Comment by housel
3 days ago
I was a student part-time administrator/systems programmer at the Purdue Engineering Computer Network at the time. Our OS installs had enough local mods (and we had enough non-VAX, non-Sun architectures) that we were immune to some of the worm's modalities, but the sendmail debug mode exploit at least still caused a lot of consternation.
Diversity is security! I wish more people understood that. It may be more difficult to manage a bunch of diverse systems, but they are much more resilient to attacks.
I don't think that's proven out, like, at all; measure it against the returns on hardening mainstream platforms. The "monoculture" security thing has always been overblown, not least because you're never going to get an ecology where you have enough diversity to matter. Having 3 mainstream desktop or phone options is only marginally better than having just 1, and you're never going to have 20.
Do you do anything besides post on HN ;)
Put everything in MicroSoft Active Directory. Wait until it gets hacked. You will lose DNS, DHCP, Email, file servers, web servers, endpoints, etc. Obviously, running a mono-culture is a dumb thing to do if you want to keep your business running.
Maybe instead, run BIND on Linux servers, Apache on OpenBSD servers, have some Chromebooks, some Macs, etc. so everything doesn't go down together.
Really, it's not overblown... it's just common sense to diversify. Like we do with our diet/nutrition, with our financial investments, etc.
1 reply →
Was KSB there at the time? That dude was fun.
Yes, we overlapped around then.