1 00:00:01,720 --> 00:00:05,760 Speaker 1: A media Hello one, Welcome to a very special emergency 2 00:00:05,800 --> 00:00:08,600 Speaker 1: episode of Better Offline. I'm at Zeitron, I'm your host, 3 00:00:08,680 --> 00:00:10,600 Speaker 1: and I'm recording this from inside a closet in a 4 00:00:10,640 --> 00:00:25,639 Speaker 1: hotel in San Francisco. You're very important to me. On 5 00:00:25,720 --> 00:00:28,360 Speaker 1: Friday afternoon, I sat at my desk and just started 6 00:00:28,360 --> 00:00:31,120 Speaker 1: writing about any clear aim or objective other than a 7 00:00:31,200 --> 00:00:34,400 Speaker 1: desire to wrap my head around probably the most cataclystic 8 00:00:34,479 --> 00:00:38,000 Speaker 1: technological meltdown that I've seen in my career, And of 9 00:00:38,080 --> 00:00:41,839 Speaker 1: course I'm referring to the CrowdStrike situation. How was it 10 00:00:41,920 --> 00:00:45,000 Speaker 1: the piece of software, one that few people understood, made 11 00:00:45,040 --> 00:00:47,800 Speaker 1: by a company that people really didn't know was able 12 00:00:47,840 --> 00:00:51,400 Speaker 1: to shut down our banking system, mayor travel, TV logistics chains, 13 00:00:51,479 --> 00:00:54,600 Speaker 1: those weird screens that you see around and of course hospitals. 14 00:00:55,400 --> 00:00:58,120 Speaker 1: And as I wrote this script, I found myself returning 15 00:00:58,200 --> 00:00:59,720 Speaker 1: to some of the themes that I wrote about in 16 00:00:59,720 --> 00:01:02,360 Speaker 1: The Rock Economy, in the Shareholder Supremacy, and many other 17 00:01:02,400 --> 00:01:05,520 Speaker 1: pieces that speak to a larger problem in the tech industry, 18 00:01:06,120 --> 00:01:10,360 Speaker 1: a complete misalignment in the incentives of most major tech companies, 19 00:01:10,680 --> 00:01:14,039 Speaker 1: which has become less about building new technologies and maintaining 20 00:01:14,040 --> 00:01:16,120 Speaker 1: them and then selling them to people who would then 21 00:01:16,240 --> 00:01:19,720 Speaker 1: use them over time, and more about capturing monopolies and 22 00:01:19,760 --> 00:01:24,240 Speaker 1: gearing organizations to extract value from the things around them. 23 00:01:24,760 --> 00:01:28,360 Speaker 1: Every problem you see is a result of the tech industry, 24 00:01:28,760 --> 00:01:31,360 Speaker 1: from the people funding the earliest startups to the trillion 25 00:01:31,400 --> 00:01:34,560 Speaker 1: dollar juggernauts that dominate our lives, and the fact that 26 00:01:34,600 --> 00:01:37,360 Speaker 1: it's no longer focused on the creation of technology with 27 00:01:37,400 --> 00:01:42,839 Speaker 1: a purpose and organizations driven towards said purpose. Everything's about 28 00:01:42,880 --> 00:01:46,200 Speaker 1: expressing growth and about showing how you will dominate an 29 00:01:46,240 --> 00:01:49,720 Speaker 1: industry rather than serve it, and providing metrics that speak 30 00:01:49,760 --> 00:01:52,720 Speaker 1: to the paradoxical notion that you'll grow forever without any 31 00:01:52,800 --> 00:01:57,920 Speaker 1: consideration of how you'll actually live that long. Legacies are 32 00:01:57,960 --> 00:02:02,320 Speaker 1: now subordinate to monopolies, current customers are subordinate to new customers, 33 00:02:02,320 --> 00:02:05,480 Speaker 1: and products well, they're considered the means to introduce a 34 00:02:05,480 --> 00:02:07,960 Speaker 1: customer to a form of parasite designed to punish the 35 00:02:08,080 --> 00:02:12,760 Speaker 1: user for even thinking about moving to a competitor. The 36 00:02:12,840 --> 00:02:16,280 Speaker 1: key difference between what happened on Friday with CrowdStrike and 37 00:02:16,320 --> 00:02:18,079 Speaker 1: by the way, it's still being fixed, and as I'll 38 00:02:18,120 --> 00:02:21,160 Speaker 1: explain later, will really take some time to be fully resolved, 39 00:02:21,400 --> 00:02:24,320 Speaker 1: and my criticisms of other companies like Facebook and Google 40 00:02:24,919 --> 00:02:29,280 Speaker 1: is the sheer violent nature of this failure, the decline 41 00:02:29,320 --> 00:02:31,799 Speaker 1: of search and social tools we use in it is 42 00:02:31,880 --> 00:02:36,040 Speaker 1: kind of a gradual, incremental kind of rot. CrowdStrike, meanwhile, 43 00:02:36,200 --> 00:02:38,639 Speaker 1: was a demonstration of what happens when the rod fully 44 00:02:38,720 --> 00:02:44,000 Speaker 1: consumes the timber holding up the building. What's happened with 45 00:02:44,160 --> 00:02:48,880 Speaker 1: CrowdStrike is completely unprecedented. I'll get to why shortly, and 46 00:02:48,960 --> 00:02:51,040 Speaker 1: on the scale of the much feared why to Q 47 00:02:51,280 --> 00:02:53,799 Speaker 1: bug that threatened to ground the entirety of the world's 48 00:02:53,800 --> 00:02:58,280 Speaker 1: computer based infrastructure once the year two thousand began. You'll 49 00:02:58,320 --> 00:03:01,360 Speaker 1: note that I'm not saying that White was over hyapt 50 00:03:01,440 --> 00:03:04,880 Speaker 1: or dismissing the scale, because ydo K was a huge 51 00:03:04,919 --> 00:03:08,520 Speaker 1: society threatening calamity waiting to happen, and said calamity was 52 00:03:08,520 --> 00:03:12,079 Speaker 1: averted not through any kind of magical thinking, but through 53 00:03:12,080 --> 00:03:15,320 Speaker 1: a remarkable half trillion dollar industrial effort that took a 54 00:03:15,360 --> 00:03:19,040 Speaker 1: decade to manifest. Because the seriousness of such a significant 55 00:03:19,040 --> 00:03:22,280 Speaker 1: single point of failure would have likely crippled governments, banks, 56 00:03:22,320 --> 00:03:26,519 Speaker 1: and airlines, people laughed when nothing happened on January first, 57 00:03:26,560 --> 00:03:29,160 Speaker 1: two thousand, Assuming that all that money and time had 58 00:03:29,160 --> 00:03:31,880 Speaker 1: been wasted. All of the media was just being hysterical 59 00:03:32,160 --> 00:03:35,640 Speaker 1: rather than being grateful that an infrastructural weakness was identified 60 00:03:35,720 --> 00:03:38,800 Speaker 1: taken seriously, and that a single point of failure was 61 00:03:38,840 --> 00:03:41,640 Speaker 1: dealt with, and that the crisis was averted by investing 62 00:03:41,680 --> 00:03:47,200 Speaker 1: in stopping bad staff happening before it does. Crazy goddamn idea. Huh. 63 00:03:47,240 --> 00:03:49,960 Speaker 1: But as we speak, millions or even hundreds of millions 64 00:03:50,000 --> 00:03:52,640 Speaker 1: of different Windows based computers are now stuck in a 65 00:03:52,680 --> 00:03:55,560 Speaker 1: doom loop, repeatedly showing us as the fame blue screen 66 00:03:55,600 --> 00:03:57,720 Speaker 1: of death, thanks to a single point of failure in 67 00:03:57,760 --> 00:04:01,160 Speaker 1: a company called CrowdStrike, the developed of a globally adopted 68 00:04:01,200 --> 00:04:05,560 Speaker 1: cybersecurity product designed ironically to prevent the kinds of disruption 69 00:04:05,680 --> 00:04:08,400 Speaker 1: that we witnessed on Friday end. We're still witnessing today, 70 00:04:09,560 --> 00:04:12,040 Speaker 1: and for reasons we'll get into shortly, this nightmare is 71 00:04:12,080 --> 00:04:14,320 Speaker 1: going to drag on for several days, if not weeks 72 00:04:14,320 --> 00:04:19,080 Speaker 1: to come. The product called CrowdStrike Falcon Sensor is an 73 00:04:19,200 --> 00:04:23,080 Speaker 1: EDR system which stands for endpoint Detection and Response. If 74 00:04:23,080 --> 00:04:25,479 Speaker 1: you aren't a security professional and your eyes are glazing over, 75 00:04:25,760 --> 00:04:28,839 Speaker 1: I'll keep it brief an EDR system is designed to 76 00:04:28,880 --> 00:04:32,280 Speaker 1: identify hacking attempts, to remediate them prevent them. They're big, 77 00:04:32,320 --> 00:04:34,719 Speaker 1: sophisticated and complicated products, and they do a lot of 78 00:04:34,760 --> 00:04:37,480 Speaker 1: things that's quite hard to build with the standard tools 79 00:04:37,520 --> 00:04:40,600 Speaker 1: available to Windows developers. But as I'll get to later, 80 00:04:40,880 --> 00:04:45,240 Speaker 1: not Microsoft, and so to make Falcon sensor work, CrowdStrike 81 00:04:45,279 --> 00:04:48,599 Speaker 1: had to build its own internal kernel driver. Now, kernel 82 00:04:48,680 --> 00:04:51,440 Speaker 1: drivers operate at the lowest level in the computer. They 83 00:04:51,440 --> 00:04:54,400 Speaker 1: have the highest possible permissions, but they operate with the 84 00:04:54,400 --> 00:04:57,880 Speaker 1: fewest amount of guardrails because massive control and they're very 85 00:04:57,920 --> 00:05:00,240 Speaker 1: important to the system. Very technical people can to hear 86 00:05:00,240 --> 00:05:01,800 Speaker 1: that and be like, that's not the right way to 87 00:05:01,800 --> 00:05:04,640 Speaker 1: put it. Get out not your podcast. But if you've 88 00:05:04,640 --> 00:05:07,560 Speaker 1: ever built your own computer, or you remember what computers 89 00:05:07,560 --> 00:05:09,839 Speaker 1: were like in the dark days of Windows ninety eight, 90 00:05:10,279 --> 00:05:12,880 Speaker 1: you know that a single faulty kernel driver can wreak 91 00:05:12,920 --> 00:05:16,560 Speaker 1: havoc on the stability of your system. The problem here 92 00:05:16,640 --> 00:05:19,880 Speaker 1: is that CrowdStrike pushed out an evidently broken kernel driver 93 00:05:19,960 --> 00:05:22,880 Speaker 1: that locked whatever system that installed it in a permanent bootloop, 94 00:05:22,960 --> 00:05:26,120 Speaker 1: meaning that you just started Blue Screen of Death, restarted 95 00:05:26,320 --> 00:05:29,400 Speaker 1: kept doing him, the system would start loading Windows Encounter 96 00:05:29,440 --> 00:05:32,880 Speaker 1: a fatal error and reboot, and then reboot, and then 97 00:05:32,960 --> 00:05:36,880 Speaker 1: reboot again and again and again, in essence rendering the 98 00:05:36,880 --> 00:05:41,599 Speaker 1: machine useless. It's convenient to blame CrowdStrike here, and perhaps 99 00:05:41,680 --> 00:05:44,040 Speaker 1: that's fair, and I intend to do so several times. 100 00:05:44,960 --> 00:05:47,560 Speaker 1: This should not have happened on a basic level. Whenever 101 00:05:47,560 --> 00:05:49,880 Speaker 1: you write or update a kernel driver, you need to 102 00:05:49,920 --> 00:05:54,680 Speaker 1: know it's actually robust and won't shit the bed immediately. Regrettably, 103 00:05:54,800 --> 00:05:59,040 Speaker 1: CrowdStrike seemed to borrow Boeing's approach to quality control, except 104 00:05:59,080 --> 00:06:01,159 Speaker 1: instead of building plane where the doors fly off and 105 00:06:01,200 --> 00:06:03,360 Speaker 1: Boeing is the noise it makes when they fly off 106 00:06:03,560 --> 00:06:06,440 Speaker 1: at the most inopportune times, it released a piece of 107 00:06:06,480 --> 00:06:09,080 Speaker 1: software that blew up the transportation and banking sectors. The 108 00:06:09,200 --> 00:06:12,560 Speaker 1: name just a few. It created a global IT outage 109 00:06:12,680 --> 00:06:16,200 Speaker 1: that as grounded flights and broken banking services. It took 110 00:06:16,279 --> 00:06:20,159 Speaker 1: down the BBC's flagship TV channel for kids, infuriating parents 111 00:06:20,160 --> 00:06:22,600 Speaker 1: across the British isles, as well as Sky News, which, 112 00:06:23,000 --> 00:06:25,719 Speaker 1: when it was able to resume life broadcasts, was forced 113 00:06:25,720 --> 00:06:29,159 Speaker 1: to do so without graphics. In essence, it was forced 114 00:06:29,200 --> 00:06:32,040 Speaker 1: back to the nineteen fifties, giving an esthetic that matches 115 00:06:32,040 --> 00:06:34,760 Speaker 1: the politics of its founder and former owner, Rupert Murdoch. 116 00:06:35,200 --> 00:06:38,799 Speaker 1: By no means is this exhaustive list of those affected. Either. 117 00:06:39,800 --> 00:06:42,400 Speaker 1: The scale and disruption caused by this incident is unlike 118 00:06:42,440 --> 00:06:47,200 Speaker 1: anything we've ever seen before. Previous instances like this, particularly 119 00:06:47,279 --> 00:06:51,960 Speaker 1: rival ransomware outbreaks like Wanna Craze, simply can't compare, especially 120 00:06:51,960 --> 00:06:54,200 Speaker 1: when we're looking at the disruption at the sheer scale 121 00:06:54,680 --> 00:06:57,880 Speaker 1: of this problem. Still, if your day has been ruined 122 00:06:57,880 --> 00:06:59,920 Speaker 1: by this outage, at least spare a thought for those 123 00:07:00,040 --> 00:07:03,279 Speaker 1: will have to actually fix it, because those machines affected 124 00:07:03,320 --> 00:07:05,479 Speaker 1: are now locked in this boot loop. It's not like 125 00:07:05,520 --> 00:07:08,240 Speaker 1: CrowdStrike and just release a new software patch and call 126 00:07:08,279 --> 00:07:11,320 Speaker 1: it a day on Doing this update requires some users 127 00:07:11,360 --> 00:07:14,480 Speaker 1: to have to individually go to each computer, loading up 128 00:07:14,520 --> 00:07:17,000 Speaker 1: safe mode or limited version of Windows with most non 129 00:07:17,080 --> 00:07:21,080 Speaker 1: essential software and drivers disabled, and manually remove the faulty code. 130 00:07:21,440 --> 00:07:23,800 Speaker 1: And if you have encrypted your computer, that process gets 131 00:07:23,800 --> 00:07:27,440 Speaker 1: a lot harder. Servers running on cloud services like Amazon 132 00:07:27,480 --> 00:07:29,920 Speaker 1: Web Services and Microsoft Azure, you know, the way that 133 00:07:30,000 --> 00:07:35,160 Speaker 1: most of the Internet's infrastructure works, requires an entirely different 134 00:07:35,320 --> 00:07:40,360 Speaker 1: and much more annoying, separate series of actions. If you're 135 00:07:40,400 --> 00:07:43,000 Speaker 1: on a small item team, and you're supporting hundreds of 136 00:07:43,000 --> 00:07:47,040 Speaker 1: workstations across several far flung locations, which really isn't unusual 137 00:07:47,080 --> 00:07:50,000 Speaker 1: these days, especially in sectors like retail and social care. 138 00:07:50,720 --> 00:07:54,320 Speaker 1: You're especially fucked. Say goodbye to your weekend, your evenings, 139 00:07:54,440 --> 00:07:56,800 Speaker 1: Say goodbye to your spouse, your kids. You won't be 140 00:07:56,800 --> 00:07:59,000 Speaker 1: seeing them for a while, and I'm really sorry. I'll 141 00:07:59,000 --> 00:08:01,280 Speaker 1: buy you a drink some time. Your life will be 142 00:08:01,320 --> 00:08:04,080 Speaker 1: driving from site to site, applying the figs and moving on. 143 00:08:04,360 --> 00:08:06,240 Speaker 1: Forget about sleeping in your own bed or eating a 144 00:08:06,240 --> 00:08:10,120 Speaker 1: meal that wasn't brought to you by door dash, Good luck, godspeed, 145 00:08:10,240 --> 00:08:13,960 Speaker 1: God bless. I do not envy you. I so gratefully 146 00:08:14,040 --> 00:08:18,440 Speaker 1: have a fake job. You know what do envy? I 147 00:08:18,480 --> 00:08:21,680 Speaker 1: was buying the products that follow this utterly seamless ad break, 148 00:08:21,680 --> 00:08:25,600 Speaker 1: which will likely echo my exact sentiments on literally every 149 00:08:25,720 --> 00:08:36,240 Speaker 1: issue ever. And we're back. The significance of this failure, 150 00:08:36,280 --> 00:08:38,960 Speaker 1: which isn't a breach, by the way, and in many respects, 151 00:08:39,000 --> 00:08:42,160 Speaker 1: is far worse, at least with destruction it courst is 152 00:08:42,200 --> 00:08:44,520 Speaker 1: not its damage to individual users, but to the amount 153 00:08:44,559 --> 00:08:47,800 Speaker 1: of technical infrastructure that runs on Windows, and that so 154 00:08:47,920 --> 00:08:51,400 Speaker 1: much of our global infrastructure relies on automated enterprise software 155 00:08:51,400 --> 00:08:56,240 Speaker 1: that when it goes wrong, breaks everything. It isn't about 156 00:08:56,240 --> 00:08:58,360 Speaker 1: the number of computers, but the amount of them that 157 00:08:58,480 --> 00:09:01,960 Speaker 1: underpin things like security checkpoints or systems that run airlines 158 00:09:02,040 --> 00:09:05,400 Speaker 1: or banks or hospitals, all running as much automated software 159 00:09:05,400 --> 00:09:08,240 Speaker 1: as possible so that the costs can be kept down. 160 00:09:08,720 --> 00:09:12,400 Speaker 1: Hey remember the raw economy. Jesus fucking The problem here 161 00:09:12,440 --> 00:09:15,320 Speaker 1: is systemic that there's a company that the majority of 162 00:09:15,320 --> 00:09:18,240 Speaker 1: people affected by the outage had no idea existed until 163 00:09:18,679 --> 00:09:22,280 Speaker 1: well a day or two ago, that Microsoft trusted to 164 00:09:22,280 --> 00:09:23,959 Speaker 1: the extent that they were able to push an update 165 00:09:24,000 --> 00:09:25,840 Speaker 1: that broke the back of a chunk of the world's 166 00:09:25,880 --> 00:09:30,920 Speaker 1: digital infrastructure. Microsoft a company, instead of building the kind 167 00:09:30,920 --> 00:09:33,960 Speaker 1: of rigorous security protocols that would say, I don't know, 168 00:09:34,120 --> 00:09:36,480 Speaker 1: rigorously tests something that connects to what seems to be 169 00:09:36,480 --> 00:09:41,200 Speaker 1: a huge portion of Windows computers, Well, they just chose 170 00:09:41,240 --> 00:09:44,520 Speaker 1: to do something else. They've just screwed the fuck up. 171 00:09:44,800 --> 00:09:47,920 Speaker 1: As pointed out by Whir, the company vets and cryptographically 172 00:09:48,000 --> 00:09:50,920 Speaker 1: signs all kernel drivers, which is sensible and good because 173 00:09:50,960 --> 00:09:53,360 Speaker 1: kernel drivers have an incredible amount of access and thus 174 00:09:53,360 --> 00:09:57,079 Speaker 1: can inflict serious harm. With this testing process, usually taking 175 00:09:57,120 --> 00:10:01,840 Speaker 1: several weeks. What happened Microsoft? How did this slip through 176 00:10:01,880 --> 00:10:06,439 Speaker 1: Microsoft's fingers? Well, for this to have happened, two companies 177 00:10:06,480 --> 00:10:09,920 Speaker 1: needed to screw up epically in boy, fucking howardy did they? 178 00:10:11,000 --> 00:10:13,840 Speaker 1: What we're seeing isn't just one major fuck up, but 179 00:10:13,880 --> 00:10:17,160 Speaker 1: the first of what will be many systemic failures, some small, 180 00:10:17,440 --> 00:10:20,679 Speaker 1: some potentially larger, that are the natural byproduct of the 181 00:10:20,720 --> 00:10:23,120 Speaker 1: growth of all costs ecosystem, where any attempt to save 182 00:10:23,200 --> 00:10:26,120 Speaker 1: money by outsourcing major systems is one that must simply 183 00:10:26,160 --> 00:10:30,000 Speaker 1: be taken to please the beautiful, sexy shareholder that they 184 00:10:30,040 --> 00:10:33,160 Speaker 1: all love so much. And this is a problem with 185 00:10:33,200 --> 00:10:36,720 Speaker 1: the digitization of society, or more specifically, the automation of 186 00:10:36,760 --> 00:10:40,480 Speaker 1: once manual tasks. It introduces a single point of failure, 187 00:10:40,600 --> 00:10:44,280 Speaker 1: or rather several of them, or clustered together like a 188 00:10:44,360 --> 00:10:48,320 Speaker 1: rat king or a Katamari. Our world, our lifestyle, and 189 00:10:48,400 --> 00:10:52,680 Speaker 1: our economy is dependent on automation and computerization, with these 190 00:10:52,679 --> 00:10:56,440 Speaker 1: systems in turn dependent on other systems to work, and 191 00:10:56,520 --> 00:11:00,240 Speaker 1: if one of those systems breaks, the effects rick shay 192 00:11:00,280 --> 00:11:02,319 Speaker 1: outwards like ripples mean you cast a rock in a 193 00:11:02,400 --> 00:11:06,200 Speaker 1: lake or throw a body in. For some listeners, Freddy's 194 00:11:06,240 --> 00:11:09,200 Speaker 1: CrowdStrike cockup is just the latest example of this, but 195 00:11:09,240 --> 00:11:11,720 Speaker 1: it isn't the only one. Some of you might remember 196 00:11:11,720 --> 00:11:14,040 Speaker 1: the Solar Winds hacked back in twenty twenty, where Russian 197 00:11:14,080 --> 00:11:17,160 Speaker 1: state link hackers gained access to an estimate eighteen thousand 198 00:11:17,240 --> 00:11:21,120 Speaker 1: companies in public sector organizations including NATO, the European Parliament, 199 00:11:21,120 --> 00:11:24,000 Speaker 1: the US Treasury Department, and the UK's National Health Service 200 00:11:24,000 --> 00:11:28,680 Speaker 1: by compromising just one service, Solar wins Oryan Remember when 201 00:11:28,760 --> 00:11:31,480 Speaker 1: Octa some of you might know Octa is a company 202 00:11:31,480 --> 00:11:34,160 Speaker 1: that makes software that handles authentication for a bunch of websites, 203 00:11:34,200 --> 00:11:36,640 Speaker 1: governments and businesses. Well, when they got hacked in twenty 204 00:11:36,640 --> 00:11:40,080 Speaker 1: twenty three, they then lied about the scale of the breach. Hey, 205 00:11:40,080 --> 00:11:42,400 Speaker 1: do you remember when those hackers leap frogged from Octa 206 00:11:42,440 --> 00:11:45,360 Speaker 1: to a bunch of other companies like cloud Flare. Yeah, 207 00:11:45,400 --> 00:11:49,280 Speaker 1: they provide the content delivery services and the services that 208 00:11:49,320 --> 00:11:52,320 Speaker 1: protect websites from being well brought down by a bunch 209 00:11:52,360 --> 00:11:56,000 Speaker 1: of bots. From much the entire Internet, everything feels like 210 00:11:56,080 --> 00:11:59,640 Speaker 1: it's being held up by like twigs and chewing gum. 211 00:12:00,040 --> 00:12:02,080 Speaker 1: You probably know the quote no man is an island, 212 00:12:02,200 --> 00:12:04,560 Speaker 1: and it's especially true when we're talking about tech, because 213 00:12:04,600 --> 00:12:07,960 Speaker 1: when you scratch beneath the surface, every system that looks 214 00:12:08,000 --> 00:12:11,600 Speaker 1: like it's independent is actually heavily, heavily dependent on services 215 00:12:11,600 --> 00:12:14,760 Speaker 1: and software provided by a very small number of companies, 216 00:12:14,800 --> 00:12:17,640 Speaker 1: many of whom are not particularly good. And this is 217 00:12:17,679 --> 00:12:20,440 Speaker 1: as much a cultural failing as it is a technological one, 218 00:12:20,480 --> 00:12:23,680 Speaker 1: the result of a management culture geared towards value extraction, 219 00:12:23,840 --> 00:12:27,439 Speaker 1: building systems that build monopolies by attaching themselves to other monopolies. 220 00:12:28,280 --> 00:12:31,720 Speaker 1: CrowdStrike went public in twenty nineteen and immediately popped on 221 00:12:31,920 --> 00:12:34,560 Speaker 1: its first day of trading thanks to wall streets appreciation 222 00:12:34,640 --> 00:12:37,480 Speaker 1: of them moving away from a focused approach to serving 223 00:12:37,559 --> 00:12:41,120 Speaker 1: large enterprise clients, building products now for small and medium 224 00:12:41,160 --> 00:12:44,880 Speaker 1: sized businesses by selling through channel partners, in effect outsourcing 225 00:12:44,920 --> 00:12:47,760 Speaker 1: both product sales and the relationship with the client that 226 00:12:47,880 --> 00:12:51,120 Speaker 1: would tailor a business a solution to said client. Especially 227 00:12:51,120 --> 00:12:54,120 Speaker 1: when something is so serious like this, I want you 228 00:12:54,200 --> 00:12:57,079 Speaker 1: to really think about this and think about this problem, 229 00:12:57,120 --> 00:12:59,640 Speaker 1: because the problem isn't so much selling to small businesses 230 00:12:59,679 --> 00:13:02,640 Speaker 1: or media businesses. It's the fact that CrowdStrike made its 231 00:13:02,720 --> 00:13:06,880 Speaker 1: money selling to the enterprise and specializing in that, and 232 00:13:06,920 --> 00:13:09,199 Speaker 1: that's the thing. When you broaden out, when you must 233 00:13:09,240 --> 00:13:12,400 Speaker 1: grow in all directions, at all times, in all ways 234 00:13:12,440 --> 00:13:16,720 Speaker 1: to please the horny beasts of Wall Street, you lose 235 00:13:16,760 --> 00:13:21,040 Speaker 1: your focus. But that isn't the only problem, because Crowdstrike's 236 00:13:21,040 --> 00:13:24,720 Speaker 1: culture appears to also fucking suck. A recent Glassloor entry 237 00:13:24,760 --> 00:13:28,440 Speaker 1: referred to CrowdStrike as great tech with terrible culture with 238 00:13:28,559 --> 00:13:31,480 Speaker 1: no work life balance, with leadership that does not care 239 00:13:31,520 --> 00:13:35,000 Speaker 1: about employee well being. Another from June twenty twenty four 240 00:13:35,040 --> 00:13:38,080 Speaker 1: claim that CrowdStrike was changing its culture for the street 241 00:13:38,160 --> 00:13:40,640 Speaker 1: with KPIs as in metrics related to your success at 242 00:13:40,679 --> 00:13:44,640 Speaker 1: the company, driving behavior more than building relationships, with a 243 00:13:44,679 --> 00:13:48,000 Speaker 1: serious lack of experience in the public sector in senior management. 244 00:13:49,080 --> 00:13:51,920 Speaker 1: So glad that this company is selling intellect government anyway. 245 00:13:51,960 --> 00:13:55,880 Speaker 1: Moving on, others complained of micromanagement, with one claiming that 246 00:13:55,960 --> 00:13:59,000 Speaker 1: management is the biggest issue, with managers asking way too 247 00:13:59,080 --> 00:14:01,440 Speaker 1: much of you and it doesn't matter if you do 248 00:14:01,480 --> 00:14:03,800 Speaker 1: what they ask since they're not even around to check 249 00:14:03,800 --> 00:14:07,080 Speaker 1: on you, and another saying that management is arrogant and 250 00:14:07,280 --> 00:14:11,040 Speaker 1: needed to stop lying to the market on product capability. 251 00:14:11,640 --> 00:14:14,200 Speaker 1: That's what I love to see, we all love to 252 00:14:14,240 --> 00:14:17,719 Speaker 1: see that. I'm very happy to read that, And while 253 00:14:17,760 --> 00:14:20,520 Speaker 1: I can't say for sure, I'd imagine an organization with 254 00:14:20,640 --> 00:14:23,720 Speaker 1: such powerful signs of growth at all costs thinking a 255 00:14:23,720 --> 00:14:26,320 Speaker 1: place where you and I quote have to get used 256 00:14:26,320 --> 00:14:28,840 Speaker 1: to the pressure, that's a clique that you're not in. 257 00:14:29,480 --> 00:14:32,240 Speaker 1: Likely isn't giving its quality assurance teams the time and 258 00:14:32,280 --> 00:14:34,680 Speaker 1: the space to make sure that there aren't any Kaiju 259 00:14:34,800 --> 00:14:39,640 Speaker 1: level security threats baked into an update. And that assumes 260 00:14:39,680 --> 00:14:42,400 Speaker 1: it actually has a significant QA team in house and 261 00:14:42,480 --> 00:14:45,280 Speaker 1: hasn't just this with many companies outsourced the work to 262 00:14:45,360 --> 00:14:48,840 Speaker 1: a body shop like Wypro or Emphasis or Tartar Consultancy. 