Huawei's Android-free PC alternative for Windows will reportedly ship later this year with a macOS-inspired design

GraniteStateColin said:

People outside China should not use an operating system from China. This is a national security risk. Just as long-standing exploits are found years later in Windows, Linux, and even Cisco hardware, holes and exploits that are known to the Chinese government can be buried in any of the Chinese equipment or software without being found by researchers in other countries.

China can, and we should assume will, use these to gather information on people in other countries, use them to deliver malware to other systems on the network, or have it as a trigger where they can crush the communication infrastructure in other countries in the event of a conflict. Hopefully, none of these will ever matter or happen, but because of the risk, unless you live in China, you should avoid Chinese tech devices and software, especially if you live in a country known to have a potentially adversarial relationship with China, like the U.S., Taiwan, India, and other such countries.

This simply didn't age well. It seems Microsoft is the biggest risk to your business out there at the moment with banks, airlines and governments out of service right now. When the dust settles from the last few days we will likely see a very different ways of working landscape where productivity will move away from OSes to SaaS services, so customers are able to continue operating when their unreliable operating system fails them. It's also less likely they will pander to the whims of cyber security, given end-point protection has cost most companies more money over the last few days than they could have ever potentially saved.

praz01 said:

This simply didn't age well. It seems Microsoft is the biggest risk to your business out there at the moment with banks, airlines and governments out of service right now. When the dust settles from the last few days we will likely see a very different ways of working landscape where productivity will move away from OSes to SaaS services, so customers are able to continue operating when their unreliable operating system fails them. It's also less likely they will pander to the whims of cyber security, given end-point protection has cost most companies more money over the last few days than they could have ever potentially saved.

A common day one reaction.

Unfortunately, the facts don't bear this out.

The issue has nothing to do with the OS but with poor quality control at CLOUDSTRIKE, which led to this (previously) trusted supplier of mission-critical software deploying a corrupted/bad updated kernel level driver that prevented the OS from completing bootup.

As it turns out, the OS itself offers a simple fix: boot up in local-only Safe mode and using Recovery roll back the system to the last known good configuration, or if you don't have recovery files (a bad practice, generally) manually delete the corrupt file.

This kind of issue has nothing to do with the idea of local computing or anything other than GIGO and quality control. It happens all the time with software on all platforms including SAAS products. (Hosting services suffer their own outages regularly.)

Pretending that orgs should abandon local server systems in a full embrace of remote mainframes is no different that claiming the ISS must be abandoned because Boeing's STARLINER QA produced a buggy flawed vehicle.

You might be justified in switching to a different mission critical software supplier or use more than one supplier (as NASA does in the access to space sector) but not in abandoning an effective system. You just need better risk mitigation policies.

For single user systems, this means things like automated cloud backup and recovery files. There are no silver bullets and no bulletproof solution. Just good risk mitigation.

GIGO rules.

fjtorres5591 said:

A common day one reaction.

Unfortunately, the facts don't bear this out.

The issue has nothing to do with the OS but with poor quality control at CLOUDSTRIKE, which led to this (previously) trusted supplier of mission-critical software deploying a corrupted/bad updated kernel level driver that prevented the OS from completing bootup.

As it turns out, the OS itself offers a simple fix: boot up in local-only Safe mode and using Recovery roll back the system to the last known good configuration, or if you don't have recovery files (a bad practice, generally) manually delete the corrupt file.

This kind of issue has nothing to do with the idea of local computing or anything other than GIGO and quality control. It happens all the time with software on all platforms including SAAS products. (Hosting services suffer their own outages regularly.)

Pretending that orgs should abandon local server systems in a full embrace of remote mainframes is no different that claiming the ISS must be abandoned because Boeing's STARLINER QA produced a buggy flawed vehicle.

You might be justified in switching to a different mission critical software supplier or use more than one supplier (as NASA does in the access to space sector) but not in abandoning an effective system. You just need better risk mitigation policies.

For single user systems, this means things like automated cloud backup and recovery files. There are no silver bullets and no bulletproof solution. Just good risk mitigation.

GIGO rules.

I couldn't work out the point you were driving at but I got the general feeling that you think that it will return to business as usual. I couldn't disagree more. When you're dealing with an incident of this magnitude there is one thing that is for certain. Things will change! 8 million computers were affected most at enterprise level. When I return to work tomorrow, the following will take place in the following order.
1. Impact assessment to understand which systems are still not operational. The workaround you mentioned is not a solution across a fleet of 10000 systems. Also LKGC doesn't fix this, you have to go down recovery option then delete offending files. Critical systems will hopefully be back up now but it's going to be weeks before everything is back up.
2. Review of compensation to recoup losses. Any back up strategies RTO/RPO would not have mitigated operational downtime of this magnitude. All redundancies were out as well. For realtime data systems such as financial services the RTO/RPO is unacceptable. Only Mac and Linux systems were unaffected.
3. Tactical controls will be drafted. Staggered rollout of updates. DR kept back from latest/greatest release. Better SLAs with vendors. Etc.
4. Strategic planning and risk assessment where expensive consultants will be bought in who will look at the data and identify that organisations that decentralised their IT systems and adopted modern ways of working came out on top will recommend just that. Tell me one SaaS service that was down (you said SaaS services aren't immune).

So in short there will be divestment away from OS based productivity in favour of SaaS. E.g. migration from SAP to Salesforce ERP.

GraniteStateColin said:

People outside China should not use an operating system from China. This is a national security risk. Just as long-standing exploits are found years later in Windows, Linux, and even Cisco hardware, holes and exploits that are known to the Chinese government can be buried in any of the Chinese equipment or software without being found by researchers in other countries.

China can, and we should assume will, use these to gather information on people in other countries, use them to deliver malware to other systems on the network, or have it as a trigger where they can crush the communication infrastructure in other countries in the event of a conflict. Hopefully, none of these will ever matter or happen, but because of the risk, unless you live in China, you should avoid Chinese tech devices and software, especially if you live in a country known to have a potentially adversarial relationship with China, like the U.S., Taiwan, India, and other such countries.

However, China is an important business partner in many countries, especially — but not exclusively — in Africa. Added the fact there is a strong isolationism movement in the US, there is a chance to a China made OS find a breach into international market.

Regarding the possibility of Chinese spying in your computer, many cases of CIA shenanigans kind of weaken the case for US developed software.

I can finally give my data to the chinease instead of having americans monopolising them.
At any rate, this will be good if anything because China's massive size means it will have a huge market share and finally give Microsoft some credible copetition.

praz01 said:

This simply didn't age well. It seems Microsoft is the biggest risk to your business out there at the moment with banks, airlines and governments out of service right now. When the dust settles from the last few days we will likely see a very different ways of working landscape where productivity will move away from OSes to SaaS services, so customers are able to continue operating when their unreliable operating system fails them. It's also less likely they will pander to the whims of cyber security, given end-point protection has cost most companies more money over the last few days than they could have ever potentially saved.

Wrong. CrowdStrike was at fault. In fact, it may even be that the only reason CrowdStrike was able to cause this problem is because the EU (in a somewhat China-like action) didn't let MS keep the security locked down, forcing them to open this up to competitors. You can argue that there are benefits to the forced opening of parts of the OS and government meddling, but there are also downsides as what just happened with CrowdStrike.