Sorry, what exactly is the implication here? They shipped a bug one time, so nothing they can say can ever be trusted? Can I apply that logic to you, or have you only ever shipped perfect code forever?
I don't even like this company, but the utterly brainless attempts at "sick dunks" via unstated implication are just awful epistemology and beneath intelligent people. Make a substantive point or don't say anything.
Plenty of companies have gone bankrupt or lost a great deal of credibility due to a single bug or single failure. I don't see why CrowdStrike would be any different in this regard.
The number of bugs/failures is not a meaningful metric, it's the significance of that failure that matters, and in the case of CrowdStrike that single failure was such a catastrophe that any claims they make should be scrutinized.
The fact that we can not scrutinize their claim in this instance since the details are not public makes this allegation very weak and worth being very skeptical over.
It is possible for a company to both suffer an operational incident and be outstanding at discovering security vulnerabilities at the same time.
It is possible. It's just not likely either.
Based on what?
Sure, but this isn't one of them.
Are you saying CrowdStrike is inept at vulnerability research? If so, what evidence do you have?
They didn’t just “ship a bug”, they broke millions of computers worldwide because their scareware injects itself into the Windows kernel.
They probably killed people.
I missed a medical appointment due to the outage. Mine wasn't life threatening. For some, it was.
The crowdstrike event might be so infamous event that it might be taught for atleast some decades for sure maybe even in permanence.
That's a heck of a optimistic outlook for the future. Experience has taught me to be much more pessimistic about the future, especially when it comes to avoiding the repeating of the past
I mean, we still cover the THERAC-25 incident in university CS courses
Unfortunately until Windows changes, the best way for them to serve customers is to continue to inject kernel code. (This is no longer needed or even permitted with macOS.) They did screw up operationally, but one problem made the other much more likely and dangerous.
Why limit yourself to Windows? My enterprise-issued mac is very noticeably slower and suffers from weird crashes and reboot-fixes-things issues that my own personal mac has never had.
Because Windows was the sole OS impacted by last year's incident.
they also screwed up Linux before they did that on windows.. The problem here is they are a spyware that pushes whatever code they want to your (precisely your company) devices without test etc. It's just a matter of time for it to blow up.
The Linux kernel panic issue was different in many ways (in this case, the bug was in the Linux kernel used by a particular RHEL release), but your point that it needed further testing before pushing it out to production is still valid.
https://christiantaillon.medium.com/no-need-to-panic-the-lin...
> They did screw up
The word you're looking for is negligence. The lives of human beings were at stake and they YOLO'd it all by not performing a phased rollout.
Yes, sometimes companies have only one chance to fail. Especially in cyber security when they fail at global scale and politics is involved.
They’re still a going concern with plenty of customers; in business terms they’re still wildly successful. They seem to have not lost much trust among buyers in the long term.
That's fine. I'm not on a personal crusade punching them. At company I work for we have had different solutions when the incident happened and it seems that was smart move.
Also they got hit with the most recent supply chain attacks on NPM. They aren’t exactly winning the security game.
If you're interested, I was on a business trip and couldn't get on the plane when the bug happened and all flights were cancelled. Almost had to sleep on the street, since most hotels had electronic booking which also went down. Finally managed to get a shack on the edge of town ran by an old couple who probably never used computers much before.
Similar happened to me. It's ridiculous to make the claim that a business should be able to make avoidable errors that ruin lives and disrupt societies, and we should pretend that they are worthy of reconsideration without having learned or proven that they've learnt from such a credibility ending cowboy move.
CrowdStrike is also the company behind Russiagate.
In some circles, it’s considered that they were not completely honest actors, to say the least. My understanding is that the FBI didn’t directly seize the DNC’s physical servers; instead, they relied on CrowdStrike’s forensic images and reports. This is unusual and they could have withhold evidence that didn’t fit “the narrative”, being that Donald Trump is a Russian asset.
To ELI5 what could be implied here, they will say whatever the intelligence agencies and the deep state want them to say, creating negative coverage about Chinese technology is kind of their MO. Allegedly.
But as I’m reading the other comments, they have quite a lot of notorious f ups, so I could be wrong.
These are serious allegations. Can you show evidence of any malfeasance?
These are not my allegations, I’m responding to a question “Sorry, what exactly is the implication here?”. Check the thread.
Thanks. I missed some context earlier.
I would still love to see some sort of source for the allegations. It sort of smells like the evidence didn't come out the way some people hoped so they blamed the investigators. Thats fair, if there's evidence to support the stance.
It is unproven that Trump is literally a Russian spy although that was not at the time even asserted. The entire issue was that Trump's campaign met with literal Russian spies at a time when Trump was in fact in the building although not verifiably at said meeting. The Russians received data useful insofar as targeting the American people with disinfo.
Subsequently Trump called for the Russians to attack the Democrats. They did. They also appear to have targeted the American people with disinfo which could have been aided by the data supplied to them. Ultimately Trump's position towards Russia has evolved into an uncharacteristically and uniquely favorable position for an American president.
If he isn't an actual asset he certainly at least collaborated and communicated with them as a fellow traveler with similar aims at odds with the actual geopolitical aims of America as a nation.
It's probably referring to CrowdStrike's role in the "Russia Gate".
If you look back at the discussions of the bug, there were voices saying how stupidly dysfunctional that company is...
Maybe there's been reform, but since we live in the era of enshittification, assuming they're still a fucking mess is probably safe...