And keep in mind, the falcon sensor exists for Linux. All those big companies largely use it.
Essentially we just got lucky that their buggy patch only affected the windows version of the sensor in a showstopping way. Could have been all major OS.
I don’t think the Linux culture is very similar to the windows culture. At least for me personally, I wouldn’t use crowdstrike and let them install whatever they want into my environment.
Maybe it’s just me.
It’s not your machine, your choice of distro, or your choice of specific packages to use or not use. It’s a work tool you get handed as part of a job. So whether CrowdStrike runs on it or not is not your decision and you aren’t allowed (and usually not capable) to change that.
That’s an entirely different situation from one where you get a PC to do with as you please and set up yourself, or a private machine.
Plus we’re mostly talking endpoint devices for non-technical users with many of these difficult-to-fix devices as techs have to drive out to them. The users expect a tool, and they get a tool. A Linux would be customized and utterly locked down, and part of that would be the endpoint protection software.
We tried to fight against having to install Crowstrike on our Linux servers but got overruled by upper management without discussion. I assume we are not the only ones with that experience in the world due to the need to check a checkbox for some flimsy audit.
You’re actually confirming their point about culture though. The fact that you couldn’t stop them doesn’t mean that it also happened to everybody else: some management may have listened. Linux users abhor adding weird shit to their OS, Windows users do it all the time.
Essentially no one has crowdstrike on their personal machines. Not Windows users, Mac users, or Linux users. So it’s corporate/large organization culture that matters. And they absolutely use it.
Are you an admin in a corporate data center? If not, you’re not in the target audience for that product.
Then the internet would blame it all on Linux.
However, the recovery process would be much faster. The Linux kernel would try to load the kernel module and if it fails it would skip it.
Don’t forget that ftp.cdrom.com , the biggest server on the Internet at it’s peak, was running on FreeBSD.
I have no idea what the hell that is…
But Netflix runs on some BSD too
It’s where you would download your anime and Quake 2 installer twenty years ago.
Probably not. Most Linux admins know their systems and are able to navigate out of the situation with ease. But also most people don’t use any corporate off-the-shelf software, because there are better options that are freely available.
Furthermore a Linux installation is dedicated and slim for one single purpose. The flexibility creates diversity.
This combination of arrogance and complacency sort of thinking is how it does happen on Linux one day.
Are you implying that Windows server admins don’t know their shit?
No. They don’t. They always need Microsoft support to solve situations and upgrades. You can also ask simple questions that they cannot answer. Try Active Directory: how to run AD in a secure fashion? Or: What services do rely on DCs in our company?
My guy, I work cloud support for both Linux and Windows VMs.
I get dumbass cases from both all the time.
As a Windows engineer, the number of times I’ve seen other “engineers” open a case with Microsoft is insane. It seems to be a lot of their first reactions. No logs, no trying anything, just “this broke, why no work”. I think it’s that the Linux guys are mostly self taught, and the windows guys aren’t.
I think it’s more of “we pay Microsoft (or any company) for this. Make them handle it.”
It’s that kind of thinking that makes shit like the crowd strike problem possible.
Windows server admins: “We pay Microsoft for the service, damn right we’ll use it!”
Linux server admins: “We don’t pay anyone for the service, hopefully someone else had the same issue and posted about it somewhere…”
Interestingly, the latter ends up with better stability and security!
The end is nigh, I tell you!
2038 is the next big thing to hit older *nix based OS. It will be Y2K all over again.
Maybe on my 32-bit ARM server with ancient kernel it will. Any 64-bit machine is immune.
…unless it’s running software that uses signed 32-bit timestamps, or stores data using that format.
The point about the “millennium bug” was that it was a category of problems that required (hundreds of) thousands of fixes. It didn’t matter if your OS was immune, because the OS isn’t where the value is.
…timestamp is signed? Why?
Edit: Oh damn, I never noticed that the timestamp is indeed signed. For anyone curious, it is mostly historical as early C didn’t really have a concept of unsigned
