Mythic Monday – Immortality
Stories about immortality and the quest for it abound in literature. You have kings trying to live on through their sons. You have gods that must ritually die and be reborn so that the cycle of nature can continue. And you have, in a few stories, the few humans that succeed in their quests.
Consider, for example, the Cumaean Sibyl who bartered her virginity to Apollo in exchange for everlasting life (not technically, but despite appearances, this isn’t a mythology blog). However, she made a bit of an error when she forgot to also ask for everlasting youth, so she kept getting older and older until she eventually faded to nothing but a voice kept in a jar.
This is very similar to the story of Tithonos, who was granted immortality by Eos (via Zeus) but she also forgot to ask for everlasing youth, so he aged past senility and was locked away where he babbled to himself in an empty room.
What lesson is there here? Clearly, there’s something for us all to learn about operating system virtualization.
Yeah, you heard me right. Ovid and Homer* were clearly writing about the modern practice of virtualization. Specifically, they were concerned about aging operating systems.
* Whether Homer actually wrote the Homeric Hymn to Aphrodite is debatable.
See, virtualization is wonderful, and it’s all the rage right now for some excellent reasons. It allows you to fully leverage your hardware to capacity. You can aggregate virtual machines on top of real machines and have them create a robust infrastructure. If any hardware fails, all the little VMs can even skitter around like cockroaches as they find a working environment in which to live. In short, we as IT admins have the power to make these machines live forever. We are truly blessed.
But, as ancient mythology has informed us, with great power comes great responsibility (OK, so that bit is modern mythology). We have the power to grant immortality to these systems, but we have to consider how we use that power.
After all, what purpose does death serve? It allows new life to take hold. It allows unfit life to go away. From a technical perspective, this means that we have to let systems die to make room for new and more efficient systems to be built. Also, and a bigger concern, we have to let the ancient systems die before they start to make problems for us.
Imagine for a second, a network that has a mix of Windows 2003, Windows 2000, Windows NT, Windows 98, RedHat Enterprise 3, IRIX, AIX and DOS. Now, I’m sure you’re thinking “this is ridiculous, such a network doesn’t exist, no one would let that happen”. Well, this describes the network I was working on a few months ago. I’ve worked on live production networks in 2008 that used operating systems that were five to ten years old. I’ve heard tales of systems that were running Windows 3.1, as production machines, into 2009.
Now stop for a minute and think ahead twenty years. Can you imagine still supporting Windows 2000 in 2029? What about 2049? We have the ability to grant these systems immortality, people. It’s going to happen.
Sometime in 2020, you’re going to be working on the GoogleSoftwahoo TeleBlazinger running on Linux kernel 2.6.3492-23 and wondering why your network hypercloud is slow. After launching numerous tools that allow you to trace network traffic in all four dimensions (five if you can afford the enterprise license), you’ll track the problem to an infected botnet of Windows 2000 systems running a ponzi scheme involving stolen credit card numbers. You’ll try to refresh them from backup, to discover that they’ve been compromised for the last 19 years, and your backups only go back 15. And, worst of all, there’s a legacy billing system that requires these machines, so you have to keep them running… forever.
You’ll stop, scratch your head, and think that virtualizing at the operating system level was the stupidest thing that we ever did. And you know, you’d be right.
What it comes down to is how your organization is structured. If you’re building a virtual infrastructure, making brand new systems and setting hard deprecation dates for these systems, you’ll probably be OK. However, if you are like many companies, and take the perspective of “just move the physical machines to virtualization and we’ll straighten it all out later”, I’m sorry to break it to you, but later is never going to get here. There will always be another fire and another resource restriction.
We have think through new technology before we deploy it. There is a tendency to only look at the benefits and costs in terms of dollars, not in terms of time. A small gain in the present can be completely reversed and magnified by the flow of time. Just as inefficiencies add up throughout the weeks and months, security problems tend to grow over time. The longer you keep legacy systems around, the greater your risk grows.
If you grant immortality to these systems, they will just continue to age, until they will eventually be just another set of voices, hidden somewhere in the back of your network, babbling at your IDS systems pleading to be allowed to die.