[00:00:00] Nathan Wrigley: Welcome to the Jukebox Podcast from WP Tavern. My name is Nathan Wrigley.
Jukebox is a podcast which is dedicated to all things WordPress, the people, the events, the plugins, the blocks, the themes, and in this case, WordPress, security, and the OSI model, which underpins the entire internet.
If you’d like to subscribe to the podcast, you can do that by searching for WP Tavern in your podcast player of choice, or by going to wptavern.com/feed/podcast, and you can copy that URL into most podcast players.
If you have a topic that you’d like us to feature on the podcast, I’m keen to hear from you and hopefully get you, or your idea, featured on the show. Head to wptavern.com/contact/jukebox, and use the form there.
So on the podcast today we have Robert Jacobi. Robert has a long standing history with the tech and CMS industry, having worked in senior positions at Joomla, Cloudways, Perfect Dashboard and more. He’s now the Chief Experience Officer at Black Wall, a company formally known as BotGuard.
Robert talks with me today about the transition from proprietary systems to open source, and the seven layer OSI model that underpins the internet. Drawing from his experiences in tech, Robert and I try, and perhaps fail, to break down the complexities of how website traffic is rooted over the internet. This is done to try to understand how Black Wall can position itself to mitigate risks before they reach hosting companies infrastructure.
We also discuss the evolution of bot traffic on the web, where upwards of 10% of internet traffic is identified as malicious. This kind of insight is particularly important for those interested in the security aspect of web hosting and website management.
We also get into Black Wall’s rebranding journey, and its continued dedication to the WordPress community by participating in events like WordCamp Asia and Europe.
If you’ve ever wondered about the unseen layers of internet security and infrastructure, or the strategic moves involved in rebranding a tech company, this episode is for you.
If you’re interested in finding out more, you can find all of the links in the show notes by heading to wptavern.com/podcast, where you’ll find all the other episodes as well.
And so without further delay, I bring you Robert Jacobi.
I am joined on the podcast by Robert Jacobi. Very nice to have you on. I think I’m going to muddle up the company that you work for, because a little bird tells me that in the very, very recent past, the company that you work for became, well different in some way. Perhaps a name change, a logo change. Who did you work for and who do you now work for? And are they the same thing?
[00:03:08] Robert Jacobi: Well, I still have my original swag, the BotGuard polo, which all of us have at the team, but we are now Black Wall. So Black Wall, formerly known as BotGuard. So we’ve done a full rebrand. I’m sure a lot of folks have seen already. But yep, just bringing it forward. Allowing ourselves to take on more of what we do, on top of the highly focused bot security monitoring and mitigation.
[00:03:32] Nathan Wrigley: Okay. That’s a perfect introduction then. So give us your potted bio in tech, in CMSs. I’m not going to say WordPress because it’s a bit bigger than that. And maybe just throw in the BotGuard, Black Wall bit at the end there, and what your role is there. So just a couple of minutes. Just tell us who you are and whatnot.
[00:03:49] Robert Jacobi: Minutes, I could spend all day talking about myself. So I’ve been in the industry for a number of years. Mumble, mumble, how long it’s been. Let’s go with CMSs because, actually a big passion way back in the day, had an agency where we created our own, of course proprietary CMS because that’s what you did.
And then moved into open source for a number of reasons. Primarily, which I hope all agencies don’t need to talk about anymore, because I think it’s pretty obvious. It was the hit by a bus theory that, we put all our eggs into a proprietary basket, and we get hit by a bus, then that customer is stuck. With open source, there’s the community of the ecosystem, and it’s huge.
And, you’ll always have your preferred vendors for many, many, reasons, but if something happens, you’re not locked into that code. You’re not blindsided. That was a fairly quick transition, and wound up working at the time, sorry WordPress universe, went to Joomla because hey, back in that day Mambo slash which became Joomla, was honestly just more of a stack that our team leaned towards. It was MVC based. It was geeky. There were tons of features, and functions that the types of customers we were working with, it resonated with. Especially multilingual at the time.
Fast forward, let’s say 10 years, and now WordPress is beyond a competing product. It’s got an ecosystem a, value with its name brand, and literally the immense community that’s been built around it.
From there went to, transitioned off of the Joomla space, and popped into a company called Perfect Dashboard. Oh, I forgot, I actually was the president of Joomla, briefly, so.
[00:05:31] Nathan Wrigley: Just a little fact there, yeah.
[00:05:32] Robert Jacobi: You know what, I should not forget that because that one year felt like 10. It’s a lot to work with a huge community, for many, many reasons. You have so many stakeholders. People whose lives depend on the product, the solution, the community, the ecosystem. Certainly not going to get into WordPress drama, but I understand how difficult it is to bear those responsibilities. And, it’s a lot. Immense amount of work. And WordPress has done amazing things in sustaining that for decades.
