This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
I don't think this is too apocalyptic, probably most computers will be fixed by Monday.
But you bet your ass that everyone lost a lot of money today and that it may take weeks (or months) for some businesses to get back to the black.
Does anyone disagree with me that the amount of value destroyed by this failed patch outweighs all of the economic value CrowdStrike has ever provided? Imagine working at a company that would have been better off never existing.
There’s a reasonable case to be made that CrowdStrike isn’t a "real" company anyway: it’s a DeepState actor, worming its way into systems by enabling managers to check a box that satisfies regulatory compliance while giving wholesale control of their system to this opaque third-party.
I work in the industry and while I can confirm that regulatory compliance related to cybersecurity is theatrical bullshit, your assessment of CrowdStrike is completely wrong and nonsensical. It's certainly not the case for every vendor in the industry, but CrowdStrike's products and services do significantly reduce the risk of certain types of cybersecurity threats companies face.
More options
Context Copy link
More options
Context Copy link
I think it depends a lot on what your next alternative is. The morbid possibility is that CrowdStrike could be incompetent and also beat their customers rawdogging the internet. Even if this incident cost 1b USD, that's something like fifty major ransomware strikes. CrowdStrike could conceivably have blocked that many this year.
Of course, CrowdStrike isn't the only alternative. Businesses can use a variety of other protections and/or make themselves more robust to successful attacks. Whether they're more reliable or not is a !!fun!! question, but underneath that, there's a funner one: could businesses have made it? Contra a lot of reporting, I don't know that every regulated company has to use CrowdStrike specifically, but I do know that for even low levels of regulated industry it's a very common requirement that's accepted as a box checked, where alternatives that I could find required additional support not all IT teams would be able to provide.
More options
Context Copy link
This is effectively the argument that Lucas Critiqued.
In fact, it's almost exactly analogous to the Fort Knox example given in the article.
Why do you believe that CrowdStrike provides value?
Maybe it does but where is the proof? The half of the world didn't use CrowdStrike and how did they fare?
I would even say, let's do RCT to prove that CrowdStrike improves outcomes. It is perfect case when it could be done.
Maybe nobody wants to do such a test because they are afraid that it will show that CrowdStrike provides no value.
Remember masks during covid. The evidence is that they provided either minimal value or no value at all. And yet the government mandated their use in many countries. Sometimes people do stupid things on large scale.
More options
Context Copy link
I'm not saying CS provides no security, but it's hard to believe it provided as much global security as the damage it caused and that a competitor wouldn't have been better.
Sure. And asking how much security they provided requires addressing the counterfactual
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
I disagree. Crowdstrike Falcon Sensor is meant to keep ransomware from happening, especially to (or through) the Internet of Things. Without it, at least some of the dozens of hospital systems which went down today would have already been hit by sophisticated unscrupulous organized criminals.
I feel sorriest for MGM, who got BSOD’d by Crowdstrike after getting ransomwared last year.
More options
Context Copy link
The market's reaction was surprisingly sanguine to this. CRWD stock opened 11% lower and stayed that way; almost everyone thought it would be down 30% or more. The Nasdaq was green for the first 2 hours and then went red, which could have been due to anything.
The economy is huge. Even when critical things fail, there is enough stuff that works, plus rapid response to fix the problem, that the damage is not as bad as the hype would suggest. Ironically ,a bigger problem entails a more rapid response to fix it, so it ends up being briefer or not as bad.
Is the implication that the market would properly "punish" them for destroying more value than they've ever created? It could just as easily reward them for extracting rents for "malware defense" while making all of its clients worse off.
The price of any asset is the net present value of all expected future cash flows.
It's not about the stock market punishing a company. It's about the stock market trying to correctly evaluate how much other parties might try to punish the company. If we look at Boeing, we know that increased regulatory scrutiny is very unlikely to increase cash flows, and spectacular reputational damage is unlikely to increase future business. And so cash forecasts are updated accordingly.
sure, but my claim was CrowdStrike has probably caused more economic loss from this one patch than they have ever provided, which is somewhat orthogonal to a statement about their stock price
the fact that their stock price is not zero only indicates that the world's ability to hold them liable for these losses is minimized
(or that they can be held liable and that my estimate of the damage caused is way, way off)
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
The cope is that this incident just shows how important CrowdStrike is.
Kinda like Boeing. They can have plane crashes, faulty parts, kill whistleblowers, etc... But we still have to buy Boeing planes – because we don't have a choice!
I'm less sanguine about Crowdstrike. Elon said he is ripping them out of all his companies. While the typical CEO drone probably won't do the same, Crowdstrike won't live this down. Maybe ever.
I predict a slow bleed out in their stock, although there's a good chance that internet morons bid it up higher over the next few weeks.
I think Elon did the right thing.
I have never heard about Crowdstrike. No computer I work with had it installed.
I totally understand that an average user is clueless and we need to protect him from his own actions. And yet, if this is such a necessity, why wouldn't Microsoft implement it directly in the OS?
Crowdstrike might be bleeding edge The need for bleeding edge is always overvalued.
It reminds me all times when everybody was trying to install antivirus software. Instead I always removed it because it only consumed resources and provided very little benefit. The best protection was to limit what user can do – do not install unauthorized software, don't even browse internet for fun, just use your work assigned software and web sites.
I think those who relied on third party antivirus software had worse outcomes because their users were more relaxed and less disciplined. At the same time those antivirus software makers got rich.
Probably the same has happened with Crowdstrike. Gradually Microsoft will implement something similar for no extra cost, everybody will realize that Crowdstrike is pointless. Until new challenges will come along and a new opportunistic company, playing on people's fears will convince to buy another scammy service.
They did. The only thing missing from Windows integrated security is that it lacks the options to spy on users (breaking multiple privacy laws) and doesn't make it as easy to disrupt productive work by locking down the computer way too much. It also doesn't slow everything to crawl. Naturally corporate IT managers can't stand that.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link