Comment on CrowdStrike downtime apparently caused by update that replaced a file with 42kb of zeroes
CeeBee_Eh@lemmy.world 3 months agoYou know there’s a whole other scenario where the system can simply boot the last known good config.
Comment on CrowdStrike downtime apparently caused by update that replaced a file with 42kb of zeroes
CeeBee_Eh@lemmy.world 3 months agoYou know there’s a whole other scenario where the system can simply boot the last known good config.
ChairmanMeow@programming.dev 3 months ago
And what guarantees that that “last known good config” is available, not compromised and there’s no malicious actor trying to force the system to use a config that has a vulnerability?
CeeBee_Eh@lemmy.world 3 months ago
The following:
There’s a load of other checks that could be employed. This is literally no different than securing the OS itself.
This is essentially a solved problem, but even then it’s impossible to make any system 100% secure. As the person you replied to said: “this is poor code”
ChairmanMeow@programming.dev 3 months ago
The 3rd party service is AV. You do not want to boot a potentially compromised or insecure system that is unable to start its AV properly, and have it potentially access other critical systems. That’s a recipe for a perhaps more local but also more painful disaster. It makes sense that a critical enterprise system does not boot if something is off. No AV means the system is a security risk and should not boot and connect to other critical/sensitive systems, period.
These sorts of errors should be alleviated through backup systems and prevented by not auto-updating these sorts of systems.
Sure, for a personal PC I would not necessarily want a BSOD, I’d prefer if it just booted and alerted the user. But for enterprise servers? Best not.
CeeBee_Eh@lemmy.world 3 months ago
You have that backwards. I work as a dev and system admin for a medium sized company. You absolutely do not want any server to ever not boot. You absolutely want to know immediately that there’s an issue that needs to be addressed ASAP, but a loss of service generally means loss of revenue and, even worse, a loss of reputation. If you server is briefly at a lower protection level that’s not an issue unless you’re actively being targeted and attacked. But if that’s the case then getting notified of an issue can get some people to deal with it immediately.