I started writing about something in the comment section, but I decided it\u2019s relevant enough to make it an article.<\/p>\n
The CrowdStrike event looks like a very mild example of something I’ve been worrying about for years, namely a widespread systemic persistent IT outage that puts payment systems worldwide out of commission.<\/p>\n
Basically, everybody is using digital payment for everything these days, so what happens if it all goes out for some reason? Oh, you’ll use cash. You mean, the ATM is going to work? No it isn’t. You mean, you have cash and will just use it? You mean, the cash register computer will not be afflicted, and the cashier will be willing to take your money without the ability to print out the invoice and register the transaction? Or will all the stores close until this is dealt with? In which case you will have to rely on whatever food and hygienic\/medical supplies you have at your place, because you’ve been prepping? Oh wait, you’ve been prepping but since nothing happened you just consumed all the stuff and there isn’t any now? Yeah, that.<\/p>\n
I mean, the first level of preparing for an IT outage is to have an air-gapped spare laptop stashed in some drawer, with Linux\/Windows dual boot in case one of those two is the cause of failure, but the next question is, what do you connect to, if the cause of the problem is general, so the telecoms are down, banks are down, online services are down, AWS\/Azure can’t process your credit card so it locks you out of your servers, GoDaddy is down so you can’t transfer your domains somewhere out of the afflicted area, or DNS is down so you can’t reach anything, or the satellites are down so Starlink doesn’t work. And let’s say it’s something really major so the consequences take so long to clear, there’s serious breakdown of services everywhere.<\/p>\n
The first answer everybody has to this is something along the lines of \u201cit\u2019s unlikely that all the computer systems will go out at once\u201d. True, it\u2019s unlikely, but it was also previously unseen that all the enterprise win10 machines go out at once and half the world gets instantly paralyzed. Those machines aren\u2019t independent. Microsoft enforces push updates, and the big corporations have unified IT policies which means they all enforce updates to all their machines. Also, everybody seems to run Windows, which means it\u2019s no longer necessary for an attack vector or a blunder to target billions of computers independently, because it\u2019s a single failure that can propagate from a single point and instantly take down enough of the network that the rest have nothing to connect to.<\/p>\n
Also, there have recently been revelations that OpenSSL had severe vulnerabilities. The vast majority of Internet infrastructure uses OpenSSL. A systemic vulnerability that can be targeted everywhere means\u2026 you tell me.<\/p>\n
Someone will say that people would adapt, and my answer is, what does that even mean? Every single store I\u2019ve been in for the last decade or so uses bar-code readers to scan items, and then the computer pulls out the item data, most notably the price, from the database, so that the cashier can charge you. More recently, all those computers are required to connect to the state tax service where every bill needs to be \u201cfiscalised\u201d for taxation purposes. If Internet fails, the cash register can\u2019t \u201cfiscalise\u201d bills and that\u2019s going to be a problem. If the cash register is out because it\u2019s always a Windows machine and you saw what can happen to those, and it\u2019s connected to the Internet or the \u201cfiscalisation\u201d won\u2019t work, the cashier won\u2019t be able to tell how much the item you want to purchase costs and thus won\u2019t be able to charge you. They don\u2019t have prices on items anymore, like they did in the \u201880s. Everything is in the database.<\/p>\n
Some say, run Linux, or buy a Mac. Great, but it doesn\u2019t actually solve anything, because if every Enterprise and most smaller companies run everything on Windows, and those computers all bluescreen, what are you going to connect to, with your Linux PC? How does your computer even matter if you go to a store and you can\u2019t buy anything, and how does it matter if you try to go online and most of everything is down, because OpenSSL has been attacked by something that gets root permissions on your computer and encrypts its filesystem?<\/p>\n
I\u2019ve been recently thinking that Internet isn\u2019t so much a framework for connecting computers, but really a separate plane of existence. When I\u2019m using my computer, I\u2019m not really on an island in Croatia, I\u2019m on the Internet. Imagine all the beings that exist in the physical world, but without an Internet connection, like trees, birds, cats and so on. In order to interact with them or even perceive them, you need to switch planes of existence, between physical world and the Internet. However, some aspects of the physical world, like our civilization for instance, have been abstracted into the Internet to such a degree that you can\u2019t even use them anymore if you don\u2019t have access to all kinds of Internet-based infrastructure, which is not currently perceived as a problem, but might become one really fast if something fundamental breaks down with the Internet.<\/p>\n
Also, if a nefarious government or a corporation wants to lock you out of the Internet for \u201cnon-compliance\u201d, you are really fucked, which makes it a really big sword of Damocles hanging over our heads, forcing everybody to be good and obedient slaves.<\/p>\n
\n","protected":false},"excerpt":{"rendered":"
I started writing about something in the comment section, but I decided it\u2019s relevant enough to make it an article. The CrowdStrike event looks like a very mild example of something I’ve been worrying about for years, namely a widespread … Continue reading