Category Archives: Monoculture

Tomato monoculture

P7238909 You Say Tomato, I Say Agricultural Disaster,, By DAN BARBER, New York Times, Published: August 8, 2009:
For years, this kind of breeding has fallen by the wayside — the result of a food movement wary of science and an industrialized food chain that eschews differentiation in favor of uniformity. (Why develop and sell 20 different tomato varieties for 20 different microclimates when you can simply sell one?)
Does it seem that agricultural monocultures are almost always produced by economic greed?


Van Meter on Barabasi and Doyle on Internet topology and risks

rdv-hakama-0609.jpg Rodney Van Meter, co-teaching a class by Jun Murai, posts notes on why Albert-László Barabási (ALB) is both right and wrong about the Internet (it is more or less a scale-free network when considered as a network of Autonomous Systems (AS), but contrary to ALB's assumption John Doyle and others have pointed out that the bigger nodes are not central, an AS as a node would be somewhat difficult to take out all at once, there are both higher and lower layer topologies that make the Internet more robust, and the Internet's biggest problem isn't topology at all:

The most serious risks to the Internet are not to individual "nodes" (ASes), but rather stem from the near-monocropping of Internet infrastructure and end nodes, and the vulnerability of the system to human error (and political/economic considerations):

Monoculture, who would have thought it?

For that matter, the Internet's ability to reroute has been very useful to ameliorate topological link breaks at the physical layer, for example undersea cables in the Mediterranean Sea twice last year.

Microsoft Ditches VBA for Security?

For some time I’ve been noting Dan Geer’s point that Microsoft faces a dilemma: stick to backward compatibility including many security vulnerabilities, or fix the holes and lose backwards compatibility. Looks like they’ve done the latter with Office:
Most of the whining comes because Office 2008 does not include Visual Basic. In some respects, this is welcome change because Office never should have had Visual Basic. VBA is what enabled the Macro Virus. Furthermore, Office 2009 (for Windows) is not going to have VBA, either.

However, not shipping VBA in Office 2008 means that people who want to have cross-platorm documents that are pseudo-applications have to deal with it in 2008, not 2009. That’s worth complaining about.

Microsoft Has Trouble Programming the Intel Architecture, by mordaxus, Emergent Chaos, 16 Jan 2008

The poster immediately goes on to sneer at OpenOffice for allegedly not being able to do things Office can do (without ever mentioning specifics) and at Keynote because everybody uses PowerPoint (while acknowledging that “Keynote rocks — it got Al Gore both an Oscar and the Nobel Prize”).

When Microsoft can manage to annoy even slavish users like that by breaking backwards compatibility, MSFT has a problem. No doubt no VBA in Office isn’t the last straw, but it isn’t the first, either.


Antitrust and Microsoft: Still on the Table?

Taft.jpg More time to determine whether Microsoft has a monopoly?

Microsoft, state prosecutors, and the U.S. Department of Justice on Tuesday said a federal judge needs more time to weigh whether Redmond should be subjected to a lengthier period of antitrust policing.

In a joint filing with U.S. District Judge Colleen Kollar-Kotelly, who has been overseeing Microsoft’s antitrust compliance, they asked for a soon-to-expire oversight period to be temporarily extended until at latest January 31, 2008. That way, the judge will have more time to weigh the merits of last-minute pleas from a number of state prosecutors to add another five years to the oversight regime.

Right now, most of Microsoft’s 2002 consent decree with the Bush administration is set to expire November 12. One small portion, related to a communications protocol licensing program that has encountered numerous delays since its inception, has already been extended through November 2009.

U.S.-Microsoft antitrust deal to get temporary extension, by Anne Broache, C|Net News blog, October 30, 2007 2:24 PM PDT

The story says the judge and Microsoft are expected to agree to the extension. Not surprisingly, there’s an objection from a different quarter:

The Justice Department has already said it doesn’t believe there’s any need to extend the oversight period and that the agreement with Redmond has been working as designed.

It’s state prosecutors from 10 states who are driving this extension.

These days we don’t have Teddy Roosevelt to bust trusts, nor even William Howard Taft, whose Department of Justice started 80 antitrust lawsuits. Maybe the states can do it.


Silver Bullet Security Considered Harmful

Silver_Bullet.jpg In the comment discussion about Linus’s schedulers vs. security polemic, Iang mentioned a paper he’s writing:
We hypothesize that security is a good with insufficient information, and reject the assumption that security fits in the market for goods with asymmetric information. Security can be viewed as in a market where neither buyer nor seller has sufficient information to be able to make a rational buying decision. These characteristics lead to the arisal of a market in silver bullets as participants herd in search of best practices, a common set of goods that arises more to reduce the costs of externalities rather than achieve benefits in security itself.

The Market for Silver Bullets, by Ian Grigg, Systemics, Inc. $Revision: 1.27 $ $Date: 2005/11/05 18:25:54 $

Evidently security needs to find another precious metal for its bullets, given that the Storm Botnet is still out there after months, phishing becomes more expensive all the time, spam has killed electronic mail for a whole generation of users, and the best the monoculture OS vendor can come up with is a new release that attempts to push responsibility for all its bugs and design flaws back on the user.

What to do? Continue reading

Bananas and Apples: Another Monoculture

banana-bunch_d.gif Yes, we will have no bananas, again:

Most commercial growing facilities handle just a single banana type — the one we Americans slice into our morning cereal.

How much time is left for the Cavendish? Some scientists say five years; some say 10. Others hold out hope that it will be much longer. Aguilar has his own particular worst-case scenario, his own nightmare. "What happens," he says, with a very intent look, "is that Panama disease comes before we have a good replacement. What happens then," he says, nearly shuddering in the shade of a towering banana plant, "is that people change. To apples."

Can This Fruit Be Saved? By Dan Koeppel,, June 2005

Cavendish is the variety of banana eaten the world around. "Quite possibly the world’s perfect food," says Chiquita. But perfection comes with a price if it leads to monoculture. And that’s what we’ve got with bananas: every commercial Cavendish banana tree is grown from cuttings of the original tree, and so is genetically identical. Banana monoculture has borne the fruit of disaster before.

Growers adopted a frenzied strategy of shifting crops to unused land, maintaining the supply of bananas to the public but at great financial and environmental expense — the tactic destroyed millions of acres of rainforest. By 1960, the major importers were nearly bankrupt, and the future of the fruit was in jeopardy. (Some of the shortages during that time entered the fabric of popular culture; the 1923 musical hit "Yes! We Have No Bananas" is said to have been written after songwriters Frank Silver and Irving Cohn were denied in an attempt to purchase their favorite fruit by a syntactically colorful, out-of-stock neighborhood grocer.) U.S. banana executives were hesitant to recognize the crisis facing the Gros Michel, according to John Soluri, a history professor at Carnegie Mellon University and author of Banana Cultures, an upcoming book on the fruit. "Many of them waited until the last minute."

Denial in the face of a clear and present ecological danger. We’ve seen this before.

Continue reading

Skype and Windows Update

skype_logo.png So, Windows update: Skype outage cause or smokescreen?

Apparently both:

The disruption was caused by a routine Windows patch update distributed Tuesday that required users to restart their computers. When a large number of Skype subscribers began logging back in around the same time, the requests – combined with the day’s traffic patterns – began overwhelming the system, revealing a bug in the software that normally helps the system allocate resources and “self heal.”

“Skype has now identified and already introduced a number of improvements to its software to ensure that our users will not be similarly affected in the unlikely possibility of this combination of events recurring,” Skype spokesman Villu Arak said.

Skype reveals outage source, tells customers it won’t happen again, Ryan Kim, San Francisco Chronicle Staff Writer, Tuesday, August 21, 2007

So we seem to have here a combination of hazards tripping each other.

This does raise the more general question of what other bugs are synchronized Windows updates exercising? And how long before such a Windows update installs a vulnerability that immediately gets exploited? And how long before such updates themselves do cause massive outages? In software monoculture, Windows may be its own boll weevil.


Precision Can Hide Accuracy

target.png Metrics are good, but just because they’re precise doesn’t mean they’re useful:
I’ve been thinking a little bit about “threat/vulnerability” pairing. You know the drill, go out, get a scan – match the scan data to existing exploits, and voila! You’ve got risk.

Now regular readers and FAIR practitioners know that I don’t believe this exercise gives you risk at all. In fact, in FAIR terms, I’m not sure this exercise does much for finding Vulnerability.

My Assertion To You: The industry loves T/V pairing because it is precise. It looks good on paper, and if you’re a consultant doing it, it looks like you’ve earned your hourly rate. We love The precision of T/V pairing gives us a false sense of accuracy.

Accuracy, Precision, And Threat/Vulnerability Pairing, Alex,, 23 July 2007

He goes on to point out you also need to consider who’s likely to attack you, as in such Threat Agents, as he calls htem, may be too stupid to use a given exploit, or too smart to use it because they’ve got a better way. He recommends some statistical analysis to help out.

I’d also recommend more basic steps, such as not using IE and shifting away from other monoculture software until you’ve got a mix of software from different sources. Those things will usually get you in trouble with sales and marketing, however, because hey, they’ve never had any problems, well, not many, and it’s not their job to fix them. The precise thing isn’t necessarily the right thing.


European Firefox

xiti-200707-europe.png Here’s some good news. Firefox market share in Europe is almost 28% according to XitiMonitor. In Germany it’s 38%, and several other countries have higher usage. Opera is at 3.5% and Safara is at 1.7% in Europe.

I’d be more pleased if it was a quarter each by three different browsers, with half a dozen others taking the other quarter, but this is much better diversity than 98% IE.

-jsq Continue reading


I’ve often wondered if this was happening:
A ROW IS BREWING between a bunch of bloggers who took cash from Microsoft marketing outfit and stodgy old media types who take their bribes in less obvious ways.

The row started on Friday when the ValleyWag revealed how some “star boggers” had taken some cash from Federated Media to repeat some Microsoft sloganeering in copy on their websites.

Michael Arrington tells all how his Techcrunch site became “people-ready”. Gigaom’s Om Malik talks about when a business becomes “people ready”. Others named and shamed include Paul Kedrosky and Matt Marshall of Venture Beat, as well as Fred Wilson, the blogger-investor. Ads with the Volish motto appear on the blogger’s site.

Boggers embroiled in Volish bribery kerfuffle, Old media lecture the new, By Nick Farrell, The Inquirer, Monday 25 June 2007, 14:02

Well, wonder no more.