I disagree. In the current day the stakes are too highly to naively attribute software flaws to incompetence. We should assume malice until it is ruled out, otherwise it will become a vector for software implants. These are matters of national security at this point.

"These are matters of national security at this point."

Which nation exactly? Who on earth "wins" by crashing vast numbers of PCs worldwide?

Many of the potential foes you might be thinking of are unlikely to actually run CS locally but its bad for business if your prey can't even boot their PCs and infra so you can scam them.

I might allow for a bunch of old school nihilists getting off on this sort of rubbish but it won't last and now an entire class of security software, standards and procedures will be fixed up. This is no deliberate "killer blow".

Who knew that well meaning security software running in Ring 0 could fuck up big style if QA takes a long walk off a short plank? Oh, anyone who worked in IT during the '90s and '00s! I remember Sophos and McAfee (now Trellix) and probably others managing to do something similar, back in the day.

Mono-cultures are subject to pretty catastrophic failures, by definition. If you go all in with the same thing as everyone else then if they sneeze, you will catch the 'flu too.

> Who on earth "wins" by crashing vast numbers of PCs worldwide?

Anyone who needs a big distraction so he can more likely achieve his real objective unnoticed.

You nearly managed a perfect comment: (t)he(y)

Fair enough but if you are going to take over the world you don't crash everything, indiscriminately unless you are a really sad old school nihilist.

This is not subtle. It is so stupid that the only explanation is stupidity or a silly experiment.

The first thing I did is start to analyze my logs, just in case. I don't use CS but therefore by the Grace of God, go I!

If you have a particular target, you don't fuck up the entire world.

You can (and should) want to identify the root cause, without assuming malice.

Of course RCA should be conducted. But malice should be considered a likelihood until ruled out entirely. Without assuming malicious intent, we will overlook many avenues of attack.

Think about it this way. At the present time, CrowdStrike can accept dark money from an entity in order to halt the world's compute capacity in a plausibly deniable way. When the dust settles, they will be found guilty of negligence at most. This will allow this perverse incentive to persist.

If the stakes for bringing down a great deal of American compute infrastructure were greater, this would happen far less often. It is simple economics of risk.

Furthermore, CrowdStrike, being an entity that enjoys access to privileged sales channels thanks to its relationship with the government, is exactly the sort of entity that should be viewed as skeptically as possible, if the interests of the US Government are paramount. Why should the US Government create a small monopoly for CrowdStrike and not expect the strictest controls? That is not only bizarre, it is stupid.

Hope for the best and plan for the worst. That is how an entity should be viewed when it becomes critical to national security.

It demonstrates terrible QC.

Clearly something failed catastrophically, but it could well be post-QC

There should be no "post-QC". You do gradual rollout across the fleet, while checking your monitoring to ensure the fleet hasn't gone down.

Non-gradual-rollout updates are an exacerbating factor, but it isn't a root cause.

Don’t mess with Quebec :D