CrowdStrike fiasco highlights growing Sino-Russian tech independence
Some of the common arguments for moving away from proprietary operating systems are about increasing personal (or corporate) freedom and decreasing expenditure, but there are bigger things at stake.
CrowdStrike's bad update took down Windows-based computer systems
around the world and had
wide-ranging impacts outside of IT. Microsoft software permeates so much of the connected, computer-driven world that it's easy to believe it's universal.
What's received less attention is that, due to geopolitical maneuvering, two of the world's largest countries were largely spared. As the BBC put it,
China swerved the worst of the global tech meltdown. The South China Morning Post's coverage said
Chinese cybersecurity firms are taking a victory lap.
Until last year,
The Reg FOSS desk was based where Eastern and Western Europe meet. We took a close personal interest in Russia's invasion of Ukraine, and we've reported on how Linux adoption is spreading in Russia due to Western sanctions. One Russian Debian-derivative vendor was already
planning to IPO by 2022, and other distros we never see in the West, such as
ROSA Linux and
the Calculate Linux family, are thriving.
As a result, there are reports that Russia was
relatively unaffected and
emerged unscathed.
China started getting rid of Windows years ago. Its government is instructing companies to replace non-Chinese OSes with domestic Linux distributions, such as
Kylin and openKylin, based on Ubuntu. Kylin is doing well, reporting
more than 800,000 users a year ago, while Debian-based sibling
Deepin claims more than 3 million paying users.
As Windows users often tell us in the comments to our Linux distribution reviews, the Linux world is confusing and strange, and often the products are simply not quite as good as commercial alternatives. What the car industry calls
fit and finish often
are inferior ... and if that's what you're used to, the free software experience can be markedly inferior.
Even though, as we argue,
you cannot in fact buy software at all. Despite this,
new software keeps new hardware selling. It's constantly getting bigger and more complicated and slower, but not really objectively much better. Proprietary desktop and server OSes
haven't vastly improved in 30 years.
There is a bigger picture here. FOSS frequently isn't as polished as proprietary software. The thing is, that sometimes doesn't matter. So long as an alternative does the essential parts of the job at all, that may be enough. If it's free – or at least, much cheaper – that is enough to clinch the deal.
An example in the West is ChromeOS and Google Docs. Yes, it's true, although there is a
choice of rich local clients and backend servers to replace Microsoft Office and the combination of Outlook and Exchange Server – and frankly far too many desktops to launch them from – none are perfect replacements. That opened up the opportunity for Google to bypass the entire rivalry. If no alternative office suite is a perfect replacement, some companies have worked out that Google Apps in a browser is good enough to get by, and it comes effectively for free with Gmail (alongside Google Calendar and Google Contacts). If it lets your staff communicate and share what they need to get their work done, that is enough to suffice.
It may need an additional motivation, such as a ransomware attack. Long before CrowdStrike, the
Conti ransomware took Nordic Choice Hotels' Windows machines out, so they used CloudReady to
switch to ChromeOS Flex. If everything is web-based already, an OS that only offers a browser and nothing else will get the job done.
Don't underestimate the power of 'good enough'
ChromeOS is of course no use in China, behind the Google-blocking Great Firewall, but that's not a problem. As well as a choice of domestic Linux distributions, both for servers and clients, China is busily working on its own processors as well.
The Register was already
reporting on Godson processors in 2011. More recently, although still not super fast, China's
Loongson processors are getting there.
GCC supports them. They are in shipping hardware in a
variety of form factors, including
from Lenovo. If you hadn't guessed already,
China is selling them to Russia.
Trade restrictions and sanctions, including
blocking Russian contributions, are actively fostering local developments. Even Western companies buying up Russian software doesn't block this, it just
results in domestic forks. Once the code is out there, taking it and forking it and developing it for local use is perfectly in line with the principles of free and open source software.
China is watching developments in Ukraine closely, as is occasionally even
visible in tech circles. Similarly, the West is nervously
monitoring Chinese tensions with Taiwan. TSMC's chip fabs are so hugely complex that it's highly unlikely a hostile invader could take over and keep them running, but just in case, there are
remote kill switches in place. If China were to invade its smaller neighbour as Russia did, the effects on world chip supplies
would be absolutely devastating. The US
reportedly buys 92 per cent of its leading-edge chips from Taiwan.
Someone somewhere made a serious mistake that caused the CrowdStrike outage. The update was inadequately tested, and poorly deployed, without staging. (As
Reg readers know, staging or phasing updates means not pushing them out to everyone at once. Canonical does this with its LTS releases, as we
noted for 22.04.1 and more recently
for 24.04.) But this botched update, arguably, hasn't hurt CrowdStrike that badly.
Its share price is down but remains nearly twice what
it was a year ago.
The real error here is so much of the IT industry blindly trusting large corporate vendors not to mess up. The webcomic XKCD has been
eloquently skewering this for years. (This comic is from August 2018, presumably rather before
Boeing putting the beancounters in charge, but XKCD has been
doing so for years.) The big vendors are
drowning in code like everyone else, but the difference is letting the marketing department guide decision-making.
Every business and organization is free not to take the mainstream route, but most simply follow the herd. That's what is leading to
the commoditization of software.
The government of China has been doing something different, and as a result it need not care about the rest of the world's computer industry. It has its own OSes, running on its own silicon. It and its big Eurasian ally might be inconvenienced – but
not crippled – by the collapse of the worldwide chip industry… just as it was, apparently, not massively affected in any significant way by CrowdStrike causing many of the world's Windows computer systems to collapse.
If Russia gets away with destroying Ukraine – allegedly in order to save it, of course – then China might prove willing to destroy Taiwan in much the same way. As a side effect, it could do a more effective job of destroying the world computer industry than even CrowdStrike managed. The world might suddenly be grateful for resource-frugal FOSS if it does.