Some bad code just broke a billion Windows machines - YouTube – This is a really good accurate and comical take on what happened with this whole Crowdstrike global fuck up.
@prologic@twtxt.net They all gave Crowdstrike root access to their machines. What could possibly go wrong? 🤷🤷🤷
@movq@www.uninformativ.de Yeah pretty much ooops 🤦♂️
It’s also funny to read their terms and conditions:
8.6 […] THE OFFERINGS AND CROWDSTRIKE TOOLS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE OFFERINGS NOR CROWDSTRIKE TOOLS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE.
That’s why all airports remained operational. Oh wait…
@lyse@lyse.isobeef.org so in other words, their own entire sections of global industries that are using this rubbish crowd, strike antivirus/endpoint detection, piece of crap that are infection effectively in violation of the terms of conditions of the service? 🤔
That’s some good sleuth thing that @lyse@lyse.isobeef.org 🙇♂️
@prologic@twtxt.net I reckon, it’s just so that they can say: “Oh, whoopsy daisy. Too bad that you fell for our trap. Sorry, it’s entirely your own fault. Go away, leave us alone.”
The bullet point 8.6 continues right away (I forgot the ellipsis in my initial quote, excuse me):
[…] Customer agrees that it is Customer’s responsibility to ensure safe use of an Offering and the CrowdStrike Tools in such applications and installations. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES.
And in the one before that:
8.5 No Guarantee. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL OF CUSTOMER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD CROWDSTRIKE RESPONSIBLE THEREFOR.
In other words: “Just give us your money and hope for the best. It might work. Maybe.” Nope, of course it doesn’t.
i imagine this is the agreement that the lower plebs are stuck in. Larger enterprise accounts wont fall under these agreements. When I worked a hospital we would get agreements like this with contracts and the legal would line out things like this add new language and send them back.
@xuu Interesting!