When Edward Snowden disclosed the NSA’s activities, many people came to realize that network systems can be misused, even though this was always the case. People just realized what was possible. What happened next was a concerted effort to protect protect data from what has become known as “pervasive surveillance”. This included development of a new version of HTTP that is always encrypted and an easy way to get certificates.
However, when end nodes hide everything from the network, not only can the network not be used by the bad guys, but it can no longer be used by the good guys to either authorize appropriate communications or identify attacks. A example is spam. Your mail server sits in front of you and can reject messages when they contain malware or are just garbage. It does that by examining both the source of the message and the message itself. Similarly, anyone who has read my writing about Things knows that the network needs just a little bit of information from the device in order to stop unwanted communications.
I have written an Internet Draft that begins to establish a framework for when and how information should be shared, with the idea being that information should be carefully shared with a purpose, understanding that there are risks involved in doing so. The attacks on Twitter and on krebsonsecurity.com are preventable, but it requires us to recognize that end nodes are not infallible, and they never will be. Neither, by the way, are network devices. So long as all of these systems are designed and built by humans, that will be the case. Each can help each other in good measure to protect the system as a whole.
Photo of Edward Swowden By Laura Poitras / Praxis Films, CC BY 3.0
Well, July 11th, iPhone Day, came and went. The Believers waited and most got their phones, but even I could not have predicted the farsical mess that then ensued. Apple was unable to handle the registration of some 1 million phones in the period of a weekend, while their provisioning infrastructure ground to a halt. This is the added kick in the pants Believers must really enjoy.
While we wait for news to leak out of Apple as to what actually happened, let me speculate just a bit. Let us assume the following statements are true:
- Apple did in fact test their provisioning capability prior to rollout.
- That of the three days the million phones were sold, most were sold and activated in the first twenty-four hours. In particular, let’s assume a 70%/20%/10% distribution. I don’t actually know the real one, but we have reason to believe that the load was top heavy on Friday, as problems dissipated later in the weekend.
- There were a average of two transactions per registration. That is- one to provision the phone with services, one to create MobileMe or whatever additional functionality that Apple offers. Normally we’d include a third for creation of an iTunes account, but since we’re talking about Believers they already have their account.
700,000 sales times 2 transactions over 24 hours would be about 16 transactions per second. That’s really not that many transactions, considering that benchmarking systems measure that number in the hundreds and thousands. This makes one wonder: what if we introduced latency into a transaction. Latency can occur for many reasons, but the biggest one would be some sort of wide area communication. For instance, an 80 millisecond round trip time would mean that one might not be able to process any more than about 12.5 transactions per second. Now add a second round trip and you cut the transaction rate in half.
As to Apple’s testing, if they tested their provisioning system either on a local area network or on a network that had lower latency than the time needed to complete the day’s transactions, they wouldn’t have caught the problem. This is actually a classic concern that most database vendors fully understand, and it is often the reason to use stored procedures.
Anyway, that’s my guess.