Interesting People mailing list archives
IP: On centralized, distributed and absolutism
From: David Farber <dave () farber net>
Date: Wed, 24 Oct 2001 01:32:39 -0400
Date: Tue, 23 Oct 2001 23:39:39 -0400 From: Dan Grossman <ldg004 () earthlink net> (for IP, if you wish) Dave, Two memes converged on the list today, and triggered something I've been wanting to get off my chest for a long time. As engineers, we are (or at least should be!) trained to evaluate design alternatives, to weigh benefits, liabilities, costs and risks, and to dispassionately assess tradeoffs to select the solution best optimized to the requirements. So why is it that so many of our most prominent and respected colleagues bleat out the Orwellian refrain: "Distributed good, centralized bad"? And when I see stuff like the below from the dean of one of the best CS programs in the world, I've got to wonder what they're teaching undergraduates about the way engineers practice their profession. To say nothing of wondering about how I'll manage to break a few of them of bad habits of mind when they get to my group. >... Those are the areas where a small perturbation can cause the most >havoc." The counter strategy for our society is "Don't build such systems. >Avoid single points of failure. Decentralize and disperse control." > >Here are some examples of systems that follow the principle of >high-entropy design compared to their more vulnerable alternatives: > The Internet instead of the phone system. More canards buried in that statement than _Make Way for Ducklings_ First, on the day of the attacks, the phone network did exactly what it was supposed to, despite losing a big Verizon exchange and an AT&T POP. Protection switching and rerouting and call gapping and signalling congestion control kicked in. Emergency calls went through, the system operated at saturation, and if calls were blocked, then at least those callers who did get through were able to have their say and get off. In another words, utility was maximized. The Internet -- well, I'll be interested to hear how close the Internet got to congestion collapse. From what I understand, news sites were inaccessable. True, emails sat in queue for a while, and ultimately got through, so there was some utility. But how much more than the phone network, the two-way paging network and the cellular network? History will tell. Next, observe that the Internet in fact has hierarchy, and if it did not, it would not scale. Further, it is overlaid on a physical fiber infrastructure whose topology is not at all unlike that of the much maligned phone system. Because it *is* pretty much the same infrastructure. And at concentration points, the Internet is every bit as much as vulnerable as the phone network. The much-vaunted routing system, which is popularly believed to enable the Internet to "route around" trouble isn't what it appears to be, either. After a failure, the BGP routing system takes several minutes to stabilize, and packet losses and loops can persist for many seconds. The Internet routing research community is rightly concerned about the long-term scalability of the BGP routing system. Not surprisingly, there is a lot of work going on in the IETF to build failure recovery mechanisms that look suspiciously like ones used in the phone system. The congestion control system in the Internet is a bandaid that has remained in place far longer than prudence dictates. A well-designed worm could easily send the net into unrecoverable congestion collapse. None of which goes to say that the net will not be useful to us in the post-9/11 world... warts and all. But to depend upon it to the exclusion of all else, and particularly a very well designed, stable and secure telephone network, would be foolish. > Gnutella et al. instead of Napster. The Napster fiasco was a failure at the convergence of Law, Code, Markets and Norms (nod to Larry Lessig here), not of a centralized architecture. Is not the solution to demand that our elected representatives redress the imbalances in the law, rather than to invent new ways to evade the law? > Air transport that uses thousands of small air taxis rather than > today's hub-and-spoke system (James Fallows) The vision articulated by Fallows is an extremely attractive one. It would save me a fair amount of wear and tear. I hope it comes to pass. But Fallows himself points out that it's only good for trips of about 500 miles. That covers a lot of my travel, but not all of it. I still have to drive to Providence for longer domestic trips, and to Boston for international. In another words, in this case, the decentralized solution augments the centralized solution, not replaces it. > A competitive, heterogeneous operating system market instead of a > monoclonal Microsoft one. Ironic. Microsoft is the distributed architecture run amok. Remember that before the PC, we had timesharing on mainframes and minicomputers. Operating systems were competitive. Operating sytems were operating systems, and applications were applications and nobody thought about "co-mingling". Operating systems also were far more stable and secure than Windows, and were much easier to secure. For that matter, a good part of the reason why the financial industry recovered as quickly as they did is that they **centralized** their data on mainframes and server farms. Replicated, mirrored, backed up, with duplicates in New Jersey and/or Pennsylvania. In secured, hardened facilities. Can you imagine the chaos if all the important data was on peoples' desktops in the WTC and nowhere else? Fortunately, the 1993 WTC bombing raised awareness, and that sort of extremely decentralized architecture was replaced. > Al Qaeda instead of the CIA. I'm getting a little tired of other people's half-informed speculation on this, but will nonetheless venture my own. Al Qaeda starts with a charismatic evil genius, now believed to be cowering in a cave somewhere in southern Afghanistan. When a bomb or a betrayer find him, will Al Qaeda survive as an organization, absent his coordination and financing? Probably not for long. > A dispersed population instead of mega-cities. Ah, we have that. It's called "suburbs". Some would say that suburbs lead to SUVs and SUVs guzzle petroleum, and petroleum got us into this mess in the first place. I don't mean this as a knock on anybody in particular, but as a critique of a certain lack of engineering discipline in the CS and networking community. In short, if you want dogma, move to the Theology Department.
For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: On centralized, distributed and absolutism David Farber (Oct 23)