“It’s time for the world’s dependence on centralised owners of code to be reduced”
The world is over reliant on a handful of businesses running IT infrastructure and services. It’s time for change, writes Bluzelle CTO Neeraj Murarka. Ericsson finds itself under pressure currently for the network disruptions that caused a data outage across the O2 network in the UK and SoftBank mobile services in Japan.
But the problem shines a light on an issue of far greater importance – the world’s reliance on proprietary software is solely controlled by a handful of giant vendors. More generally, the outage highlights the world’s reliance on a relatively tiny number of companies to operate the infrastructure on which economies, industries and lives rely.
Ericsson’s problems appear to have stemmed from software certificates it failed to update properly. This sounds like a simple and unavoidable mistake. But managing certificates can be complex in a large organisation like Ericsson, which might have multiple certificates in different devices – and even different certificates in different devices running with different customers.
All this requires a proper management system which tightly tracks certificates. It also requires staff to keep on top of what actions need to be taken to keep the certificates updated.
It’s clear how the mistake that led to the outage can be caused. But blaming Ericsson gets us nowhere.
Other companies have had similar problems with SSL certificates that weren’t updated properly. In 2018 a Cisco certificate that had expired in its VPN software caused its public key infrastructure to fail. Since the certificate was at the root of a family of other certificates, all those certificates also failed, causing a large software failure.
In 2017, LinkedIn failed to renew their own SSL certificate and prevented access to their website to tens of millions of users.
The key takeaway is that there is a high likelihood of things going wrong with large operations run by single companies over a long period of time. And this is what makes the world so vulnerable.
Open Source and Decentralised
Imagine an alternative situation where Ericsson was operating open source software that was open to community audits, customization, and quality assurance. Such an ecosystem could also have alerting technology that monitor key critical aspects of the system such as certificate expiries, and enable the community to at least notice and point out pending certificate renewals, or even initiate them. In such a case, the burden of certificate management and risk of such failures can be averted. In the open source community, it is common for the public to find and point out such issues preemptively. This has averted failures that otherwise would have occurred.
That’s why it’s time for the world’s dependence on centralised owners of code (in other words proprietary software) to be reduced over time. The wider tech community should be given an opportunity to contribute to this code and catch problems long before they happen.
When an extreme weather event is coming, many different parties can contribute to the early warning system. The same should happen in the world of tech. But unfortunately the forces of capitalism usually produce a small handful of leaders in different areas of technology.
Think about the huge volumes of data being stored on centralised clouds owned by a few select big tech players such as Microsoft, AWS or Oracle. Data has become one of the world’s most valuable resources, but it’s stored in a few hundred server farms, where it’s inherently vulnerable to hackers, a rogue state or natural disasters.
Remember when AWS servers went down in 2017? A large chunk of the internet, including Netflix, stopped operating for a period.
A more decentralised approach to crucial IT infrastructure like mobile networks or data storage is in everyone’s interests. Another form of decentralisation that could protect individuals and businesses alike is the use of mesh network technology, which allows users to collaborate to share connections to the internet. A move towards mesh technology would free mobile phones from total dependency on a centralised carrier.
The provision of services in general should move from large, oligopolistic providers to decentralised approaches. In the past few years we have already seen the birth of companies providing decentralised databases, decentralised computer power, decentralised file storage, and decentralised networks.
Many businesses might feel that the decentralised internet is five years or a decade away. In fact it’s here now. What’s really exciting is all these new decentralised players are now working together to create a new decentralised internet – laying the foundations, building a network, and putting together the structures everyone needs.
From the Few to the Many
As the world becomes more reliant on IT infrastructure, the scale and consequences of downtime are becoming more serious.
It’s time for infrastructure to be taken out of the hands of a few organisations and be shaped and underwritten by experts and nodes across the world. Thankfully, the shift to decentralised infrastructure is already underway. The faster this happens, the safer the world will be.