this post was submitted on 21 Aug 2024
549 points (98.6% liked)

Technology

59267 readers
3561 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

It's not really criticism, it's competitors claiming they will never fuck up.

Not in all cases [podcast warning], sometimes it's just them pointing out they're doing silly things like how they test every update and don't let it out the door with <98% positive returns or having actual deployment rings instead of of yeeting an update to millions systems in less than an hour.

It's reasonable to criticize CrowdStrike. They fucked up huge. The incident was a fuckup, and creating an environment where one incident could cause total widespread failure was a systemic fuckup. And it's not even their first fuckup, just the most impactful and public.

Clownstrike deserves every bit of shit they're getting, and it amazes me that people are buying the bullshit they're selling. They had no real testing or quality control in place, because if that update had touched test windows boxes it would have tipped them over and they'd have actually known about it ahead of time. Fucking up is fine, we all do it. But when your core practices are that slap dash, bitching about criticism just brings more attention to how badly your processes are designed.

But also Microsoft fucked up.

How did Microsoft fuck up? Giving a security vender kernel access? Like they're obligated to from previous lawsuits?

And the clients, those who put all of their trust into Microsoft and CrowdStrike without regard to testing, backups, or redundancy, they fucked up, too

Customers can't test clownstrike updates ahead of time or in a nonprod environment, because clownstrike knows best lol.

Redundancy is not relevant here because what company is going to use different IDR products for primary and secondary tech stacks?

Backups are also not relevant (mostly) because it's quicker to remediate the problem than restore from backup (unless you had super regular DR snaps and enough resolution to roll back from before the problem.

IMO, clownstrike is the issue, and customers have only the slightest blame for using clownstrike and for not spending extra money on a second IDR on redundant stacks.