Ah yes, let's ship a kernel driver that parses update files that are pushed globally simultaneously to millions of users without progressive staging, and lets write it in a memory unsafe language so it crashes if an update is malformed, and let's have no automated boot recovery mechanism to disable things after a few failed boots. What could possibly go wrong?
🤦♂️
reshared this
#Diversity #Ableismus #Inklusion
Jens #Spahn hatte als #Gesundheitsminister versucht, invasiv beatmete (Schüler, (Ehe-)Partner, Freunde, Kollegen, Großeltern und mehr) in Unterkünften zu sammeln, wo sie ihrer sozialen Kontakte beraubt würden und objektiv ihre Lebenserwartung stark verringert würde. #Solidarität rettete Leben und Existenzen.
Today at 10:15 MDT (16:15 UTC), Philip Chimento, Andy Holmes, and Evan Welsh and others will present the latest JavaScript technologies available in the GNOME stack for the crowd at GUADEC 2024
events.gnome.org/event/209/con…
#guadec #guadec2024 #gnome #igalia #gjs #javascript
Chris 🌱 :verified_purple: reshared this.
Dear #Linux elitists
, just stop. It's not pretty.
PS. Not all Windows users are suffering the outage, do educate yourselves. You know who you are...
reshared this
Überlegungen zum #FahrradFreitag
Jetzt könnte man sagen, es kollidieren Interessen im August - die #CMKoeln vs. @SheDrivesMobility
Ob die #FahrradbubbleKöln eine Begegnung der beiden Veranstaltungen hinbekommt? Vielleicht radelt die #cmcologne ja gegen 18.15h über die Universitätsstraße, dumdidum. Und #katjadiehl, @kidicalmasskoeln und @radkomm holen gerade nochmals etwas frische Luft am #AlbertusMagnus -Denkmal, dumdidum.
@fahrradkoeln, wie steht's?
Katja, wäre das möglich?
#GUADEC2024 starts today! Take a look at the full schedule and plan your day: events.gnome.org/event/209/tim…
Make sure to register and check your email for the livestream and chat links: events.gnome.org/event/209/reg…
We’ll see you for the Welcome in Track 1 at 16:00 UTC!
#GUADEC #GNOME
But Miki, people die when doctors don't wash their hands, software bugs are far less serious.
> Reportedly there is at least one hospital that had their entire health system go down during a heart attack surgery. This is due to the affected components being written in C++, the only programming language where these vulnerabilities regularly happen.
xeiaso.net/shitposts/no-way-to…
"No way to prevent this" say users of only language where this regularly happens
Xe Iaso's personal website.xeiaso.net
"No way to prevent this" say users of only language where this regularly happens
xeiaso.net/shitposts/no-way-to…
"No way to prevent this" say users of only language where this regularly happens
Xe Iaso's personal website.xeiaso.net
reshared this
#Libervia se joint aux autres signataires de la lettre ouverte pour soutenir #NLnet/le programme #NGI qui se voient couper le financement pour 2025.
C'est grâce à ce programme que je peux travailler actuellement à plein temps sur le projet, et que nous avons pu implémenter:
- la passerelle #ActivityPub <=> #XMPP
- le chiffrement de bout en bout à l'état de l'art
- Les appels audio/video 1:1, contrôle à distance et conferences (travail en cours)
Many years ago, when I came to the hospital about to give birth, I was initially rejected because I was silent and smiling. I was told: ‘See that woman across the hall? She’s screaming - she’s in labor. You’re calm, you’re not.’ I had to insist to be checked, and turned out I was much further in labor, and my kid was born a couple of hours after that. I just was used to pain, and was taught to not make other people uncomfortable with my struggles.
Don’t get me wrong: screaming is good! Being able to ask for help is good and healthy! Being able to express your emotions, your feelings, your pain in a clear way understood by others is what it has to be.
But don’t assume that if someone is silent - they’re fine, if someone is smiling - they’re not in pain, if someone is going willingly - it’s easy for them. Yes, it may be unhealthy tactics, yes they maybe need to learn to ask for help and so on. But. Right now, right there someone who looks so positive may be suffering inside. Don’t dismiss. Don’t reject just because they don’t seem to be the struggling one.
reshared this
Someone has finally been done in modern times for *checks notes* "Handling a Salmon under Suspicious Circumstances"
bbc.co.uk/news/articles/cd1740…
Fisherman fined for hiding salmon up sleeve in 'suspicious circumstances'
Angler Stephen Samuel is punished for "handling salmon under suspicious circumstances"Adam Hale (BBC News)
Fortunately not bit by this but it did make me curious
BBC is doing extraordinary coverage of the #outtage
The ticker is followed by special live reporting worldwide bbc.com/news/live/cnk4jdwp49et…
IT outage live updates: Planes grounded as mass worldwide issue hits airlines, media and banks
The cause of the outage is unclear, but American Airlines tells the BBC its flights are not taking off due to an issue with Crowdstrike cybersecurity software.BBC News
The sheer horror with which the reporter mentioned having to use a pen is just sad, not extraordinary.
