>Apple has done a much better job with macOS in terms of security and performance.
I really like their corporate IT products that are going to push MS out as you say. I particularly love iActive Directory, iExchange, iSQLserver, iDynamics ERP, iTeams. Apples office products are the reason noone uses Excel any more. Their integration with their corporate cloud, iAzure is amazing. I love their server products in particular, it being so easy to spin up an ios server and have dfs filesharing, dns etc is great. MS must be quaking in their shoes
All of those are product that creates huge risks when deployed to mission critical environments and this is exactly the problem.
The entire wintel ecosystem depends on people putting their heads in the sand and repeating "nobody ever got fired for buying Microsoft/crowdstrike/IBM" and neglecting to run even the most trivial simulation of what happens when the very well understood design flaws of those platforms gets triggered by a QA department you have no control over drops the ball.
The problem is that as long as nobody dares recognizing that the current mono culture around the "market leading providers" this kind of event will remain really likely even if nobody is trying to break it and and extremely likely once you insert well funded malicious actors(ranging from bored teenagers to criminal gangs and geopolitical rivals).
The problem is that adding fair weather product that gives the illusion of control though fancy dashboards on the days they work is not really an substitute for proper reliance testing and security hardening but far less disruptive to companies that don't really want to leave the 90ies PC metaphor behind.
You have 100,000 devices to manage. How do you handle that efficiently without creating a monoculture?
It's not a "90ies PC metaphor" problem. Swap Chromebooks for PCs and you still have the problem-- how do you handle centralized management of that "fleet"?
Should every employee "bring their own device" leaving corporate IT "hands-off"? There are still monocultures within that world.
Poor quality assurance on the part of software providers is the root cause. The monocultures and having software that treats the symptoms of bad computing metaphors aren't good either, but bad software quality assurance is the reason this happened today.
> Swap Chromebooks for PCs and you still have the problem-- how do you handle centralized management of that "fleet"?
Simplicity (and hence low cost) of fleet management, OS boot-verification, no third-party kernel updates, and A/B partitions for OS updates are among the major selling points of Chromebooks.
It's a big reason they have become so ubiquitous in primary education, where there is such a limited budget that there's no way they could hire a security engineer.
The OP was deriding monoculture. My point was that pushing out only Chromebooks is still perpetuating a monoculture. You're just shifting your risk over to Google instead of Crowdstrike / Microsoft.
re: Chromebooks themselves - The execution is really, really good. The need for legacy software compatibility limits their corporate penetration. I've done enough "power washes" to know that they're not foolproof, though.
ChromeOS is just Linux, isn't it? It's going to suffer from the same problem as NT re: a buggy kernel mode driver tanking the entire OS.
Google gets a pass because their Customers are okay with devices with limited general purpose ability. Google is big enough that the market molds product offerings to the ChromeOS limitations. I think MSFT suffers from trying to please everybody whereas Google is okay with gaining market share by usurping the market norms over a period of years.
> ChromeOS is just Linux, isn't it? It's going to suffer from the same problem as NT re: a buggy kernel mode driver tanking the entire OS.
ChromeOS is not just Linux. It uses the Linux kernel and several subsystems (while eschewing others), but it also has a security and update model that prevents third parties (or even the user themselves) from updating kernel space code and the OS's user space code, so basically any code that ships with the OS.
Therefore, the particular way that the Crowdstrike failure happened can't happen on ChromeOS.
However, Google themselves could push a breaking change to ChromeOS. That, however would be no different than Apple or Microsoft doing the same with their OS's.
I am familiar with Google's walled garden w/ ChromeOS. I didn't mean to give the impression that I was not.
It's "just Linux" in the sense that it has the same Boolean kernel mode/user mode separation that NT has. ChromeOS doesn't take advantage of the other processor protection rings, for example. A bad kernel driver can crash ChromeOS just as easily as NT can be crashed.
Hopefully Google just doesn't push bad kernel drivers. Crowdstrike can't, of course, because of the walled garden. That also means you can't add a kernel driver for useful hardware, either. That limits the usefulness of ChromeOS devices for general purpose tasks.
> That also means you can't add a kernel driver for useful hardware, either. That limits the usefulness of ChromeOS devices for general purpose tasks.
It's target market isn't niche hardware but rather the plethora of use cases that use bog standard hardware, much like many of the use cases that CS broke a few days ago.
Yes. I said that in a post up-thread. Google is making the market mold itself to their offering, rather than being like Microsoft and molding their offering to the market. Google is content to grow their market share that way.
If crowdsource QA department is all that stands between you and days of no operations then you chose to live with the near certainty that you will have days rather then hours of unplanned company wide downtime.
