Why Technical Diversity Matters (was OFF: (waaay off topic))
david at megginson.com
Mon Mar 29 20:03:05 BST 1999
Tim McCune writes:
> Damned eloquent David. But I'd put the poster at #1 on that list
> for being ignorant enough to open a Word document that was attached
> to an e-mail message.
You cannot expect typical users to make an informed decision about
software security risks (some can certainly do so, but it is not a
reasonable expectation in general).
> Your comment about technical diversity indicates to me that you've
> never been a system administrator. ;)
I've had budgetary responsibility for system administrators, and have
hired and supervised them, so I do understand why it is so tempting to
go for technical homogeneity rather than technical diversity. In the
end, however, it's actually just bad business.
This is not a problem that is specific to computers: it's a general
business cost/risk tradeoff. To get away from the anti-Windows hype,
imagine that you run a mid-sized, regional air carrier with all your
routes and passenger loads about the same: you will save an *enormous*
amount of money in training, maintenance, staff, facilities, etc. if
you buy all of your planes from the same manufacturer (and preferably,
if you buy the same model).
Now, let's say that you bought a fleet of 15 A320's from Airbus, and
they run beautifully for seven years. Suddenly, there's a major crash
involving an A320 from another airline a month before Christmas, and
the FAA grounds all planes of that model until their investigation is
finished. The investigation finishes in mid-January and your A320's
get a clean bill of health, but now you've not only missed the
Christmas rush (which accounts for a large part of your annual
revenue) and destroyed employee moral (by laying most of them off just
before Christmas), but you've upset your customers, who had to switch
to other airlines and wait at the back of the line.
When you decided to save money by buying all of your planes from the
same manufacturer, you were actually doing the opposite of buying
insurance: with insurance, you trade a fixed cost (your insurance
premiums) for a non-fixed benefit (avoiding a large, unexpected
liability); with technical homogenity, you trade a non-fixed cost (the
possibility of a complete operations shutdown of indeterminate length)
for a fixed benefit (a known reduction in the cost of ownership).
It isn't hard to see how the same point applies to computing, no
matter how good or competent a specific manufacturer is. In the end,
some businesses may decide to take this risk, but they should at least
do it in an informed way (i.e. realise that it's a risk) and protect
themselves with some sort of derivatives or supplementary insurance.
All the best,
David Megginson david at megginson.com
xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)
More information about the Xml-dev