End-of-summer progress note. The DDoS book project has been the dominant non-day-job activity through summer 2007. Specific drafting progress, specific chapter structure, specific subsequent timeline are now clearer.
This is a longer reflective post because the cumulative book project has been substantial work and the trajectory deserves recording.
What is drafted
The current draft includes substantive material across the book's structure.
The opening chapters establish the structural framing — what DDoS is, why it matters, how the threat has evolved across the past decade. The material draws substantially on the cumulative archive of DDoS writing from this notebook over multiple years.
The category-specific chapters address commercial-cybercrime DDoS (the extortion-against-gambling pattern, DDoS-for-hire commercial markets), politically-motivated DDoS (the Estonia pattern most recently), and specific other categories.
The technical chapters address attack types, infrastructure, traffic patterns, and specific operational details. The material draws on cumulative honeypot observation, cumulative incident response, cumulative reading of academic and practitioner work.
The defensive chapters address what works, what does not, and what the cumulative trajectory suggests will work. Specific operator-level defences, specific carrier-level defences, specific industry-level coordination. The material draws on cumulative practitioner experience.
The case-study chapters address specific historical incidents in detail — Estonia, the gambling-operator extortion campaigns, specific commercial incidents. The material requires careful treatment to balance technical detail with appropriate operational confidentiality.
The cumulative draft is approximately 60% of the projected final length. Substantial subsequent work remains.
What is structurally hard
Three structural challenges in the writing.
Confidentiality. Specific incidents I know about cannot be written about; specific operators I have worked with cannot be named; specific defensive techniques in operational use cannot be detailed. The cumulative discipline is to write about general patterns rather than specific incidents where confidentiality applies.
Currency. The threat landscape evolves; specific incidents during the writing period (Estonia in particular) require careful treatment to be both timely and structurally informative. The cumulative discipline is to write about underlying structural patterns that persist across specific incidents.
Calibration. Specific predictions about future trajectory must be calibrated; the cumulative calibration discipline from this notebook informs the book's discipline. The cumulative effect on credibility is meaningful.
The challenges are bounded; the writing continues at a sustainable cadence.
What is the timeline
Realistic publication timing:
- Substantive draft complete by year-end 2007.
- Editorial review through Q1 2008.
- Publication during 2008.
The timeline is bounded by available time outside the day job; specific subsequent role demands at Gala Coral may compress or extend the schedule. The cumulative trajectory toward publication is visible; specific timing remains uncertain.
For practitioners interested in the book: more notes through the rest of 2007; specific publication announcement when timing is firm.
What I am taking from the writing process
Three observations from the cumulative writing experience.
The notebook archive is substantial substrate. Specific posts across multiple years inform specific book sections. The cumulative writing discipline of weekly posts has produced material that book-length work could not have produced de novo. The cumulative compounding is operationally meaningful.
The writing forces structural thinking. Specific arguments that work in weekly-post format require explicit structural framing in book-length treatment. The discipline of book-length writing is qualitatively different from the discipline of weekly writing; the cumulative effect on thinking is substantial.
The audience consideration shifts. Notebook readers self-select for sustained engagement; book readers may not. The cumulative discipline of writing for the broader audience requires different framing of specific arguments.
The cumulative writing discipline is producing better thinking about DDoS than I have had at any prior point. Specific subsequent work will benefit from the structural understanding the book is forcing.
What I am paying attention to
Three things over the rest of 2007.
Specific incidents that should appear in the book. Specific subsequent DDoS events through the rest of the year may need integration into specific chapters.
Specific cumulative editorial review. Specific colleagues have offered to review draft chapters; specific feedback will inform revision.
Specific publication-pathway decisions. Specific publishers, specific self-publishing options, specific timing decisions all need to be made. The cumulative pathway is bounded but choices remain.
What this means for the notebook
The weekly cadence continues. Specific posts during the writing period are bounded by the time available; specific topics may be smaller or shorter than usual.
The cumulative trajectory continues. Specific book-related notes will appear; specific operational and reading content will continue at the same cadence.
For my own continued discipline: the cumulative archive grows. Specific subsequent posts will inform; the cumulative trajectory continues.
More in time.