Software Monoculture: SEED Problem
Anil Dash has been discussing some of the problems of software monocultures for some time. Today he talks about SEED, South Korea’s national competitor to 128-bit SSL, and its Windows / IE-only implementation. This is a fascinating example of why the market for operating systems, browsers, office suites, and so on really needs to be divided among at least three or four strong competitors using open standards.
Because of the way SEED is implemented (as an ActiveX control), only Windows / IE users can order online, do online banking, and so on. Users of Linux, Macintosh, FreeBSD, and other operating systems, and users of Mozilla, Firefox, Opera, and other browsers are excluded. Apparently, OpenSSL has recently implemented SEED as one of their supported algorithms, and Firefox support is being discussed, but even after these happen, the 99.9% penetration of Windows in South Korea means that most Web sites are IE-only by design.
Here is where this monoculture is biting South Korea in the backside: IE 7 and Windows Vista prevent ActiveX controls from automatically doing many of the things that were routinely done before. It is believed that IE 7 users will be locked out the same way that users of more standards-compliant browsers are. Microsoft is aware of the problem, and refused to give South Korea more time to rework its implementation of SEED and other ActiveX controls to work with the new operating system and browser.
Imagine that. You give total control of your national information technology resources to a corporation, and then when it needs another cash infusion, it does what is good for the company rather than what is good for the country. I’m shocked!
Sun’s Jonathan Schwartz tells of trying to get travel information from the state highway system, but being blocked because he was using Solaris instead of Windows. Simple things like that can kill people.
Wake up, people! It is not just national IT resources that need to be divided up. It is local, regional, and the resources within a company or household. This is just another example of why we should always have a mixed network.
I recall when I was doing my Master’s Degree online. A month or so before graduation, a software patch disabled functionality in IE that the campus mail system depended on. IE was the only approved browser, and much of the campus only functioned with IE. I found that Mozilla would work on the mail system and informed the campus IT staff. Amazingly, a month or so after they reworked their system to work with the new IE functionality, they made it IE-only. (Later, another change made the system work with Mozilla & Firefox again.)
Imagine, for a moment, if the bad guys find some hole that can bring down 100% of systems running a particular operating system. If your company’s entire network consists of that particular operating system, your whole company suffers. If your company has roughly one-third using one operating system, one-third using a second operating system, and one-third using still another operating system, you will be hurt, but still able to do your work while waiting for a solution.
Monoculture bad. Always.
Blogged with Flock
Entry filed under: Open Standards.