That’s… not remotely true? Linux can absolutely install kernel drivers. If you mean running windows games under wine then sure, but then we’re no longer talking apples:apples. You could do the same thing on windows by running a game in a VM.
This is correct, as in windows a driver is the most straightforward method to runlevel0 access. It absolutely could at any time do exactly what crowdstrike did. But also so could Nvidia/amd with GPU drivers, your motherboard manufacturer with chipset and RGB drivers, etc. it’s not quite the smoking gun people make it out to be, as there are a lot of legitimate reasons to have this kind of system access.
The egregious part was that crowdstrike users agreed to allow a vendor to bypass canary channels and deploy straight to their endpoints.
Yes and no. In the best case, endpoints have enough cached data to get us through that process. In the worst case, that’s still a considerably smaller footprint to fix by hand before the rest of the infrastructure can fix itself.
With enough autism in your overlay configs, sure, but in my environment tat leakage is still encrypted. It’s far simpler to just accept leakage and encrypt the OS partition with a key that’s never stored anywhere. If it gets lost, you rebuild the system from pxe. (Which is fine, because it only takes about 20 minutes and no data we care about exists there) If it’s working correctly, the OS partition is still encrypted and protects any inadvertent data leakage from offline attacks.
We do this in a lot of areas with fslogix where there is heavy persistent data, it just never felt necessary to do that for endpoints where the persistent data partition is not much more than user settings and caches of convenience. Anything that is important is never stored solely on the endpoints, but it is nice to be able to reboot those servers without affecting downstream endpoints. If we had everything locally dependant on fslogix, I’d have to schedule building-wide outages for patching.
Separate persistent data and operating system partitions, ensure that every local network has small pxe servers, vpned (wireguard, etc) to a cdn with your base OS deployment images, that validate images based on CA and checksum before delivering, and give every user the ability to pxe boot and redeploy the non-data partition.
Bitlocker keys for the OS partition are irrelevant because nothing of value is stored on the OS partition, and keys for the data partition can be stored and passed via AD after the redeploy. If someone somehow deploys an image that isn’t ours, it won’t have keys to the data partition because it won’t have a trust relationship with AD.
(This is actually what I do at work)
Endpoint is any PC/laptop/sign/POS/etc. It’s a catchall term for anything that isn’t a server. it basically refers to any machine that might be logged into and used by a non-IT user.
I’ve heard anecdotally that some 911 services were down in my area, but I can’t speak to how wide that was.
Same, I wonder if there would be any way to report it to the state AG, maybe some pressure to ban it could hit google
Generally the lifecycle with this sort of thing is old_thing becomes an alias to new_thing, and eventually old_thing gets dropped as an alias down the line.
It’s still decent advice to learn dnf native calls and to update scripts using yum to those native calls.
Yes you are correct, I had the two reversed in my head.
Hangouts was built on xmpp, and used to allow federation. Yes xmpp still exists but it’s functionally dead.
I believe google hangouts and xmpp would like to have a word with you. There was probably a universe where federated xmpp was as ubiquitous as sms, but in this universe, google federated, brought users over with cool features, and then defederated when they had all the users.
If you want another example from the same company in modern times, look at chrome and http/css/js. Google’s chokehold on the web ecosystem with chrome means that whatever they do, everyone else has to follow suit or not be compatible with the browser that something like ~75-90% of users use
Okay, I’m hooked, I have to know the non-clickbait story
I believe that one was patched a while ago
I’m a big fan of tiling window managers like i3 or awesome (awesome wm). Awesome is the one I use. It’s tiling and the entire interface is built from scripts that they encourage you to modify. Steep learning curve but once you get it how you like, there’s nothing like it.
There are a multitude of established, studied, simple changes that could be made to make things safer for pedestrians with relatively little needed in the way of sacrifice from car designers
Can you share some of these? I had a small stint in the auto design industry and am genuinely curious.
That is usually more incompetence than malice. They write a game that requires different operation on amd vs Nvidia devices and basically write an
If Nvidia: Do x; Else if amd: Do Y; Else: Crash;
The idea being that if the check for amd/Nvidia fails, there must be an issue with the check function. The developers didn’t consider the possibility of a non amd/Nvidia card. This was especially true of old games. There are a lot of 1990s-2000s titles that won’t run on modern cards or modern windows because the developers didn’t program a failure mode of “just try it”
It’s like grifting, but also a pyramid scheme.
Are you maybe thinking of https://distr1.org/ made by the i3 guy?