- cross-posted to:
- programmer_humor@programming.dev
- cross-posted to:
- programmer_humor@programming.dev
funny thing is I, and probably most people, had never even heard that there was something called “CrowdStrike” until Friday of last week
On Friday, as we were running around the hospital where we work trying to get every computer working again, we were following the work-around to rename the Crowdstrike folder under C:\Windows\system32\drivers to “bad-CrowdStrike”.
When my coworker was typing the rename command, instead of typing “cro TAB”, he started typing “clo TAB”. He’d ask me why it wasn’t finding it, and I’d point out the typo.
I started saying, it’s not “CloudStrike”, it’s “CrowdStrike”.
By the end of the day, we were both a little loopy. I started typing “CloudStrike”, and cursing him out for screwing with my head. By the end of the day I wasn’t sure what it was either.
CloudStrike
CrownStrike
ClownStrike
It occurred to us that CrowdStrike is an absolutely terrible name. It sounds like a terrorist attack. Of course, it felt like one on Friday.
It occurred to us that CrowdStrike is an absolutely terrible name. It sounds like a terrorist attack. Of course, it felt like one on Friday.
When I first heard about what was going on, I assumed that “CrowdStrike” was not the name of the software/company, but rather some sort of advanced DDOS-like attack where they used systems they’d previously hacked and had them all do the same thing at once to another target.
So why is this considered a crowdstrike issue and not a Microsoft fuckup?
Windows: exists
Crowdstrike: stabs
You: why would Microsoft stab themselves?
To be fair, kernel level access by third party software is kind of frowned upon in the Linux world. Ask any desktop Linux user how they feel about NVIDIA (the only third party kernel code an average Linux user will install) and their drivers randomly causing strange issues on their systems up to and including kernel panics compared to the experience on AMD where the driver is open and built into the kernel itself. For security software that needs low level visibility, there is eBPF, direct kernel level access isn’t needed (though I believe CrowdStrike uses it, and thay actually did CrowdStrike Debian and Rocky Linux systems some time back).
MacOS blocked the majority of kernel extensions a few years ago as well.
Windows is the only OS where it has been designed in a way where kernel level access is the rule rather than the exception. So design flaws are at least partially at fault here.