• Aniki 🌱🌿@lemmy.zip
    link
    fedilink
    English
    arrow-up
    49
    arrow-down
    11
    ·
    3 months ago

    Waiting for the MS apologists to say this is a Crowdstrike problem or some other fucking dumbass shit.

    Microsoft by and large are just computational cancer at this point. Bloat, crud, fud, and junk.

      • gravitas_deficiency
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        3 months ago

        Well… yes and no.

        The fact that Crowdstrike very obviously and intentionally fuzzed the line between ring 0 drivers and app metadata simply could not have been done without MS’s tacit (at the very least) approval. The initial version where Cloudstrike introduced that side loading threat definition update vector should have been flagged as an issue - more specifically, they should have held them to a FAR more rigorous testing and resiliency standard than they were. This is fairly standard practice (and in many cases enforced as regulatory measures) for highly critical systems and components in a lot of industries, and I’ve worked in two of those industries.

        • hatedbad@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Microsoft creates secure boot: “we should be able to run whatever we want on our hardware!”

          Microsoft lets users install crowdstrike on their computer: “Microsoft shouldn’t let us run this on our hardware!”

          • gravitas_deficiency
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            3 months ago

            Way to miss the nuance lol

            What I’m saying is that if a system claims to rigorously validate code that runs in a particular sensitive domain (here, ring 0), it should actually rigorously validate code. This was a process failure at the end of the day.