Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Crowdstrike Analysis: "It was a NULL pointer from the memory unsafe C++ language....let me decode this stack trace dump for you."
X ^ | July 19, 2024 | Post Conversation Zach Vorhies / Google Whistleblower @Perpetualmaniac

Posted on 07/20/2024 8:10:34 AM PDT by ransomnote

click here to read article


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-64 next last
To: discostu

you nailed it ...


21 posted on 07/20/2024 9:26:15 AM PDT by bankwalker (Repeal the 19th ...)
[ Post Reply | Private Reply | To 17 | View Replies]

To: pas

It’s not normally encountered in languages where you don’t have pointers. In COBOL terms, it’s like a divide by 0.


22 posted on 07/20/2024 9:35:32 AM PDT by AppyPappy (Biden told Al Roker "America is back". Unfortunately, he meant back to the 1970's)
[ Post Reply | Private Reply | To 20 | View Replies]

To: discostu
You'd make a great IT manager. Always switch to newer and newer languages so you can fire the old timers who cost too much and replace them with cheaper recent grads.

The newer coders won't be able to elicit the proper requirements from the clients or know how best to implement the poor requirements they got. But hey, that's why we have beta testers.

23 posted on 07/20/2024 9:37:56 AM PDT by who_would_fardels_bear (Kafka was an optimist.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: ransomnote

Doesn’t this explain what a complete crap-show our supposed awesome technology is? 1 security update from a single company can take down so much stuff around the globe. Horrible.


24 posted on 07/20/2024 9:43:43 AM PDT by vpintheak (Sometimes you’re the windshield, sometimes you’re the bug. )
[ Post Reply | Private Reply | To 1 | View Replies]

To: who_would_fardels_bear

I never said that. Try actually READING.


25 posted on 07/20/2024 9:44:25 AM PDT by discostu (like a dog being shown a card trick)
[ Post Reply | Private Reply | To 23 | View Replies]

To: ransomnote

This is Geek to me. 🫤


26 posted on 07/20/2024 9:52:33 AM PDT by sauropod ("This is a time when people reveal themselves for who they are." James O'Keefe Ne supra crepidam)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jonty30

Nope. That’s binary. DEI loves non-binary. They apparently fly use hexadecimal. They forgot to carry the 16.


27 posted on 07/20/2024 10:03:17 AM PDT by gas_dr (Conditions of Socratic debate: Intelligence, Candor, and Good Will)
[ Post Reply | Private Reply | To 5 | View Replies]

To: discostu
The real question is why are they using C++?

Because that is all you have when you are working with kernel-mode and boot-time drivers in Windows.

BTW, you can make the exact same class of error in other program languages too.

Automated code inspection tools improve the odds of catching errors, but they are not foolproof.

Automated unit testing improves the odds of catching errors, but it is not foolproof either.

The big failure was not testing this update with a variety of Windows systems, and not rolling out a sample population of the user base before a general distribution.

28 posted on 07/20/2024 10:21:32 AM PDT by flamberge (A storm is coming)
[ Post Reply | Private Reply | To 17 | View Replies]

To: discostu

“whose entire professional career has been in C#”

Doesn’t c# run slower? Also I’d say that anytime you use new or malloc, you’d better check for a null result.


29 posted on 07/20/2024 10:32:13 AM PDT by cymbeline (we saw men break out of a concentration camp.”)
[ Post Reply | Private Reply | To 17 | View Replies]

To: flamberge

This is amateur hour. For something so critical as a kernel module/driver, it would mean that code reviews failed, static analysis tools weren’t used, their DevOps pipeline and test suite failed to catch this, nobody ran any manual tests, etc..

So, at what point do you wonder about sabotage? If it isn’t, then it’s a very sorry state of affairs at MS. For a KERNEL MODULE!

Given the scale of this, I believe an investigation is warranted. I’d put money on sabotage.

Unfortunately, I got caught up in it - I had a two-week business trip with a flight home yesterday, I woke to the news of this issue and the problems banks & airlines were having. Typical! Of course my flight was delayed, then delayed, then delayed, with me finally getting home at 3:30am.

Sigh.


30 posted on 07/20/2024 10:39:37 AM PDT by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 28 | View Replies]

To: discostu

It’s legacy, just like Linux there’s few options for kernel programming. For Linux, it’s straight C...with Rust becoming a recent option, nothing else.


31 posted on 07/20/2024 10:41:09 AM PDT by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 17 | View Replies]

To: vpintheak

IT is not magic.

At the end of the day human error (or active or passive sabotage) can make it crash and burn.

Passive sabotage is when somebody sees that something is wrong and decides to keep their mouths shut and do nothing about it.

It is highly effective and almost impossible to catch.


32 posted on 07/20/2024 10:45:49 AM PDT by cgbg ("Our democracy" = Their Kleptocracy)
[ Post Reply | Private Reply | To 24 | View Replies]

To: ransomnote

Do today’s programmers even desk-test their own code? In the early days, the programmer was expected to have a stub app on his machine wherein he crafted the code with all the requisite inputs and outputs including all headers and library linkage (to eliminate naming collisions), compiled, linked and TESTED (bounds checks, min/max parameters, unterminated strings, etc.) before submitting it to the dogfood repository. There it was given the evil eye by several highly-paid (and super-stressed) mercenaries, then compiled and linked into the dogfood testbox where it was given a fairly thorough hands-on BEFORE it was even NOMINATED for the production build. It would have to pass a couple of code reviews AND a functionality review before being piped into production. Each line of code had about ten sets of eyes on it before a customer was allowed to test it. But that was then (the 1990’s), and this is now.


33 posted on 07/20/2024 11:23:28 AM PDT by Montana_Sam (Truth lives.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: cymbeline
Doesn’t C# run slower?

Not necessarily. The C# Just-in-time translation is remarkably efficient.

Yes, I have done timing tests on some complex algorithms that were implemented in both C# and C++. They ran at approximately the same rate.

I would say one had better check for a null pointer anytime a class pointer gets passed along to another method. Then provide some reasonable error message and a suitable fallback that does not cause a crash.

That is pretty hard to do and even harder to test and see if it works. That is why it is seldom done.

34 posted on 07/20/2024 11:38:49 AM PDT by flamberge (A storm is coming)
[ Post Reply | Private Reply | To 29 | View Replies]

To: tarpit

Csgent must be some service running in kernel..


35 posted on 07/20/2024 11:41:24 AM PDT by RitchieAprile (available monkeys looking for the change..)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ransomnote

Dividing by zero works!


36 posted on 07/20/2024 11:42:06 AM PDT by dynachrome (Auslander Raus!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: fuzzylogic
So, at what point do you wonder about sabotage? If it isn’t, then it’s a very sorry state of affairs at MS. For a KERNEL MODULE!

This was not a problem from Microsoft. It was a problem from the Crowd Strike company.

This was an organizational and management problem, not sabotage. They released an insufficiently tested version of their computer security product on their entire customer base at the same time. You never do that.

They won't do that again. Most likely they will go out of business and cannot do that again.

37 posted on 07/20/2024 11:52:51 AM PDT by flamberge (A storm is coming)
[ Post Reply | Private Reply | To 30 | View Replies]

To: UCANSEE2

sye, sti termxyeel imoptrnta


38 posted on 07/20/2024 12:03:03 PM PDT by motor_racer ("Show me the man and I'll show you the crime" - Lavrentiy Beria, J. Stalin Deputy Premier)
[ Post Reply | Private Reply | To 14 | View Replies]

To: flamberge

ok, sure Crowd Strike, not MS.

That said, it’s so amateurish I have to question that it could be sabotage. We don’t know it wasn’t.

I’m a software architect and manager responsible for safety critical software systems, I’m well aware of release tools and processes.


39 posted on 07/20/2024 12:21:36 PM PDT by fuzzylogic (welfare state = sharing of poor moral choices among everybody)
[ Post Reply | Private Reply | To 37 | View Replies]

To: ransomnote
 
 
This appeared yesterday
 
 
 
Got this today
 
 
Brown is kinda down, heard things about the post office too
 
 

40 posted on 07/20/2024 12:30:05 PM PDT by lapsus calami (What's that stink? Code Pink ! ! And their buddy Murtha, too!)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-64 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson