it was a "glitch"? Really?
I haven't checked if I will be able to get money from some of our banks but the Inquirer reports that the local internet/airplane problems are quickly being solved.
so a big company called Crowdstrike shut down a lot of the internet for businesses, banks, and travelers. A simple line of error in an update. A simple mistake?Seems to be a lot of them going around lately.
There have been a lot of Crowdstrike conspiracy theories in the past, about Hillary and about the Ukraine... yup. Alex Jones territory. But you know, sometimes Alex is right, and THAT scares me.
So what is going on? I don't mean the usual paranoid conspiracy theories that pop up all the time, and which one should ignore, but one does wonders who benefits from this mistake.
Investopedia notes that someone shorted stocks before this happened and will get rich.
CrowdStrike (CRWD) short sellers made more than $373 million Friday after a defective update sent out by the cybersecurity company caused a global IT outage for Microsoft (MSFT) Windows hosts, according to research firm S3 Partners.HMMM...
Sifting through the conspiracy theories on FreeRepublic, I found this: one guy who claims IT experience noted:
there is a tool “valgrind” among others that is SOP (standard operating procedure) for identifying such coding failures and potential vulnerabilities before a program or update is released...
italics mine. He then goes on to write:
it appears incorporating such into the release pipeline (either) is not part of Crowdstrike’s methodology or someone wanted this to go out...
In a professional model, code that fails to incorporate basic code inspection and validation techniques is clearly flawed
ya think?
Valgrind article from Stanford
Another BusinessInsider article notes that the guy behind crowdstrike was involved in the 2010 McAfee debacle that did something similar.
On April 21, 2010, the antivirus company McAfee released an update to its software used by its corporate customers. The update deleted a key Windows file, causing millions of computers around the world to crash and repeatedly reboot. Much like the CrowdStrike mistake, the McAfee problem required a manual fix.
Kurtz was McAfee's chief technology officer at the time. Months later, Intel acquired McAfee. And several months after that Kurtz left the company. He founded CrowdStrike in 2012 and has been its CEO ever since.,..
In response to a request for comment from Business Insider, CrowdStrike shared its latest blog posts detailing the problem and its recommended fix, but did not elaborate on how the update slipped through the company's safety protocols.
italics mine.
Lots of that going around lately.
technical stuff here:
Crowdstrike Analysis:
— Zach Vorhies / Google Whistleblower (@Perpetualmaniac) July 19, 2024
It was a NULL pointer from the memory unsafe C++ language.
Since I am a professional C++ programmer, let me decode this stack trace dump for you. pic.twitter.com/uUkXB2A8rm
So why is memory address 0x9c trying to be read from? Well because... programmer error.
— Zach Vorhies / Google Whistleblower (@Perpetualmaniac) July 19, 2024
It turns out that C++, the language crowdstrike is using, likes to use address 0x0 as a special value to mean "there's nothing here", don't try to access it or you'll die.
No comments:
Post a Comment