Sputnik

Do the Amish cancel 1000 quilts four days after a vendor doesn't deliver a needle?

​​​​Comparing our IT to the Amish is...slanderous to Amish

dera

Linux/MacOS don't have the threat the channel file #291 is used for, so that's why they weren't affected. I also don't think a Linux kernel module would crash because of a page fault like this. Nerd hat on for a second (It's been almost 2 decades since I was a dev so some terminology might be a bit off). The issue was that the corrupt channel file messed up an array that's used to look up memory addresses. Either creating a null pointer or just a corrupt memory address. The driver that crashed, csagent.sys tries to move a value to an address pulled from the array (I think it's mov r9d to r8, r8 being the corrupt memory address), and in this case this address was outside paged memory, that causes Windows to crash. Windows has to crash in a situation like this, because moving things to unallocated memory can cause your entire computer to get all effed up.

This is interesting in many ways. How the heck did they code a kernel-level driver so poorly that a simple corrupt setting file causes an unhandled error. This is software testing 101-level stuff. Feeding a null and/or corrupt setting file is one of the first things you should test for when testing a driver, and when it's a boot-start driver file, they should test that 10 times longer than a normal user mode driver. The fact that the driver does not verify any data in the channel files makes one wonder how secure that Falcon software is in itself.

Interesting to see how Crowdstrike manages to stay afloat after this. The damages are easily in billions, this is the biggest IT outage in history. I think they have had one barely profitable year in their entire history.

As you said, this is not a Microsoft issue, this is 100% on Crowdstrike. And based on the forensics people have been doing, it seems like this is a junior dev-level error in the heart of their software.

DeltaboundRedux

Always found the Flight Aware Cancellations page interesting.

Delta data seems slow to update. No idea why.

Best way to use it is wait 48 hours then look backwards.

(Looks backwards 48 hours)

My god.

Crowd Strike? I have questions.

CloudMonkey

4 days in a row of at least 1,000 cancellations and 1,500 delays.

Thanks for stealing thousands of dollars out of all our profit sharing checks Ed.

Already over 200 cancellations for tomorrow...

m3113n1a1

When is this going to end? I've never seen a doom loop this bad...

Hubcapped

They just need to shut everything down for 24-48 hours. If you’re not on a trip stay off the airwaves. Find out where everyone is thats out on the line and then put them in rest at location. 24 hours to rebuild to 50%…48 hours to ops normal.

i did (not) stay at a holiday inn last night

They should have done this Saturday night as soon as they realized that folks are not where icrew thinks they are. Its over at that point. Might as well take the loss and reset.

Planetrain

They just posted some security footage from crowdstrike. Let me see if I can re-post:

madmax757

Im sure Ed’s profit sharing / bonus which is usually stock options will be millions less. I doubt it’s something he wanted either.

Imagine the phone calls he is getting from investors, He probably needs eyes in the back of his head right now.

overqualified52

There will be no profit sharing checks for mainline . In fact everyday this continues , when Valentine's Day comes around next year the employees will owe Delta money , LOL 💀

cencal83406

Hey finally something you can be excited about.

perhaps now you don’t regret turning down Delta.