Disclaimer: I'm not affiliated with Twitter in any way, other than as a consumer of their API and a user of their product. Currently, my app running on appengine is having the same difficulty as many of you.
There's a lot of false statements and accusations being made against the Twitter folk right now. These are being made by unhappy people who's products that rely on Twitter aren't working, and don't understand what's going on. First off, to people stating that Twitter Ops needs to work 30 hour shifts, and any ops person who hasn't, isn't a real ops person. A real ops person knows that after about 15 hours their mental capacity to solve problems begins to deteriorate and they have to rest in order to not cause further damage to their organization. Maybe in the little mom and pop shops where you run the show you're stuck with those 30 hour marathons, but in larger shops you have team members, and you schedule with them. Also, for a lot of what's going, there is likely nothing Twitter can do. Most of the packets that are being filtered are more than likely being filtered upstream from Twitter, by their provider(s). This DDoS will also be having an impact on their provider, who will be taking actions themselves. Since they don't exist primarily just to serve Twitter, they are going to be taking action in the best interest of all their customers, which means whitelisting IPs just because Twitter says so probably isn't going to happen "like that". Those of us using cloud applications, welcome to the first incident showing how we can be a victim of our choice to use the cloud. For all we know, the attacks are coming from the cloud we are a member of. Twitter has done very well with communication on this issue. The only suggestion I can make is to sticky their most recent updates in the hopes of more people reading them. They've had updates every day. That's a lot. The only fault I can really see with Twitter is that they haven't scaled out their infrastructure to better handle an event like this. They really should look at what Google and Facebook (who both survived the attacks better) are doing and work towards building something similar. As I'm completely ignorant of what their infrastructure looks like, I won't start offering suggestions on what to do. I've never had to support something the scale of Twitter, but I'm sure their Ops department are already working on ideas, because that's what ops does. They solve problems and make sure they don't happen again. Yes, it is frustrating that this problem still exists, and we all would have liked for Twitter to be better prepared. IMHO they are a victim of their own success and growth, and scaling to meet demand became more of a priority than scaling to manage their demand. It happens all the time. But give their ops a break. They are communicating, they are working on the issues they can work on, and the real problem is whoever is behind the attack in the first place. Bashing Twitter does nothing but make people who are tired, frustrated, and working extremely hard feel like crap because you want to whine and point fingers when you have no idea what you're talking about.