Sky-Knight
Well-Known Member
- Reaction score
- 5,352
- Location
- Arizona
Note, Frank my be an idiot, but his stupidity can be contained given we learn from his stupidity and structure things to prevent it. Individuals do not behave stupidly because they are stupid most of the time. They behave stupidly because they lack something, knowledge, guidance, or incentive for example.
In the above example, that tower fell not because workers yanked all the bolts, but because a foreman running the crew failed to stop them from doing so. Why did the foreman not prevent that action? Probably because he was told to remove those bolts to make changes, and he likely lacked the experience to know this tall thing has wind stresses on it he's never directly experienced before. This is exactly the sort of place where someone in the field starts cursing the engineer for being stupid. This issue probably compresses into a tech vs designer conversation... but I digress.
Yes we can manage stupid. Anything else is not only irresponsible, but defeatist. And yes this effort is eternal, because there's always something we didn't plan for. That's why I always personally focus on visibility. The more vision I can grant the group, the more likely it is someone will see something that gets us collectively out of trouble! This is also the basis for information security.
www.crowdstrike.com
The really short version, they loaded a template designed to configure the Falcon Driver to manage an immediate threat, without testing it... Now... they claim they want to start testing it. Oy.... good process improvement, but lessons that are decades old!
But the final nail, CrowdStrike has failed to understand that there is no excuse for the Falcon Driver itself not to have the ability to fail gracefully. The remediation plan detailed in the above focuses on improvements to the build testing system, all of which are good. But they miss the final step, and in so doing once again announce their technology is not to be used nor trusted.
In the above example, that tower fell not because workers yanked all the bolts, but because a foreman running the crew failed to stop them from doing so. Why did the foreman not prevent that action? Probably because he was told to remove those bolts to make changes, and he likely lacked the experience to know this tall thing has wind stresses on it he's never directly experienced before. This is exactly the sort of place where someone in the field starts cursing the engineer for being stupid. This issue probably compresses into a tech vs designer conversation... but I digress.
Yes we can manage stupid. Anything else is not only irresponsible, but defeatist. And yes this effort is eternal, because there's always something we didn't plan for. That's why I always personally focus on visibility. The more vision I can grant the group, the more likely it is someone will see something that gets us collectively out of trouble! This is also the basis for information security.
Falcon Content Update Remediation and Guidance Hub | CrowdStrike
Access consolidated remediation and guidance resources for the CrowdStrike Falcon content update affecting Windows hosts.
www.crowdstrike.com
The really short version, they loaded a template designed to configure the Falcon Driver to manage an immediate threat, without testing it... Now... they claim they want to start testing it. Oy.... good process improvement, but lessons that are decades old!
But the final nail, CrowdStrike has failed to understand that there is no excuse for the Falcon Driver itself not to have the ability to fail gracefully. The remediation plan detailed in the above focuses on improvements to the build testing system, all of which are good. But they miss the final step, and in so doing once again announce their technology is not to be used nor trusted.
Last edited:
