Sven Olaf Kamphuis waving the Pirate Party flag in front of CyberBunker's nuclear bunker.
Over the last ten days, a series of massive denial-of-service attacks has been aimed at Spamhaus, a not-for-profit organization that describes its purpose as "track[ing] the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks." These attacks have grown so large—up to 300Gb/s—that the volume of traffic is threatening to bring down core Internet infrastructure.
The New York Times reported recently that the attacks came from a Dutch hosting company called CyberBunker (also known as cb3rob), which owns and operates a real military bunker and which has been targeted in the past by Spamhaus. The spokesman who the NYT interviewed, Sven Olaf Kamphuis, has since posted on his Facebook page that CyberBunker is not orchestrating the attacks. Kamphuis also claimed that NYT was plumping for sensationalism over accuracy.
Sven Olaf Kamphuis is, however, affiliated with the newly organized group "STOPhaus." STOPhaus claims that Spamhaus is "an offshore criminal network of tax circumventing self declared internet terrorists pretending to be 'spam' fighters" that is "attempt[ing] to control the internet through underhanded extortion tactics."
Today, a large collection of Web hosting and service companies announced that they will support Railgun, a compression protocol for dynamic Web content. The list includes the content delivery network and Web security provider CloudFlare, cloud providers Amazon Web Services and Rackspace, and thirty of the world’s biggest Web hosting companies.
Railgun is said to make it possible to double the performance of websites served up through Cloudflare’s global network of data centers. The technology was largely developed in the open-source Go programming language launched by Google; it could significantly change the economics of hosting high-volume websites on Amazon Web Services and other cloud platforms because of the bandwidth savings it provides. It has already cut the bandwidth used by 4Chan and Imgur by half. “We've seen a ~50% reduction in backend transfer for our HTML pages (transfer between our servers and CloudFlare's),” said 4Chan’s Chris Poole in an e-mail exchange with Ars. “And pages definitely load a fair bit snappier when Railgun is enabled, since the roundtrip time for CloudFlare to fetch the page is dramatically reduced. We serve over half a billion pages per month (and billions of API hits), so that all adds up fairly quickly.”
Rapid cache updates
Like most CDNs, CloudFlare uses caching of static content at its data centers to help overcome the speed of light. But prepositioning content on a forward server typically hasn’t helped performance much for dynamic webpages and Web traffic such as AJAX requests and mobile app API calls, which have relatively little in the way of what’s considered static content. That has created a problem for Internet services because of the rise in traffic for mobile devices and dynamic websites.
Fifteen years ago, you weren't a participant in the digital age unless you had your own homepage. Even in the late 1990s, services abounded to make personal pages easy to build and deploy—the most famous is the now-defunct GeoCities, but there were many others (remember Angelfire and Tripod?). These were the days before the "social" Web, before MySpace and Facebook. Instant messaging was in its infancy and creating an online presence required no small familiarity with HTML (though automated Web design programs did exist).
Things are certainly different now, but there's still a tremendous amount of value in controlling an actual honest-to-God website rather than relying solely on the social Web to provide your online presence. The flexibility of being able to set up and run anything at all, be it a wiki or a blog with a tipjar or a photo hosting site, is awesome. Further, the freedom to tinker with both the operating system and the Web server side of the system is an excellent learning opportunity.
The author's closet. Servers tend to multiply, like rabbits. Lee Hutchinson
It's super-easy to open an account at a Web hosting company and start fiddling around there—two excellent Ars reader-recommended Web hosts are A Small Orange and Lithium Hosting—but where's the fun in that? If you want to set up something to learn how it works, the journey is just as important as the destination. Having a ready-made Web or application server cuts out half of the work and thus half of the journey. In this guide, we're going to walk you through everything you need to set up your own Web server, from operating system choice to specific configuration options.
A newly discovered form of malware that targets Linux servers acting as Web servers allows an attacker to directly inject code into any page on infected servers—including error pages. The rootkit, which was first publicly discussed on the Full Disclosure security e-mail list on November 13, appears to be crafted for servers running the 64-bit version of Debian Squeeze and NGINX.
An analysis of the rootkit by Kaspersky Labs found that the malware inserts HTML iframe elements into every page served up to Web browsers connecting to the server. It does this by replacing the code that builds TCP/IP packets (tcp_sendmsg) with its own code. The malware then retrieves the code to be inserted into the iframe by connecting, botnet-like, to a command and control network with an encrypted password.
The rootkit, designated as Rootkit.Linux.Snakso.a by Kaspersky, is a new approach to drive-by downloads. They usually are based on PHP script—not code injected into the kernel of the operating system. Because the new rootkit infects the entire server and not just a specific page, the malware could affect dozens or even hundreds of websites at a time if it infects the server of a Web hosting provider.
Look at this incredible thing Ian Baker created. Look at it!
What you're seeing is not Photoshopped. This is an actual photo of a real world, honest to God double-clawed hammer. Such a thing exists. Isn't that amazing? And also, perhaps, a little disturbing?
That wondrous hammer is a delightful real-world acknowledgement of the epic blog entry PHP: A Fractal of Bad Design.
I can’t even say what’s wrong with PHP, because – okay. Imagine you have uh, a toolbox. A set of tools. Looks okay, standard stuff in there.
You pull out a screwdriver, and you see it’s one of those weird tri-headed things. Okay, well, that’s not very useful to you, but you guess it comes in handy sometimes.
You pull out the hammer, but to your dismay, it has the claw part on both sides. Still serviceable though, I mean, you can hit nails with the middle of the head holding it sideways.
You pull out the pliers, but they don’t have those serrated surfaces; it’s flat and smooth. That’s less useful, but it still turns bolts well enough, so whatever.
And on you go. Everything in the box is kind of weird and quirky, but maybe not enough to make it completely worthless. And there’s no clear problem with the set as a whole; it still has all the tools.
Now imagine you meet millions of carpenters using this toolbox who tell you “well hey what’s the problem with these tools? They’re all I’ve ever used and they work fine!” And the carpenters show you the houses they’ve built, where every room is a pentagon and the roof is upside-down. And you knock on the front door and it just collapses inwards and they all yell at you for breaking their door.
That’s what’s wrong with PHP.
Remember the immediate visceral reaction you had to the double-clawed hammer? That's exactly the reaction most sane programmers have to their first encounter with the web programming language PHP.
This has been going on for years. I published my contribution to the genre in 2008 with PHP Sucks, But It Doesn't Matter.
I'm no language elitist, but language design is hard. There's a reason that some of the most famous computer scientists in the world are also language designers. And it's a crying shame none of them ever had the opportunity to work on PHP. From what I've seen of it, PHP isn't so much a language as a random collection of arbitrary stuff, a virtual explosion at the keyword and function factory. Bear in mind this is coming from a guy who was weaned on BASIC, a language that gets about as much respect as Rodney Dangerfield. So I am not unfamiliar with the genre.
Except now it's 2012, and fellow programmers are still writing long screeds bemoaning the awfulness of PHP!
What's depressing is not that PHP is horribly designed. Does anyone even dispute that PHP is the worst designed mainstream "language" to blight our craft in decades? What's truly depressing is that so little has changed. Just one year ago, legendary hacker Jamie Zawinski had this to say about PHP:
I used to think that PHP was the biggest, stinkiest dump that the computer industry had taken on my life in a decade. Then I started needing to do things that could only be accomplished in AppleScript.
Is PHP so broken as to be unworkable? No. Clearly not. The great crime of PHP is its utter banality. Its continued propularity is living proof that quality is irrelevant; cheap and popular and everywhere always wins. PHP is the Nickelback of programming languages. And, yes, out of frustration with the status quo I may have recently referred to Rasmus Lerdorf, the father of PHP, as history's greatest monster. I've told myself a million times to stop exaggerating.
The hammer metaphor is apt, because at its core, this is about proper tooling. As presciently noted by Alex Papadimoulis:
A client has asked me to build and install a custom shelving system. I'm at the point where I need to nail it, but I'm not sure what to use to pound the nails in. Should I use an old shoe or a glass bottle?
How would you answer the question?
- It depends. If you are looking to pound a small (20lb) nail in something like drywall, you'll find it much easier to use the bottle, especially if the shoe is dirty. However, if you are trying to drive a heavy nail into some wood, go with the shoe: the bottle will shatter in your hand.
- There is something fundamentally wrong with the way you are building; you need to use real tools. Yes, it may involve a trip to the toolbox (or even to the hardware store), but doing it the right way is going to save a lot of time, money, and aggravation through the lifecycle of your product. You need to stop building things for money until you understand the basics of construction.
What we ought to be talking about is not how terrible PHP is – although its continued terribleness is a particularly damning indictment – but how we programmers can culturally displace a deeply flawed tool with a better one. How do we encourage new programmers to avoid picking up the double clawed hammer in favor of, well, a regular hammer?
This is not an abstract, academic concern to me. I'm starting a new open source web project with the goal of making the code as freely and easily runnable to the world as possible. Despite the serious problems with PHP, I was forced to consider it. If you want to produce free-as-in-whatever code that runs on virtually every server in the world with zero friction or configuration hassles, PHP is damn near your only option. If that doesn't scare you, then check your pulse, because you might be dead.
Therefore, I'd like to submit a humble suggestion to my fellow programmers. The next time you feel the urge to write Yet Another Epic Critique of PHP, consider that:
- We get it already. PHP is horrible, but it's used everywhere. Guess what? It was just as horrible in 2008. And 2005. And 2002. There's a pattern here, but it's subtle. You have to look very closely to see it. On second thought, never mind. You're probably not smart enough to figure it out.
- The best way to combat something as pervasively and institutionally awful as PHP is not to point out all its (many, many, many) faults, but to build compelling alternatives and make sure these alternatives are equally pervasive, as easy to set up and use as possible.
We've got a long way to go. One of the explicit goals of my next project is to do whatever we can to buff up a … particular … open source language ecosystem such that it can truly compete with PHP in ease of installation and deployment.
From my perspective, the point of all these "PHP is broken" rants is not just to complain, but to help educate and potentially warn off new coders starting new codebases. Some fine, even historic work has been done in PHP despite the madness, unquestionably. But now we need to work together to fix what is broken. The best way to fix the PHP problem at this point is to make the alternatives so outstanding that the choice of the better hammer becomes obvious.
That's the PHP Singularity I'm hoping for. I'm trying like hell to do my part to make it happen. How about you?
[advertisement] How are you showing off your awesome? Create a Stack Overflow Careers profile and show off all of your hard work from Stack Overflow, Github, and virtually every other coding site. Who knows, you might even get recruited for a great new position!
The growth of hacktivism, inspired by global social movements such as Occupy Wall Street and the Arab Spring, is helping distributed denial of service attacks make a comeback. The attacks, which use thousands of hijacked computers to overload servers, increased 25% in the first quarter of 2012, compared with the final three month of 2011, according to a new report released by Prolexic, a security firm that helps companies fend-off DDoS attacks.
But the real surge was in financial companies, which have been hard hit by hacktivists. Financial firms monitored by the company saw a 3000% increase in malicious traffic this quarter, as hacker groups, such as Anonymous, went after banks such as Goldman Sachs again and again in pre-announced raids. In a different survey by Arbor Networks, another security firm, political or ideological causes were behind 35% of DDoS attacks, between October 2010 and September 2011.
Hacker groups, with social and political goals are helping bring about a “renaissance” in DDoS, a form of attack security experts had thought was fading. Before mid-2010, more sophisticated hacker exploits, such as cracking passwords, had taken the place of the DDoS assaults that security personnel view as a blunt instrument, said Gunter Ollmann, vice president of research for the security firm Damballa. And the operators of Botnets—the armies of zombie computers used for the attacks—had become more profit minded, using their hordes to run online scams, such as getting people to click on bogus ads.
But the aims of the new attacks are more grandiose, targeting governments and giant companies. Anonymous had promised a “global blackout” on March 31st, when it planned to launch attacks against the world’s root servers, which direct Internet users. The attacks generated almost no stoppage, though.
Neal Quinn, chief operating officer at Prolexic, said the key to dealing with such attacks is to conduct “fire drills” that prepare an organization for the assaults. “How’re the events going to play out? You need to be able to figure out, if this is a two hour event or a two minute problem,” Quinn said.
Thomas Hughes, director of Media Frontiers, a web hosting company, says an attack in 2011 against one customer– a Southeast Asian news service– lasted six weeks of increasingly large waves of malicious traffic.
Tech staffs should have extra bandwidth available so that when the attacks come, the waves of traffic can be rerouted. Quinn said companies should have a continual dialogue with web-hosting providers to discuss preparedness, emergency contact information and the threat environment in their industry..
Ollmann took a dimmer view–organizations can’t fully prevent
attacks from succeeding and need to be prepared for the worst. ”Even the largest organization in the world can fall,” he said. “You need to have contingency plans in place so you can still carry out business.”
Life and nature are one big transition. The sun slowly rises to mark a new day and then slowly sets to mark the end of the day and the beginning of night. We are created in the womb and from small cells we grow, are born and gradually age until we die. Perhaps these natural transitions in life are what make artificial transitions feel… well, right. Sometimes, though, when something jumps from one state to another, it feels OK but doesn’t quite feel right.
A transition that has been designed to be slow can feel awful. When designing an application, an interface or any type of structured content, we must ensure that users understand where they have come from as they arrive at the new page or state. The transition from one screen or group of content to another should feel natural and should be tested on devices of varying power and speed to get a wider view of how the transition feels. Too fast, and it may appear broken or jumpy; too slow, and it will be frustrating to use.
When discussing design, the word “transition” usually conjures up thoughts of overblown PowerPoint presentations or home-made movies made with cheap video-editing software. But there is more to transitions than meets the eye.
Transitions take us from one state to another all the time, many times a day in fact. Most of the time, these transitions feel completely invisible (as they should), and until they are taken away we don’t really know they are there. This article discusses transitions and how well-designed transitions can enhance the user’s experience by imparting a sense of control and easy navigation. We will also discuss how poor transitions can impair the user interface.
What Is A Transition?
By definition, a transition is “a change from one form or type to another, or the process by which this happens.” As mentioned, we make transitions all the time without really knowing it, and they certainly extend beyond our computer interfaces. A well-designed transition takes the user from point A to point B very quickly while conveying the path they have taken.
Transitions are common in interface design, as we know, but are also used in movies and product design. In product design, transitions are triggered by touch, movement or physical handling of the product; in interface design, however, transitions are triggered by navigating through the interface of the application or Web content. A transition should be designed to give the user a sense of their virtual position or location within the interface.
Examples Of Transitions
In a scene near the beginning of the 1971 movie Willy Wonka & the Chocolate Factory, winners of the golden ticket gather outside the gates of the mysterious factory to see the elusive Willy Wonka emerge.
Frames from Willy Wonka & the Chocolate Factory (1971).
As the scene unfolds, the viewer watches from behind the crowd, through the gates, towards the factory; the next camera angle takes us from behind the crowd to just inside the factory gates; and then we’re beside Wonka as he limps along the red carpet; and then we jump to watching him from behind. Although there is no visible “tweening” throughout these transitions in camera angle, we the audience still perfectly understand where we are.
We are watching the movie from our comfy chairs and yet we are made to feel as though we are physically present near the factory. This is an emotional transition.
If you have an iPad or iPhone, pick it up and go into the settings. Tap around between the menu options to see how the screen slides from right to left and left to right. Scroll to the bottom of any screen to see the soft bounce that indicates you have reached the end of the content. These simple quick transitions were carefully designed to give the user a sense of location within the operating system. Only when you slow these transitions down do you notice the detail that has gone into these in-between bits.
Although we are not viewing a physical location, as in a movie, the OS still gives the user a sense of location by letting them know through the transition where they are navigating to and where they have come from. When you tap on a menu button, the screen shifts to the right to show the next step, and to the left to show the previous step.
Google Chrome on Windows shows us another simple transition, as seen in the video below. When opening a new tab, you see it open with a brief animation from the left. Closing the tab animates it back to the left before disappearing.
The Path app, which is available on both Android and iPhone, is packed full of interesting transitions between states. It’s worth downloading to see how it handles jumping between features.
When the app opens, you go from the splash screen to the actual content with a quick page turn. Clicking on the main menu will spring open the menu options, which spring back once you close the menu. This detail shows the user where those menu items come from, and while we may not consciously think about it, it’s an important detail in the overall user interface.
The Scorekeeper app has what appears to be a very simple interface. Solid colors and a lot of straight edges give the impression that the app is easy to use — and perhaps even that little thought has gone into the visual design. But look again. The transitions in this app are beautiful. When a player is awarded points in a game, the app updates their ranking in the list, using excellent transitions to move the player from their original position to their new one.
I’m afraid I have to use Apple again for this example. If you’ve ever bought an iPhone, you would have noticed the design of the packaging. The compact box with matte laminate finish has been thought through to the last detail. The vacuum effect that you get when lifting the lid means that you’re not just breaking a seal and cracking open a box; rather, the lid slowly slides open (similar to the experience of the OS), taking a good second or two to reveal the shiny new device. This unboxing could be described as a physical transition.
Though not an obvious transition, the MacBook’s power light gently pulses when the device is sleeping. The transition is interesting because its fading in and out mimics the natural breathing rhythm of a sleeping person. This can be considered a transition because it’s a visual indication of the state of a device that is neither on nor off, but in between the two states.
Modern cars are packed full of excellent transitions that guide the driver through various states. For example, the cabin light comes on when you unlock the door, and then it gradually fades as you buckle the seat belt and start the engine. The subtle lighting takes the user from pedestrian to driver in one smooth transition.
(Image credit: eduard_orbitron)
As I sit in my chair typing this article, I can turn my head from left to right. By doing so, my field of vision shifts. If I want to look at something to my left, I turn my head — in the process catching everything that crosses my line of sight — until my eyes arrive at the object of attention. My eyes and body have made a transition, and it’s important that we be conscious of our actions as human beings to discover more about natural transitions. Watch the video below to see how the human body transitions from one state to another.
Why Are Transitions Important?
As designers, we do our best to make content easy to find, easy to read and aesthetically beautiful. But as processors become more powerful and technology advances, the devices and systems people use to access this content will hurtle forward, and we’ll discover new ways to deliver this content. We’ve quickly adopted touch methods, and now gestures are becoming important, too. With this in mind, we need to give users a sense of location in our applications, and transitions will play an important part in this.
Best Practices For Transitions
There are plenty of ways to incorporate transitions into a design. Here are some general suggestions:
- Avoid any pause at the point of clicking, touching or swiping.
Hardware speed will always be a factor, but it’s safe to say that chips, processors and memory are getting faster by the second, so test your code and loading times to make sure there is no lag.
- Test in the real world.
There is no better way to test transitions that by running them in the real world — especially if you are designing for mobile, because people on the go devote less time and attention to navigation. Load a prototype of your design in a supermarket or on the train, and test it to see how it performs under pressure.
- Don’t reinvent the wheel.
In general, follow the conventions of the operating system you are designing for, because transition styles that diverge greatly from what people are used to will likely cause confusion and frustration. Of course, don’t hold back on designing new transitions; just keep the standards in mind.
- Mind the future.
These days, we interact with apps by clicking, touching, swiping and speaking. However, gestures will likely become a new way of controlling content, so start considering them now. If people will be able to use their bodies (rather than their fingers or mice) in various ways to manipulate the screen, we will have to give thought to timing, pace and physics — that is, the speed at which a body performs a gesture to move content will have to be matched to the speed at which the content moves. Imagine the frustration of throwing a tennis ball as hard as you can, only for it to travel a few feet on release. Our users will feel this same frustration if the timings of our transitions are poorly designed.
A good transition should be almost invisible to the user. It should help the user understand where they are navigating to and where they have come from, but it should also be smooth and quick. A stall or stutter impairs the overall user experience and tells the user that something is wrong. There is such a thing as UI motion sickness, where the user gets so used to the fluidity of moving between screens that when a screen freezes for a second or two, the user feels like they’ve come to a sudden stop. It is these sensations we should avoid.
For help and inspiration on using transitions in your designs right now, check out the following resources:
- Mark Coleran’s showreel
An excellent showreel showing faux interfaces and interactions designed for movies and TV shows.
- “CSS Easing Animation Tool,” Matthew Lein
A useful online tool to test CSS animations and transitions.
- “Touch-Optimized Web Framework for Smartphones and Tablets,” The jQuery Project
A unified HTML5-based UI system for all popular mobile platforms, built on the rock-solid jQuery and jQuery UI foundation.
- “How to Use jQuery to Make Slick Page Transitions,” Dave Gamache
Adding the final touches to a website can mean the difference between a polished and beautiful product and one that leaves no impression on visitors.
© Mark Cossey for Smashing Magazine, 2012.
It’s time for the return of my irregular series in which I tell games developers exactly what they must do and not do if they want to avoid being flayed and rolled in salt. You can see the rest of these rules here. It’s quite simple: obey my commands and everyone will be happy. No one needs to lose a life.