mastodonien.de

mastodon.cloud

Zeitpunkt              Nutzer    Delta   Tröts        TNR     Titel                     Version  maxTL
Sa 20.07.2024 00:00:27   274.717      -1    5.688.145    20,7 mastodon.cloud            4.1.18     500
Fr 19.07.2024 14:01:13   274.718      +1    5.686.903    20,7 mastodon.cloud            4.1.18     500
Do 18.07.2024 00:01:09   274.717     +13    5.685.656    20,7 mastodon.cloud            4.1.18     500
Mi 17.07.2024 00:01:11   274.704     -89    5.683.927    20,7 mastodon.cloud            4.1.18     500
Di 16.07.2024 00:01:10   274.793      +9    5.682.045    20,7 mastodon.cloud            4.1.18     500
Mo 15.07.2024 00:00:52   274.784      +6    5.680.379    20,7 mastodon.cloud            4.1.18     500
So 14.07.2024 00:01:08   274.778      +3    5.678.984    20,7 mastodon.cloud            4.1.18     500
Sa 13.07.2024 00:01:06   274.775      +6    5.677.642    20,7 mastodon.cloud            4.1.18     500
Fr 12.07.2024 00:01:50   274.769     +11    5.677.017    20,7 mastodon.cloud            4.1.18     500
Do 11.07.2024 00:01:05   274.758       0    5.675.378    20,7 mastodon.cloud            4.1.18     500

Sa 20.07.2024 02:39

Looking to verify this claim...

Throwaway account... CrowdStrike in this context is a NT kernel loadable module (a .sys file) which does syscall level interception and logs then to a separate process on the machine. It can also STOP syscalls from working if they are trying to connect out to other nodes and accessing files they shouldn't be (using some drunk ass heuristics). What happened here was they pushed a new kernel driver out to every client without authorization to fix an issue with slowness and latency that was in the previous Falcon sensor product. They have a staging system which is supposed to give clients control over this but they pissed over everyone's staging and rules and just pushed this to production. This has taken us out and we have 30 people currently doing recovery and DR. Most of our nodes are boot looping with blue screens which in the cloud is not something you can just hit F8 and remove the driver. We have to literally take each node down, attach the disk to a working node, delete the .sys file and bring it up. Either that or bring up a new node entirely from a snapshot. This is fine but EC2 is rammed with people doing this now so it's taking forever. Storage latency is through the roof. I fought for months to keep this shit out of production because of this reason. I am now busy but vindicated. Edit: to all the people moaning about windows, we've had no problems with Windows. This is not a windows issue. This is a third party security vendor shitting in the kernel.

Throwaway account... CrowdStrike in this context is a NT kernel loadable module (a .sys file) which does syscall level interception and logs then to a separate process on the machine. It can also STOP syscalls from working if they are trying to connect out to other nodes and accessing files they shouldn't be (using some drunk ass heuristics). What happened here was they pushed a new kernel driver out to every client without authorization to fix an issue with slowness and latency that was in the previous Falcon sensor product. They have a staging system which is supposed to give clients control over this but they pissed over everyone's staging and rules and just pushed this to production. This has taken us out and we have 30 people currently doing recovery and DR. Most of our nodes are boot looping with blue screens which in the cloud is not something you can just hit F8 and remove the driver. We have to literally take each node down, attach the disk to a working node, delete the .sys file and bring it up. Either that or bring up a new node entirely from a snapshot. This is fine but EC2 is rammed with people doing this now so it's taking forever. Storage latency is through the roof. I fought for months to keep this shit out of production because of this reason. I am now busy but vindicated. Edit: to all the people moaning about windows, we've had no problems with Windows. This is not a windows issue. This is a third party security vendor shitting in the kernel.

[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0

Antw. · Weiterl. · Fav. · Lesez. · Pin · Stumm · Löschen