I write about technology a lot. I don’t consider this a beginner tech blog, but I’m also keenly aware that many technology words and acronyms are not well known. I thought it prudent to build a glossary that I can link to when I use these terms so we can all learn together. I’ll try to keep it in alphabetical order; let’s see how that goes. I’ll add to this as life goes on and bump it back to the top whenever I do.
Distributed Denial of Service attack. We generally drop the word “attack” today and just refer to a DDoS attack as “a DDoS” or “they were DDoSsed”. It’s pronounce Dee Doss, and not Dee Dee Oh Ess. I will go to the grave saying Dee Doss.
The DDoS of today has its roots in a DoS meaning simply “Denial of Service” attack. The added D today is for the word “Distributed”. When the Internet was small and towney, we saw DoS attacks which were pretty easy to mitigate. A DoS attack is perpetrated by one or two IP addresses and is therefore very easy to mitigate. Just block that IP or two, and the attack is over. Today’s “Distributed” DoS attacks are much harder to mitigate because they come from a wide range of IP addresses. The attack stems from “Distributed” attacking IPs.
The first signifcant DDoS was recorded in 1999 when 227 servers were knocked offline for days. On October 21st 2016, over 10,000,000 IPs were recruited to attack the Dyn DNS servers which made thousands of websites unavailable for a few hours. These times, they are a’ changing.
Internet of Things. This term is kind of racist. It considers “proper” Internet devices to be computers, routers, and maybe smart phones. Anything else is a “thing” and the proliferation of these Internet-connected “things” have spawned the term Internet of Things.
I’ve heard this pronounced as both Eye Oh Tee and plainly spoken as “Internet of Things”. It works both ways now, mostly because it’s very new. Language is built on concensus and there may be a preferred way to pronounce IoT soon.
The list of things is almost endless now and I am sure it will grow to include every device on the planet within the next decade. Fridges, televisions, lightbulbs, and toasters are all available in wifi connected models for your amusement. The first Internet was populated by people. The current Internet forces us to share the Internet with things.
I’ve written more about the problems with IoT here.
There is a lot of blame to go around in the aftermath of the Dyn DDoS attack on Oct 21st. A good chunk of the bots look like Internet of Things (IoT) devices that were recruited by the Mirai botnet code. Mirai has dropped the traditionally high costs of building a botnet to near zero which means we’re seeing progressively larger and more effective DDoS attacks each week.
Sucuri discovered the first IoT botnet using CCTV devices in June. It was not long after that we started to see significantly larger DDoSes occurring and breaking all existing records for DDoS volume to date.
Why is Mirai such a big deal?
As I eluded to in the introduction, the cost of building a botnet used to be high. All those spam and phishing emails we’ve become numb to over the years were part of that effort. Hackers had to painstakingly trick each of us to click a malicious link which installed their malware on our (usually Windows) PC. It would take thousands of emails to get one or two suckers to click the link. It often took months to build a really powerful botnet with hundreds or thousands of zombie computers. And once it was built, it had to be carefully guarded to ensure it did not get dismantled by anti-virus software and other measures.
The reason this was so hard is because it was a person-against-person attack. Hacker guy had an agenda to trick you into clicking the link and you had a very good reason to not do that. That is why it took so many attempts to net one or two clicks. These IoT botnets are a different beast altogether. It’s smart humans against painfully dumb machines that have no way to even know what is happening to them, much less any sentient desire to protect themselves. The most significant contributing factor is the sheer number of these devices that are deployed with the factory username and password which means they may as well have no authentication system at all.
Mirai makes composing a botnet of 10s of thousands of devices even easier by automating the process. Mirai will even find the devices out on the Internet. So, now we have a situation where millions of dumb devices can be successfully exploited en masse within a short time frame. It’s the perfect storm.
Why was the Dyn DDoS attack significant?
Continue reading “Mirai botnets: the vanishing upper limit of DDoS attacks.”
The general idea of remote work is that you do the same job you would do in the office, but you don’t have to actually go to the office. This removes all the problems with people and politics of the office. That’s viewed as a huge benefit, but the reality is that many people only keep their jobs because of the people and politics of the office. Remote work strips all that away and leaves you standing naked in a meritocracy where only your skills matter.
I’ve worked remotely for 7 out of the last 9 years. For 4 years I was a remote contractor left to my own devices. I spent 2 years working as a remote worker for a non-remote company and I’ve spent the last year-ish working as a remote worker for a remote company. While sitting at home looks the same in all cases, each of those situations were very different from each other.
Here’s what I have learned from each of those situations:
Remote work as a contractor
Unless you want to spend a lot of time chasing business, chasing cheques, and schmoozing on the phone, you’re screwed. The vast majority of remote “employers” are really just guys with ideas that want the cheapest possible labour to see if their idea has legs. They’re not invested in the idea of building a remote workforce for any reason other than they see it as the cheapest way to get going. They’ll work the shit out of you to see if you’re good “startup material” (which really means “I have no money because nobody but me believes in my idea”) and discard you when you’re so exhausted you trip. If they have no backers, be wary. Don’t know if they have backers? Google it; Angels and VCs love to talk about who they’re backing.
I spent about 25% of my time actually working and the rest of the time doing these tasks in no particular order:
- Trying to find new work.
- Trying to get paid for completed work.
- Trying to figure out the best way to acquire gear and services (from a tax perspective).
- Learning how to do my taxes properly.
- Mourning the loss of my skill set because I was not using it.
Continue reading “Remote work: the last meritocracy”