and this is why we need to stop absolving *commercial* cybersecurity vendors of software quality concerns.
there should be multiple checks preventing this type of broken content in an update.
how did they allow it to ship to so many machines all at once?
@shortridge i mean it is their job to ship it as fast and as widely as possible... I understand the point but i feel like hitting on it is not that productive
@Di4na @shortridge As far as we can tell so far, the cause is a product update, not a detection/protection/signature update. An update that bootloops at least 50% of the systems it’s installed on should have been picked up through automated processes. They fucked up and they should be pilloried for it.
Edit: The update was a signature update, their signature updates use the .𝚜𝚢𝚜 extension. Rest of toot still applies: https://chaos.social/@gsuberland/112816214186574057
@Di4na lots of companies need to ship things fast and as widely as possible.
albeit, much fewer have the level of access into the system that EDR has (which would suggest investing in even more “ensure the software delivery behaves as intended” tooling).
regardless, this is why build checks, integration tests, staging environments, experiments, and other software quality tools/approaches exist.
@Di4na @shortridge Their first job is to “do no harm”.
@michaelgemar @shortridge i highly doubt that, because that is not even true of the medical profession. It is a useful fast quip and all, but reality is not that.
@Di4na @shortridge No, seriously, if your product is supposed to protect computers and it takes them down instead, you have failed at the most basic level.
@michaelgemar @shortridge once again i get the feeling but it is not really how it works in complex systems
@Di4na @shortridge So you’re saying they a) shouldn’t have done basic testing of the final update before pushing it out, b) done the roll-out in stages, monitoring the results, c) more generally designed their update system such that update errors were recoverable and did not take down machines and require physical access to mitigate?
@michaelgemar @shortridge nope. Because that is not what you talked about. But anyway