And if you cannot actually abandon someone like microsoft that consistantly screws up their QA then it's basically dishonest for you to claim that reliability is even a concern for your desktop platform.
And that's essentially what i say when i accuse the modern enterprise it's client device teams of being stuck in the 90ies as those risk were totally acceptable back when the stakes were low and outages only impacted non time critical back office clerical work. but what we saw today was that those high risk cost optimized systems got deployed into roles where the risk/consequence profile is entirely different.
So what you do is that you keep the low impact data entry clerks and spreadsheet wranglers on the windows platform but threat the customer facing workers dealing with time sensitive task something a bit less risky.
It's might not be as easy as just deploying the same old platform designed back in the 90ies to everyone but once you leave the Microsoft ecosystem dual sourcing based on open standards become totally feasible, at costs that might not be prohibitive as everything in the unix like ecosystem including web browsers have multiple independent implementations so you basically just have to standardize of 2-4 rather then one platform which again isnt unfeasible.
It's telling that an Azure region failed this news cycle without anyone noticing because companies just don't tolerate the kind of risk people takes with their wintel desktop for their backends so most critical services hosted in microsofts Iowa datacenter had and second site on standby.
>And if you cannot actually abandon someone like microsoft that consistantly screws up their QA
The last outage I can remember due to an ms update was 7 or 8 years ago. Desktops got stuck on 'update 100% complete'. After a couple of minutes I pressed ctrl+alt+del and it cleared. Before that...I don't remember. Btw MS provides excellent tools to manage updates, and you can apply them on a rolling basis.
> If crowdsource QA department is all that stands between you and days of no operations ...
For companies of a certain large size, I guess. For all but the largest companies, though, there's no choice but to outsource software risks to software manufacturers. The idea that every company is going to shoulder the burden of maintaining their own software is ridiculous. Companies use off-the-shelf software because it makes good financial sense.
> And if you cannot actually abandon someone like microsoft that consistantly screws up their QA then it's basically dishonest for you to claim that reliability is even a concern for your desktop platform.
When a company has significant software assets tied to a Microsoft platform there's no alternative. A company is going to use the software that best-suits their needs. Platform is a consideration, however I've never seen it be the dominant consideration.
Today's issue isn't a Microsoft problem. The blame rests squarely on Crowdstrike and their inability to do QA. The culture of allowing "security software" to automatically update is bad, but Crowdstrike threw the lit match into that tinderbox by pushing out this update globally.
As another comment points out, Microsoft has good tools for rolling update releases for corporate environments. They're not perfect but they're not terrible either.
> It's might not be as easy as just deploying the same old platform ...
When a company doesn't control their software platform they don't have this choice. Off-the-shelf software is going to dictate this.
In some fantasy world where every application is web-based and legacy code is all gone maybe that's a possibility. I have yet to work in that environment. Companies aren't maintaining the "wintel desktop" because they want to.
Blaming crowdstikes QA might feel good but the problem is that no company in the history of the world have been good enough at QA for it not to be reckless to allow day one patching of critical systems, or for that matter to allow single vendor, single design, critical systems in the first place. and yet the cyber security guidelines required to allow the pretense that windows can be used securely all but demand that companies take that risk.
It's also fundamentally a problem of Danial, everyone knows there will not be an good solution to any issue around security and stability that does not require that the assets tied up inside fragile monopoly operated ecosystems to be eventually either extracted or written off but nobody want to blaze new trails.
Claiming powerlessness is just lazy yes it might take an decade to get out from under the yokel of an abusive vendor, we saw this with IBM, but as IBM is now an footnote in the history of computing it's pretty clear that it can be done once people start realizing there is an systematic problem and not just a serious of one-off mistakes.
And we know how to design reliable systems, it's just that doing so is completely incompatible with allowing any of America's Big IT Vendors to remain big and profitable, and thats scary to every institution involved in the current market.
To be fair, IBM products back in the day when that saying made sense never had these kinds of problems. It's straight up insulting to compare them to somebody like Crowdstrike.
Wintel won by being cheaper and shittier and getting a critical mass of fly by night OEMs and software vendors on board.
IBM was more analogous to the way Apple handles things. Heavy vertical integration and premium price point with a select few software and hardware vendors working very closely with IBM when software and hardware analogous to Crowdstrike in terms of access was created.
> I really like their corporate IT products that are going to push MS out as you say. I particularly love iActive Directory, iExchange, iSQLserver, iDynamics ERP, iTeams.
You’re being sarcastic, but do you like those MS products, specifically Teams?
I genuinely believe that any business that doesn’t make Teams is doing the lords work.
I'm stuck with them on my company Macbook and will definitely say, they suck.
In the 5 years I've been here, Outlook has never addressed this bug (not even sure they consider it a bug): Get an invitation to an event. See it on calendar view. Respond to it on calendar view. Go to inbox. Unread invitation is sitting there in your inbox requesting a response.
I don't even need to talk about why Teams is trash. Terrible design is in Teams's DNA.
In enterprise software, you don't need to be good. Just better than your competitors. I distinctly remember doing a happy jig about 6 years ago when we moved from Skype for Business (shudder) to Teams. Did teams drive me nuts? Absolutely. But I was free from the particular hell of SFB.
TBF I have less experience with Dynamics than the others, but yes they are all excellent.
I include Teams in that. I don't think there is another app on the market that does what Teams does. Integrated video conferencing, messaging, and file sharing in one place. All free with the office package my team already use and fully integrated with Azure AD for sso. I use it all day with zero problems. I honestly can't see why anyone would use anything else
The fact Apple is not trying to be a tentacular behemoth syphoning profits in every enterprise environment does not invalidate the fact macOS is secure and performant.
Apple is a tentacular behemoth in the consumer space.
Not a single statement you purport as "fact" has been true cross large scale deployments in my experience. Especially the first part which tells me you have not experienced working with them as a supplier. I think you mean in your opinion or experience, but please don't attribute wishful thinking to factual statements. It derails objectivity and discussions.
As ridiculous as it sounds, this does work on a subset of the machines affected based on my experience of the last few hours. With other machines you can seemingly reboot endlessly with no effect.
Dynamics, Teams, Exchange, Active Directory all suck. There are better alternatives but CIOs are stuck in 1996. Apple themselves in their corporate IT environment use none of those things yet somehow are one of the biggest and most profitable companies in the world. Azure is garbage compared to AWS. Using Azure Blob vs S3 is a nightmare. MSSQL is garbage compared to PostgreSQL. Slack is vastly better than Teams in literally every aspect. I just did a project moving a company from AWS to Azure and it was simply atrocious. Nobody at the user level likes using MS products if they have experience using non-MS products. It’s like Bitbucket — nobody uses that by choice.
You got to admire Apple fanboy's nerve to say Apple is a better company when it comes to IT in a professional setting.
It appears whatever their basic and narrow use-case is becomes what the whole "corporate IT" is.
Windows sucks and recently Microsoft has been on a path to make it suck more, but saying Apple is better for this part of the IT universe is.. hilarious.
I think if someone wants to criticize Microsoft after experiencing their buggy products for 20 years straight, that is not “baseless,” although I accept that taking responsibility for literally anything our products do goes against the core values of our profession.
The do have some crappy products, but those crappy products make the world move, because nobody really makes better drop in replacement products, same as SAP, Canonical, Android, etc, none of them are fault tolerant, they all have issues and will fail if you fuzz them with enough edge cases, and according to this article CroudStrike caused the issue, not Windows which is what I was pointing at.
Do you think MacOS can't fail if you fuck with it long enough? Sometimes you don't even have to, it just fails by itself. My Ubuntu 22.04 LTS at my previous job gave me more issues than Windows ever did. Thanks Snaps, Wayland and APT. No workstation OS is perfect.
If you want a fault tolerant OS you're gonna have to roll out your own Linux/BSD build based on your requirements and do your own dev and testing. Which company has money for that? So of course they're gonna pick an off-the-shelf solution that best fits their needs on the budget. How is this Microsoft's fault what their customers choose to do with it? Did they guarantee anywhere their desktop OS os fault tolerant should be used in high availability systems and emergency services, especially with crappy endpoint solutions hooked at kernel level?
lol. i’ll dunk on Apple as much as i’ll dunk on any other OS, but they wouldn’t be as praised for security if they had to manage the infrastructure and users that Windows supports
> I particularly love iActive Directory, iExchange, iSQLserver, iDynamics ERP, iTeams. Apples office products are the reason noone uses Excel any more.
I see your sarcasm backfire as most you are listing is just Microsoft dog-food with no real usefulness. The only good thing in your list is Excel, all the rest is bloatware. Teams is a resource hog that serve no useful purpose. Skype was perfectly fine to send messages or have some video call.
I admit I don't have experience as an IT administator but things like managing emails, accounts, database, manage remote computers can be done with well estalished tools from the linux/BSD world.
Wild that you’d write this comment with such a confident voice then.
I worked at a company who’s IT team managed both windows and Mac computers and apparently MS’s ActiveDirectory is leagues ahead of apple’s offering.
