limpid Posted July 22 Administrator Share Posted July 22 1 hour ago, Davkaus said: FWIW, there isn't *really* a requirement to use third parties, Windows Defender tends to perform fairly well, but isn't considered "best of breed" like Cloudstrike is (or used to be). Microsoft would (and have) point out that the reason that this issue surfaced and was as catastrophic a failure is because their agreement with the EU during an anti-trust dispute compelled them to open up the kernel to allow third party security services the same access as Microsoft has. Windows Defender might be nearly adequate for home users. It's not remotely fit for corporate use. You also need to perform device management, patch management, remote management, credential management, configuration management, remote access, device isolation, behaviour detection, application monitoring. All these should be baked in or at least as presented as API hooks. If the hooks are present they can be coded defensively to prevent incidents like what occurred. The kernel level access is a red herring. The whole of the Linux (and therefore Android, ChromeOS) kernels are open source. The device management on ChromeOS is excellent, but is almost irrelevant in a world where you only need to secure browser sessions. Access context and Identity are the keys. At work we have now removed all user devices from the corporate network. I'm currently counting down the days until the legacy VPN is gone (I suspect these events will help accelerate that move). Next major step will be the removal of passwords as credentials, but that'll take a few years to age out some of the suppliers. 1 Link to comment Share on other sites More sharing options...
limpid Posted July 22 Administrator Share Posted July 22 1 hour ago, Davkaus said: Perhaps part of the post-mortem of this should be why Windows doesn't have the kind of A/B upgrade/rollback mechanism for its Kernel that some alternatives such as Solaris have had for 15-20 years, I understand that Bitlocker also played its part in making the recovery far more difficult, so perhaps they deserve a bit of the blame, but certainly not the majority, IMO Absolutely. Although I'd argue almost all users do not need anything as complicated as a Windows install to run a browser. Link to comment Share on other sites More sharing options...
bielesibub Posted July 22 Share Posted July 22 2 hours ago, Davkaus said: exposes a complete lack of quality assurance that is all too typical of some organisations' "move fast and break things" mindset "Fix forward" - yeeeeeeeee-haaaaaaaawwwwwwwww The amount of times I was directly involved in deployments to live systems was criminal. I was the architect for the most part, not the integrator. Link to comment Share on other sites More sharing options...
Davkaus Posted July 22 Share Posted July 22 7 minutes ago, limpid said: The kernel level access is a red herring. The whole of the Linux (and therefore Android, ChromeOS) kernels are open source. The device management on ChromeOS is excellent, but is almost irrelevant in a world where you only need to secure browser sessions. Access context and Identity are the keys. Not sure it being open source makes much of a difference as Cloudstrike managed to introduce two widespread kernel panics in as many months Given they'd been able to create a fairly similar outcome on Linux just to a far smaller number of users, is there any compelling reason to believe that if linux endpoints had the same market share as Windows has, that Cloudstrike wouldn't have shit the bed just as spectacularly? Quote It's not remotely fit for corporate use. You also need to perform device management, patch management, remote management, credential management, configuration management, remote access, device isolation, behaviour detection, application monitoring Fair point, I was only considering the more basic endpoint security. Which distros bake all of this in without third party tools? 1 Link to comment Share on other sites More sharing options...
chrisp65 Posted July 22 Share Posted July 22 Sometimes the backspace key on this aftermarket keyboard just won’t work and it takes me ages to respond on VT because I can see an error but it won’t let me go back and fix it. Extrapolating that across the planet, I can see how much of a nuisance this cloud patch thing could be for people. 1 Link to comment Share on other sites More sharing options...
Seat68 Posted July 22 Share Posted July 22 I spent Friday working for a charity (do a lot of great work for charity, dont like to talk about it) The system I would normally be working on was down, a whole day bloody wasted in some bloody charity when I could have been chilling in the garden Link to comment Share on other sites More sharing options...
limpid Posted July 22 Administrator Share Posted July 22 30 minutes ago, Davkaus said: Not sure it being open source makes much of a difference as Cloudstrike managed to introduce two widespread kernel panics in as many months Given they'd been able to create a fairly similar outcome on Linux just to a far smaller number of users, is there any compelling reason to believe that if linux endpoints had the same market share as Windows has, that Cloudstrike wouldn't have shit the bed just as spectacularly? That's why I said it was a red herring 31 minutes ago, Davkaus said: Fair point, I was only considering the more basic endpoint security. Which distros bake all of this in without third party tools? ChromeOS. Link to comment Share on other sites More sharing options...
sidcow Posted July 22 VT Supporter Share Posted July 22 I wonder how many times before this COULD have happened but the unchecked untested software didn't contain any rogue coding. Would be interesting to know how often they've got away with before making this an almost inevitability. Link to comment Share on other sites More sharing options...
lapal_fan Posted July 22 Share Posted July 22 I hate it when I accidentally go on tech nerds websites. OH THAT'S RIGHT, I DIDN'T. THIS IS VILLA TALK YOU GEEKY BASTARDS. And you had the audacity to remove our lovely ladies thread. FOR SHAME. We deserve everything. 3 Link to comment Share on other sites More sharing options...
limpid Posted July 22 Administrator Share Posted July 22 1 minute ago, lapal_fan said: I hate it when I accidentally go on tech nerds websites. OH THAT'S RIGHT, I DIDN'T. THIS IS VILLA TALK YOU GEEKY BASTARDS. And you had the audacity to remove our lovely ladies thread. FOR SHAME. We deserve everything. You deserve a gold lion under your name. You should sort that out. 1 Link to comment Share on other sites More sharing options...
lapal_fan Posted July 22 Share Posted July 22 (edited) 7 minutes ago, limpid said: You deserve a gold lion under your name. You should sort that out. Do you accept sexual favours as bribes? @Paddywhack gives a wicked ZJ. Someone (WHO IS NOT ME!) told me. Edited July 22 by lapal_fan Link to comment Share on other sites More sharing options...
limpid Posted July 22 Administrator Share Posted July 22 11 minutes ago, lapal_fan said: Do you accept sexual favours as bribes? @Paddywhack gives a wicked ZJ. Someone (WHO IS NOT ME!) told me. If you can cram one into the payment page, I'm sure that'll be fine. Link to comment Share on other sites More sharing options...
rodders0223 Posted July 22 Share Posted July 22 Bought a chicken tikka pasta from the local corner shop fridge. I had one bite and can still taste that shit hours later. Link to comment Share on other sites More sharing options...
BOF Posted July 22 Moderator Share Posted July 22 1 minute ago, rodders0223 said: Bought a chicken tikka pasta from the local corner shop fridge. I had one bite and can still taste that shit hours later. That reminds me of what must be the most indecisive meal I've ever seen on a menu. A surf & turf pizza. For the person who simply can't make any decision. Link to comment Share on other sites More sharing options...
Genie Posted July 22 Share Posted July 22 11 hours ago, Genie said: 45 minutes till the taxi picks us up to go to the airport I see an email from Tui cancelling our flight FFS. Delayed until at least tomorrow but told to wait for further info. Relates to the crowdstrike failure. Booked to go tomorrow morning, it’s now just a 6 night holiday. We could have cancelled or rebooked with an extra 10% credit on top of what we paid but happy to go with 6 nights (and a refund of 1/7 of the price) as it’s just too much hassle to rebook both our work holidays, get the dog rebooked into kennels etc. I doubt we’ll get the compensation for flight delays as they’ll argue it’s out of their hands but I might try my luck when we get back. If so I think it would be £520 each (x4). 1 Link to comment Share on other sites More sharing options...
colhint Posted July 23 Share Posted July 23 Bleeding Twitter or X. It asked to confirm my birthdate. It won't let me key it in it'll only let me flip back month by month. I'm over 65, itll take sodding ages. I only use it when someone posts something with a tweet on it. Link to comment Share on other sites More sharing options...
one_ian_taylor Posted July 23 VT Supporter Share Posted July 23 17 hours ago, rodders0223 said: Bought a chicken tikka pasta from the local corner shop fridge. I had one bite and can still taste that shit hours later. Yes, but how did the pasta taste? Link to comment Share on other sites More sharing options...
limpid Posted July 23 Administrator Share Posted July 23 1 hour ago, colhint said: Bleeding Twitter or X. It asked to confirm my birthdate. It won't let me key it in it'll only let me flip back month by month. I'm over 65, itll take sodding ages. I only use it when someone posts something with a tweet on it. Why would you use your real DoB? Twitter has leaked personal data even when it was owned by competent people. 2 Link to comment Share on other sites More sharing options...
colhint Posted July 23 Share Posted July 23 Good point never thought of that. Link to comment Share on other sites More sharing options...
ender4 Posted July 23 Share Posted July 23 2 hours ago, colhint said: Bleeding Twitter or X. It asked to confirm my birthdate. It won't let me key it in it'll only let me flip back month by month. I'm over 65, itll take sodding ages. I only use it when someone posts something with a tweet on it. Even worse, i didn't want to give my real birthday so just quickly picked at random. I seem to have selected a date which meant i'm under-age for their T&C's so they blocked my account. I've then tried to change the DOB to something older and they want me to send them a copy of my passport or driving licence. Seeing i only used it to click on links embedded in VT, i think they've just lost a viewer/clicker for life. Link to comment Share on other sites More sharing options...
Recommended Posts