132
Crowdstrike takes out last remaining threat vector (the users)
(infosec.exchange)
The machines, now inaccessible, are arguably more secure than before.
Fair warning that I'll be ranty because I hate losers talking about DEI hires.
This is a huge assumption. ~~The last rumor I've read from actual cybersecurity people is that Crowdstrike's update files were corrupt~~ (update: disproven by Crowdstrike's blog post). If this is true it's likely still from programmer error at some level, but maybe not as simple as "whoopsie I forgot an
if (data == nullptr)teehee".He, like the rest of us that don't work at Crowdstrike, has no idea what happened. I have seen computers do the weirdest gosh darn things. I know better than to assume anything at this point. I wouldn't even rule out weird stuff like the data getting corrupted between release qualification and release yet.
This thread is full of these sorts of small technical inaccuracies and oversimplifications so I won't point out all of them, but nothing in the C++ standard requires null pointers to refer to memory address 0x0. Nor does it require that dereferencing a null pointer terminates the program.
Windows died not because C++ asked it nicely to, but because a driver tried to access an address which wasn't paged in.
The funny thing about accessing into non-paged memory in kernel space:
(If this was a simple nullptr dereference on bad input data then perhaps a fuzzer would have helped. Fuzzers are great though I have no idea how hard they are to use with kernel drivers)
Dude would probably call me a "DEI hire"; but I bet I could beat him in a C++ deathmatch so neener neener.
@sailor_sega_saturn And given enough time and enough scale even the most improbably weird things will eventually happen. Update file corrupted by a storage controller that flips a couple of bits at random after every 720 hours of uptime but only if it’s 23.682 seconds after the hour? Weirder shit has happened.
@m @sailor_sega_saturn
Builds failing, but only at the new office, and only if you tried to build from scratch.
Funny, the Windows network crew that operated the network and suddenly had to operate NFS over UDP on their network, never really realized that their switches were only capable of half-duplex operation. But announced full-duplex. And these Linux boxes fully used that. And big UDP packages used by NFS under load got corrupted.
@m @sailor_sega_saturn
Took a f%cking nightshift of the CTO (German company, so the CTO had PhD in C.S. and still remembered hacking C++ code) and the resident external IT consultant working on the C++ code getting frustrated with the builds crashing and literally debugging the whole shebang to discover that beside a ton of C++ memory bugs, we also had a network issue.
@m @sailor_sega_saturn And philosophically, I've been now for a decade in "automatic data entry from 3rd parties", ETL (nice phrasing for industry level web scraping and data clean-up).
Literally, what I've seen (and sometimes, as I've also done website development, one wonders what the f%ck the dear colleague was thinking while (s)he developed THAT. Or I want the drugs they were on, that must have been a great trip.), nothing is unthinkable in IT.