I suspect after all the computers affected are finally fixed (each manually), and the Congressional hearings have been held, and assuming their stock value doesn’t completely crater, I think they may reevaluate their update frequency and strategy.

My company uses Crowdstrike, and this happened at 14:30 in Japan, so we had Zoom meetings where the people on PCs just disappeared, leaving only the Macs behind.

It was like a scene from The Leftovers.

If one is interested in cybersecurity, Patrick’s podcast at risky.biz is worth checking out…

Any plausible excuse to get out of a Zoom conference…

Whoaaa… talk about leadership setting the pace.

Failing upwards. A rich white male specialty!

Okay, i missed this entire discussion as i was out all day but you’re telling me this wasn’t one of Microsoft’s borked updates causing the ruckus?

Well, that didn’t take long.

Honestly, “crowdstrike” is only like a 6/10 threat actor name; but I have to award extra credit for what appears to be the largest denial of service attack in history. We’ll call it a 7-/10, passing grade.

This is actually not a bad summary.

And I just saw another breakdown which says that the update .sys which caused all this wasn’t “slightly malformed” or “faulty code”, it’s null. As in, it’s however many kB of nothing but 0x00 over and over and over. Yeah, that’s an oopsie.

… caption refers to

CrowdStrike fixes start at “reboot up to 15 times” and get more complex from there

The gormless question i have (searched vaguely for and haven’t yet found the answer to) is what changes in the system between, oh say, the 12th and 14th attempt, that the 15th is ‘bob’s yer uncle’?? it’s a totally corrupt (nulled out according to @catsidhe) kernel driver file, how does more than 14 @#$ reboots, but not the first, turn the trick? and is 15 somehow an average? some get ‘lucky’ at 11? others with less karma must go 23? (“Well they say ‘up to 15 times’ so that must mean you’re assured you won’t have to go to 16…?” ah.)

Thanks to @sqlrob ! for the only sane answer i’ve seen so far.

One explanation I’ve seen, but not seen whether or not it’s accurate, is that there’s a chance the update will be downloaded before the crash. It’s a race condition, so it’s going to be unspecific.

coconutoctopus

474×632 89.8 KB

474×632 91.1 KB

474×632 110 KB

And the crowd are loving it!