this post was submitted on 22 Jul 2024
258 points (95.1% liked)

Programming

16999 readers
312 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 1 year ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
258
Let's blame the dev who pressed "Deploy" - by Dmitry Kudryavtsev (yieldcode.blog)
submitted 1 month ago* (last edited 1 month ago) by mac@programming.dev to c/programming@programming.dev
76 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Kissaki@programming.dev 24 points 1 month ago* (last edited 1 month ago) (2 children)

It's a systematic multi-layered problem.

The simplest, least effort thing that could have prevented the scale of issues is not automatically installing updates, but waiting four days and triggering it afterwards if no issues.

Automatically forwarding updates is also forwarding risk. The higher the impact area, the more worth it safe-guards are.

Testing/Staging or partial successive rollouts could have also mitigated a large number of issues, but requires more investment.

[–] wizardbeard@lemmy.dbzer0.com 11 points 1 month ago (2 children)

The update that crashed things was an anti-malware definitions update, Crowdstrike offers no way to delay or stage them (they are downloaded automatically as soon as they are available), and there's good reason for not wanting to delay definition updates as it leaves you vulnerable to known malware longer.

[–] merc@sh.itjust.works 6 points 1 month ago

And there's a better reason for wanting to delay definition updates: this outage.

[–] Kissaki@programming.dev 1 points 1 month ago

How does a definitions update crash windows with a BSOD?

[–] Gestrid@lemmy.ca 5 points 1 month ago (1 children)

Four days for an update to malware definitions is how computers get infected with malware. But you're right that they should at least do some sort of simple test. "Does the machine boot, and are its files not getting overzealously deleted?"

[–] Kissaki@programming.dev 1 points 1 month ago (1 children)

One of the fixes was deleting a sysm32 driver file. Is a Windows driver how they update definitions?

[–] Gestrid@lemmy.ca 2 points 1 month ago* (last edited 1 month ago)

The driver was one installed on the computer by the security company. The driver would look for and block threats incoming via the internet or intranet.

The definitions update included a driver update, and most of the computers the software was used on were configured to automatically restarted to install the update. Unfortunately, the faulty driver update caused computers to BSOD and enter a boot loop.

Because of the boot loop, the driver could only be removed manually by entering Safe Mode. (That's the thing you saw about deleting that file.) Then the updated driver, the one they released when they discovered the bug, would ideally be able to be installed normally after exiting Safe Mode.