top | item 45814333

(no title)

housel | 3 months ago

I was a student part-time administrator/systems programmer at the Purdue Engineering Computer Network at the time. Our OS installs had enough local mods (and we had enough non-VAX, non-Sun architectures) that we were immune to some of the worm's modalities, but the sendmail debug mode exploit at least still caused a lot of consternation.

discuss

seethishat|3 months ago

Diversity is security! I wish more people understood that. It may be more difficult to manage a bunch of diverse systems, but they are much more resilient to attacks.

tptacek|3 months ago

I don't think that's proven out, like, at all; measure it against the returns on hardening mainstream platforms. The "monoculture" security thing has always been overblown, not least because you're never going to get an ecology where you have enough diversity to matter. Having 3 mainstream desktop or phone options is only marginally better than having just 1, and you're never going to have 20.

FuriouslyAdrift|3 months ago

Was KSB there at the time? That dude was fun.

housel|3 months ago

Yes, we overlapped around then.