A widespread Blue Screen of Death (BSOD) issue on Windows PCs disrupted operations across various sectors, notably impacting airlines, banks, and healthcare providers. The issue was caused by a problematic channel file delivered via an update from the popular cybersecurity service provider, CrowdStrike. CrowdStrike confirmed that this crash did not impact Mac or Linux PCs.

It turns out that similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company’s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.

  • sudo@programming.dev
    link
    fedilink
    arrow-up
    200
    ·
    5 months ago

    The analysis revealed that the Debian Linux configuration was not included in their test matrix.

    You might as well say you don’t support Linux.

    “Crowdstrike’s model seems to be ‘we push software to your machines any time we want, whether or not it’s urgent, without testing it’,” lamented the team member.

    I wonder how this shit works on NixOS.

    • Flatfire@lemmy.ca
      link
      fedilink
      arrow-up
      78
      arrow-down
      2
      ·
      5 months ago

      If I’m remembering right, RHEL is Crowdstrike’s primary Linux target. And NixOS wouldn’t even be a factor since it’s basically just not enterprise grade.

      That said, they need a serious revision of their QA processes.

      • circuscritic@lemmy.ca
        link
        fedilink
        arrow-up
        38
        ·
        edit-2
        5 months ago

        RHEL, Ubuntu, & Debian cover the vast majority of enterprise installs I imagine, and provide a solid testing base for developers in the Linux business software space.

        Maybe you add Gentoo, some post-CentOS clones/forks, or other more niche industry/workload specific distros, but how you do skip Debian?

        • lemmyreader@lemmy.ml
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          1
          ·
          5 months ago

          RHEL, Ubuntu, & Debian cover the vast majority of enterprise installs I imagine, and provide a solid testing base for developers in the Linux business software space.

          Enterprises I imagine are using RHEL, Ubuntu, SUSE’s SLES and Oracle Linux and probably not Debian. But that’s a guess. Where can statistics and numbers be found ?

          • Pup Biru@aussie.zone
            link
            fedilink
            English
            arrow-up
            9
            ·
            5 months ago

            consultant for large enterprises in australia, and i literally can’t say i’ve ever seen anyone running anything other than RHEL and amazon linux (so… RHEL) in production… unless we’re talking not for profits, and then that’s been a bit of a mixed bag

        • themeatbridge@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          5 months ago

          I’m not an expert in any sense.

          But it was always my impression that Ubuntu and Debian were what you use on personal machines, while RHEL is the baseline standard for professional servers.

          Is that not accurate? CrowdStrike’s target customer seems to be the sort of company that would insist on using RHEL for the enterprise features.

          • Skydancer@pawb.social
            link
            fedilink
            arrow-up
            18
            ·
            edit-2
            5 months ago

            That is not accurate.

            • RedHat is the standard for high-budget American corps.
            • Rocky and similar for low-budget American orgs
            • Ubuntu Server has a large following with developers who think they don’t need sysadmins.
            • Debian Stable is more popular with European orgs that aren’t incentivized by US government contracts to go with Redhat. It is much more stable than Ubuntu, has been more reliable in its support promises than Redhat, and doesn’t suffer from the NIH syndrome that infects both.
            • Ubuntu is popular with home users
            • Debian Testing is good for workstations and personal machines that need to be a bit more current
            • Debian Unstable for people who like Debian but want to live on the bleeding edge
            • BCsven@lemmy.ca
              link
              fedilink
              arrow-up
              3
              ·
              5 months ago

              The enterprise systems I see are only certified on RHEL and SUSE, debian is not even a contender. Obviously Americans typically choose Rhel and europe goes for SUSE.

              Debian doesn sell enterprise support.

          • Martin@feddit.nu
            link
            fedilink
            arrow-up
            14
            ·
            5 months ago

            I’ve been using Linux professionally for 15 years. It’s been Debian or Ubuntu almost everywhere I have been. Although that might be regional.

                • irreticent@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  5 months ago

                  What’s it like living there? I apologize for the off-topic question but I’m fascinated by the Nordic States in comparison to my experience growing up and adulting in the US. I’m envious of your higher quality of life index being so high in those countries.

                  I don’t know where I’m going with this… just wanted to start a drunken conversation.

                  After doing a quick search I found we’re not too far behind you (two rankings lower) but I still like to hear from actual people how they view their govt., and how they’re helping (if at all).

          • valaramech@fedia.io
            link
            fedilink
            arrow-up
            9
            ·
            edit-2
            5 months ago

            Canonical and Debian both target the professional server space. I’ve spent pretty much my entire career working on Debian-based distros.

            Hell, the one company I worked for that I expected to use RHEL used Ubuntu for everything, so 🤷‍♂️.

          • LeFantome@programming.dev
            link
            fedilink
            arrow-up
            4
            ·
            5 months ago

            This is accurate.

            There is another reply that says “this is not accurate” that includes true information to back you up.

            For infrastructure, RHEL is the gold standard for large companies with a budget. The RHEL customer-base probably overlaps almost completely with CrowdStrike.

            RHEL imitators are popular with people that value cost savings more than the corporate backing ( beyond individual cases, this DOES NOT describe the enterprise space ).

            Ubuntu is very popular with developers in companies of all sizes. Outside of maybe being the base for containers, this is not how “infrastructure” choices are made though.

            Debian is popular with Linux enthusiasts and, where they have influence, businesses may use that. In enterprise environments, it is less likely this group is the one making the decisions. Again though, individual cases exist.

        • The Cuuuuube@beehaw.org
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          5 months ago

          Because their clients don’t ask them about Debian. They ask about RHEL, Ubuntu, and Amazon Linux

          • circuscritic@lemmy.ca
            link
            fedilink
            arrow-up
            7
            ·
            edit-2
            5 months ago

            That’s a bold assumption for a global enterprise software company. Especially one that doesn’t exclusively target IaaS environments.

            • The Cuuuuube@beehaw.org
              link
              fedilink
              English
              arrow-up
              3
              ·
              5 months ago

              I’m not saying “literally none of their clients ask about Debian” I’m just saying it’s not having the market penetration the others do because the kind of corp that pays for crowd strike is also the kind of corp that wants to pay another corp (Like IBM, Oracle, or Canonical) for certain stability and liability coverages

              • circuscritic@lemmy.ca
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                5 months ago

                There are probably more authoritative sources that have performed similar surveys or studies, but this was a recent one.

                https://www.openlogic.com/blog/top-enterprise-linux-distributions

                It was also the first relevant result that I clicked on, and it more or less lined up with my own anecdotal experiences working with a very diverse assortment of businesses, SMB through large enterprise.

                If you don’t want to click on that link, or read through it, here is a graph with the results:

                • LeFantome@programming.dev
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  5 months ago

                  Thins “enterprise” list is hilarious. There are SIX RHEL rip-offs but RHEL itself does not even make the list?

                  I know nothing about openlogic.com but they should not have “logic” in their name.

                  This is clearly a survey of what people run when they want to avoid paying for software. That might be a good description of the small business landscape but literally the opposite of Enterprise. At best, this is a survey of departmental IT in mid-size businesses.

                  Look, based on revenue alone, it is crazy obvious that RHEL is number one and either Oracle ( basically RHEL ) or SLE ( SUSE ) is number two. Oracle is mostly used as a base for Oracle DB and Oracle Applications. SUSE gets used to host SAP. Amazon Linux gets used on AWS ( the largest cloud ).

                  I think that Ubuntu gets used a lot in Enterprise but mostly for in-house stuff. It is probably the standard for embedded. I see it used as a base platform a lot in Azure. But Canonical has half the revenue that SUSE has despite “enterprise” Linux being a much smaller part of the Canonical product mix.

                • LeFantome@programming.dev
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  5 months ago

                  Addendum to my other reply:

                  Visiting the OpenLogic website makes it clear that they sell Linux support. In other words, you only work with OpenLogic ( and take their survey ) if you rely on a Linux distro that does not have commercial support ( or lousy I guess ). In other words, you only use OpenLogic if you are not paying for a real enterprise Linux product.

                  https://www.openlogic.com/

                  OpenLogic is calling this an “enterprise” Linux survey because they are positioning themselves as “enterprise” level support. But this survey pretty much excludes real enterprise Linux by definition.

  • Telorand@reddthat.com
    link
    fedilink
    arrow-up
    109
    arrow-down
    4
    ·
    5 months ago

    Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company’s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.

    Hot take: maybe bossware is a fucking drain on society, and people should stop buying it.

    • zelifcam@lemmy.world
      link
      fedilink
      English
      arrow-up
      92
      ·
      edit-2
      5 months ago

      Yeah, but our leadership had a really nice lunch with their sales rep! Licenses for everyone!