So, moved over to the WordPress side of the universe. Company called Perfect Dashboard. We were acquired. Moved to running the WordPress business unit of Cloudways, also now acquired by Digital Ocean. And today I’m at Black Wall. I’m the Chief Experiences Officer for Black Wall. So that includes community, includes evangelism, includes investor in government relations. It’s really making sure that there’s an ability to communicate all the things that we do to the right people.
[00:06:32] Nathan Wrigley: And what does well formally BotGuard, now Black Wall, what do they do? What do they offer up into the market? Is it a WordPress thing, or is it more of a, we’ll get into the OSI model in a minute, but is it more of an operating system thing?
[00:06:46] Robert Jacobi: It’s at the top of the stack. So while, let’s just call it 50%, I know that’s not the exact number, but it’s close enough that I, think it’s fair to say, 50% of the web is run by WordPress. We’re still very heavily involved in the community. So we were just at WordCamp Asia. We’ll be at WordCamp Europe. These are places want to meet folks, communicate our solution, and engage with hosting providers because, when we get to running through our little OSI stack that you and I are obviously super experts in, we’ll kinda see where WordPress falls into it and where security matters, up and down that stack.
We’re trying to help WordPress end users and hosting companies before you ever actually have to get to WordPress, because we already see that a significant portion of internet traffic, 40% of internet traffic is bots. AI agents, whatever you want to call them. And 25% of that 40%, so 10% is completely malicious. And you don’t want to get near the hosting company, the actual application, or anywhere further down the stack if you can avoid it.
[00:07:50] Nathan Wrigley: So it sounds, just the name, and I confess, I don’t know much about what BotGuard, Black Wall do, did. But it sounds to me from the naming of it, that it’s a bit like you are literally a sentinel. You are standing in the way of things. Examining things that are coming your way and saying, no, you may not pass, but you may.
And a bit like throwing it into dev null, if something is unable to pass, you are just black walling it, as it were. You are just saying, nope, off you go, drop, you’re outta here. Is that basically the principle? You are a security firm preventing things that are bad happening to whoever it is that uses your services.
[00:08:25] Robert Jacobi: Some of it’s super, super bad, so you’re going to dev null it. And then there’s a spectrum of how bad those connections can be. We want to focus on humans getting to human content. Our key, sort of value propositions, humans are secure, humans are actually visiting your site. That’s what’s important.
But there are good bots, and there are good bots who accidentally do bad things. And then there are the bad, bad bots. We obviously want Google to index our sites. We may or may not want Open AI indexing our sites. We certainly don’t want it. causing an accidental denial of service by how much it’s scraping our content. Which we have seen many a time. Where it’s like, great Open AI, come on in, take one quick look and get out. But it’s like, I’m going to stay there and I’m going to churn through everything. And we’ve seen it and it knocks sites out. And the AI engines, agents are particularly bad about that, because they’re trying to fill in and understand that data.
[00:09:25] Nathan Wrigley: Yeah. Okay, so we’ve got some idea of what you do. Just as an aside, what a shame that the internet has a need for a company like yours. I don’t mean to take the food off your table, but back 20 years ago this just wasn’t really a thing. Just this promise of the internet to be this philanthropic place with unicorns and rainbows everywhere, where we were all going to throw our content in, and we were all going to consume it and it would be wonderful.
And now we have well, human beings presumably started the whole thing, but now human beings have written codes such that they can step away and let their robots carry on. And what a shame that we need to have things like captchas on forms. and we need to pay security companies to do all of this stuff.
And again, I’m not trying to say that your business doesn’t have a place. Clearly it does. But from a philosophical point of view, I wish that they didn’t need to exist, because the place was benign and harmless all the time.
[00:10:19] Robert Jacobi: I’m going to poke a tiny hole in that bubble.
[00:10:21] Nathan Wrigley: Please do.
[00:10:22] Robert Jacobi: Actually, this is not a bad thing because we’ve actually moved most of the troublemaking away from us locally. You want to go back 20 years ago and we’re dealing with Norton Antivirus on everything, and crossing our fingers and praying that something doesn’t sneak into our immediate homes.
We’ve actually been able to, because we’ve gone to cloud, push a lot of that super local personal risk a bit further downstream. So these security issues didn’t magically appear, they were much more, in fact, they were much more terrifying before. And I, oh my god, my Windows PC got hacked and now I have to like completely just throw it on the grill, light it on fire five times, and then reinstall Windows.
Most folks don’t worry about doing that with their laptops, with their phones or whatnot anymore. The scalable risks are completely different, because me getting hacked was one person. Now a cloud website platform application, and then I’m, 10 million people get hacked. But we’re pushing it further away and away and away.
[00:11:24] Nathan Wrigley: Yeah, it’s interesting. I remember in the dawn of computers that I had, I didn’t begin my computer journey right at the very, very beginning. You could walk into a store and walk out with a computer in more or less, every town and village in the country, when I began using them.
But the media, the way that you got things onto the computer was a physical thing. You held the object in your hand. It was either a CD or some kind of media that you could physically hold. And now of course literally nobody is installing anything off a CD. And so I guess the, inexorable rise of the internet, and everything coming down a, well, telephone line, and we’ll get into that in a moment. Putting it in the cloud makes way more sense, doesn’t it? It doesn’t really seem to have so much utility having the antivirus, if you like, on the computer. I know it does, don’t get me wrong. But I can see that the shift to mitigating the risk and detecting the risk and doing something about the problem in the cloud. Obfuscated, abstracted away, so that you never even really know what’s going on is probably the best way forward. So, yeah.
[00:12:25] Robert Jacobi: For 99.9 9, 9 9 9% of people, they’re not going to know or understand that they just want it to work. They don’t want to be robbed from, or in danger online. I always put it, as techy as I appear to be, I am the worst car person on earth. So when I think about internet security and what most people want to know about it, it’s pretty much what I want to know about cars.
I want my car to turn on. Go forward, go backward, get me to where I need to be as safely as possible. I don’t know, or care about anything else that’s going on under the hood. It’s a tool that I use and I want it to work like I expect it to work.
[00:13:04] Nathan Wrigley: Yeah. Given the population at large, it must be, one in a hundred thousand who care about the internals of their machine, probably even less so. Doesn’t matter really what you’re using, be it Mac, Windows, Linux, Chromebook, whatever it is, you just to flip the lid open and you want to just.
[00:13:18] Robert Jacobi: Check my email, log into my social media, buy something, call it a day.
[00:13:23] Nathan Wrigley: But because it’s becoming an increasingly crucial part of our lives. Certainly where I live in the UK, more or less everything has gone online that’s of any use. So shopping has gone online. Appointments for doctors have gone online. Dentists, it’s gone online. Pharmacy appointments, it’s all gone online. Paying your taxes, it’s online.
And so we really do need to protect this stuff. Really need to protect this stuff, because if it’s possible to, I don’t know, inject some problem in that path, we’re not just going to take out the beautiful experience of buying from a shop. We’re going to take out our ability to get fuel into our houses and into our cars and all of that.
[00:13:58] Robert Jacobi: Yeah, if you need that prescription, you don’t want that to go down, so.
[00:14:01] Nathan Wrigley: It’s become almost like, almost like a human right. That seems a bit of a ridiculous thing to say, but on some level, it seems like the internet or access to the internet is almost on that level. It certainly feels like it is as important as other key parts of the country’s infrastructure. So power and gas all of that, and the road network and what have you.
[00:14:20] Robert Jacobi: It is the information utility. So you have your power utilities, you have an information utility. It’s got to be available. In the States we always have our last mile issues, especially for very rural folks, about how connected are they, how fast is it? We always do this to ourselves. We got this great new toy, now let’s see how, great we can make it. Yeah, but if you’re not running at a hundred megabits a second your experience might really not be functional.
[00:14:46] Nathan Wrigley: So we’re going to talk today about something that I confess, I don’t know anywhere near enough of. So, Robert and I have shared an article, and I’ll put the article in the show notes. And essentially this thing that we’re going to talk about is what’s called the OSI model. And the OSI model comprises various different layers.
And basically, dear listener, if you’ve never thought about the gubbins of your computer, you, might just have this fairy tale notion that you open it up and start typing and it just works. I can send an email, of course I can send an email, you just click send and it’s gone and that recipient receives it.
But the breathtaking quantity of things going on in the background disguised from you. Really, honestly, Robert, none of this should work, and yet it does work.
[00:15:36] Robert Jacobi: Which is why I love my car analogy. I have no idea what is going on 99% of the time. I still have a gas car, so I know there’s a larger motor than an electric car. I know gas gets in there and lit on fire and moves pistons around, but really, in the most abstract sense of it. It goes, and that’s what I want it to do.
[00:15:56] Nathan Wrigley: There’s explosions happening all the time, and fuel is being funneled around, and things are turning because they’ve been lubed with oil and all of that. And honestly, your car is nothing compared to the internet. The complexities in the internet, because I know that electric cars have taken over from, or are taking over from gasoline cars, but broadly speaking, the gasoline engine probably hasn’t changed terrifically much in the last a hundred years. Whereas I think the infrastructure comprising the internet, although the OSI model probably hasn’t changed much either.
