CyberDiversity

Background

The "Open Source" environment is currently under attack from a (functional) Monopoly, which wants to ensure that upstarts cannot undermine its foundation.

While there are many who wish to say "Death to XP!" these systems should remain in existence. It's just that such systems need to exist in order to maintain as high a level of Cyber-diversity as possible.

Open source (and other former competitors to this monopoly, like BeOS, for instance) provide the basis for more diversity in operating systems (and environments). Many of these will live and die through acceptance and rejection by the user base; although the non-commercial systems will not die when the customer base drops below a chosen "critical mass".

Perhaps death is justified for some systems, but even a throwback may be better suited to survival within a changed environment over something more "modern" (yeah, and CP/M-80 could make a comeback - yeah, right...).

Biodiversity

These variations within a species (and within a race) have other advantages. It is more difficult for a single parasitic organism (viruses, bacteria) to threaten the whole population with destruction. (There are cases where some folks don't possess all of the proteins that HIV requires to infect cells. Seems like a desirable trait, right?)

So, biology already through conjugation in bacteria (allowing software exchange) allows crossbreeding to work around environmental threats to the species (like antibiotics) and sexual reproduction (with the concomitant juggling of genetic matter) allows even us humans the ability to adapt to and exploit new environmental conditions.

There are selection pressures (provided by the environment) that can (in hindsight) seem to "steer" evolution but organisms seem intent to expand into ALL areas available. As for selection pressures there are also vacuums where nature will wish to expand.

Of course, biology only takes you so far, or so fast.

As humans, over shorter time spans than the generations and millennia that evolution normally requires to provide opportunities we use our cultural mechanisms, which themselves evolve over time.

Cultural Diversity

There are those who wish to lock down their culture in order to render it rigid and easily managed, but this works against them when they must contend with outside (evolving) cultures.

When multiple cultures interact, they each evolve to compete (and cooperate) with each other. As each evolves they will share various traits, adopting those each finds advantageous to its own core survival. Unlike sexual reproduction, this is (IMHO) closer to bacterial conjugation.

Static (Water Empire) Cultures

A large stable culture works to minimize changes, avoiding any modification of the existing power structures. Such a culture will work hard to avoid any destabilizing influences; so many rules are applied to ensure rigidity. These rules often ignore basic human nature.

All of these actions are taken to ensure a monopoly on power by the leadership of the "empire", territorial or otherwise.

Many cultures intent on defending their ideals often lock down their language to minimize new thoughts entering their lexicon. Additionally, such cultures form social, political and financial castes (with little opportunity for changing castes) to ensure there is no incentive for change. (This kept China from using gunpowder as a weapon since none of the potential inventors could profit by this.)

By killing off internal competition in the arena of ideology the only remaining threats come from outside competitors.

Another trait of such cultures is rampant corruption within the ruling caste since there are few checks and balances. Any "ruling" caste (like "old money") tries to ossify any culture to retain their position. This kind of activity is dangerous since there are problems with a "single point of failure". Over centralizing any activity makes a single failure far more deadly.

Centralized (monopolistic) entities make for a larger flow of resources available near the top that is ripe for small diversions into VIPs (Very Important Pockets). I guess this proves that it's "good to be the King". Of course, a guillotine can change things very quickly.

Diversity in organizations implies competition. As wasteful as an economist would find this, the check-and-balance effects against corruption are very important.

Dynamic Cultures

Additional traits usually include the "scientific method"; that is, an openness to finding some of the precepts to be wrong. Any leadership must be willing to be wrong part of the time, and to be seen as wrong.

And (in my own opinion) a truly dynamic, and successful, culture will embrace Patton's Law:
A good plan executed today will beat a perfect plan executed tomorrow.

Flexibility and an ability to acknowledge a wrong, (and working to ensure the same kind of mistake is not repeated) is a sign of an ascending culture.

I think you can work out the signs of a descending culture without any help from me.

CyberDiversity

Just as requests are processed within a cell by copying programs stored as DNA into RNA for actual processing by the cell, so do applications stimulate the system into launching yet more code (most resident within the kernel) as a response.

Various viruses attempt to subvert weaknesses within the OS (though multiple CPU hardware architectures provides another level of diversity) and supplant the "DNA" the system is supposed to be following with it's own set of instructions.

The Biological model is surprising in its applicability; DNA is, after all, a useful storage medium for information, each base pair encoding 2 bits of information; A-C, C-A, T-G, G-T (00, 01, 10, 11) collected together into "codons" which then describe the order of assembly for a protein (which, I suspect, could just chain to another segment of DNA) within the cellular ribosome.

Personal thought:
I've been thinking that the Mitochondrion's own DNA provides the baseline O.S. for each cell since there's enough for short loops that would be smart enough to recognize cellular conditions and call in programs from the nucleus, the big database.

The name of the game in most scenarios is to disrupt the normal functioning of the system, by either stealing its soul (replacing its applications), being a parasite (like the RTM Sendmail worm) or just shutting it down (various DoS attacks).

Disclosures

Evolution only works when the challenges are recognized and addressed. If we ignored various selection pressures at either the biological or cultural level, the cost would be seen quickly and the effects of the pressure would be no fun.

