Why cloud dependency and push updates is a bad thing

stargate-sg1-cheyenne-mtn · 2024-07-29 11:18:44

here is former Google engineer Avery Pennarun — now the CEO/founder of Tailscale regarding the centralized nature(and central point of failure) that is the current www/web/cloud/internet/etc

https://tailscale.com/blog/new-internet

also see:

https://www.techradar.com/news/upcoming-windows-11-pro-update-will-force-you-to-have-an-internet-connection

iirc, apple also does this...

golinux · 2024-07-29 14:37:47

Sigh . . . in the windows article this:

This could negatively effect users in parts of the world without reliable internet . . .

Good grief . . . idiot writer doesn't know the difference between effect and affect. And they get paid to produce this drivel? We are doomed! LOL!

quickfur · 2024-07-29 20:26:19

It's an article about Windows, whaddya expect? 😂

Nothing to see here, move along. 😜

golinux · 2024-07-29 20:39:01

Good advice. Users on this forum deserve better than offerings like this..

The-Amnesiac-Philosopher · 2024-07-29 23:37:44

My wife is a Flight Attendant for Delta Airlines.

A recent Windows' update completely broke their system...hundreds of flights cancelled...flight attendants stranded around the world...no way to get home...having to pay to stay in hotels themselves, buy their food, etc. This has been going on for over 2 weeks (maybe 3 weeks ???).

Two other major airlines were also affected by the update; however, they had backup plans. Both of those airlines had things backed** up and going within a week. Delta is STILL a mess.

Hey Delta...you ever thought of switching to Linux???

**EDIT: Changed "back" to "backed".

Last edited by The-Amnesiac-Philosopher (2024-07-29 23:42:52)

The-Amnesiac-Philosopher · 2024-07-29 23:45:23

...at least Delta can afford to pay a pilot $20,000 to make an emergency overseas' flight for 17 hour's of work.

...and no, I'm not kidding.

quickfur · 2024-07-30 00:57:33

This could be a great time to sell Devuan to Delta.

Just don't get caught in a situation where the plane has to make an emergency landing and the pilot has to recompile the kernel...

Or the pilot needs to engage the emergency landing gear and discovers that he needs to download and install a driver from the non-free section of the repo first. :-D

quickfur · 2024-07-30 01:02:25

Anyway, jokes aside, this whole fiasco is living proof of why forced push updates are Evil(tm). The admin doesn't even have a chance to review whether or not to go ahead, Windows just updates itself without being told to, because it's simply too cool not to install the latest and greatest preemptive multitasking features, and show it off by simultaneously rebooting and crashing.

In a sane world, the admin would first be notified that updates are available, and if he was a sane person, he'd roll out updates gradually, to batches of terminals / endpoints, then test to see if everything is alright before proceeding to upgrade the rest of the endpoints. But alas, we do not live in a sane world, and updates are just blindly pushed to all endpoints independently of the admin. People are putting a mighty lot o' trust in these Big Tech corporations, I gotta say.

soren · 2024-07-30 02:42:22

@quickfur
As the old saying goes, "common sense is not so common anymore" rings true throughout the millennia. I have read conspiracies that there were possibly dark designs behind the breach that's why the file or whatever got zeroed out before it could be analyzed properly, possibly a fail safe mechanism built in just in case it did what it did last week and crashed millions of pc's, so in effect no one would get any value from the kernel crash dumps.

steve_v · 2024-07-30 05:18:55

Dependence on cloud nonsense aside, this really comes down to crowdstrike's implementation:
* Falcon sensor is an old-school kernel driver (as opposed to running in a kernel VM, e.g. eBPF modules).
* It's also marked as boot-critical, so "safe mode" doesn't bypass it.
* It loads files (and potentially executable code too) from userland without sufficient input validation.
* It's written in C++, it's not memory-safe, and invalid data (in this case a bunch of literal nothing) in a definition update caused a null-pointer dereference.

IOW, this is a crowdstrike fuckup, and a pretty serious one at that. Whoever came up with the architecture for falcon sensor (at least on Windows) should be fired immediately.
Not only is this a fragile single point of failure, the apparent lack of input validation makes it a rootkit waiting to happen as soon as somebody manages to sneak in a compromised definition update.

There are ways to do something like this without producing a massive SPOF (or at least making it more easily recoverable), and this all stinks of arrogance and "infallibility culture" at crowdstrike.
Their big shiny selling point is "instant updates", and to achieve that they sidestepped driver validation and threw out decades of best-practice when it comes to running code in kernel space. This is ring-0 plug-n-play printer driver levels of "don't do that".
Perhaps it will wake their customers up to the peril of granting IDDQD rights to a bunch of chimpanzees.

AV vendors abusing their privs to do stupid things isn't remotely new, we've had gratuitous SSL tampering for years, we've had easily hijackable update mechanisms, and we've had products that decompress potentially malicious payloads in kernel-space, to mention just a few dumb ideas off the top of my head.
Surely by now somebody has realised that giving J.Random AV slinger god-mode in the name of "muh securitee" and "users are too stupid to be trusted" is a bad plan... Surely.

Last edited by steve_v (2024-07-30 05:43:20)

quickfur · 2024-07-30 09:23:20

Unfortunately, where there is money to be made, such foolhardiness will continue to propagate.

The officially official Devuan Forum!

#26 2024-07-29 11:18:44

Re: Why cloud dependency and push updates is a bad thing

#27 2024-07-29 14:37:47

Re: Why cloud dependency and push updates is a bad thing

#28 2024-07-29 20:26:19

Re: Why cloud dependency and push updates is a bad thing

#29 2024-07-29 20:39:01

Re: Why cloud dependency and push updates is a bad thing

#30 2024-07-29 23:37:44

Re: Why cloud dependency and push updates is a bad thing

#31 2024-07-29 23:45:23

Re: Why cloud dependency and push updates is a bad thing

#32 2024-07-30 00:57:33

Re: Why cloud dependency and push updates is a bad thing

#33 2024-07-30 01:02:25

Re: Why cloud dependency and push updates is a bad thing

#34 2024-07-30 02:42:22

Re: Why cloud dependency and push updates is a bad thing

#35 2024-07-30 05:18:55

Re: Why cloud dependency and push updates is a bad thing

#36 2024-07-30 09:23:20

Re: Why cloud dependency and push updates is a bad thing

Board footer