imagladry

About

Username
imagladry
Joined
Visits
48
Last Active
Roles
member
Points
86
Badges
0
Posts
106
  • Microsoft blames European Commission for global CrowdStrike catastrophe

    M68000 said:
    This seems to be totally a QA testing issue.  Was any testing done? 

    So the answer to this is, "it's complicated". Some of this is going to be a bit simplified, but it's accurate enough.

    Software on Windows can run in two modes: kernel mode; and user mode. User mode software shouldn't ever be able to cause a BSOD.

    Security software needs to run in kernel mode. There are good reasons for this: malware often hides deep in the OS in places where user mode software can't find it. CrowdStrike Falcon works like a device drive, which allows it to reside in kernel mode and access system data structures and services.

    "Heck," you're thinking, "so can anyone write a device driver and get their software running in kernel mode?" Well, no: Windows will display a warning unless a driver has passed Microsoft's WHQL testing process. In some cases, Windows won't even allow the driver to run.

    Falcon is WHQL certified, so it *should* be pretty robust and not cause a BSOD. But there's a catch: it relies on dynamic definition files, which are deployed to update its configuration. From what I hear, Crowdstrike accidentally deployed one which contained nothing but zeros, which led to a catastrophic error. In other words, they simply deployed the wrong file. No testing will catch that -- it's a file that wasn't meant to be deployed at all.

    M68000 said:
    This seems to be totally a QA testing issue.  Was any testing done? 

    So the answer to this is, "it's complicated". Some of this is going to be a bit simplified, but it's accurate enough.

    Software on Windows can run in two modes: kernel mode; and user mode. User mode software shouldn't ever be able to cause a BSOD.

    Security software needs to run in kernel mode. There are good reasons for this: malware often hides deep in the OS in places where user mode software can't find it. CrowdStrike Falcon works like a device drive, which allows it to reside in kernel mode and access system data structures and services.

    "Heck," you're thinking, "so can anyone write a device driver and get their software running in kernel mode?" Well, no: Windows will display a warning unless a driver has passed Microsoft's WHQL testing process. In some cases, Windows won't even allow the driver to run.

    Falcon is WHQL certified, so it *should* be pretty robust and not cause a BSOD. But there's a catch: it relies on dynamic definition files, which are deployed to update its configuration. From what I hear, Crowdstrike accidentally deployed one which contained nothing but zeros, which led to a catastrophic error. In other words, they simply deployed the wrong file. No testing will catch that -- it's a file that wasn't meant to be deployed at all.
    Well written. I do take exception to one thing though.

    <blockquote>In other words, they simply deployed the wrong file. No testing will catch that -- it's a file that wasn't meant to be deployed at all. <blockquote>


    As some who has written installation packages, with any company worth their salt, the install package goes through testing, also. That would have caught the zero file. 
    ronnwilliamlondonbaconstangradarthekatwatto_cobra
  • 'Making Apple Vision Pro' video delves into precise aluminum cutting & assembly

    Feels incomplete without Ive saying al-u-lem-e-um
    bloggerblogwilliamlondonForumPostchasmwatto_cobra
  • Intel looking to 'avoid fighting' with Apple for TSMC's 3nm chip production

    I don't think Apple has much to worry about with TSMC and Intel. Apple does a good job with their supply chain. I'm sure Apple has a contract with TSMC for so many units and escalator clause if a needed increase of production is required. Intel can't cut in on that.
    scout6900baconstangseanjviclauyycigorsky
  • MagSafe on the new MacBook Pro: Everything you need to know

    The benefit of being able to charge from either side was well worth it for me at the time. 

    You must have a MB or MBP. The most recent MBA have all their ports on the left side. So, a benefit I can not experience.

    williamlondonwatto_cobra
  • Spotify overheats iPhones on iOS 15, rapidly drains battery

    Hank2.0 said:
    Another example of the weaknesses in Apple's beta testing system. Really? Not a single tester used Spotify? Aren't major popular apps automatically tested? I hate to think Apple knew about the problem and maliciously decided not to work with Spotify to fix it. :/
    It is not Apple's responsibility to test all apps with a new OS. That would be an unending task.

    The main purposes of Apple Beta program is for developers to test their apps with the new OS to insure compatibility. It use to be Apple betas where only available for developers. Over the years, it has become easier to join the Apple beta beta program, basically making betas open to anyone who wants it.
    magman1979tenthousandthingswilliamlondonchadbagwatto_cobra