Hacker News new | past | comments | ask | show | jobs | submit login

Maybe it's time that critical systems switch to Linux. The major public clouds are already primarily running Linux. Emergency services, booking, and traditional point-of-sale have no strong reason to run Windows. In the past 10 years, the technological capability differences between Windows and Linux have widened considerably, with Linux being the most advanced operating system in the world without question.

Concerns about usability between Windows and Linux in the modern day are disingenuous at best and malicious at worst. There is no UX concern when everything runs off a webapp these days.

Just use Linux. You will save money and time, and your system will be supported for many years, you won't be charged per E-Core, you won't suffer BSoDs in 2024. Red Hat is a trustworthy American company based out of Raleigh, NC, in case you have concerns of provenance.

Really there's no downside. If you were building your own company you would base your tech stack on Linux and not Windows.

Critical systems cannot go down; therefore they cannot run Windows. If they do, they are being mismanaged and run negligently. Management should have no issue finding Linux engineers, they are everywhere. I could make a killing right now as a consultant going from company to company and just swapping out Windows backends for Linux. And quite frankly I might just do that, literally starting right now.




The discussed issue is not related to any meaningful difference between Windows and Linux – Crowdstrike used a kernel driver, apparently containing a serious bug, which took down the system, which is something any kernel driver can do, no matter which kernel you use. At least Windows have a well-developed framework for writing userspace drivers, unlike Linux.

> Linux being the most advanced operating system in the world without question.

Very strong and mostly unfounded claim; there are specific aspects where Linux is "more advanced", and others where Windows come out ahead (e.g. almost anything related to hardware-based security and virtualization).

> your system will be supported for many years

Windows Server 2008 was supported until earlier this year, longer than any RHEL release.

> you won't suffer BSoDs in 2024

Until you install a shitty driver for a dubious (anti)malware service.


I don't understand this sort of blindness? Linux fails all the time, with rather terrible nobody to root vulns because some idiot failed to use the right bounds check. Ye gods, XZ utils was barely a few months ago!


But no damage actually ended up happening with the xz utils exploit. It didn't even get released because someone picked it up pre-release.

Every system gets attacked, but I think your point shows that even with state-level attacks Linux handles it better than other platforms.


Hmm? It was released for two plus months? 5.6.0 and 5.6.1

I'd also say this wasn't a good example of 'linux handling it better': usually when a mess like this occurs on windows all the corps get a quiet tap on the shoulder that they need to immediately patch when MS releases it, then a few days later it hits the news. In XZ's case, the backdoor was published before the team knew about it, huge mess.


You’re right that it went noticed for a long time, just one clarification

> all the corps get a quiet tap on the shoulder that they need to immediately patch when MS releases it, then a few days later it hits the news

AFAIK, distros were notified and released a patched version of xz like a week before it hit the news, so at least a lot of machines received it via automatic updates.


Depends which news you're talking about. MS guy who discovered it found it March 29th, published to oss. It was in infosec news same day as redhat, others pushed out critical advisories. Patch didn't come til a day or two later.


You're half right - people who compiled it from source could theoretically get those releases, but no, it wasn't released in any distros. So in practice since no linux distro released it, no-one relying on linux distros was exposed to it.


You mean 'xz utils'


zx sounds better


> Maybe it's time that critical systems switch to Linux.

I switched critical systems to illumos and BSD years ago and it's been smooth sailing ever since. Nowadays there really is no need to contribute to linux monoculturization whatsoever.


oh, you think security won't mandate to run CS on linux.

Granted it didn't down linux this time but nothing is stopping it.


It’s not security, it’s compliance. The two are sometimes aligned, sometimes less so.


We've had production outages caused by Microsoft Defender our RHEL boxes :(


Yeah, they definitely would mandate it.

My work laptop is running Ubuntu, and corporate IT requires Symantec Antivirus to be running on it


I too want to see Linux more widely adopted, but it won't prevent this from happening. People will install corrupted kernel modules on Linux too for anti-virus purposes.


All good points but Windows didnt win because it had the best tech or user interface. Merely the most developer support thus user numbers. Legacy momentum is an incredibly difficult thing to sway. It has taken Apple decades an potentially hundreds of billions of dollars of marketing and good will to carve out its share of the market. Linux doesn't have that despites its clear technical advantages.

It is an incredibly frustrated battle akin to Sisyphus.


Crowdstrike has a linux version. It is mandatory in our linux servers in my company so that is not the solution.

