Slashdot Mirror


The Software Monoculture

balster neb writes "CNET News.com has a piece titled 'Seeds of Destruction' on monoculture in software and its effect on security. The article talks about similarities between software attacks such as last year's MSBlast, and agricultural catastrophes such as the Irish Potato Famine. Isn't this another good argument against monopolies?"

4 of 404 comments (clear)

  1. Re:YES! by Carnildo · · Score: 4, Interesting

    This is from the article: Being the top species in the information chain means more attention from the malicious coders.

    On the desktop, MS is definately "top of the information chain", so naturally more attention will be brought their way.


    Apache is the top web server, running over 2/3 of the sites on the Internet. Why is it that Microsoft's IIS, at less than 20% of web sites, is the one that keeps getting exploited?

    --
    "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  2. Re:YES! by rusty0101 · · Score: 5, Interesting

    As a point of interest, Oracle sells far larger database implementations than Microsoft SQL Server can support, and has been selling them for far longer than Microsoft has been selling SQL Server. Which has an archetecture that virus and worm writers have been able to exploit.

    Apache on Linux, BSD and Solaris hosts significantly more web sites than IIS on Windows does, and has for several years longer. Which combination is more prone to being abused by viruses and worms?

    Sendmail, hosts an order of magnitude more e-mail transactions than Exchange does. Which gets less press for it's holes because it runs on a platform that gets exploited so often people expect the worm of the week to attack?

    The applications that get the worst rap for security problems are the ones with the most users, Internet Explorer, and Outlook (any variation). The fact that they happen to run on the same basic platform as the SQL server and IIS web servers do, should provide sufficient evidence that the alternatives running on other platforms would _tend_ to be more secure.

    That does not prevent problems from being possible in a Linux monoculture, or a BSD monoculture. It just suggests that the underlying structure is more secure, and less likely to be a significant source of security problems for e-mail and web browser clients running on top of them.

    -Rusty

    --
    You never know...
  3. Hidden risks in agriculture by Qrlx · · Score: 4, Interesting

    It is a well-known fact that the Irish Potato Famine wasn't caused by a lack of potatoes; rather it was an overabundance of Irishmen.

    Seriously, though, agriculture is a risky proposition. Prior to European conquest of Africa, the natives largely existed as hunter-gatherers. As such they tended to just eke out an existence on what little food they could find. Also, humans naturally become infertile when they're not fed enough, so during a time of scarcity the population stabilized itself, with the standard very-young and very-old dying off.

    The Europeans brought agriculture to Africa. (I'm talking large-scale, tied-to-one-patch-of-dirt agriculture here.) This has upset the "natural balance" by creating subsistence farming. People do tremendously well during good years, but are devastated that much more when a drought comes along. The population swells greatly due to the static nature of life and the need for people to work the farms. Those same populations are routinely eviscerated by famine every decade or so. (Not to mention the social problems as formerly nomadic people have been lumped together in aribtrarty boundaries drawn by their conquerors.) For some reason Sally Struthers seems to think the solution to this problem is to provide more food. It's a short-term fix but it's also a vicious cycle.

    Agriculture can bring tremendous profit and clearly supply much more food than the hunter-gatherer lifestlye. But the risks are greater, too, especially once your society becomes dependent on large-scale farming. I saw on Discovery channel the speculation that years of poor harvests led to the extincion of some Middle American people around 1200 AD. (Mayans? I can't remember.) In modern times, we see these risks introducing themselves in new ways, such as mad cow disease, brought about by imposing a cannibalistic diet on cows, which in turn happens because of market pressures to keep producing cheaper meat for an increasing number of increasingly hungrier (to the point of obesity) population. Something has to give. We are also seeing the depletion of natural fish stocks, and the "latest study" says that farmed fish contain much more mercury and PCBs than wild fish.

    I liked the CNet article a lot; they could have mentioned SQL Slammer's apparent role in the blackouts last year. I guess that hasn't been explicitly proven and overty recognized, it would probably be too costly to Microsoft's share value, and by extension the economy, and by extension Bush's reelection strategy.

  4. Does diversity end if the code goes unused? by sam_handelman · · Score: 5, Interesting

    I'm a biologist, biatch!

    A biological population can experience genetic bottlenecks. For example, everyone in Iceland is practically genetically identical, since they are descended from a group of about a few dozen (already closely related) Vikings.

    The potatoes in Ireland where a similar example. Not only was everyone growing potatoes - all of these potatoes were descended from a small number of potatoes brought over from the New World. The original population of New World potatoes were genetically diverse - but the potatoes brought to Ireland were all especially susceptible to the fungus that brought on the Irish Potato Famine, so it was catastrophic.

    You can also get a genetic bottleneck in an entire species. The few surviving Andean condors probably only represent a fraction of the genetic diversity the Condor had at the height of its population. The diversity is gone forever.

    The same is not true for rarely used, or even completely unused, software. If some disaster befalls us that makes other operating systems useless, we can resurrect OS/2 Warp even if not a single installation remains anywhere in the world.

    On the other hand, without a population of OS/2 Warp installations, OS/2 Warp cannot evolve. It exists in a form of stasis that, over time, may render OS/2 inviable, in much the same way that environmental changes might drive the andean condor all the way to extinction (while it might have survived with the genetic diversity that the species has already lost.) /RANT

    --
    The good and new comes from no quarter where it is looked for, and is always something different from what is expected.