Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups: comp.os.vms
Subject: Re: Computing is Complex (was: Re: A meditation on the Antithesis of
 the VMS Ethos)
Date: Mon, 29 Jul 2024 21:36:37 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <v89215$ld7e$1@dont-email.me>
References: <rjlp9jlpbrokm8bpi915s43pidb52s7m9c@4ax.com>
	<v88hob$innj$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 29 Jul 2024 23:36:38 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="6078d3e18c99978c948f5799615335d3";
	logging-data="701678"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19+K7NVa/FZUywfjTrlrZhV"
User-Agent: Pan/0.159 (Vovchansk; )
Cancel-Lock: sha1:P0A5U76imsUK3VH2N59xFv4hz/U=
Bytes: 1826

On Mon, 29 Jul 2024 12:58:51 -0400, Stephen Hoffman wrote:

> ... with occasionally-intractable results. Such as trying to stuff a
> modern and robust password hash into an eight-byte field.

The Unix tradition of text-based config files (in this case, /etc/shadow) 
wins again.

> As for the referenced mess, CrowdStrike was basically testing in
> production, and seemingly lacked any sort of continuous integration ...

They advertise it as a positive point, that they can respond to new 
security threats faster than other companies--certainly faster than 
Microsoft.

And yes, they do it by cutting corners on testing. I’ve seen many other 
comments raising the hoary old “never implement new system changes on a 
Friday” meme ... but what happens if the malware writers release a zero-
day on a Friday?