The things that are coming down the pike, and the things that have happened in the last 20 years, it’s breathtaking. So, dear listener, get out your tinfoil hat as Robert and I attempt and probably butcher what the OSI model is. And if you’ve got the capacity. Perhaps pause this podcast, go to the wptavern.com website, search for this episode and read the article. And the one that Robert came up with, which was a good one, is called What is the OSI model? It Standardizes How Computer Networks Communicate, and it’s on bluecatnetworks.com, but I’ll provide the link.
[00:17:00] Robert Jacobi: The best one I found that had the good pictures to also help. Because visually it’s hard to, you think you have a server, some wires and a browser and it’s like me saying I have an engine, some gas, and a steering wheel. There’s a lot of pieces that go in between all those parts.
[00:17:18] Nathan Wrigley: The amazing thing is this all happens really at the speed of light and. Okay, a perfect example is Robert is literally half a world away from me, and I’m talking to him through a browser, and I imagine that there is the most fractional delay between the words that I’m saying and him hearing it.
It’s probably like a thousandth of a second or something. And yet somehow that sound and that image is getting consumed by my camera. Traveling down a cable. Getting into my computer. The computer’s making decisions about, what the heck am I going to do with this? And then pushing it down a wifi network.
That wifi network is then thinking, where do I put this thing? And then it puts it there. That then decides to shunt it along somewhere else, which shunts it along somewhere else. And eventually it gets to Robert’s computer. Robert’s computer does all of it in reverse. Unpacks it rather than packing it up, and puts it on the screen. And it’s all happening like thousands of times a second, and it shouldn’t work.
[00:18:20] Robert Jacobi: It’s more live than live.
[00:18:22] Nathan Wrigley: Yeah.
[00:18:22] Robert Jacobi: Because not only do we have the video, we have a chat window on the side. It’s all encapsulated. Use some of these acronyms, but, we have our streaming protocol for the actual video and audio. And then we have our standard internet protocols for the content and everything else that’s holding the streaming protocols together.
It’s crazy. Why I’m excited to have this conversation with you is like, I feel, very anecdotally, but people are like, I’m just going to spin up a WordPress site. I’m going to be a WordPress agency. And they just do it. And there’s just all this stuff in the mix that, while it’s great to take for granted, it might help to know just a few of the pieces that are critical in that security portion of infrastructure.
[00:19:05] Nathan Wrigley: Yeah, it feels to me like a bit like you’ve been to a really nice restaurant and you’ve eaten a fabulous meal, and then you realize the 12 hours of labor that went into creating that tiny little sauce on the side or something like that. And you get real appreciation for it. And hopefully something like that will come out of this.
Again, caveat emptor, we’re not going to get everything right. Please feel free to give us a comment when we do get things wrong. But the OSI model is basically, it’s a seven layer stack and I think we’ll start at layer seven, because it sounds easier to describe it from the top down. So seven through one. And I’ll just say what all the layers are.
So they go from the application layer, that’s layer seven. Presentation layer is six. The session layer is five. Four is transport. Three is network. Two is data link. And then the final one is the physical layer. And this point, I completely stand back and say, Robert, tell us a little bit about the top one, and Robert puts his hands on his head, the application layer.
[00:20:06] Robert Jacobi: It’s funny, it’s like the top most layer and the bottom most layer are the, I feel, the easiest to like grok. Let’s use geek terms, to understand.
The application layers is as well as a WordPresser, I can explain. It’s really the top, you’re connecting from the client, your client application, so a browser, email, whatever, with specific protocols.
And what we primarily use is TCP IP, because that’s that magical thing that is able to grab a bunch of information, split it up into a billion pieces, and somehow put it all back together. How are we communicating with other devices is the way I look at that layer. It’s very high level, very abstract, it’s sort of fundamental. It’s like the air we need to breathe to actually get stuff done.
[00:21:00] Nathan Wrigley: It’s the layer, if I’m correct, it’s the layer closest to us, the user. It’s the layer which we can most readily understand, because it’s the layer closest to which we do things. So I think maybe a poor example, or an incorrect example, would be to imagine it’s something like Microsoft Word or something like that. Because it isn’t, the application itself isn’t that layer. It’s more how that interacts with the protocol underneath. So it might be HTTPS or FTP or something like that. But you are writing an email or something like that, and you hit send, and then the application layer gets in the way and says, what do we do with this?
[00:21:38] Robert Jacobi: Bingo. That’s exactly it, so we use all these, and generically they’re just called clients. So whether it’s Word, Microsoft Word, whether it is Safari, whether it’s Chrome, whether it’s Apple Mail. This will only entertain a few people, or Eudora mail. Just taking it back. Those are discreet applications on our devices.
And then the application, to your point, you hit send, you hit go on your browser. And now we’re like going crazy, okay, what do we do? We have a request. A request needs to go somewhere. That’s where the application layer kicks in.
[00:22:11] Nathan Wrigley: So we have this protocol in the application layer, which then makes decisions about what to do. And each of the layers is collapsing into the layer below it. And that layer then takes something that the previous higher layer gave to it and does, some shenanigans with it, and we get something which can then move into the layer below.
[00:22:30] Robert Jacobi: Everyone knows the application layer, because we’ve all typed in HTTPS://. That is literally the application layer request.
[00:22:40] Nathan Wrigley: Okay, so in the case of a browser, it’s the capacity for the browser to send something through HTTP, what have you. And then we get into the presentation layer, which is the layer beneath. And I think, again, I’m just cribbing from this article, if I’ve parsed this correctly, it says that this layer comprises things like translation, encryption, decryption compression. And it turns all of the bits and pieces into machine readable data. So for example, it says it will convert all of the binary ones and zeros into machine readable data. If the devices are using a different communication method, the presentation layer translates that data into something understandable, so that it can be received from layer seven.
And there’s a lot more to it than that. It’s like this layer of converting what came to it, into something else, which can then be moved down the stack into five.
[00:23:34] Robert Jacobi: Bingo, that’s literally exactly it. And it’s something us as humans completely don’t interact with unless you’re the person building out that infrastructure. It’s really just we’re having computers talking to computers at this point. So when you typed in HTTPS WP Tavern, that was your human interaction. Now we’re all like, what is the process? So presentation is making sure that that data moves forward the stack.
[00:23:59] Nathan Wrigley: And my understanding as well is that this is the moment where encryption and decryption occur. And so it’s high up in the stack. That is to say it’s near the layer seven, because you obviously can’t have it encrypted before you do anything with it. It’s high up in the stack so that at this moment, before it’s gone anywhere, it has become encrypted, before it’s passed down the stack and sent down the wires. But also, this is the moment if it’s coming up the stack, towards you so that you can read it in your browser, so that it’s getting decrypted at the last possible moment as well. So the encryption, I guess is at the first possible point on the way out, and the last possible point on the way back in. Have I got that right?
[00:24:40] Robert Jacobi: Yeah, and that’s a great way to look at it is, when we look from the top of the stack to the bottom of the stack, it’s almost in physical proximity to you as the human end user.
[00:24:48] Nathan Wrigley: Yeah.
[00:24:49] Robert Jacobi: Because at first you’re typing in something. Now something’s happening, that encryption is happening locally, because otherwise it wouldn’t be safe. And as we get further down the stack, you are physically further away from what’s going on.
[00:25:02] Nathan Wrigley: Yeah. And the other thing that’s going on here is compression. So you’ve got some giant blob of data that the stack can compress to make it more efficient to fly over the wires, then that will be handled at this layer as well, is my understanding.
[00:25:17] Robert Jacobi: We have compression on the servers as well in the applications layer as well. Don’t forget, you can compress data on the protocol.
[00:25:22] Nathan Wrigley: So that all sounds really remarkable, but also quite humanly understandable, because everything that I’ve said makes perfect sense. And we start from five down. It starts to be really the domain of networking experts, and people who really obsess about computers and understand this stuff. But if you’re just the person using the web and WordPress casually, honestly, it may be that you’ve never come across this stuff, and I found it just breathtaking, to be honest.
So layer five, is called the session layer, and it is literally that. It’s managing sessions, so it’s figuring out who’s connected to who. How that communication should begin. How it should end. When it’s decided that, okay, that connection should be destroyed. We’re not using that anymore, but okay, now we’ve got something else that we need to do. And it figures out, yeah, sessions basically, which I guess is the easiest way to describe it.
[00:26:15] Robert Jacobi: Everyone knows what a session is. It’s me being connected, and my information being managed for me, so that when I log in, Nathan doesn’t get all my information.
[00:26:24] Nathan Wrigley: And also, an understanding here is that usernames and passwords, so authentication is happening at this layer as well. And again, that kind of makes sense. So you would have to authenticate before the decryption happens in the layer above and vice versa. But yeah, this is opening up connections between, in this case, you and I are chatting in a browser, so we’re occupying one session, and then there are million, literally millions of packets of data just flying around over the internet via who knows what route. They’re all going in completely different routes.
[00:26:57] Robert Jacobi: Some of these packets can literally be going through Australia or South Africa or Brazil, and back and forth and they, catch up.
[00:27:05] Nathan Wrigley: Incredible, isn’t it? Literally. It’s like, I don’t know. Imagine getting a handful of rice and chucking it all down on the floor, but it assembles itself into a tower. It just lands and it just assembles itself. That’s basically what we are dealing with.
[00:27:19] Robert Jacobi: That’s a good one. Yeah, like I have my own rice tower at home. I throw it on the ground. It gets shipped by FedEx to you, but when you open up the box, it reassembles itself.
[00:27:28] Nathan Wrigley: Just in perfect condition, yeah. So the next layer four, is the transport layer. And this is the bit which actually I guess begins the process of sending my stuff to you, and your stuff to me. And typically the protocols for that are something called UDP, which is User Datagram Protocol or TCP Transmission Control Protocol.
And my understanding, which is very basic, is that UDP differs from TCP in that UDP can be more of a stream of data, because it doesn’t require everything to come through perfectly to say, yeah, that’s now finished. So a perfect example would be us talking to each other, streaming. If bits get lost along the way, it doesn’t want to say, right end the call.
We haven’t got one bit. We need to just stop. Until that bit has been found, it just keeps going and just disregards the missing bits. Whereas TCP, this is just incredible. This is the rice tower, isn’t it?
[00:28:28] Robert Jacobi: TCP is the rice tower, exactly.
[00:28:30] Nathan Wrigley: It requires every single piece to be sent. Acknowledged. Counted out. Counted in at the destination, and for the both ends of the connection to be saying, did you get that bit? Yeah, I got that bit. What about this bit? Did you get that bit? Yeah, I got that bit. 23, did you get 23? No, 23 has gone. Where, where’s 23? Oh, I’ll send 23 again. Here it is. A million times a second for this conversation that we’re having. Well, it’s probably not a million times a second, but you know what I mean.
And I’ve summed that up very badly, but these packets of data that are flying around. They egress my computer. They go through 7, 6, 5, now we’re in 4, and they’ve got to go through further layers. But they’re not just going in a straight pipe, like a hose pipe from your faucet, spraying the garden. These are just going anywhere they choose. So one packet, like you said, might go via Australia, one might go through South Africa, and then somehow they just reassemble themselves magically at the other end.
[00:29:26] Robert Jacobi: Routers, because that’s what those do. Obviously that’s a physical component further down the pipe. They’re saying, this is the order of information. I’m going to just spew out, and everyone else needs to figure out how to put it back together, one piece. It’s crazy.
[00:29:38] Nathan Wrigley: Yeah, it is crazy. My understanding is that back in the day, when the internet was conceptualized, I think it was possibly something like Darpanet, or something like that, but it was a, I think it was a military endeavor, the enterprise was something along the lines of, we need a communication system which if various nodes are taken out, let’s say, I don’t know, bombed out of existence, or just the power is cut, the system is intelligent enough to just work round the problem, and figure, okay, we can’t go there anymore, let’s just go a different way. And that is what we now have.
[00:30:12] Robert Jacobi: It’s all about redundancy. I’m going to take just a slight tangent on federated social media. Any kind of federated application. Those exist in a lot of ways to ensure redundancy. I’m going to go way, way back, to where most of the audience probably wasn’t born. So we had these things called modems, and they would be attached to a phone, and you would run something called a bulletin board system. Those were single points of failure.
So you actually saw groups of independent bulletin board system providers create these distributed federated networks. So if you sent an email to a specific person, at a specific BBS, if that phone line was busy, it could go to another one that would take it, and keep pushing it along until you actually got it to the right place. This idea of distributed and federated systems is really what makes the internet functional because we take care of failure points. We ignore them and just work around them.
[00:31:17] Nathan Wrigley: And obviously we know that works as well because parts of every country’s infrastructure are breaking all the time. One router somewhere will just go down, even if it’s a crucial router, it doesn’t in the end stop the system. It probably creates bottlenecks in various places.
[00:31:31] Robert Jacobi: Slow it down.
[00:31:32] Nathan Wrigley: Slow the egress of traffic around, yeah. But in layer four we’re dealing with the ports that things fire out of as well. And then when we get down to layer three, that’s when the actual data is divided up into little packets and little segments. So data four and data three, honestly, to some extent they feel very similar in my head at least anyway.
But layer three is using things like IP addressing, to decide where this packet’s going to go. And I think wraps the packets up in the IP address, if you like. It’s almost like wrapping up a Christmas present and as it travels down the stack, by the time it gets to layer three, it’s being told, this is not what it’s being told, but this encapsulates it. This is a gift for Robert Jacobi. You must find Robert Jacobi.
Then it reads that, and then finally, it’ll rip off the wrapping and finally give you the gift at the end as it goes back up the stack. So, there’s not a lot to say on layer three, I don’t think, other than it’s using things like IP v4 and IP v6 to make decisions about how it’s going to be spread around. Have I got that about right? Do you think?
[00:32:35] Robert Jacobi: That works for me. I think that’s enough information for most folks. Again, we’re trying to give a taste of how complex security is, for what we do day to day. But also how we can apply it to how WordPress understands it.
[00:32:48] Nathan Wrigley: And then we’ve got the two layers where, the data link layer and the physical layer. The data link layer is handling the data transferred. So the actual data moving around. So it’s getting pushed around on the same network is my understanding for layer two. So that’s when you are, for example, in the same office building. I think layer two is just for that. I could be wrong.
[00:33:11] Robert Jacobi: It’s getting to your router and then your router will start moving stuff around. Cause don’t forget, your router is on your network as well as any other computer in that closed. So, our 192’s. Our internal network, so that’s the closest on the networking side, that hardware side, because as soon as it hits our router it goes to the cable, or whoever you’re using, outside of your office, home, your LAN.
[00:33:35] Nathan Wrigley: And then the final layer, the physical layer is the cables, the actual infrastructure out there in the world outside of your house, basically. Or your office building. Well, maybe there’s some of it in the office building as well, but the majority of it, the miles and miles of things are all in the physical layer. And it says here on the bit that I’m reading. Finally, this layer encompasses the equipment that carries data across the network, such as fiber network switches, and so on.
And so finally, our packets of data that we started off at the beginning, writing the email to Robert Jacobi. Finally, that packet has made it out. It’s escaped into the wild, and is now just rattling around on the internet desperately being told, very quickly, where to go. And then hopefully it’ll arrive. Travel to Robert’s computer. Travel in the reverse direction of the stack, and he’ll get a nice email from me with cat pictures in it.
[00:34:27] Robert Jacobi: Why is it always cat pictures?
[00:34:29] Nathan Wrigley: Why not? Okay, so all of that shenanigans is happening, and honestly, I feel a, it’s very difficult if you’re inexperienced like me, to get the words out in the correct order so that I have demonstrated that I understand it. Because I do on a very, very slight level.
And I know that entire careers, very, very, well paid careers can be built upon really understanding what we’ve just spoken about. But in there, I presume, is the capacity for threats, and the capacity for things to go wrong, and the capacity in all of these layers for people to inject things which shouldn’t be there. For clever people to figure out ways to disrupt that information. To take that information. To delete that information. To rewrite that information. And is that essentially what your company does? Prevent those things?
[00:35:18] Robert Jacobi: So when I look at it from a CMS stack, and again, let’s focus on WordPress. My mental model that is slightly different. I’ll use, I think what most of us feel like is WordPress infrastructure. I know, the really smart folks are going to yell at me for this. You have a server somewhere. It has an operating system, it has PHP, MySQL, it has WordPress, and then whatever else is in front of it.
So there’s a whole stack and layer on layers of communication that go from when I hit my browser and type in WP Tavern and hit go. And let’s move away from all the really highly technical networking protocol issues.
At some point, it’s going to make a request to a hosting company that needs to be able to say, oh, yes, let’s give them the WP Tavern homepage. In that process there are caching services, firewall products, local security on the networking side of that hosting company. What I feel personally, but also which is what makes products like Black Walls critical is, detect and defend as far away from the website as possible.
So if there are a million bots coming at you, get them before they even hit the hosting company’s infrastructure. Some will always sneak through because it’s a battle that’s just never ending and, you’re going to keep learning and fighting and learning and fighting. Mitigate the risks as close to the bad actor, and as far away from the site as possible. So, mitigate, mitigate, mitigate, mitigate, mitigate. And there are tools and solutions up and down that entire stack.
So you’re going to have stuff way before you hit the hosting company. You’re going to have some solutions closer to the hosting company. You’re going to have solutions directly on WordPress. There are security plugins that are running on your install of your site. Those are great. I personally feel that you don’t want to even get that close if you’re a bad actor. Mitigate that problem as quickly, as soon as possible.
And even solutions that work at the operating system level, or at least the language level. There are products out there that are constantly monitoring, looking for and mitigating PHP corruption. So, you really don’t want to let everyone have access all the way down to that level, because then you’re already, you will have problems, how to put it nicely. We don’t say bad words on the show.
[00:37:53] Nathan Wrigley: So do you sell your product into the WordPress space? So, you know, to freelancers, agencies, or are you more at the hosting level, or is it even more like infrastructure level? So at the router level. So in our case, this sort of physical layer that we were talking about. Is that the kind of place where your products go? I honestly don’t know where your product sits in all of that.
