Article <Y9GdnZjCkY5HEjn7nZ2dnZfqnPidnZ2d@earthlink.com>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <Y9GdnZjCkY5HEjn7nZ2dnZfqnPidnZ2d@earthlink.com>

Deutsch English Français Italiano

<Y9GdnZjCkY5HEjn7nZ2dnZfqnPidnZ2d@earthlink.com>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!local-2.nntp.ord.giganews.com!Xl.tags.giganews.com!local-4.nntp.ord.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Sat, 27 Jul 2024 06:12:42 +0000
Subject: Re: Crowdstrike fiasco
Newsgroups: comp.os.linux.misc
References: <v7dbfl$2u3ri$1@dont-email.me>
 <14650d94-4742-6c3f-9c73-33e7468106c5@example.net>
 <v7gevu$p388$1@matrix.hispagatos.org> <v7gn63$3jnfn$2@dont-email.me>
 <v7gtpi$3kqj0$1@dont-email.me>
From: "186282@ud0s4.net" <186283@ud0s4.net>
Organization: vector apex
Date: Sat, 27 Jul 2024 02:12:41 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <v7gtpi$3kqj0$1@dont-email.me>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Message-ID: <Y9GdnZjCkY5HEjn7nZ2dnZfqnPidnZ2d@earthlink.com>
Lines: 89
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 99.101.150.97
X-Trace: sv3-qY6o1P03k88UV4L4MU6lds18cDYEvEmbjnmRUTGo6X/6o8nWo+eOCM3TwHxTDfx6Gor7xMqPraUz+5b!yhez1F4jHhNiX9oJBQQc6rZyj9lj/O5i4/o+aSTrouZSmn+Q3SiOn+IGQHq/i9qImbPO5zTrJmJR!NZySVyR8xvbhWLTvbaA9
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
Bytes: 5440

On 7/20/24 1:57 PM, Rich wrote:
> The Natural Philosopher <tnp@invalid.invalid> wrote:
>> On 20/07/2024 14:44, rek2 hispagatos wrote:
>>> On 2024-07-19, D <nospam@example.net> wrote:
>>>>
>>>>
>>>> On Fri, 19 Jul 2024, Woozy Song wrote:
>>>>
>>>>> Curiously, when I made a post to Reddit linux group, it got deleted
>>>>> immediately. I thought they would be gloating that Windows got shafted.
>>>>>
>>>>
>>>> I'm gloating! I repeatedly tell a potential customer to change from
>>>> windows, and I think so far they asked me for an offer and an opinion 3
>>>> times (they had 3 security incidents), and yet they have never purchased
>>>> my services and they keep running into these problems. I'm gloating so
>>>> much. Sadly I don't think they will ever switch from their beloved
>>>> Microsoft though.
>>>>
>>>> I do use them often as an example of what happens if you have a crappy
>>>> IT-manager so I do derive benefits from their incompetence though! =)
>>>>
>>>
>>>
>>> +1 I hope this serves as a lesson.
>>
>> No, it wont.
>>
>> You dont understan middle management in a company.
>> The IT managers career is best served by spending shitloads of money
>> with a company like crowdstrike which offers impressive legal guarantees
>> in its contracts.
>> Not by implementing a policy with some 'nerdy operating system' that his
>> boss doesn't know how to use. And developing an IT department to service
>> and support it.
> 
> You can tell those who have never worked with/in/near a large corporate
> bureaucracy or govt bureaucracy IT department.  Those who have never
> seen behind the curtain believe this will result in some kind of
> change.
> 
> Those who have (and it does appear you have) recognize crowdstrike for
> what it really is (hint, it is not for "securing" the endpoint systems
> -- that is, at best, a secondary outcome).  Crowdstrike's real purpose
> is to provide the IT bureaucracy with "risk insurance" (i.e.,
> Crowdstrike is really an "insurance plan", even if not presented that
> way) such that the IT folk can check a checkbox on their quarterly
> security audit forms that indicates they have "security scanning
> software" installed.  It additionally provides those same IT
> bureaucracy folks with a CYA such that if they happen to be
> hacked/exploited, they can CYA and shift blame to Crowdstrike and away
> from themselves.
> 
> Any "security" Crowdstrike provides is secondary to this main purpose,
> that of being an "insurance plan" onto which the IT bureaucracy members
> can shift blame should some hack occur.
> 
> So in the end, because the next quarters audit's checkboxes will still
> require "security scanning software" be installed, when next quarter
> arrives, and those forms get filled out again, Crowdstrike will still
> be installed, so those IT folks can check the "blame shifting checkbox"
> on the audit form and magically become "secure" for another quarter.


   The M$-suckers who replaced me after I retired were of
   exactly that mentality. Wonderful cloud stuff AND the
   providers offer such WONDERFUL guarentees ! All the
   modern boxes checked - "Ain't OUR fault !".

   Control, real 'security', comprehension, totally out the
   window (ha ha). Shit, they could barely even program five
   lines of Python and 'C' source  may as well be writ
   in hieroglyphics.

   Dunno if the CS fiasco screwed them ... I'll have to find
   a reason to call and see. There IS a certain satisfaction
   in "TOLD ya so !"  :-)

   And if it wasn't CS last week it'll be something ELSE
   next week. Their boxes WILL lock, their 'cloud' WILL
   dissipate. It is clear that bad actors can get into
   most ANYTHING 'cloudy' these days. Just a matter of time.
   Tick, tick, tick ...........

   HOME-hosted data/backups/vital-apps/firewalls centered
   on Unix/Linux boxes is STILL the best way to go. Save
   the 'cloud' for like aux backups (and pre-encrypt as
   you should give more faith to UFO Butt-Prober testimony
   than their promises to keep yer data confidential).