263 00:14:50,320 --> 00:14:52,000 Speaker 1: But for a moment, I'm going to change gears a 264 00:14:52,000 --> 00:14:54,480 Speaker 1: little to try and explain what actually happened and why. 265 00:14:54,520 --> 00:14:57,160 Speaker 1: It suggests that the issue is likely the product of 266 00:14:57,200 --> 00:15:01,240 Speaker 1: cost cutting and institutional failure within CrowdStrike. In the aftermath 267 00:15:01,280 --> 00:15:04,640 Speaker 1: of Friday's incident, we've seen some analyses about what actually 268 00:15:04,680 --> 00:15:08,200 Speaker 1: went down with them first some throat clearing. I haven't 269 00:15:08,320 --> 00:15:11,240 Speaker 1: verified this stuff independently. From what I've read, though, and 270 00:15:11,240 --> 00:15:14,920 Speaker 1: from speaking to developers, this all seems relatively plausible, but 271 00:15:15,880 --> 00:15:18,560 Speaker 1: maybe worth googling this a little yourself. But I'm going 272 00:15:18,640 --> 00:15:21,720 Speaker 1: to give it a go. So the kernel driver at 273 00:15:21,720 --> 00:15:24,960 Speaker 1: fort was written with a programming language called C plus plus. 274 00:15:25,000 --> 00:15:27,120 Speaker 1: This language was developed in the nineteen eighties and it's 275 00:15:27,200 --> 00:15:30,520 Speaker 1: very good for writing high performance applications, anything where you're 276 00:15:30,560 --> 00:15:33,480 Speaker 1: concerned about speed, like the Interenno's operating system or a 277 00:15:33,560 --> 00:15:37,240 Speaker 1: video game. It's pretty popular for that, and it's so 278 00:15:37,360 --> 00:15:41,080 Speaker 1: pretty dangerous too, so dangerous in fact, that it's often 279 00:15:41,120 --> 00:15:45,520 Speaker 1: referred to as an unsafe language. Without getting two into 280 00:15:45,520 --> 00:15:48,000 Speaker 1: the weeds. C plus plus makes it incredibly easy to 281 00:15:48,000 --> 00:15:49,880 Speaker 1: shoot yourself and the foot, the ars, and the dick. 282 00:15:49,920 --> 00:15:52,760 Speaker 1: At the same time, it's big, complex and has few 283 00:15:52,800 --> 00:15:55,920 Speaker 1: safeguards while providing many opportunities for developers to screw up 284 00:15:56,480 --> 00:16:01,400 Speaker 1: very badly. Like the languages derived from C, it forces 285 00:16:01,480 --> 00:16:03,800 Speaker 1: developers to deal with a lot of low level stuff 286 00:16:04,240 --> 00:16:06,560 Speaker 1: like handling memory allocation that you don't really have to 287 00:16:06,600 --> 00:16:09,600 Speaker 1: deal with in many popular languages like Python, Java, Russ, 288 00:16:09,600 --> 00:16:12,640 Speaker 1: Swift or Sea sharp. And this matters because if you 289 00:16:12,680 --> 00:16:15,800 Speaker 1: screw this up, your code will break, or I don't know, 290 00:16:15,960 --> 00:16:19,840 Speaker 1: it might introduce some kind of potentially disastrous security vulnerability. 291 00:16:21,160 --> 00:16:24,240 Speaker 1: In twenty nineteen, Microsoft researchers said that seventy percent of 292 00:16:24,280 --> 00:16:27,560 Speaker 1: all security vulnerabilities were the result of memory management issues, 293 00:16:27,920 --> 00:16:30,040 Speaker 1: and I doubt that figure has changed much since then. 294 00:16:30,800 --> 00:16:33,240 Speaker 1: And earlier this year, the White House Office of the 295 00:16:33,320 --> 00:16:37,280 Speaker 1: National Cyber Director urged developers to stop using unsafe languages 296 00:16:37,640 --> 00:16:40,160 Speaker 1: like C and C plus plus and start using modern 297 00:16:40,200 --> 00:16:44,520 Speaker 1: and safer alternatives like Rust. With me so far, ah, So, 298 00:16:44,680 --> 00:16:47,400 Speaker 1: from what I've read, the CrowdStrike Falcon sensor kernel driver 299 00:16:47,520 --> 00:16:51,160 Speaker 1: crash because it had something called a null pointer error. Essentially, 300 00:16:51,240 --> 00:16:53,760 Speaker 1: the developer wrote some code that told the program to 301 00:16:53,800 --> 00:16:56,520 Speaker 1: look for a memory location that didn't exist, and didn't 302 00:16:56,520 --> 00:16:59,840 Speaker 1: write any safeguards to protect against them. When this happened, 303 00:17:00,080 --> 00:17:03,920 Speaker 1: the driver and so the operating system crashed. This is 304 00:17:03,920 --> 00:17:06,280 Speaker 1: a rookie mistake, and I've talked to multiple developers that 305 00:17:06,320 --> 00:17:08,399 Speaker 1: have backed this up. If you take an introductory C 306 00:17:08,480 --> 00:17:11,280 Speaker 1: plus plus programming class at university, they'll cover this in 307 00:17:11,320 --> 00:17:14,520 Speaker 1: the first year. Kind of boggles the mind how trivial 308 00:17:14,520 --> 00:17:16,280 Speaker 1: a mistake this is, and how it made it into 309 00:17:16,320 --> 00:17:19,160 Speaker 1: production code, which is the code that goes out into 310 00:17:19,200 --> 00:17:21,400 Speaker 1: the real world, and how it wasn't caught either by 311 00:17:21,400 --> 00:17:25,840 Speaker 1: CrowdStrike or by Microsoft, who are supposedly obligated to vet 312 00:17:25,880 --> 00:17:29,280 Speaker 1: this driver, and if the reports are true, someone really 313 00:17:29,359 --> 00:17:33,760 Speaker 1: really really screwed up, really badly. But if you don't 314 00:17:33,800 --> 00:17:36,720 Speaker 1: want to screw up, if you want to really do 315 00:17:36,840 --> 00:17:39,480 Speaker 1: well in life, I advise you to buy one of 316 00:17:39,520 --> 00:17:43,800 Speaker 1: the following products or services, which I of course fully understand, 317 00:17:43,920 --> 00:17:51,639 Speaker 1: know all about and won't be embarrassed by. 318 00:17:53,720 --> 00:17:54,440 Speaker 2: And we're back. 319 00:17:54,560 --> 00:17:56,120 Speaker 1: And to be clear, I don't want you to think 320 00:17:56,119 --> 00:17:59,920 Speaker 1: that I'm letting Microsoft off the hook either, assuming the 321 00:18:00,040 --> 00:18:02,679 Speaker 1: kernel driver testing roles are still being done in house. 322 00:18:03,040 --> 00:18:05,280 Speaker 1: Do you think that these testers who have likely seen 323 00:18:05,320 --> 00:18:07,879 Speaker 1: their friends laid off at a time when Microsoft was 324 00:18:07,960 --> 00:18:11,439 Speaker 1: highly profitable and denied raises, when their welfared CEO probably 325 00:18:11,480 --> 00:18:14,399 Speaker 1: took home over one hundred million dollars in salary for 326 00:18:14,440 --> 00:18:16,800 Speaker 1: a job he's eminently bad at. Do you think these 327 00:18:16,840 --> 00:18:19,000 Speaker 1: people doing their best work? Do you think they go 328 00:18:19,080 --> 00:18:22,280 Speaker 1: into a jazz full of piss and vinegar ready to 329 00:18:22,359 --> 00:18:25,600 Speaker 1: save the world, or do you think they hate their 330 00:18:25,680 --> 00:18:28,199 Speaker 1: job and they're being forced to do too much and 331 00:18:28,200 --> 00:18:30,680 Speaker 1: they're miserable, And the people that knew what the fuck 332 00:18:30,840 --> 00:18:33,200 Speaker 1: was going on haven't been fired, and the people who 333 00:18:33,200 --> 00:18:35,400 Speaker 1: managed those people and the people that wrote the code 334 00:18:35,400 --> 00:18:38,399 Speaker 1: that they're edited. Do you think anyone knows what the 335 00:18:38,400 --> 00:18:44,600 Speaker 1: hell is going on? No, they don't, And this is 336 00:18:44,640 --> 00:18:48,399 Speaker 1: the culture that's poisoned almost the entirety of Silicon Valley. 