...that Greer's against monoculture but doesn't explore the effects of what would be needed to overcome that monoculture.
As outlined in the article (assuming anyone reads it), critics of Greer point out that simply adding a new OS into the mix (dare I say Linux?) wouldn't substantially help. You'd have a duoculture instead of a monoculture. How much more difficult would it be for hackers to create a devastating hack? It even extends beyond OS's. Apache has the majority market share for all web servers
Actually, there's research and literature that examines how big an "N" you need in N-version software diversity for survivability, and it isn't thousands; in fact, many operational high-reliability systems actually only use two versions of software (the space shuttle's computers are built this way as are some aircraft systems). So the comment of needing thousands of OSes really isn't true.
I've been surprised at how much heat and how little light (as in research light) has been applied to this argument. Dan's diversity argument is on pretty solid ground in the research community. As an example, here are a set of papers nicely compiled by the City University of London's Center for Software Reliability [city.ac.uk] on fault tolerance, and there are quite a few citations on the use of diversity in software. If you don't like the University's papers, you can find similar papers published by the ACM and IEEE, These might help readers with deciding which point of view is best supported by research. Diversity isn't a slam dunk (lots of nasty details to get right), but it's certainly well-examined ground for high-reliability systems, and a lot of folks are now looking how you apply these same principles to commercial, off-the-shelf systems.
A final thought: the Internet itself is one of the best examples of such a diverse system. At one point, no RFC was ever approved without two independently-developed implementations of the standard. It's one of the reasons it has worked so well and evolved so well over the last 30 years or so.
I suppose it's wrong to mention... (Score:5, Interesting)
As outlined in the article (assuming anyone reads it), critics of Greer point out that simply adding a new OS into the mix (dare I say Linux?) wouldn't substantially help. You'd have a duoculture instead of a monoculture. How much more difficult would it be for hackers to create a devastating hack? It even extends beyond OS's. Apache has the majority market share for all web servers
thousands of OSes aren't required (Score:1)
I've been surprised at how much heat and how little light (as in research light) has been applied to this argument. Dan's diversity argument is on pretty solid ground in the research community. As an example, here are a set of papers nicely compiled by the City University of London's Center for Software Reliability [city.ac.uk] on fault tolerance, and there are quite a few citations on the use of diversity in software. If you don't like the University's papers, you can find similar papers published by the ACM and IEEE, These might help readers with deciding which point of view is best supported by research. Diversity isn't a slam dunk (lots of nasty details to get right), but it's certainly well-examined ground for high-reliability systems, and a lot of folks are now looking how you apply these same principles to commercial, off-the-shelf systems.
A final thought: the Internet itself is one of the best examples of such a diverse system. At one point, no RFC was ever approved without two independently-developed implementations of the standard. It's one of the reasons it has worked so well and evolved so well over the last 30 years or so.