by Charles Miller

Last week's column on the subject of the widespread internet outage of July 19, went to press with a couple of points briefly touched upon and calling out for more elaboration.

When I wrote "Observing cause and effect is easy; determining culpability not so easy" what I was saying is that when eight million computers all malfunction in the same way at the same time it is reasonable to throw out all prohibitions on using empirical observation. It is painfully obvious that it was a software update pushed out by CrowdStrike to its customers that was the cause of the largest internet outage in history. That is a fact, but that alone does not necessarily mean that CrowdStrike alone was culpable or was at all.

Many techs, me included, have insinuated that CrowdStrike may have been lax to the point of negligence in testing its update before pushing it out onto the Windows systems of over eight million users. If that was the case we will probably never know the truth. Without a doubt the Public Relations department at CrowdStrike has unplugged all their phones and the Legal Department has ordered everyone from the company CEO down to the janitors to keep their mouths shut.

Still, there are some other possible scenarios. Any software company that pushes out updates to millions of customers all at once is unlikely to do this in-house. The common procedure would be to hire a Content Delivery Network (CDN) to actually distribute the software updates. That means that CrowdStrike might have done due diligence in testing their software update, but then it was corrupted or tampered with at the CDN.

Another possibility is that the disaster might have been the fault of the Windows Update system created by Microsoft. Already there are calls for Microsoft to rethink its update procedures to allow a "fail safe" that could automatically revert a Windows server back to the pre-update status in case of a catastrophic failure. Obviously this is something Microsoft needs to look at even if the July 19 outage was in no way its fault.

The other point I briefly addressed last week is that the internet outage of July 19 is said to have cost over a billion dollars in damages and lost revenue and that it is going to be interesting to watch what happens over the next few months or years with regard to who gets to pay for this. Airlines were forced to cancel thousands of flights, banks and retail stores had to close, hospitals had to mostly shut down because of not having access to their computer systems. Last week I also wrote that "CrowdStrike might be counting on being protected by the software industry's standard, and unconscionable, contract of adhesion."

From the beginning, the computer software industry has forced its customers to accept "shrinkware licenses" that basically say if anyone breaks the plastic wrapping on a software package that constitutes acceptance of the warranty found inside. That warranty usually says that no matter how much a software product ruins your life that the software maker has zero liability.

This means that companies like Apple and Microsoft are allowed to sell Operating Systems that need a hundred bug fixes every month, and the companies cannot be held liable for any of the problems caused by those bugs. Expect the software industry to fight tooth and nail to continue this status quo.

We consumers should probably be careful what we ask for if this is to change. The software makers are likely to say if they are required to produce bug-free software or if they can be sued for continuing to sell defective products that the cost of this will have to be passed on to the consumer. If you are unhappy now with the buggy software in your computer or smartphone, ask yourself if it would make you happy to have a bug-free device if it cost you ten times as much as the one you have now.

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar