Guy, I’m not joking around today. This is serious stuff. CrowdStrike, a company I didn’t know existed before this morning, was actually hosting Low Lift Ask, and it turns out they’ve committed the most grave, catastrophic error imaginable this morning: an IT outage that will delay the publication of our weekly newsletter (and grounded a bunch of flights all over the world).
I’m writing this from my underground bunker via that shit George RR Martin types his books on; I don’t know what’s going to happen in the next 24 hours, so I’m just going to ride it out in here. What’s unfortunate is that, to be honest, I had hella irons in the fire. There were so many topics I was going to riff on this week. And I had started on a number of good and funny newsletters about all of them. But of course, CrowdStrike fucked it all. They fucked it all to hell. This is what’s left:
Amazon Prime Day
This one kind of had legs. If they had just let me keep cooking, I would’ve gotten somewhere good, I think.
NYT 100 Best Books List
Was just kind of getting going here. Didn’t really have a clear angle yet, but I would’ve found it in the process.
Biden Getting Coup’d
This one hurts, honestly. If it weren’t for CrowdStrike, I’d have landed the end of that one pretty gracefully. You guys can’t even imagine where it was going.
My Parents Just Got Back From Dubai
I think I wouldn’t mind if CrowdStrike lost the original data on this bad boy. Even I can admit when I’m shooting blanks.
Cameron Diaz ‘Pilipino’ Video
I can’t believe this video exists. Was taking a few swings at it, but alas, I think CrowdStrike’s IT outage has killed all my desire to comment on it at this stage.
Trump Getting Shot At
Probably for the best.
Place Near Me is Charging $13 For A Chicago Dog
This new-ish place in Manlius started serving Chicago style dogs for $13. According to my beloved Facebook group, “Where Syracuse Eats,” they’re good—but who tf would pay that much for a hot dog??
CrowdStrike really dropped the ball on this one.
The CrowdStrike IT Outage
I was just going to try something else here. Which direction would you guys have preferred? It’s also probably so annoying to read this newsletter. We’re being purposefully obtuse and esoteric. Nothing is legible to an outside observer. Everything is so narcissistic and obsessed with itself. That’s kind of the joke, I guess, but I wonder if there’s a pivot for us somewhere down the line. Maybe we change our entire sense of humor in a few months. Could be worth it.
Who Did It on AppleTV’s ‘Presumed Innocent’?
Killer show. Would’ve had some good theories laid out if it weren’t for this CrowdStrike thing.
You know, in a way, I’m perpetuating some of the hallmarks of my least favorite type of fiction here: rapid-fire lists of various pressing issues, all rendered equally, and then an assumption that the narrator (and thus, the audience, by proxy) is so exhausted by it all, this modern condition. Disconnected ephemera joined together so that the proximity relays a sense of accumulation, a feeling that we’re all overwhelmed by how much of everything there is at all times. Lesson in there somewhere for me.
Anyways. Here we are again. Pretty crazy that Trump almost got killed.
Ritam’s Footnote
This is now my opinion too. Top comment is my opinion now too. Gonna spend some time this weekend talking about this like it’s my opinion now too.
So CrowdStrike is deployed as third party software into the critical path of mission critical systems and then left to update itself. It's easy to blame CrowdStrike but that seems too easy on both
the orgs that do this but also the upstream forces that compel them to do it.
My org which does mission critical healthcare just deployed Scaler on every computer which is now in the critical path of every computer starting up and then in the critical path of every network connection the computer makes. The risk of ZScaler being a central point of failure is not considered. But - the risk of failing the compliance checkbox it satisfies is paramount.
All over the place I'm seeing checkbox compliance being prioritised above actual real risks from how the compliance is implemented. Orgs are doing this because they are more scared of failing an audit than they are of the consequences failure of the underlying systems the audits are supposed to be protecting. So we need to hold regulatory bodies accountable as well - when they frame regulation such that organisations are cornered into this they get to be part of the culpability here too.