Gregory's ServerEvery so often some Linux guy replies to me saying ‘no critical infrastructure runs Windows’, so I just gotta say, today is education for you.
 71 comments
[DATA EXPUNGED]
 @GossiTheDog "No critical infrastructure I am willing to be responsible for runs Windows," is my own take on this. I've grappled my inner demons thank you very much.  I was ok supporting windows from 2000sp1 through about w2012. Sometime between 2008r2 and 2012 things started breaking. By 2016 it was broken.   @GossiTheDog everybody know that critical infrastructure runs on Solaris and OS/360.  @rotopenguin @GossiTheDog I'm glad that my new PiDP-11 will be arriving shortly and I can start on a Mastodon server entirely ported to Fortran-77 soon.   @spmatich @GossiTheDog just from the increase traffic of people talking about the issue  @GossiTheDog ‘no critical infrastructure managed by truly responsible persons runs Windows, in a meritorious world they would be running OS2’  @nrmacdonald @GossiTheDog ATMs running NT4 we’re quite stable and secure, for their time.  @GossiTheDog if they were capable of learning - much less intelligent thought - then they wouldn't be Linux reply guys.  I guess some people think “infrastructure” means only servers. Which, yeah, aren't running Windows and weren't affected by today's debacle (although they've had their moments). But servers aren't very useful by themselves. The whole point of servers is that you interact with them using some other device…which runs Windows, and is currently on fire.  @argv_minus_one @GossiTheDog there are *tons* of Windows servers out there, some orgs have nothing but Windows from the desktop to the data center. I personally think it's a mistake, especially when it's critical infrastructure, but then I think most Linux distributions aren't really up to the task, either  @GossiTheDog Well, if it runs Windwos, the people in charge clearly don't see it as critical? 🫠😬 Doesn't mean it's a crap day if it fails. My sympathy for them is small. I'm more worried about the people who's day got ruined through no fault of their own. @GossiTheDog oh don’t. They were saying that on Sky News, whilst listing critical stuff that was down… 😂 @swart no, 2024 - they’re usually young people. I think a generation has come through raised on Chromebooks, Macs and AWS and just don’t know people use Windows. @GossiTheDog oh my. I got over this once I saw StackOverflow scale like heck. I guess the youts think everything runs on phones and AWS now. @swart @GossiTheDog I find myself saying to people almost weekly these days: "You can't code your way out of layer 1".  @GossiTheDog No critical infrastructure should run 3rd party services that perform unsupervised automatic remote updates. The OS is irrelevant. Also, not every server needs to have ends point protection. (For example, the kiosk displaying arrivals and departures.) @tob almost all cyber insurance and regulatory standards say the exact opposite of your toot. @tob @GossiTheDog @ProfessorGumby @GossiTheDog What is the operational risk of a compromised arrivals kiosk? If an unauthorized user can gain critical access to your systems via your arrivals kiosk, your problem isn't going to be fixed by running a kernel level endpoint protection service. @tob @GossiTheDog if a malicious actor sets up camp on an unprotected endpoint, they can use that as a base of operations inside your enclave completely out of your visibility. From there they can do reconnaissance, data collection, exfiltration, etc. They can't do that from an appropriately protected endpoint. @ProfessorGumby @GossiTheDog We're just going to have to disagree. [Waves vaguely] There are obvious problems with your model of "maximum security on everything" that you don't seem to be grappling with. @ProfessorGumby @GossiTheDog Correct. Yes. You're so close to getting it.  @GossiTheDog If it wasn't for the fact that people are posting about it left and right, I'd have no idea this was even happening. None of the websites I go to are even down. I think "critical" might mean different things to different people. And hey, if you got "critical" infrastructure running on Windows, maybe the lesson today is yours :p @crazyeddie flights were grounded across the US, healthcare in the UK is impacted, TV channels were off air, ATMs were broken. 911 service was down in Alaska. credit card processing was down at lots of places (including the gas station chain I was at last night)  @crazyeddie @GossiTheDog i would consider flight infrastructure quite important but to each their own i guess  @crazyeddie @GossiTheDog Emergency call centers (911) were down in many places. If you don't call that "critical" then you're just trolling.  @GossiTheDog The way I usually phrase it is "if you need billable hours, you build it on Windows. If you need it to work, you build it on Debian." Today supports this theory. Industry went down because IT needed billable hours. @GossiTheDog we have maybe 115 Linux endpoints, but maybe 80,000 hosts overall. We are a hospital. @hudsoncress @GossiTheDog I've heard that hospitals are pretty tied to windows because of hardware drivers @synthfi @GossiTheDog every piece of equipment has a vendor and vendors always trend toward Microsoft for business reasons.  Unfortunately, true. I see that crap everywhere and I'm sure that most hackers go after MicroShit systems. I ran a computer shop for 12 years and will NEVER have a MS computer again. @GossiTheDog Not sure I’ve ever seen a dentist xray, automated IV drip, or even an oscilloscope boot with a Penguin logo and not a Windows one.  @GossiTheDog Agreed. Is there any ATM or cash register that doesn't run on windows? Certainly doesn't seem like it.  @fds @GossiTheDog which should be to the eternal shame of those who foisted such mediocrity upon us. @wiredog @GossiTheDog To be fair I am basing it on the ones that I see that have crashed or glitched which probably skews more towards Windows. Anyone who says 'critical doesn't run on Windows' is either full denial, or has never walked into a 30 year-old business of pretty much any sort. @GossiTheDog with the amount of additional svcs and infra needed to run windows, it’s an anti pattern. seeing how many orgs still operate this way, is genuinely disheartening.  @GossiTheDog no critical infrastructure “should” run windows. Lots of people make mistakes though 🤣 @zethtren @GossiTheDog nearly every single 'enterprise digital procurement officer', for example. One hopes they're all looking for a job on Monday. People seem to forget that having your "critical" Linux servers for your application up is completely useless if all your client workstations with the frontend used to interact with your server are all down.  @james @GossiTheDog although, to be fair, few people running Linux would ever even have heard of CrowdStrike, much less given it permission to replace parts of their system's kernel via an automated process. @GossiTheDog @stroughtonsmith we are still at only 50-something% back up. It is incredible to me how effective this was. I needed to register my car today and their systems were down. Something, something, single point of failure @GossiTheDog the worst thing you can say about those random 'Linux guys' is that they had an overly optimistic impression of the level of competence required to be an enterprise IT procurement officer. Because no competent person in that role would deploy Windows for anything even moderately critical. And yet, here we are.  @lightweight @GossiTheDog yeah this isn't quite the burn he thinks it is we have a lot of people in IT doing dumb shit, good to know  @GossiTheDog Once upon a time I climbed into the cockpit of a single engine aircraft. Among the dials and gauges were a couple that had Microsoft/Windows CE log's on their displays. I don't know if it is still the case, but a couple of decades ago direct recording voting machines often ran on Windows CE. @GossiTheDog @GossiTheDog reading these comments, I think people who spend lots of their time on the Internet (for work or social reasons, no shame) have a very different idea of what critical infrastructure is than what I interpret that phrase to mean. But SCADA systems and historians, in general, run on Windows. To me, critical infrastructure is *actual infrastructure*: Water. Power. Sewer. @GossiTheDog We solve this problem by not using CrowdStrike. (Actually, we’re gradually getting a bunch of stuff off Windows servers, too. Some of it shuts down next Thursday 🤞)   Correction: no critical infrastructure *should* run windows. But this once isn’t actually a windows problem, just a problem that happened to be on windows. |
