CrowdCrunch.

(for immediate release)

You know when the name’s so perfect? That you can’t get a great title out of it? “Crowd Strike causes Cashless Crash” – that’s just so twee and headline-y. But I managed an ever-so-twee headline in any case. Jump in, the trail’s still warm!

You Know What I’m Talking About.

Thousands, probably tens of thousands or more, of these signs all displaying the dreaded BSOD in supermarkets bus, train and airport terminals, cargo terminals, maintenance workshops. Wherever Windows has wriggled ubiquitously into. And where a company you and I don’t even know because they’re only used in Windows PCs in the richest of pastures, the corporate landscape.

CrowdStrike is a Texan IT company that is installed by savvy IT professionals worldwide and actually integrates with Windows and is a “Managed Detection and Response” service. It can monitor what’s going on inside Windows, detect if something is causing atypical reactions from windows subsystems or external programs, and shut down anything that behaves maliciously. In order to do that, it has to have a higher level of access and control than any of that malicious code.

It does that by having a device driver access to Windows, and that means that Windows has to provide it with a key, and that in turn means that Windows checks every version before including it in the next update. Supposedly.

But both Microsoft and CrowdStrike work for a thing called “The Shareholder” and The Shareholder brooks no limitations to its share of profits, so the corporations take the occasional shortcut. Like not actually checking every version of every item of software everytime there’s an update. How bothersome. How – profit-consuming…”

What Failed?

The part of CrowdStrike’s MDR software (Falcon) that connects to Windows at a level that would allow it to do the Detection and Response parts requires a special driver. When Windows boots, it starts thosedevice drivers in order, from the most powerful ones to the least powerful ones, so that it makes sense that anything like Falcon has to be among the first to connect so that it can prevent any future (and possibly hacked or malicious) drivers or later on, programs, from carrying out threat actions.

And the bit of Falcon that Windows was starting and that the rest of Falcon would then use to tap into the pulse – so to speak – the device driver, had been updated. So Windows was getting to the Falcon driver, getting an error, and doing the safe things it’s supposed to, which is rebooting, in case the error was just a one-time glitch on reading the boot-up disk. Over and over.

But that short piece of code wasn’t even really the failure.

What Really Failed?

Arguably one of the most important parts of Falcon, the bit that actually let it connect to all the Windows stuff it was meant to check, detect, and respond to, got updated. And apparently no-one at CrowdStrike or Microsoft actually tested it. Because if you tested it and it caused a never-ending series of reboots, you wouldn’t let that update go out.

To add another layer to the ineptitude shown, no-one checked the differences between the old working version and the new one, either. That would have showed up as red lines on one side of the “difference checking” software that’s supposed to help find possible bugs like this.

There was one other thing that should have wised someone up. Different parts of Windows and Falcon are written in a range of computer languages, depending on the purpose. And this driver was written in C++. Let’s just say that this would be anyone’s least favourite choices of language to use other than perhaps BASIC. I don’t know details – if this had always been written in C++ or recently translated, but inany case:

In almost every programmer’s mind is the thought that if you mess with an existing piece of C++, you’re opening up a bunch of worms and loose ends and pitfalls. It’s these days considered one of the most difficult languages in terms of losing track of memory management. And a piece of mismanaged memory causes crashes.

Yet two large software companies did miss it, and stopped the IT world for several days dead in its tracks.

So What Was The Problem, Really?

No-one stays in one job long enough any more for there to be complete knowledge of such a large program as Windows or Falcon. Programmers write a piece of code, are fired because of shareholder pressure for more profits, and think “screw ’em. I won’t document why I did this or how, that’s now the next poor sap’s job.”

And Management gets reamed at the next Shareholders Board and thinks “screw ’em. I’ll just hire less expensive programmers or outsource a few more of the bits next time.”

And that caused Microsoft Windows PCs all over the world to stop at the same time for two to three days, with the loss of life and livelihood associated, and the full results of which will play out for years to come.

And The Ultimate Problem Is…

That everyone is using the same software. That came about by absolute pressure to become “the leader in the field” and thus used by everyone. It’s another sort of monopoly. If everyone uses Windows, other more secure operating systems are never considered when a big corporation wants to spin off a new venture. No-one who seriously wants an IT job specialises Linux. No programmer really wants to write programs for Windows apps, but there you go – no-one wants a text-based PickOS spreadsheeting program so much any more…

At the root of every monopoly / duopoly / oligopoly / cartel is that desire to be the only business in that field. It’s why, no matter how wealthy a corporation is, they never charge less for their product even though they could probably actually halve prices and still be making fistfuls of dollars.

It’s why money has to always flow INTO corporate coffers and only rarely flow out. Why they begrudge their due share of taxes that they could easily afford and that would massively improve the net quality of life on Earth – because next time you get your hands on that money, you just *might* spend it with their competitor considering how shittily they’ve dealt with you up to now.

And The Most Important Lesson From This Disaster is:

They will keep doing this cycle of dominating their field at YOUR expense for as long as there’s a breath I their body. It’s been done for millennia, and will continue to be done for millennia, unless there’s opposition. One of the reasons they seek to eliminate cash is to close one more loophole, one more taped-up leak in their money-go-round.

They will never give a shit that you couldn’t buy milk for three days while supermarkets got their systems back up, because screw you. You’re an expendable replenishable source of money, there’s eight billion more of you out there.

They will never care that their profit-at-all-costs cheapening of their processes caused anywhere between a dozen to maybe several hundred people to die because hospital theatres couldn’t safely operate, why dozens of crimes were carried out because their mistake caused security computers to crash, same reason.

If a hacker trashed a single hospital record system and caused a single death by medical or surgical misadventure through their actions and were then tracked down by law enforcement, they’d be in prison for life. In the CrowdStrike Disaster, which can be very visibly shown to have caused multiple deaths and miseries and financial losses, there won’t be a single person ever sat in a dock in a Court of Law, unless we make it happen.

I hate to say I told you so but a mere two weeks ago I urged everyone to get out there and fight for your right to cash. You can see exactly how easy it would be for a government or corporation to manage full-scale rioting and civil disobedience now with the CrowdStrike disaster.

Also – bear in mind that before the year 2000 there was widespread fear that the “Y2K Bug” would shut down computers all over the world and create havoc. Techs and programmers worked on the problems for a year or more beforehand to ensure 90% or more of computers would survive, which was why Y2K passed without a glitch. But now two companies have done exactly what we worked so hard to prevent 24 years ago and did so negligently, and will probably never pay the true price of it.

We can’t let this happen to us, it doesn’t bear thinking about, does it? KEEP THE BASTARDS HONEST! Get activated, get lobbying, spread the word, Like and Share this post, and please help me keep it running by donating.

Share:

Discover more from The TEdASPHERE Globe

Subscribe to get the latest posts sent to your email.