[10853] in bugtraq
Re: Diversity
daemon@ATHENA.MIT.EDU (Ethan Benatan)
Fri Jun 18 12:49:07 1999
Message-Id: <199906181355.NAA29794@antimony.cs.pitt.edu>
Date: Fri, 18 Jun 1999 13:55:43 GMT
Reply-To: Ethan Benatan <ethan+@pitt.edu>
From: Ethan Benatan <ethan+@PITT.EDU>
X-To: avelon@EMIT.PL
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199906170811.KAA15367@mail.emit.pl> (message from Ian Carr-de
Avelon on Thu, 17 Jun 1999 10:11:52 +0200)
>>> "Ian" == Ian Carr-de Avelon <avelon@EMIT.PL> writes:
>> Diversity makes for resilience, and vice versa. Okay aleph, it's
>> not a bug but it is a way we should be thinking.
Ian> We can think about it, but what can we do about it? Just as in
Ian> farming there are reasons why we have the monoculture, and just
Ian> like they buy more pesticides, we buy virus scanners to fix our
Ian> solution rather than designing another solution.
Very true, but just because it *is* doesn't mean that's the only way
it *can be*. Monoculture of IT infrastructure is a recent trend, even
in the short history of computing (the same holds true in agriculture,
incidentally). What we can do is promote diversity. The reason
monoculture is so persuasive is that it promises greater short term
efficiency--and it tends to deliver it, too. It takes a long-term
view to realize that the costs will probably outweigh the benefits,
and our culture is really bad at long-term views. (Evolution is really
good at long-term views, which is why the biological analogy is a good
one to learn from.)
We are not powerless! It is however true that if you are driven only
by this quarter's bottom line, you are not likely to change the world.
Ian> In fact we have
Ian> even less ability to move away from it than farming. If a farmer
Ian> bucks the trend and therebye has a crop when the neighbours have
Ian> none, he has an advantage. If I don't buy CISCO, maybe there
Ian> will be some time when my router works but the whole net is down
Ian> with IOS exploits.
Good point. What we really need is to keep compatibility without the
global vulnerability, which is absolutely possible (my Mac users
didn't have to blink at explore or melissa, for instance--but they can
exchange mail with anyone on the net). Biologically, I can eat corn
but I don't succumb to weevils (if that seems an inappropriate
analogy, think harder about it! corn and I exchange nutrients, not
email messages).
Ian> You want no
Ian> connections between like equipment, but always have network
Ian> connectivity if one type of equipment is down.
No. Connections are vital: it's the lack of diversity that makes for
vulnerability. What I want is diversity. The trend is reversible:
look at what is happening with organic agriculture. Microsoft,
Monsanto--they need not rule the world, though they try.
Ethan
