Technology

58133 readers

4481 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

100

To what extent, if at all, would have CrowdStrike's faulty update have been easier to deal with with an immutable distro? (lemmy.ml)

submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]

51 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 14 points 2 months ago (1 children)

If the sensor was using eBPF (as any modern sensor on Linux should) then the faulty update would have made the sensor crash, but the system would still be stable. But CrowdStrike has a long history of using stupid forms of integration, so I wouldn't put it past them to also load a kernel module that fucks things up unless it's blacklisted in the bootloader. Fortunately that kind of recovery is, if not routine, at least well documented and standardized.

[–] [email protected] 2 points 1 month ago (1 children)

I did hear that one of their newer versions does use eBPF, but I haven't even remotely looked into it.

https://nondeterministic.computer/@mjg59/112816011370924959

[–] [email protected] 1 points 1 month ago

They do have a bpf sensor. It's still shite, managing to periodically peg a CPU core on an idle system. They just lifted and shifted their legacy code into the bpf sensor, they don't actually make good use of eBPF capabilities.