On Dec 14, 2014, at 3:05 PM, Roland Dobbins <rdobb...@arbor.net> wrote: > I've never run into a situation in which a monoculture would've made things > any worse.
?? Two words: Microsoft Windows. > a) packet-of-death vulnerabilities are rare, Sure, but they happen. For example: - the resolver bug we're talking about - pretty much any one of https://kb.isc.org/article/AA-00913/74/BIND-9-Security-Vulnerability-Matrix.html (not to pick on BIND, other DNS servers have DoS vulnerabilities as well of course) - http://www.eweek.com/c/a/IT-Infrastructure/Bug-in-Juniper-Router-Firmware-Update-Causes-Massive-Internet-Outage-709180/ - http://blog.krisk.org/2013/02/packets-of-death.html - etc. Presumably you too can google "packet of death". The point is that it is a risk that is easily mitigated by having diversity in your infrastructure. > b) operators ought to have mechanisms in place to filter them when they do > show up (*not* silly 'IPS'), Does the term "closing the barn door after the horses have fled" mean anything to you? > c) gross incompetence with a heterogeneous software base is no different than > gross incompetence with a monoculture - except that it's more certain. Sorry, where is gross incompetence being demonstrated in this particular case? > If we could ever get to the point where a monoculture was the biggest > challenge we face, we'd be a lot better off than we are today. Are you really arguing that we should not have diversity in the Internet infrastructure because there are a bunch of problems diversity in the infrastructure won't fix? > And 'a bit more challenging' is a significant understatement, especially at > scale. Too bad no one has come up with something like Puppet, Chef, Ansible, etc., to help manage infrastructure configuration at scale. > Worrying about software monoculture at this juncture is like worrying about > urban planning when you don't even have indoor plumbing. Software diversity is a tool that network administrators use to improve resiliency in their infrastructure. I agree it is not a silver bullet but if I was building out critical infrastructure like (oh say) a root server or a resolver cloud that my customers depend on, I would want to minimize the risk that my infrastructure was vulnerable to a single bug. I am honestly surprised you're arguing against this. Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
