![]() |
News from da outaworlds |
mail files register groups login |
Message-ID: |
Pages:123456789 |
Global computer outage linked to security firm CrowdStrike
grounds flights, hits banks, media
A software update from global cybersecurity firm CrowdStrike
appeared to be the trigger for Friday's massive computer
systems outage, with computers running Microsoft Windows
most affected, grounding flights in the United States,
derailing television broadcasts in the UK and impacting
telecommunications in Australia.
.. . .
Ah ... wunnerful Winders :-)
It should be banned as a socioeconomic WMD ...
This was supposed to be an "update" from a
FRIENDLY entity. What about all the UN-friendly
actors in the world these days ?
"26yh.0712" <26yh.0713@e6t5y.net> writes:
> Ah ... wunnerful Winders :-)
>
> It should be banned as a socioeconomic WMD ...
Imagine systemd swallowing package management, doing automagic
security updates and such a "MSLinux" monoculture.
Wouldn't that be similarly vulnerable?
IMO "MSLinux" everywhere would have the same problem.
I think redundancy, diversity and reducing complexity is the right
answer.
--
I do not bite, I just want to play.
On 7/19/24 10:47 AM, 26yh.0712 wrote:
> https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors
>
> Global computer outage linked to security firm CrowdStrike
> grounds flights, hits banks, media
>
> . . .
>
> Ah ... wunnerful Winders :-)
>
> It should be banned as a socioeconomic WMD ...
>
> This was supposed to be an "update" from a
> FRIENDLY entity. What about all the UN-friendly
> actors in the world these days ?
>
Yeah I know several people who were told to just not come into work this
morning. Can't imagine the chaos an actual happening would bring.
In comp.os.linux.misc 26yh.0712 <26yh.0713@e6t5y.net> wrote:
> https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors
>
> Global computer outage linked to security firm CrowdStrike
> grounds flights, hits banks, media
<snip>
You heard it here first :)
I guess here in the US, there will be Congressional
Inquiries into this and how to stop it from happening
again.
For people not in the US, "Congressional Inquiries"
in most cases is a fund raiser, or as non-US people
refer to them "Bribe Requests" :(
Nothing ever comes from these Inquiries.
--
csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars
On 7/19/24 12:03 PM, yeti wrote:
> "26yh.0712" <26yh.0713@e6t5y.net> writes:
>
>> Ah ... wunnerful Winders :-)
>>
>> It should be banned as a socioeconomic WMD ...
>
> Imagine systemd swallowing package management, doing automagic
> security updates and such a "MSLinux" monoculture.
>
> Wouldn't that be similarly vulnerable?
>
> IMO "MSLinux" everywhere would have the same problem.
>
> I think redundancy, diversity and reducing complexity is the right
> answer.
But it's an answer apparently very difficult
to arrive at. Corps/managers don't WANT to
pay for "diversity" or "redundancy" and,
as with almost any kind of system "complexity"
(and thus 'opacity') always increases.
Big-Money Biz should stick to some kind of Unix
or Linux (pref WITHOUT systemd). Winders looks
pretty and seems friendly - but then so does
a tiger until ......
On 2024-07-19, 26yh.0712 <26yh.0713@e6t5y.net> wrote:
> On 7/19/24 12:03 PM, yeti wrote:
>
>> I think redundancy, diversity and reducing complexity is the right
>> answer.
>
> But it's an answer apparently very difficult
> to arrive at. Corps/managers don't WANT to
> pay for "diversity" or "redundancy" and,
> as with almost any kind of system "complexity"
> (and thus 'opacity') always increases.
This is often by design. Complexity is a weapon -
it ties your victims - and competitors - in knots,
and makes it easy to hide all sorts of nasty stuff.
This has been known by politicians and bureaucrats
for centuries.
> Big-Money Biz should stick to some kind of Unix
> or Linux (pref WITHOUT systemd). Winders looks
> pretty and seems friendly - but then so does
> a tiger until ......
Hmmm, reminds me of the ending of the movie "Don't Look Up"...
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
On Fri, 19 Jul 2024 16:45:34 +0042, yeti wrote:
> Imagine systemd swallowing package management, doing automagic security
> updates and such a "MSLinux" monoculture.
>
> Wouldn't that be similarly vulnerable?
Obviously not.
On 7/19/24 7:18 PM, Charlie Gibbs wrote:
> On 2024-07-19, 26yh.0712 <26yh.0713@e6t5y.net> wrote:
>
>> On 7/19/24 12:03 PM, yeti wrote:
>>
>>> I think redundancy, diversity and reducing complexity is the right
>>> answer.
>>
>> But it's an answer apparently very difficult
>> to arrive at. Corps/managers don't WANT to
>> pay for "diversity" or "redundancy" and,
>> as with almost any kind of system "complexity"
>> (and thus 'opacity') always increases.
>
> This is often by design. Complexity is a weapon -
> it ties your victims - and competitors - in knots,
> and makes it easy to hide all sorts of nasty stuff.
> This has been known by politicians and bureaucrats
> for centuries.
'Complexity' CAN be a sort of weapon ... but in the
whole computer universe - and I got in pre-PCs -
we're mostly looking at 'feature creep' ... with
every developer thinking they're doing good. I've
writ enough complicated software - and then you
get back to it and it's "Oh ... wouldn't it be
great if it could do *this* and *that* and look
nicer ?". Pretty soon you have spaghetti code even
you yourself can't follow nor find all the possible
flaws within.
Winders is a good example. It is said that the last
old guy who could hold the whole system in his head,
anticipate actions/reactions, retired right after
Win2K. Since then ......
Linux/Unix is, or can be, "better" ... but even
most Linux distros now are quite large and complex
and way too heavy on GUI bells and whistles. Now
idiots have messed up even Debian, probably hired
some rejects from Canonical, much more complication
and absolutely pointless deviations from the old
norms. We need a genuine FORK, built starting from
maybe BullsEye, maybe even Buster, but now there
are just SO many distros .........
>> Big-Money Biz should stick to some kind of Unix
>> or Linux (pref WITHOUT systemd). Winders looks
>> pretty and seems friendly - but then so does
>> a tiger until ......
>
> Hmmm, reminds me of the ending of the movie "Don't Look Up"...
NOT sure I've ever seen that one ....
On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:
> Linux/Unix is, or can be, "better" ... but even most Linux distros
> now are quite large and complex and way too heavy on GUI bells and
> whistles.
Old engineering adage: in any system, the complexity arises not so much
from the number of components, as from the number of potential
interactions between them.
This is why Linux is more robust than Windows.
Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
a choice Windows gives you.
On 7/19/24 10:12 PM, Lawrence D'Oliveiro wrote:
> On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:
>
>> Linux/Unix is, or can be, "better" ... but even most Linux distros
>> now are quite large and complex and way too heavy on GUI bells and
>> whistles.
>
> Old engineering adage: in any system, the complexity arises not so much
> from the number of components, as from the number of potential
> interactions between them.
Quite correct - and everything in Winders these days
is tied to pretty much everything else. No WAY to
pin down all the possible interactions.
> This is why Linux is more robust than Windows.
For NOW ... but Linux does seem to be drifting in
the Winders direction and for many of the same
reasons. Seems like every little install or update
the list of dependencies, and dependencies of the
dependencies and so forth, gets longer and longer.
I can no longer trace a fault or weirdness through
all that mess.
I've been using Manjaro on a couple of boxes of
late since I went off Deb. Try to install or
update most ANYTHING and it totally re-loads
about 1.5gb worth of system. That's their
sledgehammer "fix" for the dependencies issue ...
> Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
> a choice Windows gives you.
Well ... there IS a 'terminal', of sorts :-)
On 7/19/24 12:09 PM, Anna wrote:
> On 7/19/24 10:47 AM, 26yh.0712 wrote:
>> https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors
>>
>>
>> Global computer outage linked to security firm CrowdStrike
>> grounds flights, hits banks, media
>>
>> . . .
>>
>> Ah ... wunnerful Winders :-)
>>
>> It should be banned as a socioeconomic WMD ...
>>
>> This was supposed to be an "update" from a
>> FRIENDLY entity. What about all the UN-friendly
>> actors in the world these days ?
>>
>
> Yeah I know several people who were told to just not come into work this
> morning. Can't imagine the chaos an actual happening would bring.
Hell, Homeland actually woke-up Biden at 4am to
inform him that a global cyber-attack might be
underway .......
Not sure Joe understands "cyber-attack" very well,
but it WAS their duty to inform him :-)
On 7/19/24 12:24 PM, John McCue wrote:
> In comp.os.linux.misc 26yh.0712 <26yh.0713@e6t5y.net> wrote:
>> https://www.france24.com/en/technology/20240719-global-cyber-outage-linked-to-microsoft-slams-travel-media-financial-telecom-sectors
>>
>> Global computer outage linked to security firm CrowdStrike
>> grounds flights, hits banks, media
> <snip>
>
> You heard it here first :)
>
> I guess here in the US, there will be Congressional
> Inquiries into this and how to stop it from happening
> again.
Oh yea ... "Congressional inquiries" always fix stuff ! :-)
> For people not in the US, "Congressional Inquiries"
> in most cases is a fund raiser, or as non-US people
> refer to them "Bribe Requests" :(
>
> Nothing ever comes from these Inquiries.
CrowdStrike and some others will now be obligated
to increase their "donations" to the Pols.
Bill Gates learned early on to keep his pols WELL
greased.
On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:
> 'Complexity' CAN be a sort of weapon ... but in the
> whole computer universe - and I got in pre-PCs - we're mostly looking
> at 'feature creep' ... with every developer thinking they're doing
> good. I've writ enough complicated software - and then you get back
> to it and it's "Oh ... wouldn't it be great if it could do *this* and
> *that* and look nicer ?". Pretty soon you have spaghetti code even
> you yourself can't follow nor find all the possible flaws within.
Feature creep cna happen up front. We've has a couple of programmers that
wrote very flexible, complicated code to cover every future possibility
they could think of. 20 years later the future stuff never happened and
you're left with a maintenance nightmare.
On Fri, 19 Jul 2024 22:57:49 -0400, 26yh.0712 wrote:
> I've been using Manjaro on a couple of boxes of late since I went off
> Deb. Try to install or update most ANYTHING and it totally re-loads
> about 1.5gb worth of system. That's their sledgehammer "fix" for the
> dependencies issue ...
I knew what I was getting into but today's upgrades want to upgrade 246
packages and replace the kernel for a little under 1 GB of downloads. It's
the KDE spin so a lot of it seems to be getting plasma, Qt, and kwhatever
to play nice. Almost every day is a new batch of upgrades.
On Fri, 19 Jul 2024 22:57:49 -0400, 26yh.0712 wrote:
> On 7/19/24 10:12 PM, Lawrence D'Oliveiro wrote:
>
>> This is why Linux is more robust than Windows.
>
> For NOW ... but Linux does seem to be drifting in the Winders
> direction ...
No, it’s not.
> I've been using Manjaro on a couple of boxes of late since I went off
> Deb. Try to install or update most ANYTHING and it totally re-loads
> about 1.5gb worth of system. That's their sledgehammer "fix" for the
> dependencies issue ...
That’s just one distro.
On 7/20/24 12:35 AM, rbowman wrote:
> On Fri, 19 Jul 2024 22:57:49 -0400, 26yh.0712 wrote:
>
>> I've been using Manjaro on a couple of boxes of late since I went off
>> Deb. Try to install or update most ANYTHING and it totally re-loads
>> about 1.5gb worth of system. That's their sledgehammer "fix" for the
>> dependencies issue ...
>
>
> I knew what I was getting into but today's upgrades want to upgrade 246
> packages and replace the kernel for a little under 1 GB of downloads. It's
> the KDE spin so a lot of it seems to be getting plasma, Qt, and kwhatever
> to play nice. Almost every day is a new batch of upgrades.
Hell, I used the XFCE spin ... a lot smaller ... but STILL !
As I've said before - SOMETHING needs to be done about
the Dependencies Issue in Linux. Every lib needs to be
guarenteed to be 100% backwards compatible over LONG
time spans - and apps need to be happy with ANY libs of
the right names ... screw version/sub/sub-sub numbers ...
that still contain the code/function-names they need. It'd
require a slightly different style of programming and
packaging info.
Without that, I don't see how Linux can go much
further forward. Compared to a decade ago it's
a MESS - and there's nothing new on the horizon
that might replace it. Do we, the world, WANT
to be stuck with naught but M$ and the wormy
apple ??? If so, the cyber-villains have
already won and we'll be back to exchanging
pigs for chickens again.
As for Biz ... I'd still say to go with some kind
of Unix at this time. Some of the apps might have
that 80s terminal/curses look but they'd be SOLID.
On Sat, 20 Jul 2024 02:00:19 -0400, 26yh.0712 wrote:
> As I've said before - SOMETHING needs to be done about the
> Dependencies Issue in Linux.
Create a new, smaller distro! That contains only the functionality you
care about!
The code doesn’t write itself, you know.
On 20/07/2024 05:30, rbowman wrote:
> On Fri, 19 Jul 2024 21:53:05 -0400, 26yh.0712 wrote:
>
>> 'Complexity' CAN be a sort of weapon ... but in the
>> whole computer universe - and I got in pre-PCs - we're mostly looking
>> at 'feature creep' ... with every developer thinking they're doing
>> good. I've writ enough complicated software - and then you get back
>> to it and it's "Oh ... wouldn't it be great if it could do *this* and
>> *that* and look nicer ?". Pretty soon you have spaghetti code even
>> you yourself can't follow nor find all the possible flaws within.
>
> Feature creep cna happen up front. We've has a couple of programmers that
> wrote very flexible, complicated code to cover every future possibility
> they could think of. 20 years later the future stuff never happened and
> you're left with a maintenance nightmare.
I remember US robotics sold future proof modems that could be upgraded.
No one ever did.
They threw them and bought the newer modems instead
--
"When one man dies it's a tragedy. When thousands die it's statistics."
Josef Stalin
(Newsgroups limited to comp.os.linux.misc. talk.politics.misc, really!?)
On 2024-07-20, Lawrence D'Oliveiro wrote:
> On Fri, 19 Jul 2024 16:45:34 +0042, yeti wrote:
>
>> Imagine systemd swallowing package management, doing automagic security
>> updates and such a "MSLinux" monoculture.
>>
>> Wouldn't that be similarly vulnerable?
>
> Obviously not.
As far as both are Turing-complete, there's probably not much difference
in capabilities for this discussion. Windows does not hold a monopoly in
the capability to run code with errors.
(In fact, given that Broadcom has their own wireless linux drivers,
possibly with the same quality level as their firmware...)
I'd say what happened here was probably a bad decision or mistake in how
data gets processed in a driver. Linux and FLOSS in general would be
similarly vulnerable if some mechanism like that is in use. A
significant difference would be that (at least with the source
available) one could try to see what code is running in the driver and
spot coding issues that could lead to this sort of situation.
But immediately ruling out this scenario for Linux systems sounds quite
unrealistic to me. (And, from what I've read yesterday, I got the
impression that there had been a similar incident with Linux systems,
but I didn't study that further.)
--
Nuno Silva
(Who might like to point out Broadcom's WLAN quality way too often)
In <lg0t4gFpjftU4@mid.individual.net> rbowman:
[Snip...]
> today's upgrades want to upgrade 246 packages and replace the
> kernel for a little under 1 GB of downloads. It's the KDE spin
> so a lot of it seems to be getting plasma, Qt, and kwhatever
> to play nice. Almost every day is a new batch of upgrades.
I used to love KDE, starting (I think) with very old SUSE.
I reluctantly dropped KDE and Gnome for similar reasons noted.
I dropped Ubuntu for Debian over their 5-system (or WTF) limits
(etc) on non-commercial free support, a year or so ago.
Now, it's Debian and Xfce/Openbox everywhere, for my part.
BTW: I tolerate systemd only because Torvalds seems to, too.
Clearly, I'm a Greybeard from Sun SPARCstation and Dilbert days
and creeping Macroslop-like featurism in coding and support bug
the living hell outta me.
--
Dropped Ubuntu for Debian over their 5-system (or WTF) limit on
Pardon any bogus email addresses (wookie) in place for spambots.
Really, it's (wyrd) at att, dotted with net. * DO NOT SPAM IT. *
I toss GoogleGroup (http://twovoyagers.com/improve-usenet.org/).
In Message-ID: <-7CcndX6lpSstAb7nZ2dnZfqnPudnZ2d@earthlink.com> 26yh.0712:
[Snip...]
> Bill Gates learned early on to keep his pols WELL greased.
Quoting ProPublica:
A full, public accounting of what happened in the Solar Winds case would
have been devastating to Microsoft. ProPublica recently revealed that
Microsoft had long known about — but refused to address — a flaw used
in the hack. The tech company’s failure to act reflected a corporate
culture that prioritized profit over security and left the U.S. government
vulnerable, a whistleblower said.
Please excuse any snits slrn had about this reference URL:
https://www.propublica.org/article/cyber-safety-board-never-investigated-
solarwinds-breach-microsoft
--
Regards, Weird (Harold Stevens) * IMPORTANT EMAIL INFO FOLLOWS *
Pardon any bogus email addresses (wookie) in place for spambots.
Really, it's (wyrd) at att, dotted with net. * DO NOT SPAM IT. *
I toss GoogleGroup (http://twovoyagers.com/improve-usenet.org/).
followups trimmed to comp.os.linux.misc
In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
> "26yh.0712" <26yh.0713@e6t5y.net> writes:
>
>> Ah ... wunnerful Winders :-)
>>
>> It should be banned as a socioeconomic WMD ...
>
> Imagine systemd swallowing package management, doing automagic
> security updates and such a "MSLinux" monoculture.
I can see this happening, I think they just swallowed sudo.
> Wouldn't that be similarly vulnerable?
Maybe, any complex solution is open to vulnerabilities. I
think (hope) these changes would be tested better than
crowdstrike was. But as things get more complex, the harder
to test :(
I still think these changes Red Hat is pushing is their way
to make things easier for admins, but to me, eventually you
end up with a Windows clone. Now I wonder if they will "AI"
systemd, I think it is possible since IBM seems to be
getting into AI.
> IMO "MSLinux" everywhere would have the same problem.
>
> I think redundancy, diversity and reducing complexity is the right
> answer.
--
csh(1) - "An elegant shell, for a more... civilized age."
- Paraphrasing Star Wars
Lawrence D'Oliveiro wrote:
> Don’t like those “GUI bells and whistles”? Don’t install them. That’s not
> a choice Windows gives you.
Oh? Windows Server Core.
The Natural Philosopher wrote:
> I remember US robotics sold future proof modems that could be upgraded.
Only the "Courier" model had DSP upgrades, other models like "Sportster"
only had firmware upgrades.
> No one ever did.
When I bought mine, Demon supported 14.4kbps, that modem was upgraded
all the way to 56kbps.
> They threw them and bought the newer modems instead
Still have a couple here.
On 2024-07-20, 26yh.0712 <26yh.0713@e6t5y.net> wrote:
> Do we, the world, WANT
> to be stuck with naught but M$ and the wormy
> apple ???
"Ooooh, shiny!"
(In other words, for suitable values of "the world",
the answer is a resounding yes.)
> If so, the cyber-villains have
> already won and we'll be back to exchanging
> pigs for chickens again.
I'll raise you two hens and a rooster.
> As for Biz ... I'd still say to go with some kind
> of Unix at this time. Some of the apps might have
> that 80s terminal/curses look but they'd be SOLID.
I still see curses-style screens in some commercial
venues. They're not only solid but lightning-fast.
But all they give you is what you need, so I don't
see them getting far in the mass market...
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <cgibbs@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
Pages:123456789 |