Nick,
Yes, they have very competent people. My criticism is not leveled
against the API team. They are not the ones responsible for the edge
defenses.
But this thing has happened every single time so far. Twitter comes
under attack, and the response is to simply swing the machine gun in a
360 degree arc. That's probably what I would do, but I am a lone guy,
I do not have a company full of super competent and smart people. And
the after the first time, I would make damn certain that I don't do it
again, and I would make a list of who not to shoot the next time
around.
Dewald
On Aug 8, 10:41 pm, Nick Arnett nick.arn...@gmail.com wrote:
On Sat, Aug 8, 2009 at 5:40 PM, Dewald Pretorius dpr...@gmail.com wrote:
Twitter needs to realize that our apps are NOT still down because of
the ongoing denial-of-service attack. That's a cop-out to blame the
attack.
Our apps are still down because they cannot allow known, white-listed
IP addresses through the defenses.
And that is why I am getting frustrated, because I have asked multiple
times months ago that they distinguish between friend and foe, and not
kill everyone on sight when they are attacked.
What make you think that they can? What if the DDoS attacks are spoofing
white-listed IP addresses sometimes? That would totally fit with using 302s
as a response.
It's not a good idea to make assumptions about what they can and cannot do.
For Twitter to have grown as large as it is, I assume that they have some
very competent IT people, who surely are doing the best they can. Even
though Twitter isn't taking a direct revenue hit on this, I'm sure that they
know that the damage to their reputation could cost them more and more as
this continues.
Hmmm... now does the idea of publishing tweetstreams as distributed RSS
feeds sound more attractive? If there's a criticism to be leveled, seems to
me it should be at the dependence on a single point of failure, not their
inability to cope with the inevitable sophisticated attack. DDoS and such
would have a far harder time causing this kind of trouble on a distributed
system.
As I've said before, this isn't really a criticism of Twitter - what they've
created shows the demand for this kind of service. But imagine if right now
all the dead applications could fall back to reading RSS-published
twitterstreams instead of depending entirely on Twitter for them?
Hope that doesn't sound like I'm taking advantage of a bad situation, but I
really think this points out the serious limitations of their architecture,
not the competence of their IT people. And no, those aren't the same
things.
Nick
