- Joined
- Nov 6, 2007
- Messages
- 13,422
- Location
- North Oxfordshire
- Car
- His - Denim Blue A220 AMG Line Premium / Hers - Obsidian Black R172 SLK55
What most people outside the world of IT (and a disturbing number within it) don't appreciate is that just as in the physical world there are unmitigated single points of failure in lots of IT infrastructure just as there are in the physical world.Every update to core software involves a risk. In the past we've had fights with IT departments about dogmatically mandated updates that have knocked out internal networks. They just won't listen. Automated updates are a boon from the point of view of keeping software up to date against threats but they are also a point of failure that nobody wants to worry about.
Also, just as in the physical world - the Covid pandemic shone a light on this regarding complex supply chains - these single points of failure are unmitigated because they are often hidden deep in the depths so people don't realise that they they exist, or because people are totally trusting of their supplier.
In the instant case of the Crowdstrike issue today, despite it having been caused by an automated update, the big issue is that it is impossible to remedy it by automated means as it causes the affected machines to fault with a BSoD at boot time. This means that each and every machine has to be manually restarted in Safe Mode so the fix can be deployed, and then re-started again. Lots of work for those who now have no choice but to do it.