• A global Microsoft Windows outage, caused by a CrowdStrike software update, has disrupted airlines, banking services, and 911 lines, leading to grounded flights and long queues.
  • The issue resulted in many systems experiencing the “Blue Screen of Death” (BSOD), affecting major carriers and airports worldwide, and also impacted the London Stock Exchange and Australian banking systems.
  • CrowdStrike has identified and isolated the defect, deploying a fix, but recovery is expected to be slow due to the need for manual intervention on affected devices.
  • N3Cr0@lemmy.world
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    1
    ·
    4 months ago

    And that’s why the IT dept needs to test all software updates before rolling them out on the productive systems.

    • themeatbridge@lemmy.world
      link
      fedilink
      English
      arrow-up
      61
      arrow-down
      3
      ·
      edit-2
      4 months ago

      Yeah, a lot of people are (understandably) mad at Crowdstrike right now, but I want to drag some c-suite executives into a conference room and impress upon them the value of allocating budget for test environments and disaster recovery. Banks, airlines, service providers, these aren’t mom-and-pop bakeries and plumbers who don’t have time for all that nonsense. Every service that went down should be looking for the fuckwit in their organization, and they’re probably in the executive lounge. Anyone can make a mistake, but it takes dedication to systematically ignore the best advice of top experts in the field and run your infrastructure on a shoestring budget.

      • elvith@feddit.org
        link
        fedilink
        English
        arrow-up
        15
        ·
        4 months ago

        … value of allocating budget for test environments and disaster recovery …

        I mean, they do have a test environment. Everyone does have one!

        They’re just missing a separated production environment…

      • Crackhappy@lemmy.world
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        1
        ·
        4 months ago

        Man, money for a test environment is pretty low on my list of priorities right now. I’m trying to row a 20 man boat with one other person.

    • NOT_RICK@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      1
      ·
      4 months ago

      Nah real men commit straight to prod. Why yes, I do have 13 bastard children, condoms are also for cowards

    • Ok_imagination@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      If they’re as slow to roll out the updates to CS as they are the rest of the updates we’ll be a year behind on CS updates haha.

      • BarbecueCowboy@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        4 months ago

        Been awhile since we’ve POCed Crowdstrike, but I don’t think you can set the cadence on updates for Crowdstrike. I believe Crowdstrike enforces auto-updates, it was at least the default setting.

    • Praise Idleness@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      4 months ago

      afaik It wasn’t a software update that we all think. It was a content update that you can’t even delay update(I’m assuming it’s fordidentifying new viruses…etc). Updating software itself can be delayed and was usually being tested by IT guys before doing so. Content update however seemed harmless and wasn’t the case.

      Crowdstrike fucked up. There seems to be nothing mucy IT depts could’ve done.

  • Montagge@lemmy.zip
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    26
    ·
    4 months ago

    Who knew that having one operating system running everything would be a bad idea

    • CalcProgrammer1@lemmy.ml
      link
      fedilink
      English
      arrow-up
      64
      ·
      4 months ago

      Who knew that allowing, no, PAYING third parties to inject whatever the fuck they want encrypted proprietary binary blobs into the highest privilege and most dangerous level of your operating system without any user acknowledgement or third party code review could possibly have negative consequences?

      This is also why we shouldn’t be allowing kernel anticheat games on our PCs by the way. One day Crowdstrike, the next day it could be Riot Vanguard. Proprietary shitware has no place in your kernel (though in Windows’ case the entire kernel itself is proprietary, maybe do something about that next).