and worth being very skeptical over. |
| |
| ▲ | otterley 4 days ago | parent [-] | | It is possible for a company to both suffer an operational incident and be outstanding at discovering security vulnerabilities at the same time. | | |
| ▲ | greyb 4 days ago | parent | next [-] | | It is possible. It's just not likely either. | | | |
| ▲ | Kranar 4 days ago | parent | prev [-] | | Sure, but this isn't one of them. | | |
| ▲ | otterley 4 days ago | parent [-] | | Are you saying CrowdStrike is inept at vulnerability research? If so, what evidence do you have? |
|
|
|
|
| ▲ | Kwpolska 4 days ago | parent | prev | next [-] |
| They didn’t just “ship a bug”, they broke millions of computers worldwide because their scareware injects itself into the Windows kernel. |
| |
| ▲ | mapontosevenths 4 days ago | parent | next [-] | | They probably killed people. I missed a medical appointment due to the outage. Mine wasn't life threatening. For some, it was. | |
| ▲ | Imustaskforhelp 4 days ago | parent | prev | next [-] | | The crowdstrike event might be so infamous event that it might be taught for atleast some decades for sure maybe even in permanence. | | |
| ▲ | dylan604 4 days ago | parent [-] | | That's a heck of a optimistic outlook for the future. Experience has taught me to be much more pessimistic about the future, especially when it comes to avoiding the repeating of the past | | |
| ▲ | DaSHacka 3 days ago | parent [-] | | I mean, we still cover the THERAC-25 incident in university CS courses |
|
| |
| ▲ | otterley 4 days ago | parent | prev [-] | | Unfortunately until Windows changes, the best way for them to serve customers is to continue to inject kernel code. (This is no longer needed or even permitted with macOS.) They did screw up operationally, but one problem made the other much more likely and dangerous. | | |
| ▲ | baq 4 days ago | parent | next [-] | | Why limit yourself to Windows? My enterprise-issued mac is very noticeably slower and suffers from weird crashes and reboot-fixes-things issues that my own personal mac has never had. | | |
| ▲ | otterley 4 days ago | parent [-] | | Because Windows was the sole OS impacted by last year's incident. | | |
| ▲ | yangff 3 days ago | parent [-] | | they also screwed up Linux before they did that on windows.. The problem here is they are a spyware that pushes whatever code they want to your (precisely your company) devices without test etc. It's just a matter of time for it to blow up. | | |
|
| |
| ▲ | mapontosevenths 4 days ago | parent | prev [-] | | > They did screw up The word you're looking for is negligence. The lives of human beings were at stake and they YOLO'd it all by not performing a phased rollout. |
|
|
|
| ▲ | hollowonepl 4 days ago | parent | prev | next [-] |
| Yes, sometimes companies have only one chance to fail. Especially in cyber security when they fail at global scale and politics is involved. |
| |
| ▲ | otterley 4 days ago | parent [-] | | They’re still a going concern with plenty of customers; in business terms they’re still wildly successful. They seem to have not lost much trust among buyers in the long term. | | |
| ▲ | hollowonepl 3 days ago | parent [-] | | That's fine. I'm not on a personal crusade punching them. At company I work for we have had different solutions when the incident happened and it seems that was smart move. |
|
|
|
| ▲ | fathermarz 4 days ago | parent | prev | next [-] |
| Also they got hit with the most recent supply chain attacks on NPM. They aren’t exactly winning the security game. |
|
| ▲ | torginus 4 days ago | parent | prev | next [-] |
| If you're interested, I was on a business trip and couldn't get on the plane when the bug happened and all flights were cancelled. Almost had to sleep on the street, since most hotels had electronic booking which also went down. Finally managed to get a shack on the edge of town ran by an old couple who probably never used computers much before. |
| |
| ▲ | greyb 4 days ago | parent [-] | | Similar happened to me. It's ridiculous to make the claim that a business should be able to make avoidable errors that ruin lives and disrupt societies, and we should pretend that they are worthy of reconsideration without having learned or proven that they've learnt from such a credibility ending cowboy move. |
|
|
| ▲ | serial_dev 4 days ago | parent | prev | next [-] |
| CrowdStrike is also the company behind Russiagate. In some circles, it’s considered that they were not completely honest actors, to say the least. My understanding is that the FBI didn’t directly seize the DNC’s physical servers; instead, they relied on CrowdStrike’s forensic images and reports. This is unusual and they could have withhold evidence that didn’t fit “the narrative”, being that Donald Trump is a Russian asset. To ELI5 what could be implied here, they will say whatever the intelligence agencies and the deep state want them to say, creating negative coverage about Chinese technology is kind of their MO. Allegedly. But as I’m reading the other comments, they have quite a lot of notorious f ups, so I could be wrong. |
| |
| ▲ | mapontosevenths 4 days ago | parent | next [-] | | These are serious allegations. Can you show evidence of any malfeasance? | | |
| ▲ | serial_dev 4 days ago | parent [-] | | These are not my allegations, I’m responding to a question “Sorry, what exactly is the implication here?”. Check the thread. | | |
| ▲ | mapontosevenths 4 days ago | parent [-] | | Thanks. I missed some context earlier. I would still love to see some sort of source for the allegations. It sort of smells like the evidence didn't come out the way some people hoped so they blamed the investigators. Thats fair, if there's evidence to support the stance. |
|
| |
| ▲ | michaelmrose 4 days ago | parent | prev [-] | | It is unproven that Trump is literally a Russian spy although that was not at the time even asserted. The entire issue was that Trump's campaign met with literal Russian spies at a time when Trump was in fact in the building although not verifiably at said meeting. The Russians received data useful insofar as targeting the American people with disinfo. Subsequently Trump called for the Russians to attack the Democrats. They did. They also appear to have targeted the American people with disinfo which could have been aided by the data supplied to them. Ultimately Trump's position towards Russia has evolved into an uncharacteristically and uniquely favorable position for an American president. If he isn't an actual asset he certainly at least collaborated and communicated with them as a fellow traveler with similar aims at odds with the actual geopolitical aims of America as a nation. |
|
|
| ▲ | jampekka 4 days ago | parent | prev | next [-] |
| It's probably referring to CrowdStrike's role in the "Russia Gate". |
|
| ▲ | netsharc 4 days ago | parent | prev [-] |
| If you look back at the discussions of the bug, there were voices saying how stupidly dysfunctional that company is... Maybe there's been reform, but since we live in the era of enshittification, assuming they're still a fucking mess is probably safe... |
