this post was submitted on 19 Jul 2024
132 points (100.0% liked)
TechTakes
1436 readers
191 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Zach Vorhies (who made leaking Google stuff to Project Veritas his entire identity) has the worst possible take: https://twitter.com/Perpetualmaniac/status/1814405221738786984 (lemme gather my thoughts and explain why in the next comment)
Fair warning that I'll be ranty because I hate losers talking about DEI hires.
This is a huge assumption. ~~The last rumor I've read from actual cybersecurity people is that Crowdstrike's update files were corrupt~~ (update: disproven by Crowdstrike's blog post). If this is true it's likely still from programmer error at some level, but maybe not as simple as "whoopsie I forgot an
if (data == nullptr)
teehee".He, like the rest of us that don't work at Crowdstrike, has no idea what happened. I have seen computers do the weirdest gosh darn things. I know better than to assume anything at this point. I wouldn't even rule out weird stuff like the data getting corrupted between release qualification and release yet.
This thread is full of these sorts of small technical inaccuracies and oversimplifications so I won't point out all of them, but nothing in the C++ standard requires null pointers to refer to memory address 0x0. Nor does it require that dereferencing a null pointer terminates the program.
Windows died not because C++ asked it nicely to, but because a driver tried to access an address which wasn't paged in.
The funny thing about accessing into non-paged memory in kernel space:
(If this was a simple nullptr dereference on bad input data then perhaps a fuzzer would have helped. Fuzzers are great though I have no idea how hard they are to use with kernel drivers)
Dude would probably call me a "DEI hire"; but I bet I could beat him in a C++ deathmatch so neener neener.
How do you mean? The current top post on the blog seems to mention .sys files as part of the problem very prominently.
https://www.crowdstrike.com/blog/technical-details-on-todays-outage/
That to me implied that the channel file wasn't actually necessarily corrupt (or as corrupt as people thought), but that it triggered a logic error. In particular this point implies that it wasn't from garbage zero bytes in the file.
(That said I could have worded this better, in my defense I'm sick in bed and only half thinking straight)
I see, thank you.
yeah that phrase of "null bytes" reads like addressing one of the rumours
"what was the problem?" "well it wasn't null bytes" "so.. what was it then?" "have definitely eliminated null bytes from the running!"
Aside but I have been in some weird as heck discussions about how to phrase public blog posts. A few times I've had to point out some phrasing is so cryptic that no one will even know what we're talking about, and really there's nothing wrong with being a bit clearer about what we want to express. Sometimes you'd like companies want the audience to be bewildered and confused; and I'm not totally sure where this instinct comes from.
(Though in this case they probably don't want to share too much yet for stonk or legal reasons)