John R. Campbell
The "Open Source" environment is currently under attack from a
(functional) Monopoly, which wants to ensure that upstarts cannot
undermine its foundation.
While there are many who wish to say "Death to XP!" these systems
should remain in existence. It's just that such systems need to
exist in order to maintain as high a level of
Cyber-diversity as possible.
Open source (and other former competitors to this monopoly, like
BeOS, for instance) provide the basis for more diversity in
operating systems (and environments).
Many of these will live and die through acceptance and rejection
by the user base; although the non-commercial systems will not
die when the customer base drops below a chosen "critical mass".
Perhaps death is justified for some systems, but even a throwback
may be better suited to survival within a changed environment over
something more "modern"
(yeah, and CP/M-80 could make a comeback - yeah, right...).
Biological diversity, even within a species, has the advantage of
providing for the opportunity to fit into more ecological niches;
This comes through the process of meiosis and through fertilization
(see, another example of software exchange that has existed for eons)
which allows new traits to be exposed and tested within the crucible
of real life.
These variations within a species (and within a race) have other
advantages. It is more difficult for a single parasitic organism
(viruses, bacteria) to threaten the whole population with destruction.
(There are cases where some folks don't possess all of the proteins
that HIV requires to infect cells. Seems like a desirable trait,
So, biology already through conjugation in bacteria (allowing
software exchange) allows crossbreeding to work around environmental
threats to the species (like antibiotics) and sexual reproduction
(with the concomitant juggling of genetic matter) allows even us
humans the ability to adapt to and exploit new environmental
There are selection pressures (provided by the environment) that
can (in hindsight) seem to "steer" evolution but organisms
seem intent to expand into ALL areas available.
As for selection pressures there are also vacuums
where nature will wish to expand.
Of course, biology only takes you so far, or so fast.
As humans, over shorter time spans than the generations and
millennia that evolution normally requires to provide opportunities
we use our cultural mechanisms, which themselves evolve over time.
Humans use our culture (which includes use of technology) to adapt
to shorter-term threats and opportunities. This helps us spread
our offspring over wider areas (and perhaps even into space and
onto new worlds).
There are those who wish to lock down their culture in order to
render it rigid and easily managed, but this works against them
when they must contend with outside (evolving) cultures.
When multiple cultures interact, they each evolve to compete (and
cooperate) with each other. As each evolves they will share various
traits, adopting those each finds advantageous to its own core
survival. Unlike sexual reproduction, this is (IMHO) closer to
Static (Water Empire) Cultures
(If you can't recognize an obscure reference to a Larry Niven
story in the title of this section then
your reading list is too short.)
A large stable culture works to minimize changes, avoiding any
modification of the existing power structures. Such a culture
will work hard to avoid any destabilizing influences; so many
rules are applied to ensure rigidity. These rules often ignore
basic human nature.
All of these actions are taken to ensure a monopoly on power by
the leadership of the "empire", territorial or otherwise.
Many cultures intent on defending their ideals often lock down their
language to minimize new thoughts entering their lexicon.
Additionally, such cultures form social, political and financial castes
(with little opportunity for changing castes) to ensure there is
no incentive for change. (This kept China from using gunpowder
as a weapon since none of the potential inventors could profit
By killing off internal competition in the arena of ideology the
only remaining threats come from outside competitors.
Another trait of such cultures is rampant corruption within the
ruling caste since there are few checks and balances. Any "ruling"
caste (like "old money") tries to ossify any culture to retain
This kind of activity is dangerous since there are problems
with a "single point of failure". Over centralizing any activity
makes a single failure far more deadly.
Centralized (monopolistic) entities make for a larger flow of
resources available near the top that is ripe for small
diversions into VIPs (Very Important Pockets).
I guess this proves that it's "good to be the King". Of course,
a guillotine can change things very quickly.
Diversity in organizations implies competition. As wasteful as
an economist would find this, the check-and-balance effects
against corruption are very important.
Dynamic cultures steal from anybody, taste the principles and kick
the tires to test whether an idea from another culture works better
or even if it works only within certain geographic/political
Additional traits usually include the "scientific method"; that is,
an openness to finding some of the precepts to be wrong. Any
leadership must be willing to be wrong part of the time, and to
be seen as wrong.
And (in my own opinion) a truly dynamic, and successful, culture
will embrace Patton's Law:
A good plan executed today will beat a perfect plan executed tomorrow.
Flexibility and an ability to acknowledge a wrong, (and working to
ensure the same kind of mistake is not repeated) is a sign of
an ascending culture.
I think you can work out the signs of a descending culture without
any help from me.
Computer operating systems provide an almost biological microcosm
by providing, through its API (and the code paths that actually
satisfy requests made by applications), a set of actions the system
Just as requests are processed within a cell by copying programs
stored as DNA into RNA for actual processing by the cell, so
do applications stimulate the system into launching yet more code
(most resident within the kernel) as a response.
Various viruses attempt to subvert weaknesses within the OS (though
multiple CPU hardware architectures provides another level of
diversity) and supplant the "DNA" the system is supposed to be
following with it's own set of instructions.
The Biological model is surprising in its applicability; DNA is,
after all, a useful storage medium for information, each base pair
encoding 2 bits of information; A-C, C-A, T-G, G-T (00, 01, 10, 11)
collected together into "codons" which then describe
the order of assembly for a protein (which, I suspect, could just
chain to another segment of DNA) within the cellular ribosome.
I've been thinking that the Mitochondrion's own DNA provides
the baseline O.S. for each cell since there's enough for short
loops that would be smart enough to recognize cellular conditions
and call in programs from the nucleus, the big database.
The name of the game in most scenarios is to disrupt the normal
functioning of the system, by either stealing its soul (replacing
its applications), being a parasite (like the RTM Sendmail worm)
or just shutting it down (various DoS attacks).
Open source software evolves as quickly as it does through open
disclosure of errors or exploits found within the code itself.
While many "black hats" will accumulate such information, the
very act of spreading the knowledge provides the means for leaking
it to the code's defenders.
Evolution only works when the challenges are recognized and
addressed. If we ignored various selection pressures at either
the biological or cultural level, the cost would be seen quickly
and the effects of the pressure would be no fun.
Disclosure (and response to it) provides the primary visible
selection pressure which decides which will live and which
It's like the old saying:
If you can't take the heat, get out of the kitchen.
(If you've ever watched the British comedy "Chef!" this may make
Those wishing to avoid the effort implicit in actually addressing
environmental challenges by denying the existence of these same
challenges are in a game of denial.
Strengths and Weaknesses
Each system, "hetero-memeous" and "mono-memeous", have their own strengths
and weaknesses. There are no simple answers unless you're not
ready to face the future (beyond next month).
Exposures and Resistance
"Hetero-memeous" (diverse systems) within an enterprise
allows for a tolerance to various attack scenarios.
Since no two operating systems will be subject to the same attack
program (virus, worm, etc) the whole set of ancillary systems will
not be lost (although individual systems will be lost).
(I've seen IIS boxes get fried whilst AIX & Linux boxes just kept
chugging along in the face of Code Red and NIMDA.)
Other than ensuring that a corrupted system cannot be used to
reduce the LAN to chaos,
each system would vary by CPU type (hardware cyber-diversity)
and OS type (software cyber-diversity).
A case in point: the (in)famous RTM Sendmail "worm" was only able
to target VAX-based UNIX systems and SunOS (M68K-based) CPUs since
object code had to be delivered to each compromised machine; All
other CPU/OS combinations were quite safe (although Mr. Morris
did concentrate on the greatest "population of opportunity"
available at the time).
Today, the amount of work to do the same is staggering, even if
we assumed the Sendmail feature had never been corrected; There
are so many different CPU and OS types that only through some
level of oversight can you find the systems easily targeted;
excepting, of course, Microsoft's Windows OS (can you pronounce
CODE RED, NIMDA and SIRCAM) simply because it has both a weak
immune system and evolves too slowly to close recognized exploits.
