LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The monoculture of meritocracy

The monoculture of meritocracy

Posted Nov 14, 2012 1:11 UTC (Wed) by josh (subscriber, #17465)
In reply to: The monoculture of meritocracy by geofft
Parent article: Crowding out OpenBSD

I'd rather restate that problem: why do we consider monocultures bad, and based on that, why do we consider Linux a monoculture?

I've heard plenty of arguments against a Windows or OS X monoculture. Most of them amount to lack of alternatives when something doesn't work as desired, and lack of diversity for security purposes. The former simply doesn't apply to Linux: you have an almost excessive number of alternatives even for core OS components, and if you don't like them you can always make more (up to and including forking the kernel). For the latter, I'd personally rather focus on keeping one OS secure rather than two. Any other good reasons?

Let's not repurpose canned arguments summed up by words like "monoculture" without reevaluating those canned arguments against their new targets.

(Log in to post comments)

The monoculture of meritocracy

Posted Nov 14, 2012 1:18 UTC (Wed) by geofft (subscriber, #59789) [Link]

So the article says "Monocultures are unhealthy in general; a Linux monoculture may be the ultimate vindication of our approach to development, but it still would not be a good thing for the world as a whole. As in natural ecosystems, diversity is a source of strength."

I'm happy to disagree with that, and say that either Linux isn't a monoculture or that Linux is a good monoculture, and that all the BSD developers should give up and switch. :-) But it's what the article says, so I'm assuming it's representative of our community. Maybe it's not!

That said, to give one possible argument, we might find a class of attacks against a certain way of thinking about things in Linux that wouldn't happen against another OS. This sort of thing is certainly common in low-level crypto design (e.g., side-channel attacks from algorithms that aren't carefully designed to do the same operations regardless of the input), and is one of the many motivations for the AES and SHA competitions involving getting lots of different people to propose different ideas and attack each other's ideas, instead of collaborating on a single algorithm. On the software side, I've heard of cases where, e.g., several separate security bugs were found regarding NT's kernel entry ABI, and you couldn't fix those bugs at once without completely redesigning that ABI and possibly API.

The monoculture of meritocracy

Posted Nov 15, 2012 14:12 UTC (Thu) by khim (subscriber, #9252) [Link]

This sort of thing is certainly common in low-level crypto design (e.g., side-channel attacks from algorithms that aren't carefully designed to do the same operations regardless of the input), and is one of the many motivations for the AES and SHA competitions involving getting lots of different people to propose different ideas and attack each other's ideas, instead of collaborating on a single algorithm.

This is good example. Let me rephrase the question: why do you think Linux is a problem while AES and SHA are Ok? IOW: why even have a contest where one winner is picked and then reused everywhere if monoculture is so bad?

AFAICS Linux fulfills the same role as AES or SHA: different implementations are offered and one it picked, then used everywhere. If it was a bad decision then later it can be changed (see: DES to AES and MD5 to SHAxxx transitions).

We don't support the ability to use some exotic and clever ciphers in our documents and web-servers (only when some cipher wins the contest it's used for "real" programs), why should we support the ability to run "real" programs on experimental OSes like OpenBSD or Haiku?

On the software side, I've heard of cases where, e.g., several separate security bugs were found regarding NT's kernel entry ABI, and you couldn't fix those bugs at once without completely redesigning that ABI and possibly API.

If that happens then you need to redesign said ABI, it makes no sense to cultivate series of OSes each with it's own problems: sooner or later they all will be compromised if you'll not tighten them up.

The monoculture of meritocracy

Posted Dec 1, 2012 19:29 UTC (Sat) by ThinkRob (subscriber, #64513) [Link]

>This is good example. Let me rephrase the question: why do you think Linux is a problem while AES and SHA are Ok? IOW: why even have a contest where one winner is picked and then reused everywhere if monoculture is so bad?

I think there's a simple answer to that, actually: the impact of bugs.

If a kernel that's been out in the wild for some time has a bug due to a lack of attention, then users might hit crashes or lose data. That's bad, but it's fixable. Users may be able to work around it, and a lot of crash bugs are not *that* hard to fix once they're identified (finding/reproducing them is the hard part.)

If a cipher has been out in a while, and is found to have a bug that, say, reduces the key strength from 128 bits to 50 bits, that's also bad. But unlike a kernel bug which can be fixed or worked around, the impact of the bug is retroactive. All of the data encrypted with that broken cipher is now vulnerable. Worse still, there's no way to recall it. Some bad guy intercepted your traffic protected with $BUSTED_CIPHER? Well if he kept a copy around once the bug is found he can go back and decrypt it.

Unlike a kernel bug, a crypto bug can be devastating for *years* after it's been found and fixed, and there's not always a way to mitigate the damage. So while we want solid, bug-free kernels, there is a much, much higher value placed on getting our encryption/hashing algorithms right the first time.

*That* is why I'm OK with people unifying behind one or two ciphers and one or two hashing algos. Yes, it does have the "eggs in one basket" issue, but the cost of getting it wrong can be so very high that we really want to ensure that we have as many eyeballs on it as possible.

The monoculture of meritocracy

Posted Dec 10, 2012 12:51 UTC (Mon) by ekj (guest, #1524) [Link]

If you're paranoid about it, you nest ciphers (with unrelated keys!)

You use AES( k2, BLOWFISH( k1, plaintext)) which is secure aslong as *either* blowfish *or* AES survives.

You can do the same thing with hashes, but you need to concatenate or interleave them rather than nest them - the result is a hash that is as large as the sum of the two -- and that remains secure aslong as atleast once of the hashes is secure. (and *possibly* secure even if both hashes are broken)

Even someone who -can- find sha1 and md5 collisions *might* have a harder time finding two distinct documents that collide in both md5 and sha1. (yes I'm aware that md5 has been broken)

The monoculture of meritocracy

Posted Nov 14, 2012 11:12 UTC (Wed) by el_presidente (subscriber, #87621) [Link]

> The former simply doesn't apply to Linux: you have an almost excessive number of alternatives even for core OS components

Nobody needs a separate /usr partition, udev without systemd is a dead end, pulseaudio is the future, sloppy focus is for people caught up in the 90s, those who complain about client side decorations don't know what they are talking about, most users don't write their own init scripts, fallback mode is a maintenance burden, the unix philosophy doesn't apply to the modern desktop.

It's pointless to have alternatives.

The monoculture of meritocracy

Posted Nov 14, 2012 15:30 UTC (Wed) by ortalo (subscriber, #4654) [Link]

Admittedly, that's an alternative path to world domination, and it does not necessitate any alliance at all (these political discussions are so boring for el_presidente).

But it has already been done as nobody needs something else than M$/Windows.

The monoculture of meritocracy

Posted Nov 14, 2012 21:35 UTC (Wed) by ThinkRob (subscriber, #64513) [Link]

That's either an excellent troll or -- if coming from a developer -- a deeply depressing expression of a rather dangerous mindset.

The monoculture of meritocracy

Posted Nov 15, 2012 15:29 UTC (Thu) by lacos (subscriber, #70616) [Link]

> That's either an excellent troll or -- if coming from a developer -- a deeply depressing expression of a rather dangerous mindset.

Hm, neither. el_presidente didn't quote everything he responded to.

josh said:

> lack of alternatives when something doesn't work as desired [...] simply doesn't apply to Linux: you have an almost excessive number of alternatives even for core OS components

to which el_presidente replied,

> Nobody needs a separate /usr partition, udev without systemd is a dead end, pulseaudio is the future, sloppy focus is for people caught up in the 90s, those who complain about client side decorations don't know what they are talking about, most users don't write their own init scripts, fallback mode is a maintenance burden, the unix philosophy doesn't apply to the modern desktop.

It is sarcasm, but not a troll. It argues that alternatives are important, and that their number isn't actually "excessive" in Linux.

That's my take, anyway.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds