Digital Shakedowns

(This likely needs to be edited. Forgive any poor grammar, punctuation, or lapses in logic …)

If you’ve been paying attention to the tech press, you may have noticed an uptick in stories about DDOS (Distributed Denial of Service) attacks. A DDOS, in a nutshell, is when an attacker sends you more traffic/requests than your server or bandwidth provider can handle. It generally results in your servers going down, or your provider taking you down, for the good of their other customers.

You should familiarize yourself with the landscape. Read a couple of articles to familiarize yourself with the new wild, wild west.

DDOSes are being used as the digital equivalent of the old school shakedown. “Hey, I wouldn’t want anything bad to happen to your site. so you should, you know, pay me to make sure nothing untoward were to happen.”

In the physical world, shakedowns are less common (I think … I don’t have hard facts for that) than they were in the old days. The risk is greater to the extorter. The person or business being extorted generally has technology available to capture the extortion, our law enforcement and courts don’t look kindly on them, and since you have to physically be present to commit the extortion, it’s a lot easier to catch someone in the act.

(I’m not claiming extortion and shakedowns don’t happen any more. I just think they’re probably less common—in the US—than they used to be.)

That’s not true on the internet. With cheaply available botnets, ISPs turning a blind eye in favor of the marginal dollars, and the global internet meaning there are countries into which law enforcement cannot easily reach, the internet has become a goldmine for extortion.

There is a solution to this. It comes in two parts, and both of those parts will cost large internet providers money. But, like the music industry with MP3s, these ISPs are going to have to embrace the new cost of doing business, or they’ll slowly watch their systems turn into a barren ghetto where no true businesses will want their servers.

Step 1 of the solution is an ISP crackdown. The vast majority of the computers used in attacks are compromised PCs (often in China, where they’re using a pirated or hacked version of Windows). ISPs need to drop or throttle service the moment someone’s computer shows the signs of being used in an attack. This will hurt ISPs. They will get more support calls, deal with angry customers, and have to help customers get cleaned up. But, if they don’t do it, they’re going to run the risk of getting blocked by other service providers. If your ISP is a constant source of outbound attacks, other providers will drop your packets, and then you’ll have lots of angry customers calling to find out why they can’t get to netflix.com or espn.com.

Beyond just normal ISPs, VPN/Colo/Dedi/cloud providers need to crack down on their customers. The biggest spam networks in the world are all server providers who aren’t cracking down on their outbound traffic—because it makes them money. It’s not just spam though, these same servers and networks are often used for DNS or SNMP attacks. Like home ISPs, network providers should simply start dropping traffic coming from these providers until they clean up their acts. Nothing will speak louder here than money.

There’s a downside of this tactic: internet users in places like China, where the internet is one of the few tools citizens have to fight for democracy, are going to be disproportionately impacted. But, while I’m not a free marketer, this is a place where the free market could win. If a good ISP in China or Africa or some other impacted area were to provide a well regulated internet (not from a content perspsective, but from an outbound attack perspective), they wouldn’t be blocked, an customers would flock to them as the only provider who could see Twitter or YouTube.

Step 2 is for transit providers (the folks providing bandwidth to your favorite site on the internet, in essence) should stop looking at DDOS mitigation as a profit center and start looking at it as a cost of doing business. If a provider is simply charging customers for DDOS mitigation, or worse, not offering it at all, they are rapidly going to be at a competitive disadvantage. Small businesses, especially nascent small businesses or aspirational small businesses, cannot afford to pay for a big DDOS mitigation solution. Some provider is going to offer DDOS mitigation as a feature of their service, and they are going to suck up a good bit of the market. Once that happens, transit providers will have to offer a minimum level of mitigation service as part of their services.

There is one last thing that has to happen to make these digital shakedowns a thing of the past (or at least closer to a thing of the past). Someone is going to need to go to jail. It might end up being this 17 year old kid. And, honestly, it should be. He caused a huge disruption to the internet, potentially disrupted a significant amount of ecommerce, and wasted like many many days of work. It’ll only take a few examples before people realize there’s a much bigger risk in DDOSing someone.

And then we’ll be able to move digital shakedowns into the same category as physical shakedowns. Something from the “good old days.”

2014 NBA Draft Thoughts

Thursday night brings us the 2014 NBA Draft. Our Celtics pick 6th and 17th (though it wouldn’t surprise me to see them move around, given the depth of the top of this draft).

At this point, I’m nearly convinced that Aaron Gordon is the pick at #6. He’ll bring massive athleticism to the team, and the ability to defend almost any position on the court. Plus, with a year of college ball under his belt, he should be more polished than the Celtics’ recent “athletic” picks (Gerald Green, Kedrick Brown). Sure, he can’t shoot, but that’s (generally) coachable.

