It highlights the dangers of a mono culture as well.
Most importantly though, I remember my history professor who always said, "follow the money!" Do the CEO and the board have to pay (either in money out of pocket or time served in prison) for these problems (outages / oil spills / global warming / what not)? If not, what incentive do they have to make the likelihood of these problems dial down to zero?
The company does have to use its assets to pay anything it's liable for, yes. It sounds like essentially arguing against the concept of limited liability for the owners and investors? I would regard LL as generally a good thing. Without it, it would be a much bigger ask for anyone to start up a business when they're putting their own house and everything at risk. And I expect it would lead to an even further skew of already-rich people dominating investment and company ownership
> start up a business when they're putting their own house and everything at risk
Every hardware startup founder I've been involved with has used their house and/or their retirement savings to back their operating loan.
I think the advantages of incorporation have been well established by now, and believe that partly removing limited liability would not significantly effect incorporation rates.
Certain people advocate a compromise where a company may be allowed to be limitedly liable until a certain size then it has to transform to unlimited liability.
> It highlights the dangers of a mono culture as well.
The devil is in the detail though. You can have an incredibly stable distributed system with limited failure modes.
lots of examples around, a pretty well known one would be VISA transactions. Each acquirer can fail separately, and even if they're failing, some of their terminals will keep going without any impact.
And the remaining acquirer will also keep chugging along.
It's still objectively a monoculture, as Amex and MasterCard are pretty rare on global scale, while visa is basically everywhere
> It's still objectively a monoculture, as Amex and MasterCard are pretty rare on global scale, while visa is basically everywhere
I can't think of any part of the world I know of where only Visa cards are accepted in 2024 and not MasterCard. AMEX requires a separate contract agreement for the merchant hence why it is not bundled by default, but all acquirers offer Visa/MasterCard as one package. Visa and Mastercard have been a duopoly for far too long to differentiate between the two at the consumer level, and it just doesn't make any financial sense for a financial institution to miss out on interchange and card fees by accepting only one card type and not the other of the two.
I was only thinking about how widespread the card type is. You're absolutely right from the acquiring perspective, MasterCard is basically free to support with the same network as VISA
Your username makes me think you're from Japan (in Kyoto), but your comment history puts you more towards USA. Are you a fellow payment industry dev?
well, maybe not fellow anymore, as I left that industry roughly 3 yrs ago ( θ ‿ θ )
As far as I'm aware, Europe, India and the "western" asian countries (Japan, Korea) has a quasi monopoly with visa, but my only industry experience is in the DACH region of Europe. Our numbers were something around 80% visa
Yes I agree with you, the article and Taleb. These corporations which the whole West depends on sound nice in theory but cause the system as a whole to be brittle. I think there is definitely a market for writing software for very specific areas. Like, I donno, an office productivity suite hyper optimized for the European market. It sounds impossible but if you obsess over quality then I think it’s possible to get (very happy!) customers.
Doing the right thing isn't always aligned with winning.
Shareholders can sue a company for not doing whats in their best interest. Instruments such as public benefit corporations are relatively new. Employee owned corporations aren't very common - almost non-existent in tech / biotech /pharma / energy / transportation.
Customers want cheap services, and a corporation that would employ three times as many QA people would be disadvantaged against the ones that just wing it.
It will take several incidents such as this, before the market starts understanding that some extra cost is tolerable for having some sort of warranty.
I anal so I don't really know what I am talking about but I am hoping for criminal liability as opposed to civil liability. For example, I am thinking if I kill someone with no next of kin, I still have criminal liability even if nobody from the victim's family is there to sue me.
Martin Quinn, campaign director for the PCA, said using cash allowed for anonymity. “I don’t want my data sold on, and I don’t want banks, credit card companies and even online retailers to know every facet of my life,” he said. Budgeting by using cash is also easier for some, he added.
Cash is also the only payment system I can think of which is truly “private”. I think this is important too.
You're probably right, but it doesn't always feel that way when you have serial numbers on every piece of currency. And coins are so uselessly low value today that they're hard to use.
the lack of privacy at a business isn't a problem baked into cash. cash helps solve that problem because I don't need to go to a place of business to use it. It can be exchanged anywhere in reasonable amounts, and I don't have to deposit it I can just keep it and use it.
my wife and I always keep some cash on hand in case of some sort of problem with the card, or tap device etc. never had my cash declined because a computer thought some other purchases that afternoon looked suspicious.
Cashless societies are dangerous purely for reasons of privacy and freedom. The ability to trade without government oversight matters. I am appalled to see government run services, hospitals, and stores near me start to refuse cash. That shouldn’t be legal.
Not to mention, cashless systems like Visa and Mastercard and PayPal are subject to private overlords that may scrutinize or ban your transactions.
If a retailer can't process transactions (e.g. look up prices) being able to give them a piece of paper isn't necessarily better than trying to process a credit card.
ADDED: And yes. Sometimes places are simply not setup to be able to take cash.
The point they’re making is that if there is a system failure which makes card payment unavailable, the failure could also have taken out the cash register entirely. And because most products only have a bar code on them which has to be scanned to get the price, it’s possible that the store can’t sell anything (unless they want to look up the price of every item at the shelf).
The interesting thing is that it was only the last mile of the payment processing that has failed whereas the core payment processing (payment networks) and intermediate layers (acquirers and mobile wallet infrastructure) have held up.
Reports about failing Apple/Google Pay actually pertained to the POS terminals the payment terminals are connected to, and not the payment infrastructure itself.
Another interesting takeaway is that we used to have an extra layer of redundancy available at the last mile of the payment processing: slip machines. They were a workaround and a fallback for exactly this kind of problem where the payment could not be processed electronically, a card payment slip would be taken, and the payment would be later processed manually.
However, with the uptake and the scale of electronic payments, card payment slips are no longer a thing mostly due to fraud related issues, plus the inconvenience of having to keep such a large contraption under the till. Even where still available, it may no longer be possible to use it as more and more debit (in particular) and even credit cards do not emboss the card details on the plastic/metal anymore.
To this point, I have shopped in grocery stores during power outages. The checkout terminals usually have battery backup and a local copy of the current prices to enable processing cash transactions.
In a number of countries there are a lot of shops that don't accept cash. Norway, for example, though there's a law slated for implementation soon that will force them to.
Such as? Not debating if you’re right or not, just want to search if it’s actually legal there or if it’s just something that’s happening at a cultural level.
At least in Germany, it’s legal to deny cash payment if you make it clear before the transaction. If you post signs at the entrance which can’t be missed, you can exclusively accept card payment. I’m not sure I’ve ever seen that in practice though.
Interesting. So in Italy you can’t refuse cash unless there are very specific conditions.
Putting up a sign that says no cash ain’t gonna cut it.
Plus here the opposite is often true: not being able to pay with card because the reader is “broken” so that you’re forced to use cash, they don’t have to pay the transaction fee and more often than not they can also don’t make you a receipt.
No, cash is still very common and smaller stores still often don’t accept cards. I was just saying that it would be legal to only accept cards if you wanted to.
Seattle here. Many restaurants have signs saying cards only, no cash accepted. I suspect if you ate a $100 meal and only had cash they would find a way to accept it, but they at least purport to have that policy.
Oregon requires businesses to accept cash. (With some exceptions like automated parking structures). It's shocking to me that Washington doesn't. I remember going to that creepy amazon pick your own and walk out store in Seattle and thinking wow, guess that's one way to keep the homeless out.
Even in Massachusetts which (theoretically) requires restaurants to accept cash, parking garages are often cash only and, of course, highway tolls require a ton of hoops if you're not just auto-billing by card.
Funnily enough, I was on a Whale Watch the other day in MA which was cash only. Didn't buy anything but it was presumably because they were out of cell coverage.
I've found that an increasing number of chains (eg fitness locations, some restaurants and service providers) use the no-cash policy as a way to (a) discourage staff from stealing and (b) get more valuable data on each buyer.
I have absolutely seen it. We could start with planes which is of course an edge case. But it's the case elsewhere as well. And even where illegal, it happens.
Bridges collapse; police go corrupt; electricity has outages; gasoline suffers price shocks; governments have a 100% failure rate; an 1870s-style solar flare would send us back to medieval times.
All we can do is:
A. Diversify, under the belief nothing is infallible; and even perfect engineering can experience catastrophic failure
B. Enjoy what we have today, knowing it is a gift, not a right
Also, while we blame CrowdStrike, let’s not forget that SSH was within weeks of being backdoored on a global scale. The power that would have unleashed (and proxy power, I.e. breaking into CloudStrike and then Windows by extension) very well could have ended the internet.
> All infrastructure is fragile and always will be.
No, and it doesn't need to be. We can build redundancy on every level. We can plan for failure and prepare for contingencies. We alwas need a plan B (and C and D for critical services). Will it be efficient or cheap? Of course not - we'd be building two for the price of two, but being sure that, when one fails, we have a redundant one to catch the fall of civilization.
We can't just optimize away every gram of safety and hope everything goes to plan (as they did in this case). Hope is not a strategy.
I wouldn't say fragile. A bit of Roman stuff is still functional today. The pyramids are holding up too. Cathedrals also have a massive stability streak. The stuff that has been falling over is mostly brick, steel, and concrete. And that's due to lack of required maintenance. I could even use the opposite word to describe them: strong and solid.
And plenty of cathedrals collapsed without proper maintenance, or were destroyed by invaders, or had their stones taken by locals for use in building. All it took was a spark in the wrong place to destroy Notre Dame.
Not if you actually look. Romans invented a concrete recipe that was lost for a millennium. Their ports were holding together longer than any modern concrete. This Roman concrete recipe was recently rediscovered and has been getting traction again.
The things do not fallback but rather propagate causing an avalanche. The only alternative to electronic payments which always boil down to some form of VISA or Mastercard card, is cash.
Cash has to be dispensed first, and ATM's run on Windows, and so do banking terminals at bank branches.
I do not have the information about what happened to the ATM's during the meltdown on Friday, but the bank branches where CrowdStrike had been deployed were rendered inoperable.
You withdraw cash every single time you need it?! The point of cash is that you don't ping the systems on every transaction and you decide how frequently it's withdrawn.
Answering the question with a question: do you withdraw hundreds or thousands in your local currency and keep it all under the mattress for that random black day?
Cash has a habit of running out from time to time, most annoyingly when it is needed and the amount of cash on hand is $0.50 – $1 short, hence the universal uptake of electronic payments. There is no going back.
I found this page [1] interesting in regard to cash supply in Sweden, as it is a country always reported with a high affinity to online payment and statistics [2] (from 2019) seems to support that statement.
Hear, hear! There are no outages, hacks, etc... when using cash. I use credit cards as much as anyone else but also use money at every opportunity. Shops need to use collect on delivery as a form of payment too.
It certainly shows the dangers of non-rigorous testing before transmission and non-rigorous testing before acceptance, but first-to-market and ignoring technical debt will remain the business mantra.
The cash is subject to inflation and poor central banking decisions. To be really safe, let’s just go back to a barter system. Just bring five eggs to the pub and get a pint.
To maintain stable short-term prices, active regulation of currency supply is necessary. Without it, currency value fluctuates with supply and demand, making prices unstable.
In the long term, a small amount of inflation is needed to discourage hoarding. Without it, people might treat currency as an investment, leading to unstable prices like we see with gold and Bitcoin.
Currency should be stable, like standard measures (Kg, Foot) that don't change in the short term. It also functions like a store cart for shopping. If carts become scarce, shopping is difficult. Therefore, there must be an incentive to return the cart for others to use.
Another purpose of currency, albeit controversial, is to manage debt accumulation. Historically, societies faced growing debt and used "debt jubilee" events to reset, which disrupted commerce. Modern societies address this through currency inflation.
If gold or crypto were effective currencies, prices would be advertised in Bitcoin or gold. The fact that they are not suggests they don't serve well in this role.
The problem is that gold and crypto are priced in relation to fiat and if fiat ceased to exist, you wouldn't be able to price either. When splitting gold or crypto among fellow citizens (yes, these assets will become shared between everyone), you wouldn't be able to do so without some form of IOU, which effectively would become another form of fiat. It's a catch-22 situation: while fiat exists, gold-bugs and crypto-bros feel smug, when there's no fiat, everyone is suddenly unhappy.
It's fine, it's worked for millennia - you simply gather your many belligerent sons, hand them large clubs and send them to batter the power company's director till he gives in.
So to really diversify you should stock up on weapons and ammunition and gather a group of likeminded people and train together in a fortified location.
Shows the dangers of infrastructure running on Windows. There are ways to build resilient systems that can survive shit like this. Look at the internet. Look at the phone system.
Crowdstrike could have deployed the same broken code in their Linux or macOS agents. Nothing much for Windows to do if a kernel driver is segfaulting (when disabling it could be dangerous for users.)
So the question is why we need CrowdStrike software in the first place? Why our systems are not secure enough that companies feel the need to install additional security software? Obviously demand for secure operating system is there. CrowdStrike company valued at $80B, so lots of money for Microsoft and other operating software vendors to grab.
I do understand that main driver behind CrowdStrike installations is compliance checkbox. It still keeps the question, unless we assume pure corruption. But I've heard opinion from security experts, that this software really improves Windows security.
macOS and Linux do not have nearly as much a need for ridiculous endpoint security tools like this to begin with.
The world running on Windows is a monumental waste of resources and a huge security threat. This will happen over and over again.
The fact that even dummy little terminals that are strictly responsible for showing flight arrivals and departures was impacted by this is hysterical. Why was that not an android or chromeos device with an immutable filesystem, A/B blue green update strategies etc.
serious question, does anyone really think Linux antivirals are good or necessary, particularly if they are active measure kernel things and not just passive scanners?
I have only seen people use them when windows it departments suddenly have to pretend to be cloud savvy, or when enterprisey infosec teams are looking for more vendors to bloat up their budgets. If it’s written in contracts, it’s not the customers demanding av on ephemeral cloud servers, it’s the home team bloating costs so they can cut them later for a raise and applause.
Aaaand whenever it goes that way, antivirals affect performance and stability with random problems, always hurting more than they help
Nine times out of ten it’s not even for security it’s for checking some kind of auditing compliance box. We’re perpetuating this nightmare quagmire of shit and no one understand how it works.
Any details on what compliance regime specifically requires it for Linux tho, and whether it differentiates static servers from ephemeral? I’m just curious since you always hear “compliance” but I’ve never actually seen the requirement coming from anywhere except windows sysadmins who are out of their element
Part of the issue is that compliance is so broad and will vary from industry to industry, state to state and country to country. If you’re in defense and work with the government you’re requirements will be different versus healthcare or the education sector.
Crowdstrike also managed to take down a bunch of Debian boxes not too long ago - this is not a Windows problem, this is a problem with a vendor product auto deploying bad kernel modules.
It’s actually a problem with the implementor allowing software to update itself blindly like this. I’d never enable “auto-update” in critical infrastructure. Completely laughable minor league move.
Last month; SSH was nearly backdoored with nobody noticing. SSH, open source software, and one of the most important pieces of software ever written for security, was extremely close to failure.
If that had happened, an attacker very well could have ended the entire internet as we know it. Imagine if that hacker merely used that backdoor to get into Windows Update servers, Google Play servers, or sent out a CrowdStrike update.
No security vulnerability, even an OpenSSH bug, would result in the internet being taken down overnight. There are organizations and people who apply "security in layers" mindset so that one slip up doesn't result in a complete takeover of systems.
For a lot of people new to HN or may not remember, from 2014 - 2018, the whole Silicon Valley and tech industry, included but not limited to HN were ALL for cashless society. Pages and Pages of comment on HN were all about how great cashless society would be.
And Apple wanted to be a big part of this. In 2015 Tim Cook said he wants a cashless society by 2025.
>"Global IT outage shows dangers of cashless society"
No shit Sherlock. It takes pure genius to guess that we've had, and will always have technological / infrastructure failures.
For our particular case politicians who are pushing for elimination of cash are either criminals or brain dead imbeciles. Not sure which case is worst.
The Bitcoin network is slow to verify and has the environmental impact of a medium-sized industrialized economy just to run the thing. It's also exceptionally volatile compared to fiat currencies (though at this point pretty stable compared to other cryptocurrencies), and the fact that it's deflationary makes it difficult to justify as a solution in a still-growing worldwide economy.
Most importantly though, I remember my history professor who always said, "follow the money!" Do the CEO and the board have to pay (either in money out of pocket or time served in prison) for these problems (outages / oil spills / global warming / what not)? If not, what incentive do they have to make the likelihood of these problems dial down to zero?
I like this article
https://archive.ph/1ekmk