Just As Bad an Idea in Computing as in Agriculture
In agriculture and the biological sciences, monoculture refers to the situation where
one type of plant or animal completely dominates an ecosystem, crowding out all other varieties.
Typically, the dominant element of a monoculture will not only be of uniform species, but even
uniform subtype within the species -- as if not only were all pets dogs (crowding out other pet species
such as cats), but they're all a particular breed of poodle.
Modern agriculture has had many examples of monocultures, as particular breeds of crops are chosen
for various desirable traits and propagated identically around the world, replacing a profusion of
diverse local crops. The rise of big corporate farms and multinational seed manufacturers hastened
the progress towards this situation. The number of distinct kinds of crops that are widely grown
is steadily decreasing as scientists create carefully-crafted varieties designed for maximum
popularity, and farmers choose identically to use them.
So what's the problem, if these crops are chosen because they're better? Well, in addition to the
general deep-seated feeling that "variety is the spice of life" and something is lost when it is
replaced with uniformity (as if, coast to coast, McDonald's crowded out all other restaurants and
Wal-Mart eliminated all other stores), there are real problems that come out due to monoculture.
Despite all the careful breeding that led to the crop varieties in use now, no crop is entirely
immune to attack. Disease, insects, climate change, and other harmful things are capable of wiping
out a crop, and it can turn out that, by random chance, some genetic varieties are more susceptible
to a particular disaster than others. In a multiculture, with many different varieties out in the
field, a disaster will harm some of them while sparing others; there would be some temporary shortages
and some unfortunate farmers would have great losses, but crops as a whole would get through the
disaster all right -- in fact, the next generation of crops would be better, as natural selection
just got its chance to act to promote the propagation of varieties immune to that particular sort
of disaster via survival of the fittest.
In a monoculture, however, if the single dominant variety happens to be susceptible to the disaster,
it can be totally wiped out, turning what could have been a minor problem into a global catastrophe,
and leaving little breeding stock from which a resistant variety can spring. This is basically what
happened with the Southern cotton crops and the boll weevil near the turn of the 20th century.
So what does this have to do with computing?
Like agriculture, computing faces threats such as viruses, worms, and other factors, both malicious
and accidental, that cause things to fail. And like farmers' fields, computers, collectively, can
make up a monoculture -- all operating with hardware and software of identical design produced by the
same vendors -- or a multiculture, with diverse hardware and software with much difference. Just
as it is with farms, computers with greater diversity are less likely to be completely wiped out by
any calamity that spreads through the computing world. A computer virus is likely to be written
to run on a particular platform, and take advantage of the security weaknesses of a particular set
of software products, and will be completely inert on a computer that's designed differently.
A fatal bug in one software product is unlikely to be replicated in others. Hence, a multiculture
is more robust at resisting disasters; some computers and software will be adversely affected, but
others will come through unscathed, and the total damage will remain at manageable levels. The spread
of dangerous viruses and worms may slow down or stop when most of the systems they try to infect turn
out to be immune, rather than spreading like wildfire in a world full of identically-vulnerable
Currently, the biggest threats of monoculture in the computing world are from Microsoft. The Windows
operating system has a commanding lead in the desktop operating system market (outside "niche" segments
like artists who prefer MacOS and computer geeks who prefer Linux), Internet Explorer has the vast
majority of the Web browsing market, and various versions of Outlook and Outlook Express have a sizable
chunk of the email market. This has been exploited by virus and worm authors, who make their malicious
software specifically targeting these systems. The viruses and worms run under Windows, they take
advantage of security flaws in MSIE and Outlook to launch themselves when an unsuspecting user opens
a Web page or email message, and they make use of the known data formats of the Outlook address book
and MSIE web cache to find email addresses of others to send the virus on to. On a MacOS or Linux system,
they probably can't run at all. When they hit a competing mail program like Pegasus or Eudora, or
a competing browser like Mozilla or Opera, their malicious scripts probably don't launch, and even if they
do, they don't recognize the address book and cache formats to find more people to infect.
Thus, users of other systems generally find themselves immune to these viruses. This is not necessarily because
the other systems are incapable of catching viruses in general. Although it is my belief that the
design decisions of Microsoft make their software particularly vulnerable to such attacks, because
the developers value "gee-whiz" flashiness and "dumbed-down" user friendliness over robust security
and standards compliance, I do recognize that non-Microsoft software developers slip up sometimes too
and introduce security weaknesses into their programs. However, each program has different
security weaknesses, producing a multiculture that makes it harder for any particular virus to spread.
These days, with most of the viruses targeted to Microsoft programs, they generally stop dead when they
hit a computer using something else. Unfortunately, enough people are using the MS-ware that the viruses
still run rampant anyway. A more diverse environment would be less conducive to this spread.
But just how diverse should computing be?
A common objection to the advocacy of computing diversity is the need for interoperation -- a Web
browser and an e-mail program wouldn't be very useful if it couldn't access Web sites or e-mail
messages coming from systems with different software. The intent of e-mail (since the 1970s) and
the Web (since the 1990s) have been to make them universally interoperable, so that everybody with
a computer should be able to use them. Some people misunderstand this to mean that everybody ought
to be running the same exact programs under the same exact operating systems, so that Web pages and
e-mail messages look exactly the same to everybody. Any Web page that has a line like "Best viewed
in MSIE 6.0 under Windows XP with a 1280 x 1024 monitor with the browser in full-screen mode,
with that flawed understanding of the principles of the Web. In fact, the Internet was designed based
on a set of openly-documented standards for the basic protocols and data formats, to ensure that everything
that follows the standards can talk to one another, while allowing an infinite range of variation in
everything else about the programs, operating systems, and hardware involved.
Microsoft, in particular, has done its best to subvert such standards through its "embrace and extend"
stance -- they give lip service to supporting standards, and at early stages of their entry into a particular
marketplace when they're just one strand of a multiculture, they do in fact maintain a decent degree
of compatibility in order to gain initial acceptance. However, once they're dominant, they start
"extending" the standards with proprietary gimmicks that only work between users of their software.
Before long, their email programs are defaulting to sending mail in quirky formats that look messy in
other mail readers, and their Web authoring software is creating pages that don't work well in other
browsers. Ignorant consumers, when they see Web pages and e-mail messages that don't work well in other
browsers and readers, blame those other software vendors even though the fault is actually in the
nonstandard output of the Microsoft program, and Microsoft gains monoculture status.
Generally, the bugs and security holes that let the viruses and worms through are not inherent in the
basic standards of the Internet; they show up in the specific implementations of programs, and especially
in proprietary add-on features like the ability to have scripts launch automatically from Web pages
or e-mail messages. Thus, other software can follow the standards perfectly and not have the same
weaknesses that one progam has.
What You Should Do About It
It's simple; look around at the Web browsing and e-mail software available and pick ones that are
best for you, not necessarily what came pre-installed on your computer. And, no matter what software
you use, try to use it in a way that generates output that complies with all the applicable standards
and avoid using proprietary tricks that might make your messages and Web pages unreadable to others who
make different choices from you. Remember, not everyone in the world uses the same hardware and software
as you, so be considerate in what you send, even if this might mean going down to a "lowest common
denominator" that seems bland to you (e.g., plain text messages instead of fancy formatting). Support
and encourage diversity, within the umbrella of standards compliance, rather than monocultural use of
whatever is popular these days.
While Microsoft is the "enemy of the day" in this arena, this is not an eternal, unchanging situation;
the concept is permanent, but the players change with time and place. In the mainframe computing
environment of the 1960s and 1970s, IBM was the "evil empire" imposing its own non-standards on the
field, but they had their downfall and are no longer a threat to anybody; right now the "villain"
is Microsoft, but some day it might be somebody else, perhaps AOL (which is annoyingly close to a
monoculture in the ISP market, at least among a large cohort of unsophisticated users who think
AOL = The Internet). For a while, Netscape was the monoculturalist of the Web browser field, but that
changed very rapidly. So it's overly simplistic to portray the issue as a fight against a single
eternal and all-powerful devil; the fight, rather, is of open-standards-based diversity versus a
near-monopolist, even if the identity of the monopolist changes from time to time. If any of the
non-Microsoft products I recommend as antidotes to monoculture become so popular as to threaten to
be the new monoculturalists themselves, you can expect me to change gears and start advocating the
use of something else just to shake them up.
Some Alternatives to Microsoft Hegemony
A great choice for both Web browsing and email is Mozilla. I've
been using it as my default browser for years now, and it's shaping up very nicely. If you tried
earlier Mozilla versions a long time ago and found them too buggy and unstable, try it again now; it's
reached a highly developed stage now. You have several choices of which version to download; which you
choose depends on how adventurous or conservative you are. There are two major varieties of Mozilla:
the "Mozilla Suite" (including the browser, an e-mail program, and other things such as an Internet Relay
Chat [IRC] client), and the standalone Firefox browser. Version 1.7.1 is the latest stable release of the suite as
of this writing, carefully tested to remove major bugs (with a security patch from version 1.7 to fix
a vulnerability -- those things do happen with Mozilla too) 1.8 Alpha is closer to the leading edge
(with new features that haven't been fully tested yet), and the nightly "trunk builds" are right
at the bleeding edge (where you'll be the first to see neat new stuff, but also the first to experience
catastrophic bugs). Firefox is getting increasingly popular lately, but is still technically pre-release
software that is at version 0.9.2 (the upcoming 1.0 release will mark its reaching "final release" status).
The Bugzilla database is out there for
you to see what problems exist, how they're being resolved, and to contribute to the discussion yourself.
Mozilla is a participatory project rather than a corporate product, so you can have some impact on
how it develops. In addition to promoting a browser and email multiculture, you're also gaining
useful features like popup blocking and tabbed browsing. The email feature is now developing a
spam filter, too. Check it out!
Those who would prefer to have a corporate name behind the browser they use can download
Netscape 7.1; it's based on Mozilla (though they unfortunately
removed the popup blocking feature, and added all sorts of ad junk of their own, at the behest of
their "marketing types"). However, Netscape is a shadow of its former self, having been eviscerated by
its corporate parent, AOL; without much staff or motivation these days,
they aren't likely to be making very many browser releases.
101 things that the Mozilla browser can do that IE cannot
Opera is a commercial browser that has a lot of admirers, especially
in Europe. Its interface is very different from Netscape, MSIE, and Mozilla, which may be a good or a
bad thing to you depending on how much you like or dislike those other browsers. Opera is designed to
support lots of small browser windows within the larger application window, something like Mozilla's
tabbed browsing but even more versatile. You also have a wide degree of configurability, like to decide
whether links that try to open in new windows should actually do so or stay in the same window. You used
to have to purchase a copy of Opera to use it, which gave it a great disadvantage against browsers that
were free to download and use, but now the basic, unregistered version of Opera is free to use but
shows ads on screen (just a banner at the top, no obtrusive pop-ups or anything). You can still
pay for an ad-free version. Like Mozilla, Opera includes e-mail capability too.
Although I use Mozilla as my browser, I don't read my e-mail in it, because I already have a separate
mail program I like: Pegasus Mail. Pegasus doesn't look as
"high-tech" as other mail programs, and has only minimal support for fancy-schmancy message formats, but
to many of us old-timers who think e-mail has no business being in anything fancier than plain text, that's
just fine with us. There's practically no risk of getting an e-mail virus through Pegasus, as it doesn't
execute any sort of program or script simply by opening a message or showing it in a preview pane, unlike
some other mail programs. And Pegasus was a pioneer in the use of advanced message-filtering rules to
let you sort messages into folders by category, or suppress spam. Other programs have had to play
catch-up to features Pegasus has had for a long time.
This page was first created 15 Dec 2002, and was last modified 10 Jul 2004.
Copyright © 1995-2011 by Daniel R. Tobias. All rights reserved.