If Joel Embiid were to fall to #6, it makes the decision trickier, but I’m not sure you can pick a center in the top 10 who’s now got a history of back and foot problems.

(I’d also be very happy with Marcus Smart or Dante Exum at #6.)

At #17, it’s a bit more of a crapshoot. If you take Gordon at #6, you’re probably looking at a guard for #17. That’s P.J. Hairston, Zach LaVine, or maybe Gary Harris if he takes a big slide down the board. If you go guard with the first pick, I think you’re looking at small forwards like T.J. Warren or Rodney Hood. Or, you take a big risk and go for one of the big Euros (Clint Capella, Jusuf Nurkic), though I’m very against that idea.

With all of the assets the Celtic have, it should make Thursday an interesting night.

2014: The Year the US Embraced Soccer?

Probably not.

However, NBC’s really wonderful coverage of the Premier League has made many of the non-US players closer to household names (and I mean “one out of every 4 or 5 households”, but you get the point). ESPN covering the World Cup and wanting the make the most of their investment has lead to near wall to wall coverage, giving even non-soccer fans a chance to latch onto the US Men’s team.

I don’t have any expectations that Major League Soccer will all of a sudden become the 5th major league. The quality of play is just a couple of steps below what it needs to be, and aside from a couple of places, the passion that you get from your weekly Premier League match, or a World Cup match, is lacking. That crowd response makes a huge difference on television, and it makes MLS seem second-rate.

But, soccer is clearly getting closer to being a legitimate major television sport in the US (even if it won’t be via MLS). I think NBC—who, again, have done an amazing job with the Premiership—should be capitalizing on the World Cup by running some studio shows talking about the various players who normally make their living in the Premier League, and educating the new fans as to the nuances of the game. Formations, the rules, roles of the various players, etc. Not only would it be good for their ratings (what is NBC Sports Network airing right now with no soccer or hockey?), but it would bring an audience that finds itself on the cusp of soccer fandom and make NBCSN their friend, tutor, and home for soccer.

The elephant in the room is, of course, “simulation”. Or, as we like to call it, flopping.

The NBA has tried hard to make flopping a non-issue in the NBA. Between post-game reviews and fines, to highlighting floppers on the website (to, I guess, shame them into not flopping?), the NBA is at least trying something.

FIFA (as corrupt as they are—go watch this hilarious John Oliver takedown) needs to take a stronger stance. Yes, they can give yellow cards for simulation, but I think FIFA, or the individual leagues, need to tackle it similarly to the NBA. Review the dives after the game, fine players, then suspend them. Once a major player has been suspended for a few games, it’ll get better.

We’re nearing the tipping point. It’s going to happen in the next 3 or 4 years. This has been a big year for soccer in the US. Next year’s Women’s World Cup could help push it over the top, particularly if the US Women’s Team can manage another Cup win.

Apple is Settling All Debts

I won’t go into too much detail on the announcements coming out of WWDC. That’s been done better and more thoroughly by many others. I will say that this feels like Apple settling all the debts they’ve accrued over the past few years.

“Oh, you wanted apps to be able to talk to each other? Here you go.”

“Widgets on your notification screen? Yep. You got it.”

“You wanted apps to use the TouchID? Ok.”

“That whole ‘I should be able to move files around in iCloud’ thing? All set now.”

“Objective-C not modern enough for ya? Meet Swift.”

There were a bunch more announcements that basically amounted to “We told you to chill while we put in place the way to do these things safely, securely, and without trashing your battery. Here they are.”

And I think that’s a big part of what iOS 8 and Mac OS 10.10 are: the culmination of a few years worth of groundwork and infrastructure building that came together and bloomed all at once. It’s going to allow for almost everything people have asked for, and more, and to top it off, Apple brought out things like Continuity where you devices simply act as logical extension of one other. It’s a simple, powerful feature that will be hard for other companies to duplicate.

(All of this assumes Apple’s cloud services continue to get better … which seems likely given I’m not sure they could get much worse.)

John Gruber has a very nice take on it.

A Tale of Good (and a Bunch of Stupid) with Comcast

When I received a letter from Comcast a few weeks back informing me that they would ship me a new cable modem for free, I didn’t think much of it. I figured “Sure, why not. Should be better than my current one,” as my current cable modem is over four years old.

Less than a week later, I had a package from Comcast containing the new cable modem and the instructions on how to set it up.

I should say, first, that from a technology perspective, I’ve never really had a problem with our Comcast service. I have almost never had outages, I get pretty solid performance, and I’ve never had any issues with seemingly getting throttled. Looking at our history, our house uses between about 100 and 150GB of data per month (well under Comcast’s limit). That’s 90% Netflix viewing.

Prior to setting up the new modem, I grabbed the current performance of our connection from speedtest.net.

32Mb down is pretty solid—according to this site the average in the US is 24.5 Mbps, and in Massachusetts it’s 33Mbps. So pretty much dead on.

The upgrade process was pretty straightforward (it’s an Arris TG862G modem). Hooked it up, followed the instructions for online activation. And … nothing.

So, as I sort of expected, I had to call Comcast. I luckily got a competent phone agent who verified me as quickly as Comcast seems to verify you [1]. The agent sends a couple of reset signals and the modem springs to life. I’m able to get onto the web, all of my devices are working, everything seems great. I thank the agent and go about my business.

I want to secure everything (I don’t want people leeching off my network, as best I can), so I log into the modem to change its management password and to turn off its wifi (since I’ve already got a wifi network). Turns out, you can’t turn off the wifi without calling Comcast. [2]

I decide I don’t care enough about turning the wifi off. I’ve turned off the SSID, it’s WPA2, and the password is complex enough that nothing should find it too easily. I pick up the land line to make sure it’s working (since with Comcast, it’s cheaper to have a phone number than not—even if you tell them you’ll pay the same amount, you just don’t want a phone number). It’s not working. Oh well. [3]

I pop open the backup battery compartment just to take a look. It’s empty. Turns out, Comcast charges you $40+ for a battery. That’s a real dick move. [4]

Now, to the fun stuff. I rerun the speed test …

Well, that’s pretty nice. Almost doubling our download speed.

And, in the end, that’s why I stay with Comcast. I generally get good internet performance, generally don’t have issues with our cable, and they’ll generally let me handle stuff on my own without having to wait for someone to show up at my house.

That doesn’t make me like Comcast. There’s a reason they’re the second most hated company in America.

• They constantly screw with your billing, even when you call them and they agree to fix your billing.
• They nickel and dime you for everything because they are dicks. Franchise Related Cost, Regulatory Recovery Fee [5], another Franchise Fee.
• They do stuff like charge you for the battery backup for your modem, and don’t let you turn off the wifi on the modem without calling back into their team.
• They’re dicks about net neutrality

And, somehow, they’re still the best option many in the country have available. [6]

At least my internet is fast.

---

1. And here’s where Comcast starts to erode any goodwill they build up with people. You call from your home phone, validate your account number, it matches the number on your account, and you think “cool, now they know who I am.” Then you have to repeat that information to the agent because they don’t trust the phone info? Just validate one more piece of information. “Hi sir, based off of your info, we just need you to tell us your X, and we’ll have confirmed your account info.”

    ↩

2. Seriously? Why in the world …

    ↩

3. My fault for not checking it before hanging up with the tech. It’s astounding to me that Comcast pulls this BS where you need to have phone service to get the “best” pricing. I’m assuming that they sell your phone number to marketers, which is why they give you better pricing for bundling cable, internet, and phone. This is the bullshit that pisses people off.

    ↩

4. And possibly illegal? Isn’t Comcast required to provide 911 coverage in the event of a power outage (or at least attempt to) for their VOIP?

    ↩

5. Regulatory Recover Fee? Seriously, fuck you for that one.

    ↩

6. I’m lucky enough to have other options available (RCN, Fios), but neither seem to be much better. I should probably look at RCN the next time Comcast tries to raise my prices. Though, pricing out the same plan on RCN would cost me pretty much the exact same amount. So, you know, screwed either way.

    ↩

Open Floor Plans are (Mostly) Pure Marketing

Came across this post on open floor plans via Gabe at Macdrifter. The article is about labs, but I think it’s applicable to offices in general. Our new office has a major problem with not having enough quiet space. We moved from an office with lots of offices and meeting rooms to an office with fewer offices per employee and many fewer meeting rooms. The other side of that exchange? More “open space” and the serendipitous collaboration that theoretically results.

Open offices can work. Open offices can be beneficial. But there has to be a place you can go have a meeting, or go make a phone call, or go get some quiet work done. I’d worked in an office for 5 years before we moved into our new building, where I ended up trading an office for a cube. I don’t mind that (well, that much).

What I do mind is the inability to lock out the world and get work done when I’m on a deadline. With an office, or at a minimum, with a door, the act of shutting the door is a sign “Hey, I’m busy, it has to be really important.” It’s a simple mechanism to increase the friction required to interrupt you. And, as we all know, it works.

Cubes and desks don’t facilitate that. You are at your desk, you are fair game to interrupt.

Open offices aren’t inherently bad. They can and do foster collaboration. They can encourage the type of interactions that drive innovation. There’s a great presentation by my basketball comrade Bill Aulet about designing office space for innovation, and I think he’s right: you want a particular type of office for collaboration, innovation, and invention.

There’s also the famous discussion by Joel Spolsky on the need for private offices for developers. The gist: developers need the ability to work privately as they think through and work through the complicated tasks they’ve been tasked with solving. You can likely extrapolate that to many job roles.