Which makes sense. MS is selling windows to administrators, not to users
I'm a die hard FOSS guy, but as someone who has done LDAP work with FreeIPA and OpenLDAP -- AD does a better job.
Admittidly, it's mostly a better job at integrating with Microsoft-powered systems, so it should damn well do a better job, but it's a core business offering and has polish on it in ways that many FOSS offerings don't.
disclaimer: haven't done FreeIPA and LDAP work in the last ~3 years, maybe they got better.
I would disagree. I work in healthcare and we’ve always used SQL Server. While I wouldn’t pick it, it’s been reliable and integrates with auth.
No one “loves” Teams, but honestly it serves its purpose for us at no cost.
No one loves OneDrive but it works.
I think people underestimate how much work it would take to integrate services, train people, and meet compliance requirements when using a handful of the best in class products instead of MS Suite.
People use Teams and OneDrive because it’s “Free” when you use Office. IMO, that’s a bit of an anti-trust problem. Both have good competitors (arguably better competitors) that are getting squeezed because of the monopoly pricing with Office.
But with SQL Server, on the other hand, I think you are right. It is a good piece of software. But it also has high quality competition from multiple vendors. Some of it enterprise (Oracle, DB2), some of it FOSS (Postgres, MySQL). Because of this, it has to be better quality to survive… they couldn’t bundle it to get market share, it actually had to compete.
People use Teams because it's well integrated into Office, 365, Entra and other MS products, they would (and recently do) pay for it. It has functionalities that no other alternative has, e.g. it can act as a full call centre solution through a SIP gateway.
Yeah, sure. But the marginal cost is zero, whereas a Slack subscription for every person in our org will cost about 1 million dollars a year. And it doesn’t integrate as well with every other piece of functional but mediocre software.
The person approving the $1 million dollar budget item doesn’t really care that Teams isn’t “free” in the sense that there is no free lunch, and while they perhaps have moral qualms of antitrust, that’s outside their purview. We’re locked into Office suite and right now there is no extra charge for Teams.
> Teams is a resource hog that serve no useful purpose. Skype was perfectly fine to send messages or have some video call.
I’m sorry, this is a very silly take. I’m no fan of Teams or Slack but I can’t deny the functionality they offer, which is far above and beyond what Skype does.
> I admit I don’t have experience as an IT administrator
Time was, NeXT was a hard sell into corporations because it required so little administration, and what there was was so easily done IT staffs were hugely cut back after implementing them.
Had to move my Cube this past week-end, and it made me incredibly sad.
Using a NeXT Cube w/ Wacom ArtZ and an NCR-3125 running Go Corp.'s PenPoint (and rebooting into Windows for Pen Computing when I wanted to run Futurewave Smartsketch) was the high-water mark of my computing experience.
It was elegant, consistent, reliable, and "just worked" in a way no computer has since (and I had such high hopes for Rhapsody and the Mac OS Public Beta).
Then you probably shouldn't speak on software exclusively understood and administered by IT administrators. I've worked in IT for some time and every single one of those products(aside from Dynamics) have been the most important parts of our administrative stack.
Even Excel is beginning to be regarded as a dangerous piece of software that gives the illusion of power while silently bankrupting departments who depend on the idea that large spreadsheets is an accurate and reliable way to analyze large/complex datasets.
the 90ies are over but for some reason average enterprise department have a problem internalizing the fact that the demands today is different then they were 25 years ago.
Meanwhile, while HN bubble imagines people doing big data jobs on Excel, in the real world 10s or 100s of millions of people are perfectly satisfied doing small data jobs in Excel.
The problem is that without tools and processes to systematically validate those result's people might be perfectly happy about completely inaccurate results.
I know i have had to correct one in three excel sheet i have ever gone over using pen and paper in order to validate the results but i am a paranoid sod who actually do this kind of exercise on a regular basis.
almost all of the disciplines known to rely on excel have a serous issue with repeatability of results either because nobody ever attempts it, or because it's a messy field without a well defined methodology.
I work in finance. We have double entry accounting and literal checks and balances to validate our results. It is not a messy field, and has a well defined methodology. We have been the biggest spreadsheet users at many of the companies I have worked with.
I really like their corporate IT products that are going to push MS out as you say. I particularly love iActive Directory, iExchange, iSQLserver, iDynamics ERP, iTeams. Apples office products are the reason noone uses Excel any more. Their integration with their corporate cloud, iAzure is amazing. I love their server products in particular, it being so easy to spin up an ios server and have dfs filesharing, dns etc is great. MS must be quaking in their shoes