I wrote code in assembly language for an IBM 360 with a HASP operating system. We took pride in crafting efficient and robust operating systems. Those days are long gone. You don't need nukes, chemical or biological weapons to defeat the free world; you need a few lines of malicious code and enough explosives to knock out a few transmission towers. The rest would take care of itself.
Scary thing is there are still 15k or so mainframes out there running some really critical code. And very few people that know JCL, COBOL, etc left. Speaking of resilience
Below is a link to Steve Ballmer, laughing at the old school, IBM programmers judging everything by how many KLOCs they had written--thousand lines of code. Ballmer was equally proud that MS came along with streamlined code. That was a long time ago!
I work in the security industry and we have a bunch of customers badly impacted by this. The upside, I was able to tell them, is that the computers that Crowdstrike (which is security software itself) made unusable are also not vulnerable to attack right now. I'm sure that is very small consolation to all the businesses losing exorbitant amounts of money to fix Crowdstrike's screw up.
Your points about resilience are good ones. As a long time security professional, I can tell you that resilience is one of the most overlooked things done in securing people and systems. It's difficult and costs more. Until the problem occurs and then it turns out it would have been cheaper to build the resilience ahead of time.
I work in public safety software. We have multiple customers who want to move their data to cloud based platforms. It would make distributing updates much easier, but opens us up to problems like CloudStrike had. I see the business case, but worry about the wisdom of it.
My older son is a professional computer programmer--he's been in the field for almost 30 years. He told me years ago that the biggest risk in trying to debug software is that you may create two new bugs while you take out one.
With business or some personal computers, it's wise to keep at least one backup machine offline and fired up only monthly for updates and clone backup. Rigging for non-online running must be configured, of course.
Here in Seattle we have had several public institutions like the municipal library and hospitals go "dark" for long periods of time after attacks. For medical facilities, resiliency competency and training should be a must-lives can be at stake.
Blaze Media is reporting that Crowdstrike is a partner of WEF, and that Vanguard is the biggest shareholder. Crowdstrike also planted the seed for the Russian election-interference hoax. Failure of Hanlon's Razor, this was a feature not a bug?
...also to add an additional comment ... we were discussing atlases at dinner. I am the only one who keeps a relevant set in my car, but that is because I always have. There's gonna be some map buying here. You might hunt up an Amazon link to post for "commission earned" purposes.
Any notions on how to manage prescription refills in a way that lets you stockpile more than a day or two. I can get refills at 90% on some drugs, but the "scary" drugs like gabapentin are under the thumb of the opioid crisis, even though it is not an opioid.
Historically, the vast majority of Blue Screens of Death could be traced to dubious device drivers running in kernel mode. When Windows finally managed to exile (*cough* NVidia *cough*) video drivers from that level of privilege, the incidence of BSODs dropped significantly. To be fair, modern video drivers are astoundingly complex. I can't say why CrowdStrike needed/wanted kernel mode drivers, but in general, just say no to 3rd party kernel mode drivers. And at least consider a Linux that's tuned to your use scenario. And ask yourself if you really need it be running "in the Cloud." Thanks.
I'm an electrical engineer involved in the industrial controls world. Which means, nowadays, that I write a lot of software. In industrial fora, for the past several years, I've been harping on the vulnerability of Windows-based computing for machinery and critical industrial infrastructure. I go so far as to call it "engineering malpractice" to have critical machinery and systems depending on an OS that cracks so often, whether by incompetence or malice.
(I run all my own bare-metal computing on Linux. Windows in Virtual Machines for the few programs I can't yet escape.)
I doubt this fiasco will crack the entrenched ways of big companies, but it should.
My version of resiliency is to insure against infrastructure going down: if the power goes off, I have a dual fuel generator to run my gas furnace, gas water heater, and refrigerator for a few days. If the gas goes down, I have a microwave, electric griddle, and space heater. If both go off, I have a propane grill and a wood-burning fireplace with a cord of dry wood. If everything goes to hell and I have to bug out, I have a secluded 5 acres of woods 25 miles from the city where I can hole up and camp.
During the shutdowns a few years ago, the local school system was crippled by ransomware, because they had moved all textbooks to ebooks, not hard copies. Books aren't subject to ransomware, Crowdstrike incompetence or malcompetence, hacking, etc. Battery does not run low.
We were able to open our refrigerator today, no problem
And my kids (both in their 40s) make fun of me carrying a bit of cash, usually aboth $500 or so, when I am out and about. It has been useful several times.
My degree is in systems management with a minor in CS. Never used it commercially but I will never, ever, not in 10 million years put something I value on a cloud server. Backups to a portable USB drive don't take any time at all.
I wrote code in assembly language for an IBM 360 with a HASP operating system. We took pride in crafting efficient and robust operating systems. Those days are long gone. You don't need nukes, chemical or biological weapons to defeat the free world; you need a few lines of malicious code and enough explosives to knock out a few transmission towers. The rest would take care of itself.
Funny, I started my tech life writing JCL on an IBM 360. JCL happens in JES, not HASP :-)
Job Control Language and me are tight.
Scary thing is there are still 15k or so mainframes out there running some really critical code. And very few people that know JCL, COBOL, etc left. Speaking of resilience
I found a complete IBM 370 for sale on the Interwebs. If push comes to shove, I could be king! 😀
Boom!
I used JCL & PL/1 a quarter century ago working on Y2K, good times.
Y2K was so much fun! I was on one of the Y2K teams at EDS. Got a letter opener and everything!
Below is a link to Steve Ballmer, laughing at the old school, IBM programmers judging everything by how many KLOCs they had written--thousand lines of code. Ballmer was equally proud that MS came along with streamlined code. That was a long time ago!
Video: https://youtu.be/kHI7RTKhlz0?feature=shared
I work in the security industry and we have a bunch of customers badly impacted by this. The upside, I was able to tell them, is that the computers that Crowdstrike (which is security software itself) made unusable are also not vulnerable to attack right now. I'm sure that is very small consolation to all the businesses losing exorbitant amounts of money to fix Crowdstrike's screw up.
Your points about resilience are good ones. As a long time security professional, I can tell you that resilience is one of the most overlooked things done in securing people and systems. It's difficult and costs more. Until the problem occurs and then it turns out it would have been cheaper to build the resilience ahead of time.
A good day to be Amish, wouldn’t you say?
Great point, professor.
I work in public safety software. We have multiple customers who want to move their data to cloud based platforms. It would make distributing updates much easier, but opens us up to problems like CloudStrike had. I see the business case, but worry about the wisdom of it.
My older son is a professional computer programmer--he's been in the field for almost 30 years. He told me years ago that the biggest risk in trying to debug software is that you may create two new bugs while you take out one.
Crowd Strike liability-is this company toast?
With business or some personal computers, it's wise to keep at least one backup machine offline and fired up only monthly for updates and clone backup. Rigging for non-online running must be configured, of course.
Here in Seattle we have had several public institutions like the municipal library and hospitals go "dark" for long periods of time after attacks. For medical facilities, resiliency competency and training should be a must-lives can be at stake.
Blaze Media is reporting that Crowdstrike is a partner of WEF, and that Vanguard is the biggest shareholder. Crowdstrike also planted the seed for the Russian election-interference hoax. Failure of Hanlon's Razor, this was a feature not a bug?
...also to add an additional comment ... we were discussing atlases at dinner. I am the only one who keeps a relevant set in my car, but that is because I always have. There's gonna be some map buying here. You might hunt up an Amazon link to post for "commission earned" purposes.
Any notions on how to manage prescription refills in a way that lets you stockpile more than a day or two. I can get refills at 90% on some drugs, but the "scary" drugs like gabapentin are under the thumb of the opioid crisis, even though it is not an opioid.
Historically, the vast majority of Blue Screens of Death could be traced to dubious device drivers running in kernel mode. When Windows finally managed to exile (*cough* NVidia *cough*) video drivers from that level of privilege, the incidence of BSODs dropped significantly. To be fair, modern video drivers are astoundingly complex. I can't say why CrowdStrike needed/wanted kernel mode drivers, but in general, just say no to 3rd party kernel mode drivers. And at least consider a Linux that's tuned to your use scenario. And ask yourself if you really need it be running "in the Cloud." Thanks.
I'm an electrical engineer involved in the industrial controls world. Which means, nowadays, that I write a lot of software. In industrial fora, for the past several years, I've been harping on the vulnerability of Windows-based computing for machinery and critical industrial infrastructure. I go so far as to call it "engineering malpractice" to have critical machinery and systems depending on an OS that cracks so often, whether by incompetence or malice.
(I run all my own bare-metal computing on Linux. Windows in Virtual Machines for the few programs I can't yet escape.)
I doubt this fiasco will crack the entrenched ways of big companies, but it should.
putting SCADA on the INTERNETS enters the chat
My version of resiliency is to insure against infrastructure going down: if the power goes off, I have a dual fuel generator to run my gas furnace, gas water heater, and refrigerator for a few days. If the gas goes down, I have a microwave, electric griddle, and space heater. If both go off, I have a propane grill and a wood-burning fireplace with a cord of dry wood. If everything goes to hell and I have to bug out, I have a secluded 5 acres of woods 25 miles from the city where I can hole up and camp.
During the shutdowns a few years ago, the local school system was crippled by ransomware, because they had moved all textbooks to ebooks, not hard copies. Books aren't subject to ransomware, Crowdstrike incompetence or malcompetence, hacking, etc. Battery does not run low.
We were able to open our refrigerator today, no problem
And my kids (both in their 40s) make fun of me carrying a bit of cash, usually aboth $500 or so, when I am out and about. It has been useful several times.
My degree is in systems management with a minor in CS. Never used it commercially but I will never, ever, not in 10 million years put something I value on a cloud server. Backups to a portable USB drive don't take any time at all.
The ever-impending single point of failure… unfortunately, my wife has flights to and from O’Hare this weekend!