Seirdy reshared this.
The initial Post Incident Review is out from CrowdStrike. It’s good and really honest.
There’s some wordsmithing (eg channel updates aren’t code - their parameters control code).
The key take away - channel updates are currently deployed globally, instantly. They plan to change this at a later date to operate in waves. This is smart (and what Microsoft do for similar EPP updates).
crowdstrike.com/falcon-content…
Falcon Content Update Remediation and Guidance Hub | CrowdStrike
Access consolidated remediation and guidance resources for the CrowdStrike Falcon content update affecting Windows hosts.CrowdStrike
By ‘this is smart’ I mean ‘this is smart… now’. Obviously they shouldn’t have been globally, simultaneously deploying kernel driver parameter changes across all customers: it was waiting to go wrong.
They still are btw, as it will take a while to engineer the correct way of doing it.
OK, so plugin module, the stupid question of mine still persist.
The mechanics how it happened is as you've described and what I am wondering is, whether ANY change to such component, which is hooked too deep in the system, should not be run only if signed (and reviewed before) by Microsoft.
theguardian.com/technology/art…
CrowdStrike global outage to cost US Fortune 500 companies $5.4bn
Banking and healthcare firms, major airlines expected to suffer most losses, according to insurer ParametrixNick Robins-Early (The Guardian)
If you want to know something crazy:
- This year TCS migrated their EDR to CrowdStrike
- Then they announced a strategic partnership with CrowdStrike
- Then they lost all their systems
- They’re just finishing recovery today, 6 days in
- Then they got a $10 Uber Eats voucher
- …which got cancelled due to Uber flagging CrowdStrike’s account as fraudulent
Questions for your EDR providers (do not assume they are experts in availability):
- What are your different update processes?
- How do you test them?
- Do you dogfood test them?
- Do you roll them out in waves? What are the details, eg what percentages and when?
- Do you monitor failures and roll back?
2024-07-22 CrowdStrike Holdings, Inc. Cybersecurity Incident
CrowdStrike Holdings, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-07-22 17:27:44 EDT.www.board-cybersecurity.com
Microsoft are talking about changes to Windows after the CrowdStrike incident. Good.
theverge.com/2024/7/26/2420671…
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft has started responding with changes it wants to see in the wake of the CrowdStrike botched update. It looks like Windows kernel access is on the agenda.Tom Warren (The Verge)
There’s a really good discussion on @riskybusiness’s YouTube show about the CrowdStrike incident.
About the 3 minute mark @alex made me realise I was far too kind to CrowdStrike. He rightly rips them apart.
Why CrowdStrike's Baffling BSOD Disaster Was Avoidable
Risky Business host Patrick Gray talks to SentinelOne's Chris Krebs and Alex Stamos about CrowdStrike's baffling failure and what it means for the wider secu...YouTube
Delta are looking to sue CrowdStrike and Microsoft. HT @hrbrmstr
cnbc.com/2024/07/29/delta-hire…
Delta hires David Boies to seek damages from CrowdStrike, Microsoft after outage
Delta has hired prominent attorney David Boies to pursue potential damages from CrowdStrike and Microsoft after a mass outage earlier this month.Jordan Novet (CNBC)
Re the Delta case - the lawyer they’ve hired successfully sued Microsoft previously on behalf of the US government, and the decision was upheld on appeal too. The ruling almost lead to the breaking up of Microsoft.
The following US government backed out of the case.
Bill Gates said at the time the lawyer was “out to destroy Microsoft”.
So there’s a chance here the CrowdStrike incident may end up having implications across vendor industry around warranties etc, we’ll see.
Replacing an XDR platform at scale takes some time, so if you’re wondering what the translation of Elon’s tweet about Crowdstrike is:
Elon: can we replace Crowdstrike?
Somebody: yes, we’ll begin looking into it but..
