I have no issues with the underlaying UNIX nature of the Mac.
Indeed, I know several guys who bought Macs and immediately ripped out every part of the user interface and run native UNIX with whatever presentation manager they want. The only part that is Apple is the hardware.
But, it's costly for what you get... the hardware is no longer unique as it was when they ran PPC.... and a cheap "PC" with Ubuntu runs as fast and is a lot cheaper.
Indeed, I know several guys who bought Macs and immediately ripped out every part of the user interface and run native UNIX with whatever presentation manager they want. The only part that is Apple is the hardware.
But, it's costly for what you get... the hardware is no longer unique as it was when they ran PPC.... and a cheap "PC" with Ubuntu runs as fast and is a lot cheaper.
In NT there are two sorts of drivers. The common or garden device kind (printers etc) run outside the kernel in a protected space and shouldn't be able to crash the OS. There are also kernel level drivers and it was those that CrowdStrike was monitoring (fiddling with). Which means it was, effectively making itself part of the OS kernel, which in turn made the OS completely vulnerable...
I think we've had this discussion elsewhere, but most people just want an appliance that sits there and just works 🙂
That is, to a large extent, the reason for the existence of Apple. They've been very good at it too.
Missed this one... But I did reddit someone with 1000+ servers down, each needing physical access to patch out the update and boot again.
If you summed up the total cost of this snafu, I wonder what it would be? Did a pareto, starting with the "loss of business" catagory, right out to "miles driven and meals covered by IT personnel" and "idle power consumption cost" of systems doing nothing except repeating a failing boot cycle.
Then give that bill to the company that made this mistake.
Pretty soon, half the worlds energy is going to go into just fighting off the mistaken and nefarious. Oh....
If you summed up the total cost of this snafu, I wonder what it would be? Did a pareto, starting with the "loss of business" catagory, right out to "miles driven and meals covered by IT personnel" and "idle power consumption cost" of systems doing nothing except repeating a failing boot cycle.
Then give that bill to the company that made this mistake.
Pretty soon, half the worlds energy is going to go into just fighting off the mistaken and nefarious. Oh....
OK, I suppose we have a different notion of what an Operating System entails. To me, it's just a framework to host device drivers, provide a file system, some networking stacks, some standard bus interfaces, a framework to host/interface the BSP (board support package) and a task manager.
In essence, I boot the hardware, configure the cores/motherboard, install the devices, test them, open the console, put out some info and then go fetch the OS image and boot it.... that's why I think of the OS as an application.
As a professional EE, I just want a computer that works, and does not waste my time, like the Mac.
It's not a toy, it's a work tool.
And the people stuck at airports, people unable to purchase things, employees at the airlines, banks, stores, etc, etc, etc....
A single point of failure...
I backup my backups and store off-site. It's not foolproof but the best I can afford both in time and money.
On friday I discovered as I tried to make an appt to renew my drivers license that the TX system that does that was hit. So I was minorly inconvenienced. This was a huge booboo though. CS should pay the ultimate price for this. A few corporate deaths from what is now essential services might change behavior.
As a working developer, I design computer stuff, so I want my computers to be as versatile as possible.
I've never seen anyone run emulations, simulations or design with VHDL in a Mac. Used to be Unix ( Solaris ) but it all went to Windows.
I wonder what a "checklist" might be, to keep one from signing on with some service that can be such a single point failure? In hardware manufacturing industry, we used to have "second sources" on a "qualified vendor list" so if one went kaput, didnt stop production.
I wonder whatever happened to the idea of "Tandem" and its non-stop computing. Ah, Windows systems install on somebody's bare metal box are cheaper...
I bet very few who signed on to this service realized how it actually worked - which I suppose would be secretive knowledge for obvious reasons. Quite the trust to allow some outside entity, no matter their tag line, to crater your business at the flip of a packet.
Or was it entirely understood that to stop a fast propagating "threat", one has to have the ability to halt operating metal immediately - and prevent it from coming back up no matter what?
It's almost like why's the Roughskin Newt's poison so strong? Because the threat's become so resistant. Round 'n round we go...
The common, CHEAP, practice is to buy your way out of problems with an outside vendor.
Then as the vendor keeps adding more and more features, you just write the checks. It's easy, why have developers around when you just write a check out of your way?
Nevermind that the vendor is taking control over your own system... if they fail, you are hosed, you have no ownership, no maintenance of the design you are using.
And then, everybody is doing it because they're all cheap.
No one is thinking, "Gee, what it this breaks? Maybe we should be doing some single source analysis on all of this?". That would be the far sighted point of view.
Then one day, you find what happens you are short sighted and cheap...
Then as the vendor keeps adding more and more features, you just write the checks. It's easy, why have developers around when you just write a check out of your way?
Nevermind that the vendor is taking control over your own system... if they fail, you are hosed, you have no ownership, no maintenance of the design you are using.
And then, everybody is doing it because they're all cheap.
No one is thinking, "Gee, what it this breaks? Maybe we should be doing some single source analysis on all of this?". That would be the far sighted point of view.
Then one day, you find what happens you are short sighted and cheap...
Last edited:
Today might be a good day to buy your local sysadmin a beer.
They knew this mess was coming any but were instructed by either a client or SecOps to install Crowdstrike.
Now the mindset may change from "Your device is protected by CrowdStrike" to "This device may fail to boot any day now"
Buy your local sysadmin a beer. They deserve it!
They knew this mess was coming any but were instructed by either a client or SecOps to install Crowdstrike.
Now the mindset may change from "Your device is protected by CrowdStrike" to "This device may fail to boot any day now"
Buy your local sysadmin a beer. They deserve it!
I think depends on the area, IC design was initially on custom equip (CALMA, Applicon were the big names) and then migrated to Sun and other workstations like HP, Silicon Graphics using UNIX(solaris, HPUX etc). IC Verification(Dracula ex) was on DEC's VAX where I worked. The CALMA builtin was too small/slow. Then things moved to Linux/x86 some, but a big jump when AMD unveiled the X86_64 platform and process size could grow beyond 4G. As far as I know, it still is Linux (at least I am as is Cadence, Synopsys the elephants) for everything from synthesis to custom layout to verification to simulation, timing analysis, OPC... I think it almost has to. And I think threading is better in Linux than Windows, which for the oomph you need is pretty critical. As an example, modern DRC chops the problem into hundreds of pieces running on multiple machines/cores with very complex interprocess communicationboth multi-process and multi-thread. Modern routing and placers do similar. Imagine placing 10M std cells in one go. And then of course you have to route it meeting timing. I don't see much data from customers, but one called a couple years ago and asked if I could read a 125GB stream file. I swallowed and said, well, how much memory do you have. I'm thinking a big box was 64G of RAM back then. The biggest thing I have is 16. He calmly replies I think 350G. About fell over. I said, yep should come in and you can edit/view no problem. And it did. I imagine now people are using 1TB RAM machines for final chip assembly, review. Crazy in the context of the 8MB sun machine I used at cadence back in the late 80's.
Of course they will, but this won't change usual way of testing updates poorly.
Have we learned anything from this worldwide event?
In my view, what has been demonstrated globally is that an anti-malware program for Windows behaved exactly like the malware it claims to prevent.
This could one day be done on purpose.
Without almost lifting a finger.
There's this article on El Reg which implies the EU legally compelled Microsoft to expose the kernel API it was using for its own virus scanning and make it available for 3rd party virus scanners as part of a 'fair use' agreement.
Of you can make arguments about the way a kernel API was exposed. But it was always going to be a high-tarrif manoeuver...
Of you can make arguments about the way a kernel API was exposed. But it was always going to be a high-tarrif manoeuver...
I wasn't. I don't want the thread shut-down...
The point that should be drawn from this is, I think, one of a system being complex and difficult to understand and at what point to people who don't understand it have to give way to the views of people who do.
There's another article on El Reg that talks about Crowdstrike and Linux problems in April this year.
It's a complex area. Normally when you make an API public you have to write a ton of defensive code to protect yourself against abuse. But that always slows the API, and in a performance critical thing like a kernel it's likely only the minimum will be done.
There's also the aspect that having the API there means a lot of extra testing has to be done by the API owner and there's always the chance that changes to code not directly involved in the API will impact its operation. It adds a great deal of complexity both to development, testing and deployment.
You increase risk and mitigate the risk with increased development times and, therefore cost...
I don’t class myself as a coder, but can do my thing if I have to. What I would say is in any code you write, at least as much code is generated to catch what ifs and especially so if the code involves some sort of human interface. If the law says ‘release an API’ to ensure anti-monopoly practices and fair market access by competitors, the onus is on the vendor to make sure said code is robust enough to be released and especially so wrt mission critical software like CrowdStrike.