(Limiting disclosure works to retard evolution since there are
many who refuse to hear news they find distasteful. This is not
limited to Microsoft, BTW.)
Even Java isn't a clean platform since too many Java apps are
sensitive to the version of the JRE. If that ever gets sorted
out, we could have a larger problem.
So, even Java byte codes are impacted by "hetero-memeous" code,
though, coming from a monopoly, I doubt that C# (C Sharp)
will be fragmented.
Diversity is good here. No single virus or worm can take over
all of the machines within a network, though taking down the
network itself may be far simpler by targeting the weakest links
and using them to provide a DoS (or DDoS).
Finally, it should be fitting to point to an organization which
should embrace the heterogeneous environment;
The US Dept of Defense.
It's odd that such a paranoid entity should
declare MS's Windows NT and follow-ons
as the "standard" system environment.
Competition, Cooperation and Surrender
For systems, be they biological, cultural or cyber, competition
has always been key. The various dinosaurs competed with
each other (and early mammals), the Romans competed with the
Greeks (eventually absorbing them) and the various computer
manufacturers have pushed their own computers and operating
Cooperation now is key, but only in specific areas- that of the
need to interchange data so business can happen across a common
infrastructure. Just as the
switch enabled the phone system to mushroom,
so does a standard TCP/IP stack
(including HTTP and HTTPS) by removing a carrier that can be
swayed towards (or away from) specific vendors.
Without some level of cooperation
no two companies could exchange any data, which would certainly
make things difficult for different banks to pass transactions
to each other.
(IBM tried, at one time, to force EBCDIC on the world.
Now that IBM is putting Linux on the S/390 (a.k.a. zSeries)
even IBM has embraced ASCII as the standard means of transmitting
LAN/WAN data. Of course, SNA is still with us; It's the back-bone
of the "Old Boy's Network". :-) )
Surrender is what we've seen many businesses do; They chose the
frozen "mono-memeous" system (locking them into their hardware
choice and a software scheme) which is owned by an outsider;
One who is
not really in the business to keep the customer business in
business (I like this sentence; it sounds funny). In the
Microsoft world, a company's data is also locked down in a non-
interchangeable form (.DOC will only talk to MS Word at a version
level greater than or equal to what wrote it) so the business
cannot find another way to access their data.
Vendors evolve in the competitive world but work towards a
situation where they need not compete (because that's a lot of
work) which increases profit margins but does nothing to protect
the future. This is something that reduces flexibility over
time, as the Romans learned. Rome grew up and flourished in a
time of competition, taking on the "good" aspects of the cultures
they found around them, absorbing what they liked and destroying
what they didn't. As it grew towards a large empire, others had
no choice but to either submit, or resist and die. As the Roman
Empire aged, it ceased to take external challenges seriously and
turned itself inward, becoming lazy, which proved its undoing.
They were so sure that they need not worry about the unorganized
barbarians at the gate and could celebrate their great wealth
that they had lost the ability to survive in a competitive world.
The Roman Empire, at least the western half, came apart as it
ossified and could not survive selection pressure. Without an
ability to evolve their world-model, they died.
Those who previously had forced others to surrender or die,
IBM itself almost died in the early 1990s and was forced to
re-learn the hard lessons of financial, cultural and technical diversity
and to compete again. As one person commented "IBM isn't as
arrogant as they used to be, but they're still arrogant
about not being arrogant."
(Note: the author has close ties to IBM though I once considered
it an evil empire as recently as 15 years ago.)
Diversity has some costs associated. The question is, are the
benefits worth the price?
It is said that "you get what you pay for". I'd like to add
that, "you pay for what you get" (whether you want to or not).
Financial fragmentation is the first item, and one which has
been argued many times in the past, especially when contemplating
the socialization of healthcare (the U.S. has an "overcapacity"
of MRI facilities, which means that you can get scanned in less
than 30 days rather than the 18 month waiting lists found in
more "efficient" countries). Overcapacity has been a
bane of many economists' world since it implies a waste of
Of course, this has driven developments in MRI technology
that has made the equipment much cheaper.
Well, OK, overcapacity is one of the side effects of financial
fragmentation. It is also required to survive new challenges.
The United States, prior to the Second World War, had plenty of
manufacturing capacity (all due to competition), which could be
turned to wartime production. The UK, between 1938 and 1940
(especially if you've read some of Winston Churchill's speeches
during that period) did not have as great a level of industrial
capacity, so their ability to turn over to wartime production
levels took much longer (new plants, etc, rather than mere
re-tooling) than the US faced. Even Germany's mobilization was
gradual because they didn't
have enough spare capacity to satisfy civilian requirements
at the same time prior to the outbreak of full-scale war.
(Once war was started, the civilian side became irrelevant.)
So financial over-capacity helps in wartime, but wars are not
the only challenges. Wars are merely another way cultures
compete for ideological supremacy and resource access and
form a check-and-balance against corrupt regimes.
Other disasters exist that only over-capacity can assist in
resolving over a short enough time scale to make a difference.
Its kind of like putting all of your eggs in one basket
would you be betting all of your savings on horse races?
When you lose, you lose big.
Mind share is another item that, in retail environments, is often
referred to as "shelf space". A product can only sell if it's
available for customers to purchase. If it's not seen, it can't
be found and purchased.
Even advertising doesn't help if the product is not available
at a local level.
Pushing all of its competitors off of shelves is one desirable
objective for a commercial company; After all, they're trying
to provide selection pressure against another company.
The same is true of retail establishments themselves. When the
only kind of retail store is Walmart, where can you buy the
specialty items (car parts, books, etc) that Walmart won't stock?
There are other weaknesses in what I consider "over centralization"
since it leads to monopolies and making the phrase "customer service"
Over-centralization in the retail world makes product-tampering cases
far more dangerous.
Of course, the more centralized an organization is (along with
it's financial resources) the more money is available for the
folks "at the top" to steal (or misdirect). This is just as
true in a political sense as financially.
(The president of GM, for instance, has a lot more financial
influence than, for instance, the president of Day's Inn.)
NIH - Not Invented Here. As ideas (and ideologies) get
fragmented, there is the threat of Balkanization. In Operating
Systems, you get bigotry (Linux, Solaris, AIX, BSD anyone) that
can get pretty vehement (Emacs vs. Vi) which becomes a block to
the healthy function of competition, because "oh, that's how
BSD does it, we don't want to do it that way" so good ideas aren't
even able to be easily evaluated for possible inclusion.
Eclectics are often frowned upon, just as UNIX geeks look down
on NT administrators. While the skill level of any UNIX Admin
has fairly high minimums, Windows NT admin skill levels vary
and they're seldom portable to other systems. Linux admins can
cope with BSD, BSD with Solaris, and so on (though there will
be a surprising amount of whining when it comes to AIX).
So let's look at what we've got.
Biology, Viruses and Evolution
In biology, there's a fair amount of competition as a driver for
evolution, allowing for new adaptations to arise and a way to
squeeze past various evolutionary selective pressures.
Viruses in Biology depend upon the machinery of life to exist
so it can take advantage of it for its own "mission". As such
viruses are dependant upon their host's systems to work a specific
way. The instruction set and APIs of the cell (within a multi-
cellular organism, like us people) provide the basics for viral
Evolution, through recombination of the genome
(via conjugation or sexual reproduction)
finds traits useful to work around selection pressures or
to take advantage of selective vacuums.
Direction comes from these pressures and vacuums.
Cultures evolve into (hopefully) more survivable forms. Without
some form of external (or even internal) ideological challenges,
a culture will stagnate (whether it wants to or not) but, only
through encouraging free thought (and rewarding those who provide
new thinking) and the application of these that the culture can
survive over the long term.
A culture sows the seeds of it's own destruction when it stops
evolving, or when it believes itself to be perfect enough to
not need changing.
Competition is a means of ensuring a set of checks and balances
against both corruption and a false sense of security.
At the same time, an agreement on common rules of behavior
is required to allow people of multiple cultures to coexist.