[00:38:16] Robert Jacobi: So, if you look at it from a hardware perspective, there’s going to be the end user is going to make request. It’s going to get routed somewhere. We sit between where it’s getting routed and the hosting company. So our goal is to prevent the hosting company from wasting physical resources. Now we need to amp up our service because there’s so much traffic coming in.
Now we need to amp up our customer support because more stuff is happening with our virtual machines or hosted infrastructure. So that’s our place in the universe. Get the bad guys before they get to the critical infrastructure.
[00:38:51] Nathan Wrigley: And another question, forgive my ignorance. Is Black Wall’s solution, is it software? Is it code that sits on an operating system? Or maybe you even have hardware that sits in the way of things, the packets have to transfer through your hardware and be inspected in a way, like a router might get in the way of those things.
[00:39:10] Robert Jacobi: Our secret sauce is that we are software that emulates the hardware that used to be required. So there are hardware companies buy this kind of routing and prevention, traffic mitigation. And we do it on the software side so that you as an agency or MSP, if you’re running a bunch of virtual machines, you can deploy this on your own. Certainly as a hosting company, you can deploy this across your entire enterprise.
[00:39:36] Nathan Wrigley: So you are dealing with very technical, the people that purchase from you they’re not me, for example. They are very technical. They’re in the data centers. The sort of technical end of the hosting companies. They understand what I’ve just butchered during this episode.
It’s not like a freelancer market. You will not be selling Black Wall as a plugin. You are dealing with, directly with hosting companies and the tech side of those hosting companies.
[00:40:01] Robert Jacobi: There’s a wonderful German word called Jein. So yes and no.
[00:40:04] Nathan Wrigley: Oh, that is a good word.
[00:40:05] Robert Jacobi: For all the Germans listening. You still want to be able to control a lot of times exactly what kind of traffic comes in. You might want to get scraped by AI bots more than someone else does. Or you might want to turn off all scraping if you’re an e-commerce store and you’re worried about people taking your pricing and not allowing you to sell at your level.
We’ve had, and are currently reworking our entire WordPress plugin, to enable that end user control of that infrastructure. So it’s not running on your WordPress install, which is great because it’s not taking up resources, filling up your hard drive. But you can control, as an end user, the granularity of the traffic that’s able to access your site.
[00:40:45] Nathan Wrigley: Oh, so you have a plugin, so you are reading what the hosting company is doing. You can view it through a GUI on your WordPress website, but you are not actually, it’s nothing to do with your WordPress install. You’re getting the data from your hosting company, and that is another layer away from you. Okay. That’s interesting. I didn’t realise that.
[00:41:04] Robert Jacobi: Yes, it empowers all these website owners, agencies, MSPs, to fine tune, for lack of a better term.
[00:41:10] Nathan Wrigley: Yeah. And then do you offer a sort of GUI for data breakdown, tables, graphs, charts, and ways to block things that you imagine are suspicious, and alerting and things like that?
[00:41:20] Robert Jacobi: Yep, as well as defaults for all sorts of things of course, just to make life easier for folks. You can go and visit our site and get some initial monitoring for your site for free. We enjoy having that as part of just an offering of the reporting and monitoring, you can see it. My traffic has been great, and then all of a sudden you look and it’s oh wait, it’s just been Chat GPT.
[00:41:40] Nathan Wrigley: Sad realization that the million visitors that seemed to be going to your excellent article were in fact Chat GPT.
[00:41:47] Robert Jacobi: Bots stealing that information.
[00:41:49] Nathan Wrigley: Sadly, time has got the better of us. We’re at the time where Robert has to walk away. I know he’s got a hard stop. Firstly, my apologies, dear listener for utterly butchering the OSI model. I’m sure there’s a lot of geeks out there who were just throwing things.
[00:42:01] Robert Jacobi: They’re going to kill, but my hope is everyone looks it up, a lazy Sunday afternoon understanding.
[00:42:06] Nathan Wrigley: Exactly. And that, really was my capacity to understand it. Doesn’t matter how much more I read it, I will be able to get no more out of it. But an important conversation, and one that we’ve never had before. We never get into the weeds of all of that. It’s always WordPress all the way down.
And this is what’s happening before, WordPress gets to put the bits and your screen. So really important and hopefully, like Robert said, it will encourage people to go and have a little look.
Robert Jacobi, thank you so much for chatting to me today, and good luck with the new rebranding of BotGuard into Black Wall. I hope that goes well too. Thank you so much.
[00:42:39] Robert Jacobi: Thank you Nathan.
WP Tavern
Leave a Reply
You must be logged in to post a comment.