Today is (Un)Happy Crowdstrike Day! Assorted links for Friday, July 19:

1. What Is CrowdStrike, the Company Behind Today’s Global Tech Outage?
2. Major outages at CrowdStrike, Microsoft leave the world with BSODs and confusion
3. Your IT Department Might Need Your Help Fixing the CrowdStrike Outage
4. Reddit CrowdStrike Thread
5. Technical Details on Today’s Outage (Crowdstrike Blog)

My immediate thoughts are as follows:

1. Monocultures are inherently fragile and an high-value attack target. This applies whether you’re talking about Windows running 95%+ of desktops, CrowdStrike running 50%+ of Fortune 500 computers, or all Cavendish bananas being genetic clones of each other – an attack on one can easily become an attack on all. Sometimes it pays to not make the same choice as everyone else. Think security through diversity.
2. All automatic software deployment processes must always use progressive deployment with metric-based success gates and a straightforward, regularly-tested rollback process. If you can’t meet these requirements, you don’t deserve the ability to deploy your software automatically.