This sounds like a security nightmare though. A central repository of all code and keys is a gold mine for exploitation. Don’t get me wrong, I would really want this to work, but if it was compromised it could he catastrophic.

I do think there should be regulations in place that are clearly and easily enforceable by the FTC though. I’d love to see companies be hit with fines and/or compulsory refunds if they stop supporting devices and don’t provide some path forward for customers to keep using the device. That doesn’t solve for startups that go out of business, but it would at least cover the tech giants who are doing this garbage.

I think the way the article worded it is confusing. Every staff member wears a photo ID badge, which is pretty common at most schools. At this school, their photo ID badges have a little button on the back. When that button is pressed, it activates the system.

I’m sure the buttons have little batteries inside them, probably similar to the type of battery in a smoke alarm. These types of batteries can last for years. However, many school districts issue new photo ID badges to staff each school year, so perhaps batteries are being replaced at that time if needed.

Seconding this. I work in IT, and the number of tech-illiterate people using DuckDuckGo as their default search engine is astounding. It’s got to be about 10% of our users (none of whom are in tech roles).

Yeah dude, Club Penguin Settings is a whole different app.

take a nap while your car murders some kids

Tesla out here running real-life “trolley problem” demos.

I’ve had my state ID in Apple Wallet for months. Apple specifically created a program to work with states to make this a reality.

Makes sense that it was a definitions update that caused this, and I get why that’s not something you’d want to lag behind on like you could with the agent. (Putting aside that one of the selling points of next-gen AV/EDR tools is that they’re less reliant on definitions updates compared to traditional AV.) It’s just a bit wild that there isn’t more testing in place.

It’s like we’re always walking this fine line between “security at all costs” vs “stability, convenience, etc”. By pushing definitions as quickly as possible, you improve security, but you’re taking some level of risk too. In some alternate universe, CS didn’t push definitions quickly enough, and a bunch of companies got hit with a zero-day. I’d say it’s an impossible situation sometimes, but if I had to choose between outage or data breach, I’m choosing outage every time.

The fact that they weren’t already doing staggered releases is mind-boggling. I work for a company with a minuscule fraction of CrowdStrike’s user base / value, and even we do staggered releases.

freedom to customize the shell

This is always the issue for me – I ssh into several machines for various clients every day. All of those clients have one thing in common: equally strict and inconsistent policies about what packages you can use from where and for what reason. “I like this shell better” would never fly, sadly.