Talk:2024 CrowdStrike-related IT outages/Archive 1
This is an archive of past discussions about 2024 CrowdStrike-related IT outages. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archive 1 | Archive 2 | Archive 3 | Archive 4 |
What about Bitlocker?
The article should be updated to reference the complexities Bitlocker adds. — Preceding unsigned comment added by 152.110.101.206 (talk) 19:32, 19 July 2024 (UTC)
- Do you have any reliable sources discussing this? GhostOfNoMeme 20:03, 19 July 2024 (UTC)
- it this counts: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/ ZalnaRs (talk) 22:22, 19 July 2024 (UTC)
- I just added this to the Technical details section Poweroffriendship (talk) 01:10, 20 July 2024 (UTC)
- it this counts: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/ ZalnaRs (talk) 22:22, 19 July 2024 (UTC)
Wikipedia
For a few minutes yesterday, I could not access this website. I think Wikipedia was affected. Bearian (talk) 09:21, 19 July 2024 (UTC)
- Wikipedia's hosting infrastructure is built on Debian Linux, so it is unlikely to have been affected, at least not directly. See meta:Wikimedia servers. Melmann 09:27, 19 July 2024 (UTC)
- Hard to imagine this would be the case as Wikipedia has few if any ties to Microsoft software, especially Microsoft Windows. - Fuzheado | Talk 09:28, 19 July 2024 (UTC)
- It may simply have been affected by the number of people searching it for info about the outage. --Ef80 (talk) 09:41, 19 July 2024 (UTC)
- Wikipedia's problems appear to be resolved and were unrelated to the CrowdStrike issue. See Wikipedia:Village pump (technical)#Mediawiki errors and phab:T370304. Johnuniq (talk) 10:16, 19 July 2024 (UTC)
remedy from users on reddit
https://www.reddit.com/r/crowdstrike/s/InhLrq6vTj Robinlight (talk) 11:38, 19 July 2024 (UTC)
- Thanks, that fix is already described in the Wikipedia article. - Fuzheado | Talk 11:42, 19 July 2024 (UTC)
- Someone appears to have just removed it under WP:NOTHOW. Highresheadphones (talk) 15:20, 19 July 2024 (UTC)
- Yeah, that's odd. I have restored it. Describing the problematic file and what the fix is is not a violation of WP:NOTHOWTO, as it is not an instruction manual or guide. - Fuzheado | Talk 18:16, 19 July 2024 (UTC)
- It was removed again by the same editor for the same reason (WP:NOTHOW). I've restored it, but pointed them to the talk page in case this is worthy of a discussion. I don't see how WP:NOTHOW is violated at all. GhostOfNoMeme 18:48, 19 July 2024 (UTC)
- Thanks for restoring that. Celjski Grad, please don't remove it without discussing here first. - Fuzheado | Talk 18:51, 19 July 2024 (UTC)
- It absolutely is a how-to guide, providing detailed instructions on “how to” remedy the situation. This is undeniable. The previous version of this section contained even more troubleshooting tips. Celjski Grad (talk) 18:57, 19 July 2024 (UTC)
- It is true – one iteration that had a long sequence of steps is inappropriate. But mentioning the faulty file and that removing it alleviates the problem? That's not a "guide" or "manual" and does not "read like a 'how-to' style owner's manual." - Fuzheado | Talk 19:06, 19 July 2024 (UTC)
- Describing a fix in a technical section is not anything like the type of content, or style of writing, that WP:HOWTO is intended to dissuade. It's useful information; it's not guiding the user through the steps. GhostOfNoMeme 19:10, 19 July 2024 (UTC)
- It was removed again by the same editor for the same reason (WP:NOTHOW). I've restored it, but pointed them to the talk page in case this is worthy of a discussion. I don't see how WP:NOTHOW is violated at all. GhostOfNoMeme 18:48, 19 July 2024 (UTC)
- Yeah, that's odd. I have restored it. Describing the problematic file and what the fix is is not a violation of WP:NOTHOWTO, as it is not an instruction manual or guide. - Fuzheado | Talk 18:16, 19 July 2024 (UTC)
- Someone appears to have just removed it under WP:NOTHOW. Highresheadphones (talk) 15:20, 19 July 2024 (UTC)
Vagueness of "experiencing issues"
Is there a better alternative? TirFarThoinnExpora (talk) 12:06, 19 July 2024 (UTC)
- § Technical details makes it clear the computers won't start. We don't need to repeat that info. 174.92.25.207 (talk) 13:42, 19 July 2024 (UTC)
- Very well. TirFarThoinnExpora (talk) 13:58, 19 July 2024 (UTC)
Protection
Why was this page featured on ITN before it was protected? GeorgeMemulous (talk) 12:20, 19 July 2024 (UTC)
- There is no requirement that a page in the ITN box needs to be protected. - Fuzheado | Talk 12:36, 19 July 2024 (UTC)
- I regularly edit ITN articles. 174.92.25.207 (talk) 13:09, 19 July 2024 (UTC)
Move the page back
Messed up and moved before the discussion was done. Sorry. Zenphia1 (talk) 20:32, 19 July 2024 (UTC)
Responsible Software deployment
The 2024 Crowdstrike Falcon Scanner update flaws highlights the need for much more responsible Software Deployment.
This major international incident affecting some Windows computers has highlighted the vulnerability of computers and much of our infrastructure to software that is rapidly deployed around the world.
This is especially true for cybersecurity and related consumer software such as antivirus software.
An especially aggravating factor behind this incident is that a fix often required systems admin access to reboot in safe mode. Such access is sometimes difficult to organise.
This incident highlights the need for companies to accept responsibility for providing Software that is fit for purpose and to highlight what measures it can and has taken to test for and manage this. Just as crucially, companies need to advise and actively encourage their customers to manage their deployment carefully, ensuring that it is rolled out in a managed and monitored way to avoid serious unintended consequences of any change. Such rollouts need to have ways to rapidly highlight major issues, stop and roll them back prior to fuller investigations.
This approach should be routine for Software that affects key aspects of a devices operating system.
There should be significant hazard and risk analyses done and shared with customers, highlighting what further hazard and risk analyses their customers need to do as well.
Is there any serious discussion of these matters regarding legal responsibility for incidents like this one? Some specialised insurance companies must have a strong interest in such matters.
Note, some testing can be challenging, with crucial aspects, such as final packaging of the software, left as trivial and not well managed. The hazard and risk analyses I’ve mentioned need to address such issues.
Responsible organisations and their managers will want to do these things, but will often find they are very limited in what they can do without legal support to provide a fairly level playing field with their competitors. Thus the law needs to address these issues.
Some parts of the article need to address these issues and point people to relevant material. CuriousMarkE (talk) 05:42, 21 July 2024 (UTC)
- These items are way out of scope for this article, which simply details a specific event. Celjski Grad (talk) 07:32, 21 July 2024 (UTC)
What infobox should we use?
I was thinking Template:Infobox bug, but I'm not sure what one would be the best. Lordseriouspig 07:50, 19 July 2024 (UTC)
- Template:Infobox event might be the most appropriate option, in the lack of any obvious alternative. The article at least right now is about the outages, not the specific bug (which is yet to be identified) that might be causing this. Gust Justice (talk) 08:16, 19 July 2024 (UTC)
- We could use event for the article <top> and then use infobox bug for the "technical details" section ZalnaRs (talk) 18:28, 19 July 2024 (UTC)
Impact section already too unwieldy
I know that it's very early days, but the Impact section is already getting out of hand. Is it too early to consider a spinoff? I'm not convinced that the readers are coming to this particular action for an exhaustive list of everyone impacted (a gargantuan list, evidently), and I think we should already start using the summary style, at least for the Impact section. Melmann 08:56, 19 July 2024 (UTC)
- Agree it is getting out of hand with just an inventory of geographic regions. It would seem to make more sense to go sector by sector, as an "IT outage" is more relevant to certain economnic/social impacts, rather than geographic regions. I'd favor of going with headings like "Transportation," "Banking and economics," "Broadcast and communications." Those three alone might account for 50-70% of all entries. - Fuzheado | Talk 09:09, 19 July 2024 (UTC)
- It should be done by sector instead of country. For example, a paragraph on aviation, one on banking, one on TV/media, etc. 2A00:23C8:308D:9E00:7588:FB7E:2907:414F (talk) 09:06, 19 July 2024 (UTC)
- Jinx. Great minds think alike. - Fuzheado | Talk 09:09, 19 July 2024 (UTC)
- Agreed. Should be split off by Sector Wolfstorm94 (talk) 09:39, 19 July 2024 (UTC)
- Good idea. This means we can summarise it all better. For example we can say how airlines were affected (and list major ones) which means we aren't duplicating content when listing every country. ―Panamitsu (talk) 10:07, 19 July 2024 (UTC)
- I've started with a new "Air transport" section and will be moving things there. - Fuzheado | Talk 10:47, 19 July 2024 (UTC)
- I will just add that I'm not sure sectors is necessarily cleaner, it is a bit more confusing to assess impact by country for example with some responses and impacts could being different. Now that some information has moved the impact on Germany or the USA is harder to understand than the yet to be touched Australia section to me.MyacEight (talk) 11:31, 19 July 2024 (UTC)
- Agreed, seems like a more logical way to split it in this context. Benpiano800 (talk) 13:58, 19 July 2024 (UTC)
- Just to provide a counterpoint: I came here specifically for a regional itemization of issues, so the current format was great for my needs. ―Rob Frawley 2nd (talk) 14:58, 19 July 2024 (UTC)
- To be honest, I preferred regional itemisation as well. I can understand both arguments. GhostOfNoMeme 15:46, 19 July 2024 (UTC)
- Fair enough. :-) ―Rob Frawley 2nd (talk) 16:52, 19 July 2024 (UTC)
- To be honest, I preferred regional itemisation as well. I can understand both arguments. GhostOfNoMeme 15:46, 19 July 2024 (UTC)
- Crowdstrike has nearly 24,000 clients as per its last earnings report. That's customers, not devices. kencf0618 (talk) — Preceding unsigned comment added by Kencf0618 (talk • contribs) 09:58, 19 July 2024 (UTC)
- I am in the middle of implementing this sectioning. Are you sure it is an improvement?
- If we don't trim stuff down, it will become a wall of text for each sector. 174.92.25.207 (talk) 15:43, 19 July 2024 (UTC)
- It would be a shame to have to trim significantly. Divided by sector, I feel that there isn't much room to comfortably go into sufficient detail. I would have kept the "Impact by country" with detailed descriptions, and reserved "Impact by sector" for something more akin to "Hospitals were affected in Australia, Brazil, Canada ..." and "Flights were delayed or cancelled in Australia, France, Germany ..." and so on. Maybe that would lead to a cumbersome article with an overwhelming amount of information and repetition, though...
- Either way, there seems to be support for itemising by sector so I think it's worth sticking with it now. GhostOfNoMeme 15:54, 19 July 2024 (UTC)
- Neutral. Please do not delete information about the impact. Users will skim to the section that interests them. -- Dandv 22:04, 19 July 2024 (UTC)
Response
Should Response be listed by country? Currently only has Australian governmental response. TirFarThoinnExpora (talk) 09:26, 19 July 2024 (UTC)
- Either by country or by sector, I reckon, going by a previous conversation above. Procyon117 (talk) 09:54, 19 July 2024 (UTC)
- One initial appraisal is that the travel sector seems to be the hardest hit. https://techcrunch.com/2024/07/19/banks-airlines-brokerage-houses-report-widespread-outages-across-the-globe/ kencf0618 (talk) 10:37, 19 July 2024 (UTC)
- Um, I removed it in [1] without seeing this. Most other editors seemed to disregard the section distinction anyway. 174.92.25.207 (talk) 14:58, 19 July 2024 (UTC)
Too, this is occurring by time zone. We'll need a sortable list... kencf0618 (talk) 10:00, 19 July 2024 (UTC)
- I'm not convinced it's very sensible to have this section. Every W10 corporate and public sector computer which received the CrowdStrike update will now be unbootable until the botched driver update is rolled back. IT departments are going to be very, very busy this weekend, and somebody at CrowdStrike will be looking for a new job. --Ef80 (talk) 10:10, 19 July 2024 (UTC)
- Agree - if it's typical "we're fixing it" type of responses, there's no need to include it. Only unusual or novel examples of responses would seem relevant to a special section. - Fuzheado | Talk 10:45, 19 July 2024 (UTC)
- I would advocate for public official responses, but maybe in one specific response section. Yes, an industry saying "we're working on it" isn't much of anything, but if a world leader or some major political figure starts talking shit about CrowdStrike, calls for better oversight, or erroneously jumps to blame foreign powers, it should get a mention. Schiffy (Speak to me|What I've done) 15:19, 19 July 2024 (UTC)
- Agree - if it's typical "we're fixing it" type of responses, there's no need to include it. Only unusual or novel examples of responses would seem relevant to a special section. - Fuzheado | Talk 10:45, 19 July 2024 (UTC)
Lack of images
This is a huge outage that affects a lot of places in the world but there is little to no images showcassing it ? i added one image of a self checkout being affected by the outage on wikimedia but on twitter i'm seeing a tonne of images of entire airport being shutdown its kind of bizare that none have made their way here no ? should i go to the airport to take more pictures ? Kou~ (talk) 13:29, 19 July 2024 (UTC)
- ive also seen images by social media users showing handwritten boarding passes, i think this could be a good addition to the above suggestion 197.240.106.98 (talk) 13:36, 19 July 2024 (UTC)
- @Koupip: You may have forgotten to save your "one image". In Special:Contributions/Koupip, you didn't edit the article. 174.92.25.207 (talk) 13:41, 19 July 2024 (UTC)
- i edited the french one not the english one as i try to not interfere too much with wikipedia since i suck at it as much as id like to help out lol, french wikipedia is kind of abandoned so i edit it on occassions. should i add the image to the english wiki page too ? the page seems really bloated and still under construction so i feel like it would caus more trouble then its worth no ? Kou~ (talk) 13:49, 19 July 2024 (UTC)
- Please just WP:BOLDly add the image to English Wikipedia. I think you adding the image is beautiful. Don't worry about causing trouble while the page just because the page is under construction, until you are reverted.
- I doubt "french wikipedia ... so i edit it on occassions" after seeing fr:Spécial:Contributions/Koupip. There was a grammatical error (affecter) corrected later. 174.92.25.207 (talk) 14:29, 19 July 2024 (UTC)
- yeah i'm not too good with grammar which is why i don't edit wikipedia at all i just add pictures very rarely when it can help Kou~ (talk) 15:35, 19 July 2024 (UTC)
Nvm, I will boldly add it instead.My edit got blocked by WP:EF 174.92.25.207 (talk) 14:50, 19 July 2024 (UTC)
- i edited the french one not the english one as i try to not interfere too much with wikipedia since i suck at it as much as id like to help out lol, french wikipedia is kind of abandoned so i edit it on occassions. should i add the image to the english wiki page too ? the page seems really bloated and still under construction so i feel like it would caus more trouble then its worth no ? Kou~ (talk) 13:49, 19 July 2024 (UTC)
- I've successfully asked someone on Xiaohongshu to give permission to upload an image of the crowd at an airport during the outage. They haven't put the permissions yet, so once they do it I'll upload the pic. S5A-0043Talk 13:45, 19 July 2024 (UTC)
Windows activation servers down
People from the massgrave project reported that activation was not possible from 0:44 to 0:53 (azure vms started to fail). possibly only US servers? ZalnaRs (talk) 13:57, 19 July 2024 (UTC)
- @ZalnaRs I believe this was part of a separate Azure outage before the crowdstrike incident. This is not relevant to this article. Aveaoz (talk) 09:32, 21 July 2024 (UTC)
Google Cloud and Azure detections
Google Cloud and Azure started reporting bootlooping windows VMs. I think it should be included in the article.[1][2] ZalnaRs (talk) 14:03, 19 July 2024 (UTC)
- Both are now included. I note the Azure status page gets the date wrong; it says 04:09 UTC on the 18th, but it should say the 19th. GhostOfNoMeme 17:47, 19 July 2024 (UTC)
References
Consistency with Time Zones
Most times in the article reference UTC, there is a single use of IST, and 2 rather unhelpful uses of "10:00" and "7:00 a.m".
Is there reason to warrant changing all times to UTC? TirFarThoinnExpora (talk) 14:03, 19 July 2024 (UTC)
- about the IST one, MOS:TIMEZONE allows it. Warm Regards, Miminity (talk) (contribs) 14:20, 19 July 2024 (UTC)
- Aha! Thank you! I'm a rather new editor, so thanks for the link. Kind regards, TirFarThoinnExpora (talk) 18:18, 19 July 2024 (UTC)
- I've taken a look at the sources for the uses of 10:00 and 7:00. They appear to be from sources within UTC+2 timezones, so I've added '(UTC+2)' to them. 🔥HOTm̵̟͆e̷̜̓s̵̼̊s̸̜̃🔥 (talk・edits) 14:33, 19 July 2024 (UTC)
Displaying text as images
I'm concerned that the images of text such as KFC app notice and Vanden Borre website, except the BSOD screenshot itself, may not meet MOS:TEXTASIMAGES. At least for BSOD, it shows us what nearly every person affected saw, and BSODs themselves may have a sort of visceral impact that purely text could not, thus it, in my view, brings a value beyond just the textual content of the image. The other two, however, could be transcribed into one of the divbox templates if the text itself is seen to be of value, so at least the accessibility concerns raised by MOS:TEXTASIMAGES are resolved. Melmann 19:02, 19 July 2024 (UTC)
Only one expert?
Doesn't it seem a bit reactionary putting the opinion of a single expert (Troy Hunt) about the magnitude of the outage in the beginning of the article? Besides, I think he should at least be named to keep it less vague on who this expert is. Iofr (talk) 00:16, 20 July 2024 (UTC)
- They'll be more. Global in impact? Sure. As such, comparable to what? The end of the article basically says that it's the Y2K that happened. Nice bookends. kencf0618 (talk) 11:14, 20 July 2024 (UTC)
- The section needs to be expanded with the commentary published by reliable sources. I've added a section notice to this effect. Melmann 12:11, 20 July 2024 (UTC)
Links in lead
Do we really need to wikilink "computer", "cybersecurity", "software", "crash", etc. in the lead? I really don't think so. We should be able to have an opening sentence or two without linking every other word. GhostOfNoMeme 03:50, 20 July 2024 (UTC)
- Looking much better. GhostOfNoMeme 13:46, 20 July 2024 (UTC)
screencaps of various TV channels that went down?
Perhaps there should be screenshots of the notices broadcast when a number of TV networks went down -- 65.92.247.96 (talk) 06:00, 20 July 2024 (UTC)
- @65.92.247.96 I think they are copyrighted in a way we can't use it ZalnaRs (talk) 09:00, 20 July 2024 (UTC)
- I had considered this early on, e.g. Sky News or CBBC in the UK, but as ZalnaRs mentioned I was unsure of the copyright implications. GhostOfNoMeme 13:51, 20 July 2024 (UTC)
- WP:TOO should be able to cover some of them. A simple message would not be covered under copyright. And if they are all above the threshold, then WP:NFCC should allow use of one of them under a WP:FUR, as a representative of all of them, if none of them fall below WP:TOO. -- 65.92.247.96 (talk) 04:20, 21 July 2024 (UTC)
- @65.92.247.96: Nope, these are covered by TOO because they are based in the UK (where the TOO is extremely low compared in the US, see COM:TOO UK and Typographical copyright). I'll leave the determination if there are fair-use rationale to more experienced people, but I also think that it will not pass the treshold either. 2001:4453:59F:A200:F961:EA9:D4F3:54A7 (talk) 08:11, 21 July 2024 (UTC)
- WP:TOO should be able to cover some of them. A simple message would not be covered under copyright. And if they are all above the threshold, then WP:NFCC should allow use of one of them under a WP:FUR, as a representative of all of them, if none of them fall below WP:TOO. -- 65.92.247.96 (talk) 04:20, 21 July 2024 (UTC)
Why <code> is used for a file name and a directory
Help:Wikitext says "Small chunks of source code within a line of normal text. Code is displayed in a monospace font." However are a file name and a directory small chunks of source code?
"deleting any .sys
file beginning with C-00000291-
in the %windir%\System32\drivers\CrowdStrike\
directory." is wierd.
"deleting any .sys file beginning with C-00000291- in the %windir%\System32\drivers\CrowdStrike\ directory."
or
"deleting any ".sys" file beginning with "C-00000291-" in the "%windir%\System32\drivers\CrowdStrike\" directory." is better.
―― Phoenix7777 (talk) 11:08, 20 July 2024 (UTC)
- Endorse using monospaced font – it's useful to see filenames and commands from that Microsoft DOS context distinct from the Wikipedia article prose. It's a standard practice in technical documentation and writing to do this in service to the reader. - Fuzheado | Talk 12:07, 20 July 2024 (UTC)
- Exactly what Fuzheado said. This is not a standard prose, rather a computing related technical terminology. It is required to distinguish it from normal prose. — DaxServer (t·m·e·c) 12:12, 20 July 2024 (UTC)
- I would leave it in monospace. This is how I would write docs for work, too. They aren't quite source code, true, but I think it suits the article well and benefits the reader to clearly distinguish these parts in a technical context. GhostOfNoMeme 13:50, 20 July 2024 (UTC)
Dulles Airport Photo
The photo taken of the BSOD in Dulles Airport appears to be edited. It does not display the entire message. In addition, the message encroaches on the physical border of the display in the lower-right edge. Obviously edited photos like these affect the reputation of Wikipedia and its legitimacy as a source. 2601:703:4180:22C0:A935:B53F:B5E9:215B (talk) 15:30, 20 July 2024 (UTC)
- No one has edited the picture, it’s a resolution mismatch between the computer and the monitor, along with a borderless display and JPEG image compression artifacting. Celjski Grad (talk) 16:53, 20 July 2024 (UTC)
Driver or Content Update?
The president of Crowd Strike has just posted to Twitter/X that the issue was a faulty content update. Would this not be different to a driver update as written in the article? Should we change to content update? BeigeTeleprinter (talk) 10:48, 19 July 2024 (UTC)
- Are those two statements contradictory though? A driver is just a more specific description of the "content." - Fuzheado | Talk 10:51, 19 July 2024 (UTC)
- "Content" is just management PR bullshit. They rolled out a kernel driver update without testing it properly on W10. --Ef80 (talk) 11:15, 19 July 2024 (UTC)
- And none of the end users checked it before rolling it out either? 2A0A:EF40:10B2:D801:4960:9247:5147:8900 (talk) 11:23, 19 July 2024 (UTC)
- The updates install automatically without user intervention. Most Windows updates happen like that now, particularly in the corporate world. --Ef80 (talk) 12:38, 19 July 2024 (UTC)
- And none of the end users checked it before rolling it out either? 2A0A:EF40:10B2:D801:4960:9247:5147:8900 (talk) 11:23, 19 July 2024 (UTC)
- The files in question are not drivers. They are rather more configuration files that are loaded by the CrowdStrike sensor driver and controls it's behavior.
- The format of those files is proprietary but it's easily possible to verify that they are not valid drivers. 2003:DE:9727:7A1E:E9AB:32B4:B808:A188 (talk) 11:39, 19 July 2024 (UTC)
- Per Ef80, I don't understand "content update". Perhaps "Configuration update"? 174.92.25.207 (talk) 13:44, 19 July 2024 (UTC)
- Primary sources (MS, CS) are calling it a "channel file" Does anyone know what a channel file is? — Preceding unsigned comment added by 1.159.91.86 (talk) 06:24, 20 July 2024 (UTC)
Impact on the Government of the United States
This edit request by an editor with a conflict of interest was declined. Unclear request |
I'm a civilian employee of the US government and noticed that the impact on us has yet to be mentioned. I know my agency was hit due to the BSOD on my government-issued laptop referencing csagent.sys; OPM was presumably hit as well, the operating status hasn't been updated since yesterday morning. –Skywatcher68 (talk) 17:30, 19 July 2024 (UTC)
- I started a section on this. Atubofsilverware (talk) 17:47, 19 July 2024 (UTC)
- I see a COI tag got added. Nonetheless, the effects on the US gov are important, so they should stay on the page. Atubofsilverware (talk) 17:53, 19 July 2024 (UTC)
- Not done for now: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format. Melmann 18:50, 19 July 2024 (UTC)
- It was done; see the bottom of the Social services section. It's a rough start but it's generally what they requested. Atubofsilverware (talk) 18:51, 19 July 2024 (UTC)
Withdrawal of race car?
In the Response section, how is the withdrawal of a car from a race part of a response to the company's faulty software update? The cited source does not explain this. —Finell 19:45, 19 July 2024 (UTC)
- The driver, Sponsor was Crowdstrike and their CEO.
- the car was withdrew in the aftermath of the outage. AidenT06 (talk) 20:24, 19 July 2024 (UTC)
Name change to 2024 global outage?
In my reasoning, I believe that since most people will recognise this as a significant outage with large damages and huge consequences, and it is likely to be historic with not many knowing the backstory, it would make sense to change the name to “2024 Global Outage.” JulesTheKilla (talk) 14:00, 21 July 2024 (UTC)
- Rather than starting a new thread, please see the existing discussion above in #Requested move 19 July 2024. - Fuzheado | Talk 14:11, 21 July 2024 (UTC)
English Grammar
Can we follow American English by saying "July 19, 2024" instead of "19 July 2024"? Please. 2601:40A:8400:1820:41C7:7591:2AE9:2851 (talk) 19:24, 19 July 2024 (UTC)
- See the above discussion. GhostOfNoMeme 19:28, 19 July 2024 (UTC)
Frownie face
We have File:CrowdStrike blue screen of death.png (QR-code BSoD), but another common BSoD shown on the news was the unhappy-face emoticon version. That should be made available either in a gallery here, or on COMMONS, if someone has it to upload -- 65.92.247.96 (talk) 22:36, 21 July 2024 (UTC)
- It's worth keeping in mind that many news articles simply used 'example' BSoD images (with the smiley) to illustrate a typical BSoD to readers, sometimes without making it clear that it wasn't an image from the event.
Do we even know if anyone impacted by this incident actually received a 'smiley' BSoD?Edit: article image contains such a face – my bad. GhostOfNoMeme 08:50, 23 July 2024 (UTC)- The top of the article contains a picture of a luggage retrieval area at the LaGuardia Airport with a prominent unhappy-face emoticon that is clearly from this event (and another one from Dulles). — BarrelProof (talk) 17:40, 23 July 2024 (UTC)
- Gah, you're right! Thanks for pointing that out. I hadn't even noticed it was updated. GhostOfNoMeme 19:58, 23 July 2024 (UTC)
- The top of the article contains a picture of a luggage retrieval area at the LaGuardia Airport with a prominent unhappy-face emoticon that is clearly from this event (and another one from Dulles). — BarrelProof (talk) 17:40, 23 July 2024 (UTC)
Title should be more specific
There was a similar incident where crowdstrike pinned CPUs to 100% until devices were updated and restarted just 3 weeks ago at end of June, which was less impactful.
- https://twitter.com/BushidoToken/status/1806630671051378868
- https://old.reddit.com/r/crowdstrike/comments/1dqckk5/cs_messed_up_cpu/
The title should probably be more specific with this in mind. "July 2024 CrowdStrike incident" perhaps? Or perhaps we can include a section to also mention this. Aveaoz (talk) 15:11, 19 July 2024 (UTC)
- I agree, we should make the title more specific.
- I don't think it's appropriate to include a section on this article that mentions a separate (unrelated) incident. Jtbwikiman (talk) 15:26, 19 July 2024 (UTC)
- There is a contested request at Wikipedia:Requested moves/Technical requests by Luminism to move the article to July 2024 global IT outages. --Ahecht (TALK
PAGE) 15:39, 19 July 2024 (UTC) - But since that incident doesn't have an article or even a mention at CrowdStrike, that is no reason to change the article title. Gråbergs Gråa Sång (talk) 15:59, 19 July 2024 (UTC)
- Sounds to me like the June incident probably fails WP:N. Unlike today's incident. 🔥HOTm̵̟͆e̷̜̓s̵̼̊s̸̜̃🔥 (talk・edits) 16:15, 19 July 2024 (UTC)
- The title needs to be more specific. Many sources say it is an outrage, while the title implies that it is an incident. Maybe start a requested move? ToadetteEdit! 16:42, 19 July 2024 (UTC)
- Or wait a few days. This article is like 10h old. Gråbergs Gråa Sång (talk) 16:50, 19 July 2024 (UTC)
- Agreed, "outrage" is rather tabloid in the circumstances. It's certainly a massive corporate screwup by CS though, and we'll have to see what's left of the company after the many, many lawsuits have beed settled. --Ef80 (talk) 17:06, 19 July 2024 (UTC)
- I believe Toadette means "outage", instead of "outrage". GhostOfNoMeme 17:29, 19 July 2024 (UTC)
- Agreed, "outrage" is rather tabloid in the circumstances. It's certainly a massive corporate screwup by CS though, and we'll have to see what's left of the company after the many, many lawsuits have beed settled. --Ef80 (talk) 17:06, 19 July 2024 (UTC)
- Or wait a few days. This article is like 10h old. Gråbergs Gråa Sång (talk) 16:50, 19 July 2024 (UTC)
- We could do a topbar. and say not to be confused with this ZalnaRs (talk) 18:50, 19 July 2024 (UTC)
- When we have a "not to be confused with", that usually refers to another WP-article. Gråbergs Gråa Sång (talk) 20:45, 19 July 2024 (UTC)
- Given the disparity between the notoriety of these two events, this feels unnecessary to me. It's like saying Barack Obama is not to be confused with my friend Barack, who works at McDonald's. Jtbwikiman (talk) 21:28, 19 July 2024 (UTC)
Draft:Impact of the 2024 CrowdStrike incident
An editor has created a draft about the impact. Thoughts? Curb Safe Charmer (talk) 17:47, 20 July 2024 (UTC)
- As it exists now, it is an improper wholesale copy/paste of the "Impact" section of this article and could be considered a copyright violation. - Fuzheado | Talk 17:54, 20 July 2024 (UTC)
- From how unwieldy the section has become, I think moving it to a separate article and shortening this section with more concise information would be would be better. 187.0.175.230 (talk) 23:23, 20 July 2024 (UTC)
- It really isn't that long compared to other articles of this type. - Fuzheado | Talk 07:18, 22 July 2024 (UTC)
- From how unwieldy the section has become, I think moving it to a separate article and shortening this section with more concise information would be would be better. 187.0.175.230 (talk) 23:23, 20 July 2024 (UTC)
Silly question, but why wasn't a WP:SPLIT proposal made? Limmidy (talk) 23:50, 20 July 2024 (UTC)
- I also shared that concern here: Draft talk:Impact of the 2024 CrowdStrike incident. - Fuzheado | Talk 06:29, 21 July 2024 (UTC)
- FYI, SafariScribe moved it from draft to main space, and I have reverted it, moving it back to draft over concerns about improper WP:SPLIT and copyright. - Fuzheado | Talk 14:09, 21 July 2024 (UTC)
Remedy - no mention of Bitlocker as a complicating factor
Under Remedy, the basic solution is mentioned. The difficulty of performing the remedial actions is mentioned. However, a significant complication in the process is the reality that a large proportion of the affected machines are corporate machines that utilise Bitlocker, and there are additional complicating steps that this incurs. There have been reports that people have not been able to obtain their Bitlocker keys because of the systems storing them being compromised. I know of an affected individual following the instructions from an IT dept as to now to obtain the Bitlocker key for the affected machine discovering that the system was not able to report a Bitlocker key for the machine. It seems to me that the Remedy section should probably at least mention the possibility/probability of the additional work involved when Bitlocker was used, and the additional impacts experienced by IT ops as a result.
MS instructions including Bitlocker path: https://support.microsoft.com/en-us/topic/kb5042421-crowdstrike-issue-impacting-windows-endpoints-causing-an-0x50-or-0x7e-error-message-on-a-blue-screen-b1c700e0-7317-4e95-aeee-5d67dd35b92f
Crowdstrike document on attempting a fix without Bitlocker keys: https://www.crowdstrike.com/wp-content/uploads/2024/07/Bitlocker-recovery-without-recovery-keys.pdf Fivey (talk) 01:20, 21 July 2024 (UTC)
Given the topical updates on the cause of the incident, note there is currently a draft awaiting review for Patch management. Tule-hog (talk) 09:47, 21 July 2024 (UTC)
- Publish and be damned! It looks well referenced and written... Copy the contents of the draft onto a new page template... 92.8.77.232 (talk) 20:59, 21 July 2024 (UTC)
Which Windows OS?
The article doesn't specify which Windows versions. Are the versions 10 and 11? Unsure whether CrowdStrike still offers updates for its software on Windows 7. George Ho (talk) 12:11, 19 July 2024 (UTC)
- It appears to be W10 systems that are affected. Presumably CS developed the update on W11 and didn't test it on properly on W10. --Ef80 (talk) 12:46, 19 July 2024 (UTC)
- According to Cyber Security News it is at least Windows 10 and 11, although I don’t know where they have this information from. BeigeTeleprinter (talk) 12:47, 19 July 2024 (UTC)
- From Cyberstrikes own blog It is stated as being Windows 7.11 and above. I changed this already based on this source, but I'm not experienced here so please let me know if I've made a mistake.MeshBlair (talk) 06:06, 20 July 2024 (UTC)
- "Windows 7.11"? Is there such a thing? (Not to be confused with iCloud for Windows version 7.11, superseded by version 7.12 and later ver 14.1.) George Ho (talk) 17:58, 20 July 2024 (UTC)
- @MeshBlair, you're misunderstanding the source. When it says, "Customers running Falcon sensor for Windows version 7.11 and above [...] may be impacted," that version number is not referring to Windows, but to "Falcon sensor for Windows". That is, that 7.11 version number is referring to the Falcon sensor, not to Windows. —Lowellian (reply) 01:41, 21 July 2024 (UTC)
- Ah yes, you're definitely right now after a re-read. Sorry about that! MeshBlair (talk) 05:05, 22 July 2024 (UTC)
- On a personal note, in my workplace only the windows machines with a TPM were affected, the older windows machines without a TPM were unaffected. This has some interesting security risks for the future. 124.170.217.121 (talk) 14:00, 20 July 2024 (UTC)
Non-correlatable information from NoypiGeeks
I've been trying to find another source that would confirm that "telecommunications, radio and TV broadcasts were affected in the Philippines" and "Supermarkets in the Philippines were affected due to crashed POS systems." as asserted in the NoypiGeeks citation (https://www.noypigeeks.com/computers/windows-outage-affecting-workers-industries/) but the other sources only stated disruptions in some government agencies, local airlines and banking services, but none in relating to telecommunications nor broadcasting. - 2001:4453:59F:A200:DD0D:5C5D:B60F:C71 (talk) 18:16, 20 July 2024 (UTC)
- It has been confirmed that telecommunications are not affected in the Philippines, so I have deleted the statement about telecommunications. AnimMouse (talk) 12:12, 22 July 2024 (UTC)
XKCD
Randall is being nicely topical — see XKCD 2961 published on Friday. Is it too soon for an "In popular culture" section? — GhostInTheMachine talk to me 11:29, 21 July 2024 (UTC)
- The way I see it, citing a third party work can only be justified if WP:RS commentary uses it as a point of reference. Us just choosing to feature a single webcomic over any other (I'm sure many hundreds were made on the topic) seems arbitrary. Melmann 11:49, 22 July 2024 (UTC)
DMY dates and American English?
This combination seems inconsistent with MOS:TIES. Using MDY dates seems more appropriate. — BarrelProof (talk) 15:07, 19 July 2024 (UTC)
- It was originally written with tag {{Use New Zealand English}} and dmy dates [2]. We should not be defaulting to American English and date formats for a worldwide event. MOS:TIES does not demand use of American English, since it is a worldwide event, and the fact that it's a US company is trivial in comparison to the worldwide nature of the event. If anything, it should be switched back to New Zealand English (or similar Commonwealth English) as per MOS:RETAIN. Joseph2302 (talk) 15:16, 19 July 2024 (UTC)
- It currently says to use American English. It's about a faulty patch released by an American company for computers running an operating system from another American company. It was first observed in virtual computers running on a cloud computing system of an American company, and the source of the problem was identified about three hours later by another American company. — BarrelProof (talk) 15:22, 19 July 2024 (UTC)
- The impact is worldwide, but I don't believe it's fair to say the US connection is "trivial". CrowdStrike and Microsoft are American companies. GhostOfNoMeme 15:27, 19 July 2024 (UTC)
- And so is Google, which was who identified the source of the problem. — BarrelProof (talk) 15:36, 19 July 2024 (UTC)
- (edit conflict) It's about a worldwide outage that affected many companies and countries, not just the US. That's enough reason not to default to one countries' spellings/date formats, and apply MOS:RETAIN instead. Joseph2302 (talk) 15:28, 19 July 2024 (UTC)
- But if it's going to use DMY dates, it shouldn't be using American English. If it's going to use American English, it shouldn't be using DMY dates. The current combination doesn't make sense. — BarrelProof (talk) 15:32, 19 July 2024 (UTC)
- I would be happy with a switch to {{Use New Zealand English}} or {{Use British English}}, then, especially in light of the article's use of {{Use dmy dates}}. I have no strong opinion. But the current mismatch between dates and variety of English is worth addressing. GhostOfNoMeme 15:39, 19 July 2024 (UTC)
- It is a worldwide event, and the very first revision is clear in using {{Use New Zealand English}}. Per MOS:RETAIN, it should be used in this article. MOS:TIES does not apply since CrowdStrike is not the subject of the article, and the event itself is worldwide. You could just as easily say that MOS:TIES should be with Australia/New Zealand since the majority of early impact/reporting was in those timezones. Melmann 16:30, 19 July 2024 (UTC)
- The logic is that it happens worldwide, and especially in Australia/New Zealand. Why not use
{{engvarb}}
instead, and dmy dates. It should not use American English. ToadetteEdit! 16:39, 19 July 2024 (UTC)- Not "especially" in NZ, AUS -- but due to timing of the update, NZ/AUS noticed it before USA. 1.159.91.86 (talk) 06:28, 20 July 2024 (UTC)
- I agree with BarrelProof that we should be using American English, given that the companies involved are all American and the impact seems to be spread pretty evenly worldwide. I don't see that it's especially bad in Australia/NZ, that impression may just be because of the time that it started (2PM AEST vs midnight EST) leading to it being noticed earlier there, or also customized search/news results based on user location. Kdroo (talk) 17:50, 19 July 2024 (UTC)
- At this stage (and considering MOS:RETAIN per the above) I think it's best left with New Zealand English (and dmy dates). GhostOfNoMeme 18:29, 19 July 2024 (UTC)
- There is insufficient justification for enforcing NZ English here. We have American companies on both counts - Microsoft as the main platform, and CrowdStrike as the one that caused the error. - Fuzheado | Talk 18:48, 19 July 2024 (UTC)
- MOS:RETAIN is settled policy and therefore plenty of justification. If you wish to argue for MOS:TIES then you need to build a broad consensus for the change. Melmann 08:31, 20 July 2024 (UTC)
- I have no opinion on which variety of English should be used, but as to your comment
MOS:RETAIN is settled policy
, the top of that page actually says that it's a guideline, not a policy. Thus, if there is consensus on this talk page to use American English here, I think MOS:RETAIN can be overridden in this specific case. – Epicgenius (talk) 18:08, 20 July 2024 (UTC)- Strongly concur with User:Epicgenius. We're talking about an American company and the largest impacts of its error were felt by American companies, especially airports and airlines. MOS:TIES should control here. --Coolcaesar (talk) 19:29, 20 July 2024 (UTC)
- That's a very single-minded, America-centric view of the issue. If you want to see the article abandon one region, the move should be towards something standards based, not another region, regardless of economy size. BlakJakNZ (talk) 04:00, 21 July 2024 (UTC)
- Yes it is very US centric!! I oppose any change. 92.40.196.209 (talk) 22:58, 23 July 2024 (UTC)
- That's a very single-minded, America-centric view of the issue. If you want to see the article abandon one region, the move should be towards something standards based, not another region, regardless of economy size. BlakJakNZ (talk) 04:00, 21 July 2024 (UTC)
- Strongly concur with User:Epicgenius. We're talking about an American company and the largest impacts of its error were felt by American companies, especially airports and airlines. MOS:TIES should control here. --Coolcaesar (talk) 19:29, 20 July 2024 (UTC)
- I have no opinion on which variety of English should be used, but as to your comment
- MOS:RETAIN is settled policy and therefore plenty of justification. If you wish to argue for MOS:TIES then you need to build a broad consensus for the change. Melmann 08:31, 20 July 2024 (UTC)
- Concur with retaining NZ English, or some form of worldwide English - this is a worldwide event, not specific to the US. pcuser42 (talk) 22:25, 20 July 2024 (UTC)
- NZ English is not worldwide English, is it? The most common and established English variants are American and British. Out of the two, American seems to make more sense due to reasons stated above Oneequalsequalsone (talk | contribs) 23:01, 21 July 2024 (UTC)
- Per other reasons stated above, effects of this incident were felt worldwide, not just in the US. I don't think the ties are strong enough to justify US English given the massive scale of what happened. pcuser42 (talk) 23:20, 21 July 2024 (UTC)
- I'm not necessarily saying this article should use it, but the closest thing to worldwide English is Oxford English, corresponding to {{Use Oxford spelling}}. It is used by the United Nations, the International Organization for Standardization, the WTO, NATO, the ICRC, and many other international organizations (see the Oxford English article for further detail). It is also very close to Canadian English. — BarrelProof (talk) 01:46, 22 July 2024 (UTC)
- For this particular article, there is a clear and close connection to the United States, and I think it would be best to use American spelling and MDY dates. (I didn't directly say that before, although my comments may have leaned in that direction.) CrowdStrike is a U.S. company that makes a product built to work in the context of an operating system made by another U.S. company. — BarrelProof (talk) 02:23, 22 July 2024 (UTC)
- MOS:RETAIN justifies keeping UK English over US English. There is no basis to go through changing s -> z, etc. However, I don’t think we should keep it as NZ English - that’s an odd, niche choice which leaves editors wondering if there are any peculiarities about that regional variant. There is no geographical or political nexus to NZ here. Local Variable (talk) 02:09, 22 July 2024 (UTC)
- MOS:RETAIN says to keep the variety of first significant contribution, in this case NZ English. No English variety is more justified than another, as there is no objectively correct way to write English. The only other valid argument for WP:ENGVAR change is MOS:TIES, but it does not apply since this was a worldwide event.
- Also, American English is niche as well, only 17% of English speakers use it. Melmann 11:45, 22 July 2024 (UTC)
- Yeah, I don't necessarily agree with other editors that MOS:TIES applies here. Consider the WannaCry ransomware attack article: the attack used American NSA tools and targeted Microsoft Windows machines. Both the NSA and Microsoft are American, and yet the article uses British English and dmy dates (with the only talk page discussion explicitly invoking MOS:RETAIN). This event may have been caused by CrowdStrike, a US company, but the article is dedicated to the incident and outages that resulted; a truly global affair, just like the WannaCry attack. I don't think there are particularly "strong national ties", here, so MOS:RETAIN applies. GhostOfNoMeme 12:35, 22 July 2024 (UTC)
- Would you call the first contributions significant? Also, it results in confusion. I don’t consider RETAIN binds us to it. Unlike a change to US English, it doesn’t require overhauling the article. It is simply a recognition than NZ English is not appropriate. I think it’s also important to hear in mind why retain exists - it’s fundamentally to stop wars between contested variants where two might arguably apply, and disputes between US and UK English causing big edit wars. Neither applies here. Local Variable (talk) 12:36, 22 July 2024 (UTC)
- I'm open to using {{Engvarb}} instead of NZ English. pcuser42 (talk) 21:10, 22 July 2024 (UTC)
- Your argument rests on the assertion that NZ English is not appropriate, but I've seen no evidence to support this. No variety is more or less appropriate. There is no with benefit in spelling things with -ise or -ize, it's merely that advocates for the Oxford/American variety are not used to it. But if we're writing in such a global pluricentric language such as English, putting up with a non-local variant is simply the price of admission. For a global event such as this one, the dice fell on first contribution being NZ English, and thus we retain it. Melmann 14:32, 23 July 2024 (UTC)
- Retain expressly provides that consensus may be to the contrary and a change is acceptable if it reduces confusion. It is incredibly confusing to have a regional variant with no link to the article. And no, it is instead the price of adopting too harsh a view of policy leaving no room for consensus-based decisions. Local Variable (talk) 15:13, 23 July 2024 (UTC)
- NZ English is not worldwide English, is it? The most common and established English variants are American and British. Out of the two, American seems to make more sense due to reasons stated above Oneequalsequalsone (talk | contribs) 23:01, 21 July 2024 (UTC)
- There is insufficient justification for enforcing NZ English here. We have American companies on both counts - Microsoft as the main platform, and CrowdStrike as the one that caused the error. - Fuzheado | Talk 18:48, 19 July 2024 (UTC)
- At this stage (and considering MOS:RETAIN per the above) I think it's best left with New Zealand English (and dmy dates). GhostOfNoMeme 18:29, 19 July 2024 (UTC)
- The standard ISO 8601 for dates is YYYY-MM, YYYY-MM-DD or YYYYMMDD and should be used in all articles whose expected viewership is more than regional. — Preceding unsigned comment added by 2603:6000:aa00:151f::193b (talk • contribs) 19:55, 19 July 2024 (UTC)
- The Wikipedia guideline MOS:BADDATE does not consider that date format acceptable for Wikipedia. It says to use it "Only in limited situations where brevity is helpful". — BarrelProof (talk) 21:33, 19 July 2024 (UTC)
- Per WP:MOSTIES this article should be in American English: both Crowdstrike and Microsoft are U.S. companies and this event originated in the United States. TIES supersedes RETAIN when there are clear national-ties to a subject as there is when the two companies most involved are from one country, and the company which identified the cause is also from that country. Avgeekamfot (talk) 04:04, 22 July 2024 (UTC)
- I don’t agree with this application. It’s a worldwide incident. Local Variable (talk) 04:46, 22 July 2024 (UTC)
- That reasoning hasn't necessarily held in the past. The WannaCry ransomware attack involved two American entities, the NSA and Microsoft, and yet the article uses British English per MOS:RETAIN. Both were global incidents; the source of the incident being an American company doesn't make for a "strong national tie" in my opinion, otherwise we'd use British English for the BP oil spill. ;) GhostOfNoMeme 12:40, 22 July 2024 (UTC)
- Focus on the big picture. We're talking about an cybersecurity incident where the majority of the impact was sustained in the United States, in terms of the number of people affected and potential monetary damages incurred.
- For three days, the Delta subreddit on the Reddit site has been full of horror stories from traumatized Delta passengers, crew and other personnel dealing with the airline's worst meltdown since 2017. YouTube has plenty of videos too. Thousands of people spent the weekend living rough in Hartsfield-Jackson because Metro Atlanta doesn't have enough hotel rooms for an emergency like this. Smaller numbers have been reported at other airports like Minneapolis and Salt Lake City. And the end of the mess is still nowhere in sight, with 500 more flights cancelled by Delta this morning. With about 5,000 flights cancelled by Delta to date, we're talking about several hundred thousand people who are now stuck waiting for days for seats on later flights, or having to spend several thousand dollars for last-minute tickets on other airlines or other modes of transport to salvage their travel plans. --Coolcaesar (talk) 15:17, 22 July 2024 (UTC)
- @Coolcaesar
We're talking about an cybersecurity incident where the majority of the impact was sustained in the United States, in terms of the number of people affected and potential monetary damages incurred.
[citation needed] Melmann 14:36, 23 July 2024 (UTC)- It's basic arithmetic. As most experienced travelers are aware, Delta's fleet of 988 aircraft is the largest in the world. They claimed to have passenger load factors over 90% this summer. Assuming a conservative number of about 150 booked passengers on average (although Delta also flies over 430 A350s that can hold over 300) and over 5,500 cancelled flights, we're talking about at least 825,000 people affected by flight cancellations. That's not including the millions more whose flights were delayed.
- The CrowdStrike outage got a lot of press and then in most countries, everyone rebooted and rolled back the affected Windows PCs. Then the story went away by Monday. In the United States, the story is still going strong on the fifth day in all major national news outlets (television, print, and online) because Delta is stuck in the middle of an operational meltdown with passengers and baggage stuck all over the country. For example, the NYT, the LAT, and the WP ran stories this morning. The point is that it was an American incident and it is continuing to have the greatest and longest lasting impact in the United States. --Coolcaesar (talk) 20:39, 23 July 2024 (UTC)
- Do we have reliable sources corroborating any such statistics? We can't rely on WP:OR. GhostOfNoMeme 21:26, 23 July 2024 (UTC)
- If you bothered to click on the first link in the comment, you would find a source cited in the first sentence of the article that says Delta's fleet currently contains 1,274 aircraft. But I don't think you're really interested in getting an answer to your question, and the specifics aren't especially important here. Delta is a large airline – apparently the largest commercial fleet in the world. It dominates the Atlanta Hartsfield–Jackson airport, which is the busiest airport in the world. (The number of A350s looks like an overcount – they appear to have 30 of them.) — BarrelProof (talk) 21:42, 23 July 2024 (UTC)
- To clarify, I was asking specifically regarding
825,000 people affected by flight cancellations
, not fleet numbers. I'm aware it's a rough calculation. Maybe it's even an accurate one, I don't know. All I'm asking is whether we have these statistics in reliable sources. GhostOfNoMeme 22:06, 23 July 2024 (UTC) If you bothered to click on the first link in the comment, you would find a source cited in the first sentence of the article that says Delta's fleet currently contains 1,274 aircraft.
- Also that article isn't even consistent in the figure. It opens saying 988 aircraft. The first reference then gives 1,274, but the reference given under Current fleet says 988 again. GhostOfNoMeme 22:19, 23 July 2024 (UTC)
- The exact number doesn't matter here. This isn't an article about Delta. If I understand correctly, the 988 number is six months old. What difference does it make here? — BarrelProof (talk) 01:20, 24 July 2024 (UTC)
- If we're using these statistics to reason during a discussion I would argue it matters whether they are correct or not. GhostOfNoMeme 01:26, 24 July 2024 (UTC)
- When thinking about which spelling convention to use in an article about a software bug disruption that wasn't caused by Delta and didn't affect the airplanes themselves, it doesn't matter whether Delta has 500 aircraft or 1500 aircraft in its fleet. — BarrelProof (talk) 01:39, 24 July 2024 (UTC)
- I agree. The spirit of my initial reply was to question the use of WP:OR ("[which] includes any analysis or synthesis of published material that reaches or implies a conclusion not stated by the sources") in making an argument based on these statistics. Melmann merely asked for a source and I think that's a very fair request; what followed in response seemed like WP:SYNTH which I simply queried. GhostOfNoMeme 02:40, 24 July 2024 (UTC)
- When thinking about which spelling convention to use in an article about a software bug disruption that wasn't caused by Delta and didn't affect the airplanes themselves, it doesn't matter whether Delta has 500 aircraft or 1500 aircraft in its fleet. — BarrelProof (talk) 01:39, 24 July 2024 (UTC)
- If we're using these statistics to reason during a discussion I would argue it matters whether they are correct or not. GhostOfNoMeme 01:26, 24 July 2024 (UTC)
- The exact number doesn't matter here. This isn't an article about Delta. If I understand correctly, the 988 number is six months old. What difference does it make here? — BarrelProof (talk) 01:20, 24 July 2024 (UTC)
- To clarify, I was asking specifically regarding
- If you bothered to click on the first link in the comment, you would find a source cited in the first sentence of the article that says Delta's fleet currently contains 1,274 aircraft. But I don't think you're really interested in getting an answer to your question, and the specifics aren't especially important here. Delta is a large airline – apparently the largest commercial fleet in the world. It dominates the Atlanta Hartsfield–Jackson airport, which is the busiest airport in the world. (The number of A350s looks like an overcount – they appear to have 30 of them.) — BarrelProof (talk) 21:42, 23 July 2024 (UTC)
- None of this justifies a change to US English. This is simply not an incident which can be said to have strong national ties to any one region. National ties, perhaps, given CrowdStrike and Windows are American. However, the article is about the incident, not those products. It was a worldwide incident. The argument the effect on America was greater is questionable and in fact its effects were first noticed in Australia/New Zealand. Even if there were national ties to the US here, which is doubtful, there are not strong ties. Certainly not ties strong enough to overcome the force of justification to RETAIN. The article should not be changed to US English. Local Variable (talk) 02:52, 24 July 2024 (UTC)
- I agree. And regardless, for the claim that
the majority of the impact was sustained in the United States
to be of any merit in this discussion we absolutely should expect some non-WP:SYNTH reliable sources. Back-of the-envelope calculations mean very little. And even if we grant that claim, would it establish "strong national ties"? I'm doubtful. GhostOfNoMeme 03:15, 24 July 2024 (UTC)
- I agree. And regardless, for the claim that
- Do we have reliable sources corroborating any such statistics? We can't rely on WP:OR. GhostOfNoMeme 21:26, 23 July 2024 (UTC)
- @Coolcaesar
- Per WP:MOSTIES this article should be in American English: both Crowdstrike and Microsoft are U.S. companies and this event originated in the United States. TIES supersedes RETAIN when there are clear national-ties to a subject as there is when the two companies most involved are from one country, and the company which identified the cause is also from that country. Avgeekamfot (talk) 04:04, 22 July 2024 (UTC)
- The Wikipedia guideline MOS:BADDATE does not consider that date format acceptable for Wikipedia. It says to use it "Only in limited situations where brevity is helpful". — BarrelProof (talk) 21:33, 19 July 2024 (UTC)
- Let's stick to New Zealand English because of MOS:RETAIN. To change it we need clear consensus and we're divided here.... I apologize on behalf of my fellow americans who are so unfamiliar with seeing different types of English lol 92.40.196.205 (talk) 22:55, 23 July 2024 (UTC)
Calling a finite and countable number of clients "innumerable"
made me stop reading this entry right after the first sentence. Unscientific, hyperbolic, and unfactual. 50.46.244.66 (talk) 02:27, 20 July 2024 (UTC)
- One of the definitions of "innumerable" is "too many to be counted". You're just arguing over semantics here. 0xC0000005 (talk) 02:49, 20 July 2024 (UTC)
- Entry: the sky is red
- I: that's factually incorrect
- You: it is factually incorrect but you're arguing over semantics
- lol 50.46.244.66 (talk) 05:04, 20 July 2024 (UTC)
- "Innumerable" in English means more than whatever narrow definition you're giving it. It fits. GhostOfNoMeme 03:34, 20 July 2024 (UTC)
- Hyperbolic??? Perhaps, a bit; but it's hard to count while the full extent is currently unknown. "Innumerable" in the vernacular sense does not mean "uncountable" in the mathematical sense. DWIII (talk) 04:54, 20 July 2024 (UTC)
- That's a real problem. Wikipedia articles should generally avoid hyperbolic language. I see this as a definition of innumerable: "too many to be counted (often used hyperbolically)". You admit the usage in the article doesn't follow the mathematical sense, so it is hyperbolic and that's unnecessary and just bad. The idea that the crashes can't be counted is also stupid. CrowdStrike knows exactly how many computers received the bad update. Not all of them crashed, but this is a strict upper bound. Using "innumerable" in an encyclopedia article when there is a known upper bound and reasonable estimates on the lower side is simply a very poor choice. 165.189.255.50 (talk) 05:03, 20 July 2024 (UTC)
- "A large number of", perhaps? It seems very difficult to quantify right now. GhostOfNoMeme 06:15, 20 July 2024 (UTC)
- We now have the opposite problem – "caused a large number of" understates the impact. Trying better middle path wording:
"caused widespread problems as computers and virtual machines running Microsoft Windows crashed and were unable to properly restart."
- Fuzheado | Talk 12:24, 20 July 2024 (UTC)- That's good, I like that. Hopefully we get hard statistics (e.g. "$x devices impacted") in reliable sources, at some stage. I've searched but, unsurprisingly, I see nothing yet beyond guesstimation. GhostOfNoMeme 13:18, 20 July 2024 (UTC)
- Numbers are starting to come through now - approx. 8.5 million devices [3] pcuser42 (talk) 22:22, 20 July 2024 (UTC)
- They were innumerable because they hadn't been counted. It took a while to estimate... kencf0618 (talk) 21:09, 21 July 2024 (UTC)
- Innumerable means cannot be counted not too lazy to be arsed.
- BTW, the $ damage was already being estimated while we discuss whether the number of clients impacted can be determined. 50.46.244.66 (talk) 03:28, 22 July 2024 (UTC)
- You might want to check your definitions. https://en.wiktionary.org/wiki/innumerable - "Of a very high number; extremely numerous" pcuser42 (talk) 03:56, 22 July 2024 (UTC)
- I'm not sure "caused many outages, but we cannot be arsed counting" is exactly encyclopedic in tone. Jerdle (talk) 02:18, 24 July 2024 (UTC)
- They were innumerable because they hadn't been counted. It took a while to estimate... kencf0618 (talk) 21:09, 21 July 2024 (UTC)
- Numbers are starting to come through now - approx. 8.5 million devices [3] pcuser42 (talk) 22:22, 20 July 2024 (UTC)
- That's good, I like that. Hopefully we get hard statistics (e.g. "$x devices impacted") in reliable sources, at some stage. I've searched but, unsurprisingly, I see nothing yet beyond guesstimation. GhostOfNoMeme 13:18, 20 July 2024 (UTC)
- We now have the opposite problem – "caused a large number of" understates the impact. Trying better middle path wording:
- "A large number of", perhaps? It seems very difficult to quantify right now. GhostOfNoMeme 06:15, 20 July 2024 (UTC)
- That's a real problem. Wikipedia articles should generally avoid hyperbolic language. I see this as a definition of innumerable: "too many to be counted (often used hyperbolically)". You admit the usage in the article doesn't follow the mathematical sense, so it is hyperbolic and that's unnecessary and just bad. The idea that the crashes can't be counted is also stupid. CrowdStrike knows exactly how many computers received the bad update. Not all of them crashed, but this is a strict upper bound. Using "innumerable" in an encyclopedia article when there is a known upper bound and reasonable estimates on the lower side is simply a very poor choice. 165.189.255.50 (talk) 05:03, 20 July 2024 (UTC)
Responsible Software deployment - Duty of Care
I understand why my previous talk contribution on this matter was archived. This is a hot topic and the talk needs to be kept manageable. However, that also meant I could not work out how to respond to a reply that claimed my concerns were well out of scope of the article. Hence this note.
My concern is that the article does not even consider the wider duty of care that this software incident highlights.
It is probably too early to find out what risk management work was carried out by Crowdstrike that failed to prevent the risk of an incident of the scale and severity of this one. Such work should have generated documentation that would guide and reassure customers and their system administrators of the risks involved.
So it isn’t too early to ask what information and systemic support did Crowdstrike provide to their customers and their administrators to reduce the impact of errors of the type encountered in this major incident.
This is a generic issue that needs addressing across many businesses, especially IT ones, that can deploy changes very quickly at scale.
To help address this, this article could usefully have a section on related risk management, prevention and mitigation approaches.
This section could cross reference articles on related issues such as:
Legal liability for addressing the impact of this incident.
Legal duties of different parties potentially affected by similar major incidents.
Insurance and similar schemes to support legal challenges or compensation.
Concepts such as a duty of care by companies that are relevant here. See:
https://en.m.wikipedia.org/wiki/Duty_of_care
That article refers to Duty of Care Risk Analysis. See:
Though relevant, that Docra work’s level of rigour is seriously compromised by the significant commercial interests that are associated with it.
From my test experience with a large telecoms company, I believe there should have been processes in place to seriously reduce the risk of incidents similar to this one having such a major impact in various sectors of the economy. The danger of large scale rollouts of changes to named pipes causing blue screens that totally broke the software and that automated reboots did not correct the problem is a key example.
For example, the early detection and reporting of problems on large numbers of virtual machines should have delayed or stopped further deployment of this software to less easily managed machines. This strategy clearly had not been seriously considered. CuriousMarkE (talk) 10:42, 23 July 2024 (UTC)
Theories of Liability
Gross Negligence
Lenord French of Lawful Masses has argued that CrowdStrike could be liable under "gross negligence". Unlike simple negligence, you cannot use a contract or terms of service to limit your liability for gross negligence.
CrowdStrike Faces Massive Legal Challenges, Can't Hide Behind Terms of Service - YouTube https://www.youtube.com/watch?v=byZHIoqi8oo 165.225.36.178 (talk) 23:05, 23 July 2024 (UTC)
- Just to be clear, are you proposing a change or suggesting something in particular? If you want this added to the article, locating some reliable sources would be a good first step. Keep in mind talk pages are not forums. GhostOfNoMeme 23:43, 23 July 2024 (UTC)