337 00:18:49,400 --> 00:18:52,320 Speaker 1: What we're seeing now is the societal cost of moving 338 00:18:52,400 --> 00:18:56,600 Speaker 1: fast and breaking things of people like Mark Andresen considering 339 00:18:56,720 --> 00:19:00,480 Speaker 1: risk management the enemy of hiring and firing things. Thousands 340 00:19:00,520 --> 00:19:03,359 Speaker 1: of people, tens of thousands in some case, to please 341 00:19:03,400 --> 00:19:06,639 Speaker 1: Wall Street, are seeking as many new possible ways to 342 00:19:06,640 --> 00:19:09,879 Speaker 1: make as much money as possible, to show shareholders that 343 00:19:10,000 --> 00:19:13,000 Speaker 1: you'll grow, even if doing so means growing at a 344 00:19:13,040 --> 00:19:17,439 Speaker 1: pace that makes it impossible to sustain organizational and cultural stability. 345 00:19:18,680 --> 00:19:21,320 Speaker 1: When you aren't intentional on the people you hire and retain, 346 00:19:21,680 --> 00:19:23,800 Speaker 1: the people you fire, the things that you build, the 347 00:19:23,840 --> 00:19:27,720 Speaker 1: way that they are deployed, maintaining your systems, understanding how 348 00:19:27,800 --> 00:19:32,040 Speaker 1: and why things were written, the decisions that were made five, ten, 349 00:19:32,080 --> 00:19:35,080 Speaker 1: and fifteen years ago, you're going to lose the people 350 00:19:35,119 --> 00:19:37,439 Speaker 1: to understand the problems they're solving, and thus lack the 351 00:19:37,520 --> 00:19:40,879 Speaker 1: organizational ability to understand the ways the problems might be 352 00:19:40,920 --> 00:19:44,919 Speaker 1: solved in the future, or disasters might be averted. This 353 00:19:45,040 --> 00:19:48,400 Speaker 1: is dangerous, and it's also a dark warning for the future. 354 00:19:49,320 --> 00:19:52,120 Speaker 1: Do you think the Facebook or Microsoft or Google, all 355 00:19:52,160 --> 00:19:54,280 Speaker 1: of whom have laid off over ten thousand people in 356 00:19:54,320 --> 00:19:57,200 Speaker 1: the last year, have done so in a conscientious way, 357 00:19:57,440 --> 00:19:59,960 Speaker 1: in a knowledgeable way, a people focused a way, in organized, 358 00:20:00,040 --> 00:20:02,639 Speaker 1: zationally rigorous way that means that the people are left 359 00:20:03,000 --> 00:20:06,240 Speaker 1: who understand how their systems run and the inherent issues 360 00:20:06,280 --> 00:20:09,920 Speaker 1: built into them. Do you think the management types obsessed 361 00:20:09,960 --> 00:20:13,800 Speaker 1: with unsustainable AI bullshit are investing heavily in making sure 362 00:20:13,800 --> 00:20:17,680 Speaker 1: that their organizations are rigorously protected against, say, one bad 363 00:20:17,760 --> 00:20:21,280 Speaker 1: line of code or one dipshit error. Did they even 364 00:20:21,359 --> 00:20:23,679 Speaker 1: know who wrote the code of their current systems? Is 365 00:20:23,720 --> 00:20:26,240 Speaker 1: that person still there? Do they have their email and 366 00:20:26,280 --> 00:20:30,040 Speaker 1: their phone number? Is that person at least contracted to 367 00:20:30,080 --> 00:20:32,240 Speaker 1: make sure that something nuanced about the system in question 368 00:20:32,280 --> 00:20:37,560 Speaker 1: isn't mistakenly removed or changed or quote fixed. No, now 369 00:20:37,560 --> 00:20:40,720 Speaker 1: they're not, They're gone. They're not there anymore. Only a 370 00:20:40,800 --> 00:20:43,240 Speaker 1: few months ago, Google laid off two hundred employees in 371 00:20:43,280 --> 00:20:46,320 Speaker 1: the core of its organization, outsourcing their roles to Mexico 372 00:20:46,359 --> 00:20:49,680 Speaker 1: and India in a cost cutting measure. The quarter after 373 00:20:49,760 --> 00:20:53,840 Speaker 1: the company made twenty three billion dollars in profit I'm 374 00:20:53,920 --> 00:20:56,840 Speaker 1: jumping to Google because they're just probably next in one 375 00:20:56,880 --> 00:21:02,040 Speaker 1: of these horrible breaches or sorry, not breaches. Silicon Valley 376 00:21:02,040 --> 00:21:04,720 Speaker 1: in big tech writ large is not built to protect 377 00:21:04,720 --> 00:21:07,159 Speaker 1: against situations like the one we saw on Friday and 378 00:21:07,200 --> 00:21:10,040 Speaker 1: the damage we're going to get from CrowdStrike because the 379 00:21:10,080 --> 00:21:14,000 Speaker 1: culture's cancer. He values growth or costs with no respect 380 00:21:14,000 --> 00:21:17,159 Speaker 1: for the human capital that empowers organizations or the value 381 00:21:17,200 --> 00:21:21,080 Speaker 1: of building rigorous, quality focused products that are maintained over time. 382 00:21:22,520 --> 00:21:24,879 Speaker 1: You know me, I'm a nasty little bitch. What are 383 00:21:24,880 --> 00:21:28,000 Speaker 1: more on the nose? Example, George Kurtz, the CEO and 384 00:21:28,040 --> 00:21:30,840 Speaker 1: co founder of CrowdStrike, said in twenty twenty that not 385 00:21:31,080 --> 00:21:34,679 Speaker 1: one time has he regretted firing someone too fast, in 386 00:21:34,720 --> 00:21:37,520 Speaker 1: a conversation where he argued that tech executives were becoming 387 00:21:37,560 --> 00:21:42,040 Speaker 1: too obsessed with culture, and in a stunning act of foreshadowing, 388 00:21:42,359 --> 00:21:44,880 Speaker 1: when he was the chief technology officer at McAfee, best 389 00:21:44,920 --> 00:21:47,239 Speaker 1: known as the company that makes antivirus software that they 390 00:21:47,280 --> 00:21:49,840 Speaker 1: sell to your granddad and that they ship with computers 391 00:21:49,880 --> 00:21:52,919 Speaker 1: and you immediately uninstalled, while he oversaw an update that 392 00:21:52,920 --> 00:21:55,199 Speaker 1: treated in the central part of Windows XP as a 393 00:21:55,280 --> 00:21:58,680 Speaker 1: virus quarantining it and sending the computer into a boot loop. 394 00:21:58,880 --> 00:22:01,520 Speaker 1: It's almost a little too on the nose. They're calling 395 00:22:01,560 --> 00:22:04,720 