Better Offline - How To Break the Internet with Chris Stokel-Walker
Episode Date: September 27, 2024Just over a month after the CrowdStrike debacle, Ed Zitron is joined by journalist and author Chris Stokel-Walker to "stokel-walk" through the brittle patchwork of open source, non-profit and for-prof...it entities that hold up the internet - and how calamitous it would be if any of them buckled. Article: https://www.independent.co.uk/tech/crowdstrike-trigger-global-meltdown-cyber-fail-amazon-b2586523.html Follow Chris: https://x.com/stokel --- LINKS: https://www.tinyurl.com/betterofflinelinks Newsletter: https://www.wheresyoured.at/ Reddit: https://www.reddit.com/r/BetterOffline/ Discord: chat.wheresyoured.at Ed's Socials: https://twitter.com/edzitron https://www.instagram.com/edzitron https://bsky.app/profile/zitron.bsky.social https://www.threads.net/@edzitronSee omnystudio.com/listener for privacy information.
Transcript
Discussion (0)
This is an IHeart podcast.
Guaranteed Human.
Run a business and not thinking about podcasting.
Think again.
More Americans listen to podcasts than ads supported streaming music from Spotify and Pandora.
And as the number one podcaster, IHearts twice as large as the next two combined.
Learn how podcasting can help your business.
Call 844-844-I-Hart.
Another podcast from some SNL late-night comedy guy, not quite.
Unhumor me with Robert Smygel and friends.
Me and hilarious guests from Bob Odenkirk to David Letterman help make you.
you funnier. This week, my guest, S&L's Mikey Day and headwriter, Streeter Seidel, help an
a cappella band with their between songs banter. Where does your group perform? We do some
retirement homes. Those people are starving for banter. Listen to humor me with Robert Smigel and
friends on the I-Heart Radio app, Apple Podcasts, or wherever you get your podcasts.
Life is full of hurdles. So how do you keep going? On Hurtle with Emily Abadi, we're talking with
the most inspiring women in sports and wellness from professional athletes, coaches,
and Olympic champions about the challenges that shape them
and the mindset that keeps them moving forward.
At our level, at this scale,
being able to fail in front of the entire world.
Like, I can do anything.
I can do anything.
Listen to Hurtle with Emily Abadi
on the IHeart Radio app, Apple Podcasts,
or wherever you get your podcasts.
Presented by Capital One, founding partner of IHeart Women's Sports.
Hey, I'm Deanna Maria Riva,
and on my new podcast, How Hard Can It Be?
I call on my Gen X squad from Ohio to Hollywood
as we navigate midlife's most fan
Fantastic BS. Unfiltered conversations from night sweats to futas to scheduling sex. Wait, what sex?
Is it just me or does every woman my age want to look at Pinterest instead of having sex sometimes?
They say we can't polish a turn, but we're sure going to try. So let's get blunt with laughs, tears, or tears of laughter.
Listen to How Hard Can It Be with Diana Maria Riva on the IHeart Radio app, Apple Podcasts, or wherever you get your podcasts.
American soccer is about to explode.
The World Cup is coming.
Ramos sending on the only score at the chip.
I'm Tab Ramos.
I'm Tom Boca.
On our podcast, Inside American Soccer,
you'll get the real storylines,
the biggest decisions,
and the truth about the U.S. national team.
It wouldn't be a huge surprise
if our team ends up in the quarterfinals
or potentially a great run into the semifinals.
Listen, Inside American Soccer with Tom Bow.
and Sabramos on the iHeart radio app, Apple Podcasts, wherever you get your podcast.
Hello, and welcome to Better Offline. I'm your host, Ed Zittron.
Now, you may have forgotten, but about a month or two ago, we had a huge, complete meltdown
of the computer systems of the world when CrowdStrike failed. I did an episode on it,
and while we've all just kind of forgotten about it, and today I'm joined by Chris Stokel Walker,
who's an author, journalist, lecturer, and starting new column at The Guardian as well, aren't you?
Yeah, for a whole week, Ed, not a whole month, I'm taking over tech space,
which will be very exciting for the month of September.
But the reason I brought you on is you wrote a great article for The Independent
back at the end of July about how CrowdStrike isn't the only cyber company
that could trigger a global meltdown the second they fail.
And this is a subject that fascinates me because I love disaster movies
and also this article was terrifying.
So why don't you walk me through it?
Yeah, so basically back in July, we had that odd outage that people might remember.
Basically, people woke up in Asia, Australia, and then eventually the UK,
and then encountered blue screens of death on Microsoft Windows,
which is something amazing that, you know, I'm 35 now,
and I remember that happening when I was a kid,
and then it's never happened since.
Like for all that, you know, people make fun of Microsoft.
Actually, their PCs is decent.
But then suddenly everything went to hell in the handbasket.
So it turns out that CrowdStrike, which is one of the big service providers for kind of antivirus, tools and software, had misconfigured, basically the thing that protects us.
So that it actually harmed us, which is just the ultimate in fantastic areas.
And it turned out that it was actually within CrowdStrike, the third.
thing that was bugged failed because the bug checking thing had a bug in it, which is so good.
It's so good that we have everything built on.
Yeah, and this is the thing, right?
It is, and I guess this is something that a lot of your listeners and others will chime with
because you share a similar sensibility to me, which is that we have built a huge thing,
which is kind of like on a house of cards that is actually hiding the fact that
humans are involved in this and humans screw up frequently. Yet we think that actually,
because this is whizbang tech, you don't have to worry about it. It will also sell up. The glory of
automation. Yeah, precisely. And yet it's not, it's some guy who's overworked, overtired,
and can't type properly and has fat fingers like you and me. Yeah, a combination of private
software companies like CrowdStrike and then, as you'll get into, open source solutions
that are a lot of people doing them for the love of the game, which is wonderful.
but at the same time, we've got this patchwork system that holds up the internet and a lot of the tech we rely on, and we don't really know.
And the fact that so much of it is automated is also terrifying.
Yeah, and this is the thing. That update was sent out to millions of PCs over the course of an evening while people were sleeping, and people didn't realize that there was a massive issue with it until they started to wake up.
And at that point, it is essentially too late. And the best part of this story, I think, is that,
that to fix the issue, and we have kind of fixed the issue a couple of months on.
For a lot of them, you had to actually get individual people to go out to either a computer or a terminal somewhere
and put in the actual update to unscrew up the problem that had existed initially.
But you highlighted there, I read the kind of the issue of how much of this is seen as kind of public utilities nowadays,
like the plumbing of our kind of entire world, and yet it is kind of really rickety and held together.
there were scotch tape and a little bit of chewing gum.
I did a thing, a story a decade ago about how we had a similar issue with a thing called Harplead,
which was another coding error.
So basically it was another similar thing where there was an update to a thing called OpenSSL,
which is the software tool that encrypts all the data that is sent through payment systems and passwords and so on and so forth.
So whenever you see that kind of yellow lock on your web browser,
that is usually running open SSL.
And there was an issue with it,
which essentially meant that all of the information
that people thought was being shared in encrypted form
was actually being shown in plaintext.
So someone could, in theory, come along
and snoop on everything that you're putting in there
from bank account details to passwords and so on and so forth.
The reason why that happened is essentially the internet at the time,
and to a certain extent now or less so,
was being run by two guys named Steve.
The whole thing was developed.
by a guy called Steve Marquez and his friend who was also called Steve,
they were kind of this weird transatlantic bromance where they kept going OpenSSL.
It was this initial volunteer-run project.
That kind of became a key part of the internet and that, frankly,
these multi-billion dollar companies used day in, day out,
but they decided that they didn't really want to pay a penny for the upkeep.
And OpenSSSL is one of the named kind of things that could break the entire internet from your
article as well. Yeah, this is kind of the key part of the internet's plumbing, and there are loads
of these, right? Like, this is the thing that we don't realize until things go wrong, and generally
in IT people want to have 99.99% uptime, until you have that kind of miniature final element
where actually something does screw up and actually you start to recognize that this thing is
held together pretty precariously. We don't realize it, but there is a sort of cabaliener.
of half a dozen or so companies whose job is essentially to keep this stuff running.
And sometimes they do screw up.
And OpenSSL, how was that actually funded?
Is it donations?
Yeah, so initially at the time back in 2014 when Hartbleed was,
Hardbleed was kind of an issue, they were essentially relying on donations.
This was open source software, and that's kind of the basic principle of the web.
We often forget about this, actually.
it is hobbyists that set this thing up alongside a huge military industrial complex.
The XKCD comic, which is everything's held up by a guy called Runk.
Yeah, yeah.
It turns out it was actually Steve, but basically the same sort of thing.
And that is the problem, is they weren't fully funded.
I did a follow-up story back in 2014 because Harpley kind of drew the attention to this.
And it comes back to that idea of how you started our podcast here, where you said,
this thing happened, this huge chaotic thing,
and you've probably forgotten about it
because it's been two months so we moved on.
Same thing with Heartbleed.
This happened, there was this huge outcry.
They got a bit of funding around about a million dollars
that was meant to kind of make them back on an even keel
and so that they could be sustainable.
Reality is, it kind of didn't work.
What do you mean it didn't work?
Well, in the sense of they still had this issue happen again and again.
So what was meant to be kind of a,
fronting up, I suppose, of big tech companies saying, actually, you know what, we recognise that
this hobbyist service is a vital part of our internet's running. We will fund it so it is
sustainable. It didn't necessarily happen. Not to the extent that we've had another heart lead
from OpenSSL, but they do struggle still to kind of keep things going. And that is, I think,
the big problem here, which is the news agenda.
moves on, people forget very quickly, and because there is then not a problem for a little while longer,
we kind of lurch from one catastrophic, near-miss to another.
So OpenSSSL, what does it actually do, though?
I know it's the little padlock on browsers, but what is its foundational point?
Yeah, so it basically it shepherds across data from a user to,
kind of a service provider.
So if you think about it as kind of you input text on your laptop, your phone, wherever you are,
it will then encrypt it.
It will transfer it over to a payment provider, to your bank, to, frankly, also pretty much
anywhere that you put a password in.
And it will ensure that that is encrypted all the way.
But there was an issue with the coding of it, which meant that.
And actually, again, comes back to fat fingers,
some elements of what was being transferred
went into kind of excess memory,
which basically meant that bits of it were encrypted,
but then large parts of it weren't.
So if you were unlucky,
then the bits that weren't encrypted
could be your credit card details,
your sort code and your account number,
and the CVC number.
And that's why there was kind of this big red flashing light
back in a decade or so ago
where people thought, you know what, actually, this exploit, if left unchecked, could become
a massive issue and a real boon for cybercriminals. I think actually, had it happened in 2024,
we would have seen much more of a sort of significant issue in terms of second, Theodore,
and what were to ramifications, because cybercriminals would have been all over that stuff.
And if OpenSSL breaks again, that just means that the internet is not really encrypted,
but every place that uses it is kind of at risk.
Every transaction on every place.
Yeah, and that is the issue.
That is the high wire act.
That is the internet.
And we've seen outages like this come and go time and time again.
We've had the CrowdStrike incident where you couldn't actually get onto your
desktops or your laptops.
We've had outages on major payment platforms.
We've had banks going offline.
We've had social networks kind of disappearing for hours at a time.
And invariably, this is just a very simple error that snowballs repeatedly.
And we're kind of doomed to repeat it.
And I guess the challenge is like how do we put the web on a firmer footing that prevents this from happening again and again?
It feels like funding the OpenSSL Foundation would probably be a good start.
But I imagine that's not.
not happening. We need to build the computer that makes pictures of Garfield with a gun.
Exactly. This is the thing. Commercial interests always come into this. And the reality is,
as you and I both know, and as many of our listeners will know, companies, tech companies in
particular will take action when they realize that the spotlight is on them and that there is this
kind of intrinsic demand for them to do that. As soon as it's off, they're back to doing the same
all thing. They are happy with the status quo as it is. Which is crazy as well, because
What worries me about OpenSSL is that nobody will really be to blame and thus nobody will really feel responsible.
They might kick in some money here and there, Google, especially very reliant on them, but I just don't see them doing it.
Yeah, and this is the thing, the only people that I really noticed when I was reporting out that story a decade ago, who felt any kind of like guilt or personal alarm or kind of just,
like even responsibility for it were actually those two steves.
Like they were gutted.
The story I did for BuzzFeed back then.
Yeah, the story I did for BuzzFie back then was,
it was very difficult to report out because they had been taken out of,
not to overly stereotype, but they were like super techie,
nerdy people.
Like they were very happy being in the background,
tinkering with this thing.
They realized that it was important,
and they took their jobs very seriously.
But they had never been put in the spotlight,
and they were initially very wary of speaking to me
because suddenly this thing happened,
and it's over the course of, like, hours,
that they got kind of thrust into the limelight.
They had the Daily Mail knocking at their door,
which was one of the reasons why they were the super wary of talking to me.
So it took actually a few days of winning them over and saying,
you know what, like, this isn't going to be a hit job.
Like I'm not looking to kind of, you know, hold you up and say, this is the person responsible for this happening.
It's more I wanted to tell the story of why this has happened, why it's an issue,
and why we shouldn't have the ability for kind of slight errors in upkeep to cause catastrophic effects.
Another podcast from some SNL late night comedy guy, not quite.
Unhumor me with Robert Smygle and friends.
me and hilarious guests from Jim Gaffigan to Bob Odenkirk to David Letterman
help make you funnier.
This week, my guest, SNL's Mikey Day and head writer Streeter Seidel,
help an a cappella band with their between songs banter.
There's the worst singer in the group.
The worst?
Yeah.
Me.
Is there anything to the idea that because you're from Harvard,
you only got in because your parents made a huge donation.
The group.
The yarn herds, right?
That's the name.
The Harvard Yard.
They're open.
Do you have a name suggestion?
We're open.
Since you guys are middle aged, one erection.
Listen to humor me with Robert Smigel and Friends on the I-Heart Radio app, Apple Podcasts, or wherever you get your podcast.
Human me.
I need some jokes to make me seem funny.
Run a business and not thinking about podcasting, think again.
More Americans listen to podcasts than ad-supported streaming.
music from Spotify and Pandora. And as the number one podcaster, IHearts twice as large as the next two
combined. So whatever your customers listen to, they'll hear your message. Plus, only IHeart
can extend your message to audiences across broadcast radio. Think podcasting can help your business.
Think IHeart. Streaming, radio, and podcasting. Let us show you at iHeartadvertising.com. That's
iHeartadvertising.com. Jacob Kingston grew up in an isolated polygamous sect.
We were God's chosen kingdom on earth.
He felt destined for greatness.
So when a swaggering Armenian businessman catapults Jacob into an extraordinary world, he doesn't look back.
Ferraris and Lamborghinis, private jets, meeting the president of Turkey.
I'm Michelle McPhee, and this is one of the most shocking criminal conspiracies I've ever come across.
When Jacob met Levant this plant to a billion dollar fraud.
But with two kings from entirely different worlds,
Just how long can their empire survive?
The largest tax investigation in American history.
You need to tell me what you know.
Is somebody coming after me?
Jacob told Levan, you're ruining my life.
Listen to Kingdom of Fraud on the IHeart Radio app, Apple Podcasts, or wherever you get your podcasts.
Life throws hurdles big and small.
The question is, how do you conquer them?
On Hurtle with Emily Abadi, we sit down with the most inspiring,
women in sports and wellness, professional athletes, coaches, and Olympic champions to talk about the
challenges that shaped them and the mindset that keeps them going. From the WNBA standout Kate Martin
and rising hockey star Layla Edwards. If a boy can do it, I don't see why a girl can't. Like,
I've never understood that. Like, it didn't make sense in my brain. It's hard to be in spaces that
no one looks like you, but don't ever feel like you don't belong. Don't let that be the reason you don't
do it. An Olympic champs Gabby Thomas and Katie Ledecki. The ability to show a gold medal to
someone and have their face light up and smile, that means the world to me. And that's what
motivates me to win more gold medals. At our level, at this scale, like being able to fail
in front of the entire world. Like, I can do anything. I can do anything. Because resilience isn't
just about winning. It's about showing up, even when it's hard. Listen to Hurtle with Emily Abadi
on the IHeartRadio app, Apple Podcasts, or wherever you get your podcasts. Presented by Capital One,
founding partner of I Heart Women's Sports.
Hey, I'm Joe Rodano.
You might know me as that loud guy who yells out,
help on the internet.
Help!
Somebody!
Please!
But there's so much more to me than me.
I'm an actor.
I'm a comedian.
And recently, I've become quite the helper myself.
And on my new podcast,
Hope from a Hippocrite,
I'll be changing lives,
helping people in need with my sage advice
and thoughtful solutions.
Sike, I'm a comedian.
I'm not qualified to give good advice.
Join me and my comedian friends as we riff rant and recommend some of the most legally dubious advice known to man.
If I'm calling you, even if you're on your phone, let it ring twice.
One ring is too scary.
Oh, cream a chicken suit.
Hey, cream.
Cream a chicken suit.
This is Help from a Hypocrite, the worst advice from the dumbest people you know.
