CrowdStrike broke Debian and Rocky Linux months ago

Original Article ↗ Hacker News Discussion ↗

Earlier Linux Breakages and Testing Gaps

  • Commenters link April incidents where CrowdStrike updates crashed Debian, Rocky, and RHEL/derivatives, sometimes causing boot loops until the agent was disabled or reconfigured (e.g., switching from eBPF to kernel mode).
  • Some note configurations were advertised as “supported” but weren’t in the test matrix; this is described as at least negligent and possibly close to fraudulent.
  • Others mention a separate Windows DLL-injection feature, stressing it’s opt‑in, heavily warned about, and not comparable to the recent mandatory sensor failures.

Liability, Incentives, and “Why Test?”

  • Several argue CrowdStrike has weak incentives to invest in QA: sales are driven by compliance checklists, not technical merit.
  • One view: testing “should” be rigorous but won’t be if it harms margins; costs and damage are largely externalized to customers.
  • Some call for legal limits on liability waivers and stronger regulatory or financial penalties for failures.

What CrowdStrike / EDR Does and Why Orgs Buy It

  • Described as an AV/EDR platform whose real value is:
    • Getting security/compliance/legal sign‑off.
    • Centralized deployment/management across large fleets.
    • Providing plausible deniability for executives (“we installed the industry tool”).
  • Effectiveness at actually stopping attacks is questioned; suggested to be hard to measure and possibly security theater.

Security vs Availability and “Malware” Analogies

  • Several criticize EDR agents as effectively malware: kernel‑level hooks, remote command/control, large data exfiltration, and potential to brick fleets.
  • Security teams are seen as trading away availability (and some confidentiality) for perceived integrity and audit comfort.

Why Linux Impact Was Smaller

  • Fewer orgs install such agents on Linux; some admin teams quietly avoid or sandbox them.
  • Linux admins are perceived as more able to diagnose and remove a bad agent quickly.
  • Windows incidents draw mass‑media attention because of the much larger enterprise install base and visible outages (e.g., airlines).

Product Quality, QA, and Economic Structures

  • Broader lament about declining QA across industries (software, aviation), driven by profit optimization and short‑term management incentives.
  • Managers can gain career credit for risky shortcuts long before failures surface.

Open Source vs Corporate Software Robustness

  • Many see OSS/Linux as more robust despite being “lashed together,” attributing this to:
    • Public code visibility and embarrassment as a quality driver.
    • Passion and pride among maintainers.
    • Strong testing cultures in many projects.
  • Counterpoints:
    • Major OSS failures (Heartbleed, Log4Shell) show it’s not inherently safer.
    • Much OSS is funded and hardened by large corporations.
    • Linux userland and desktop stacks can be fragile; Windows is praised by some for surviving massive real‑world abuse.

Compliance, Monoculture, and Vendor Power

  • Compliance pressure is seen as pushing enterprises toward a tiny set of OSes and security vendors, reinforcing monoculture risk.
  • Some predict only one “acceptable” enterprise Linux flavor will remain under regulatory regimes.

Privacy and Workplace Monitoring

  • CrowdStrike and similar tools are experienced as keyloggers/activity monitors.
  • One stance: don’t do personal tasks on employer devices; they’re legitimately monitored.
  • Others say this doesn’t excuse pervasive spyware and that it should still be called out.

Brand Protection and Public Perception

  • Discussion of “.sucks” domains and preemptive registration (including derogatory variants) as evidence of marketing/PR focus.
  • Some speculate earlier Linux issues stayed small because media didn’t consider them newsworthy until airline‑scale disruption appeared.