Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The industry couldn’t even prepare for a bad Crowdstrike update. And yet, it figured things out in a few days or so.

The ability to prepare for catastrophic scenarios is overestimated. The ability to survive them is underestimated.



This would be a lot worse than that. Crowdstrike was bad because everyone lets relatively untested code straight into the Windows kernel - i.e. known incompetence of approach. This would be bad despite massive care taken to have the right approach.


Yes, except there is no “massive care”. If people are OK to install other companies’ rootkits to their critical infrastructure, they will not care about anything else, too.


The massive care is the algorithm selection process, the careful implementations, and the long-term observation and correction of the performance of the algorithm implementations.


"Some people did X" !== "All people do X"


CS was a software update. RSA is baked into many silicon circuits and firmware ROMs.


Well, hardware is replaceable, too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: