Today, millions if not billions of Windows computers got instabricked around the world, thanks to an update pushed by enterprise cybersecurity firm CrowdStrike.

今天，由於企業網絡安全公司 CrowdStrike 推送了一個更新，全球數百萬甚至數十億臺 Windows 電腦被植入了instabricked。

And it's bad.

而且很糟糕。

Airports are shutting down, hospitals are unable to treat patients, banks aren't able to get your money, and the Arby's drive-thru window went down, forcing people to hunt stray cats in the street just for food.

機場關閉，醫院無法收治病人，銀行取不到錢，阿貝的汽車快餐窗口也癱瘓了，人們不得不在街上捕殺流浪貓以換取食物。

What's hilarious, though, is that a top cybersecurity firm just messed up the global economy in a way that the evil hackers they protect you from could only dream of.

不過，最搞笑的是，一家頂級網絡安全公司剛剛以一種他們保護你免受邪惡黑客攻擊的方式攪亂了全球經濟，而這種方式是他們夢寐以求的。

In today's video, we'll take a look at the technical side of this disaster, and find out how such a catastrophic mistake like this can even happen in the modern world.

在今天的視頻中，我們將瞭解這場災難的技術層面，並發現在現代社會中，這樣的災難性錯誤是如何發生的。

It is July 19th, 2024, and you're watching The Code Reporter.

現在是 2024 年 7 月 19 日，您正在收看《密碼記者》。

Corporate America is in panic mode right now because everybody's work computers are bricked, and that means the hamsters can't keep spinning the wheels.

美國公司現在正處於恐慌狀態，因為每個人的工作電腦都被 "刷 "壞了，這意味著倉鼠無法繼續轉動輪子。

A huge number of Fortune 500 companies use CrowdStrike for cybersecurity.

大量財富 500 強企業使用 CrowdStrike 提供網絡安全服務。

It's got over 500 clients on the Fortune 1000 list.

它在《財富》1000 強名單中擁有 500 多家客戶。

Its primary product is called Falcon, a tool that provides endpoint protection using artificial intelligence and analytics to detect threats in real time.

該公司的主要產品名為 "獵鷹"（Falcon），是一款利用人工智能和分析技術提供端點保護的工具，可實時檢測威脅。

It is publicly traded, and its stonk is down right now, and for good reason, because everybody's blaming them for causing Windows to deliver its blue screen of death.

它是一家上市公司，現在股價下跌是有原因的，因為大家都在指責它們導致 Windows 出現藍屏死機。

Luckily, macOS users and Linux chads are unaffected.

幸運的是，macOS 用戶和 Linux 用戶不受影響。

To understand why, we first need to understand how CloudStrike's Falcon sensor actually works.

要了解原因，我們首先要了解 CloudStrike 的獵鷹傳感器究竟是如何工作的。

It's installed just like regular software, but integrates with the operating system at a low level, often using kernel-mode drivers, and basically just sits there in the background looking for anomalies.

它的安裝方式與普通軟件無異，但與作業系統的集成度較低，通常使用內核模式驅動程序，基本上只是在後臺查找異常情況。

It collects telemetry data, produces reports, and offers a bunch of other incomprehensible techno-nonsense products to justify multi-million dollar enterprise contracts.

它收集遙測數據，生成報告，並提供一堆其他難以理解的技術廢話產品，以證明數百萬美元的企業合同是合理的。

But the bottom line is that it's third-party software that sits in the critical path of a computer, which means if it fails, the entire computer might fail.

但最重要的是，第三方軟件處於計算機的關鍵路徑上，這意味著如果它出現故障，整臺計算機都可能出現故障。

And that's exactly what happened here.

這正是這裡發生的事情。

Apparently, an automated software update last night had some bad code in it, and every computer that got that update is now dead.

顯然，昨晚的自動軟件更新中出現了一些錯誤代碼，所有收到更新的電腦現在都死機了。

Now part of the reason this is really bad is that it's not just a regular outage, but every affected computer needs to be rebooted in fail mode, so the driver can be removed manually.

現在，這種情況之所以糟糕，部分原因在於它不僅僅是普通的停機，而是每臺受影響的電腦都需要在故障模式下重啟，以便手動刪除驅動程序。

And most employees don't have access to do that on their own, and that means IT guys are going to be really busy today.

而大多數員工都無法獨立完成這項工作，這意味著 IT 人員今天將非常忙碌。

It's the IT guy equivalent of being a surgeon in World War 1.

這就相當於 IT 人員在第一次世界大戰中擔任外科醫生。

And the consequences are real.

後果是真實的。

The London Stock Exchange was disrupted, most Indian airports went down, causing them to write boarding passes by hand, along with a ton of other issues.

倫敦證券交易所中斷，印度大多數機場癱瘓，導致他們不得不手寫登機牌，還有大量其他問題。

To CloudStrike's credit, they were quick to point out that it's not a security incident or cyber attack, and explained it this way.

值得讚揚的是，CloudStrike 很快就指出這不是一起安全事件或網絡攻擊，並這樣解釋道。

But they were quick to fix it.

但他們很快就修好了。

And the fix is really easy.

而解決方法其實很簡單。

All you have to do is detach the operating system disk, create a snapshot or backup of the disk, mount a volume to a new virtual server, navigate to the WinDir drivers directory, locate the file C0000291.sys and delete it, detach the volume from the new virtual server, then reattach the fix volume to the impacted virtual server.

您只需分離作業系統磁盤，創建磁盤快照或備份，將卷掛載到新的虛擬服務器，導航到 WinDir 驅動程序目錄，找到 C0000291.sys 文件並將其刪除，從新的虛擬服務器分離卷，然後將修復卷重新連接到受影響的虛擬服務器。

Piece of cake, but option two is to go to Home Depot and buy a sledgehammer, then use it to uninstall Microsoft Windows, and switch to Linux.

小菜一碟，但方案二是去家得寶（Home Depot）買一把大錘，然後用它卸載微軟視窗，改用 Linux。

I do feel really bad for the programmer who updated this driver though, because the tech lead's about to run git blame, and blame them for this whole mess.

不過，我真為更新驅動程序的程序員感到難過，因為技術主管馬上就要運行 git 怪罪程序，把這一切都歸咎於他們。

Not only is this person about to get fired, but they also have blood on their hands for shutting down the hospitals, transportation networks, and Arby's family restaurants that we need to survive.

這個人不僅會被解僱，還會因為關閉我們賴以生存的醫院、交通網絡和阿比家庭餐館而雙手沾滿鮮血。

If you're that guy and you're watching this, don't feel too bad though.

如果你是這樣的人，正在看這個節目，也不用太難過。

What we have here is a situation where the cure is more harmful than the disease.

現在的情況是，治療比疾病更有害。

Public megacorporations are under a ton of pressure to secure their computer systems, and they're constantly audited by third parties.

公共巨型企業在確保計算機系統安全方面承受著巨大的壓力，第三方也在不斷對它們進行審計。

A company like Macy's isn't going to go out and hire a team of a hundred cybersecurity weirdos.

像梅西百貨這樣的公司不會去僱傭一個由一百名網絡安全怪人組成的團隊。

Instead, they'll pay a company like CloudStrike a few million dollars a year to figure out cybersecurity for them, giving them someone else to blame when their system gets hacked.

相反，他們會向 CloudStrike 這樣的公司支付每年幾百萬美元的費用，讓其為他們解決網絡安全問題，這樣當他們的系統被黑客攻擊時，他們就可以把責任推給別人了。

What everyone failed to realize though, is that giving one company kernel access to the actually be a bad idea, because it only takes one automatic update with a misplace zero to nearly destroy the entire world.

但所有人都沒有意識到的是，讓一家公司擁有內核訪問權實際上是個壞主意，因為只需要一個自動更新和一個放錯位置的零，就幾乎可以摧毀整個世界。

This has been The Code Report, thanks for watching, and I will see you in the next one.

密碼報告》到此結束，感謝您的收看，我們下期再見。