Elon: job done
Of course.. given how the Twitter takeover happened maybe he just got them to uninstall it and #yolosec
Delta’s CEO has confirmed they plan to take legal action against CrowdStrike after incurring a $500m loss
6 minute video interview: cnbc.com/2024/07/31/delta-ceo-…
Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million
Bastian told CNBC's "Squawk Box" on Wednesday that the carrier would seek damages from the disruptions, adding, "We have no choice."Leslie Josephs (CNBC)
CrowdStrike: Tech firm sued by shareholders over IT global outage
A faulty update by the cyber-security firm last month caused chaos around the world.João da Silva (BBC News)
Here's the Delta boss on his thoughts about the CrowdStrike incident.
They had 40k Windows Server boxes alone, all with BitLocker full disk encryption enabled, all of which wouldn't boot and weren't fixable without manually unlocking BitLocker. That had gone all in with CrowdStrike + Microsoft's most premium offerings.
He has a really good point about how tech companies have become obsessed with growth as their only metric of success, and customer satisfaction is not on the radar.
There's a really mad moment in that interview where they ask them what assistance CrowdStrike have offered, and he essentially says nothing, not even a lunch voucher.
What a time to be alive.
CrowdStrike complained to Cloudflare about a CrowdStrike parody site… and Cloudflare took it down. Without a court order. clownstrike.lol/crowdmad/
Cloudflare recently announced they have become a strategic partner with CrowdStrike: cloudflare.com/en-gb/press-rel…
David Goldfield reshared this.
Reports suggest that Sky News has also been affected, leaving many to beg Microsoft to not fix the outage.
NBN users in Australia have yet to notice the outage, thinking it is just the NBN running at normal speed.
chaser.com.au/general-news/bre…
BREAKING: Internet – The Chaser
Many have been accused of 'Breaking the internet' in the past, but only Microsoft and CrowdStrike have managed to actually do it.John Delmenico (The Chaser)
❌Un fallo de Microsoft provoca una caída internacional de servicios de transportes, bancos y emergencias
💻Una interrupción del servicio vinculada a la firma de ciberseguridad Crowdstrike y Windows ha paralizado la actividad de decenas de miles de empresas públicas y privadas poniendo de relieve la dependencia del oligopolio tecnológico
elsaltodiario.com/tecnologia/f…
Un fallo de Microsoft provoca una caída internacional de servicios de transportes, bancos y emergencias
Una interrupción del servicio vinculada a la firma de ciberseguridad Crowdstrike y Windows ha paralizado la actividad de decenas de miles de empresas públicas y privadas poniendo de relieve la dependencia del oligopolio tecnológico.www.elsaltodiario.com
La entrega de las administraciones públicas a Microsoft: 793 millones en contratos para licencias y servicios
elsaltodiario.com/tecnologia/a…
La entrega de las administraciones públicas a Microsoft: 793 millones en contratos para licencias y servicios
Los discursos corporativos sobre la modernización digital del sector público, recogidos en el Real Decreto-ley 36/2020, esconden la entrega a empresas privadas de la gestión de la infraestructura creada con los datos de toda la ciudadanía.www.elsaltodiario.com
Ondřej Caletka reshared this.
We are pleased to be one of the many projects supported by the EU's NGI programmes, with NLnet's contribution.
Open, decentralized solutions are essential for user freedom on the Internet and for the resilience of our services. What would happen if one of these centralized services were blocked tomorrow?
The NGI programmes are a strength, let's hope they continue: pad.public.cat/lettre-NCP-NGI
Notice from the Admiralty
We are aware that some battlemech pilots engage in so-called "dance-offs" in their spare time. We have allowed this as harmless fun.
However, after seeing the viral clip of Jaeger-845D and Jaeger-922H do the tango we must make a public statement:
Woof!
[The Royal Fistula – Party like 1660](partylike1660.com/the-royal-fi…)
The Royal Fistula
Louis XIV was, as everyone else, plagued by the occasional illness. He had the smallpox as child and nearly died, he had a form of typhoid fever and nearly died, he had measles, fevers, colds, gout, bad toothaches…..Party like 1660
Today at 1600 CEST I'm going to be talking about gobject-introspection at the mini-GUADEC; the talk will also be broadcast at GUADEC in Denver tomorrow, at 13:45 MDT:
events.gnome.org/event/209/con…
Thanks to Igalia for allowing me to participate!
#gnome #guadec #guadec2024 #igalia
If you are in Denver, make sure to attend the presentations from my colleagues as well!
- "Developing WebKitGTK Made Easy", by Patrick Griffis
- "Calendaring in the modern desktop", by Georges Stavracas
- "Making WebKitGTK accessible again", by Georges Stavracas
- "The Newest JavaScript Technologies in GNOME", with Philip Chimento
#gnome #guadec #guadec2024 #igalia
#WelcomeToFriday
modulux
in reply to Iván Rivera :veritrek: • • •