Suicide Linux: How to Live on the Technological Edge

AI art

Recently there was a big brouhaha in the news about a company called CrowdStrike. On July 19th of 2024, this company released an update to their popular Extended Detection and Response (XDR) cybersecurity software. Little did they know this update had an unintended side effect, instantly crashing ALL Windows machines it was installed on.

There was another fun unintended side effect of this update: since this software operated at the kernel level, it was setup to automatically start whenever the system did. This caused what we in the industry like to call a ‘boot loop’, where a computer tries to start up, encounters a problem which causes it to crash, reboots after the crash, encounters the same problem, rinse and repeat.

This update resulted in a major IT outage around the world. Flights all over were grounded and/or delayed. Entire industries had to send employees home because all their computers could do was show this screen:

Affectionately called the “Blue Screen of Death (BSOD)”

Needless to say: it was a big deal. Best of all, it all happened on a Friday, so IT folks around the world had a pretty rough weekend trying to fix affected systems by Monday.

Now many people were quick to criticize CrowdStrike for what they thought was a pretty avoidable accident. I’m here to do the opposite. CrowdStrike was obviously living on the technological edge with their change management process. If I had to guess, a lone developer probably found an issue last minute with their new update (at the time of writing the public doesn’t know the full story yet). “I’ll just go ahead and fix it now” they probably thought. Then they wrote a few lines of code that addressed the issue. “No need to test if the changes are only a few lines” they thought as they clocked out. “What’s the worst that could happen?”

Sounds irresponsible to some, but to me I respect the boldness. I’ll admit, during my software development years I made similar last minute changes (never with a company as big or consequential as CrowdStrike, but I digress).

Today I am here to raise my metaphorical glass to CrowdStrike. As someone that has lived on the technological edge, I must bow before the king. I am but a lowly wannabe when compared to this risk-hungry corporate behemoth. I feel the need for a demonstration, a performative sacrifice at the altar of risk to show my life still occasionally lingers on the precipice of the technological edge. And I know just the thing.

Suicide Linux is a concept which was introduced as a joke in a blog post by ‘qntm’ in 2009. Here is that original post:

Suicide Linux
You know how sometimes if you mistype a filename in Bash, it corrects your spelling and runs the command anyway? Such as when changing directory, or opening a file. I have an idea: Suicide Linux. Any time - any time - you type any remotely incorrect command, the interpreter cre...
https://qntm.org/suicide

The essence of Suicide Linux is simple. Anytime you type a command wrong in the Linux terminal, the system runs the following command in response:

rm -rf /

What does this command mean? Well, it’s actually pretty simple. ‘rm’ stands for ‘remove’, meaning you are deleting things from your computer. ‘-rf’ stands for ‘recursive’ and ‘force’ respectively. Recursive means if this command encounters a directory, then it deletes ALL content within that directory (and all content within directories contained in that directory, etc.). Force means to automatically accept any prompts that require user confirmation before they are executed. Finally ‘/’ represents the base directory on Linux systems, which contains essentially the entire OS.

Essentially, this command translated into plain English is:

“Delete ALL content contained in the base directory of my system, and ALL content contained in directories present in the base directory. Also, don’t ask me confirmation about deleting anything, just DO IT.”

This is equivalent to deleting ‘system32’ on a Windows machine. It’s hilariously awful. I’m going to install it and take it for a spin.

To answer the question a lot of people will ask at this point, no I won’t be overwriting my host OS with Suicide Linux. I’ll be using a virtual machine. Does this count as living on the technological edge if there are no real consequences? Probably not, I’m just hoping I’ll feel a bit of a rush anyways.

Anyway, let’s do it then. In an update to the original blog post, ‘qntm’ posted that Suicide Linux had become a reality in the form of a Debian package:

Here’s the link to that:

Suicide-Linux - Browse Files at SourceForge.net
Encourages users not to misspell commands. Idea from http://qntm.org/suicide. Project modifies terminal configuration such that any…
https://sourceforge.net/projects/suicide-linux/files/
13 other people living on the technological edge this week. Love it.

I’ll download a disc image for the latest version of Ubuntu, a very popular Debian variant, and get it setup on VMWare Workstation. I won’t go through how to do this, I’m sure there are a hundred guides out there on that. Here’s the link to download the Ubuntu image:

Download Ubuntu Desktop | Ubuntu
Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
https://ubuntu.com/download/desktop

Once the disc image is imported into VMWare, I’ll go ahead and launch it

Once Ubuntu is up and running I won’t bother fully setting it up (I have a hunch I won’t be using this system for very long). I’ll go ahead and download the newest Debian ‘Suicide Linux’ package from the link I shared before. Now I need to install it.

That’s pretty easy. I’ll open a terminal, cd into the directory the file got downloaded to (typically “Downloads”) and run the following command:

sudo dpkg -i suicide-linux_1.1-i386.deb

The gun is loaded. Now I’ll close this terminal and open a new one for the changes to fully take effect

Oh boy, it’s getting real. Now before we get started there is one more command I need to run. We need to get a terminal shell as the ‘root’ user. Deleting many sensitive files in Ubuntu will require root permissions, and we’ll likely get errors if we are not ‘root’. This one command should give me what I need:

sudo /bin/bash

Alright the time has come. I hereby issue myself the following challenge, all taking place in this terminal (on the technological edge):

  1. create a new directory called ‘fun_and_stuff’
  1. cd into ‘fun_and_stuff’
  1. echo out “livin’ on the techno edge” into a file called ‘dogmatic-energies.txt’
  1. change the permissions of the file ‘dogmatic-energies.txt’ to 745
  1. copy the file ‘dogmatic-energies.txt’ into a new file called ‘assimilation_strategy.txt’
  1. print out the contents of ‘assimiliation_strategy.txt’ to the terminal, but filter on the character ‘x’

That should do it. There are a few rules I must follow during all this:

  1. I cannot use any kind of terminal autocomplete (tab key)
  1. I must do all this in under 60 seconds
  1. I cannot use the backspace key
  1. I cannot look at the screen to see what I am typing
  1. I must do this all with one command
  1. If time expires, I must press ‘enter’ on whatever I have

Game on:

What a rush. As you can tell, I kind of gave up there at the end. It’s a bit trickier than it sounds. Also, didn’t think you’d see a snuff film for a computer OS in this article now did you? Watching an OS die in real time is pretty fascinating. The poor thing goes out with what I imagine is a digital whimper. These are the kinds of things that happen on the technological edge.

In all seriousness, I think both the CrowdStrike outage and Suicide Linux can teach us a few things. For one it is easy to blame the developer (or developers, unknown right now) that pushed out the bad CrowdStrike update. Similarly, it’s easy to blame the person that runs a bad command on a Suicide Linux machine for bricking the whole OS. I won’t disagree, those people carry some blame for the end result.

You must think though, how is it that bad updates/commands are allowed in the first place? Shouldn’t there be a process to detect and stop bad updates/commands from occurring at all? At CrowdStrike, that would be the Quality Assurance (QA) process. On Linux, that would likely be the actual shell binary. If a bad update/command does get through, what safeguards are in place to safely recover/rollback? Error handling comes to mind on both fronts (kernel-level programs may require some extra considerations, I’m not an expert on that subject).

My point is, blame in both CrowdStrike 2024 and Suicide Linux must be shared. Who allowed untested changes to be pushed into production on a kernel-level application, and if there was a process in place to prevent this how was it bypassed? Who decided to install such a dumbass OS (Suicide Linux) on any computer? Who hired the people that made both of those stupid decisions? Who is running the companies/systems at the top level where these kinds of decisions are being made? CrowdStrike 2024 and Suicide Linux both represent a big fat L for everyone involved, not just those that wrote the code.

That’s just my two cents. I may be a little biased though considering I am a former software developer. Oh well. Stay mad haters. Anyway, have a good day, I’ll see you in the next one.