Slashdot Mirror
The Software Monoculture
balster neb writes "CNET News.com has a piece titled 'Seeds of Destruction' on monoculture in software and its effect on security. The article talks about similarities between software attacks such as last year's MSBlast, and agricultural catastrophes such as the Irish Potato Famine. Isn't this another good argument against monopolies?"
This isn't really a new argument. Marcus Ranum's web site, for example, contains a counterargument, links to articles discussing arguments for and against, a link to the paper by Dan Geer that brought the monoculture argument into the limelight, and some sarcastic comments on the new monoculture study that the C|Net article mentions. ("$750,000 to sit around and whine about Microsoft? How do I get a gig like that?!")
Admittedly, this is off-topic. But I did my Ph.D. on the stuff and comments like that perturb me!
It is a common misconception that the disease known as late blight, caused by the Oomycete (Phytophthora infestans) "caused" the Irish potato famine. Yes it is true that the Irish were growing only a few varieties of potato (monoculture), but the REAL reason was the socio-economic structure put in place by those bastard English. Essentially, most of the Irish farmers (which was damn near everyone), "rented" the land from rich English landowners. This meant that they grew vegetables, wheat, etc. to pay for the rent, and grew potatoes for food because they stored well. Late blight reduces crop yield both before harvest (lost foliage) and after harvest (tuber rot), and by removing potatoes as a food source, the Irish began starving. The English did nothing to help the them during this time. In fact, the rental system stayed in place throughout the whole famine.
Not necessarily true; Famine was caused by several factors including:
* Farms were split between all of the children resulting in smaller and smaller pieces of land, which only potato (-e if you're Dan Quale) farming produced enough food to feed the families.
* 8 million people on the island (currently around 5.5m) dropped to under 3 after the famine.
* Best land was taken by mainly absentee landlords. (btw. 1845 was a bumper year for Wheat etc. Much more food was exported that year than usual)
tom.
-- Tom
To make my point very clear: British theft of Irish land and the systematic exclusion of the Irish from all occupations except farming and laboring meant that the only crop which was high-yield enough to be viable on the tiny plots of land left to the Irish was the potato.
All during the famine Ireland exported corn grown on the landlord-owned estates to Britain.
I realize that this isn't the central point of the post, but the phrasing implies a foolish choice on the part of those who suffered from the forced monopoly.
There's that evolutionary aspect to it in the long term (less desirable species die off), but more importantly diversity leads to resistance. If, for example, your web site runs on both Windows and Linux servers, and an exploit against either one cannot take down your entire site.
By "as many", you chose a very funny way of saying, "two potential vulnerabilities in the last five years, neither of which never had exploits written for them, versus hundreds of new exploits and virus issues every year which Microsoft users have had to deal with."
Get real. If all the factors were equal, we'd see a LOT more Apache exploits. There are over TWICE as many Apache sites as there are IIS sites.
I agree that Apache has proven to be a more secure webserver than IIS.. Which isn't to say that it's trouble-free though.
Potato Famine: people died by the cartful.
MSBlast: affected computers were unusable until patched.
There's one. Comparing computer problems to real-world situations where death is involved is a mistake (aka: a fucking joke.) Just like the comparison of Windows to automobiles.
[oversimplification] Back in the day, Windows was a popular operating system. Not the only popular one, but popular enough that an OEM who didn't offer Windows pre-installed was going to lose a lot of business. MS basically said that the OEM would pay them $fee for every processor sold, regardless of the OS installed, or else the OEM would not be allowed to sell Windows machines at all. Most OEMs recognized that they couldn't afford the hit they'd take if they couldn't sell Windows, so they agreed to this devil's deal. And then, since they were paying for the darned thing anyway, they installed Windows on all of their machines. [/oversimplification]
This is how to turn a merely successful product into a monopoly, while making a lot of enemies as a free bonus!
160,000 animals would not feed a population of millions for a year (Ireland's population at this time was ~8 million). They may have made a small difference but would not solve it. The majority of Ireland's population were serfs, at the subsistence level, they would never have been able to eat this food, it would have gone on the plates of the landowners and never into the general population's mouths. It was the social structure of Ireland which caused this problem, not exports. Black-rot not only changed Ireland, but farming practices over the entire world.
Also note Ireland was part of Britain at this time, so "exports to Britain [from Britain]" is an odd way of putting it.
There is a lot of info about the famine online, not least this.
--
FreeNET user? Comfortable with the adverse selection?
"...IBM's president John Opel, and Bill Gates' mother both served on the board of the United Way."
Random internet search on the subject:
http://ieee.cincinnati.fuse.net/reiman/01_1999.htm l
But I don't think that alone should belittle the success of Bill Gates, few people make it big without some help along the way. Bill Gates happened to know something about computers, happened to get his hands on a lucrative contract and most importantly, knew to throw everything into it, and how to milk it for all it was worth.
1. DOS does not equal windows
Check back to the 1995 Consent Decree. DOS won out initially fair and square (DOS cost $100, CP/M cost $200, so people chose DOS). But when Windows came out, Microsoft's licensing agreements stated that if you wanted to include DOS or Windows on any computer you sold, you would have to pay Microsoft for both products for every system you sold, *even if it didn't include MS software*. That is the sole reason that Windows ever became popular. You would occasionally see computers running GEOS or OS/2 in stores, but not very many because of the need to pay for two OS's. The government eventually investigated Microsoft for illegal leverage of a monopoly. The result was the 1995 Consent Decree, but by then the damage had been done and the government action was too little, too late.
2. MacOS, UNIX, AmigaOS, BeOS, Solaris, etc. Operating systems have competed, and lost (so far). Is it because Microsoft practices illegal monopolistic crap? That certainly is likely to be a contributing factor. But so do other businesses that fail.
See above. Bad business decisions were factors too, but by far the largest factor was Microsoft's illegal leverage of their monopoly.
As to DR-DOS and the bogus Microsoft error messages, here's the basic story. After DR-DOS was good enough to compete with MS-DOS, Microsoft began making their products try detecting DR-DOS. If they detected it, the program would print a random error message and return you to a DOS prompt. The most notable program to do this was Windows 3.1. I'm not sure if this is correct, but I seem to recall reading in a magazine that the code to check for DR-DOS was encrypted, and that Microsoft would attempt to disable any debugger that might be running before decrypting the code, making it very difficult to figure out what the code was doing.
Regarding the Netscape trial, Microsoft's contracts with OEMs prevented them from loading Netscape onto computers they sold.
That doesn't change the fact that the Irish were dependent on the potato. And it doesn't change the fact that when a disease came along that attacked the food that they depended on, the people starved.
You should do some research before spouting off, then admitting you know nothing. Ireland was a victim of classic Colonialism - the natives' land was forcibly seized and they were converted from self-sufficient communities into tenant farmers. They were told they had to pay "rent" to live on the land that they had formerly owned. The only way to pay this "Rent" was to grow cash crops for export. The cash crops occupied all the best land. The renters were forced to eke out a living on marginal land with non-cash crops. When the non-cash crops failed, they had no money to buy food in the form of cash crops, and in any case most of the cash crops were already pledged through forward contracts to overseas buyers, who could always outbid the renters. The remaining farmers who owned some land were forced to buy food at inflated prices, often going into debt. This caused many of their farms to be foreclosed. Famine is thus a political tool that leads to collectivisation. The British knew this in the 1940s, and Stalin knew this in the 1920s and 1930s. There's more here, if you care to educate yourself.
Da Blog
I may of course be mistaking, but the operating system was not Windows, but DOS. And the popularity came not from the operating system, but the price of the machines (combined with the IBM brand).
Would logic not suggest, then, that for a standard to be considered the equivalent of a monoculture, that a standard would be as vulnerable to these exploits as would an implementation? If so, then a virus would have to affect all systems equally.
If a virus does not have a universal effect, then it cannot, logically, affect the standard.
A monoculture (one homogeneous group that is identical) is a group were the constituent parts are very very similar if not the same.
A standard is simply a language that disparate entities use to communicate. A standard is a minimum similarity that can be used as a reference point.
A standard language around the world is English. Many francophone Quebecois speak English, but they are not anglophone like British or Americans. They simply establish a minimum point of reference in order to communicate and do business.
Similarly, Windows computers employ TCP/IP to communicate over the Internet, as do Linux computers, but they have radically different filesystems, user and permission structures, and basic architecture. They have that minimum point of reference (TCP/IP) but they do not share the same vulnerabilities. No monoculture are they!
Now the overwhelming prevalence of Windows loaded on computers connected to the internet does suggest that there is an inherent vulnerability, but that does not mean that the standard of communication is the proximate cause of vulnerability.
The arguement that a standard is the same as a monoculture is therefore false.