[Not really OT] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language.

[H. S. Teoh]

On Wed, Jul 24, 2024 at 04:27:15PM +0000, GrimMaple via Digitalmars-d wrote:
> On Friday, 19 July 2024 at 23:33:44 UTC, H. S. Teoh wrote:
> > It's 2024, and a NULL pointer brought down half the world's servers.
> > 
> > Just gives you *so* much confidence in technology. :-D
> 
> It's not a NULL pointer that did this, but rather a combination of
> * A NULL pointer
> * Poor testing that allowed the code to be pushed upstream
> * Bad Microsoft policies that lead to poorly tested code to be
> auto-installed via automatic updates
> 
> In cases like this it's never just one small thing that causes Really
> Bad Things™, it's usually a combination of poor decisions.

Which means that there must be a *lot* of poor decisions going around,
enough for the wrong ones to line up coincidentally to cause a
disastrous failure.  Which just makes me all warm and fuzzy with
confidence about the state of technology.  :-P


> IMO, the only actually wrong thing in this whole situation is how
> shitty updates are forced onto everyone without proper testing periods

Or the fact that updates are pushed at all.  Never been a fan of push
updates.  Or push anything, really.  Binary blob pushes are the worst of
them all.  All it takes is for *somebody* to compromise the binary
somewhere between the source and the user, and you're looking at half
the world being compromised overnight.  We're lucky that this buggy
update was (very!) noticeable.  It could have been a lot worse.  Like a
malicious backdoor that went unnoticed.  In fact, it may have already
happened, and we just haven't noticed it yet.

Remember, you heard it here first. :-P


T

-- 
"I suspect the best way to deal with procrastination is to put off the
procrastination itself until later. I've been meaning to try this, but
haven't gotten around to it yet. " -- swr