So as we all know on the news, the cybersecurity firm Crowdstrike Y2K’d it’s own end customers with a shoddy non-tested update.

But how does this happen? Aren’t there programming teams and check their code or pass it to a quality assurance staff to see if it bricked their own machines?

8.5 Million machines too, does that effect home users too or is it only for windows machines that have this endpoint agent installed?

Lastly, why would large firms and government institutions such as railway networks and hospitals put all their eggs in one basket? Surely chucking everything into “The Cloud (Literally just another man’s tinbox)” would be disastrous?

TLDR - Confused how this titanic tits up could happen and that 8.5 Million windows machines (POS, Desktops and servers) just packed up.

  • Railison@aussie.zone
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 months ago

    Could a solution to this be any of the following:

    • Windows performing automatic driver rollback in the event of it reaching an unbootable state
    • Software vendors pushing out updates to a smaller pool of endpoints and monitor for heartbeat for 30 mins or so before releasing for all endpoints
    • A way for windows to expose the relevant data to trusted software without the software needing to operate in kernel space
    • Match!!@pawb.social
      link
      fedilink
      English
      arrow-up
      6
      ·
      5 months ago

      “Could a solution be any amount of basic sanity in software architecture” yes probably

    • Xavienth@lemmygrad.ml
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      Basically the second one is standard practice, a phased rollout. The only reason you wouldn’t do one is if there’s some really bad exploit that is currently being exploited and you need to fix it now now now. So either somebody fucked up and deployed a regular fucked update as a critical patch, or a critical patch was shoddily made and ended up soft bricking everyone.

      But idk i don’t work in tech.