3/4/2014

MASSIVE DDOS Attack Hit Leading Companies

Filed under: — Aviran Mordo

Since last week a massive Denial of service attack (DDOS) hit major internet services in an attempt to bring the service down.

Companies like Wix, StatCounter, Namecheap, Meetup and Bit.ly where the target of an unprecedented large scale and sophisticated DDOS attack.

In an email sent to Wix customers Avishay Abrahami, Wix CEO, explains about the attack:

“…Since Thursday, 2/27 at 07:00am EST Wix has been the target of a malicious DDoS attack, a technique used by hackers to take an internet service offline by overloading its servers. (To read more about DDoS attacks: http://en.wikipedia.org/wiki/Denial-of-service_attack).

We have robust systems in place to deal with such instances; however the scale of this particular attack caused Wix.com and some Wix user websites to experience significant but intermittent downtime. Throughout the attack, we were able to guarantee that the vast majority of websites remained live and unaffected. Rest assured, all your personal data, including billing information, is secure and was never compromised….“

StatCounter announced via Twitter that they managed to restore the service after is was down.

Some of the companies got a blackmail letter asking for money in order to stop the attack such as published my Meetup.com, however they did not surrender to the blackmailer and trying to fight off the attack.

The DDOS attack started around the same time on 2/27/2014 for most of the services being targeted which raises the suspicion that it is the same group of criminals attacking all of these companies, trying to blackmail them for money. It is unknown if and how many other companies did pay out the ransom money and avoided being hit.

1/27/2014

Speaking @QCon London 2014 (Get A Coupon)

Filed under: — Aviran Mordo
Speaking At QCon London

Today I have a special treat for all the readers.
I will be speaking at QCon London 2014 about Wix’s architecture at scale, which I highly recommend (-:

Here is the talk abstract:

“When over 40M users host their website on Wix we need to handle both large scale traffic, lots of data and also to be highly available (after all we can’t let 40M websites to have down-time).
At Wix we handle over 700M HTTP requests per day to serve and edit websites.

In this talk I will go over Wix’s architecture, how we evolved our system to be highly available even at the worst case scenarios when everything can break, how we built a self-healing eventual consistency system for website data distribution and will show some of the patterns we use that helps us render lots of websites while maintaining a relatively low number of servers.”

Hope to see you there.

If you plan to attend QCon London 2014 I also have a promotion code. Just enter “MORD100” in the registration form and get £100 off.

1/5/2014

How A Single App Can Kill Your Phone

Filed under: — Aviran Mordo

Up until few weeks ago I had a Samsung Galaxy S3 phone. While I was waiting patiently for Samsung to upgrade the Android OS 4.1 to a newer version, I got sick and tired of waiting and bought a shiny new Nexus 5 phone.

I got my new phone and was amazed of how fast and responsive it is. I installed all my favorite apps and was very content. However there was one problem with the phone. The battery life was poor and I had to charge it after 6-8 hours. At first I didn’t pay any special attention to it, since I was reading that battery life on Nexus 5 was poor. Then one day I notice that the battery drained after only 4 hours and I got suspicious.

Looking at the battery statistics I notice that the service mostly used the battery was mm-qcamera-daemon. Googling the issure I found many posts saying mm-qcamera-daemon drains the battery if you have Yahoo Messenger Video plugin, which online forums suggest to un-install. The problem is that I did not install this app. i was still lost.

After some more un-successful attempts for information searching, I started to think that if mm-qcamera-daemon is related to camera usage then what apps do I have that use the camera. Finally a light bulb over my head appeared and I solved the riddle.

One of the first apps I installed was “SmartStay +” . This app leaves the screen on if it identify you are looking at the screen using the front facing camera and face detection API. I then removed this app and WOW, no more mm-qcamera-daemon in the battery statistics, and battery now lasts for a whole day without charging.


Update
Google has officially acknowledged the Nexus 5 bug on its Android issue tracker website and promised that a fix is in the works. However there is no timeline as far as when the fix might be issued, and Google would only say that it will be implemented in a future Android software update.
In the bug track issue, Google noted that Skype is among the more popular apps that trigger the bug and recommend you uninstall Skype or reboot your device every time mm-qcamera-daemon is miss-behaving.

12/28/2013

Kill The Deadlines

Filed under: — Aviran Mordo

I have been building software for over 20 years and participated in many projects. Usually when you come to write a new feature or starting a new project one of the first thing your manager asks you is a time estimate (if you are lucky) and then will set a deadline for the project completion.

Once a deadline is set everybody is start working to meet this date. While setting a deadline helps management plan and have visibility about what is coming from the development pipeline, the act of setting a deadline, especially an aggressive one is a destructive act that in most cases hearts the company in the long run.

Development work consists of much more than writing and testing code, it also consists of research and design. The problem is that while (experienced) developer can estimate the coding effort there is no real way to estimate the research phase, problems you may encounter and how long the design is going to take (if you want to make a good design). How can you really estimate how long it will take you to learn something that you don’t know?

If deadlines are aggressive, meeting them usually means that developers will start cutting corners. Do a bad design just because you don’t have the time to the right one. If developers are pressed in time they may stick to the bad design choice just because they don’t have time to switch the design to a better one after they realize their initial design has flaws.

Other things developers do in order to meet the deadline is to cut down on testing, while doing that hurts the quality of their work. While cutting down on automated testing may let you believe the work is progressing at a higher rate, however you will usually find the problems in production and spend much more time stabilizing the system after it is deployed. You might think you met the deadline shipping the product, but the quality of the product is low and you are going to pay for that in maintenance and reputation.

In addition to all that working to meet deadlines create stress on the developers which is not a healthy environment to be in for a long time, if they move from one deadline to another.

Now don’t get me wrong, by not setting a deadline you are not giving a free hand to project to stretch beyond reason. Developers should be aware that their performance is measured but they should also know that they can take the time to produce a high quality product by not cutting corners. In most cases a project can be delayed by few days or weeks without any real consequences to the company, and developers should know that if they have the time they need to produce a good product.

In the exception where you do have a deadline which you cannot postpone the delivery, you should take into consideration that there will quality issues and design flaws. After the delivery you should give developers time to complete the missing tests, do necessary refactoring and bring the product to the desired quality.

11/18/2013

Dev Centric - Trust And Collaboration

Filed under: — Aviran Mordo

After my first post about Dev Centric culture I got many questions on the topic which I will try to explain in the next few posts.
At first glance Dev Centric sounds like the only one that matters is the developer and everyone else are just simple helpers. This cannot be farther from the truth.

To understand Dev Centric let’s take a step back and describe how a company grows but before that we need to understand how a software company ship a product. Like every manufacturing plant a software company also have a pipe line that a product need to go through in order for it to be shipped to the customers.

Here is a standard software pipe line.

Product definition -> Design -> Develop -> Build -> QA -> Deploy

When a company is small you have only a handful of developers which are the pipeline, and do all the work. They design, code, deploy, maintain, do QA and also define the product. However while good developer can do all these tasks it comes with a price, they do not focus on what they are best of, which is writing code.

So in order to make the product better a company hires a product manager, which is probably going to do a better job at designing a product than the developer. Product manager has better skills and specializes in product definition phase of the pipe line. Now while the company is small PM work closely with the developers with a lot of collaboration.

Same goes with QA, operations and architects which each one can probably do a better job than the developer on their own field of experties. While the company is small they all work together. However when a company grows then walls starting to show as every group want to control their aspect of the pipe line, which in turns causes mistrust, and slows down the whole “production line” as you define more structured process and work flows.

Dev Centric culture tries to make the production line as fast as possible. Now if we look at the pipeline the one person who we cannot be without is the developer. The developer IS the production line, he is the one that manufacture the product. However since we also want the best quality product we cannot give up PM, QA and Ops, they are very important part of the manufacturing floor.

So since the developer is the one that ships the product we want to make the process as fast and as efficient as we can without losing quality. In order for the developer to create the best product he needs to understand it.
The best way to understand a product is to help define it. This is where Dev Centric comes into the picture. Developers should work together with PM and help define the product. Not buy getting a thousand pages spec but to sit in the same room with the PM and discuss the product, define it while writing the code. This way the code that the developer writes is the right one and there are no misunderstandings between what the PM intent and what the developer understood.

Same goes with QA. Developers should work closely with QA so they understand each other. QA understands the product the same way the developers do. The developers should continuously release code to QA during the development process to shorten the cycles. The best way is to work Test Driven Development (TDD) where developers are also writing the automated tests for their code and QA backs up the developers with more comprehensive end to end tests which also serve as acceptance tests. Another important role for QA is to review the developer’s test cases and point out if there are un-tested use cases.
So the same goes with Ops and architect like mentioned in my previous post.

Dev centric basically clears the path for the developer to deliver faster and better product by breaking the walls in the manufacturing floor having everyone working in collaboration and focusing on what is important (delivering the best product) by creating trust between people with different agendas and by doing that create a productive environment.

10/28/2013

Dev Centric Culture - Breaking Down The Walls

Filed under: — Aviran Mordo

We have been doing Continuous Delivery at Wix for several years now and as part of that, I have been training my team at the methodology of DevOps and changing the company’s culture. Last week I was trying to explain to some colleagues how we work at Wix and about our dev culture. While doing it I realized that we are doing much more than just DevOps. What we actually do is something I call “developer centric culture” or in short “Dev Centric” culture.

What is Dev Centric culture?

Dev Centric culture is about putting the developer in the middle and create a support circle around him to enable the developer to create the product you need and operate it successfully.

Dev Centric Circle

Before I’ll go into details about Dev Centric culture and why is it good let’s look on the problems we have, what we are trying to solve and why it is more than just DevOps.

DevOps is about breaking the walls between developers and operations but after few years of doing DevOps and continuous delivery we realized that DevOps is not enough. The wall between the developers and the operation is just one wall out of many. If you really want to be agile (and we do) we need to break down ALL the walls.

Let’s take a look at a traditional development pipeline.

  • Product that “tells” engineering what they need to do.
  • Software architect designs the system and “tells” the developer how to build it.
  • Developers write the code (and tests in case the work in TDD)
  • QA checks the developer’s product and cover it with more test
  • Operations deploy the artifact to production

So what we have here is a series of walls. A wall between the product and engineering, a wall between engineering and QA and of course a wall between engineering and operation. (Sometimes there is even a wall between architecture team and developers)
(more…)

10/11/2013

A first look inside Google’s futuristic quantum lab

Filed under: — Aviran Mordo

In May, Google launched the Quantum Artificial Intelligence Lab with hardware from the Canadian quantum computing company D-Wave and technical expertise from NASA. It was an ambitious open research project aimed at exploring both the capabilities of quantum computer architecture and the mysteries of space exploration — but in the months since, they’ve stayed quiet about exactly what kind of work they’ve been doing there.

Now Google they’re breaking the silence with a brief short film, set to debut at the Imagine Science Films Festival at Google New York. The film takes a look at various researchers working on the project, as well as the computer itself, which has to be operated at near-absolute-zero temperatures. Researchers hope the quantum architecture will eventually be used to optimize solutions across complex and interconnected sets of variables currently outside the capabilities of conventional computing. That could allow for new solutions in computational medicine or help NASA to construct a more comprehensive picture of the known universe. “We don’t know what the best questions are to ask that computer,” says NASA’s Eleanor Rieffel in the video. “That’s exactly what we’re trying to understand.”

Source: The Verge

10/9/2013

Most Developers Are Middle-Aged Married Folks

Filed under: — Aviran Mordo

Usually when we think of “brogrammers,” we picture Silicon Valley hipsters that may have graduated from college, but can’t leave the frat house behind. The reality, according to Evans Data survey of more than 1,400 programmers, is somewhat different.

For one thing, while popular culture celebrates the idea of developers as pizza-eating loners, the data suggests otherwise. According to Evans Data, 71% of developers are married and only 3% are divorced (compared to a 40% divorce rate nationwide). Roughly 68% of developers have between one to three children. Only 32% are childless. Most developers are married with children.

Not surprisingly, then, most developers aren’t particularly young. Of the 18.2 million programmers on the planet, most left college long ago. While the median age has been falling for years, in North America the median age is still a reasonably stodgy 36.

Lastly, while brogrammer culture is rightly derided as juvenile, it apparently has flourished among a highly educated workforce. We may celebrate the dropouts like Bill Gates and Mark Zuckerberg, but 85% of developers have college degrees, 40% have Master’s degrees and another 5% have doctoral degrees.

In other words, developers should know better.

Samsung announces the Galaxy Round with a curved display

Filed under: — Aviran Mordo

Samsung has taken the wrapper off its rumored smartphone with a curved OLED display. The Galaxy Round, which will launch on SK Telecom in South Korea, has a 5.7-inch 1080p screen the same size as seen on the company’s Galaxy Note 3, but there’s a difference — it curves on the vertical axis in a similar fashion to some of Samsung’s OLED TVs.

Samsung is touting a new feature called “Round Interaction,” which allows you to look at information such as missed calls, battery life, and the date and time when you tilt it on a flat surface with the screen off.

10/8/2013

Android adware vulnerabilities are so BAD, researchers won’t ID it

Filed under: — Aviran Mordo

A popular mobile ad library used by multiple Android apps poses a severe malware threat, researchers at infosec firm FireEye have warned. The security researchers said that altogether 200 million affected apps had been downloaded.

This ad library aggressively collects sensitive data and is able to perform dangerous operations such as calling home to a command-and-control server before downloading and running secondary components on demand.

Mobile ad libraries are third-party software included by host apps in order to display ads. Because this library could potentially be used to conduct large-scale attacks on millions of users, FireEye refers to it anonymously by the code name “Vulna” rather than revealing its true identity.

An analysis of the most popular apps (those with over one million downloads) on Google Play reveals that 1.8 per cent of them used “Vulna”. The potentially affected apps have been downloaded more than 200 million times in total.

FireEye catalogues a variety of built-in aggressive behaviours which, in addition to vulnerabilities with the technology, make Vulna a threat.

Adobe deals with data breach affecting 2.9m customers

Filed under: — Aviran Mordo

Adobe has been hit with a massive cyber attack, where hackers obtained customer IDs, passwords and encrypted credit card information of more than 2.9 million customers. Adobe believes the hackers also breached source-code data of several Adobe products, including Acrobat and ColdFusion.

The software giant behind products like Photoshop, InDesign and Shockwave Flash announced last week they had been hit by two separate attacks targeting customer and company information. Adobe is in the process of sending password-reset e-mails and customer security alerts to affected customers to try to mitigate the damage, but there’s a bit of a problem with that approach.

According to independent security reporter Brian Krebs, Adobe has known about the breach since Sept. 17, and they believe the attack happened sometime in mid-August. Considering those customers’ information has been in the hackers’ hands for nearly two months, resetting passwords and canceling credit cards at this point may be moot.

Adobe’s investigation is still in its early stages, and the company hasn’t finished unearthing the full scope of what data may have been compromised.

10/7/2013

Building R&D Culture Based On Quality To Drive Innovation

Filed under: — Aviran Mordo

When I joined Wix in 2010 my job was to rebuild the back-end engineering team. The previous team that took the company to where it was back then was scattered to other projects and except for one developer from the original team I had a completely new team.

A couple of months after I arrived and started to figure things out with my new team we decided to move to continuous delivery methodology. Since we faced many challenges in both moving to continuous delivery and the need to re-write the whole back-end system, we needed very good software engineers to build a new framework and to be the first ones to lead the company’s Dev-Centric culture.

We wanted to create a culture based on quality in terms of software engineering and people responsibilities. Since every person in a growing company has a profound effect on the company’s culture, it sets the tone for the recruitment process. Ever since I got to Wix I have never stopped recruiting engineers, however recruiting is a big challenge. I was looking for exceptional software engineers. The standards for passing the interview process is very high and very few actually succeeded, but that is a price I’m willing to pay in order to build an ‘A team’.

(more…)

Powered by WordPress