Listen to Help from Hypocrite as part of the MyCultura podcast network available on the IHart Radio app, Apple Podcasts.
or wherever you get your podcasts.
It almost feels like people getting mad at the homeless to some extent,
where it's like, oh, this person is on the street,
and there are problems that are happening around them,
and you blame the person who is the victim here.
You blame the fact that when you look at the internet right now
and it's instability, you're like,
oh, well, these open source people are doing it for free,
it's their fault because they should have fucking,
they should have been better at doing this thing for free,
that holds up the entire internet versus the fact that the problem is that the entire internet relies
on this underfunded group of people. And it really is, I just want to be clear for listeners.
And Chris, you of course know this. When I say this holds up the entire internet, I do actually
mean that. It's very easy to fall foul to hyperbole sometimes, but this is genuinely that level.
When Hartley happened, it sounds like it could have been truly catastrophic.
It could. It really could. And this is,
The thing that we overlook is either there are kind of not amateurs,
because these people are super professional in terms of what they do,
and they take their jobs seriously,
but they are either not paid or they're paid a pittance,
particularly in comparison to the total compensation packages
that you see watching around Silicon Valley.
And yet there is this kind of super extractive approach from big tech companies
of we will kind of roll in whatever it is that you provided us,
often open source.
And this is the kind of big secret, right,
of a large part of big tech's success,
is they rely on these open source developments
that have kind of underpinned key parts of their tech.
And if things go wrong,
they can always shift the blame onto those open source things
and say, well, this isn't actually our fault.
This is the fault of our supplier,
the thing that came second or third
order down the line. And you've got this big movement in cloud as well towards like composable
architecture, which involves a lot of slotting in open source solutions as well. It's just,
it almost feels like we need a big tech mutual aid thing for open source. I wish that, I don't
think there's any way we could get a government to do this, but I think they should force big tech
to put like a percentage of revenues, not profits, into open source and have very defined less for
them because otherwise you get situations where, I don't know, the entire internet's underpin
by two steves.
Yeah, exactly.
And I think this is, this is the unfortunate thing is that should be the lesson that we learned.
It should have been the lesson that we learned from Heartbleed.
It should have been the lesson that we learned from XZ Utils, which was another issue
that we encountered relatively recently where there was, it turned out, we believe a bad
actor kind of deliberately inserting malicious code into another thing that kind of underpins large
parts of our digital lives.
Turns out that the volunteers that were running that couldn't keep track of it.
One of them literally talks about their burnout and how they'd kind of taken a step away
from the project.
And yet, we always see these things kind of passing by in the rearview window.
We say, oh, you know what?
Isn't that such a shame?
We ought to do something about that.
And then we move on to the next thing.
And we don't pay attention.
Taking a step back, what was XZ Utils for the American listeners, XZ for British and Canadian?
What happened there?
Yeah, so this is kind of, again, another bit of free software.
This was back in sort of spring of 2024.
A kind of malicious hacker had, we think, basically socially engineered their way into the upkeep of this
bit of open source utility,
which is essentially designed to kind of compress data.
So the idea was that it would kind of take a big file,
chunk it up, make it smaller,
get rid of the bits that you don't need.
And it was kind of,
in the same way as you talked about kind of cloud architecture,
slotting in lots of really useful open source tools.
This is a similar thing,
where you could slot in XE Utils, XED Utils,
into whatever you were building,
and it would be fantastic.
This guy had kind of offered to volunteer at a time
when the original developers, the custodians of this tool,
were feeling very burned out, said,
I will help.
The original person then took their eyes off the ball.
This malicious actor started putting in backdoors intentionally,
ways of accessing the data within.
And it was only spotted basically,
by a Microsoft developer who happened to come across this.
And just to be clear, though,
X-Z Utils looks like it's a big part of Linux,
which people who use consumer software may not realize
is basically underpinning most server architect,
like a ton of server architecture, a ton of web architecture, right?
Yeah, so servers, web servers, cloud hosting tools,
lovely.
Webcams, basically anything that's connected to the internet,
probably your fridge, if you have an internet of things fridge, if you are that frivolous,
then that will be connected in some way to Linux. I hope not. I hope that the old Diet Coke
has not been kept cold by an IOT fridge. There's someone who knows me. So this Microsoft
developer found it. And so it turns out that just the corruption of open source, like it can
happen as well with these open source projects, particularly I imagine when they're underfunded and
the people get burned out. Yeah. And this is the thing is, again, it's another,
example of a kind of hobby project that turned into something bigger. Nobody who has the money
either realized or decided that it was important enough to fund directly. The people involved
who are often, you know, again, I don't want to stereotype and I don't want to kind of make them
seem too much like a victim here. But these folks are often super humble, super helpful,
just trying to keep their heads above water essentially
because they've made something that has proved very, very useful
and they don't want to trouble people by shouting for help.
In this case, same thing happened.
Single person in charge of this tool
didn't want to shout too loudly about the problems
that it would cause him in his life.
He kind of took a step away, decided to get help from someone,
turned out they were bad,
and nobody decided to shout to.
about it. So again, this one was, this one was more deliberate rather than a fuck up.
I would also say they are victims. These people are doing some of the most important work in the
world while Sundar Peshai gets $200 million a year. I see these people as heroes and victims at the
same time. Yeah, and I agree. I think, I think what I mean by that is they would not want to be
seen as either the hero or the victim in the peace. Right. They don't, they don't, they don't,
they have a, I think to be involved in open source software more generally,
you have to have a very kind of, it's almost quaint, right?
You have to be very, very community-minded, very kind of,
I am doing this for the good of everybody, but I also don't want the praise for it.
And so either kind of being presented as like this hero defending us against all of the bad stuff
or being presented as the victim who is, you need to pity.
I think that's the thing they don't want.
They don't want pity, but they just want money.
And I think we get back to the systemic problem then,
because I don't see them as like any kind of pathetic thing or indeed.
I mean, I think that's something heroic about what they're doing,
but I think what they're doing is cool.
I think what the problem is, the systemic lack of support for them.
We blame these things, we don't,
but people may blame these projects for breaking.
Oh, it didn't work as well as it.
should, but it turns out that it's just, we put all of this pressure and these requirements on
these people and on these projects and then don't give them the support at all. So naturally, I'm
going to say to my listeners, please go and fund your open source movements, brought on Molly
with Wikipedia, Molly White, of course, about Wikipedia very early on in the show. Fund these projects
because they deserve it. But the funny thing is, is the, sometimes I've seen very stupid idiots
say things like, well, if they were private and corporate entities, they'd be fined and
nothing would go wrong, except we look at CrowdStrike and it's the complete opposite.
Yeah, and the worst thing is with Crown Strike is it's they thought they knew better, right?
Like, this is the key thing.
They thought that they were doing everything perfectly.
they kind of crowed about how good their tools were,
how well they could protect people, and then they didn't.
And this is kind of the endemic thing is,
you can't introduce profit to the equation
because if you do,
you're looking to cut corners.
Now, we still don't really fully know why this happened.
And Crowdstriker is still taking a hit to its,
business, it still has the threat of legal action from those customers who were affected and
there were an awful lot. Airlines were knocked off for basically an entire week in the United States.
You couldn't get anywhere on some airlines because their systems were just so completely broken.
But the idea that you can just kind of throw money at it through a big tech lens doesn't really
work because you need that idea, that kind of ethos of I'm doing this not for profit, not for
myself and not for the company that I work for, but I'm doing it for kind of the greater good.
And I think the problem, if you brought this into a Google or even a crowd strike or whatever,
is that you end up looking at the bottom line and realizing actually, I need to acquire customers,
I need to keep them.
That's going to be my focus, not just making good stuff.
making it work. So onto profit-seeking entities, one of the others you mentioned, is Fastly.
So Fastly, why don't you walk me through Fastly? Because I know there are other companies in this
realm too. Yeah. So Fastly is, it's kind of what you would call an edge cloud provider. So that is
basically an attempt to try and bring the internet speeds up a little bit, make them a bit quicker.
So it's the idea of bringing files that are commonly used or websites that are commonly used closer to where the users want to request them.
The thing that people often overlook is that the web is essentially still a data transmission system.
And so you have to, if I was to pull up a YouTube video from my home in the UK, it would be very silly for me to put that request through YouTube servers in the United States.
because I would have to send the request to the United States.
The request would have to be fulfilled.
YouTube would have to go looking for the video.
It would then have to send the video back to me
and then it would have to be played.
Now, we're really talking about kind of a fraction of a second there,
but it can be done quicker by serving it closer to me physically.
By a content delivery network, like Varsely.
Exactly.
So that is what Fastly does.
The problem is that it went wrong,
around about three years ago,
again, like CrowdSrike, a misconfigured file got pushed out to the company's systems,
because Fastly is used by Amazon, by Reddit, by Twitch, by the UK government, by PayPal,
all of those platforms were affected, which is kind of a big issue.
This guy, you know, who runs Fastly, hugely wealthy man and, you know, has done an awful lot of good,
makes the internet faster, but the problem is, again, it is a private company, it is a single
point of failure for many, many platforms and many websites that we use day in, day out. And so if something
goes wrong, it goes really, really wrong. And what's weird about that is, you'd think that
Amazon, for example, would have their own CDN. And they do have their own CDNs in some ways,
but they still, the part of the thing is
these companies are so sprawling
and these services that they provide
are so huge that they
tend to try and, you know, bucket
them in different ways. And so
while, you know,
the Fastly element went down,
they still had other bits, but it
was kind of very much concentrated on
Fastly, so that's why we had those outages
that. And
there are other companies like this, like Akamai's
the other one, where
if they buckle or fall,
Just chunks of the internet fall offline.
Yeah.
And again, it goes back to around about maybe, God, the late 90s, early 2000s.
We took a series of decisions that essentially decided,
we are going to take this thing that was previously like a kind of hobbyist's home,
developed by, frankly, amateurs, but actually kind of worked.
And we're going to turn this into.
to like a massive profit-making machine,
and we're going to privatize large parts of it.
And we're going to simultaneously have, you know,
big business and also kind of, you know,
public goods and services being transacted on it.
And we've kind of existed in that awkward space forever.
And you've done episodes in the past about,
loads of parts of social media,
and the fact that there is this kind of challenge of,
this is as T. Elon Musk's favorite,
praise a de facto public square, but it is based on essentially private land.
And as soon as you kind of take what was initially kind of like an educational-based communications
network and you turn it into something that is for profit, you really complicate things
in a way that means you have single points of failure and a lot of banks on those things
working. When they don't, it causes big issues.
Another podcast from some SNL late-night comedy guy, not quite.
Unhumor me with Robert Smygel and friends.
Me and hilarious guests from Jim Gaffigan to Bob Odenkirk to David Letterman,
help make you funnier.
This week, my guest, SNL's Mikey Day and head writer Streeter Seidel,
help an a cappella band with their between songs banter.
The worst singer in the group?
The worst?
Yeah.
Me.
Is there anything to the idea that because you're from Harvard,
uh, you only got in because you're parents.
made a huge donation.
The group.
The yard birds, right?
That's the name.
The Harvard Yardt Yardt.
They're open.
Do you have a name suggestion?
We're open.
Since you guys are middle-aged, one erection.
Listen to humor me with Robert Smigel and Friends on the I-Heart Radio app, Apple Podcasts, or wherever you get your podcast.
Humor me.
I need some jokes to make me seem funny.
Run a business.
and not thinking about podcasting, think again.
More Americans listen to podcasts than ads supported streaming music from Spotify and Pandora.
And as the number one podcaster, IHeart's twice as large as the next two combined.
So whatever your customers listen to, they'll hear your message.
Plus, only IHeart can extend your message to audiences across broadcast radio.
Think podcasting can help your business.
Think IHeart.
Streaming, radio, and podcasting.
Let us show you at iHeartadvertising.com.
That's IHeartadvertising.com.
Jacob Kingston grew up in an isolated polygamous sect.
We were God's chosen kingdom on earth.
He felt destined for greatness.
So when a swaggering Armenian businessman catapults Jacob into an extraordinary world, he doesn't look back.
Ferraris and Lamborghinis, private jets, meeting the president of Turkey.
I'm Michelle McPhee, and this is one of the most shocking criminal conspiracies I've ever come across.
When Jacob met Levan this went to a billion dollar fraud.
But with two kings from entirely different worlds, just how long can their empire survive?
The largest tax investigation in American history.
You need to tell me what you know.
Is somebody coming after me?
Jacob told Levan, you're ruining my life.
Listen to Kingdom of Fraud on the IHeart Radio app, Apple Podcasts, or wherever you get your podcasts.
Life throws hurdles big and small.
The question is, how do you conquer them?
On hurdle with Emily Abadi, we sit down with the most inspiring women in sports and wellness,
professional athletes, coaches, and Olympic champions to talk about the challenges that shaped them
and the mindset that keeps them going.
From the WNBA standout Kate Martin and rising hockey star Layla Edwards.
If a boy can do it, I don't see why a girl can't.
Like, I've never understood that.
Like, it didn't make sense in my brain.
It's hard to be in spaces that no one looks like you, but don't ever feel like you don't.
belong. Don't let that be the reason you don't do it.
An Olympic champs Gabby Thomas and Katie Ledecki.
The ability to show gold medal to someone and have their face light up and smile,
that means the world to me. And that's what motivates me to win more gold medals.
At our level at this scale, like being able to fail in front of the entire world.
Like, I can do anything.
Like, I can do anything.
Because resilience isn't just about winning.
It's about showing up, even when it's hard.
Listen to Hurtle with Emily Abbot.
a hurdle with Emily Abadi on the IHeartRadio
app, Apple Podcasts, or wherever
you get your podcasts.
Presented by Capital One, founding partner
of IHeart Women's Sports.
Hey, I'm Jared Adano. You might know me as that
loud guy who yells out, help on the internet.
Help! Somebody!
Please! But there's so much
more to me than me. I'm an actor.
I'm a comedian, and recently,
I've become quite the helper
myself. And on my new
podcast, Hope from a Hypocrat, I'll be changing
lives. Helping people in
with my sage advice and thoughtful solutions.
Sike, I'm a comedian! I'm not qualified to give good advice!
Join me and my comedian friends as we riff, rant,
recommend some of the most legally dubious advice known to man.
If I'm calling you, even if you're on your phone,
let it ring twice. One ring is too scary.
Oh, cream a chicken suit.
Hey, cream, cream a chicken suit.
This is help from a hypocrite,
the worst advice from the dumbest people.
dumbest people you know. Listen to Help from Hypocrite as part of the Mike Cultura Podcast Network
available on the IHartRadio app, Apple Podcasts, or wherever you get your podcasts. And it's it. It is a bit
worrying. And I try not to do too much fud on this show. But this is the stuff that actually
keeps me up at night. This is the thing, especially as we have the increasing electricity use of AI,
especially as we have any basic strain on these companies that hold up the internet. The other thing
I think about is what if there are problems with, I mean, we've seen this tons of times,
with Amazon Web Services, with Microsoft Azure Google Cloud, and so on and so forth. They feel
like also a huge point of failure. Yeah. And you see kind of rumblings of this, right? Like
Down Detector is constantly pinging with things. Down Detector is kind of the website that everybody
goes to whenever something either isn't working or isn't responding to see whether or not other
people are noticing these sorts of issues.
It's strange, right? Because it's like
we have, and it happens every month or two, we have
kind of like pretty significant tremors that
put cracks in our walls.
And we kind of go, oh, you know what? Let's just plass them up and it'll be
all okay. And we kind of overlook it. And it's, it's,
I suppose the question is to what extent are those tremors kind of like
the pre-warnings of like a massive
of rupture, a huge kind of earthquake that is going to affect things? Or are we able to just
kind of keep it ticking over and we have occasional outages and we fix it and that's okay?
Yeah, I was speaking with Barry Lynn the other day. He's an anti-monopoly expert and he kind of
made this point that we also have absolutely no public kind of measurement of success or efficacy
or indeed safety with any of these cloud providers. We have it for power plants. We have it for power plants.
We have it for sewerage.
We have it for water.
We don't treat, despite those are utilities, but really cloud services are utilities too.
And we just don't, we have no idea.
We don't know.
And we have no quality standards.
So who even knows as they push these massive data centers, whether they stay up?
And it terrifies me.
It really does.
Yeah.
I think what's interesting is any data that we do,
have is also provided by them and it's kind of bundled into marketing materials right they say we have
like six digit up time which is that kind of six nines after 99 points to highlight how how well they
maintain their services and how likely it is that you will never encounter an outage but the reality
is even that kind of 0.0.0.0.0.0.0.1 percent over a long course of time can be quite a significant
outage and if it's the thing you know if it's if it's an outage, you know, if it's if it's an outage,
that happens that is keeping a hospital online or keeping your banking system online at a time
when everybody needs it, even the smallest outage on these kind of too big to fail services can be
huge. And we don't realize them because as you say, there is no centralised record of this is
when we've had outages, this is when we've had issues. They just come along every couple of months.
They kind of grab the attention. In the case of crowd strike, it grabbed the attention because it was
quite so massive and quite so visual and visceral. But then we move on and we forget about it and
actually, we're only ever reminded the next time. And by that point, we're so far beyond it that
we forget actually how significant it was. I mean, people couldn't go to work on that Friday
because they couldn't use their computers. Yeah, it's just really terrifying. This is the actual
crisis. And I feel as if it's almost, it feels like screaming into the voice.
at times. One of the reasons I wanted to do this episode was because of this, because I don't
think most people realize how brittle everything is. You've got, oh, the way that most
transactions are in crypto on the internet, that's by two steves. And everything, holding everything
up is like a patchwork of a few companies that are pretty much, do not have, they don't get
held accountable until something breaks. It's, it's very bad. But let's get it, let's make it worse.
So the last two you brought up in your article, ICANN and Veracine.
Why, you talk about why they're also very worrying?
Yeah, so ICAN is, it's, how do I describe this?
Basically, ICAN at its heart, runs what are called DNS, so the domain name system,
which is kind of the address book.
So you type in a URL to your web browser.
that is not machine readable.
So it gets converted into an IP address,
which is a bunch of digits, essentially.
And that gets rooted through what is called the DNS,
which is essentially a massive address book.
And it's run many of them, not all of them.
Three of the kind of dozen or so that exist are run by ICANN,
which is a sort of nonprofit.
That is one of the kind of earliest,
major organizations involved in kind of the early web and also Veracine, which is kind of a private
company. So if these things go offline, then like everything breaks. Because if the DNS, if the
kind of the address system of the internet, of the web is corrupted in some way, I don't know about
you, but I don't remember the IP address of like the BBC News website. I remember my own
phone number and nobody else is, that should tell you everything. And just to be clear,
every website you visit without exception is actually just an IP address, which has then gone
through DNS. That's good. Yeah. And so unless you are, I don't know, some sort of amazing
memory, powerful individual who can remember every single IP address. Who also knows them,
because we don't get exposed to them by the nature of the DNS system.
No, it was like that.
You don't.
Just DNS?
Yeah, you just type it and it works.
And that is, you know, it's one of those things.
It's we've traded off convenience for actually understanding how this technology works,
which is great because it works.
But if it doesn't work, then we're in real trouble.
And I think that is, you know, if you think about kind of the economic impacts of crowdstrike
and the outages because they couldn't, people couldn't get onto their devices,
Think about what happens if people can get onto their devices,
but they don't know how to access their bank
or they don't know how to access the websites
that they need for day-to-day working.
That is the really interesting thing.
And ICANN is non-profit.
It has around about 400 staff,
so it is well-staffed.
This isn't two steves and a dog.
But it is, I suppose,
400 seems fewer people.
than you need for something as important as this, right?
When you consider the huge numbers that are employed by big tech companies,
you would think that ICAN would have more than 400.
Well, the UN has 36,000 people working for it.
And this is probably the size of, like,
this is probably a little bit more important than the UN if you really think about it.
Yeah, the UN website would not work without these things.
And so that is this.
Or email. Would email break as well?
That's a good question.
I think it would.
If you were accessing through the web, it would.
Yeah, and also, presumably, I don't fully know the answer, but I would presume that actually, yeah,
because you are putting in a kind of domain name, something at something.com or dot co.com or dot
UK or dot net or whatever, that it would still be routed through the same system.
So yeah.
And a quick Google says that that's the case too.
This is how I learn things.
And also another website I wouldn't be able to access if DNS was down.
that's so good.
Yeah, exactly.
This is the thing.
You would,
sometimes this happened when I used to work prior to journalism.
I used to work in an office.
And sometimes the actual router would fail.
And you would just kind of be stuck there twiddling your thumbs and thinking, well, what can I do?
Like, imagine that, but everybody in the world all at once unable to do the most basic stuff.
And think about how reliant we are and all of the internet connection.
services and tools that we use,
and then think about what would be the impact
if all of those stopped suddenly,
and we didn't know what to do afterwards.
And it says here in your article,
there's 13 of the largest DNS servers are run by ICANN,
so three of the 13 largest are run by ICANN.
So if someone took out ICAN,
it would still function,
but I imagine there'd be a massive outage
just kind of connecting the bits.
Yeah, so they all have different route servers,
which is kind of like the, they have kind of the original phone books, as it were.
You can get copies of copies of copies of copies of copies,
which are increasingly less reliable.
It kind of generally seems to work geographically,
so it would probably affect parts of the world rather than the entire world,
depending on which way we were served through,
in terms of which quote-unquote phone book you got,
which route server.
But it's kind of a huge issue.
And the problem is we don't fully understand and wouldn't fully understand until it happened
what the impact could be.
Because we know, okay, if it affected those three servers, those three root servers, fine.
But is there something on the other route servers or the websites or the back ends of the
organizations that operate the other route servers that relies on those root servers to get access to?
It's kind of, could the domino effect start to play out here where actually one pretty significant error anyway could actually spread further and further and further?
It's, yeah, it's almost as if to everyone, it would be like if everyone forgot how to speak.
Yeah.
You could perhaps write letters, but speaking was off the table.
It's terrifying.
And again, three of them are held up by non-profits.
it's, which is good, but all of them should be.
It's so strange.
As countries, we can all get together to go to war, or help support a war, perhaps, but we,
or genocide, I guess, in that case.
But we are in this situation where it's fucking, we can't put the money together to
support the literal way that people communicate online.
Which is because we get through.
Yeah, because it works right now.
Yeah.
We survive. It works right now, and when it goes wrong, it hasn't gone completely wrong, 100% wrong, all over the world. And so we kind of go, well, that's a whoopsie. Okay, we can deal with it and move on. Hopefully it won't happen again. Fingers crossed, let's hope that it's all okay. And that's the way that it's kind of working. That's the status quo at the minute.
I guess there's nothing. It's one of these, I like to end episodes by being like, what can regular people do? It doesn't feel like we can.
Ed, you have read some of my journalism.
You know that I'm one of the most pessimistic people.
I do a radio slot here in the UK where I introduce tech stories to people who don't necessarily know lots about tech.
And every single week I get harangued by the hosts because I always end with depressing notes.
And unfortunately, that is the case here, I think.
Yeah, I think that something I like to come back to, though, is knowledge is power.
I think that I wonder if there is, this is one of the dumber things I've thought up.
I wonder if there is actually a way of most people downloading the phone book of DNS phone book.
It could be crypto.
It could be on a blockchain.
A bit of crypto.
And it is funny as well because you see all of this AI bullshit and you got the crypto bullshit.
And they're like, yeah, this is the future.
This is so cool.
Objectively, DNS is cool.
Like this stuff is it.
It's actually insane.
The internet works at all.
Yeah.
Like I wrote a book called The History of the Internet in bite-sized chunks.
And as I said, I'm 35.
I kind of, I joined the web when I was about 10 or 11.
Same here.
Yeah.
I'm 38, by the way, so we're right there.
There you go.
Kind of got interested in it and found it incredible.
But forgot that.
Like, I lost that wonder because we don't see how it works anymore.
You don't see the crankshafts.
You don't see the gears working in the way that you used to.
Kids nowadays don't know how.
to store files on a computer
because they just have cloud storage
that's just always accessible, easily there.
They don't have to structure a file system
or something like that.
And so we take it for granted that these things work
and we just assume that it's all okay.
But actually, yeah, knowledge is power
and knowing that there is a person behind this,
knowing that there is a system behind us
and kind of getting a sense a little bit of how it works
means that you understand more perhaps
when things go wrong.
And importantly, you can kind of advocate
maybe for how to make sure
that it doesn't go wrong again in the future.
Chris, thank you so much for joining me.
Where can people find you?
They can unfortunately find me on X at Stokel.
That is my...
I am going down with that ship.
Long-lived...
S-D-O-K-E-L.
Yeah, we go.
All right, thank you so much, Chris.
You've been listening to Better Offline.
You know where to find me.
There's the same thing that comes on after it
that you'll complain on,
I haven't changed it in a while.
Thank you for listening to everyone.
And then it's going to say thank you for listening again.
Thank you for listening to Better Offline.
The editor and composer of the Better Offline theme song is Matt Rosowski.
You can check out more of his music and audio projects at Mattisowski.com.
M-A-T-T-T-O-S-O-S-K-I.com.
You can email me at E-Z at Better Offline.com
or visit Better Offline.com to find more podcast links and, of course, my newsletter.
I also really recommend you go to chat.
where's your ed.
dot at to visit the discord
and go to our slash
better offline
to check out our Reddit.
Thank you so much for listening.
Better Offline is a production
of Cool Zone Media.
For more from Cool Zone Media,
visit our website,
coolzonemedia.com
or check us out
on the IHeartRadio app,
Apple Podcasts,
or wherever you get your podcasts.
Another podcast from some
SNL, late night comedy guy,
not quite.
Unhumor me with Robert Smygel and friends,
me and hilarious guests
from Bob Odenkirk
to David Letterman,
Help make you funnier.
This week, my guest, S&L's Mikey Day and headwriter, Streeter Seidel,
help an a cappella band with their between songs banter.
Where does your group perform?
We do some retirement homes.
Those people are starving for banter.
Listen to humor me with Robert Smigel and friends on the IHeart Radio app,
Apple Podcasts, or wherever you get your podcasts.
Life is full of hurdles.
So how do you keep going?
On Hurtle with Emily Abadi, we're talking with the most inspiring women in sports and wellness,
from professional athletes,
coaches, and Olympic champions about the challenges that shape them and the mindset that keeps them moving forward.
At our level, at this scale, being able to fail in front of the entire world.
Like, I can do anything.
I can do anything.
Listen to Hurtle with Emily Abadi on the IHeart Radio app, Apple Podcasts, or wherever you get your podcasts.
Presented by Capital One, founding partner of IHeart Women's Sports.
American soccer is about to explode.
The World Cup is coming.
Ramos sending on the only store for championships.
I'm Tab Ramos.
I'm Tom Boker.
On our podcast, Inside American Soccer, you'll get the real storylines,
the biggest decisions, and the truth about the U.S. national team.
It wouldn't be a huge surprise if our team ends up in the quarterfinals
or potentially a great run into the semifinals.
Listen, Inside American Soccer with Tom Bogan and Tab Ramos
on the IHeart Radio app, Apple Podcast, wherever you get your podcast.
Hey, I'm Deanna Maria Riva, and on my new podcast, How Hard Can It Be?
I call on my Gen X squad from Ohio to Hollywood as we navigate Midlife's most fantastic BS.
Unfiltered conversations from night sweats to fupas to scheduling sex.
Wait, what sex?
Is it just me or does every woman my age want to look at Pinterest instead of having sex sometimes?
They say we can't polish a turd, but we're sure going to try.
So let's get blunt with laughs, tears, or tears of laughter.
Listen to How Hard Can It Be with Diana Maria Riva on the IHeart Radio app, Apple Podcasts, or wherever you can.
get your podcasts. There are times when the mind becomes a difficult place to live. This is David
Eagleman with the Inner Cosmos podcast, and for Mental Health Awareness Month, we'll talk with
singer-songwriter Jewel about anxiety. I started living in my car, and then my car got stolen. I was
having panic attacks. I was agoraphobic. This is a month of deeply personal and honest conversations
about what happens when the brain goes off course. Listen to Inner Cosmos on the IHeart Radio app,
Apple Podcasts, or wherever you get your podcasts.
This is an IHeart podcast.
Guaranteed human.