Sasser and Diversity

Independent.co.uk: Worm crashes Coastguard computers

The Sasser worm, which exploits a flaw in Microsoft’s Windows software, disrupted work at the Marine and Coastguard Agency, forcing staff to use pencil and paper to find ships and locate distress calls on maps.

And this too: Sasser Worm Rips Through Internet; Banks, EU Hit

As I read all these reports of major systems downtime to to yet another virus rapidly spreading through the internet I am more and more convinced: Implementing diversity in operating systems seems to me the most effective way to mitigate the risk of widespread systems downtime for critical computer infrastructure. Look at the UK’s Coastguard example – their backup plan is using pencil and paper to find ships and triangulate distress calls. Get out the sextant and star charts!

Face it: No matter how many speeches you hear by Steve Ballmer adamant to the contrary, Microsoft Windows can be hacked by squirrel monkeys. 100% dependence on a single platform means probablility for 100% downtime during an attack. If 50% of these machines were on an alternative platofrm such as Mac OS X or Linux, even in a worst case scenario only 50% of the machines would get infected. Go with a third on each — Windows, Mac, and Linux — and you have only a third of your infrastructure hosed by the latest worm. For mission-critical operations, a backup platform seems to be something of a requirement.

What’s the difference?

Top News Article | Reuters.com: U.S. Expresses Disgust as Prisoner Scandal Grows

Rumsfeld refused to use the word “torture.” “I’m not a lawyer,” he said. “My impression is that what has been charged thus far is abuse, which I believe technically is different from torture … And therefore I’m not going to address the ‘torture’ word.”

What is almost as disgusting as the reports of Torture against these prisoners is Rumsfeld’s persistent insistence on applying a nice thick even coat of bullshit on top of it.

But he is right, actually. Perhaps there is a method to his madness here: “Torture” usually refers to physical and mental pain with the aim of extracting information or forcing action. Plain old “abuse” could be incurring physical and mental pain without any aim at all other than the sadistic personal pleasure of the persons administering the abuse. I guess Rummy must be afraid that if it were alleged (or discovered) that these actions were the result of operations to get information out of these prisoners (perhaps as part of his failed hunt for WMDs?), and thus were indeed categorized as real actions of torture ordered by their superiors, then the stench of this scandal would rise much higher than the rank of these few grunts that were caught in these recent incidents. I hadn’t really though about it until he made that distinction and I questioned why he would go out of his way to that. So I’m no longer just disgusted by the situation – I’m now suspicious of what the deeper meaning is behind all this too, thanks to Rummy’s clarification of the difference between torture and abuse.