Due to HIPAA how many hospitals and patients got screwed because of this and we don't hear about it? No QA/QC and push straight to production? All to check a check-list for 'compliance' how about 'Software passed QA by X Y Z engineers and here are their notes:' transparency if they're running on ....the world's computers.
Makes too much sense to do that.
Where's the class action law suit for all the people who missed their flights, meetings, family? I've seen stories of people's families last moments being missed as an emergency flight was booked and they got trapped at an airport. How many people were stranded in weird places they weren't familiar with and couldn't afford a hotel and weren't accommodated, or were but ended up being stuck in a place with the absolute need to be on the next flight out?
Agree that Crowdstrike does not care, but just went through every single item on that Devops checklist and it's missing what would have prevented this issue. :-)
> Other airlines recovered more quickly than Atlanta-based Delta... "Delta’s claims ... reflect a desperate attempt to shift blame for its slow recovery away from its failure to modernize its antiquated IT infrastructure"
CrowdStrike will use discovery for this case to get information about Delta's IT policies and practices and make them look bad. This was a huge blunder on CrowdStrike's part, but they'll point out that other companies were back up and running in a day or two.
And disappointed that people are still using crowdstrike.
It's not just crowdstrike of course - any piece of "security" software that operates in the same way will introduce similar risks to reliability and security.
Seems like a valid lawsuit. Saas companies should invest in maintenance, rollouts, slow feature development. Smashing features on customers should be discouraged and costly - like a lawsuit.
If customers don't want features smashed on them they should choose a vendor that claims not to do that.
Instead, Crowdstrike was quite clear that no computer systems that need to be reliable should have their software installed on it. While, I do think it's not great to "move fast and break things"; it's certainly a valid corporate approach in many markets. Delta should have done better vendor selection.
> Instead, Crowdstrike was quite clear that no computer systems that need to be reliable should have their software installed on it.
It is true that Crowdstrike added a disclaimer. But it is also true that adding a disclaimer doesn't absolve someone from all responsibilities.
As an example, you can put a bold disclaimer on your car saying, "Do not drive around me as you can get killed". But this will not absolve you of 1st degree murder when you kill someone.
> it's certainly a valid corporate approach in many markets.
It is a valid approach in many markets - but not all.
Which is why I say that Crowdstrike needs to be sued so as to blast SaaS companies that don't provide reliability into lower market caps. Essentially, unreliable companies don't deserve such market caps - and this is the best thing for consumers.
If most consumers do not need the reliability feature then companies that don't offer reliability deserve to be high market cap. They will have a lot of revenue and likely little debt which is deservent of high market cap.
For consumers that do require reliability, they should be ensuring that they're purchasing it. Crowdstrike did not claim to be high reliability. If they had, then sure they're being fraudulent. Instead, Crowdstrike operated as described and for that I think no lawsuit is valid.
----
Imagine you hired a plumber and they duct taped your pipes together.
Are you going to sue the duct tape company? Especially when the duct tape company never claimed to be a watertight seal or to use it in plumbing purposes?
> If most consumers do not need the reliability feature then companies that don't offer reliability deserve to be high market cap
This is exactly the question of this lawsuit. Turns out, customers want this reliability and are willing to pay lawyers for a suit to get compensation for lack of said reliability.
> Are you going to sue the duct tape company?
No. But I will sue them if they claim to work for a specific purpose and then put an asterisk that apparently takes away liability.
Would you not sue a car company that claims to drive people around with all safety bells and whistles, but then puts an asterisk that takes away manufacturers liability if the seatbelt stops working suddenly?
> This is exactly the question of this lawsuit. Turns out, customers want this reliability and are willing to pay lawyers for a suit to get compensation for lack of said reliability.
And a court should throw it out. If you want X feature then pay for X feature. If somebody sells you Y and tells you it's Y then you shouldn't be able to sue them because you wanted X.
You should be allowed to sue if they promise you X and deliver Y but Crowdstrike (at face value, can't find the lawsuit in courtlistner) has always promised Y and very much delivered Y.
> Would you not sue a car company that claims to drive people around with all safety bells and whistles, but then puts an asterisk that takes away manufacturers liability if the seatbelt stops working suddenly?
I wouldn't buy that car. However, I'm not sure it's been shown Crowdstrike told them to install the software on all their machines. If they had then sure I don't think the asterisk saves them.
I also don't have a problem with USG mandating a certain level of safety for cars. However, it should be forward looking and so past car sales would either be immune or removed in long phases (i.e. 6 years to get off the road).
> And a court should throw it out. If you want X feature then pay for X feature. If somebody sells you Y and tells you it's Y then you shouldn't be able to sue them because you wanted X.
And the court will not - because of the liability of gross negligence cannot be written away. Many states and federal precedence exist on this aspect of release of liability.
> I wouldn't buy that car. However, I'm not sure it's been shown Crowdstrike told them to install the software on all their machines. If they had then sure I don't think the asterisk saves them.
This is the fundamental point of the lawsuit. Delta is claiming gross negligence liability which cannot be written away. Crowdstrike is claiming asterisk. The courts will decide if crowdstrike is liable or crowdstrike is not liable.
If courts decide crowdstrike is liable, crowdstrike will have to pay up and also change business practices. So will other SaaS.
If courts decide crowdstrike is not liable, customers of crowdstrike will account for that by negotiating lower priced contracts or switching providers to someone that is willing to take liability or their business insurance will drop crowdstrike as an acceptable security solution.
Either way, crwd market cap is likely to decline.
The only solution for crwd here is to settle outside the court - by paying up to Delta in hard cash. If I were a betting person, this is what I would bet on - again because liability for gross negligence cannot be waived.
Makes too much sense to do that.
Where's the class action law suit for all the people who missed their flights, meetings, family? I've seen stories of people's families last moments being missed as an emergency flight was booked and they got trapped at an airport. How many people were stranded in weird places they weren't familiar with and couldn't afford a hotel and weren't accommodated, or were but ended up being stuck in a place with the absolute need to be on the next flight out?
Crowdstrike doesn't care. We should.
https://devopschecklist.com/
reply