Speaker 1: him the prabagar Ragavan of security. It's a very bad deal. 396 00:22:05,280 --> 00:22:08,760 Speaker 1: But dear listener, this is just the beginning. Big Tech is, 397 00:22:08,800 --> 00:22:11,720 Speaker 1: to quote trivium, in the throes of perdition, teetering over 398 00:22:11,720 --> 00:22:14,800 Speaker 1: the edge of the abyss, finally paying the harsh cost 399 00:22:14,800 --> 00:22:18,439 Speaker 1: of building systems as fast as possible. But let's be honest, 400 00:22:18,960 --> 00:22:23,040 Speaker 1: they're not paying the cost we are. This isn't simply 401 00:22:23,119 --> 00:22:26,200 Speaker 1: moving faster, breaking things, but doing so without any regard 402 00:22:26,480 --> 00:22:28,720 Speaker 1: for the speed at which you're doing so, and firing 403 00:22:28,760 --> 00:22:31,720 Speaker 1: the people that could fix them more might have broke them, 404 00:22:32,000 --> 00:22:35,439 Speaker 1: the people that know what's broken, possibly the people who 405 00:22:35,520 --> 00:22:37,880 Speaker 1: might have an idea to stop this happening in the future. 406 00:22:38,320 --> 00:22:41,560 Speaker 1: And it's not just tech Boeing, a company I've already 407 00:22:41,560 --> 00:22:44,159 Speaker 1: shat on plenty and one ll likely return to in 408 00:22:44,200 --> 00:22:48,119 Speaker 1: the future, largely because it exemplifies the short sightednus of 409 00:22:48,160 --> 00:22:51,680 Speaker 1: managerial fuckery, has over the past twenty years or so, 410 00:22:52,040 --> 00:22:54,439 Speaker 1: span off huge parts of the company. Parts of that 411 00:22:54,560 --> 00:22:58,040 Speaker 1: at one point we're vitally important probably still are into 412 00:22:58,119 --> 00:23:01,479 Speaker 1: multiple other separate companies laid off thousands of employees at 413 00:23:01,480 --> 00:23:04,840 Speaker 1: a time and outsource software development too nine dollars an hour. 414 00:23:04,880 --> 00:23:09,680 Speaker 1: Body shop engineers fucking how hollowed itself out until there 415 00:23:09,720 --> 00:23:13,199 Speaker 1: was nothing left and then the planes started breaking. And 416 00:23:13,240 --> 00:23:15,680 Speaker 1: tell me, knowing what you know about Boeing today, would 417 00:23:15,680 --> 00:23:17,359 Speaker 1: you rather get on the seven three seven max on 418 00:23:17,440 --> 00:23:21,000 Speaker 1: Airbus A three twenty neo. I guess it depends how 419 00:23:21,080 --> 00:23:24,440 Speaker 1: much of a Buddy Holly fan you are. Anyway, As 420 00:23:24,480 --> 00:23:27,760 Speaker 1: these organizations push their engineers harder and harder and have 421 00:23:27,920 --> 00:23:30,320 Speaker 1: less of them because they've been laying them off, said 422 00:23:30,359 --> 00:23:32,919 Speaker 1: engineers will need to find a way to write code quickly, 423 00:23:32,960 --> 00:23:36,280 Speaker 1: and perhaps they'll turn to AI generated code, which poisons 424 00:23:36,320 --> 00:23:40,200 Speaker 1: code bases with insecure and buggy writing. As companies shed 425 00:23:40,280 --> 00:23:42,840 Speaker 1: staff to keep up with wall streets demands in ways 426 00:23:42,840 --> 00:23:46,480 Speaker 1: that I'm not really sure people are capable of understanding yet, 427 00:23:47,320 --> 00:23:50,320 Speaker 1: when you have less engineers and bigger time constraints, and 428 00:23:50,359 --> 00:23:53,600 Speaker 1: by the way, Prabagar Ragavan at Google specifically told people 429 00:23:53,640 --> 00:23:57,920 Speaker 1: they'd be doing things faster with less people. It's so cool. 430 00:23:57,960 --> 00:24:02,400 Speaker 1: I love tech. When you have less people, more time constraints, 431 00:24:02,440 --> 00:24:04,880 Speaker 1: they're going to turn to whatever little tricks they can 432 00:24:05,440 --> 00:24:08,639 Speaker 1: and wouldn't you in that situation too, You have to 433 00:24:08,720 --> 00:24:12,320 Speaker 1: ship faster than this possible. Of course you're going to 434 00:24:12,400 --> 00:24:16,359 Speaker 1: do that. But the companies that run the critical parts 435 00:24:16,400 --> 00:24:18,679 Speaker 1: of our digital lives do not invest in maintenance, or 436 00:24:18,680 --> 00:24:22,439 Speaker 1: cultural unity or any kind of rigorous infrastructure. If I'm honest, 437 00:24:22,720 --> 00:24:25,359 Speaker 1: you need intentionality as well when building these things. You 438 00:24:25,480 --> 00:24:28,000 Speaker 1: need it. It's required to prevent the kinds of things 439 00:24:28,000 --> 00:24:31,080 Speaker 1: that happened on Friday with CrowdStrike, and the kind of 440 00:24:31,119 --> 00:24:33,480 Speaker 1: systemic failures that you're going to see in the future. 441 00:24:33,680 --> 00:24:35,959 Speaker 1: And they need you to be ready for this to 442 00:24:36,000 --> 00:24:39,840 Speaker 1: happen again. And all of this is the horrifying cost 443 00:24:39,880 --> 00:24:42,879 Speaker 1: of the rot economy. Systems used by billions of people, 444 00:24:42,920 --> 00:24:46,240 Speaker 1: held up by flimsy cultures and brittle infrastructure, maintain with 445 00:24:46,320 --> 00:24:50,040 Speaker 1: the diligence of an absentee parent. This is the cost 446 00:24:50,080 --> 00:24:54,280 Speaker 1: of arrogance, of rewarding managerial malpractice, of promoting speed over 447 00:24:54,359 --> 00:25:01,560 Speaker 1: safety and profit over people. Every single major organization should 448 00:25:01,600 --> 00:25:04,880 Speaker 1: see crowdstrike's failure as a wake up call, a time 449 00:25:04,920 --> 00:25:08,280 Speaker 1: to reevaluate the fundamental infrastructure behind every single tech stack. 450 00:25:09,280 --> 00:25:11,399 Speaker 1: What I fear is they won't that they'll see it 451 00:25:11,440 --> 00:25:14,920 Speaker 1: as someone else's problem, just like Microsoft did. And that's 452 00:25:14,960 --> 00:25:17,520 Speaker 1: exactly how we got there in the first place. And 453 00:25:17,600 --> 00:25:19,639 Speaker 1: this is going to keep happening. I'm going to make 454 00:25:19,640 --> 00:25:22,600 Speaker 1: a daring suggestion at the end of this one, based 455 00:25:22,600 --> 00:25:26,800 Speaker 1: on guest of the show they're on, Assamerglu, I believe 456 00:25:26,840 --> 00:25:31,000 Speaker 1: it's time to start bringing in criminal prosecution to executives. 457 00:25:31,600 --> 00:25:35,199 Speaker 1: If you, as the executive, are pushing the kind of 458 00:25:35,280 --> 00:25:40,159 Speaker 1: cultures where basic security practices are failing, where managers do 459 00:25:40,240 --> 00:25:43,600 Speaker 1: not exist, where checks and balances don't exist, you should 460 00:25:44,280 --> 00:25:47,679 Speaker 1: be held responsible. And I don't mean a fine, by 461 00:25:47,720 --> 00:25:50,560 Speaker 1: the way, A fine for a multi trillion dollar even 462 00:25:50,640 --> 00:25:53,639 Speaker 1: multi billion dollar company is just a fee with a 463 00:25:53,680 --> 00:25:56,960 Speaker 1: different hat on. No, I believe there should actually be 464 00:25:57,040 --> 00:26:03,119 Speaker 1: a criminal inquiry in to CrowdStrike, in to Microsoft, and 465 00:26:03,160 --> 00:26:07,800 Speaker 1: the people responsible are not necessarily the workers. No, the 466 00:26:07,880 --> 00:26:10,840 Speaker 1: people responsible are people like satch In the Della, the 467 00:26:10,920 --> 00:26:14,640 Speaker 1: CEO of Microsoft, and George Kurtz, the CEO of CrowdStrike, 468 00:26:14,960 --> 00:26:19,080 Speaker 1: both of whom should face criminal investigations. We do not 469 00:26:19,320 --> 00:26:22,159 Speaker 1: know at this time the significance of this event, but 470 00:26:22,240 --> 00:26:26,040 Speaker 1: we know it's more significant than almost any computer infrastructure 471 00:26:26,119 --> 00:26:30,520 Speaker 1: or failure in history and in affected hospitals. Do you 472 00:26:30,600 --> 00:26:36,159 Speaker 1: think people didn't die? Do you think that something didn't break? 473 00:26:37,320 --> 00:26:39,720 Speaker 1: Do you think that there's not a corpse on satch 474 00:26:39,840 --> 00:26:44,440 Speaker 1: in Adela and George Kurtz's goddamn hands. Yes, it would 475 00:26:44,440 --> 00:26:48,080 Speaker 1: be blood, but still we keep going. These people are 476 00:26:48,160 --> 00:26:51,040 Speaker 1: responsible and they're not afraid, and they should be. There 477 00:26:51,119 --> 00:26:56,480 Speaker 1: must be consequences for this level of fuck up. Microsoft 478 00:26:56,480 --> 00:26:59,679 Speaker 1: made over ten billion dollars of profit in the last quarter. 479 00:27:00,600 --> 00:27:03,480 Speaker 1: By the way, the market cab of CrowdStrike before this happens, 480 00:27:03,520 --> 00:27:07,080 Speaker 1: around eighty nine billion dollars. Microsoft could probably in a 481 00:27:07,119 --> 00:27:09,920 Speaker 1: space of years profits buy them in cash or build 482 00:27:09,920 --> 00:27:12,960 Speaker 1: their own goddamn system. But they chose not to save money, 483 00:27:13,080 --> 00:27:16,159 Speaker 1: and CrowdStrike in turn found other ways to save money, 484 00:27:16,280 --> 00:27:20,560 Speaker 1: and saving money will likely have ended lives and ruined them. 485 00:27:21,440 --> 00:27:24,520 Speaker 1: This is why I'm so pissed off everyone, This is 486 00:27:24,600 --> 00:27:28,760 Speaker 1: why I'm so frustrated. This is what I've been talking 487 00:27:28,760 --> 00:27:32,320 Speaker 1: about from the goddamn beginning of this goddamn show. This 488 00:27:32,560 --> 00:27:35,520 Speaker 1: is the consequence. This is what will happen, and will 489 00:27:35,560 --> 00:27:38,399 Speaker 1: happen again and again and again. This is the first 490 00:27:38,440 --> 00:27:41,560 Speaker 1: of many calamities that will happen as a direct result 491 00:27:41,960 --> 00:27:44,520 Speaker 1: of companies run by people that don't give a shit, 492 00:27:44,760 --> 00:27:48,919 Speaker 1: of a Silicon Valley culture built on exploitation and value extraction, 493 00:27:50,119 --> 00:27:54,120 Speaker 1: and of a business cartel run by people all agreeing 494 00:27:54,200 --> 00:27:57,119 Speaker 1: to do the same level of shitty job, of holding 495 00:27:57,160 --> 00:28:01,040 Speaker 1: no one accountable, of not calling out they're peers for 496 00:28:01,160 --> 00:28:05,000 Speaker 1: running shitty companies because everyone's in on the scam. And 497 00:28:05,040 --> 00:28:07,639 Speaker 1: it's a culture that is failing society, and the culture 498 00:28:07,680 --> 00:28:11,240 Speaker 1: that I will continue to eviscerate every goddamn week until 499 00:28:11,280 --> 00:28:14,159 Speaker 1: they well kick me out of this closet I'm in 500 00:28:14,200 --> 00:28:16,840 Speaker 1: reading to you. It's such a pleasure reading this stuff, 501 00:28:16,840 --> 00:28:19,280 Speaker 1: and I hope I've given you more clarity. If you 502 00:28:19,320 --> 00:28:22,119 Speaker 1: have any questions, you'll hear my email address after this. 503 00:28:22,200 --> 00:28:24,800 Speaker 1: But it's E. That's the letter Easy, the letter Z 504 00:28:25,160 --> 00:28:28,040 Speaker 1: at better offline dot com and a's EAZ at better 505 00:28:28,080 --> 00:28:32,000 Speaker 1: offline dot com for my wonderful British listeners. Thank you 506 00:28:32,040 --> 00:28:34,840 Speaker 1: for listening, and if this affected you, I'm so sorry, 507 00:28:35,240 --> 00:28:39,760 Speaker 1: and it likely did. Normal people, people in hospitals, banks, airports, 508 00:28:39,760 --> 00:28:42,800 Speaker 1: people traveling got their lives fucked up by this, and 509 00:28:42,800 --> 00:28:46,880 Speaker 1: I'm one hundred percent sure people have died. It's time 510 00:28:46,880 --> 00:28:50,120 Speaker 1: for criminal inquiries, and it's time for criminal prosecution. It's 511 00:28:50,120 --> 00:28:52,880 Speaker 1: time for real consequences for executives who don't give a shit. 512 00:28:53,880 --> 00:28:56,360 Speaker 1: You heard it here first, well, and I guess they're 513 00:28:56,360 --> 00:29:07,760 Speaker 1: on set it first. Be safe out there. Thank you 514 00:29:07,760 --> 00:29:09,120 Speaker 1: for listening to Better Offline. 515 00:29:09,280 --> 00:29:11,680 Speaker 3: The editor and composer of the Better Offline theme song 516 00:29:11,760 --> 00:29:14,400 Speaker 3: is Matasowski. You can check out more of his music 517 00:29:14,440 --> 00:29:18,080 Speaker 3: and audio projects at Matasowski dot com, M A T 518 00:29:18,080 --> 00:29:22,560 Speaker 3: T O S O W s ki dot com. You 519 00:29:22,560 --> 00:29:25,080 Speaker 3: can email me at easy at Better Offline dot com 520 00:29:25,200 --> 00:29:27,520 Speaker 3: or visit Better Offline dot com to find more podcast 521 00:29:27,560 --> 00:29:30,880 Speaker 3: links and of course, my newsletter. I also really recommend 522 00:29:30,920 --> 00:29:32,840 Speaker 3: you go to chat dot Where's youreed dot at to 523 00:29:32,920 --> 00:29:35,280 Speaker 3: visit the discord, and go to our slash. 524 00:29:34,960 --> 00:29:38,120 Speaker 1: Better Offline to check out our reddit. Thank you so 525 00:29:38,240 --> 00:29:38,959 Speaker 1: much for listening. 526 00:29:39,800 --> 00:29:42,480 Speaker 2: Better Offline is a production of cool Zone Media. For 527 00:29:42,600 --> 00:29:45,800 Speaker 2: more from cool Zone Media, visit our website cool Zonemedia 528 00:29:45,840 --> 00:29:48,680 Speaker 2: dot com, or check us out on the iHeartRadio app, 529 00:29:48,720 --> 00:30:01,120 Speaker 2: Apple Podcasts, or wherever you get your podcasts.