You are viewing a single thread.
View all comments View context
27 points

you cannot pull a Boeing and let people die

You say that, but have you considered the savings?

permalink
report
parent
reply
6 points
*

I have. They are not mine. The dead people could be.

Edit: I understand you were being sarcastic. This is a topic where I chose to ignore that.

permalink
report
parent
reply
8 points

That’s totally fair. :)

I work at a different company in the same security space as cloudstrike, and we spend a lot of time considering stuff like “if this goes sideways, we need to make sure the hospitals can still get patient information”.

I’m a little more generous giving the downstream entities slack for trusting that their expensive upstream security vendor isn’t shipping them something entirely fucking broken.
Like, I can’t even imagine the procedureal fuck up that results in a bsod getting shipped like that. Even if you have auto updates enabled for our stuff, we’re still slow rolling it and making sure we see things being normal before we make it available to more customers. That’s after our testing and internal deployments.

I can’t put too much blame on our customers for trusting us when we spend a huge amount of energy convincing them we can be trusted to literally protect all their infrastructure and data.

permalink
report
parent
reply
3 points

I can put the blame to your customers. If I make a contract with a bank they are responsible for my money. I don’t care about their choice of infrastructure. They are responsible for this. They have to be sued for this. Same for hospitals. Same for everyone else. Why should they be exempt from punishment for not providing the one service they were trusted to provide? Am I expected to feel for them because they made the “sensible choice” of employing the cheapest tools?

This was a business decision to trust someone external. It should not be tolerated that they point their fingers elsewhere.

permalink
report
parent
reply
1 point

I’m actually willing to believe that CrowdStrike was actually compromised by a bad actor that realised how fragile CS was.

permalink
report
parent
reply
3 points

You seem knowledgable. I’m surprised that it’s even possible for a software vendor to inject code into the kernel. Why is that necessary?

permalink
report
parent
reply
21 points

People are temporary. Money is forever.

permalink
report
parent
reply

Programmer Humor

!programmer_humor@programming.dev

Create post

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

  • Keep content in english
  • No advertisements
  • Posts must be related to programming or programmer topics

Community stats

  • 5.2K

    Monthly active users

  • 1K

    Posts

  • 38K

    Comments