Possibly curmudgeonly thoughts about the DDoS and architecture... (was Re: [twitter-dev] Re: The silence is deafening....)
Skip to first unread message
Nick Arnett
Aug 8, 2009, 9:41:53 PM8/8/09
to twitter-deve...@googlegroups.com
On Sat, Aug 8, 2009 at 5:40 PM, Dewald Pretorius <dpr...@gmail.com> wrote:
What make you think that they can? What if the DDoS attacks are spoofing white-listed IP addresses sometimes? That would totally fit with using 302s as a response.
It's not a good idea to make assumptions about what they can and cannot do. For Twitter to have grown as large as it is, I assume that they have some very competent IT people, who surely are doing the best they can. Even though Twitter isn't taking a direct revenue hit on this, I'm sure that they know that the damage to their reputation could cost them more and more as this continues.
Hmmm... now does the idea of publishing tweetstreams as distributed RSS feeds sound more attractive? If there's a criticism to be leveled, seems to me it should be at the dependence on a single point of failure, not their inability to cope with the inevitable sophisticated attack. DDoS and such would have a far harder time causing this kind of trouble on a distributed system.
As I've said before, this isn't really a criticism of Twitter - what they've created shows the demand for this kind of service. But imagine if right now all the dead applications could fall back to reading RSS-published twitterstreams instead of depending entirely on Twitter for them?
Hope that doesn't sound like I'm taking advantage of a bad situation, but I really think this points out the serious limitations of their architecture, not the competence of their IT people. And no, those aren't the same things.
Nick
Twitter needs to realize that our apps are NOT still down because of
the ongoing denial-of-service attack. That's a cop-out to blame the
attack.
Our apps are still down because they cannot allow known, white-listed
IP addresses through the defenses.
And that is why I am getting frustrated, because I have asked multiple
times months ago that they distinguish between friend and foe, and not
kill everyone on sight when they are attacked.
What make you think that they can? What if the DDoS attacks are spoofing white-listed IP addresses sometimes? That would totally fit with using 302s as a response.
It's not a good idea to make assumptions about what they can and cannot do. For Twitter to have grown as large as it is, I assume that they have some very competent IT people, who surely are doing the best they can. Even though Twitter isn't taking a direct revenue hit on this, I'm sure that they know that the damage to their reputation could cost them more and more as this continues.
Hmmm... now does the idea of publishing tweetstreams as distributed RSS feeds sound more attractive? If there's a criticism to be leveled, seems to me it should be at the dependence on a single point of failure, not their inability to cope with the inevitable sophisticated attack. DDoS and such would have a far harder time causing this kind of trouble on a distributed system.
As I've said before, this isn't really a criticism of Twitter - what they've created shows the demand for this kind of service. But imagine if right now all the dead applications could fall back to reading RSS-published twitterstreams instead of depending entirely on Twitter for them?
Hope that doesn't sound like I'm taking advantage of a bad situation, but I really think this points out the serious limitations of their architecture, not the competence of their IT people. And no, those aren't the same things.
Nick
Dewald Pretorius
Aug 8, 2009, 10:02:56 PM8/8/09
to Twitter Development Talk
Nick,
Yes, they have very competent people. My criticism is not leveled
against the API team. They are not the ones responsible for the edge
defenses.
But this thing has happened every single time so far. Twitter comes
under attack, and the response is to simply swing the machine gun in a
360 degree arc. That's probably what I would do, but I am a lone guy,
I do not have a company full of super competent and smart people. And
the after the first time, I would make damn certain that I don't do it
again, and I would make a list of who not to shoot the next time
around.
Dewald
Yes, they have very competent people. My criticism is not leveled
against the API team. They are not the ones responsible for the edge
defenses.
But this thing has happened every single time so far. Twitter comes
under attack, and the response is to simply swing the machine gun in a
360 degree arc. That's probably what I would do, but I am a lone guy,
I do not have a company full of super competent and smart people. And
the after the first time, I would make damn certain that I don't do it
again, and I would make a list of who not to shoot the next time
around.
Dewald
Reply all
Reply to author
Forward
0 new messages