July 19, 2024

The word resiliency is one of the more overused words in the wake of the pandemic. Things that were disrupted because of lack of proper investment include our supply chains that move goods around the world.

It is not just global pandemics that cause major crises along these supply chains. Politics is not static and decisions made by people still have broad impacts.

This newsletter has focused a lot on "just-in-time" manufacturing, enshittification, neoliberal cuts to public services, financially justified underinvestment, minimally engineered products, and the overproduction inherent in capitalism. The result is a global system that is skimping on necessary investment in order to pad the pockets of capital and offload risk to the public.

The examples are nearly endless:

• Bridges and roads not upgraded to deal with current threats (like larger boats hitting them).
• Natural gas pipelines leaking methane faster than it can be burned because of lack of maintenance.
• Shipping disruption because of just-in-time removing the buffer for delivery of goods.
• Centralization of chip manufacturing so that manufacturing is reliant on the same supply chains as regular consumers.
• Rail companies reducing staff to unsafe levels because of "precision railroading".
• Automation carried out to replace workers instead of augmentation in safety processes in critical safety sections of our infrastructure including oil and gas, railway inspection, aviation, and health products.
• Loss of regulatory capacity of the state to find and track flaws and fraud in aviation manufacturing.
• Cuts to government oversight of food safety, leading to a massive increase in recalls.

The list goes on and on. The program of reducing investment to pump up profits was driven in large part by the privatization of audit and compliance, outsourced to firms with no sense of public interest.

This morning we have another example.

Microsoft, Crowdstrike, and risk assessment auditors have essentially colluded to bring many parts of our necessary computer infrastructure down.

Crowdstrike is a firm that produces anti-malware and snooping software that runs on supposedly "important" infrastructure. It monitors everything that the computer does and reports it back to central IT services in the firm. It is proprietary software.

This morning, as often happens in Microsoftland, an automatic update was pushed to all computers running Crowdstrike Falcon. The software is minimally checked and passed to an OS (Windows in this case) that is produced for ease of use instead of security.

Crowdstrike Falcon monitors everything happening on the computer, so on Microsoft Windows it is given access to the kernel at the highest level of permissions.

Of course, this setup is just waiting to fail in exactly this way.

The supply chain for software on critical parts of our infrastructure has been left to the private sector to regulate. And this is what you get. Poorly designed safety, security, and implementation.

The fault results in a boot-loop or a blue screen, and manual intervention is needed to fix it.

Not only is this an example of how poorly planned, profit-driven IT services work, but it also shows how private audit firms push this kind of setup as a solution to the growing risk of malware and corporate data theft. Monitoring, they say, is part of the risk mitigation for firms.

No sensibly regulated sector would operate this way, but this is the mode of operation on which all of our physical and software supply chains are converging.

We have undermined or removed the capacity of government planning (because it is expensive, but it works) to build resiliency into our critical systems. It is a move towards security theatre. Profit-driven fads are expertly sold to corporate and government "leadership" who have no idea how things actually work. We have promoted a model in which private audit firms bully risk compliance offices and those who actually know how things work into establishing minimal investment programs across all infrastructure.

We have done all this to delay the inevitable, under the guise of "modern" risk assessment programs.

Do not get me wrong, I acknowledge that accidents happen. They are not always avoidable. But this is part of the problem. Resiliency is about establishing infrastructure that can deal with accidents, partly because we know they are going to happen.

Yet, as with climate change, plastic pollution, forever chemicals, rail disasters, blocked canals, pandemics, and the rest, we have built a castle on sand. And we are letting capitalists dig underneath.

Are there solutions? Yes, but they cost money and are uncompetitive. The only solution is to establish regulations above the level of the corporation, industry, and economy, based on principles that understand how the real world operates. Those principles must be established on a democratic foundation where regulators and the public understand the complex world we live in, so as to ensure that regulators have enough experts to oversee the risks.

Only socialists have a program to do this.

I know. Today's outage on Microsoft Windows isn't really a purely Microsoft problem in that it is the bad processes that got us to this point.

But, I would argue that it is a bad process typified and driven by that ridiculous company.

So, I give you some alternatives that align with our politics:

• Linux articles on CPress.org

Summer weekend projects abound.