CrowdStrike fiasco highlights growing Sino-Russian tech independence
China is playing a long game, which could pay off on an enormous scale
Analysis Some of the common arguments for moving away from proprietary operating systems are about increasing personal (or corporate) freedom and decreasing expenditure, but there are bigger things at stake.
CrowdStrike's bad update took down Windows-based computer systems around the world and had wide-ranging impacts outside of IT. Microsoft software permeates so much of the connected, computer-driven world that it's easy to believe it's universal.
What's received less attention is that, due to geopolitical maneuvering, two of the world's largest countries were largely spared. As the BBC put it, China swerved the worst of the global tech meltdown. The South China Morning Post's coverage said Chinese cybersecurity firms are taking a victory lap.
Until last year, The Reg FOSS desk was based where Eastern and Western Europe meet. We took a close personal interest in Russia's invasion of Ukraine, and we've reported on how Linux adoption is spreading in Russia due to Western sanctions. One Russian Debian-derivative vendor was already planning to IPO by 2022, and other distros we never see in the West, such as ROSA Linux and the Calculate Linux family, are thriving.
As a result, there are reports that Russia was relatively unaffected and emerged unscathed.
China started getting rid of Windows years ago. Its government is instructing companies to replace non-Chinese OSes with domestic Linux distributions, such as Kylin and openKylin, based on Ubuntu. Kylin is doing well, reporting more than 800,000 users a year ago, while Debian-based sibling Deepin claims more than 3 million paying users.
As Windows users often tell us in the comments to our Linux distribution reviews, the Linux world is confusing and strange, and often the products are simply not quite as good as commercial alternatives. What the car industry calls fit and finish often are inferior ... and if that's what you're used to, the free software experience can be markedly inferior.
Even though, as we argue, you cannot in fact buy software at all. Despite this, new software keeps new hardware selling. It's constantly getting bigger and more complicated and slower, but not really objectively much better. Proprietary desktop and server OSes haven't vastly improved in 30 years.
There is a bigger picture here. FOSS frequently isn't as polished as proprietary software. The thing is, that sometimes doesn't matter. So long as an alternative does the essential parts of the job at all, that may be enough. If it's free – or at least, much cheaper – that is enough to clinch the deal.
An example in the West is ChromeOS and Google Docs. Yes, it's true, although there is a choice of rich local clients and backend servers to replace Microsoft Office and the combination of Outlook and Exchange Server – and frankly far too many desktops to launch them from – none are perfect replacements. That opened up the opportunity for Google to bypass the entire rivalry. If no alternative office suite is a perfect replacement, some companies have worked out that Google Apps in a browser is good enough to get by, and it comes effectively for free with Gmail (alongside Google Calendar and Google Contacts). If it lets your staff communicate and share what they need to get their work done, that is enough to suffice.
It may need an additional motivation, such as a ransomware attack. Long before CrowdStrike, the Conti ransomware took Nordic Choice Hotels' Windows machines out, so they used CloudReady to switch to ChromeOS Flex. If everything is web-based already, an OS that only offers a browser and nothing else will get the job done.
Don't underestimate the power of 'good enough'
ChromeOS is of course no use in China, behind the Google-blocking Great Firewall, but that's not a problem. As well as a choice of domestic Linux distributions, both for servers and clients, China is busily working on its own processors as well. The Register was already reporting on Godson processors in 2011. More recently, although still not super fast, China's Loongson processors are getting there. GCC supports them. They are in shipping hardware in a variety of form factors, including from Lenovo. If you hadn't guessed already, China is selling them to Russia.
Trade restrictions and sanctions, including blocking Russian contributions, are actively fostering local developments. Even Western companies buying up Russian software doesn't block this, it just results in domestic forks. Once the code is out there, taking it and forking it and developing it for local use is perfectly in line with the principles of free and open source software.
China is watching developments in Ukraine closely, as is occasionally even visible in tech circles. Similarly, the West is nervously monitoring Chinese tensions with Taiwan. TSMC's chip fabs are so hugely complex that it's highly unlikely a hostile invader could take over and keep them running, but just in case, there are remote kill switches in place. If China were to invade its smaller neighbour as Russia did, the effects on world chip supplies would be absolutely devastating. The US reportedly buys 92 per cent of its leading-edge chips from Taiwan.
Someone somewhere made a serious mistake that caused the CrowdStrike outage. The update was inadequately tested, and poorly deployed, without staging. (As Reg readers know, staging or phasing updates means not pushing them out to everyone at once. Canonical does this with its LTS releases, as we noted for 22.04.1 and more recently for 24.04.) But this botched update, arguably, hasn't hurt CrowdStrike that badly. Its share price is down but remains nearly twice what it was a year ago.
- How did a CrowdStrike config file crash millions of Windows computers? We take a closer look at the code
- CrowdStrike CEO summoned to explain epic fail to US Homeland Security committee
- CrowdStrike's Falcon Sensor also linked to Linux kernel panics and crashes
- CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear
The real error here is so much of the IT industry blindly trusting large corporate vendors not to mess up. The webcomic XKCD has been eloquently skewering this for years. (This comic is from August 2018, presumably rather before Boeing putting the beancounters in charge, but XKCD has been doing so for years.) The big vendors are drowning in code like everyone else, but the difference is letting the marketing department guide decision-making.
Every business and organization is free not to take the mainstream route, but most simply follow the herd. That's what is leading to the commoditization of software.
The government of China has been doing something different, and as a result it need not care about the rest of the world's computer industry. It has its own OSes, running on its own silicon. It and its big Eurasian ally might be inconvenienced – but not crippled – by the collapse of the worldwide chip industry… just as it was, apparently, not massively affected in any significant way by CrowdStrike causing many of the world's Windows computer systems to collapse.
If Russia gets away with destroying Ukraine – allegedly in order to save it, of course – then China might prove willing to destroy Taiwan in much the same way. As a side effect, it could do a more effective job of destroying the world computer industry than even CrowdStrike managed. The world might suddenly be grateful for resource-frugal FOSS if it does. ®