Cultural traits are absorbed on an individual basis and will
tend to be transmitted by some form of "cultural osmosis".
Perhaps we humans mimic behaviors we respect or admire?
Cultural Ideologies and Operating System APIs provide common
memes to center a worldview. Outside of biology, memes do the
evolving, and can evolve quickly.
A monoculture can only survive when there are no outside influences
or need for evolution (consider that few cultures could even
recognize, much less respond to a cometary's impact threat). It may
be that the reason so many dinosaurs had died off was that they
didn't have a space program. (Was it Niven or Pournelle who first
made this observation?)
A monopoly exists to avoid the selective pressures of competition,
which is only useful to the power/financial structure of the
monopolistic organization, not for anything else that it "services".
In the CPU/OS space, a single instruction set with a known
"guaranteed" OS code base makes the task of doing damage ridiculously
easy, so laws get passed and ignored. If you think the laws
against listening to cell-phone conversations really change much,
it just makes the scanners that much more valuable since the price
tag to listening went up. The folks breaking these laws will do
so in such a way as to maximize their profits.
So the law doesn't really guarantee any security; It just ensures
that we walk around with a false sense of security as our ESN/PN
(the cell-phone identity) gets stolen and then used to make
(functionally untraceable) long distance calls from poorer
The result? Short term, things look good until a single
(virus, airborne bacteria, terrorist, lawyer, software virus, etc.)
takes down all of the underpinnings of humanity.
Sure this means there's no duplication of effort, but it doesn't
lend itself to long-term survival, either.
A "heterocultural" entity can take on the best features of each of
the subcultures; There is no single overriding culture providing
rigid rules (though some rules are necessary as a baseline for
cooperative/coordinated behaviors; For instance, murder is
usually accepted by all as "against the rules") but a continuum
of acceptable behaviors is subscribed to by all that still allows
for cultural ideologies. Compromise allows these multiple and
mutually competitive lifestyles to coexist.
The strength is like plywood, where one cultural viewpoint may
be weak another's will be strong allowing both "grains" to
Since no one culture has a "permanent" position of ascendancy,
all cultures compete with each other as the "best" means of
dealing with pressures placed upon civilization itself.
Over time, these pressures evolve, so the "right answer" keeps
Resiliency is one of the advantages to the "hetero-memetic"
complex of systems.
In terms of the ecology of the InterNet, many systems end up
exposed to various selective pressures and either evolve or
die (though some attacks make the weakest an attacker).
Through multiple memes (multiple instruction sets, APIs, etc)
we have more defenses in depth.
No one exploit can take down all systems any more than one strain
of virus can kill off the whole human race. While economists
and financial folks will be appalled at the duplication of effort
(and the costs inherent) this leads to long term survival of the
Evolution vs. Revolution
Evolution works. Revolutions change so many things but there is
not always a means of predicting outcomes for emergent changes.
Revolutions are necessary, here and there, but fallback mechanisms
are usually in place.
With cultural/scientific memes, revolutions happen, where the
(as James Burke as illustrated) "Universe Changed".
All of a sudden, the things we see have different meanings.
(Like "Presidential Testimony".)
Many enterprises use "change management" techniques to ensure that
all systems/processes that get changed have a way back to facilities
Objective, initiative, experimentation all at the individual
level. In Eisenhower's book "Crusade in Europe" he commented on
how dependant we were on individual initiative all the way down
to the privates in the Army. As long as all parties know the
mission, any individual could help in securing objectives by
their actions at a low level. Eisenhower recognized that central
commands don't work as well since initiative cannot be reserved
to the few. As Eric Raymond would probably recognize, the
bazaar works, though there's enough bizarre in there to be
In the open source world, we each have a piece of this, so we
show our initiative in our understanding of the mission. Just
as those soldiers of 60 years ago, we deal with our own problems
and create opportunities for ourselves (and others) to exploit.
Sharing the fruits of our labors will work for society so others
can carry on our work, extending it and evolving it.
Remember, without previous discoveries, Einstein would not have
had a Planck to stand on...