Better Offline - CrowdStruck
Episode Date: July 22, 2024On Friday July 19, millions of Windows PCs entered a doom-loop that rendered them non-functional thanks to an update sent by a little-known company called CrowdStrike - and in this emergency Better Of...fline dispatch, Ed Zitron walks you through exactly what happened, why it's so bad, and why both CrowdStrike and Microsoft executives should face criminal prosecution for such a catastrophic managerial failure. These are the dark consequences of the growth-at-all-costs movement. Newsletter: wheresyoured.at Reddit: http://www.reddit.com/r/betteroffline Discord: chat.wheresyoured.at Ed's Socials - http://www.twitter.com/edzitron instagram.com/edzitron https://bsky.app/profile/zitron.bsky.social https://www.threads.net/@edzitron LINKS: https://tinyurl.com/betterofflinelinksSee omnystudio.com/listener for privacy information.
Transcript
Discussion (0)
This is an IHeart podcast.
Guaranteed Human.
Run a business and not thinking about podcasting.
Think again.
More Americans listen to podcasts than adds supported streaming music from Spotify and Pandora.
And as the number one podcaster, IHearts twice as large as the next two combined.
Learn how podcasting can help your business.
Call 844-844-I-Hart.
Another podcast from some SNL late-night comedy guy, not quite.
Unhumor me with Robert Smygel and friends.
Me and hilarious guests from Bob Odenkirk to David Letterman help make you.
you funnier. This week, my guest,
SNL's Mikey Day and head writer
Streeter Seidel, help an
a cappella band with their between songs
banter. Where does your group perform?
We do some retirement homes. Those people
are starving for banter.
Listen to humor me with Robert Smigel and friends on
the I-Heart Radio app, Apple Podcasts,
or wherever you get your podcasts.
I'm Joey Dardano, and on my new
podcast, Hope from a Hypocrite, I'll be
changing lives, helping people in
need with thoughtful solutions.
Sike, I'm a comedian. I'm a
qualified to give good advice.
Join me and my comedian friends as we riff, rant,
recommend some of the most
legally dubious advice
known to me. This
is Help from a Hypocrite, the worst
advice from the dumbest people you know.
Listen to Help from Hypocrite Wednesdays on the
Iheart radio app, Apple Podcasts,
wherever you get your podcasts.
Hello and welcome to an very special
emergency episode of Better Offline. I'm Ed Zittron.
I'm your host and I'm recording this
from inside a closet in a hotel in San
and Cisco, you're very important to me.
On Friday afternoon, I sat in my desk
and just started writing without any
clear aim or objective, other than a desire
to wrap my head around.
Probably the most cataclysmic technological meltdown
that I've seen in my career.
And of course, I'm referring to the crowd strike situation.
How was it the piece of software?
One that few people understood, made by a company
that people really didn't know,
was able to shut down our banking system,
air travel, TV, logistics change.
those weird screens that you see around, and of course, hospitals.
And as I wrote this script, I found myself returning to some of the themes that I wrote about in the
rock economy and the shareholder supremacy and many other pieces that speak to a larger problem
in the tech industry. A complete misalignment in the incentives of most major tech companies,
which has become less about building new technologies and maintaining them and then selling them to
people who would then use them over time. And more about capturing monopolies and gearing organizations
to extract value from the things around them.
Every problem you see is a result of the tech industry,
from the people funding the earliest startups
that the trillion-dollar juggernauts that dominate our lives,
and the fact that it's no longer focused on the creation of technology
with a purpose and organizations driven towards said purpose.
Everything's about expressing growth
and about showing how you will dominate an industry
rather than serve it
and providing metrics that speak to the paradoxical notion,
that you'll grow forever without any consideration of how you'll actually live that long.
Legacies are now subordinate to monopolies. Current customers are subordinate to new customers and products.
Well, they're considered the means to introduce a customer to a form of parasite designed to punish the user for even thinking about moving to a competitor.
The key difference between what happened on Friday with CrowdStrike, and by the way, it's still being fixed and as I'll explain later, will really take some time to be fully resumed.
resolved, and my criticisms of other companies like Facebook and Google is the sheer violent
nature of this failure.
The decline of search and social tools we use in it is kind of a gradual incremental kind
of rot.
CrowdStrike, meanwhile, was a demonstration of what happens when the rod fully consumes
the timber holding up the building.
What's happened with CrowdStrike is completely unprecedented.
I'll get to why shortly.
And on the scale of the much feared Y2K bug that threatened to ground.
the entirety of the world's computer-based infrastructure once the year 2000 began.
You'll note that I'm not saying that Y2K was overhyped or dismissing the scale,
because Y2K was a huge society-threatening calamity waiting to happen,
and said calamity was averted not through any kind of magical thinking,
but through a remarkable half-trillion-dollar industrial effort that took a decade to manifest,
because the seriousness of such a significant single point of failure
would have likely crippled governments, banks and airlines.
People laughed when nothing happened on January 1st 2000,
assuming that all that money and time had been wasted,
all of the media was just being hysterical,
rather than being grateful that an infrastructural weakness was identified,
taken seriously, and that a single point of failure was dealt with,
and that a crisis was averted by investing in stopping bad staff happening before it does.
Crazy goddamn idea, huh?
But as we speak millions, or even hundreds of millions, of different,
different Windows-based computers and now stuck in a doom loop,
repeatedly showing users the famed blue screen of death
thanks to a single point of failure in a company called CrowdStrike,
the developer of a globally adopted cybersecurity product designed, ironically,
to prevent the kinds of disruption that we've witnessed on Friday,
and we're still witnessing today.
And for reasons we'll get into shortly,
this nightmare is going to drag on for several days, if not weeks, to come.
The product, called CrowdStrike Falcon Sensor,
is an EDR system, which stands for endpoint detection and response.
If you aren't a security professional and your eyes are glazing over, I'll keep it brief.
An EDR system is designed to identify hacking attempts, remediate them, prevent them.
They're big, sophisticated and complicated products, and they do a lot of things that's
quite hard to build with the standard tools available to Windows developers, but, as I'll get to later, not Microsoft.
And so, to make Falcon's sensor work, CrowdStrike had to build its own internal kernel driver.
Now, kernel drivers operate at the lowest level in the computer.
They have the highest possible permissions,
but they operate with the fewest amount of guardrails
because massive control, and they're very important to the system.
Very technical people are going to hear that and be like,
that's not the right way to put it.
Get out, not your podcast.
But if you've ever built your own computer,
or you remember what computers were like in the dark days of Windows 98,
you know that a single faulty kernel driver
can wreak havoc on the stability of your system.
The problem here is that CrowdStrike pushed out an evidently broken kernel driver
that locked whatever system that installed it in a permanent boot loop,
meaning that it just started, blue screen of death, restarted, kept doing him.
The system would start loading Windows, encounter a fatal error, and reboot, and then reboot,
and then reboot again, and again and again, in essence, rendering the machine useless.
It's convenient to blame CrowdStrike here, and perhaps that's fair, and I intend to do so several times.
This should not have happened.
On a basic level, whenever you write or update a kernel driver,
you need to know it's actually robust and won't shit the bed immediately.
Regrettably, CrowdStrike seemed to borrow Boeing's approach to quality control,
except instead of building planes where the doors fly off,
and Boeing is the noise it makes when they fly off at the most in opportune times,
it released a piece of software that blew up the transportation and banking sectors,
to name just a few.
It created a global IT outage that has grounded flights and broken banking services.
It took down the BBC's flagship TV channel for kids, infuriating parents across the British Isles,
as well as Sky News, which, when it was able to resume live broadcasts, was forced to do so without graphics.
In essence, it was forced back to the 1950s, giving an aesthetic that matches the politics of its founder and former owner Rupert Murdoch.
By no means is this exhaustive list of those affected either.
The scale and disruption caused by this incident is unlike anything we've ever seen before.
previous instances like this, particularly rival ransomware outbreaks like Wanna
Cry simply can't compare, especially when we're looking at the disruption at the sheer scale
of this problem.
Still, if your day has been ruined by this outage, at least spare a thought for those who'll have to
actually fix it.
Because those machines affected are now locked in this boot loop, it's not like CrowdStrike
can just release a new software patch and call it a day.
Undoing this update requires some users to have to individually go to each computer.
loading up safe mode, a limited version of Windows with most non-essential software and drivers disabled,
and manually remove the faulty code.
And if you've encrypted your computer, that process gets a lot harder.
Servers running on cloud services like Amazon Web Services and Microsoft Azure,
you know the way that most of the internet infrastructure works,
requires an entirely different and much more annoying separate series of actions.
If you're on a small IT team and you're supporting hundreds of workstations across several far-flung locations,
which really isn't unusual these days,
especially in sectors like retail and social care.
You're especially fucked.
Say goodbye to your weekend, your evenings.
Say goodbye to your spouse, your kids.
You won't be seeing them for a while,
and I'm really sorry.
I'll buy you a drink sometime.
Your life will be driving from sight to site,
applying the fix and moving on.
Forget about sleeping in your own bed
or eating a meal that wasn't brought to you by DoorDash.
Good luck. Godspeed. God bless.
I do not envy you.
I'm so grateful I have a fake job.
But you know who I do envy?
Those buying the products that follow this utterly seamless ad break,
which will likely echo my exact sentiments on literally every issue ever.
Another podcast from some SNL, late-night comedy guy?
Not quite.
Unhumor me with Robert Smygel and friends.
Me and hilarious guests from Jim Gaffigan to Bob Odenkirk, to David Letterman,
help make you funnier.
This week, my guest, SNL's Mikey Day and head writer, Streeter Seidel,
help an a cappella band with their between songs banter.
There's that worst singer in the group?
The worst?
Yeah.
Me.
Is there anything to the idea that because you're from Harvard,
you only got in because your parents made a huge donation.
The yard birds, right?
That's the name.
The Harvard yard, but they're open to change.
Do you have a name suggestion?
We're open.
Since you guys are middle aged.
One erection.
Listen to you.
Humor Me with Robert Smigel and Friends on the IHeart Radio app, Apple Podcasts, or wherever you get your podcast.
Humor me.
I need some jokes to make me seem funny.
Run a business and not thinking about podcasting, think again.
More Americans listen to podcasts than ads supported streaming music from Spotify and Pandora.
And as the number one podcaster, IHearts twice as large as the next two combined.
So whatever your customers listen to, they'll hear your message.
Plus, only IHeart can extend your message.
to audiences across broadcast radio.
Think podcasting can help your business.
Think IHeart.
Streaming, radio, and podcasting.
Let us show you at iHeartadvertising.com.
That's iHeartadvertising.com.
There are times when the mind becomes a difficult place to live.
This is David Eagleman with the Inner Cosmos podcast,
and for Mental Health Awareness Month,
we're dedicating a series to understanding the mind when it struggles.
I'm joined by doctors, researchers, and those with,
lived experience. We'll talk with singer-songwriter Jewel about anxiety. I started living in my car,
and then my car got stolen. I was shoplifting. I was having panic attacks. I was agoraphobic.
And making it through hardship. To be present is a learned skill, and it's hard to be present.
We'll talk with John Nelson about clinical depression and the brain implant that saved his life.
What I learned is that procedure made me happy because I'm disease-free. And we'll talk to
with leading experts like Judd Brewer about anxiety and John Hirschfield about obsessive
compulsive disorder and the science of how the brain can change. This is a month of deeply personal
and honest conversations about what happens when the brain goes off course and what we can do about
it. Listen to Inner Cosmos on the iHeart radio app, Apple Podcasts, or wherever you get your
podcasts. And we're back. The significance of this failure
which isn't a breach, by the way, and in many respects is far worse, at least with destruction it caused,
is not its damage to individual users, but to the amount of technical infrastructure that runs on Windows,
and that so much of our global infrastructure relies on automated enterprise software,
that, when it goes wrong, breaks everything.
It isn't about the number of computers, but the amount of them that underpin things like security checkpoints,
or systems that run airlines, or banks, or hospitals, all running as much automated software as possible,
so that the costs can be kept down.
Yeah, you remember the raw economy?
Jesus fucking great.
The problem here is systemic.
That there's a company that the majority of people affected by the outage
had no idea existed until, well, a day or two ago.
That Microsoft trusted, to the extent that they were able to push an update
that broke the back of a chunk of the world's digital infrastructure.
Microsoft, a company,
instead of building the kind of rigorous security protocols
that would say,
I don't know, rigorously test something that connects to what,
seems to be a huge portion of Windows computers.
Well,
they just chose to do something else.
They've just screwed the fuck up.
As pointed out by Wired,
the company vets and cryptographically signs
all kernel drivers, which is sensible and good
because kernel drivers have an incredible amount of access
and thus can inflict serious harm,
with this testing process usually taking several weeks.
What happened, Microsoft?
How did this slip through Microsoft's fingers?
Well, for this to have happened, too,
companies needed to screw up epically.
Boy fucking howdy, did they.
What we're seeing isn't
just one major fuck-up, but the first
of what will be many systemic failures,
some small, some potentially
larger, that are the natural byproduct
of the growth at all-cost ecosystem
where any attempt to save money by outsourcing
major systems is one that must simply
be taken to please the
beautiful, sexy shareholder that they
all love so much.
And this is a problem with the digitization
of society, or more specifically the
automation of once manual tasks. It introduces a single point of failure, or rather, several of them,
all clustered together like a rat king or a catamari. Our world, our lifestyle and our economy is
dependent on automation and computerization, with these systems in turn dependent on other systems to work.
And if one of those systems breaks, the effects ricochet outwards, like ripples when you cast a rock
in a lake, or throw a body in for some listeners.
Friday's CrowdStrike cock-up is just the latest example of this, but it isn't the only one.
Some of you might remember the Solar Winds hack back in 2020 when Russian state-linked hackers gained access to an estimated 18,000 companies in public sector organizations, including NATO, the European Parliament, the US Treasury Department, and the UK's National Health Service, by compromising just one service.
Solo wins Orion.
Remember when Okta?
Some of you might know Oktar.
It's a company that makes software that handles authentication for a bunch of websites, governments and businesses.
Well, when they got hacked in 2023, they then lied about the scale of the breach.
Hey, do you remember when those hackers leapfrogged from Octor to a bunch of other companies like Cloudflare?
Yeah, they provide the content delivery services and the services that protect websites from being, well, brought down by a bunch of bots.
Pretty much the entire internet.
Everything feels like it's being held up by like twigs and chewing gum.
So you probably know the quote, No Man is an Island.
And it's especially true when we're talking about tech, because when you scratch,
But, right beneath the surface, every system that looks like it's independent is actually heavily,
heavily dependent on services and software provided by a very small number of companies, many of whom
are not particularly good.
And this is as much a cultural failing as it is a technological one.
The result of a management culture geared towards value extraction, building systems that build
monopolies by attaching themselves to other monopolies.
CrowdStrike went public in 2019 and immediately popped on its first day of trading
thanks to Wall Street's appreciation of the moving away
from a focused approach to serving large enterprise clients,
building products now for small and medium-sized businesses
by selling through channel partners.
In effect, outsourcing both product sales
and the relationship with the client
that would tailor a business's solution to said client,
especially when something is so serious like this,
I want you to really think about this
and think about this problem,
because the problem isn't so much selling to small businesses
or medium businesses.
It's the fact that CrowdStrike made its money
selling to the enterprise and specializing in that.
And that's the thing.
When you broaden out, when you must grow in all directions at all times,
in all ways to please the horny beasts of Wall Street,
you lose your focus.
But that isn't the only problem,
because CrowdStrike's culture appears to also fucking suck.
A recent Glass Store entry referred to CrowdStrike as
Great Tech with terrible culture,
with no work-life balance,
with leadership that does not care about employee well-being.
Another from June 2024 claim that CrowdStrike was changing its culture for the street with KPI,
as in metrics related to your success at the company, driving behavior more than building relationships,
with a serious lack of experience in the public sector in senior management.
So glad that this company is selling into government.
Anyway, moving on.
Others complained of micromanagement, with one claiming that management is the biggest issue,
with managers asking way too much of you.
And it doesn't matter if you do what they ask, since they're not even,
around to check on you. And another saying that management is arrogant and needed to stop lying to
the market on product capability. That's what I love to see. We all love to see that. I'm very
happy to read that. And while I can't say for sure, I'd imagine an organization with such
powerful signs of growth at all cost thinking, a place where you and I quote, have to get used
to the pressure that's a clique that you're not in, likely isn't giving its quality assurance teams the
time and the space to make sure that there aren't any kaiju level security threats
baked into an update.
And that assumes it actually has a significant QA team in house and hasn't just, as with
many companies, outsolves the work to a body shop like YProw or Infasis or Tatar consultancy.
But for a moment, I'm going to change gears a little to try and explain what actually
happened and why it suggests that the issue is likely the product of cost cutting and
institutional failure within CrowdStrike.
In the aftermath of Friday's incident, we've seen some analyses about what actually went down with them.
First, some throat clearing.
I haven't verified this stuff independently.
From what I've read, though, and from speaking to developers, this all seems relatively plausible,
but maybe worth Googling this a little yourself, but I'm going to give it a go.
So the kernel driver at fault was written with a programming language called C++.
This language was developed in the 1980s, and it's very good for writing high-performance applications.
anything where you're concerned about speed, like the internal operating system or a video game,
it's pretty popular for that.
And it's also pretty dangerous, too.
So dangerous, in fact, that it's often referred to as an unsafe language.
Without getting too into the weeds, C++ makes it incredibly easy to shoot yourself in the foot,
the ass, and the dick at the same time.
It's big, complex, and has few safeguards, while providing many opportunities for developers to screw up very badly.
Like the languages derived from C, it forces developers to deal with a lot of low-level stuff,
like handling memory allocation, that you don't really have to deal with in many popular languages like Python, Java, Rust, Swift, or C-sharp.
And this matters because if you screw this up, your code will break, or, I don't know, it might introduce some kind of potentially disastrous security vulnerability.
In 2019, Microsoft researchers said that 70% of all security vulnerabilities were the result of memory management
issues. And I doubt that figure has changed much since then. And earlier this year, the White House
Office of the National Cyber Director urged developers to stop using unsafe languages like C and C++,
and start using modern and safer alternatives like Rust. With me so far? So from what I've read,
the crowd-striked Falcon sensor kernel driver crashed because it had something called a null-pointer error.
Essentially, the developer wrote some code that told the program to look for a memory location that
didn't exist and didn't write any safeguards to protect against it.
When this happened, the driver and so the operating system crashed.
This is a rookie mistake, and I've talked to multiple developers that have backed this up.
If you take an introductory C++ programming class at university, they'll cover this in the
first year.
It kind of boggles the mind how trivial a mistake this is and how it made it into production
code, which is the code that goes out into the real world, and how it wasn't caught either
by CrowdStrike or by Microsoft, who was supposedly obligated.
to vet this driver. And if the reports are true, someone really, really, really screwed up,
really badly. But if you don't want to screw up, if you want to really do well in life,
I advise you to buy one of the following products or services, which I, of course,
fully understand, know all about and won't be embarrassed by.
Another podcast from some SNL late-night comedy guide, not quite.
Unhumor me with Robert Smygle and friends, me and hilarious guests from Jim Gathe.
to Bob Odenkirk, to David Letterman, help make you funnier.
This week, my guest, SNL's Mikey Day and headwriters, Streeter Seidel,
help an Acapella band with their between songs banter.
There's that worst singer in the group?
The worst?
Yeah.
Me.
Is there anything to the idea that because you're from Harvard,
you only got in because your parents made a huge donation.
The group.
The yard birds, right?
That's the name.
The Harvard yard, but they're open.
Do you have a huge donation?
suggestion. We're open.
Since you guys are middle-aged, one erection.
Listen to Humor Me with Robert Smigel and Friends on the IHeart Radio app, Apple Podcasts, or wherever you get your podcast.
Humor me. I need some jokes to make me seem funny.
Run a business and not thinking about podcasting, think again.
More Americans listen to podcasts than ad-supported streaming music from Spotify and Pandora.
And as the number one podcaster, IHearts twice.
as large as the next two combined. So whatever your customers listen to, they'll hear your message.
