Tedium - Too Close To The Kernel 🍿

The user-freedom tension the CrowdStrike mess exposes.

Hunting for the end of the long tail • July 26, 2024

Too Close To The Kernel

The CrowdStrike mess points out just how close some developers get to the kernel—and efforts to lock things down will help highlight the tension between security and user choice.

Last week’s whole mess with CrowdStrike is fascinating to me, in part because it not only points at the way technology can screw up, but also at the obvious fix (albeit a somewhat painful one).

The problem: Applications are working too close to the kernel, raising the potential of an unprecedented safety risk or kernel panic.

Working close to the kernel is the bread and butter of peripheral manufacturers, who need their devices to more deeply support the operating system. (It’s also a fundamental technique used in the Hackintosh community, which builds kernel extensions, or kexts, to add support for hardware the Mac itself did not inherently support.)

It’s only in recent years that OS makers have realized that letting vendors work so close to the bone was a potential recipe for disaster. Apple in particular has put in a lot of work to replace kernel extension frameworks with stuff that works a bit closer to user space. (Remember the drama a couple years ago when Dropbox was slow to properly support Apple Silicon? This is a big reason why Dropbox was caught with its pants down.)

Is administrative technostress burning you out? The new Lumin Chrome extension cuts out the digital middlemen in your workflow. Edit, fill, print, send and sign PDFs—all from one tab. Chrome fans, click here to download for free.

While simplifying greatly, CrowdStrike’s Falcon Sensor software was built as a security tool that works at the kernel level, in part to mitigate the memory-hog reputation of earlier security tools. (Founder George Kurtz was reportedly inspired after seeing a man on a flight struggle with a slow-loading McAfee app; he worked as an exec for McAfee at the time.) CrowdStrike instead aims for maximum visibility by being as close to the kernel as possible.

After the whole mess with CrowdStrike blew up a week ago, Microsoft emphasized it wasn’t their fault, ultimately blaming two things: CrowdStrike, for its poor handling of updates, and the European Union, which created the opening for security vendors to work so close to the kernel.

Essentially, Microsoft’s argument is that it can’t lock down its kernel like Apple did because of a 2009 EU agreement that required Microsoft to maintain an API that other security vendors can use. In other words, in Microsoft’s telling, Crowdstrike exists because the EU created this rule.

At the Linux level, where you can generally do what you want with specific applications, the CrowdStrike thing has also come up. (As I noted on Mastodon last week, the optics look way worse for Microsoft, to the point where it may not even matter that this is a multi-platform problem. But hey, Linux is probably getting a BSoD of its own, so that might change.)

If the CrowdStrike mess leads to changes in our operating systems, kernels may become harder to pop, for reasons good and bad. (Christian Wiediger/Unsplash)

There are risks and frustrations created by pushing things that traditionally worked at the kernel level into user space, to be clear. In recent years, Apple has created a lot of busywork for users by requiring them to turn on permissions for literally every single thing that an extension does. It means reloading the tool more than once, just to get the app to work. Recently, when I log into my M1 MacBook Air, I occasionally have the permissions I’ve approved for my many apps disappear, only to return after an additional reboot. That wouldn’t happen if those extensions were working at the kernel level!

I think we’re going to see vendors harden their systems even further than they already were, and it’s already starting to show up in the Android space. Recently, Samsung began blocking sideloading of apps on its smartphones by default, making it part of a feature called Auto Blocker, which blocks numerous things that people have taken for granted, including the ability to do updates over USB. It has combined these functions with some security features, and requires you to turn those security features off to use sideloading.

“The Auto Blocker feature automatically blocks files downloaded from sources other than authorized stores, such as Galaxy Store or Play Store. If the app is determined to be safe, temporarily disable this feature and try again,” the company says in its FAQ.

We’ve already seen some knock-on effects from Samsung’s move. Epic Games, which has been working around App Stores wherever it can, announced Fortnite was leaving the Samsung Store in protest of this move, which obviously affects its app. (Side note: Hey Epic, can you please bring back Infinity Blade for those of us who don’t care about Fortnite? That was my favorite mobile game of all time, and I’ve been missing it for years. And no, it shouldn’t be the job of amateur developers to fix. It’s your IP. Thanks.)

To some degree, this debate over sideloading taps into the same well as CrowdStrike working so close to the kernel—essentially, platform developers want to rein in the software-makers that work too close to the bone, in part because the security issues reflect on them, not the developers. For most people, it will likely be the right move to lock these sorts of features down. But I can understand why software developers will be miffed that their drivers and extensions will offer a degraded experience in the long run.

But it may be the cost we’ll have to pay to ensure that our airports don’t randomly blue-screen-of-death on us one day.

Kerneled Links

Someday, Lego will convince me to spend way too much money on a Nintendo-related brick set.

If you haven’t been on the “Steamed Hams” area of YouTube lately, you’re missing out on one of the most fascinatingly artistic remix cultures online. Recently, someone made a version of “Steamed Hams” that is a pitch-perfect take on the ’50s cartoon Clutch Cargo—a show infamous for its limited animation style, including the use of human lips on the characters, a technology called Syncro-Vox.

Seeing Google ditch its plans to kill third-party cookies, something it has been trying to do for years, feels like an admission that inertia is the internet’s defining force. CNBC has a breakdown for folks who don’t know what a cookie is.

--

Find this one an interesting read? Share it with a pal!

And thanks to Lumin again for sponsoring! Check out their excellent PDF tool over this way.

Share this post:

follow on Twitter | privacy policy | advertise with us

Copyright © 2015-2024 Tedium, all rights reserved.

Disclosure: From time to time, we may use affiliate links in our content—but only when it makes sense. Promise.

unsubscribe from this list | view email in browser | sent with Email Octopus

Older messages

Linking Through Hoops 🔗

Tuesday, July 23, 2024

Sharing a link on LinkedIn shouldn't feel like magic. Here's a version for your browser. Hunting for the end of the long tail • July 23, 2024 Linking Through Hoops You would not believe the

Fill In The _____

Saturday, July 20, 2024

The man who helped develop some of our best brain games. Here's a version for your browser. Hunting for the end of the long tail • July 20, 2024 Hey all, Ernie here with an old friend making an

Reviewers Deserve Respect 👍👎

Friday, July 19, 2024

An audiophile conflict highlights an important point about reviews. Here's a version for your browser. Hunting for the end of the long tail • July 18, 2024 Reviewers Deserve Respect Manufacturers

Not So Tenacious 🙊

Wednesday, July 17, 2024

Seeing Tenacious D fall apart over one bad joke is sad. Here's a version for your browser. Hunting for the end of the long tail • July 16, 2024 Not So Tenacious The hiatus and possible breakup of

Never A Dull Moment 🔪

Saturday, July 13, 2024

How the steak knife sharpened back up. Here's a version for your browser. Hunting for the end of the long tail • July 13, 2024 Hey all, Ernie here with a refreshed piece about steak knives. Yes,

You Might Also Like

Kotlin Weekly #434

Sunday, November 24, 2024

ISSUE #434 24th of November 2024 Hi Kotliners! Next week is the last one to send a paper proposal for the KotlinConf. We hope to see you there next year. Announcements State of Kotlin Scripting 2024

Weekend Reading — More time to write

Sunday, November 24, 2024

More Time to Write A fully functional clock that ticks backwards, giving you more time to write. Tech Stuff Martijn Faassen (FWIW I don't know how to use any debugger other than console.log) People

🕹️ Retro Consoles Worth Collecting While You Still Can — Is Last Year's Flagship Phone Worth Your Money?

Saturday, November 23, 2024

Also: Best Outdoor Smart Plugs, and More! How-To Geek Logo November 23, 2024 Did You Know After the "flair" that servers wore—buttons and other adornments—was made the butt of a joke in the

JSK Daily for Nov 23, 2024

Saturday, November 23, 2024

JSK Daily for Nov 23, 2024 View this email in your browser A community curated daily e-mail of JavaScript news React E-Commerce App for Digital Products: Part 4 (Creating the Home Page) This component

Not Ready For The Camera 📸

Saturday, November 23, 2024

What (and who) video-based social media leaves out. Here's a version for your browser. Hunting for the end of the long tail • November 23, 2024 Not Ready For The Camera Why hasn't video

Daily Coding Problem: Problem #1617 [Easy]

Saturday, November 23, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Microsoft. You are given an string representing the initial conditions of some dominoes.

Ranked | The Tallest and Shortest Countries, by Average Height 📏

Saturday, November 23, 2024

These two maps compare the world's tallest countries, and the world's shortest countries, by average height. View Online | Subscribe | Download Our App TIME IS RUNNING OUT There's just 3

⚙️ Your own Personal AI Agent, for Everything

Saturday, November 23, 2024

November 23, 2024 | Read Online Subscribe | Advertise Good Morning. Welcome to this special edition of The Deep View, brought to you in collaboration with Convergence. Imagine if you had a digital

Educational Byte: Are Privacy Coins Like Monero and Zcash Legal?

Saturday, November 23, 2024

Top Tech Content sent at Noon! How the world collects web data Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, November 23, 2024? The HackerNoon

🐍 New Python tutorials on Real Python

Saturday, November 23, 2024

Hey there, There's always something going on over at Real Python as far as Python tutorials go. Here's what you may have missed this past week: Black Friday Giveaway @ Real Python This Black