
/dev/world 2025
4-5 SEPTEMBER • NAARM | MELBOURNE
Rob Amos

Don't DDoS Yourself!
Usually when we hear the term DDoS – Distributed Denial of Service – we imagine a deliberate and coordinated attack. But something typically overlooked when developing mobile apps intended for millions of users is that it is surprisingly easy to accidentally orchestrate a DDoS on your own infrastructure. In one sense, this is a pretty amazing problem to have – your app now has millions of users! Unfortunately these users will begin to experience increasingly severe outages triggered by otherwise innocuous server errors. As with other classic scaling issues, a business can end up being the victim of its own success. The culprit is usually automated polling or retry behaviour: in other words, the front end application is being overly naive or greedy in its effort to stay up-to-date and seamlessly recover from error states. Of course, these are both noble goals that contribute to a high-quality user experience. In this presentation we describe a solution that allows us to have our cake and eat it – a distributed front end “circuit breaker” inspired by the traffic smoothing and limiting algorithms used for decades in packet-switching networks. Instead of overwhelming servers during spikes in usage, a fleet of mobile apps can be programmed to respond to anomalous patterns of server failure and gracefully ramp down and back up again as the backend’s health is restored. This is also known as the thundering herd problem.
About the presenter
Rob (also known as Bok) started with Objective-C by trying to write an XMLParserDelegate with manual memory management in 2009. He is currently a Principal Engineer at Australia and New Zealand Bank (ANZ) working with a large team building a new bank from the foundations up and scaling it to 8 million customers. He loves Swift and is always looking for new ways to use it away from building UIs.