Plus, only IHeart can extend your message to audiences across broadcast radio. Think podcasting
can help your business. Think IHeart. Streaming, radio, and podcasting. Let us show you at
iHeartadvertising.com. That's iHeartadvertising.com. Hey, everyone, it's Ryder Strong and Will
Ferdell from PodMeets World. And now the PodMeets Twirled podcast. We're two men who were
completely clueless to reality TV, who now have covered
Dancing with the Stars.
Traders.
And we're gearing up
for the season finale
of Survivor.
So yeah, now we're experts.
I know we annoyed a lot of our listeners
by our severe lack of survivor knowledge.
That is the point of the show.
I'm just going to remind you.
I have watched some Survivor.
I obviously haven't watched enough.
Did people not like it?
Yeah.
Just because we?
Yeah.
We'll be recapping the big conclusion
at the 50th season.
From the final attempts at gameplay
to the desperate pleas of finalists
to a bunch of ha-hoo.
Ha-ha-hoo.
Again, we are experts.
So make sure to tune into PodMeets Twirled
for all our Survivor 50 takes.
Listen to PodMeets Twirled on the IHeart Radio app,
Apple Podcasts, or wherever you get your podcasts.
And we're back.
And to be clear, I don't want you to think
that I'm letting Microsoft off the hook either.
Assuming the kernel driver testing roles
are still being done in-house,
do you think that these testers,
who have likely seen their friends laid off
at a time when Microsoft was highly profitable,
and denied raises when their well-fed CEO probably took home over $100 million in salary for a job he's eminently bad at.
Do you think these people are doing their best work?
Do you think they go into work jazzed, full of piss and vinegar, ready to save the world?
Or do you think they hate their job and they're being forced to do too much and they're miserable?
And the people that knew what the fuck was going on haven't been fired and the people who managed those people
and the people that wrote the code that they're edited.
You think anyone knows what the hell is going on?
No.
They don't.
And this is the culture that's poisoned almost the entirety of Silicon Valley.
What we're seeing now is the societal cost of moving fast and breaking things,
of people like Mark Andreessen considering risk management the enemy,
of hiring and firing thousands of people, tens of thousands in some case,
to please Wall Street, of seeking as many new possible.
ways to make as much money as possible to show shareholders that you'll grow, even if doing
so means growing at a pace that makes it impossible to sustain organizational and cultural stability.
When you aren't intentional in the people you hire and retain, the people you fire, the things
that you build, the way that they're deployed, maintaining your systems, understanding how and
why things were written, the decisions that were made 5, 10, and 15 years ago, you're going to
lose the people to understand the problems they're solving and thus lack the organizational ability
to understand the ways that problems might be solved in the future or disasters might be averted.
This is dangerous, and it's also a dark warning for the future. Do you think that Facebook or
Microsoft or Google, all of whom have laid off over 10,000 people in the last year, have done so
in a conscientious way, in a knowledgeable way, a people-focused way, an organizationally rigorous
way that means that the people are left who understand how their systems run and the inherent
issues built into them.
Do you think that management types obsessed with unsustainable AI bullshit are investing heavily
in making sure that their organizations are rigorously protected against, say, one bad line
of code or one dipshit error?
Do they even know who wrote the code of their current systems?
Is that person still there?
Do they have their email and their phone number?
Is that person at least contracted to make sure that something that's not that person at least contracted to
make sure that something nuanced about the system in question isn't mistakenly removed or changed or,
quote, fixed? No, no, they're not. They're gone. They're not there anymore. Only a few months ago,
Google laid off 200 employees in the core of its organization, outsourcing their roles to Mexico
and India in a cost-cutting measure. The quarter after the company made $23 billion in profit.
I'm jumping to Google because they're just probably next in one of these horrible breaches, or
Sorry, not breaches, failures.
Silicon Valley and big tech, writ large,
is not built to protect against situations like the one we saw on Friday
and the damage we're going to get from CrowdStrike,
because the culture's cancer.
It values growth at all costs with no respect for the human capital
that empowers organizations or the value of building rigorous,
quality-focused products that are maintained over time.
You know me, I'm a nasty little bitch.
What a more on the nose example.
George Kurtz, the CEO and co-founder of CrowdStrike, said in 2020 that,
not one time has he regretted firing someone too fast,
in a conversation where he argued that tech executives were becoming too obsessed with culture.
And in a stunning act of foreshadowing,
when he was the chief technology officer at McCaffee,
best known as the company that makes antivirus software that they sell to your granddad,
and that they ship with computers and you immediately uninstall,
while he oversaw an update that treated in the central part of Windows XP
is a virus quarantining it and sending the computer into a boot loop.
It's almost a little bit too on the nose.
They're calling him the Prabagar Ragavan of Security.
It's a very bad deal.
But dear listener, this is just the beginning.
Big Tech is, to quote Trivium and the throes of perdition,
teetering over the edge of the abyss,
finally paying the harsh cost of building systems as fast as possible.
But let's be honest, they're not paying the cost, we are.
This isn't simply moving fast or breaking things,
but doing so without any regard
for the speed at which you're doing so
when firing the people that could fix them or might have broke them.
The people that know what's broken, possibly.
The people who might have an idea to stop this happening in the future.
And it's not just tech.
Boeing, a company I've already shat on plenty
and one I'll likely return to in the future,
largely because it exemplifies the short-sightedness of managerial fuckery,
has over the past 20 years or so
span off huge parts of the company,
Parts that at one point were vitally important, probably still are, into multiple other separate companies,
laid off thousands of employees at a time, and outsource software development to $9 an hour body shop engineers.
Fucking how, it hollered itself out until there was nothing left, and then the plane started breaking.
And tell me, knowing what you know about Boeing today, would you rather get on a 737 max or an Airbus A320 Neo?
I guess it depends how much of a Buddyholy fan you are.
Anyway, as these organizations push their engineers harder and harder and have less of them because they've been laying them off,
set engineers will need to find a way to write code quickly and perhaps they'll turn to AI generated code,
which poisons code bases with insecure and buggy writing,
as companies shed staff to keep up with Wall Street's demands in ways that I'm not really sure people are capable of understanding yet.
When you have less engineers and bigger time constraints,
and by the way, Prabagar Ragavann at Google,
I'm specifically told people they'd be doing things faster with less people.
It's so cool.
I love tech.
When you have less people, more time constraints,
they're going to turn to whatever little tricks they can.
Wouldn't you in that situation too?
You have to ship faster than is possible.
Of course you're going to do that.
But the companies that run the critical parts of our digital lives
do not invest in maintenance or cultural unity
or any kind of rigorous infrastructure, if I'm honest.
You need intentionality as well when building these things.
You need it.
It's required to prevent the kinds of things that happened on Friday with CrowdStrike
and the kind of systemic failures that you're going to see in the future.
And I need you to be ready for this to happen again.
And all of this is the horrifying cost of the rot economy,
systems used by billions of people held up by flimsy cultures and brittle infrastructure,
maintained with the diligence of an absentee parent.
This is the cost of arrogance,
of rewarding managerial malpractice,
of promoting speed over safety and profit over people.
Every single major tech organization
should see CrowdStrike's failure as a wake-up call,
a time to reevaluate the fundamental infrastructure
behind every single tech stack.
What I fear is they won't,
that they'll see it as someone else's problem,
just like Microsoft did.
And that's exactly how we got there in the first place.
And this is going to keep happening.
I'm going to make a daring,
suggestion at the end of this, one based on guest of the show, Daron Asa Muglu.
I believe it's time to start bringing in criminal prosecution to executives.
If you, as the executive, are pushing the kind of cultures where basic security practices are
failing, where managers do not exist, where checks and balances don't exist, you should
be held responsible. And I don't mean a fine, by the way. A fine for a multi-trillion dollar.
or even multi-billion-dollar company is just a fee with a different hat on.
No, I believe there should actually be a criminal inquiry into CrowdStrike, in to Microsoft.
And the people responsible are not necessarily the workers. No. The people responsible are people like
Satcha Nadella, the CEO of Microsoft, and George Kurtz, the CEO of Crowdstrike, both of whom
should face criminal investigations. We do not know at this time.
the significance of this event,
but we know it's more significant
than almost any computer infrastructure
or failure in history.
And it affected hospitals.
Do you think people didn't die?
Do you think that something didn't break?
