Alan Cox <alan <at> lxorguk.ukuu.org.uk> writes: > ... Hi, Let's keep in mind that we talk about computer systems security. The terms of interest to me are innovation, variety, diversity, complexity. I think innovation does not need to mean complexity as a result of it. With regard to "law of necessary variety" I assume you mean Law of Requisite Variety. "In cybernetics the term variety denotes the total number of distinct states of a system." It describes "the condition for dynamic stability under perturbation (or input)." "If a system is to be stable the number of states of its control mechanism must be greater than or equal to the number of states in the system being controlled." I think this law applies to building, exploitation and performance of a defined, working, reliable, dynamic system. It uses the term "control" in the context of interactions between system's components, not security of the system. The term security means "freedom from risk or danger; safety", or measures adopted to prevent crime, attack, escape, espionage, sabotage, etc. I like to use the term "diversity" (as opposite to "monoculture") when I want to describe an ecosystem more capable of progress and survival. I would apply it when I tried to explain my preference for multiplicity of OSs (UNIX, Linux, Windows, *BSD, Mac, etc) or kernels (monolithic, micro, hybrid, etc). Diversity per se does not ensure security, which (once again) means measures undertaken and a state achieved as a result of them. Having a multitude of security measures ((sub-)systems) per se does not ensure security. Complexity means multitude of components in intricate arrangement. An assumption that complex systems need per se variety of internal complex security sub-systems or external complex security systems is of questionable value. Let me concentrate on one important explanation of why complex systems (security systems inclusive) are prone to fail. There is an inherent conflict between level of complexity and benefits of complexity. Complex systems require very high costs just to maintain them, not to mention costs to expand them. This is validated by decreasing net return on input to complex systems. I think complex monolithic kernels, complex system/application/library APIs, complex security models (consisting of multitude of different security (sub-)systems) are not effective. We forget that people write software and have to account for all the diversity of system and application programming issues, also with regard to security. We forget that people administer those hardware and software systems and have to understand them from functional and operational point of view. Consider multitude of OSs and programming languages/scripts that are involved, which must be learned to various extent by the above two groups of professionals and which bring their own inherent security problems to the table. There are also multitude of managers and analysts (business, architecture, systems, security, etc) who want/have to understand these issues to a greater or lesser extent as well in order to be able to manage and build them for themselves or clients. I say once again, MORE complexity is LESS security. That's why complex systems (civilizations, societies, economies, financials, computing, etc) are inevitably destined to fail or fall. I am tempted to say - it is a law of nature. JB Well, I think we deserve it ... Jerome Hines, Paul Plishka - Verdi - Don Carlo - Il Grande Inquisitor http://www.youtube.com/watch?v=IOTm_ec42z4 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines