Slashdot Mirror
The Software Monoculture
balster neb writes "CNET News.com has a piece titled 'Seeds of Destruction' on monoculture in software and its effect on security. The article talks about similarities between software attacks such as last year's MSBlast, and agricultural catastrophes such as the Irish Potato Famine. Isn't this another good argument against monopolies?"
"Isn't this another good argument against monopolies?"
The answer is yes, or maybe no.
Call me a complainer, but I really don't like the Slashdot postings that end with such vague questions.
Isn't this another good argument against monopolies?"
In a very near sighted way, yes. But we are talking about mono-cultures here, which is a bit more broad than that. And, something that the linux crowd will want to be wary of.
With all the momentum behind linux right now, it could soon find itself faced with the same problems MS is faced with. While I don't doubt the ability of the linux folks to find better solutions than MS did, it is still a concern that people should be aware of.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
C|Net. C|Net run. C|Net run and bite the hand that feeds it. Bad C|Net, bad!
I watched C-beams glitter in the dark near the Tannhauser gate.
Luckily there's a remedy for both... Guinness
We should hide from everything that we can't micromanage. Obviously we're moving too fast. Remember the tortise and the hare..
Bah..
"Seeds of Destruction" sounds like a typical aspect of nerd monoculture allright.
How many do we need? I thought we already had enough arguments.
Monopolies... what is this about? Is it good or is it whack?
A simple whois at nic.cx reveals this:
I guess they have been shutdown, and based on Registrar Lock, I doubt you'd be able to register it.
Isn't this another good argument against monopolies?
You could use the same argument against "standards." But you wouldn't. Yes, if everything were made completely different from everything else, sure, it would be harder to mount large scale attacks against anything. You would have to tailor your exploit to all of the different architectures you are interested in. The downside of course is that you will have thousands of people constantly working on different designs for the same wheel. Promoting diversity within even a company like Microsoft would likely accomplish the same thing, but once again, would be highly impractical.
Potato famine was not deliberate - it was caused by a microorganism. Both the hack and the monopoly are socially constructed. Science can fight the former, but not the latter.
Of course, it is obvious that no computer virus has caused loss of human life (yet). However, it is probably only a matter of time until a virus or computer bug causes a massive loss of human life. Due to our huge reliance on computers, and due to the fact that 90% of the computers out there are running the same OS (including some of those that control critical infrastructures like 911, nuclear reactors, etc), the frightening implication is that in the event of a loss of life, it could be much, much worse than the Irish Potato Famine.
These same talking heads that are in such a tizzy would stick a cork in it the second Linux or Mac became a force on the desktop. Whoever was on top would suffer the same fate. Most of these diatribes are simply thinly-veiled attacks against Microsoft under the guise of being thoughtful. Microsoft has problems (and they are slowly awakening to them) but Linux would not be immune to being caught with its pants down if every drooling, sociopath was targeting it.
Coming soon: The Irish Potato Virus!
Kierthos
Mr. Hu is not a ninja.
Prevent email address forgery. Publish SPF records for y
To add to michael's point, Jonathan Wignall made an excellent presentation(sorry it's PPT) at DefCon 11 last year about how we could fight network worms.
He basically concluded that we could not launch counter worms (like ones that would patch vulnerable Windows systems). The best solution was to diversify the OS we have our servers running on. A worm can spread in a matter of minutes as the creator of the worm usually chooses a set of powerful vulnerable machines as his first hit.
Some OS like to keep things more open and easy to configure like Windows 2k server, which showed a whole in MS SQL server 2K in which the DB could be accessed over the net. As a network admin you just needed to keep your DB firewalled and things would have been ok. Other OS like Solaris are more of a pain to configure but usually leave less stuff open.
It is not enough to have a good mind. The main thing is to use it well. - Rene Descartes (1637)
"People have brought over species that we didn't expect here, just like people have created viruses that Microsoft didn't expect to deal with," said Jeff Dukes, professor of biology at the University of Massachusetts at Boston, who studies diversity and growth in ecological systems. "These introduced species have had a major impact on our forest and have knocked out entire species."
Excuse me, but how can you compare a biological occurrance to a technological occurrance? There are too many variables in the biological virus. Or can you in fact make a definite comparison?
Saying people created viruses Microsoft didn't expect to deal with is bogus. That's a cop-out.
Microsoft was well aware of many of it's security holes. It's been going on for years.
There is a significant difference between what's happening in computer security and the potato famine. They didn't know any better than to farm without diversity at the time. We've learned a great deal about agriculture and soil conservation since then... the famine itself was one large, nasty lesson.
The big difference wrt computer security is that we *do* know better and are still failing to get it right! The phone "Phreaks" from decades past should have taught us a lesson (not to mention the telco's of the time). The Morris Worm should have been a giant, looming reminder of security and secure programming practices and the internet became more ubiquitous and our economic dependence on it greater... but we (producers of software everywhere) still keep f-ing it up!
The writing is on the wall, has been there for a long time and it needs to be heeded.
I think that this concept also applies to BIND.
Most DNS servers run either ISC BIND, or a package based on BIND source. Although I am a hostmaster and respect BIND, I often wonder if this isn't one of the reasons that DNS is such a prime hacker target.
It seems clear that even with this example of an open-source program (although it's not GPL), groups prefer to avoid the cost of development at the expense of security (via the same monoculture argument). I've asked DNS appliance vendors this question (while they're trying to sell me on their product's security), and it's clear that they've never seriously considered the issue.
"People have brought over species that we didn't expect here, just like people have created viruses that Microsoft didn't expect to deal with"
The difference here is that we have US Customs doing its best to stop people bringing forigne species over. If US Customs did things like Microsoft, they would hand out culture dishes to exicute your Windows Script code on and implant your cultures into the environment w/o asking the end user.
It's funny how a company can leave holes in everything, let people get used to being insecure, then tout fixing the problems as an innovation.
I was under the impression that computer "viruses" were named viruses because they were similar to biological viruses. If this is the case then how are plants "an unlikely source" source, and how is the relation between computer viruses and biological viruses news?
Couldn't this same argument be applied to omnipresent standards and not just monopolies? If everyone uses TCP/IP and a security flaw is found in it, doesn't that amount to the same type of security threat?
:)
And yes I'm playing devil's advocate, but it's a slow morning
I went to the city because I wished to live without deliberation.
Comparing the potato famine and MSBlast is a fucking joke. Whoever comes up with these analogies needs to learn how to communicate better and find more creative uses for their time than to post thinly veiled attacks at Microsoft.
Give it up already.
Yes. It's an argument against monopolies. But it's also an argument against standards and any kind of compatibility.
With the good comes the bad.
There's this new Irish restaurant being built in downtown Boston. They're going to serve 7-course gourmet Irish meals.
Everyone coming in the door gets a potato and a six pack...
The article glossed over the heart of the matter...
...except for that brief mention. The English were the ones that killed the Irish, because they demanded payment in food, even when the Irish could not pay.
Most of it, however, was intended for export to England.
To liken the conditions of the software industry to the Irish Potato(e) famine is ridiculous. To whom or what is the industry beholden to? If we cannot produce code will we starve to death? Is someone occupying our cities and towns, threatening our lives if our code fails to compile? I'm not Irish, (though I do like potatoes), but please think again before you make analogies such as these.
Sig Hire!
This isn't really a new argument. Marcus Ranum's web site, for example, contains a counterargument, links to articles discussing arguments for and against, a link to the paper by Dan Geer that brought the monoculture argument into the limelight, and some sarcastic comments on the new monoculture study that the C|Net article mentions. ("$750,000 to sit around and whine about Microsoft? How do I get a gig like that?!")
There is still no substitution for good (that is with the security in mind) programming practices. And of course readily available information about vulnerabilities.
I think it matters not that much if you have 90% boxes on the net running windows (God forbid, really!) and 10% of "others". Or it breaks down different way. Nmap does very good job identifying remote operating system nowdays. So for a persistent and dedicated cracker it should not matter that much if you have a "monoculture" or big veriety of OSes. The only difference, i think, would be that in "monoculture" environment scrip kiddies would be more successfull.
- Back off man. I am a scientist
Boardwalk and Park Place rule! Potatoes have nothing to do with this! And, yes, buy the railroads, you'll need the income.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Admittedly, this is off-topic. But I did my Ph.D. on the stuff and comments like that perturb me!
It is a common misconception that the disease known as late blight, caused by the Oomycete (Phytophthora infestans) "caused" the Irish potato famine. Yes it is true that the Irish were growing only a few varieties of potato (monoculture), but the REAL reason was the socio-economic structure put in place by those bastard English. Essentially, most of the Irish farmers (which was damn near everyone), "rented" the land from rich English landowners. This meant that they grew vegetables, wheat, etc. to pay for the rent, and grew potatoes for food because they stored well. Late blight reduces crop yield both before harvest (lost foliage) and after harvest (tuber rot), and by removing potatoes as a food source, the Irish began starving. The English did nothing to help the them during this time. In fact, the rental system stayed in place throughout the whole famine.
The fact is that copyrights, the "right" restrict what other people copy, is an inherent restriction on peoples freedom. And leads to similar problems.
To make my point very clear: British theft of Irish land and the systematic exclusion of the Irish from all occupations except farming and laboring meant that the only crop which was high-yield enough to be viable on the tiny plots of land left to the Irish was the potato.
All during the famine Ireland exported corn grown on the landlord-owned estates to Britain.
I realize that this isn't the central point of the post, but the phrasing implies a foolish choice on the part of those who suffered from the forced monopoly.
In organic farming monoculture is anathema. Having a variety of species in the same field reduces exposure to disease. It is more work to farm like this so the product is more expensive but of better quality. The same can be applied to network running open source software, more work to properly maintain but more secure.
@s- - Over the years we have received numerous complaints of this domain's .cx board met and revised all .cx policies (December .cx policies that has not changed is that each domainr eement.pdf [www.nic.cx]).
@s- - content, but no person filee an AUP violation form against the
@s- - domain. Recently the
@s- - 2003). One of the
@s- - holder is required to review the policies every thirty days and make sure
@s- - their domain is in compliance (Please read part 1, page 2 of
@s- - http://www.nic.cx/policies/pdf/cx.registration.ag
@s- -
@s- - We do not review web sites and cannot ensure every domain holder is in
@s- - compliance. But, if a domain is brought to our attention that fails to
@s- - comply with our policies, we reserve the right to suspend the domain.
@s- -
@s- - I am unclear if you change the content, the suspension might be
@s- - revoked. If you are considering this option, please send a note of inquiry
@s- - to info@nic.cx.
@s- -
@s- - Best Wishes,
@s- -
@s- - Elaine Pruis
You can almost always compare diversity vs. monoculture and find pros on both sides. 1) Pro diversity means that you are more resistant to attack, due to the differing functions and implementations of software functions, but a definate additional complexity to managing a network, where each node may behave slightly differently 2) Pro monoculture means that you will be much more certain of having the same effect on every node on your network, thus making changes and amangement much easier. But, this comes at the cost of being vulnerable to the same risks, as well as being constrained feature wise. If you use only one product, and that product doesn't have feature X, then, if you are unwilling to implement a compeditor to the product, you are stuck without feature X. One item that I like to think of when considering this issue is the consolidation of network protocols: Originally you had SNA, DECNET, TCPIP, etc, etc, all seperate, distinct, and relatively equal. This meant that it was pretty hard for any single virus/worm to spread between the different networks. Eventually, TCP/IP has dominated the networking space, thus on the plus side allowing for easy interconnection between us all, but at the price that an attack is now easily spread by all who are connected to the network, as almost all are implementing the same standards.
--- It's not my fault this post looks redundant. I just type too slow.
Monocultures in software pose a big threat in stability and vulnerability, but can that be extended to an OS-os? The transparency makes the response to the threats fairly immediate and well known.
Quite frankly, I think monocultures are unavoidable in many circumstances, as the best/fastest/cheapest/most efficient application will always be the widest adopted; Who will take the brunt of not having the b/f/c/me, in order to stave off the monoculture?
From the article: "Geer acknowledges that point but said better planning--as well as forcing Microsoft to allow competitors to interoperate with key operating system components--could mitigate both issues." If we do that, aren't we opening up these key operating system compenents as points of failure across OS's? I thought diversity was the point they were making. This sounds like an arguement against doing that.
That's gotta fit into your schema somewhere
"There is a difference between biodiversity and computer diversity," said Scott Charney, chief security strategist for the company.
Yeah, there is: biodiversity actually exists.
It is a well-known fact that the Irish Potato Famine wasn't caused by a lack of potatoes; rather it was an overabundance of Irishmen.
Seriously, though, agriculture is a risky proposition. Prior to European conquest of Africa, the natives largely existed as hunter-gatherers. As such they tended to just eke out an existence on what little food they could find. Also, humans naturally become infertile when they're not fed enough, so during a time of scarcity the population stabilized itself, with the standard very-young and very-old dying off.
The Europeans brought agriculture to Africa. (I'm talking large-scale, tied-to-one-patch-of-dirt agriculture here.) This has upset the "natural balance" by creating subsistence farming. People do tremendously well during good years, but are devastated that much more when a drought comes along. The population swells greatly due to the static nature of life and the need for people to work the farms. Those same populations are routinely eviscerated by famine every decade or so. (Not to mention the social problems as formerly nomadic people have been lumped together in aribtrarty boundaries drawn by their conquerors.) For some reason Sally Struthers seems to think the solution to this problem is to provide more food. It's a short-term fix but it's also a vicious cycle.
Agriculture can bring tremendous profit and clearly supply much more food than the hunter-gatherer lifestlye. But the risks are greater, too, especially once your society becomes dependent on large-scale farming. I saw on Discovery channel the speculation that years of poor harvests led to the extincion of some Middle American people around 1200 AD. (Mayans? I can't remember.) In modern times, we see these risks introducing themselves in new ways, such as mad cow disease, brought about by imposing a cannibalistic diet on cows, which in turn happens because of market pressures to keep producing cheaper meat for an increasing number of increasingly hungrier (to the point of obesity) population. Something has to give. We are also seeing the depletion of natural fish stocks, and the "latest study" says that farmed fish contain much more mercury and PCBs than wild fish.
I liked the CNet article a lot; they could have mentioned SQL Slammer's apparent role in the blackouts last year. I guess that hasn't been explicitly proven and overty recognized, it would probably be too costly to Microsoft's share value, and by extension the economy, and by extension Bush's reelection strategy.
Look, monopolies are not inherently bad. Microsoft has been convicted for abusing their monopolistic position. They were not convicted for simply being a monopoly.
CT
Firstly, the snide comment on monopolies is simply unwarranted and certainly not as sarcastically entertaining as I'm sure it was intended. Too often the word "monopoly" is used as merely a code-name for "those-who-are-winning-and-who-aren't-me!" So 'nuf said there.
Secondly, the ubiquitous nature of the Internet is the single biggest reason behind it's success. While I agree that the "genetic makeup" of the Internet may also be its weakest link, I have to ask, "What's the alternative?"
Look at how the Internet, much like the telephone, has made communication so much more efficient. It has opened channels across the world, across socio-economic cultures, across demographic diversities that have never been accessible before - at least to the average Joe/Jane. This would have been impossible if, say, every country was forced to use its own network transport layer. Sure, Cisco would love it - they'd be able to sell country-specific routers to automate the traffic translations. They'd make a fortune!
Is the article suggesting that we create multiple network infrastructure to obfuscate malicious interrogation? If so, how could it be done without public standards - which would defeat the purpose anyway?
The article's viewpoint is short-sighted. The answer is not to mutate the DNA of the Internet (Ethernet/TCP/IP/etc), but rather to enhance its perimeter defenses, such as SMTP. That protocol itself is way to vulnerable. Outlook is a fine product; I doubt anyone would argue that. But look how much it's been [editorially] attacked recently because it's based on an ancient protocol and has been jerryrigged to overcome the security holes of its communication layer.
I don't know, maybe I'm rambling, but the article irked me. Just a bad day I guess.
To take the anology to the next level.
MacOS X is then a graft of the macintiosh experience on top of good ol unix. Just like the french vineyards are French vines grafted onto american trunks and roots due to the fact a fungus ate all the french roots.
I make my face look like this and concerned words come out.
In November, the National Science Foundation granted three university researchers $750,000 to find the location and number of such weak links within the information infrastructure.
Sure, but if I did an independent study I'd be thrown in jail under the Patriot Act and no one would hear from me again.
#1. Microsoft WAS handed their monopoly. From IBM. Back when IBM licensed MS-DOS for the IBM PC.
#2. Check the DR-DOS history. See how Microsoft used bogus "error" messages against competitors.
#3. Check the Netscape trial. See how Microsoft used OEM contracts against competitors.
DUH! Did you MISS the part where Microsoft was found GUILTY of ILLEGAL LEVERAGING their MONOPOLY?
Yes, if Linux gained more desktop space there WOULD BE FEWER VULNERABILITIES. Just take a look at how much market share Apache has and compare the market share to web server vulnerablities that have been exploited. Specifically, how many IIS servers have been exploited.
And you WOULD make the news IF your exploit/virus/trojan/whatever could hit BOTH Windows and Linux boxes.
Get real. If all the factors were equal, we'd see a LOT more Apache exploits. There are over TWICE as many Apache sites as there are IIS sites.
Your beliefs do not seem to coincide with the facts of the real world.
this is bizarre.
.
i've been reading all the posts so far, and all of them appear to be in agreement.
i'm not sure i've seen this level of agreement even over the SCO case. Once in a while you at least get a decent troll on the SCO topics.
I feel like it's my duty as a concerned citizen to pick up the slack here, so um . .
the software monoculture is in every way exactly identical to the potato famine. in fact, it's so similar that i'm not sure they are different things. damn the irish and and their isecure monoculture. damn it.
in other news, i think my pc might have SARS.
** Chigusaaa!!! You're the coolest girl in the WORLD!!! **
Reminds me of an argument I had with a member of RIT's support staff regarding RIT switching to Exchange for e-mail. Basically, it boiled down to me asking him if the old POP system would remain in effect for people like me who used programs like POPFile to filter my mail.
Basically his reply was that I shouldn't depend on one particular means of getting my e-mail. To which I replied "What do you think switching to Exchange/Outlook is doing?"
Point, me.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
Why is arguing against monopolies arguing against standards or arguing against compatibility?
The presence of a monopoly *guarantees* a standard, but does not guarantee compatibility. Microsoft can (and has, accidentally) broken compatibility between various versions and flavors of it's various programs.
The absence of a monopoly does not have any bearing on standards or compatibility. It is, in fact, preferred for there to be a standard in the absence of monopoly; witness the DVD standard, the CD standard, the various interface standards...? It means that people can talk and interact sanely when no one individual has control.
If you mean diversity argues against standards and compatibility? I don't think that holds either.
Philips, Panasonic, Samsung, Sony, IBM, Apple, Dell, RCA, Aiwa, and Kenwood all adhere to the CD standard, and thus a CD that can play in one can play in all, without there existing a monoculture or a monopoly. The same holds true of paper, nails, DVDs, and many other things. Of course some products are crappier than other products, which affect compatibility and quality, but it's not due to lack of monoculture, since Microsoft decisively also has crappy products and crappy quality as well.
Diversity means competition.
Last I recalled, competition meant progress, and growth, as well as strength and robustness. If one product/method/attempt fails, then another can succeed. If one is suboptimal, and alternative may be optimal.
In a monoculture, none of that applies. You can't have difference without choice, you can't have competing theories without choice, you can't have flexible strengths without choice.
You just have no choice.
GPL Deconstructed
Mostly,
its what you like to believe, some say a zillion party democracy (Like most of Europe) is the best way to handle things, some say a two party system is best (The US, in practice).
Some even think one of those "Great Dictator's" is the best. Them silly really.
peace
"/Dread"
According to a Netcraft report, 2/3 of the web now runs on Apache.
Granted, it could be Window/Apache, it's most likely Linux/Apache.
It is not enough to have a good mind. The main thing is to use it well. - Rene Descartes (1637)
on whether you believe this tripe or not. Is there a monoculture in the software industry? Are standards bad? Is it bad that my desktop is the same operating system as the guy in the next cube? That I use the same tools as the guy down the street? Is the world ending because I use TCP/IP to communicate over this horrible Internet thing? Does everything have to be black and white? Isn't it POSSIBLE that there are a FEW advantages to my father using the same operating system, etc. that I am? Isn't it POSSIBLE that those advantages contributed to the fact that it is true?
Not only is the information in this article old. Security profesionals have been spouting this for over a decade.
The article itself is over a day old. It constantly amazes me how far behind other news sources /. is. hacker Intel linked to this YESTERDAY morning when it came out.
- Nicholas
I'm a biologist, biatch!
/RANT
A biological population can experience genetic bottlenecks. For example, everyone in Iceland is practically genetically identical, since they are descended from a group of about a few dozen (already closely related) Vikings.
The potatoes in Ireland where a similar example. Not only was everyone growing potatoes - all of these potatoes were descended from a small number of potatoes brought over from the New World. The original population of New World potatoes were genetically diverse - but the potatoes brought to Ireland were all especially susceptible to the fungus that brought on the Irish Potato Famine, so it was catastrophic.
You can also get a genetic bottleneck in an entire species. The few surviving Andean condors probably only represent a fraction of the genetic diversity the Condor had at the height of its population. The diversity is gone forever.
The same is not true for rarely used, or even completely unused, software. If some disaster befalls us that makes other operating systems useless, we can resurrect OS/2 Warp even if not a single installation remains anywhere in the world.
On the other hand, without a population of OS/2 Warp installations, OS/2 Warp cannot evolve. It exists in a form of stasis that, over time, may render OS/2 inviable, in much the same way that environmental changes might drive the andean condor all the way to extinction (while it might have survived with the genetic diversity that the species has already lost.)
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
It is not standards that are a problem, it is "De Facto" standards.
A "De Facto" standard is really not a standard at all. It's just an implementation that happens to gain critical mass.
In (economic) theory, such an implementation should be the Darwinian best; in theory the best product always wins. However, we know from engineering experience this is almost always untrue. Another way to put this is that fitness to reach monopoly status is not necessarily fitness for the tasks and uses to which we'd like to put a thing.
The advantage of real standards over "de facto" standards are that they designed to allow multiple competing implementations, avoiding the monoculture problem. The other advantage is that that they are "designed" rather than just happening.
The disadvantage of standards over "de facto" standards is that the standards process is less agile at the outset.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
ie, windows patches.
False logic: You talk about the weakness of standards, which is valid, and then switch topics. The logic breaks when you do that.
You talk about the difficulty of diversity in an extremely exaggerated and unrealistic manner as a solution against standards and monoculture, when the realistic solution is neither.
In real life, you have competing *standards*. DVD-R and DVD+R. Blueray and HD-DVD. uPnP and Zeroconf. POP and IMAP. And often times, in real life, you don't settle for *one* standard, you accept multiple. Of course there are exceptions, like HTTP and BIND or TCP/IP protocols, but your argument has no bearing on reality otherwise.
So you then talk about diversity being impractical, without supplying any logic whatsover. You just assume because encouraging *no* standards is impractical, that diversity is impractical. They are different.
Support multiple standards, support open standards, and their implementation is not impractical, highly or otherwise. That is the whole reason standards exist!
Use different hardware and OSes to protect a company is not 'highly impractical' NetBSD on x86 for firewalls. Solaris on Sparc for servers. Linux on Itanium for compute nodes. OS X on PPC for desktops.
This is *natural* because each environment and tool have different strengths and weaknesses. It's like having multiple tools in a tool chest!
You wouldn't use Linux and Itanium for *everything*. Nor would you use OS X on PPC, or Solaris on Sparc. Nor *should* you use Windows on x86. It makes you too vulnerable and weak, and you sacrifice the strengths of each platform and environment!
GPL Deconstructed
With Linux emerging as the platform of choice for scientific applications, I would imagine NASA has had to have changed this policy, so I would like to hear from some NASA people what the current policies are.
One thing is clear, open source is being demonized by people with vested interests, and are trying to pass actual laws along the lines of "This is Godless and Communistic." I personally think open source is a really good fit for OS and language design. These are foundations on which everything else rests. Without open source you don't know if what you are building lies over a fault line or an artisian well.
I'm sure Microsoft is cutting deals behind closed doors with various governments about putting in code to "track the bad guys". It's not just a matter of having stuff in there you don't know about, but having it steal your processor cycles, and having unintended interactions. And since it's black box and probably DRM, it will probably become illegal to deactivate it. And since you can't rip it out, or should even know it's in there, someone comes along with a real killer virus exploit that turns on your own DRM against you.
Letter To Iran
You stupid dickhole, you can't direct link to that pic. Dickhole.
There was a socially constructed component. The British grain import laws that ensured that relief supplies weren't available.
IIRC, it wasn't until recently that Ireland reached its pre-famine population.
Best Slashdot Co
Monoculturalistic tendencies -- agricultural or technological -- develop because short term, they are more efficient, leading to economic benefits. Long term, of course, they are disasterous, because they lead to a lack of advancement and, if universal, lead to inevitable collapse of the entire system if a vulnerability exists and is exploited. This is a great example of what economists call "market failure," in which market forces drive a specific environment toward the *least* desirable outcome (for a primer on this problem, study articles relating to "the tragedy of the commons"). Eventually, such systems collapse because of these flaws, and are then subject to regulation or restrictive laws (see the government's ongoing oversight of Microsoft).
As a result of these failures the original intent of the internet to be a ubiquitous connection between machines is dieing. Network address translation (NAT) has made islands of our networks, and factionalized our communications.
Soon, connectivity will be by whitelist (invitation) only - and communications that now serve to further understanding will be gone, leading to further stratification.
Eventually the network will reflect society; instead of the utopia it started out as, or the wild west it seems to be - it will become a series of walled gardens that broke little communications between them.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
I love the way that one ended, hilarious ! ...
"That's one of the reasons that I stick with a Mac."
This is a timely issue for Navy.
Although mentioned very little in the press the Navy is presently implementing a huge contract with EDS that is imposes a MS "solution" on each desktop and server and in fact on anything that touches the network. All other vendor hardware and software is classified as "legacy" with the intention of upgrading to approved solutions in the near future. And hence the AC posting.
IT cost are going to skyrocket. No existing infrastructure is used so all new fiber and copper is being layed down. EDS owns the infrastructure and the computing equiment and leases it back to the government. However, in order for people to get their jobs done private parallel networks (typically the existing) are being retained. So cost will probably double in the future with the added benifit of having a monoculture IT system.
The stated purpose of the pork^h^h^h^hcontract is security (it sure the hell is not cost savings!). No dissension is this issue is allowed - just drink the koolaid and node the head up and down.
"Plain old capitalism" is exactly what the railroad robber barons did in the 1800s. And it is one reason that anti-trust laws exist today. It is not legal to use "industry leadership" in one area whether it's railroads or operating systems to create monopolies in areas where you are not the best player but just the richest or most powerful (due to dominance in another area).
Let's imagine a "hypothetical situation." A company produces a software application in addition to its very popular operating system. The new software application is not as good as the competition's product and isn't as popular with secretaries. By bullying the retailers (as in "if you include our competitor's software on your computers, we won't let you use our operating system"), that company might very well find itself an industry leader without ever having to improve the product.
Of course, this is purely an hypothetical example...
"Obviously, I'm not an IBM computer any more than I'm an ashtray" (Bob Dylan)
Linux advocates talk about replacing Windows, not working along with it, except when necessary. The Linux vision is a Linux monopoly, so will this be bad if it can be brought about?
When the IBM PC came out, there was a very splintered computer culture, composed of TRS80, Apple, Commodore, CP/M (with lots of different disk formats, just to stay interesting) and a few other splinter processors.
And, dont ya know, NOTHING was portable. Perhaps some CP/M programs worked cross-platform, but the interesting programs used the Serial Ports or the Monitor Capabilities -- and so were customized for the particular home system.
At the time, the industry leader was the Apple II because it had an open architecture and a Plug in Expansion Card system.
The poor folks had TRS-80 (like me), rich folks had APPLEII or S-100.
Then the IBM PC and the Apple Mac came out. And the MAC was a closed box (Warranty void if you add memory), but the IBM PC was an open system. IBM published the BIOS and everyone and his brother came out with cards and clones... and we became a monoculture.
But suddenly all the people that were running in all different directions on all different machines embraced the open architecture... and there was a blooming of creativity and interesting software. All of a sudden, you could make a data disk at home. and when you got where you were going, you could count on something reading that disk. Interchange and communication and a sort of an easy interoperability (all the machines were well nigh identical) became the norm. People could build on the exploits of others, because everyone rallied around the same set of standards, namely DOS interrupts, IBM Format Floppy, Serial ports that were virtually identical no matter who made the machhine, large (comparatively) memory areas of 640KB and disk capacity of 20 MB.
It was a golden age. The only loser at that time was the Mac, and for the very reason the Apple II was a success, the Mac lost. The Mac made it impossible to erad or write to the new "lingua franca" of computerdom, the 360K floppy. They did not even support MFM on their machines, so that while most CPM machines could either read or write a DOS floppy, the MAC by its very design could NOT.
Also, the peripheral market surged. Now instead of a dozen different competing busses, the target was easy... 8 or 16 bit ISA -- take your pick. And controller cards and interface cards proliferated, spurred by the economy of scale.
Eventually even the Mac had to include the capability of creating and reading a DOS formatted floppy. It was the only game in town.
I believe that computers got to where they are today because of the proliferation and preeminence of a single type of computer... the accident is that it was the IBM machine, and MS-DOS. Any other single system would have had a similar spur.
The monoculture was uniquely poised to become ubiquitous.
But now, we have the social carnivores... the virus writer, the cyber anarchist who is not happy with people computing placidly, people who see the seams and cracks and vulnerabilities of the monoculture and pick at the weak points.
And here is where the monoculture is bad. Because EVERY MACHINE has nearly the same undocumented behaviour. When i started, these quirks were published as "workarounds" for things the system designers did not really want you to do. Some of these became so widespread that when they were no longer accidental, they needed to be emulated on newer and newer hardware. Some early 386 bugs are trapped by the BIOS and emulated!
It's only a short step, though, from using these tricks to further a legitimate purpose and using them for vandalism. Computers have had a remarkable freedom from predators for many years. Now the predators, the vandals, the black-hats are taking advantage of the same tricks that led to many of the game programming tricks, computation shortcuts, and undocumented features to prey on the weak places.
So is monoculture bad? i say it is a mixed blessing.
Regards.
Ed, KB40RA
Many different vendors implemented SMTP/POP3 and TCP/IP differently - and yet they were all succeptible to their historical fiascos.
We got a TTL field, a clean-up of the Ack response, and a reorganization of the old email-handoff architecture - but it still ended up costing a comparable amount of time and resources to deal with as any other hack.
HTTP, like any technical standard monoculture, is also susceptible to legal problems - just as linux is. The [object] debacle is going to cost more than just microsoft manpower, and money. And should a legitimate SCO-style IP claim be levelled against Linux, updating all the various builds out there will be a similar resource drain for every vendor.
So while standards may not have the same attraction for directed malicious individuals as does a monoculture OS - they do still come with monoculture risks and vulnerabilities.
One might argue that the prevalence of SMTP/POP3 as mail standards is to blame for much of the time, energy, and money used to combat spam.
If there wasn't such entrenched usage of the dominant standards, software would necessarily need to support multiple standards. Then it would be easier for clients to demand an improved solution, as they'd be more free to junk a particularly troublesome standard.
Sure, standards are largely a necessary evil for effective communication across systems. But because they are necessary doesn't mean they don't still carry traditional monoculture risks.
// "Can't clowns and pirates just -try- to get along?"
After all IIS and Apache both comform to HTTP standards yet one is vulnerable to a set of exploits while the other is vulernable to another set of exploits.
Diversity allows for protection and flexibility in some cases. It also makes it harder to work in an intergrated environment. That is the trade off.
One of the reasons the Air Traffic Controller 'net' has not been hacked into is that much is incredibly archaic. Some portions run over an X.25 network! Let's see the script kiddies access a non-unix non-ms no-web non-tcp/ip box that you'd need volumes of hardcopy docs to access legally.
Anytime everybody is using the same software (or software specification), flaws can be exploited. Spam takes advantage of the flaws in SMTP, but email would be a mess if there were dozens of incompatible protocols.
The advantage of monoculture is convenience. The disadvantage is when there are flaws.
I believe that it is easy to make the direct comparision, and useful. This argument is nothing new to the usual slashdot crowd, but it needs to be said again and again, and in a manner that most people can clearly understand.
IMHO, that arguement is a crazy as "Maybe Microsoft is the ones who are releasing the viruses, in a effort to get people into needless updates!", where's my tinfoil hat when I need it!The grass is only greener, if you don't take care of your own lawn.
The vast majority of MIS departments, given the choice, will try to standardize on products. Why? Because you cant have any real 'management' if there are too many things to take into account. So, you begin to eliminate things, and focus on building knowledge with your standard equipment. Then, when a problem comes up, you have just made your troubleshooting simpler by an order of magnitude lessened by each different system you have eliminated.
For example, you have Netware, Windows NT, Windows 2000, Linux, and Unix. You get hacked, and have no clue where it came from. So, this means you have to conduct very extensive testing on FIVE operating system bases. Lets say this testing can be done in about 20 hours (not likely, but just for example). 5 x 20 = 100 hours. THEN you still have to fix the problem.
HOWEVER, if you only have, say, Windows 2000 and Unix, you have just improved your problem response time by 150%, and you also dont have to hire people who are experts on five different OS's, so you can focus your people better.
The arguement against "Monoculture" is just a twist on "Security Through Obscurity", which anybody who actually works in security knows is not really security at all: it's palcebo security.
So next time you start uttering some regurgitated Slashdot statement like "Monoculture iZ teh dang3r0us!!!!1111", you should first consider taking an IT or MIS class.
Manipulate the moderator system! Mod someone as "overrated" today.
to say that "[Microsfot] SQL Server [...] has an archetecture that virus and worm writers have been able to exploit" is simply pathetically desprate misleading of the audience. Here is why.
The Slammer worm has used a vulnerability that was NOT an architectural design flaw across the product. It was a simple stack buffer overflow in an implementation of the SQL Resolution Service.
On a seemingly unrelated topic, here is a plethora of buffer overflow vulnerabilities of Oracle from some time ago. How much mass media attention did that receive. Close to none, because it doesn't pay the media in advertising revenue to show an expert talking tech about buffer overflows and authorization headers. But does pay off to create a bombastic news report on a big-time screw-up of the largest software company in the world.
I am sorry to bust your balls, but I do recall several instances of similar problems such as an Apache worm on FreeBSD. I am not arguing that Apache et al. have more flaws, I am just pointing out that everyone who has coding skills prefers to explore IIS's quality rather than some Apache's because of simple "I can pick on the weaker guy easier" predatory concept from kindergarten.
The analogy he made was that depending on a single software system on all computers is dangerous to society because then a single disaster effects all computers, just like depending on single crop is dangerous because a single will effect the entire food supply. And to that extent he was correct: A disease did wipe out nearly the entire potatoe crop, and dependence on that single crop was the cause of the famine. Therefore if you depend on a monoculture (either because you decide to, or the english force you to), you are in danger. End of analogy.
He did not suggest at all that people were going to die as a result of a computer virus - you did. If you over-extend any analogy it will be incorrect - the only perfect analogy is the situation itself, but that defeats the entire purpose of using familiarity in one situation to explain another.
I've been making these analogies of Monoposoft for more than a decade now. Ten years is about the lag time for obvious truths such as these to sink their way into academia, so it looks like we're right on schedule.
The English artificially kept grain prices high to keep European imports out. The price was higher than the Irish peasants could afford so they ate potatoes instead. A free market in grain would have resulted in a lower price and would have prevented the famine.
Nature doesn't think. Humans who develop software do. If a change happens, or if several changes happen, humans only have to understand the changes and adapt, while nature has to wait for a stronger genetic mutation in its structure.
This topic is explored at great length in Mike Davis's Late Victorian Holocausts , where El Nino is a precursor, but Western idologies and policies led to great genocides in India, China and South America. As a matter of record, many of the former Colonial administrators who failed to care for the welfare of their charges during the 1840s in Ireland were in positions of greater authority in India during the 1870s... and similarly caused the needless deaths of tens of millions of people.
Da Blog
It is really a better argument against underlying design flaws rather than simply an argument against monopolies.
Let me illustrate: I do a lot of work on the IBM iSeries (AS400) platform. One of the reasons this platform is not prone to viruses is that its underlying design is well-structured against them. Data files, executeable files, devices, drivers, etc. are all treated as separate objects. Data files are not executable. Executable files cannot be patched. This means that creating a self-replicating and stealthy virus on an iSeries is nearly impossible.
Yes, the problem is monopolies, if those monopolies are poorly designed. A well-designed monopoly would be easier to live with.
Proverbs 21:19
The Irish were completely reliant on a resource that was vulnerable. That is the point of the analogy, not the political situation at the time. If you were to carry the analogy further, beyond a useful scientific explanation, you could say that Microsoft is equivalent to England, forcing the poor people to farm a vulnerable resource and they are unwilling to allow other resources such as corn or grain (operating system diversity) into the food supply as they benefit from the current position of forced reliance on their ownership of the land (their operating system monopoly).
My vote is for large scale corporate farming.
What is the Meatrix?
give me an example of any nomadic group that conquered those that used large scale agriculture after the invention of guns.
The European colonisation of the Americas was characterised by aggressive, nomadic invaders, armed with guns, germs, and a foreign biota, replacing native populations, most of whom were agricultural. Some of the settled agricultural socieities in the Americas numbered several million - for example the Ohio native cities were larger than any in Europe at the time. Only after the European nomads had migrated to the western plains did they finally encounter other nomadic cultures operating a rudimentary level of civlisation.
This nomadic legacy runs deep in North American culture. Even today USians are the most nomadic of all "Western" peoples - they tend to move more frequently during their lifetime, and each move is on average a greater distance, than any other European or European-descended culture.
Da Blog
Do you have any clue what interoperability means?
No, it does not mean that M$ product A works with M$ product B (at least most of the time, and as long as product A is not M$ Office version n-2, and product B is not M$ Office version n).
Interoperability means that A and B have compatible interfaces. So then A can tell B to do this and that, and that is what B will actually do. For example, A web server can tell a Browser that it is sending a plain text file, and the browser will show it as plain text (and it will not attempt to interpret angular brackets as HTML tags and infect the OS with something as a result).
And that is what standards are for. Standards effectively say, if A does this, then B will do that, and everybody will be happy. How A and B implement the standard is up to them. A and B don't see the other's implementation, they only see the interface. So what if one implementation is vulnerable to a worm? The worm will not be able to infect all other implementations. And still all As will be interoperable with all B's, although they are not all M$ products.
D'oh!
"...a system where all the parts react the same way is a system with a fatal flaw."
Ghost in the Shell
That doesn't change the fact that the Irish were dependent on the potato. And it doesn't change the fact that when a disease came along that attacked the food that they depended on, the people starved.
You should do some research before spouting off, then admitting you know nothing. Ireland was a victim of classic Colonialism - the natives' land was forcibly seized and they were converted from self-sufficient communities into tenant farmers. They were told they had to pay "rent" to live on the land that they had formerly owned. The only way to pay this "Rent" was to grow cash crops for export. The cash crops occupied all the best land. The renters were forced to eke out a living on marginal land with non-cash crops. When the non-cash crops failed, they had no money to buy food in the form of cash crops, and in any case most of the cash crops were already pledged through forward contracts to overseas buyers, who could always outbid the renters. The remaining farmers who owned some land were forced to buy food at inflated prices, often going into debt. This caused many of their farms to be foreclosed. Famine is thus a political tool that leads to collectivisation. The British knew this in the 1940s, and Stalin knew this in the 1920s and 1930s. There's more here, if you care to educate yourself.
Da Blog
Don't confuse a monopoly with being one product. For example, if Microsoft had both a Windows and a Linux distribution and the two OS's were 50/50 in sales, Microsoft could still engage in monopolistic practices (as per the court ruling) but (in the context of this article) a virus that would effect Microsoft Windows may have no impact on Microsoft Linux.
the AS/400 is the biggest piece of shit ever designed.
just try doing ls -r / on an AS/400 using QSH.
+5 insightful? Hardly.
The rot of potatoes was biological - but the conditions for reliance on potatoes as a staple had been forced through State violence, and the Famine that ensued was poltically motivated and socially engineered.
Famines are always political - they happen during civil wars or between nations at war. They lead to profiteering on a huge scale and collectivisation - economic trends which appeal to a certain class of people.
Da Blog
While I agree that MS having a monopoly is a bad thing, I hardly think that *nix has what it takes to truly compete with them on the home user front. The MS platform has the largest proliferation of software available, not to mention most home users are basically very familiar with the windows environment and the apps that have traditionally come with it. For any viable competition on the home market to arise they would have to be 100% compatible with everything MS supports and then have features that surpass them (for instance, heightened security).
Everyone here already knows that the *nix platform is already more complex than most people are willing to cope with. Even with distributions as user-friendly as RedHat and SuSe there is still a shortage of convenience that many home users would demand. This is not to say that MS is necesarily more convenient, but these people are already acclemated to its environment. Throwing something at them that is totally different will give most a pretty good scare. On top of that, none of their familiar software suites are there to comfort them.
Now while I really appreciate the work that Lindows tries to do, they just aren't getting it done... whatever it is. If we as the uber-geeks of the world really want to persuade the rest of the tech-illiterate to our side we're going to have to make something that they will take a bite into... then we'll see about weaning them out of their familiar software suites with our superior OS solutions.
I think the greatest place to start is to tone down the absolute customizable nature of *nix distributions. If we create a common distro base that is extremely user friendly and not necessarily "maximum utility" and then name everything else extra (yes even the development tools) then we stand a chance. The next step would be to write up a fully functional kernel loosely (very loosely) based on *nix that supports everything that is Win32.
Obviously a very difficult job, but who among us is truly up to the challenge? Until something like this happens I see no end to MS's monopoly in the near future.
-[ Attachment: virus.tar.gz 106k ]-
Installation instructions:
* Save the attached file. (In mutt, highlight the attachment and press s. In Evolution, right-click on the attachment and select Save As. For other mail readers, consult the manual page.)
* Uncompress the file in a new directory. (Open a terminal window and type tar xzf virus.tar.gz, or open the file in Karchiver, GUItar, EasyTar etc. See the tar and gzip HOWTO for more information.)
* In the virus-0.11.2 directory, run the following commands:
./configure
make all
make install (run this as root)
Note: you will need to install gcc (the GNU C compiler) in order to compile the virus, along with the kernel headers for your system. See the GCC HOWTO for more information.)
* Congratulations! The virus is now ready to run! Type virus at the command prompt.
* H4 |-|A i 0\/\/Nz3D y0O 5uC|eRR!!!!!!1
I don't really understand your point. What is the problem with the command, and what does it have to do with the design being inherently more secure?
Proverbs 21:19
Because Apache does run on windows desktop/server iterations.
Open specifications
With multiple implementations
On multiple platforms
This is what published standards allow.
Monopolies tend to produce:
Closed specifications
With single implementations
On single platforms
which is why they're easier targets for exploits.
Note that most of the modern scripting languages occupy an intermediate point here, since they tend to have a single implementation which effectively is the specification. Perl/Ruby/tcl are like that. Python is a little better since it has multiple implementations, but no formal specification other than a test suite (correct me if I'm wrong, Python people).
To a Lisp hacker, XML is S-expressions in drag.
This is actually a great argument against the dominance of Windows, btw. When Windows defenders claim that viruses and security issues are prevalent on Windows only because it's so widely used, you can point out the dog-chasing-its-tail nature of such a viewpoint and ask them why they continue to be part of the problem by contributing to that prevalence instead of using a different OS. (Frankly, I don't buy the argument, but it's fun to put that out there and see what responses you get.)
--Rick "If it isn't broken, take it apart and find out why."
We aren't talking about the solution to the problem, we are talking about risk management.
It is a perfect analogy.
When you applied for college, didn't someone tell you "don't put all your eggs in one basket"? Did you tell your guidence counsler "Sir, we are talking about college which is a social construct, whereas eggs are natural items produced by chickens"
What about investing in stocks? If you only applied to Ivy League schools with your 2.5 GPA you would be rejected. If only purchased Enron stock in 1999 you would have lost everything.
Its all bout statistics. There is ALWAYS a chance something is going to go wrong with something upon which you depend. When chance is not on your side, you don't want to be completely fucked. The Irish relied too heavily on potatoes, and hundreds of thousands died.
Diversification is the only protection against a random world. There is ALWAYS a chance something will go wrong, so follow your Grandma's advice.
Don't put all your eggs in one basket!!!!!!!!
When there are similarities in software running on computers over the internet the process of fixing bugs is simplified e.g. Microsoft only needs one copy of the relevant patches per OS version.
The Irish Potato Famine was caused by policies of the British government. Stealing land, forcing the growth of cash crops instead of food crops, shipping other crops out of the country while the people starved.. you knwo, the usual thing.
-------- In Soviet Russia, "Soviet Russia" sigs hate Slashdot.
Even a exploding nuke power plant wouldnt cost as many lives as those unspectacular rotting potatoes did.
I have seen estimations of around 700000 deads.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
How is a (deliberate) Microsoft monopoly bad, yet an (accidental) Apache one isn't? Or, to put is simpler; Are you actually concerned about monoculture, or are you just bashing $EVIL_CORPORATION under the guise of being concerned for the community?
Mr Spock (or Gene Roddenberry) was right!
-------- In Soviet Russia, "Soviet Russia" sigs hate Slashdot.
You keep using the prefix Mono. I do not think it means what you think it means.
If they spent 5 minutes browsing Slashdot they would realilze there is no Monoculture (unless it's Unix)
I said that IIS has MORE problems even though IIS has LESS marketshare.
First off folks, you may have realised that the Irish are Realllllly sensitive about the Famine. I mean really ! ( Speaking as a Paddy myself ) Its worth restating an important detail: The population of the Island of Ireland dropped from 1841 to 1851 by ~4 million (Official British Census figures), not all died, most recent estimates have about 50% dead, 50% emigrated. The reason why I personally feel that the British Government carries a lot of blame is down to the fact that the Famine didn't happen in just a single year, the blight occured to greater or lesser extents every year between 1845 & 1847. So I may excuse the first year, but what about the subsequent ones ?
So essentially the point is "Can we develop something unexploitable?" which is, I think, impossible.
Standard, monoculture, or otherwise, I think it's impossible to develop something unexploitable. The nature of the problem is designing something flawless, and as soon as context, culture, needs, or environment changes, the design is no longer flawless.
GPL Deconstructed
Maybe it is the development model of Microsoft. With few developers per team trying to meet deadlines dictated by the market, it's no wonder commercial software is generally more buggy than open source software. After all, it has been said here on /. that the strength of open source is that lots of eyes see the software.
Not at all, not according to research models, actual case studies, and biological examples.
The study of networks, and scale free networks, has been applied to virus vaccination, and I do believe those results apply equally to the internet, or any other network. You don't need to immunize everyone, and you don't need to make all network nodes different, you just need to immunize hubs, and you just need to vary and protect vital hubs.
Here's a thought exercise: If you had 3 lans at work (one wireless, and two wired), you don't need to diversify every network to protect the entire place; You only need to protect three internal firewalls, three routers, one external firewall, and three DHCP machines to effectively protect up to 750 machines. Even better of course is the fact that all 750 machines don't have to be identical, since there will be the odd Linux server, Mac desktop or laptop for the graphic folks, and perhaps a Sun workstation or two here and there.
So it's not like you'd have to diversify to uselessness at all; just intelligently.
GPL Deconstructed
Isn't this another good argument against monopolies?
Yes, and the security community has been making it for at least 5 years. Good to see you've caught up, welcome to the party.
Assorted stuff I do sometimes: Lemuria.org
"It's not a question of whether Linux vs. Windows on security is arguable or not, just whether it can be proven."
It can never be "proven" because there is no way to know that every possible bug has been found.
All that can be shown is statistical evidence.
Nomads had to move around to eat to get to where their food supply is.
Maybe for you nomads are people who live in yurts and eat fermented curd, but I think here you are describing a hunter-gatherer society. The United States, and its precursor European cultures, were characterised by large-scale, frequent migrations of enormous bodies of people. If that isn't nomadism, then I don't know what is.
As I mentioned, this continued tendency of USians to migrate more frequently during their lifetimes than other European-descended cultures, and to tend to travel greater distances both for daily commutes and during their migrations, marks USian culture as much further along the "continuum" away from from settled, non-nomadic cultures. Many economists refer to this as labour force mobility. The migration of black americans from the under-developed southern states into the northern states during the 20th century is a classic example of this. During this time, the US also saw massive infusions of migratory labour from abroad to specific disembarkation points, and these people and their descendents begun and are continuing a migration from both coasts into the heartland. In recent years, Latino migration from the southern borders has been accelerating.
I never considered pioneers nomads. Once a pioneer has picked their homestead, they don't typical move if they could help it.
Again your perception is open to reinterpretation. The early settlers practiced clear cutting, which led to rapid reductions in land fertility before the invasive Euro portmanteau biota could be established. That's why the Western frontier moved so quickly - many people upped stakes and moved, chasing the fertility. Similarly, your example of miners elides over the fact that when the easy seams were depleted, people moved to the next one. Entire towns were created and destroyed within decades.
So you see, the difference between a long-established nomad culture and USian culture is that many nomads used biodegradable and/or portable habitation and technology. USians tended to build less biodegradable structures that have eroded less - giving the illusion of permanence and stability.
Also, your self-description of forced migrations illustrates an important point. Most individuals within nomadic socieities do not classify themselves as willing, repeated travellers. Instead, economic and climate conditions force them to migrate periodically. Your self-described situation sounds to me identical to some descriptions I've read of Mongolian nomadic cultures, allowing for culturally specific cues. Most "nomadic" Mongoloians rarely travel more than 3 miles per day, and perhaps 200 miles during a semi-annual migration. They would consider your travels "40 mins" to Walmart (presumably between 20-40 miles) to be extreme).
And the progression from nomadic->settled is not inevitable, or given. The classic example is the Lapps of northern Europe. Until the 16th century they were a settled, agrarian society. Then advances in technology enabled themto develop an economic advantage around raindeer herding. And within a couple of generations the vast bulk of their society became nomadic, pushing further north and squeezing out the original, aboriginal inhabitants. Don't be fooled into thinking that nomadism is an "earlier" state and settled life a later state - it's a cultural reaction to socio-economic stimulus.
Da Blog
"Standards" contribute to the problem of monoculture in much the same way that standardizing on "front door with lock that opens with a key" contributes to home burglary. For that matter, all thieves speaking the same language in their home town makes it easier to discuss burglary. But the same standards also help us get around every day, so there is a tradeoff.
Now, interestingly enough, I suspect we are heading for an era of fewer such standards! Communication is already in flux due to encryption; my encrypted discussion with another person will appear as complete jibberish when intercepted, like when the Japanese intercepted US Navy transmissions that were actually clear-text conversations between North American Indians working in the radio room. As for locks...what happens when homes lose their locks in favor of AI, and simply recognize who can come in and who cannot? It is much harder to crack a system that is watching you while you attempt to crack it. After all, the house could simply kill you if it had the right weaponry. At the least, it would not be as gullible as a lock.
OK...my point approaches. Think for a moment about the shifting stairways and jumping rooms (well there was one at least in the last book) in the fabled Hogwarts School of Witchcraft and Wizardry. Ignore for a moment all the spellcraft going on...just look at what you could do with the architecture...can you imagine trying to take that place with a SWAT team? What route would they storm through? What alternates would they plan? What if things started moving even faster during a suspected attack? Further, what if the students and staff knew the rules and could function well enough regardless? An assault would not even bear the attempt. Given a similar kind of approach to software (and it really is just an approach, not magick at all) the best defensive strategy in OSs would be to have them randomize themselves on-the-fly. Most binaries could afford a certain amount of NOP space inserted. During final compile a "deviantC++" compiler could randomly insert busy loops or security trips or even totally bogus code, like whole other apps laying around already (games come to mind) and have them jumped over by properly executing code. We have plenty of RAM on our systems and generally an excess of CPU cycles; let 50% or more of binary be lines of random or calculated diversion codes. And let the code move itself around!
We're so accustomed to the idea of optimizing code. We even reuse code and data objects and this is seen as a virtue and at present it is. But we could quickly decide that times have changed and it is no longer a virtue. My machine no longer has just 640K RAM, guys, and it has enough spare CPU to run Setiathome. I'm willing to sacrifice some of my slack for an OS and apps that gleefully rewrite themselves every few minutes. If that became very common then the notion of exploiting a computer remotely via known vuls would become a quaint memory of a primitive era in technology.
And now I will hustle my butt over to the USPTO to patent this scheme for the financial benefit of my heirs. Remember, you read it here first.
=^..^= all your rodent are belong to us
Although a monoculture does incite malignant elements to concentrate their malware exploits on a single popular platofrm, a polyculture is not sufficient for security. The problem is the high fanout of the internet and the extremely low cost of communications.
High fanout occurs because every machine is conected to every other machine and so many people have such large e-mail address databases. The low cost of transmission of infectious messages means that an infected computer can readily attempt to contact a very large number of other machines. Even if only a minority of the machines are suseptible, that minority is quickly found by exploits that blast out thousands of infectious messages. This enables infections to spread far and wide in a short period of time.
At best, polyculture slows the rate of infection and bounds the extent of the infection, but cannot prevent an infection for saturating the population of susceptable computers.
Where polyculture could really provide benefits is if all computers were multi-booting with parallel alternative OS versions. If one running version of the OS got sick, the other OSes would detect the problem and fill-in for the ailing OS.
Two wrongs don't make a right, but three lefts do.
Look up the definition of the word in a dictionary, and you'll see it's clearly not so. Years ago, yes, they indeed were. But 85% market share is not 98%.
Software can be fixed rapidly to prevent a "disease".
Plants cannot, it takes years and years of research and making of hybrids and such.
This argument more readily demonstrates a lack of understanding of the problem, than makes any compelling point.
No, you can't.
You can't because in your example, you have made a bad market decision. Instead of getting your car loan from scores(?) of other lenders, you choose the one that charged you a price greater than your friend's by a factor of four.
You didn't listen to advice so old the Romans gave it to one another, "caveat emptor," "let the buyer beware."
In Microsoft's case, they have worked behind the scenes since the beginning of desktop computinng to define buying a computer at all as buying an operating system from Microsoft. To maintain this state of affairs, Microsoft has stolen innovative code from startups and used other tactics to block innovators from entering the market, and offering choices other than Microsoft's products.
By doing this, they have prevented the consumer from enjoying the benefits of choice in a free market--by your example, no choice for any computer user but paying 20 points on the loan in order to own any car regardless of the car's quality.
Since the whole thread is started by an analogy (economics: monopoly, biology: monoculture) it is good to use one to finish up here.
Monopolies like Microsoft's are worse than bad governments in that you can leave a country with bad government and not pay taxes to it. As a citizen, you can escape and cease to support a bad government with your money and effort. But as a computer-user, you can sneak out of China and escape to India--and still find yourself using microsoft's software, with its unaddressed vulnerabilities in both places.
Someone said that, in a free market, you enjoy rational choice--you can use reason to pursue your own fairness or your own advantage--and Microsoft's monopoly prevents this.
Someone else said, 'Hell is the impossibility of reason.'
That's pretty much what's wrong with it.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
The implications for internet security are clear: we have to teach computers to have sex. Luckily there are plenty of training videos available on the internet. I've been doing my bit for the future of network security by downloading these videos and showing them to my PC - I recommend you do the same.
I heard a similar thing was responsible for famine in the early days of Mao's China. There, the commissars (or whatever they were called in Chinese Socialism), who wanted to get promoted, kept making inflated promises about production, and they shipped food to meet those quotas, stripping the countryside of the food to keep people from starving. The people at the top were only getting filtered reports while the people at the bottom starved.
Your point is well-taken, but it has some uncomfortable consequences. Consider that most people on this planet don't get enough to eat. They're not as badly off as the potato-dependent Irish, but they're still pretty badly off. And, like the Irish, they're not starving because there's no food to feed them. They're starving because the economic deck is stacked against them.
There is a difference in that the Irish lived on the very land that could have fed them, and even grew the crops they weren't allowed to eat. But I'm not sure that's a difference with any moral value. It certainly isn't a difference that matters to the millions who hate and envy us for our full bellies.
This whole topic reminds me of the old saying,
"If architects made buildings the way that programmers write software, then the first woodpecker to come along would destroy civilization"
The fact that you can crash a program completely by changing one bit of a million byte executable file never ceases to amaze me.
The fact that no one in the computer industry or university community will deal with this problem or even talk about it dismays me.
It just shows that the technological community is just not ready to be taken seriously and that all of their work is, in reality, just prototypes and toys.
The fact that no one into computer programming industry will guarantee in writing that their programs will actually work as advertised just proves the whole point.
The focus of the discussion is monoculture of binarys, software, etc. I believe the point isn't software, it's focus of developer energies.
Microsoft is getting serious about security not because it is good, or proper. It is because they are losing sales because of it. It has become an issue this year, not because there is more damage, more worms, more insecurities. In fact, it could be said that MS stuff is more secure than it was two or three years ago. It is an issue this year because Microsoft is losing sales.
I Love You worm was in 2000. It cost lots of money. My sister was working for an accounting firm, and their systems were down for a week. I'm quite sure that MS' clients screamed at them. MS said, well, we will try to fix things. What could anyone do? There weren't any real alternatives available. Even now, the Linux desktop is just getting to the point of being ready. Linux on the server was good, but not at all a proven reliable choice as it is now. So MS didn't lose any sales. So they didn't need to focus the whole of their energies to fix the security issues.
Which brings to mind another question. If Outlook was the problem, where is the thriving market choice for Windows mail applications? There isn't any. Still, for Window's users, they are essentially stuck with Outlook. On Linux, there is a very good choice, with competitive features, and active development in most. If one showed a real problem, no big deal. Apt-get another one and carry on. Just like the choice of MTA's. Don't like Sendmail? Use Exim, Qmail, postfix, etc. The maintainers of each are aware that security is a necessity, so at least they are working on it. Microsoft, until recently, didn't care at all.
I believe that this last August's spate of security issues that cost real money and time resulted in a loss of sales. There is a truly viable alternative in the server room. A multi-culture if you will, in a healthy marketplace. Users could slam MS, tell their sales rep to shove the f****** trash up their a**, without any repercussions, because there is an alternative. Microsoft has had no choice but to respond, and fix the problems.
Remember, security is an expense. You can't successfully sell security. Features do sell. Lack of security only costs sales. Your best people are put to a task that is difficult and costly, and when you get it right, the issue and problem disappear and are forgotten. The only thing that will keep security in the forefront as it needs to be is a competitive market, where there are alternatives. If IIS sucks, use Apache. If Apache sucks, use something else. There is choice.
Microsoft will probably get things reasonably secure, and the issue will die as a major sales factor, all else being equal. The differences between open and closed source, updating methods etc. will in the end be minor points to argue over. But only as long as there are viable alternatives in the marketplace to keep all the participants focused. That I think is what is dangerous about a monoculture.
Derek
AOL ServerThe Sophisticated One.
ApacheThe One We All Know and Love.
BoaThe Fastest One.
WNThe Indexed One.
No more monocultures on our side of the fence now please.
All these Web servers install perfectly, and each one has its own special features.
Check them out and seriously consider switching!
Boring!
You guys must have some kind of penis envy with Microsoft.
I wonder if he's quietly chuckling to himself right now as he's being proved right...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
If compilers randomize the physical layout of memory allocation and of machine code, it will be harder for exploits to succeed on the same software. Two compiles of the same software will not have the same vulnerabilities. This is effective when different users run different compiles of your code. (Linux, anyone?)
If compilers generate code that randomizes executable structure at program start time, then you only have to release one compile - all installations can be exactly the same, but two running programs (or OSes) will not have the same vulnerabilities.
This is genetics-in-compilers. Learn from biology and make software diverse when it runs, harder to attack. Evolve compilers.
Is the blight actually irrelevant to the famine?
Of course not. But the fungus struck across Europe, during that period and for a decade preceding it. It caused food shortages and social disruption... but not Famine. Therefore a Famine is a product of social factors, whereas those food shortages were a product of the fungus. Famine is not really a condition of the general absence of food, but instead a symptom of the incapacity of a population to pay for food at a particular time. Famine is therefore an political construct, with biology or climate as a convenient, though not essential, precursor. The Famines in Somalia and Ethiopia, for example, over the past couple of decades have had more to do with the civil wars there than the climate, which while dry has also been uncharacteristically dry throughout most of North Eastern Africa over this time.
Da Blog
It's unfortunate that this was marked as a troll - I almost missed it. I was working for Netscape during that lawsuit, and I didn't ask for a resource on that topic (or at least mean to) - I just hadn't heard the whole story on DR DOS, and figured it'd be nice to know. As for me googling for it myself - sure, I could do that. But why force everyone else to do your research for you? If you want to make a point, then it's pretty much your responsibility to support it, not mine. As for the rest, I think that the rest of the posters did a nice job covering the subject, so I'll leave it where it lies. Just some advice - I think you got trolled because you were attacking me personally, in a bit of a nasty way. Better luck next time.
If we were discussing US history and you demanded that I provide a link showing that the US used to be a British colony, I'd think you were an idiot who didn't know anything about the subject.
Now you're trying to go from demanding a link on the DR-DOS stuff to claiming that you already knew about it.
If you already knew about it, why ask for a link?
Nope. You're an idiot who knows nothing about the subject and you got mod'ed up by other idiots with mod points. The same idiots who mod'ed me down. But that's how it goes sometimes.
The facts are that asked for a citation on the DR-DOS case. A case that SHOULD be well known to anyone with any background in this industry.
-and-
You asked for a citation on the Netscape vs Microsoft trial. That's even worse. EVERYONE should know about that. It was in all the papers and on all the news broadcasts.
It is my responsibility to support my points. That is true.
-but-
Back to the US history example. If you are so uninformed that I have to fill in basic facts for you, then whatever you might believe doesn't matter to me. You're an idiot just spouting off.
I saw your post getting mod'ed up. That told me that there were idiots with mod points. So I title my post to annoy those idiots enough that they will use mod points pushing mine down. And it worked. Those idiots used up 2/5ths of their mod points here. Mission Accomplished.
Now, you had PREVIOUSLY stated, and let me quote you...
"...I just hadn't heard the whole story on DR DOS, and figured it'd be nice to know."
Now you claim....
"The DR-DOS thing, which I didn't know about (though I've heard of similar issues), is hardly important enough to be known by "anyone in the industry"."
So, you knew about it, but you didn't know about it.
Try to keep your story straight.
And it is important enough for anyone in this industry to have heard about. And there are NOT any "similar issues".
Unless you'd care to identify those "similar issues"?
You can claim it is trivia. But that doesn't make it so. Besides, you can't even keep straight what you claimed you knew, when you claimed you knew it and what you know claim you didn't know because it is "trivia".
Wow. And you also claimed to have worked for Netscape during that lawsuit. I would have thought that Microsoft's past anti-competitive actions would have been somewhat important to a current (then) anti-competitive case.
Again, try to keep your story straight.
Seeing as how there aren't any morons with mod points watching this thread, I won't waste any more time on it.
You should really read the moderator's guide.
Now, you had PREVIOUSLY stated, and let me quote you...
"...I just hadn't heard the whole story on DR DOS, and figured it'd be nice to know."
Now you claim....
"The DR-DOS thing, which I didn't know about (though I've heard of similar issues), is hardly important enough to be known by "anyone in the industry"."
So, you knew about it, but you didn't know about it.
Try to keep your story straight.
Which OS has killed or resulted in the decline of more Unices: Windows or Linux?
${YEAR+1} is going to be the year of Linux on the desktop!
...most strenuously, my good sir or madam.
As the law demands, I did make an error, but in punctuation, not grammar. Granted, the legitimacy of "the reason is because" is disputed, but only by capitulationist descriptivists. :-)
Here's a brief note on this construction.
Shop as usual. And avoid panic buying.
A note from The Columbia Guide to Standard American English? The title itself is an oxymoron on several levels.
;-)
Next you'll be citing Webster's as an authoritative dictionary.
-- Alastair