Perhaps someone should set up a wiki page for this with basic info we can
all collaborate on so we can know how to adapt to the new changes in our own
language.  I'm sure that's something we can all work together on.  Does
Twitter want to take the initiative to at least just start this so we can
all continue the collaboration on where things stand in our own languages
there?  I'm sure that would save Twitter repeated answers on the mailing

On Sat, Aug 8, 2009 at 11:01 PM, Scott Haneda <> wrote:

> Can someone point me to the details on the attack? I am a little out of the
> loop. I've heard Twitter only uses around 200Mbit/s of data. From a net ops
> perspective, why is this challenging to detect and block?
> I'm not trying to degrade the efforts of the engineers, this is a genuine
> question of curiosity.
> I would imagine a detection system is in place, so why not block off at the
> upstream the offending attack?
> As far as the API is concerned, I'm not sure I see why this can't be
> prevented in the future. If every Twitter app had to get an API key, which I
> believe is the case, those get whitelisted, all else are blocked.
> Create a test sandbox for easy non key based testing of new developers who
> want to play. There are a few thousand third party apps, whitelist their
> secret keys and how is this not solved for API reliability?
> --
> Scott
> Iphone says hello.
> On Aug 8, 2009, at 5:09 PM, Howard Siegel <> wrote:
>  I support them wholeheartedly and appreciate everything they've done to
>> thwart the DDOS attack.
>> While it is true that many of the tools used in the attack do not appear
>> to follow the 302s right now, you can be your bottom dollar that they will
>> very quickly be updated to do just that, perhaps even quicker than Twitter
>> can finish recovering from the attack and put in to place measures to better
>> survive future attacks.
>> At best it is a stopgap to get over the current attack.

Reply via email to