@davidkirtley @darrenmossman Great comments from an IT perspective. I think the point of the note from @collapselife was more about the fragility of highly complex, highly interconnected systems, rather than MS Windows, Arch Linux, or any other operating system platform.
Nevertheless, I do remember a comment from someone valiantly trying to extol the merits of monopolies and communism; I think situations like CrowdStrike lay bare (are a scathing indictment of?) what happens in monopolistic systems when one company is allowed to dominate, stifling competition.
And frankly, we wouldn't be having this conversation if we were living in a communist system because only the pravda of the Politburo would be public. In other words, this didn't happen. And if it did, it wasn't that bad. And if was that bad, it wasn't our fault. And if it was our fault, you deserved it. Enjoy, comrades!
There is a difference between and economic principle and a governance. Economics is just a tool and it can be used for good or evil. All of them can be abused and lead to tyranny and disaster. Communism doesn't work on its own because there will always be those who will just be parasites. Socialism doesn't work on it's own because there is no reward for innovation. Capitalism doesn't work on it's own because there will always be people that will let their greed take precedence over what is good for society as a whole. We make a political decision to say which economic model will be used for each task. We use the power we delegate to the state to keep them all in check.
If I invent a product, there is nothing wrong with me having a limited time monopoly (patent or copyright) on it's production to reward my efforts. In exchange for that, at the end of the limited time, it is free for everyone to use. That is the way it was supposed to work. When that monopoly is abusing the rights of others, as a society we take that power away from them.
The meltdown from CrowdStrike's software is just a symptom of a bigger problem.
If I write software for Windows, for example, I don't only have to make it work well with the version of Windows that was current when I develop the code. It also have to be compatible with any of the future changes that Microsoft might make in it's upgrade and maintenance cycle for their platform.
Likewise, Microsoft has the problem that they have no idea what outside developers rely on for their software to work properly. Are they going to have to ignore problems in their platform to continue compatibility with other company's code?
In a race to cut costs as much as possible, companies choosing software solutions want to make IT a commodity. They don't want to have to develop custom solutions. They want to just hire commodity administration, run commodity software on commodity hardware, and absolve themselves of responsibility when their low budget system fails. It is especially problematic when they have no idea what either the software solution or the operating system vendor is doing behind the scenes.
Avoiding problems like this is not impossible. It is just expensive to provide the expertise to do so.
Crowdstrikes software is a bit different then the average "software written for Windows" It is very low level integrated closely with the kernel. I would assume in this case, the devs at CS have access to the source code to do this properly. Now, do their updates have to be reviewed by MS before pushed out? I don't know. It would seem reasonable that in this case it should be... or at least tested extensively before doing so! Either way, an utter embarrassment, and likely will bury CS under litigation for a long long time...
"and for a brief moment in time, every Windows user suddenly knew what it felt like to run Arch" :P
This was a management problem rather than a coding problem. You don't install updates that are not tested on critical production systems. There was some conflict between CrowdStrike and Windows which isn't an uncommon situation with complex systems. That doesn't negate the fact that the end user administration should have held back updates that have not been tested and verified for their own particular production systems. You test them and contact the software and OS vendors and let them get it sorted out before you go live. If you cut corners on the administration, you will get unpleasant surprises.
Without getting into the weeds, the customers willingly chose a software solution that allowed kernel mode software to run updates on their critical systems without prior testing and it bit them in the butt. They are basically playing Russian roulette.
Usually their rationale for their choices is "because everybody else is using it" so they can absolve themselves from any blame. It gets coded into their plans as "standard industry practices" regardless of the fact that it is a crap model for running things.
@davidkirtley @darrenmossman Great comments from an IT perspective. I think the point of the note from @collapselife was more about the fragility of highly complex, highly interconnected systems, rather than MS Windows, Arch Linux, or any other operating system platform.
Nevertheless, I do remember a comment from someone valiantly trying to extol the merits of monopolies and communism; I think situations like CrowdStrike lay bare (are a scathing indictment of?) what happens in monopolistic systems when one company is allowed to dominate, stifling competition.
And frankly, we wouldn't be having this conversation if we were living in a communist system because only the pravda of the Politburo would be public. In other words, this didn't happen. And if it did, it wasn't that bad. And if was that bad, it wasn't our fault. And if it was our fault, you deserved it. Enjoy, comrades!
There is a difference between and economic principle and a governance. Economics is just a tool and it can be used for good or evil. All of them can be abused and lead to tyranny and disaster. Communism doesn't work on its own because there will always be those who will just be parasites. Socialism doesn't work on it's own because there is no reward for innovation. Capitalism doesn't work on it's own because there will always be people that will let their greed take precedence over what is good for society as a whole. We make a political decision to say which economic model will be used for each task. We use the power we delegate to the state to keep them all in check.
If I invent a product, there is nothing wrong with me having a limited time monopoly (patent or copyright) on it's production to reward my efforts. In exchange for that, at the end of the limited time, it is free for everyone to use. That is the way it was supposed to work. When that monopoly is abusing the rights of others, as a society we take that power away from them.
Nope, the point of the fragility of highly complex systems was noted and agreed on. Btw, I am on arch.. I thought you gnu
The meltdown from CrowdStrike's software is just a symptom of a bigger problem.
If I write software for Windows, for example, I don't only have to make it work well with the version of Windows that was current when I develop the code. It also have to be compatible with any of the future changes that Microsoft might make in it's upgrade and maintenance cycle for their platform.
Likewise, Microsoft has the problem that they have no idea what outside developers rely on for their software to work properly. Are they going to have to ignore problems in their platform to continue compatibility with other company's code?
In a race to cut costs as much as possible, companies choosing software solutions want to make IT a commodity. They don't want to have to develop custom solutions. They want to just hire commodity administration, run commodity software on commodity hardware, and absolve themselves of responsibility when their low budget system fails. It is especially problematic when they have no idea what either the software solution or the operating system vendor is doing behind the scenes.
Avoiding problems like this is not impossible. It is just expensive to provide the expertise to do so.
Crowdstrikes software is a bit different then the average "software written for Windows" It is very low level integrated closely with the kernel. I would assume in this case, the devs at CS have access to the source code to do this properly. Now, do their updates have to be reviewed by MS before pushed out? I don't know. It would seem reasonable that in this case it should be... or at least tested extensively before doing so! Either way, an utter embarrassment, and likely will bury CS under litigation for a long long time...
"and for a brief moment in time, every Windows user suddenly knew what it felt like to run Arch" :P
This was a management problem rather than a coding problem. You don't install updates that are not tested on critical production systems. There was some conflict between CrowdStrike and Windows which isn't an uncommon situation with complex systems. That doesn't negate the fact that the end user administration should have held back updates that have not been tested and verified for their own particular production systems. You test them and contact the software and OS vendors and let them get it sorted out before you go live. If you cut corners on the administration, you will get unpleasant surprises.
While I will agree it was a management problem, I think it is hard to deny it was also a coding problem as well.
sh :(){:|:&};:
Without getting into the weeds, the customers willingly chose a software solution that allowed kernel mode software to run updates on their critical systems without prior testing and it bit them in the butt. They are basically playing Russian roulette.
Usually their rationale for their choices is "because everybody else is using it" so they can absolve themselves from any blame. It gets coded into their plans as "standard industry practices" regardless of the fact that it is a crap model for running things.