I started writing about something in the comment section, but I decided it’s relevant enough to make it an article.
The CrowdStrike event looks like a very mild example of something I’ve been worrying about for years, namely a widespread systemic persistent IT outage that puts payment systems worldwide out of commission.
Basically, everybody is using digital payment for everything these days, so what happens if it all goes out for some reason? Oh, you’ll use cash. You mean, the ATM is going to work? No it isn’t. You mean, you have cash and will just use it? You mean, the cash register computer will not be afflicted, and the cashier will be willing to take your money without the ability to print out the invoice and register the transaction? Or will all the stores close until this is dealt with? In which case you will have to rely on whatever food and hygienic/medical supplies you have at your place, because you’ve been prepping? Oh wait, you’ve been prepping but since nothing happened you just consumed all the stuff and there isn’t any now? Yeah, that.
I mean, the first level of preparing for an IT outage is to have an air-gapped spare laptop stashed in some drawer, with Linux/Windows dual boot in case one of those two is the cause of failure, but the next question is, what do you connect to, if the cause of the problem is general, so the telecoms are down, banks are down, online services are down, AWS/Azure can’t process your credit card so it locks you out of your servers, GoDaddy is down so you can’t transfer your domains somewhere out of the afflicted area, or DNS is down so you can’t reach anything, or the satellites are down so Starlink doesn’t work. And let’s say it’s something really major so the consequences take so long to clear, there’s serious breakdown of services everywhere.
The first answer everybody has to this is something along the lines of “it’s unlikely that all the computer systems will go out at once”. True, it’s unlikely, but it was also previously unseen that all the enterprise win10 machines go out at once and half the world gets instantly paralyzed. Those machines aren’t independent. Microsoft enforces push updates, and the big corporations have unified IT policies which means they all enforce updates to all their machines. Also, everybody seems to run Windows, which means it’s no longer necessary for an attack vector or a blunder to target billions of computers independently, because it’s a single failure that can propagate from a single point and instantly take down enough of the network that the rest have nothing to connect to.
Also, there have recently been revelations that OpenSSL had severe vulnerabilities. The vast majority of Internet infrastructure uses OpenSSL. A systemic vulnerability that can be targeted everywhere means… you tell me.
Someone will say that people would adapt, and my answer is, what does that even mean? Every single store I’ve been in for the last decade or so uses bar-code readers to scan items, and then the computer pulls out the item data, most notably the price, from the database, so that the cashier can charge you. More recently, all those computers are required to connect to the state tax service where every bill needs to be “fiscalised” for taxation purposes. If Internet fails, the cash register can’t “fiscalise” bills and that’s going to be a problem. If the cash register is out because it’s always a Windows machine and you saw what can happen to those, and it’s connected to the Internet or the “fiscalisation” won’t work, the cashier won’t be able to tell how much the item you want to purchase costs and thus won’t be able to charge you. They don’t have prices on items anymore, like they did in the ‘80s. Everything is in the database.
Some say, run Linux, or buy a Mac. Great, but it doesn’t actually solve anything, because if every Enterprise and most smaller companies run everything on Windows, and those computers all bluescreen, what are you going to connect to, with your Linux PC? How does your computer even matter if you go to a store and you can’t buy anything, and how does it matter if you try to go online and most of everything is down, because OpenSSL has been attacked by something that gets root permissions on your computer and encrypts its filesystem?
I’ve been recently thinking that Internet isn’t so much a framework for connecting computers, but really a separate plane of existence. When I’m using my computer, I’m not really on an island in Croatia, I’m on the Internet. Imagine all the beings that exist in the physical world, but without an Internet connection, like trees, birds, cats and so on. In order to interact with them or even perceive them, you need to switch planes of existence, between physical world and the Internet. However, some aspects of the physical world, like our civilization for instance, have been abstracted into the Internet to such a degree that you can’t even use them anymore if you don’t have access to all kinds of Internet-based infrastructure, which is not currently perceived as a problem, but might become one really fast if something fundamental breaks down with the Internet.
Also, if a nefarious government or a corporation wants to lock you out of the Internet for “non-compliance”, you are really fucked, which makes it a really big sword of Damocles hanging over our heads, forcing everybody to be good and obedient slaves.
Also, I keep criticising the mentality of installing Linux and thinking you're now safe and fine while others are fucked. If that looked like the way to avoid bad shit that is in our way, I'd have everything on Linux already. In fact, I do – I have a Linux laptop and a Linux desktop completely set up, I can turn them on and switch instantly. I keep them updated just for shits and giggles. I basically refurbished my old Zenbook to run Ubuntu, and I got a Intel 8th gen mini PC off ebay for ridiculously cheap money and installed Debian 12 desktop. Basically, if something happens that would make my primary computers, which are Macs, unusable, I'd be back online under Linux within seconds. I have this setup as cheap insurance, so that I don't smack my head for not doing it if something actually happens that could be solved that easily, but I think it's a wasted effort, regardless.
I think prices are still required to be physically present on shelf or product label.
So, clothing will have a price on a label and shelf products will have price on a shelf – so that should not be an issue.
As for fiscalization – you can work offline and then connect to service later. Fiscalization service was unavailable on quite many occasions, so such ability was required from the very start.
So, there is no issue if store computer works and it can not connect to outside service, but I do not think there is any fallback in case store computer does not work – smaller stores can fallback to writing manual invoices and fiscalize it later – but bigger stores would simply close until problem is resolved.
However – MOST people does not have cash outside the system, nor have any supplies whatsoever because most of them does not perceive such a disruption as even a possibility.
For instance, ask any Bitcoin fanatic – they will respond: It is impossible for entire internet to go down. Right.
I can understand the illusion – I mean, some of them invested their homes into Bitcoin – dead internet simply isn't an option for them.
It was quite evident how things will play out this summer when there was electrical outage in entire southern Croatia, including islands.
Split was instantly chaotic and biggest imminent concern was "all our ice cream melted, the world will end".
That alone tells enough where people minds are and how they are ready for anything else than melted ice cream.
"As for fiscalization – you can work offline and then connect to service later. " – I absolutely assume that all small stores and private sellers will instantly dispense with the state and all its requirements and conduct sales the way fishermen sell fish directly from the boat here. They have a scale, they weigh it, tell you the price and you give them cash. Everything would work like that, or not at all.
Which means that all those big stores where most people buy most things would not work at all, and they already drove most small "mom and pop" stores into bankruptcy, so there's nothing to fall back to. There would be major shortages and chaos. And people would run out of cash quickly, and then start selling their belongings on the flea market to get more cash.
That, of course, is a prediction for a long-term or permanent outage. However, what I'm actually prepping for is a short- to mid-term outage, a week to a month. That's something that's very likely in the near future, and it's also something that's very easy to be prepared for, but also, unfortunately, something almost nobody is prepared for, except of course people in the countryside who can grow their own food and are mostly independent of the urban supply chain for their day-to-day needs.
Well, as far as I know, people here, in Dalmatia, have supplies for at least a month, probably more. Most of them have land and house's in the local countryside, or on the island, a good number of them have some kind of garden, olive trees, vineyard. And that doesn't just go for the people in small places, but relatively big cities, like Split.
Maybe Zagreb is worse off, because it's been urbanized for too long.
Sure, many people in Dalmatia live out of tourism, but a good part of those people still tend to diversify their income with other side quest type of jobs.