    • dactylotheca@suppo.fi
      link
      fedilink
      English
      arrow-up
      17
      ·
      5 months ago

      Well, if the executive leech class wants workers to have bossware, there’s not all that much people can do about it. Can’t just decide to not use it if your employer demands it

      • sudo@programming.dev
        link
        fedilink
        arrow-up
        21
        arrow-down
        1
        ·
        5 months ago

        Worse, my employer doesn’t care about this shit but our clients are demanding we have the bossware installed.

      • Telorand@reddthat.com
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        5 months ago

        I didn’t mean the average worker. I meant the “executive leech class,” because downtime of this scale means lost profits, which is something they care deeply about.

        • dactylotheca@suppo.fi
          link
          fedilink
          English
          arrow-up
          14
          ·
          edit-2
          5 months ago

          which is something they care deeply about.

          They care about quarterly profits. Preventing fuckups of this scale requires long-term effort which is not profitable by itself, it only prevents possible future fuckups, and this is why proper QC etc. aren’t done. Short term profits over everything else.

        • TechNom (nobody)@programming.dev
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          1
          ·
          5 months ago

          In that case, it’s time for the average workers to sabotage the bossware. Let the leech class solve the problem they create.

            • TechNom (nobody)@programming.dev
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              Why are sensitive or critical hospital systems loaded with bossware? That itself is a breach of medical safety regulations and medical privacy. If such bossware fails for whatever reason - even sabotage, it’s on the leach class. Prosecute them for murder.

  • SkyNTP@lemmy.ml
    link
    fedilink
    arrow-up
    93
    arrow-down
    3
    ·
    5 months ago

    The software is not the problem. Software breaks all the time. The problem is monocultures and centralization. Building entire industry ecosystems all around a single point of failure. This is the just-in-time manufacturing supply chain disruptions and fragility all over again.

    Who knew, a diverse ecosystem was a strength, not a weakness.

  • Toes♀@ani.social
    link
    fedilink
    arrow-up
    39
    ·
    5 months ago

    There’s a concept in this industry where you eat your own dog food.

    Deploying these updates to your own people could have avoided this mess.

    • themoonisacheese@sh.itjust.works
      link
      fedilink
      arrow-up
      37
      ·
      5 months ago

      Oh but they did. Turns out that this is specifically caused by one driver expecting another to be installed, the other one being for another of their products. If you have the other product installed, it doesn’t crash, so it didn’t crash on their machines because they have all their products installed and apparently not a single element of their test matrix has the single most common configuration they service

      • Fox@pawb.social
        link
        fedilink
        arrow-up
        9
        ·
        5 months ago

        Do you have a source for that? I’m intrigued. Their own blog post is only talking about a “logic error”.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          5
          ·
          5 months ago

          I heard a different rumor, that the driver file they pushed was all zeros. I’m inclined to believe that one.

        • themoonisacheese@sh.itjust.works
          link
          fedilink
          arrow-up
          3
          ·
          5 months ago

          It’s a very educated guess based on the following:

          The crash is a null pointer dereference, which a linter ought to catch.

          The crash does not happen if you have crowdstrike sensor installed, which is weird because crowdstrike sensor’s job is not to prevent any crashes.

          Hence the guess: the update the pushed tries accessing memory in sensor, but if it’s not installed the pointer is null and that’s Bye-Bye.

      • Mango@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        5 months ago

        This is the best explanation of this I’ve heard and you’re just like… A dude on Lemmy.

  • MechKit@beehaw.org
    link
    fedilink
    English
    arrow-up
    23
    ·
    5 months ago

    It’s a well assembled article, but mostly based on a few comments in a hackernews post from yesterday. I would like to know how widespread it was.

  • LeFantome@programming.dev
    link
    fedilink
    arrow-up
    8
    ·
    5 months ago

    The article implies that CrowdStrike issue impacted only Debian and Rocky 9.4. Debian I can see. But how did something impact Rocky but not RHEL itself or Alma or Oracle?

    Is Rocky actually different from RHEL now? Their entire brand promise is that they are the same.

  • rsp@ecoevo.social
    link
    fedilink
    arrow-up
    6
    ·
    5 months ago

    @lemmee_in I can’t find any news about this. Just a statement in a forum and everyone basing subsequent articles on that. It appears to have been limited to a single company? Is there any support for this claim?

    • learningduck@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      5 months ago

      Based on the article, it seems like the issue only happens on a specific distro. Is it only Rocky or other Debians?

      I wonder if other distros experience similar issues. Maybe linux based users don’t even install CS at all and try to leave their OS as lean as possible.