Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here’s my take as a security software dev for 15 years.

We put too much code in kernel simply because it’s considered more elite than other software. It’s just dumb.

Also - if a driver is causing a crash MSFT should boot from the last known-good driver set so the install can be backed out later. Reboot loops are still the standard failure mode in driver development…




Not possible in this situation, the "driver" is fine, it's a file the driver loads during startup that is bad, causing the otherwise "good" driver to crash.

Going back to an earlier version—since the driver is "good—would just re-load the same driver, loading the updated file, and then crashing again.


A driver that crashes with bad input is not “fine.” Bad design, bad configuration loading and crap input validation. Did they even fuzz the code?

We’d spend 20x development time on kernel code because BSOD is never an option.

I get that this was a bad release - but IMHO it’s incredible that they pushed this out to a billion devices before the red flags went up.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: