So much for blameless post mortems. A lot of people on here are very concerned with determining exactly where and how Crowdstrike fucked up.
I'm reminded of the Chernobyl TV series on HBO. I thought it was fascinating that they went through all of the fail-safes that were in place to prevent a meltdown. They finally landed on the one cut corner that sealed their fate. (I don't know how accurate it was. But it was great TV.)
Anyway. If you look at this debacle and what you land on is "Crowdstrike engineers should've been more perfect", then I don't think that's the right takeaway.
@polotek Eh. When your software is necessary for hospitals to run, perfection should be the minimum standard. 🤷♂️
But, more importantly, I think a lot of us have internalized the idea that no company can get that level of market share without doing some really shady shit, so that leads us to believe, consciously or not, that they therefore must have done something to deserve it. (And the fact that they have that level of market share and *don't* have phased rollouts kinda backs that up.)
@polotek @LouisIngenthron you’re not wrong that orgs that create this type of critical operational hazard have a higher degree of responsibility, but it feels as if enterprises transferred the risk of a catastrophic failure solely to crowdstrike, when in reality we accepted some level of risk (because we don’t have the resources to manage it ourselves). I’m not by any means blaming the victims (I’m a victim). I’m just saying that’s how risk management works. We should be reviewing how our critical business processes operate and map to risk management principles.
@LouisIngenthron @polotek we acknowledge doctors' fallibility and have mechanisms to deal with that, including the whole idea of malpractice. Try to sue a tech company for their role in your grandma's death, and it's all about user agreements she definitely clicked
@LouisIngenthron yeah I understand the prevalence of both of these specific fallacies. No need to keep repeating them.