As they say, everything in moderation. If you’re in an office where you require collaboration on a daily basis, and private work is the exception, an open office may be perfect. If you’re in an office where you’ve got a team on two week sprints and tight deadlines, the last thing you want is people having conversations and interrupting the entire team. There’s a balance.

And almost every open office space I’ve seen misses the mark. Our current office space did. There aren’t enough quiet places to go and close a door and get work done. The biggest thing I’ve done for my productivity in the past few weeks was use my seniority to claim a better cube and position white boards as movable walls. Now, people can’t actually tell if I’m at my desk, so they’re less likely to walk up and interrupt me, and will use email or IM (both media that I can ignore) to query me. If I need to work with a team, I can go to a space to collaborate. If you asked me to redesign our office space, I’d invert the ratio of open space to private space. I’d give people a place to work privately by default, and allow them many rooms to come together and collaborate. But, hindsight, 20/20 …

In the end, this is the most telling thing about open offices:

But no matter what, there's one area that never does seem to turn into a big, open, collaborative share-space: wherever the higher-level executives work. Funny how that happens.

Ain’t that the truth.

(Via Macdrifter)

OmniFocus 2 is out!

I’ve been using the OmniFocus 2 beta for a few months and on Wednesday, The Omni Group officially released OmniFocus 2.0.

They’ve launched it with a bunch of nice videos, an iBooks-based manual, and an entirely new site devoted to folks’ workflows and ideas on how to use OF. That should help temper the learning curve for OmniFocus a bit and help show the myriad ways it can make your life a bit easier to manage.

OmniFocus 2 has been the impetus for me to get even more stuff into it, to try to better manage the hundreds (or thousands) of things that come across my desk/email/brain every week. Between OF2 and Evernote, I feel like I’ve got a reasonable handle on my time and organizing my tasks and info (though I do spend far too much time pushing tasks I ran out of time for into the future, which isn’t quite as rewarding).

The best way to figure out if OmniFocus is for you is to watch someone else use it. Check out the videos (or this in-depth video tutorial/review) and see if it’ll work for you.

See, Other Folks Love the West Wing Too →

A really supremely clever recap of a single episode of season two of The West Wing. You should also check out the behind the scenes creation.

(Via Dave Winer.)

The Television Reckoning

’twas a bad end to the television season for me.

Community, which I think I rate in the top 10 shows ever (and probably top 5 sitcoms), was canceled.
Trophy Wife, a show that was probably one of the better new family sitcoms, lasted one season.
Suburgatory, a show that, at its best, gave us Ryan Shea (aka Eugene Goldfarb) and Dalia Royce, was canceled.
Enlisted, a touching, funny show that stole “Ryan Shea” from Suburgatory, didn’t even make it through its first season.
How I Met Your Mother, a show that had a great peak, nearly ruined its legacy with a tone-deaf final season.

Topping it off, Parks and Recreation and Cougar Town are both finishing up after one more season.

Want to know why people are spending more time on Netflix? I’m not worried about them canceling The West Wing or Scrubs (again).

Bah.

Backing up iPhoto to Flickr →

Ever since Flickr upgraded to their 1TB plan, I’ve been looking for a good way to backup my photos there. Over the weekend, I stumbled upon this Github repo, which has a bit of AppleScript to get your photos and albums from iPhoto, then sets about uploading them to Flickr.

Even better, it keeps track of what it’s already uploaded, so you can run it every time you add some photos to iPhoto, so you’ll have a solid backup.

For me, this solves a lot of problems:

• One, I like having my photos backed up. I think this will be my seventh photo backup, which makes me at least feel pretty good that a bad disk or virus or malware won’t eat all my photos.
• Two, it solves the “how do I keep a lot of photos on my phone” issue.

That latter solution is a big one. iOS still has a pretty bad solution for managing photos, particularly doing it wirelessly. Syncing photos is still over a cable, so I’ve moved to using Photo Stream as a way to get photos off my camera, as imperfect as that is. But that means the photo albums on my phone never get updated, as they only get updated when you sync via USB.

Now, I can use the Flickr app (as long as I’ve got some sort of internet access) and have access to every single one of my photos going back to when I first got a digital camera (Christmas of 1999). That’s pretty awesome. And they don’t take up any space on my phone. Even better.

There’s some little downsides and gotchas. If you’ve already uploaded anything to Flickr, you’re going to end up with duplicates (at least I’m pretty sure you are—I’ll know when my upload finishes). That’s pretty easy to clean up though. I’ve noticed some photos getting uploaded in the wrong orientation. That’ll take a little while to go through and adjust, but hey, easy enough to scan through albums and rotate some images.

Once done, I’ll have 15 years of images available to me at pretty much any time. I can add comments or descriptions and search on those, or browse albums. Flickr’s new app is pretty nice, and not a bad way to view photos on the go.

← Older Newer →