Do you think that there's not a corpse
on Satchin Adela and George Kurtz's goddamn hands?
I guess it would be blood, but still we keep going.
These people are responsible,
and they're not afraid,
and they should be.
There must be consequences for this level of fuck up.
Microsoft made over $10 billion of profit in the last quarter.
By the way, the market cap of CrowdStrike before this happens
around $89 billion.
Microsoft could probably, in a space of a year's profits,
buy them in cash, or build their own goddamn system,
but they chose not to to save money,
and CrowdStrike in turn found other ways to save money,
and saving money will likely have ended lives and ruin them.
This is why I'm so pissed off, everyone.
This is why I'm so frustrated.
This is what I've been talking about from the goddamn beginning of this goddamn show.
This is the consequence.
This is what will happen and will happen again and again and again.
This is the first of many calamities that will happen as a direct result of companies run by people that don't give a shit,
of a Silicon Valley culture built on exploitation and value extraction.
and of a business cartel run by people all agreeing to do the same level of shitty job,
of holding no one accountable, of not calling out their peers for running shitty companies
because everyone's in on the scam.
And it's a culture that is failing society and a culture that I will continue to eviscerate
every goddamn week until they, well, kick me out of this closet I'm in reading to you.
It's such a pleasure reading this stuff and I hope I've given you more clarity.
If you have any questions, you'll hear my email address after this, but it's E, that's the letter EZ,
at betteroffline.com, and that's EZ at betteroffline.com for my wonderful British listeners.
Thank you for listening, and if this affected you, I'm so sorry.
And it likely did.
Normal people, people in hospitals, banks, airports, people traveling, got their lives fucked up by this,
and I'm 100% sure people have died.
It's time for criminal inquiries and it's time for criminal.
prosecution. It's time for real consequences for executives who don't give a shit. You heard it here
first. Well, second, I guess Daron said it first. Be safe out there. Thank you for listening to Better Offline.
The editor and composer of the Better Offline theme song is Mattosowski. You can check out more of his
music and audio projects at Mattisowski.com. M-A-T-T-O-S-S-K-I.com. You can email me at E-Z at
betteroffline.com or visit betteroffline.com to find more podcast links and of course my newsletter.
I also really recommend you go to chat. Where's Your Ed?at to visit the Discord and go to
R slash Better Offline to check out our Reddit. Thank you so much for listening.
Better Offline is a production of Cool Zone Media. For more from Cool Zone Media,
visit our website, coolzonemedia.com or check us out on the IHeartRadio app, Apple Podcasts,
or wherever you get your podcasts.
Another podcast from some SNL late-night comedy guy,
not quite on Humor Me with Robert Smygle and Friends.
Me and hilarious guests from Bob Odenkirk to David Letterman
help make you funnier.
This week, my guest, SNL's Mikey Day and head writer Streeter Seidel
help an a cappella band with their between songs banter.
Where does your group perform?
We do some retirement homes.
Those people are starving for banter.
Listen to humor me with Robert Smigel and Friends on the IHeart Radio app,
Apple Podcasts, or wherever you get,
Podcasts. I'm Joey Dardano, and on my new podcast, Hope From a Hypocrite, I'll be changing lives,
helping people in need with thoughtful solutions. Sike, I'm a comedian. I'm not qualified
to give good advice. Join me and my comedian friends as we riff, rant, recommend some of the most
legally dubious advice known to me. This is Help from a Hypocrite, the worst advice from the
dumbest people you know. Listen to Help from a Hypocrite Wednesdays on the Iheart radio app,
Apple Podcasts, or wherever you get your podcast.
If you're watching the latest season of the Real Housewives of Atlanta,
you already know there's a lot to break down.
Gorsha accusing Kelly of sleeping with a merry man.
They holding Kay Michelle back from fighting Drew.
Pinky has financial issues.
On the podcast, Reality with the King,
I, Carlos King,
recap the biggest moments from your favorite reality shows,
including the Real House Wise franchise,
the drama, the alliances,
M&T, everybody's talking about.
To hear this and more,
listen to Reality with the King
on the IHard Radio app, Apple Podcasts,
or wherever you get your podcast.
This is an IHart podcast,
Guaranteed Human.