On 15 Dec 2014, at 5:47, David Conrad wrote:
A monoculture invites catastrophic failure. We've seen this over and
over again.
We've seen heterogenous environments fail catastrophically, too.
I've never run into a situation in which a monoculture would've made
things any worse.
Sure, there are a wide variety of other possible failure points, but
it would be simply insane to (say) have everyone run the exact same
code base would mean that everyone is subject to the same
Packet-of-Death.
I hate to break it to you, but a) packet-of-death vulnerabilities are
rare, b) operators ought to have mechanisms in place to filter them when
they do show up (*not* silly 'IPS'), and c) gross incompetence with a
heterogeneous software base is no different than gross incompetence with
a monoculture - except that it's more certain.
Having worked for a major vendor of telecommunications gear which is
quite dominant in its space, and having dealt with packet-of-death
issues from said vendor's perspective, I'm here to tell you that all
this preaching about avoiding monoculture is a sideshow compared to the
real issues faced every day in the trenches.
If we could ever get to the point where a monoculture was the biggest
challenge we face, we'd be a lot better off than we are today.
Are you seriously arguing that it is better to have your entire
infrastructure subject to a PoD because it's a bit more challenging to
run different software bases?
See above. And 'a bit more challenging' is a significant
understatement, especially at scale.
Worrying about software monoculture at this juncture is like worrying
about urban planning when you don't even have indoor plumbing.
-----------------------------------
Roland Dobbins <rdobb...@arbor.net>
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