I would say issue 1 is management/compliance forcing admins to install malwares like crowdstrike. But issue 1 is because of issue 2 which is about admins / app devs / users aren't smart enough to not have their machines compromised on a regular basis in the first place. And issue 2 is because issue 3 of the software industry not focusing on quality and making bug free software.

All in all this should be mitigated by more diversity in OS, software and "said security solution". Standardization and monopolies works well until they don't and you get this kind of shit.


I think we don't do enough to fight back this requests in a language that is understood by management. Ask them to sign a security waiver assuming risks for installing software techs would classify as a malware and RCE risk.

Companies like CS live on reputation, it should be dragged down.


> Crowdstrike has a linux version

But would it crash the OS?


One place I'm at recently required us to install it in our Kubernetes cluster which powers a bunch of typical web apps.

Falcon sensor is the most CPU intensive app running in the cluster and produces a constant stream of disk activity (more so than any of our apps).

It hasn't crashed anything yet but it definitely leaves me feeling iffy about running it.

I don't like CrowdStrike at all. I got contacted by our security department because I used curl to download a file from GitHub on my dev box and it prompted a severe enough security warning that it required me to explain my intent. That was the day I learned I guess every command or maybe even keystroke I type is being logged and analyzed.


We were also forced to run that until the agent had introduced a memory leak that ate almost all the memory on all the hosts. Thankfully we managed to convince our compliance people that we could run an immutable OS rather than deploy this ~~malware~~ XDR agent.


Yes, the CS Falcon agent caused a kernel panic on RHEL about a month ago.


and yet everyone is blaming Windows sigh.

Windows actually runs a lot of drivers in user-mode, even GPU drivers. largely this is because third-party drivers were responsible for the vast majority of blue screens, but the users would blame Microsoft. which makes sense; Windows crashes so they blame Windows, but I doubt anyone blamed Linux for the kernel panic.


I think windows can be blamed on how badly you can fix that kind of issues. I mean on linux or any bsd admins would build an iso image that would automatically run a script that would take care of optionnally decrypting the system drive, then remove crowdstrike. Or alternatively simply building a live system that take an address via dhcp and start an ssh server. and admins would remotely and automatically run a playbook that mount that iso on the hypervisor, boot it, remotely apply the fix, then boot back the system on the system drive.

Maybe this is just my ignorance about windows and its ecosystem but it seems most admins this morning were clueless on how to fix that automatically and remotely on n machines and would resort to boot in safe mode and remove a file manually on each single server. This is just insane to think that supposed windows sysadmins / cloudops have no idea how to deploy a fix automatically on that platform.


Linux is blamed for bad device drivers all the time, even on HN.



It can kill process based on memory scanning. Imagine systemd was getting killed at every boot?

An issue might not be as universal as on windows, because some distros do things differently like not using glibc, or systemd, or whatever. Yet there are some baselines common to the most popular ones.


If it works the same way - absolutely.


Why wouldn't it? This particular bug wouldn't, but another one...



I suggest switching to macOS. They don't allow third-party kernel drivers which is already a big advantage over Windows or Linux.


Well, Microsoft tried to lock down its kernel with Windows Vista and then antivirus vendors cried that they won't be able to protect Windows, anticompetetive etc.

https://www.computerworld.com/article/1642872/q-a-microsoft-...

https://betanews.com/2006/10/18/mcafee-ms-failing-to-provide...


> Linux being the most advanced operating system in the world without question.

Only if you don't need a GUI/Desktop.


I rate Linux DE higher than I do windows and Mac desktop tbh. Better ergonomics, better user experience and less bloat.


I could never get smooth scrolling to work on Linux in any mainstream web browser, most people don’t seem to see it, but I’m sensitive to things like that.


Imho that was somewhat true on x11 but on wayland I feel everything is much smoother. I am more a pgup/pgdown user though.


Like with a laptop trackpad? I'm smooth-scrolling through these comments right now, and don't remember when scrolling wasn't smooth by default on any trackpad.


It’s smooth to a point, but not smooth like OS X is. It might have improved (I think I last tried desktop Linux a year ago). I do enjoy using Linux as my default headless OS.


NOT SMOOTH SCROLLING!


I need a few accessibility settings and Mac just excels in this regard.


> Only if you don't need a GUI/Desktop.

I not only need a GUI/Desktop, it's my daily driver!

And there are precious few things that Windows GUI/Desktop provides which I don't have on Linux, while the reverse is never true.

When I used Mac (Big Sur, I think?) until a year ago, I was absolutely miserable about having to use such a primitive GUI.


I have a GUI/Desktop on Linux, not sure what you're referring to?


Do Linux systems not crash if a third party kernel module crashes? Or was your comment sarcastic?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: