270: The Cloud Pod Puts a Hex-LLM on all these AI Announcements

The Cloud Pod Puts a Hex-LLM on all these AI Announcements

Welcome to episode 270 of the Cloud Pod Podcast – where the forecast is always cloudy! Jonathan, Ryan, Matt and Justin are your hosts today as we sort through all of the cloud and AI news of the week, including updates to the Crowdstrike BSOD event, more info on that proposed Wiz takeover (spoiler alert: it’s toast) and some updates to Bedrock. All this and more news, right now on the Cloud Pod! 

Titles we almost went with this week:

• The antivirus strikes back
• The return of the crowdstrike
• The cloud pod is worth more than 23B
• The cloud pod is rebranded to the AI podcast
• The cloud pod might need to move to another git provider
• Amazon finally gets normal naming for end user messaging 
• Amazon still needs to work on it’s end user messaging
• The CloudPod goes into hibernation before the next crisis hits
• EC2 Now equipped with ARM rests

A big thanks to this week’s sponsor:

Follow Up

01:33 In what feels suspiciously like an SNL skit, CrowdStrike sent its partners $10 Uber Eats gift cards as an apology for mass IT outage

• As you can imagine, Twitter (or X) had thoughts. 
• Turns out they were just for third party partners that were helping with implementation. 
• 2024 Economics wants to know – what are you going to do with only $10 with Uber Eats? 
• Crowdstrike: Preliminary Post Incident Review
• Moving on to the actual story – The Preliminary Post Incident Review (PIR) is now out for the BSOD Crowdstrike event we talked about last week.
• Crowdstrike reports that a Rapid Response Content Update for the Falcon sensor was published to Windows hosts running sensor version 7.11 and above. 
• The update was to gather telemetry on new threat techniques that targeted named pipes in the kernel but instead triggered a BSOD on systems online from 4:09 – 5:27 UTC.
• Ultimately, the crash occurred due to undetected content during validation checks, which resulted in an out-of-bounds memory read. 
• To avoid this, Crowdstrike plans to do a bunch of things:
  • Improve rapid response content testing by using testing types such as Local developer, content update and rollback, stress, fuzzing, fault injection, stability and content interface testing. 
  • Introduce additional validation checks in the content validator to prevent similar issues. 
  • Strengthen error handling mechanisms in the Falcon sensor to ensure errors from problematic content are managed gracefully.
  • Adopt staggered deployment strategies, starting with a canary deployment to a small subset of systems before further staged rollouts
  • Enhanced sensor and system performance monitoring during the staggered content deployment to identify and mitigate issues promptly.
  • Allowing a granular section of when and where these updates are deployed will give customers greater control over the deliver