Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can (and should) want to identify the root cause, without assuming malice.


Of course RCA should be conducted. But malice should be considered a likelihood until ruled out entirely. Without assuming malicious intent, we will overlook many avenues of attack.

Think about it this way. At the present time, CrowdStrike can accept dark money from an entity in order to halt the world's compute capacity in a plausibly deniable way. When the dust settles, they will be found guilty of negligence at most. This will allow this perverse incentive to persist.

If the stakes for bringing down a great deal of American compute infrastructure were greater, this would happen far less often. It is simple economics of risk.

Furthermore, CrowdStrike, being an entity that enjoys access to privileged sales channels thanks to its relationship with the government, is exactly the sort of entity that should be viewed as skeptically as possible, if the interests of the US Government are paramount. Why should the US Government create a small monopoly for CrowdStrike and not expect the strictest controls? That is not only bizarre, it is stupid.

Hope for the best and plan for the worst. That is how an entity should be viewed when it becomes critical to national security.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: