Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #367: Webmasters kidnapped by evil cult.

comp / comp.os.linux.advocacy / Why Linux Was Immune To The CrowdStrike Fiasco

SubjectAuthor
* Why Linux Was Immune To The CrowdStrike FiascoLawrence D'Oliveiro
+- Re: Why Linux Was Immune To The CrowdStrike FiascoJoel
`* Re: Why Linux Was Immune To The CrowdStrike Fiascorbowman
 `- Re: Why Linux Was Immune To The CrowdStrike FiascoLawrence D'Oliveiro

1
Subject: Why Linux Was Immune To The CrowdStrike Fiasco
From: Lawrence D'Oliv
Newsgroups: comp.os.linux.advocacy
Organization: A noiseless patient Spider
Date: Sun, 21 Jul 2024 23:17 UTC
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.os.linux.advocacy
Subject: Why Linux Was Immune To The CrowdStrike Fiasco
Date: Sun, 21 Jul 2024 23:17:11 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 7
Message-ID: <v7k4tn$9scj$3@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 22 Jul 2024 01:17:11 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="b212b481dfd7840f1fe4e09cc20d25c2";
logging-data="323987"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+ByB9J3vX6QylJYc5KFqer"
User-Agent: Pan/0.158 (Avdiivka; )
Cancel-Lock: sha1:QL/mdchqU95DRf7rmJHQapySjfA=
View all headers

A poster in another group gave this link to a comment by long-time Linux
contributor Matthew Garrett: on Windows, CrowdStrike has to load its own
proprietary kernel driver to do its anti-malware checks, but on Linux they
just rely on the standard configurable EBPF facility. This helps to reduce
the chance of things going wrong.

<https://nondeterministic.computer/@mjg59/112816011370924959>

Subject: Re: Why Linux Was Immune To The CrowdStrike Fiasco
From: Joel
Newsgroups: comp.os.linux.advocacy
Organization: A noiseless patient Spider
Date: Sun, 21 Jul 2024 23:34 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: joelcrump@gmail.com (Joel)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Why Linux Was Immune To The CrowdStrike Fiasco
Date: Sun, 21 Jul 2024 19:34:34 -0400
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <ie6r9j1nbr61ec3o9b05j30lfnlvkdpcll@4ax.com>
References: <v7k4tn$9scj$3@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 22 Jul 2024 01:34:34 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="652ab2ea09755d24b4f16c4e0dc3a230";
logging-data="332066"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19k0cEQztJ83E3RdGZG8JAOHZZW0pWy8aY="
User-Agent: ForteAgent/8.00.32.1272
Cancel-Lock: sha1:XeRYQWuCjcfWRKqFgB5+gj+/bWA=
OS: Linux Mint 21.3 Cinnamon, with Wine 9.0 for WinAPI
View all headers

Lawrence D'Oliveiro <ldo@nz.invalid> wrote:

>A poster in another group gave this link to a comment by long-time Linux
>contributor Matthew Garrett: on Windows, CrowdStrike has to load its own
>proprietary kernel driver to do its anti-malware checks, but on Linux they
>just rely on the standard configurable EBPF facility. This helps to reduce
>the chance of things going wrong.
>
><https://nondeterministic.computer/@mjg59/112816011370924959>

Microsoft has been lackadaisical about stuff like this forever, their
own code has been released without enough testing too, CrowdStrike
really doesn't have all the blame. It's something to be expected of
this platform, it's vulnerable to human error in preventable ways,
ultimately: they could have a firmer framework.

--
Joel W. Crump

Amendment XIV
Section 1.

[...] No state shall make or enforce any law which shall
abridge the privileges or immunities of citizens of the
United States; nor shall any state deprive any person of
life, liberty, or property, without due process of law;
nor deny to any person within its jurisdiction the equal
protection of the laws.

Dobbs rewrites this, it is invalid precedent. States are
liable for denying needed abortions, e.g. TX.

Subject: Re: Why Linux Was Immune To The CrowdStrike Fiasco
From: rbowman
Newsgroups: comp.os.linux.advocacy
Date: Mon, 22 Jul 2024 04:18 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: bowman@montana.com (rbowman)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Why Linux Was Immune To The CrowdStrike Fiasco
Date: 22 Jul 2024 04:18:50 GMT
Lines: 18
Message-ID: <lg64taFjqreU1@mid.individual.net>
References: <v7k4tn$9scj$3@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net +vB8OgRjbnao9VsT/Ge4Ag9zMm/yaGUqB2xfzY3URV3viQiiu0
Cancel-Lock: sha1:b6MajgNoRwVICh9DGTddYOgN0fY= sha256:lBjlAx3znk7zSC8MjQVHDQTCYJUgNTz1nqqPDvxjRtg=
User-Agent: Pan/0.149 (Bellevue; 4c157ba)
View all headers

On Sun, 21 Jul 2024 23:17:11 -0000 (UTC), Lawrence D'Oliveiro wrote:

> A poster in another group gave this link to a comment by long-time Linux
> contributor Matthew Garrett: on Windows, CrowdStrike has to load its own
> proprietary kernel driver to do its anti-malware checks, but on Linux
> they just rely on the standard configurable EBPF facility. This helps to
> reduce the chance of things going wrong.

https://support.oracle.com/knowledge/
Oracle%20Linux%20and%20Virtualization/2773236_1.html

The page is light on detail unless you have an Oracle account but it isn't
trouble free on Linux.

https://opensource.microsoft.com/blog/2021/05/10/making-ebpf-work-on-
windows/

Interesting project...

Subject: Re: Why Linux Was Immune To The CrowdStrike Fiasco
From: Lawrence D'Oliv
Newsgroups: comp.os.linux.advocacy
Organization: A noiseless patient Spider
Date: Mon, 22 Jul 2024 06:05 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: ldo@nz.invalid (Lawrence D'Oliveiro)
Newsgroups: comp.os.linux.advocacy
Subject: Re: Why Linux Was Immune To The CrowdStrike Fiasco
Date: Mon, 22 Jul 2024 06:05:34 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 7
Message-ID: <v7ksre$hbdq$3@dont-email.me>
References: <v7k4tn$9scj$3@dont-email.me> <lg64taFjqreU1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 22 Jul 2024 08:05:34 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="89af1fc151722dd219ab9464b4cc6030";
logging-data="568762"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19s2jpMowDZOTrL379JpnKt"
User-Agent: Pan/0.158 (Avdiivka; )
Cancel-Lock: sha1:/IENnQfqgw/ivXAvMRkezrz60f4=
View all headers

On 22 Jul 2024 04:18:50 GMT, rbowman wrote:

> https://opensource.microsoft.com/blog/2021/05/10/making-ebpf-work-on-windows/
>
> Interesting project...

Been going on for far too long.

1

rocksolid light 0.9.8
clearnet tor