-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
50 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| --- | ||
| title: "Linux Keeps the World Rolling" | ||
| date: 2024-07-20 12:00:00 | ||
| kind: article | ||
| image: header.jpg | ||
| description: "Our take on the CrowdStrike incident in July 2024 bringing down the global economy at once. And how we aim to reduce that risk in the future." | ||
| authors: [romangg] | ||
| --- | ||
| Yesterday, a small update to a central security component of many Windows client systems in corporate environments inflicted possibly the single biggest tech outage in history: it left millions, possibly tens of millions, of client systems in an unbootable state. | ||
|
|
||
| This led to major industries ceasing production, flights being canceled, and medical operations having to be rescheduled on an unprecedented and unimaginable scale. | ||
|
|
||
| We want to talk about the reasons and solutions from the viewpoint of Linux users, developers, and maintainers. | ||
|
|
||
| ## Comfortable Insecurity | ||
|
|
||
| The outage started with a pushed definitions update from CrowdStrike. How exactly this update propagated globally has yet to be reconstructed, but it must have happened quickly when work started in any region of the world. | ||
|
|
||
| We need to call it out as it is: the idea that you can simply install one additional highly independent — and by that, highly invasive — security software component to mitigate your key IT business risks is misguided. | ||
|
|
||
| Common security software suites like CrowdStrike are extremely invasive by design. They require full root or often even kernel-level access to operate effectively. This makes these programs high-risk. These are programs that can single-handedly disrupt millions of systems, as just demonstrated by CrowdStrike. | ||
|
|
||
| While corporations in the past often blindly trusted these additional helpers to mitigate the risks involved with running Microsoft Windows on client systems, we believe there are more effective and lower risk means of ensuring system integrity. | ||
|
|
||
| ## Technology Over Process | ||
|
|
||
| Corporate environments often focus a lot on process definitions, certificates, and other non-technical requirements. This leads to a mindset of *process over technology*. We need to reverse that! | ||
|
|
||
| Right now, in many old industries, the IT department is still seen primarily as a cost factor, something to outsource. These old industries need to grow up. Software today is a key business success factor. | ||
|
|
||
| Choosing, maintaining, and using the right software is an effort that must be steered together by professionals inside the companies that use it and by engineers at companies that provide this software. | ||
|
|
||
| The result will be that business processes are resolved automatically through the right usage of technologies, and not the technologies being deformed to fit an artificial process definition. | ||
|
|
||
| ## Atomic Power of the Rollback | ||
|
|
||
| Let's take one technology as an example for such a mindset that we at Manjaro are currently actively working on. Linux itself is already a highly dependable operating system used on billions of systems. We at Manjaro put a lot of effort into bringing this amazing technology to as many private users and businesses as possible. | ||
|
|
||
| We know that aspects like security and provisioning are important for businesses to choose Linux on their client systems. | ||
|
|
||
| For that reason, we are currently developing a new version of Manjaro, especially aimed at businesses, that gives them the most reliable and easily fleet-manageable solution possible: *Manjaro Immutable* — a declarative, immutable version of Manjaro with atomic updates. | ||
|
|
||
| This operating system gives the power back to your business: your IT division decides when to update which system. You decide if the update is functioning as you expect, roll it out now or later, or if you need to do a rollback. And such a rollback is doable with ease thanks to the atomic updates. | ||
|
|
||
| We also work on a fleet-management solution to provide modern tooling and interfaces for your IT experts. And the best thing: we are an open-source company. You can run it on your own systems, or let us host it for you. No lock-in. No suddenly pushed updates breaking your systems. | ||
|
|
||
| Instead, full control over *your systems* with the Manjaro company as a partner who will support you in the setup and maintenance of your Arch Linux/Manjaro-based client systems tailored to your exact requirements. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| * Photo by David Syphers | ||
| * Unsplash License | ||
| * [Link](https://unsplash.com/de/fotos/eine-luftaufnahme-eines-flughafens-mit-vielen-flugzeugen-9V1c_ghub40) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.