SRE Weekly - SRE Weekly Issue #436
View on sreweekly.com
As we can see from the above, any reliability problem like this invalid memory access issue can lead to widespread availability issues when not combined with safe deployment practices.
This analysis from Microsoft starts off by examining crash dumps from the incident that were voluntarily submitted by Windows users. Then they explain why security vendors like CrowdStrike might choose to operate in kernel mode, the inherent risks, and alternative options they could use instead.
Microsoft
This is CrowdStrike's initial technical analysis posted shortly after the incident, which I shared here previously. I'm linking to it again to highlight an apparent contradiction with the analysis from Microsoft as to whether the CrowdStrike component involved was a kernel driver:
Although Channel Files end with the SYS extension, they are not kernel drivers.
I'm guessing the technical resolution to this apparent contradiction is that the channel files are merely data files and not kernel drivers, whereas the thing that processes the channel files is in fact a kernel driver. To me this seems like a needless clarification that was highly likely to mislead readers into thinking that kernel drivers were not at play, which is exactly how I interpreted it at the time.
CrowdStrike
Here's a summary and opinion piece on Microsoft's analysis article, including more on the trade-off of vendors running code in kernel mode.
Thom Holwerda — OSNews
The challenge is, how do you formulate the right free-text representation of your system to get a useful answer out of an LLM?
Amir Krayden — DevOps.com
Will artfully uses a refrigeration-based metaphor to discuss creating a blameless culture. Trust me, it works.
Will Gallego
These folks wanted to allow log lines greater than 128 bytes in their observability product, but their data store made that tricky. They used bloom filters and other techniques to achieve acceptable performance.
Nathan Ostgard and Javier Schoijet — Embrace
It turns out sending texts and making phone calls automatically is really hard, and many assumptions you might make turn out to be wrong.
Leo Sjöberg — incident.io
Wow, I had no idea Systemd could limit a program's ability to access certain IPs. This one's worth a read to save you from hair-pulling if you ever run into this.
rachelbythebay
|
Older messages
SRE Weekly Issue #435
Monday, July 29, 2024
View on sreweekly.com A message from our sponsor, FireHydrant: We've gone all out on our new integration with Microsoft Teams. If you're a MS Teams user, FireHydrant now supports the most
SRE Weekly Issue #434
Monday, July 22, 2024
View on sreweekly.com A message from our sponsor, FireHydrant: We've gone all out on our new integration with Microsoft Teams. If you're a MS Teams user, FireHydrant now supports the most
SRE Weekly Issue #433
Monday, July 15, 2024
View on sreweekly.com A message from our sponsor, FireHydrant: We've gone all out on our new integration with Microsoft Teams. If you're a MS Teams user, FireHydrant now supports the most
SRE Weekly Issue #432
Monday, July 8, 2024
View on sreweekly.com A message from our sponsor, FireHydrant: We've gone all out on our new integration with Microsoft Teams. If you're a MS Teams user, FireHydrant now supports the most
SRE Weekly Issue #431
Monday, July 1, 2024
View on sreweekly.com A message from our sponsor, FireHydrant: We've gone all out on our new integration with Microsoft Teams. If you're a MS Teams user, FireHydrant now supports the most
You Might Also Like
JSter #227 - Libraries and more
Tuesday, September 17, 2024
With JavaScript, there's always a thing that you don't see coming. I have just a couple of quick things to mention: 1. there's a petition to free JavaScript from its trademark to allow free
New Blogs on ThomasMaurer.ch for 09/17/2024
Tuesday, September 17, 2024
View this email in your browser Thomas Maurer Cloud & Datacenter Update This is the update for blog posts on ThomasMaurer.ch. Remote Desktop Connection (RDP) to Azure Arc-enabled Windows Server
An executive’s guide to implementing generative AI
Tuesday, September 17, 2024
Get a step-by-step guide to generative AI implementation so you can put the technology to work. ㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤㅤ What are you trying to
Even Flow
Monday, September 16, 2024
Brexit 2, Custom Drinks, For-Profit OpenAI, Amazon Bloat, Apple OS Day… Even Flow Brexit 2, Custom Drinks, For-Profit OpenAI, Amazon Bloat, Apple OS Day… By MG Siegler • 16 Sept 2024 View in browser
🕹️ That One Time Apple Made a Console — Analog Computers Are Coming Back
Monday, September 16, 2024
Also: The PlayStation 5 Pro is a Bargain, and More! How-To Geek Logo September 16, 2024 Did You Know Rats, mice, and other rodents communicate not just in the range of sound frequencies humans can hear
[AI Incubator] Fall enrollment is now open 🍁🎓
Monday, September 16, 2024
NEW: We're adding more live coaching sessions
Deepdive – Competitive Analysis
Monday, September 16, 2024
As a Product Manager, staying ahead of the competition isn't just an advantage—it's a necessity.
Daily Coding Problem: Problem #1558 [Easy]
Monday, September 16, 2024
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Twitter. A classroom consists of N students, whose friendships can be represented in an
When Logs and metrics aren't enough: Discovering Modern Observability
Monday, September 16, 2024
Let's return to the previous series and discuss the typical challenge of distributed systems: Observability. We'll continue to use managing a connection pool for database access as an example
The Art of finishing & The browser for research
Monday, September 16, 2024
A new deep dive about a new browser, track everything and understand your life, the story of Figma Sans, and a lot more in this week's issue of Creativerly. Creativerly The Art of finishing &