Email or username:

Password:

Forgot your password?
Stuart's posts Post Back to profile
Top-level
Vincent :coffeecup:

@calamari Not wrong, but I still feel like pushing out a critical update that breaks global commerce isn't entirely on the airlines and banks.

Delta Airlines has to check that box. CrowdStrike sold them a product saying that they can safely check that box with their product.

19 July at 15:42 | Wall-to-wall | Open on mastodon.coffee
8 comments
Jeff Craig

@vincent @calamari It's still at least somewhat on Delta and others for allowing CrowdStrike to blindly update their entire fleet without using progressive rollouts and canaries.

There is a lot of fault at play here that a more thoughtful approach to compliance would have made this bad, but not catastrophic.

19 July at 15:57 | Open on dice.camp
Andreas K

@vincent @calamari
Did Delta insist that CrowdStrike indemnify them in case that their product breaks their IT for commercial damages their product causes?

(Then CrowdStrike perhaps would not be so willing to claim so many things.)

The whole thing of companies working without accountability mega-sucks.

So I broke the Internet today, but there will be 0 feedback to prevent this in the future.

19 July at 19:40 | Open on mastodon.social
Ian Turton

@yacc143 @vincent @calamari I always recall a discussion I had with an aerospace engineer about liability for compiler bugs, and he said what was the point, why would they want to end up owning Cray Systems if their planes started falling out of the air. Of course that was back in the 90s when we didn't expect planes to fall out of the sky.

20 July at 12:00 | Open on fosstodon.org
Andreas K

@ianturton @vincent @calamari
The point is that there needs to be some adjusting of the weighing functions.

And in our "capitalist" world, this happens by assigning costs.

As long, there is no direct cost for bugs, even catastrophic ones, companies will ship products with catastrophic bugs just to meet the schedule some marketing egg head invented for artificial reasons.

20 July at 13:31 | Open on mastodon.social
Ian Turton

@yacc143 @vincent @calamari but there's every chance that it would end with United owning the wreckage of Crowdstrike which doesn't really help. But as a software engineer I don't see criminalising bugs either as a good thing

20 July at 14:20 | Open on fosstodon.org
Andreas K

@ianturton @vincent @calamari
Ah, but we reached the point where all kinds of security “regulations” (be it from authorities, ISO standards, or insurance companies) lead to situations where actually senior software engineers roll eyes when management explains “necessary measures”, that obviously will lower actual “technical” security just tick obscure items on a list, that make little to absolutely NO sense in the local context.

20 July at 17:46 | Open on mastodon.social
Andreas K

@ianturton @vincent @calamari
So having legal accountibility for these "necessary measurements" and their (often) 3rd party providers sounds like a great idea to stop these idiotic practices, and make the managers and bean counters really do their work, and assess risks, probabilities, and costs for all the options.

And not blindly assume "product X" provides capability Y for so many $Z no need to consider risks what could go wrong.

20 July at 17:49 | Open on mastodon.social
Go Up