Crowdstrike Analysis: "It was a NULL pointer from the memory unsafe C++ language....let me decode this stack trace dump for you."

X ^ | July 19, 2024 | Post Conversation Zach Vorhies / Google Whistleblower @Perpetualmaniac

[ransomnote]

https://x.com/Perpetualmaniac/status/1814376668095754753

[ransomnote]

In the comments, some users took Vorhies to task for using DEI in a way that suggests DEI beneficiaries are less qualified or sources of error.

[kiryandil]

Good discussion.

Vorhies seems to be intolerant of woke tards and DEI airheads.  

[tarpit]

Good analysis.

[Stosh]

Is this what happens when they tell all those people whose minimum wage jobs have been outsourced to China to “learn how to code”?

[Jonty30]

So, they forgot to carry the 2.

[crusty old prospector]

Well, that explains it all. Never go full null. I took a stack dump this morning.

[T.B. Yoits]

Zach Vorhies called it his one statement that "...Microsoft needs to... not just raw dog risky updates to customers."

A simple test done against even a single machine would have flagged this as a "blue screen of death" problem. For far too long, updates are being pushed against in-use machines without prior use against test machines. If you can't get past the test machines, you don't launch it against in-use machines.

[TigerClaws]

The Trump curse strikes again.

Or an early run to have systems mysteriously “crash” day of the election / selection.

[bitt]

p

[LiveFreeOrDie2001]

Wouldn’t doubt it.
I don’t put anything past T D S & D E I

[nwrep]

Zach needs to learn how to spell “privileged”. He badly butchered the spelling.

[Fractal Trader]

I’m inclined to believe that this was a White Hat operation against a well known evil actor.

[EBH]

I am hearing they let go of a bunch of DEI programmers 2 days before this happened.

[UCANSEE2]

Si psleling erlaly htta imoptrnta ?

[MurrietaMadman]

Like Rockefeller Foundation's Agents of Change, Rust never sleeps

[Steven W.]

this is all SOP in the software development world ... there are tools such as valgrind that identify such potential errors and vulnerabilities. It’s puzzling from a professional perspective how such made it to production and reveals poor methodology that behooves anyone expecting such amateurish production model to grant authority as a “security” provider.

[discostu]

No this is what happens when guys whose entire professional career has been in C# and other languages that do a lot of memory work and cleanup for you get forced to program in an old language that makes the programmer handle it all themselves. I mean even the old programmers back in the day would screw this up. But “new” (people whose entire career has been in this century) programmers probably don’t even know this risk exists. The real question is why are they using C++? The product just isn’t old enough to justify that (the only justification being that was the new language when we started this app and we haven’t gotten around to rewriting it). Somebody made a dumb decision on day 1.

[dpetty121263]

Once all the lawsuits and settlements finish up there will be no more Crowd Strike..I am a Sr Admin at a major bank and sure cost us in labor and outages....

[BenLurkin]

[pas]

As a programmer I have heard about null exceptions. Never created one myself. Seriously never one this bad.