A widespread Blue Screen of Death (BSOD) issue on Windows PCs disrupted operations across various sectors, notably impacting airlines, banks, and healthcare providers. The issue was caused by a problematic channel file delivered via an update from the popular cybersecurity service provider, CrowdStrike. CrowdStrike confirmed that this crash did not impact Mac or Linux PCs.
It turns out that similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company’s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.
The analysis revealed that the Debian Linux configuration was not included in their test matrix.
You might as well say you don’t support Linux.
“Crowdstrike’s model seems to be ‘we push software to your machines any time we want, whether or not it’s urgent, without testing it’,” lamented the team member.
I wonder how this shit works on NixOS.
If I’m remembering right, RHEL is Crowdstrike’s primary Linux target. And NixOS wouldn’t even be a factor since it’s basically just not enterprise grade.
That said, they need a serious revision of their QA processes.
RHEL, Ubuntu, & Debian cover the vast majority of enterprise installs I imagine, and provide a solid testing base for developers in the Linux business software space.
Maybe you add Gentoo, some post-CentOS clones/forks, or other more niche industry/workload specific distros, but how you do skip Debian?
RHEL, Ubuntu, & Debian cover the vast majority of enterprise installs I imagine, and provide a solid testing base for developers in the Linux business software space.
Enterprises I imagine are using RHEL, Ubuntu, SUSE’s SLES and Oracle Linux and probably not Debian. But that’s a guess. Where can statistics and numbers be found ?
Largish enterprise heavily using Debian, just 1 data point here but we do exist.
Nice.
consultant for large enterprises in australia, and i literally can’t say i’ve ever seen anyone running anything other than RHEL and amazon linux (so… RHEL) in production… unless we’re talking not for profits, and then that’s been a bit of a mixed bag
In the enterprise realm it is typically SUSE and RHEL.
Because their clients don’t ask them about Debian. They ask about RHEL, Ubuntu, and Amazon Linux
That’s a bold assumption for a global enterprise software company. Especially one that doesn’t exclusively target IaaS environments.
I’m not saying “literally none of their clients ask about Debian” I’m just saying it’s not having the market penetration the others do because the kind of corp that pays for crowd strike is also the kind of corp that wants to pay another corp (Like IBM, Oracle, or Canonical) for certain stability and liability coverages
There are probably more authoritative sources that have performed similar surveys or studies, but this was a recent one.
https://www.openlogic.com/blog/top-enterprise-linux-distributions
It was also the first relevant result that I clicked on, and it more or less lined up with my own anecdotal experiences working with a very diverse assortment of businesses, SMB through large enterprise.
If you don’t want to click on that link, or read through it, here is a graph with the results:
Addendum to my other reply:
Visiting the OpenLogic website makes it clear that they sell Linux support. In other words, you only work with OpenLogic ( and take their survey ) if you rely on a Linux distro that does not have commercial support ( or lousy I guess ). In other words, you only use OpenLogic if you are not paying for a real enterprise Linux product.
OpenLogic is calling this an “enterprise” Linux survey because they are positioning themselves as “enterprise” level support. But this survey pretty much excludes real enterprise Linux by definition.
Thins “enterprise” list is hilarious. There are SIX RHEL rip-offs but RHEL itself does not even make the list?
I know nothing about openlogic.com but they should not have “logic” in their name.
This is clearly a survey of what people run when they want to avoid paying for software. That might be a good description of the small business landscape but literally the opposite of Enterprise. At best, this is a survey of departmental IT in mid-size businesses.
Look, based on revenue alone, it is crazy obvious that RHEL is number one and either Oracle ( basically RHEL ) or SLE ( SUSE ) is number two. Oracle is mostly used as a base for Oracle DB and Oracle Applications. SUSE gets used to host SAP. Amazon Linux gets used on AWS ( the largest cloud ).
I think that Ubuntu gets used a lot in Enterprise but mostly for in-house stuff. It is probably the standard for embedded. I see it used as a base platform a lot in Azure. But Canonical has half the revenue that SUSE has despite “enterprise” Linux being a much smaller part of the Canonical product mix.
Largish enterprise heavily using Debian, just 1 data point here but we do exist.
Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company’s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.
Hot take: maybe bossware is a fucking drain on society, and people should stop buying it.
Yeah, but our leadership had a really nice lunch with their sales rep! Licenses for everyone!
It’s sad how accurate this is.
After getting a referral from your cyber insurance rep right?
The software is not the problem. Software breaks all the time. The problem is monocultures and centralization. Building entire industry ecosystems all around a single point of failure. This is the just-in-time manufacturing supply chain disruptions and fragility all over again.
Who knew, a diverse ecosystem was a strength, not a weakness.
The software is the problem if it’s produced with a corporate mentality of “ship first, fix later”.
Yep, at this point the “security” companies can do with imitating malware development practices.
deleted by creator
Everyone got an MBA and failed to realize it was just corporate brainwashing.
Nature has been telling us all long, but we don’t listen!
“I don’t test often but when I do I test on the entire planet”
rootkit doing rootkit things
It’s a well assembled article, but mostly based on a few comments in a hackernews post from yesterday. I would like to know how widespread it was.
Check the news
It was everwhere
I am not the author of the article.
Even though it’s everywhere on the news, that’s the Windows thing. I still don’t know how widespread it is on Linux or if it’s even the same issue as on Windows.
The article implies that CrowdStrike issue impacted only Debian and Rocky 9.4. Debian I can see. But how did something impact Rocky but not RHEL itself or Alma or Oracle?
Is Rocky actually different from RHEL now? Their entire brand promise is that they are the same.
@lemmee_in I can’t find any news about this. Just a statement in a forum and everyone basing subsequent articles on that. It appears to have been limited to a single company? Is there any support for this claim?
Based on the article, it seems like the issue only happens on a specific distro. Is it only Rocky or other Debians?
I wonder if other distros experience similar issues. Maybe linux based users don’t even install CS at all and try to leave their OS as lean as possible.
Nobody breaks Rocky ok (spoken in a gruff, low, mumbling voice)
It also broke windows the other day…
😂
Believe me, people noticed that one.
