Hacker News new | past | comments | ask | show | jobs | submit login

I don't do any kernel stuff so I'm out of my element, but doesn't the fact that Crowdstrike & Linux kernel eBPF already caused kernel crashes[1] sort of downplay the rosiness of the state of things?

[1]: https://access.redhat.com/solutions/7068083




This is specifically addressed in the post you are replying to


Can you elaborate? What I see about Linux is that Crowdstrike was in the process of adopting eBPF which is ostensibly immune to kernel panics, but that issue shows their eBPF implementation specifically causing a kernel panic.


Yes, the elaboration is that the same link you posted is included in the article you're supposed to have just read.


I've read it three times now. The only thing they say about it is this:

"This doesn't mean that eBPF has solved nothing, substituting a vendor's bug for its own. Fixing these bugs in eBPF means fixing these bugs for all eBPF vendors, and more quickly improving the security of everyone."

Which is exactly what I'm asking about. If eBPF has some inherent advantage, why did it fail in precisely the same way alreay?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: