Current Events

Greetings and welcome to the summer edition of Barefoot Bytes, our monthly(ish) newsletter that opines on all things business, software, marketing, and data science. In this edition I’ll be covering my take on some major recent events. Just about every day this month there have been incidents, releases, announcements and more, each one with massive implications. So let’s take stock.

CrowdStuck

On July 19th, Windows machines across the globe received an automatic update from cybersecurity firm CrowdStrike which led to the blue screen of death on millions (~8.5M) of devices and caused?the largest IT outage in history . The sticking point on this one was that they couldn’t just roll it back. It required a manual reboot into safe mode and doing some work on the command line to get them back online. This included transcribing a unique 48-character BitLocker recovery key. On 8.5M computers. Does anyone remember where we keep our recovery key? On?another?Windows PC? Uh oh…

I happened to be flying across the country on this fateful day. Here’s a fuzzy picture I took of the departures board. Yellow is delayed and red is canceled.

An hour later and that board was blood red. Hats off to Breeze for being one of only a few airlines that managed to get planes in the air that day. They went full analog. Here’s my handwritten boarding pass which looks to be a Xerox borrowed from some other airline with the logo blacked out with a sharpie. You can’t make this stuff up.

In their?post-incident report , CrowdStrike reports that they will be adding some additional testing steps, which include:

• Local developer testing
• Content update and rollback testing
• Stress testing, fuzzing and fault injection
• Stability testing

Wait what? They weren’t doing this stuff already? At Barefoot we do this stuff when releasing basically anything. I’d like to think if we were releasing an update that is critical to global infrastructure, we would continue those practices and maybe even beef them up a bit. This is nothing short of gross negligence. I predict the CEO is out, massive lawsuits will be filed, political grandstanding will continue, but no meaningful regulations will result in the US.

More importantly, this highlights how fragile and vulnerable our infrastructure has become. I’m hopeful that the systems built and managed by the Federal government maintain cyber resilience, although?Volt Typhoon ?gives me pause on even that. But there is a segment of our mission critical infrastructure run by companies, born out of fast-paced startup culture, with little oversight. Russia and China are well aware of this, and are shoring up their vulnerabilities. They were largely unaffected by this outage.

Also, any engineer worth his salt knows, never release to production on a Friday. They were asking for it.

Llama 3.1

Keeping up with new model releases has become nearly impossible. Each version beats some other model on some sort of benchmark. Even the benchmarks are competing with new benchmarks getting released regularly.

But this one really matters. With the release of Meta’s Llama 3.1 we have what is probably the first?open source,?frontier?model. Frontier model meaning that it’s state-of-the-art and competes with ChatGPT-4o and other leading models in certain areas. Open source means that it is free to use as you see fit. This allows startups, hackers, academics, businesses, governments, and anyone else to develop their own fine-tuned models without a controlling overlord like OpenAI. Think of ChatGPT vs Llama like iOS vs Android. Llama is still inferior to ChatGPT in a number of ways however, including no image generation, no web browsing, and no training data beyond 2021. But because it’s open source, those limitations can be addressed by third party developers if needed for their use case.

Aside from the practical implications, this is just a positive thing for mankind. It’s scary to think of a future where the most powerful AI models are controlled by a few powerful megacorps. Llama and other open source models represent the democratization of this technology. This can also speed up the rate of innovation, security, and more. OpenAI engineers and data scientists are working on ChatGPT.?Any?engineer or data scientist can work on Llama. Here is Zuck’s?open letter ?if you’d like to learn more. This does also put powerful technology in the hands of potential bad actors. We are going to need a global coalition of like-minded countries, partnered with companies, to govern this technology and protect the world from bad actors and authoritarian governments. Sam Altman’s take?here .?

If you want to take Llama for a spin, here’s how to install it on?MacOS ?or?Windows .

Cookies are dead. Long live cookies!

In 2020, Google announced that they were going to deprecate third party cookies to improve privacy in Chrome, which is the world’s most popular web browser. This rocked the advertising world as it relies heavily on cookies for tracking and targeting. Massive changes in the ecosystem have happened as a result of that announcement, with companies pivoting to first party data and startups forming just to innovate on cookie-less tracking. Apple, Meta and others rolled out massive privacy measures that severely hurt publishers and other advertisers.

Then last week Google said, nah we’re not going to do that (not a direct quote).

So what does this mean for publishers and other advertisers? In the short run, it alleviates a lot of the urgency and sense of impending doom that was cookie deprecation day. But looking further out, advertisers should be staying the course. Third party cookies are already a terrible tracking solution, so developing more robust solutions not reliant on cookies is still critical for the future of digital advertising.

The Through Line: Resilience

I spend summers in Virginia Beach, which is part of a larger group of cities in southeastern Virginia we call Hampton Roads. It’s one of the most at-risk areas for flooding, sinking, and other coastal climate change implications in the next 30 years. So there is a lot of talk and action around here about coastal resilience. For us that means preparing for both the more gradual impact of climate change (like entire neighborhoods under water) as well as the potentially immediate impact of severe weather events (like the first tornado in 100 years that hit last summer).

This edition of the newsletter focused on some recent events, which is not typical for us. So why did I choose to write about them? Well these events happened in the course of?5 days. There are more that I didn’t write about but will have a similar impact. What’s becoming increasingly evident is the growing importance of technology resilience.

Resilience is normally thought about in terms of cybersecurity, outages, and the like. But future-proofing should also be a consideration. Similar to climate change, to maintain tech resilience, we need to think about the natural pace of innovation and change, like the Llama 3.1 release, as well as severe tech events, like the CrowdStrike incident. So looking through the lens of resilience, here’s how it applies to the three events above:

CrowdStrike: This was a tremendous failure from CrowdStrike. Delta Airlines hasn’t fully recovered and reports a loss of $500M+. But a very impressive feat of resilience from Breeze Airlines.

Llama 3.1: For organizations that have built a large system which relies very specifically on ChatGPT, for example, it will be costly to take advantage of Llama. But if you built it in an LLM-agnostic manner, you could easily swap out models to take advantage of both models.

Cookies: Smart companies had plans for cookie deprecation, as well as a future where it didn’t happened. They were better positioned than firms that went all in on Google’s Privacy Sandbox (the proposed replacement of cookies), for example. How do you make your company more technology resilient? Start with this?whitepaper from McKinsey .

Bytes

• I wanted to see a timeline of all the major LLM releases in 2024 while researching for this newsletter. Struck out on Google while ChatGPT nailed it. Don’t worry Google, if I need a restaurant menu I’ll still come ask you.
• OpenAI announced?SearchGPT ?is in beta testing. It will be interesting to see if Perplexity can compete.
• OpenAI also announced their GPT-4o Mini which is 60% cheaper than 3.5. Good news for developers. Let’s hope there’s a race to the bottom on cost.
• Gemini 1.5 Pro crushed all benchmarks and is currently the best LLM available. That was fast.
• California put?42 million car titles ?on the Avalanche blockchain network. About time.

It’s been an absolutely wild summer in terms of technology and I don’t see any signs of slowing down. This weekend I’m going to unplug and get out on the water. If you need me, send a carrier pigeon.

Hunter Jensen Barefoot Solutions, CEO