Sun’s EVP of Software Jonathan Schwartz uses the popular metaphor of the natural ecosystem to describe the IT world. Most corporate IT departments are what ecologists call a “monoculture.” As various blights and famines have proven, when there is too much of the same plant growing in one place, it’s suceptable to being wiped out by a disease. Stressing the need for “genetic diversity on the desktop” to combat security threats, Schwartz points to a non-Microsoft desktop as a viable solution. The difficulty in implementing the new OS? Says Schwartz, “you might have to train the user that a home directory named ‘My Computer’ on Windows has been renamed ‘This Computer’ . . . “
Hey David Adams, where did it say Linux in that article?
It didn’t. So how do you get “Schwartz urges deployment of Linux desktops?”
Am I the only one who hates reading lies from popular “news” sites? Maybe I should skip my morning dose of OSNews and read a man page or something informative.
<sarcasm> What?!?! A Sun executive urging customers to deploy Linux? What’s next…Apple urging business to buy Macs? </sarcasm>
Didn’t you know that Linux(tm) is the only alternative to Windows? 😉
Serously: I also wonder where Linux is mentioned in the article… It also contains a _big_ error(/bullshit argument): the cost of changing to the “new model” is much more expensive than just learning a new directory name…
This guy is right. An IT system that is a “monoculture” is more vulnerable than a diverse IT system. As to Foo Fighter’s comment, his sarcasm is misplaced. Sun faces a major threat from Linux, although not in the desktop market.
Schwartz doesn’t mention Linux; but as we all know they’re preparing to roll out a new Linux desktop system next year (“Mad Hatter”)
“What?!?! A Sun executive urging customers to deploy Linux?”
He didn’t suggest that they should be deploying Linux. Whoever submitted this article to OSNews lied about that.
I thought it sounded a little strange even before reading the article. It wouldn’t make sense for Sun to suggest that businesses deploy Linux on the desktop after Sun just got done saying that businesses should avoid Linux until the legal issues are settled.
I’m sure that Sun had Solaris x86 in mind, which they have recently started promoting again.
Of course, he’s right .. but there are a lot more variables to keep in mind than just security. Hell, if I wanted a secure system, maybe I’d just fire up my old typewriter. When’s the last time one of those got hacked?
“An IT system that is a “monoculture” is more vulnerable than a diverse IT system.”
I disagree with this statement. I think the goal of any IT department should be to standardize as much as possible. If you choose RedHat and Cisco, standardize on it. If you choose Solaris and Nortel, standardize on it. I can’t imagine the nightmare in keeping up with security updates if someone had to manage Solaris, FreeBSD, Windows, RedHat Linux, Debian, OS X, Cisco, Nortel, 3 Com, etc. Same thing applies with applications. If you like Postfix, use postfix for all your email servers. If you like Sendmail, use it. But don’t mix and match the two. The only problem with monoculture is when every company uses the same monoculture. The industry would be very healthy if everyone didn’t choose Windows OS with Microsoft Office (/Outlook) on the desktop and Windows OS with IIS and SQL Server on the Server. Basically my argument can be summarized biologically. Look at yourself, all your cells are using the same underlying DNA. Look at everyone else, they are different from you. The same should be true in the IT landscape.
I disagree with this statement. I think the goal of any IT department should be to standardize as much as possible. If you choose RedHat and Cisco, standardize on it.
You have a point, it is a lot easier to keep up with updates if you only have one set of systems. But what the IT world doesn’t seem to subscribe to is redundacy by using varied systems, which will help keep portions of your systems up if there’s an attack on one type.
Basically, it boils down to optimism: you’re optimistic, you say that you can play beat the worm and win. I’m a pessimist: I figure that you can’t always get everything patched before an outbreak, so if I have different types of systems, the worm might get some of my machines, but some will still run, letting me keep my business running. Ideally, we’d live in a standards world so I could run multiple servers to run the same app, one using apache, one using IIS, one using SunONE, etc, so one of my web servers would stay up nearly no matter what.
This is a good reason for linux to have mutiple distrobutions, to make sure that linux desktop isn’t subject to the monoculture.
If, for example some worm came out, but it only infected a program unique to RedHat, the other distrobutions wouldn’t be affected. It would be VERY hard to write a worm that could hit 10 different distrobutions, and I think security through diversity is a great advantage in linux’s security.
“It wouldn’t make sense for Sun to suggest that businesses deploy Linux on the desktop after Sun just got done saying that businesses should avoid Linux until the legal issues are settled.”
Sun’s actions (and public statements) start to make a lot more sense if one starts to distinguish between stuff coming from Sun (which tends to make sense) and stuff coming from from Scott McNealy, which is usually rubbish. Sun Microsystems is quite Open Source friendly, produces a kick-ass operating system and lots of other cool software, and seems to come along nicely (while having obvious problems, granted), while McNealy is a stupid opportunistic moron who has yet to decide whether FUDing Microsoft or Open Source is more fun.
That is what I got from his article.
“For the most part, the industry has ignored this issue – it’s been a running joke. Sure, Microsoft Windows has some issues, but it’s a lot easier to continue deploying it than worry about genetic diversity. Forgive and forget. If you move to a new model, you might have to train the user that a home directory named “My Computer” on Windows has been renamed “This Computer” on the alternative. But now it’s not so funny. The cost of patching, upgrading, and managing the complexity of MSBlast, alone, exceeds any potential cost of retraining a user to expect a new color scheme.”
Of course I agree that it does not HAVE to be Linux. You could as easliy throw in Mac OS-X or BSD if you want. The point is that the guy is advocating that people deploy non-MS systems.
I think slash makes good points. I do, however, think that one can have more than one OS environment in a single organization — certainly, with modern servers, multiple client OSs can be managed, as a technical matter. Of course, the size of an organization is an important factor in determining what’s economically feasible. If the organization’s application domain is separable enough, multiple server environments could also be feasible. Also, selective use of backup systems running differenct OSs is worth exploring. Finally, the more open the OSs, the easier it is to manage the complexity of having internal diversity.
Having said all that, the real societal protection from diversity will, as slash says, come from having competitive OSs in different enterprises — so long as they adhere to common communication protocols.
Of course, he’s right .. but there are a lot more variables to keep in mind than just security. Hell, if I wanted a secure system, maybe I’d just fire up my old typewriter. When’s the last time one of those got hacked?
Didn’t microsoft made the software for electronic typewriters back in the 80’s?
Linux; but as we all know they’re preparing to roll out a new Linux desktop system next year (“Mad Hatter”)
The ideia of ecologigal diversity on networking is nice. However, windows OS and PC are the most used on internet. Does SUN have a naturally diverse type of machine to use to browse the web and emailing ?
Is he talking about server side (arch diversity machines) only ?
I don’t see any that could compete in price and ease of use with Intel and Windows for the clients accessing the INternet and collecting virus,
and no price for server side machines that could compete with Intel/AMD. Yes, server side OS is Linux domain, but Linux runs better on Intel x86.
and Mr. Schwartz didn’t mention Linux at all as the header of the articule suggest, does SUN even have a Linux dev team ?
Like others, I see no mention of Linux, or any other OS,
except Windows. That it comes from Sun is significant.
No-one denies Sun’s ability to put out good, if expensive
product. While there is some merit in diversity, the
statements strike me as self-serving, as have a number of
statements from the company in the recent past.
If they spend the money they saved on Linux on training their IT staff then maybe they would be more secure, but running Linux isn’t going to make you immune to attacks. Besides they are going to all loaded up with Wine anyway so they will lose everything in their home directory.
Well …. Mr. Schwartz may not mention using Linux directly, but what he does do is mention using Linux, as well as Solaris, indirectly. The statement “you might have to train the user that a home directory named ‘My Computer’ on Windows has been renamed ‘This Computer’ . . .” is a direct product placement of “Mad Hatter”
However, what Mad Hatter isn’t is a full on SUN developed Linux distribution. From what I can see it’s a desktop operating environment ala Ximian. It is apparently a Windowsfication tool. Making XWindows more familiar. Check out the screen shots on the SUN website.
What leads me to believe this isn’t full on Linux is that the product blurb page announces Mad Hatter will be available for Solaris as well. So they’ll probably just sell you the window manager, and all the code and apps running under it will be what ever distro you install on to …. Red Hat, Debian, Slack ….. etc.
But that’s just my own take on the thing. So he *is* talking about Linux …. in a roundabout way …. as well as Solaris.
Schwartz cites “universities, government institutions, financial services firms” as those who complain about the lack of diversity in IT departments. He is wrong : these places buy different computing platforms (hardware, OS), contrary to most home users who can’t afford to fiddle with many operating systems at the same time.
A better argument would be to remind IT managers that there is no intrinsic relationship between the hardware and the software. If a company has mainly Pentiums or Macs, they can use them with whatever free OS they want; there is no need to cling to Windows or MacOS X. To further this idea, people should remember that open source OSes run on almost all computers we can think of (Sparc, PowerPC, PC, SGI, Alpha, …, heck ! they even run on the Playstation).
It’s nice from Schwartz to make the point of diversity. The problem is he never states it when Sun tries to sell Sparcs equipped with Solaris to big customers.
On a side note, it’s nice to hear that, in the real world, “in isolated populations of rainforest tribes, or herds of wild cats in the African outback, simple viruses can decimate whole populations”. Maybe Schwartz should think about the mad cow disease which, if I’m correct, wrought havoc in Western countries, not in the mentioned “wild” places.
Comparing the IT sector to an ecological environment is wrong. True, a single virus can wipe out a given animal population, but I have yet to hear that a research center using Cray supercomputers was brought to a halt because of a virus or a worm.
If the operating system is a pile of crummy code, trouble follows. If it’s well designed, sysadmins will be able to sleep for 8 hours every night.
So they’ll probably just sell you the window manager, and all the code and apps running under it will be what ever distro you install on to
Maybe they will make Mad Hatter available for Solaris (and Linux) with the capacity of running/installing Linux apps (say .deb or .rpm ?) and additionally …
Besides they are going to all loaded up with Wine anyway so they will lose everything in their home directory.
… Windows apps … with wine
for corporations using Solaris on desktops ?? (maintaining their user base)
How crazy and strange can it get no one knows. </speculation>
I would prefer to run the Linux kernel for this and pay $00.00
The problem is he never states it when Sun tries to sell Sparcs equipped with Solaris to big customers.
Well, he is also partially responsible to making his company profitable so he couldn’t exactly recommend someone buy generic equipment and RedHat or IBM if he could help make Sun sell more systems.
But I agree that it would strengthen their position to recommend a health environment of *nix based systems, including Mad Hatter.
Personally I think Sun belongs in the server room unless they can come up with some very nice and inexpensive clients. And OSX would be excellent for the desktop. Linux might do well in both places, but it will take some time to prove itself.
A desktop should have good sound and graphics, 2D and 3D w/ geometry acceleration, tons of spare disk space, at least 160GB, tons of RAM, at least 512MB, DVD/CDRW, firewire, flat panel display to save limited and expensive desktop space, etc. They should also have a camera mounted on the monitor for video conferencing and be somewhere near the size of the Shuttle X PC cases today. There’s no reason this system should cost more than $1000. Tomorrow they will be small, faster, better and cheaper.
This is the state of generic PC equipment today which I think is their main competition for the desktop.
Not to cheerlead.
But, this reason, along with much higher software and hardware quality has made me an avid, new, Mac fan with OS X and Unix.
Once you make the switch, you wonder why you never seriously considered it years ago. My number on priority is the safety of my software efforts on the machine I develop on. I get this with Apple.
The Apple experience turns you into a raving advocate.
I’m sorry, but it can’t be helped…
<snip>
>A desktop should have good sound and graphics, 2D and 3D w/
>geometry acceleration, tons of spare disk space, at least
>160GB, tons of RAM, at least 512MB, DVD/CDRW, firewire, flat
>panel display to save limited and expensive desktop space,
>etc. They should also have a camera mounted on the monitor
>for video conferencing and be somewhere near the size of the
>Shuttle X PC cases today. There’s no reason this system
>should cost more than $1000. Tomorrow they will be small,
>faster, better and cheaper.
</snip>
Yeah, and if it had a built in bj machine… Get real hmmm.
There is a big difference between COTS crap that we use to hack small code bases and play games on and what makes a company like Sun or SGI money. I work all day on a large cluster of Sun boxes (and all night on a small cluster of AMD’s but that is for fun). If you are in this market, then Sun is doing the right thing. If your not, then your just playing around and you might as well pick up some hardware from TigerDirect…
Ever managed an IT department? An IT department has to be monocultural on some levels. For instance, all the desktops need to be the same. But not all the servers. You can have Windows desktops and Oracle/Linux database servers, for instance. But I don’t think you can have some funky heterogeneous mix of Windows desktops and Linux desktops. Ridiculous. I help to support a call center with lots of custom in-house apps. The idea of writing both a Windows and Linux version of the same software is almost as ludicrous as the idea of using Java to write it.
I work in a math lab (no pun intended). We have a mix of computers (PCS, Macs and a Sparc station) that aren’t configured similarly because employees don’t perform the same tasks. Schwartz was talking about organisms in general (for lack of a better name) where there is an IT department. He wasn’t talking about software developers only. I believe he would be pleased to see Windows rooted out of the users environment for good.
If you accept a heterogenous mix of servers, you can avoid the need for supporting multiple versions of a custom in-house application. Just run the app on its prefered platform and let every client on the network access the app via VNC (See http://www.uk.research.att.com/vnc/download.html ). For many custom apps, you really can get good performance this way. Couple this with OpenOffice for most uses (with ready access to a few licences of MS Office for that rare document that doesn’t convert seamlessly (e.g. embedded ActiveX controls).
There is definantly a practical problem of having to support multiple platforms, but that is what must be weighed against the risk of mono-culture. I’m not convinced that Schwartz is right, but the issue that you rase can be effectively addressed in a multi-patform environment. In fact, I would say the VNC solution ends up being easier to maintain. The legacy apps for many users can run on a sigle box. If MyCustomInventoryTool TM, runs fine on WIndows NT 4.0, you can leave it on NT 4, even as clients migrate to WinXP and insist on installing stuff that they download from who knows where. As long as they leave the server alone, they cannot break MyCustomInventoryTool, even if they install something viral, like Linux, on the desktop;-)
This will result in users needing to be able to interact with all of the GUIs that they will find. Running one window each of NT 4, XP, KDE and Gnome might be a bit jaring to the user. So the VNC solution has its own problems if you take to too far.
“The ideia of ecologigal diversity on networking is nice. However, windows OS and PC are the most used on internet. Does SUN have a naturally diverse type of machine to use to browse the web and emailing ?
Is he talking about server side (arch diversity machines) only ? “
No – He is talking about Mad Hatter Linux client – The whole article is a pitch for the up coming Mad Hatter release later this year. That is why David Adams with right to say Jonathan Schwartz is arguing that Linux desktops would boost security.
It is also a pitch to boost Solaris on Sparc – as it increases the ecological diversity on the server side. Well thats my interpretation of the article.
I think this “article” is pure bull, just like a good percentage of its comments. What world do you live in? Do you have any idea what “corporate environment” actually looks like?
I am developing a server application that has been written for Solaris. If the server gets attacked and is down, I don’t give sh** if the client’s WindowsNT systems still are running: From our system downstream, things are f***ed.
And if our Solaris server runs fine but the client’s WinNT boxes come down with the flu, everything from them downstream is f***ed.
And no one gives a damn whether it’s a Solaris bug, a Windows worm or a Linux misconfiguration that hicked up somewhere upstream: If someone doesn’t get the data he/she needs, they yell like hell.
I don’t see how “diversity” could be of any help here, except for the fact that you’d have to pay yet more admins who have yet less of a clue of what they’re doing.
Usually *corporate* environments aren’t nearly “biological” enough not to care if one part fails. *All* parts are *required* to function. Diversity just adds complexity without helping anyone.
Picture a *real* monoculture corp. All software developed in *one* language following *one* style guide on *one* OS with *one* compiler assuming *one* environment… Oh boy, I could save hundreds of bucks spend per year on Aspirin…
My 0.02$.
BTW, I’ve seen enough “corporate environments” where your generic Joe Average doesn’t even know the difference between “My Documents”, “My Computer”, and “Send to Desktop”. They don’t even know that Ctrl-C is the same as right-click-“Copy”. You expect those to handle the “diversity”, probably even switching to and fro from one system to another?
Phaw.
[i]”The idea of writing both a Windows and Linux version of the same software is almost as ludicrous as the idea of using Java to write it.”</>
Ever heard of wxWindows and wxPython or even Qt for that matter. You can develop cross platform apps for Windows, Linux that have a common codebase and utilize a native GUI. So its not that ludicrous.
“Once you make the switch [to Apple], you wonder why you never seriously considered it years ago.”
That all depends on how many years we are talking about. If
the number is very small, then my answer is because the
OS was slow and buggy as hell. If the number is somewhat
larger, then Apple’s OS as we know it today did not exist.
Perhaps I am being too literal (hell, I KNOW I am being too
literal); Apple makes a fine, if expensive machine. I run
software that is available only on Windows. It runs under
Linux using Win4Lin. It likely would run on an Apple using
Virtual PC. I would spend lots more money on an Apple
configuration, though.
And that’s the issue. Linux is available cheap. I have
watched its quality improve markedly over the past few
years. It allows me to run ICE or Fluxbox on the low end to
a full blown KDE on the high end, depending on my tastes
and the speed of my machine.
I’m glad you like your Apple. Here’s hoping Sun’s Mad
Hatter helps them be more competitive. As for me, for the
first time since I began trying it years ago, Linux is
staying on my computers. The combination of cheap, quality
hardware with an even cheaper software is hard to beat.