Disclosure (and response to it) provides the primary visible selection pressure which decides which will live and which will die. It's like the old saying:
If you can't take the heat, get out of the kitchen.
(If you've ever watched the British comedy "Chef!" this may make more sense.)

Those wishing to avoid the effort implicit in actually addressing environmental challenges by denying the existence of these same challenges are in a game of denial.

Strengths and Weaknesses

Exposures and Resistance

Other than ensuring that a corrupted system cannot be used to reduce the LAN to chaos, each system would vary by CPU type (hardware cyber-diversity) and OS type (software cyber-diversity).

A case in point: the (in)famous RTM Sendmail "worm" was only able to target VAX-based UNIX systems and SunOS (M68K-based) CPUs since object code had to be delivered to each compromised machine; All other CPU/OS combinations were quite safe (although Mr. Morris did concentrate on the greatest "population of opportunity" available at the time).

Today, the amount of work to do the same is staggering, even if we assumed the Sendmail feature had never been corrected; There are so many different CPU and OS types that only through some level of oversight can you find the systems easily targeted; excepting, of course, Microsoft's Windows OS (can you pronounce CODE RED, NIMDA and SIRCAM) simply because it has both a weak immune system and evolves too slowly to close recognized exploits. (Limiting disclosure works to retard evolution since there are many who refuse to hear news they find distasteful. This is not limited to Microsoft, BTW.) Even Java isn't a clean platform since too many Java apps are sensitive to the version of the JRE. If that ever gets sorted out, we could have a larger problem. So, even Java byte codes are impacted by "hetero-memeous" code, though, coming from a monopoly, I doubt that C# (C Sharp) will be fragmented.

Diversity is good here. No single virus or worm can take over (or compromise) all of the machines within a network, though taking down the network itself may be far simpler by targeting the weakest links and using them to provide a DoS (or DDoS).

Finally, it should be fitting to point to an organization which should embrace the heterogeneous environment; The US Dept of Defense. It's odd that such a paranoid entity should declare MS's Windows NT and follow-ons as the "standard" system environment.

Competition, Cooperation and Surrender

Cooperation now is key, but only in specific areas- that of the need to interchange data so business can happen across a common infrastructure. Just as the Strowger switch enabled the phone system to mushroom, so does a standard TCP/IP stack (including HTTP and HTTPS) by removing a carrier that can be swayed towards (or away from) specific vendors. Without some level of cooperation no two companies could exchange any data, which would certainly make things difficult for different banks to pass transactions to each other. (IBM tried, at one time, to force EBCDIC on the world. Now that IBM is putting Linux on the S/390 (a.k.a. zSeries) even IBM has embraced ASCII as the standard means of transmitting LAN/WAN data. Of course, SNA is still with us; It's the back-bone of the "Old Boy's Network". :-) )

Surrender is what we've seen many businesses do; They chose the frozen "mono-memeous" system (locking them into their hardware choice and a software scheme) which is owned by an outsider; One who is not really in the business to keep the customer business in business (I like this sentence; it sounds funny). In the Microsoft world, a company's data is also locked down in a non- interchangeable form (.DOC will only talk to MS Word at a version level greater than or equal to what wrote it) so the business cannot find another way to access their data.

Vendors evolve in the competitive world but work towards a situation where they need not compete (because that's a lot of work) which increases profit margins but does nothing to protect the future. This is something that reduces flexibility over time, as the Romans learned. Rome grew up and flourished in a time of competition, taking on the "good" aspects of the cultures they found around them, absorbing what they liked and destroying what they didn't. As it grew towards a large empire, others had no choice but to either submit, or resist and die. As the Roman Empire aged, it ceased to take external challenges seriously and turned itself inward, becoming lazy, which proved its undoing. They were so sure that they need not worry about the unorganized barbarians at the gate and could celebrate their great wealth that they had lost the ability to survive in a competitive world.

The Roman Empire, at least the western half, came apart as it ossified and could not survive selection pressure. Without an ability to evolve their world-model, they died. Those who previously had forced others to surrender or die, died themselves. IBM itself almost died in the early 1990s and was forced to re-learn the hard lessons of financial, cultural and technical diversity and to compete again. As one person commented "IBM isn't as arrogant as they used to be, but they're still arrogant about not being arrogant." (Note: the author has close ties to IBM though I once considered it an evil empire as recently as 15 years ago.)

Fragmentation:

It is said that "you get what you pay for". I'd like to add that, "you pay for what you get" (whether you want to or not).

Financial

Well, OK, overcapacity is one of the side effects of financial fragmentation. It is also required to survive new challenges. The United States, prior to the Second World War, had plenty of manufacturing capacity (all due to competition), which could be turned to wartime production. The UK, between 1938 and 1940 (especially if you've read some of Winston Churchill's speeches during that period) did not have as great a level of industrial capacity, so their ability to turn over to wartime production levels took much longer (new plants, etc, rather than mere re-tooling) than the US faced. Even Germany's mobilization was gradual because they didn't have enough spare capacity to satisfy civilian requirements at the same time prior to the outbreak of full-scale war. (Once war was started, the civilian side became irrelevant.)

So financial over-capacity helps in wartime, but wars are not the only challenges. Wars are merely another way cultures compete for ideological supremacy and resource access and form a check-and-balance against corrupt regimes.

Other disasters exist that only over-capacity can assist in resolving over a short enough time scale to make a difference. Its kind of like putting all of your eggs in one basket (one planet); would you be betting all of your savings on horse races? When you lose, you lose big.

Mind share

Pushing all of its competitors off of shelves is one desirable objective for a commercial company; After all, they're trying to provide selection pressure against another company.

The same is true of retail establishments themselves. When the only kind of retail store is Walmart, where can you buy the specialty items (car parts, books, etc) that Walmart won't stock? There are other weaknesses in what I consider "over centralization" since it leads to monopolies and making the phrase "customer service" an oxymoron.

Over-centralization in the retail world makes product-tampering cases far more dangerous.

Of course, the more centralized an organization is (along with it's financial resources) the more money is available for the folks "at the top" to steal (or misdirect). This is just as true in a political sense as financially. (The president of GM, for instance, has a lot more financial influence than, for instance, the president of Day's Inn.)

Dogma

Eclectics are often frowned upon, just as UNIX geeks look down on NT administrators. While the skill level of any UNIX Admin has fairly high minimums, Windows NT admin skill levels vary and they're seldom portable to other systems. Linux admins can cope with BSD, BSD with Solaris, and so on (though there will be a surprising amount of whining when it comes to AIX).

Comparisons...

Biology, Viruses and Evolution

Viruses in Biology depend upon the machinery of life to exist so it can take advantage of it for its own "mission". As such viruses are dependant upon their host's systems to work a specific way. The instruction set and APIs of the cell (within a multi- cellular organism, like us people) provide the basics for viral attacks.

Evolution, through recombination of the genome (via conjugation or sexual reproduction) finds traits useful to work around selection pressures or to take advantage of selective vacuums. Direction comes from these pressures and vacuums.

Cultural Values

A culture sows the seeds of it's own destruction when it stops evolving, or when it believes itself to be perfect enough to not need changing.

Competition is a means of ensuring a set of checks and balances against both corruption and a false sense of security. At the same time, an agreement on common rules of behavior is required to allow people of multiple cultures to coexist. Cultural traits are absorbed on an individual basis and will tend to be transmitted by some form of "cultural osmosis".

Perhaps we humans mimic behaviors we respect or admire?

Two Futures

Mono-Memetic (Monopolized)

A monopoly exists to avoid the selective pressures of competition, which is only useful to the power/financial structure of the monopolistic organization, not for anything else that it "services".

In the CPU/OS space, a single instruction set with a known "guaranteed" OS code base makes the task of doing damage ridiculously easy, so laws get passed and ignored. If you think the laws against listening to cell-phone conversations really change much, it just makes the scanners that much more valuable since the price tag to listening went up. The folks breaking these laws will do so in such a way as to maximize their profits. So the law doesn't really guarantee any security; It just ensures that we walk around with a false sense of security as our ESN/PN (the cell-phone identity) gets stolen and then used to make (functionally untraceable) long distance calls from poorer neighborhoods.

The result? Short term, things look good until a single pathological organism (virus, airborne bacteria, terrorist, lawyer, software virus, etc.) takes down all of the underpinnings of humanity. Sure this means there's no duplication of effort, but it doesn't lend itself to long-term survival, either.

Hetero-Memetic (Competitive)

The strength is like plywood, where one cultural viewpoint may be weak another's will be strong allowing both "grains" to weather storms.

Since no one culture has a "permanent" position of ascendancy, all cultures compete with each other as the "best" means of dealing with pressures placed upon civilization itself. Over time, these pressures evolve, so the "right answer" keeps changing.

Resiliency is one of the advantages to the "hetero-memetic" complex of systems.

In terms of the ecology of the InterNet, many systems end up exposed to various selective pressures and either evolve or die (though some attacks make the weakest an attacker). Through multiple memes (multiple instruction sets, APIs, etc) we have more defenses in depth.

No one exploit can take down all systems any more than one strain of virus can kill off the whole human race. While economists and financial folks will be appalled at the duplication of effort (and the costs inherent) this leads to long term survival of the human race.

Evolution vs. Revolution

Many enterprises use "change management" techniques to ensure that all systems/processes that get changed have a way back to facilities that work.

Objective, initiative, experimentation all at the individual level. In Eisenhower's book "Crusade in Europe" he commented on how dependant we were on individual initiative all the way down to the privates in the Army. As long as all parties know the mission, any individual could help in securing objectives by their actions at a low level. Eisenhower recognized that central commands don't work as well since initiative cannot be reserved to the few. As Eric Raymond would probably recognize, the bazaar works, though there's enough bizarre in there to be amusing.

In the open source world, we each have a piece of this, so we show our initiative in our understanding of the mission. Just as those soldiers of 60 years ago, we deal with our own problems and create opportunities for ourselves (and others) to exploit. Sharing the fruits of our labors will work for society so others can carry on our work, extending it and evolving it.