Oh, snap! I'm not even getting a fail whale!
Twitter was inaccessible for several hours on Thursday morning, followed by a period of slowness and sporadic time-outs (and more outright downtime). The company is blaming an "ongoing" denial-of-service attack but has not said anything further. Facebook has also confirmed that it was targeted by a DoS attack that rendered some of its features slow or non-functional.
Judging by the timeline of my TweetDeck client, it looks like the problems started right around 6 a.m. PDT.
"We are determining the cause and will provide an update shortly," Twitter's staff posted at 6:43 a.m. PDT on the service's status blog.
Then, around 7:49 a.m. PT, the company posted, "We are defending against a denial-of-service attack and will update status again shortly."
Around 8:15 a.m., the status blog post was updated with "The site is back up, but we are continuing to defend against and recover from this attack." (I still was unable to access Twitter.)
Perfomance monitoring firm AlertSite says that Twitter's home page went down at 6:05 a.m. PT and was showing 40 percent availability at 8:04 a.m. PT, but that timeouts were continuing from most of its monitoring locations at 8:30 a.m.
Way back when, Twitter outages were so commonplace that it was worth reporting when it didn't crash--as when it stayed afloat during the entire South by Southwest Interactive Festival in 2008. Now, a few million dollars of venture capital later, the service is far more stable.
Twitter wants to establish itself as a communications standard rather than just a social-media brand. It's been a crucial platform for information exchange in the face of global events where more traditional means of broadcasting have been inaccessible or blocked.
Problems at Facebook, too
Some features of Facebook were also experiencing uptime issues on Thursday--one reader speculated that log-in servers may have been down--which raises the issue of whether a hosting company problem is to blame. Alternately, a denial-of-service attack could have been targeting both high-profile companies.
Facebook responded later in the morning on Thursday with a statement. "Earlier this morning, we encountered issues within our network that resulted in a short period of degraded site experience for some visitors," the statement read. "No user data was at risk and the matter is now resolved for the majority of users. We're monitoring the situation to ensure that users continue to have the fast and reliable experience they've come to expect from Facebook."
About an hour later, the company revised the statement to confirm that a denial of service attack was involved. "Earlier this morning, Facebook encountered network issues related to an apparent distributed denial of service attack, that resulted in degraded service for some users," the updated statement read. "No user data was at risk and we have restored full access to the site for most users. We're continuing to monitor the situation to ensure that users have the fast and reliable experience they've come to expect from Facebook."
But the Facebook outages were not on the same scale as Twitter's by any means, said Ben Rushlo, a senior consulting manager at performance firm Keynote. "There's been a few slow data points but you couldn't even put them in the same sort of stratosphere of comparison," Rushlo told CNET News.
Publishing site LiveJournal also appears to have been affected by attacks on Thursday.
Botnets, bot herders, and DDoS attacks
DDoS (distributed denial-of-service) attacks typically come from a collection of compromised computers called a botnet, said Graham Cluley, a senior technology consultant at Internet security firm Sophos. The botnet computers can inundate a Web site's servers with communication requests, legitimate or malformed to cause extra trouble.
Botnet-based DDoS attacks are difficult to deal with because it can be hard to distinguish legitimate communications from those that are part of the attack. And just blocking access from the IP addresses of offending computers poses complications: "You don't want to block legitimate users. The computers probably sending (the DDoS) traffic to Twitter belong to legitimate people," Cluley said.
DDoS attacks can be motivated by people seeking ransom money or seeking to make a political statement, but Cluley suspected that's not the case in this particular attack. "My guess is this is most likely some kid in a back bedroom who has access to a large botnet and is showing off to his friends what he can do," Cluley said.
Twitter is unusual in that much of its use comes not through its Web site but through an application programming interface (API) that lets software such as TweetDeck interact with the service. API access also suffered during the outage.
"Often there is collateral damage" during a denial-of-service attack, Cluley said. "Other servers can begin to fall over."
There have been a notable number of DoS attacks recently in the social-media space: On Wednesday, URL shortener Trim claims that one such attack rendered its truncated URLs inaccessible for some time; earlier in the week, blog network Gawker Media was downed by an attack that targeted The Consumerist, a property that it recently sold but still hosts on its servers.
Denial-of-service attacks are actually waning these days as bot herders rent their botnets to those who want to use them to send spam or host malicious software that can be used to compromise other computers, said John Harrison, group product manager of security response at security software company Symantec.
"Organized crime and other groups have gone off to other things. It's more lucrative for them to use the Internet, not to take the Internet away," Harrison said. Using a botnet in a denial-of-service attack can reveal computers to be part of a botnet, for example when an administrator notices high network traffic from a compromised machine, so keeping a low profile can save the botnet for use another day.
To keep a PC from becoming part of a botnet, Harrison recommended keeping the operating system, browser, browser plug-ins such as Adobe Systems Flash and Reader, and other software up to date, and naturally to install antivirus software. "All it takes is one vulnerability to potentially have malware installed," he said.
A massive series of DoS attacks hit the Web a decade ago, long before either Facebook or Twitter was remotely close to existence. They hit the likes of CNN.com, Amazon, E*Trade, eBay, and Buy.com, and were such a serious problem that the FBI held a series of press conferences to address concerns.
There has been no indication that a single party, or groups of hackers in tandem, was responsible for the Facebook and Twitter attacks, or whether there was any connection to the other DoS attacks on smaller sites earlier this week. But it's probably not a coincidence that they all happen to coincide with the annual Defcon hacker convention.
One security expert thinks he may have found a connection. "Today's outage is happening at the same time a new version of the Koobface malware has been found in the wild that is using both Twitter and Facebook messages to send invitations that are designed to lure potential victims to fake AV web pages," an e-mailed statement from Paul Henry, a security analyst at the firm Lumension, explained. "The speculation is that the onslaught of bogus messages that are directing users to malicious pages may in fact be overwhelming Twitter."
More to come when we hear it. Last updated at 12:10 p.m. PT.
CNET News' Stephen Shankland contributed to this report.
I thought Twitter hype had reached a fever pitch with the big Oprah appearance. Boy, was I ever wrong.
If it isn't Time magazine's "How Twitter Will Change the Way We Live" cover story, it's the widely-circulated Comedy Central clips of co-founder Biz Stone's April appearance on "The Colbert Report," or it's chairman Jack Dorsey, in New York for this week's Internet Week festivities, showing up in society-blog photos from the sidelines of a Diane von Furstenberg fashion show. (OMG!) When I was joking about Twitter's executives reaching pop-idol ubiquity, I didn't think it'd be this soon that they'd start to seem like a slightly older, slightly less puppy-faced set of Jonas Brothers. Twitter and its creators are unavoidable.
But there's something nobody's really saying about Twitter throughout all this: Not everyone is going to use this service. Far from it, in fact. Its mainstream impact could very well have nothing to do with TweetDeck, hashtags, or even the name "Twitter" itself.
The Business Insider did a nice by-the-numbers of exactly what Twitter's explosion amounts to: 60 percent of users quit after a month, ten percent account for 90 percent of all "tweets," et cetera. All these numbers point to one fact: Twitter is high-maintenance. Even if you're only using it to read the latest updates from a few publications and some of your favorite bands, you're still reading about them in short bites that flow in a relatively inefficient manner. Parsing the noise takes effort; participating in it takes even more.
Compare that to Facebook: you can create a static profile, check in every few days, get an e-mail alert when a former high school classmate has added you as a friend, and you're all set. There are loads of apps on the social network if you feel like playing a round of poker or pretending to turn your friends into vampires, but at its most basic level, it doesn't require much effort to stay active on Facebook. Not so with Twitter.
The company's executives seem to acknowledge that in order to reach those who won't get involved otherwise, Twitter has to think outside the 140-character box (er, stream) and get the news industry involved. These people who don't actively participate in Twitter--you know, the 60 percent who drop out after a month--are going to know Twitter as something that enhances the news they already read and watch.
"One thing that's missing from it is the editorial. I think a cohesive narrative around all these reports is missing," said Jack Dorsey at Internet Week's I Want Media panel on Wednesday, just a few hours before he was looking worthy of any gossip magazine's annual eligible bachelors list at that Diane von Furstenberg show. "Bringing journalistic integrity to this mass of messages happening in real time is still very important."
In other words, Twitter's executives realize that the product in and of itself doesn't suffice universally for a legitimate, lasting mainstream reach--namely, an impact on people who aren't going to use Twitter otherwise. There are already dozens of developer applications making it possible to customize and enhance the service. The company is now working actively with media outlets on what it calls the "creative API", integrations of Twitter into content like Current TV's news programming and MTV's forthcoming "It's On With Alexa Chung." That's the beginning of what Dorsey was alluding to on Wednesday.
As more media deals roll in, the question to explore is whether this will, paradoxically, dilute Twitter's reach (and potential for profits) as a company. Once something becomes a standard rather than a brand, it gets tougher for a single company to make money off it. Think about instant messaging: Millions of us use AIM, but AOL isn't getting any ad revenue from those of us who are using it on universal IM clients like Pidgin or Adium.
The Twitter guys have built a great product, and to their credit, I don't think any of them have ever gone on the record saying that they hope to turn all six or seven billion or however many people there are on the planet into active users. It's not that this "Twitter is revolutionary" talk isn't true. Twitter is revolutionary in the sense that it turned the world on to a whole new form of information consumption--real-time, public conversations, aggregated and searchable. But just like blogging or instant messaging, this is going to get bigger than a single brand or company.
Jack Dorsey said in the same event at Internet Week New York that "Twitter's a success for us when people stop talking about it." He's right. But that implies a few things: one, that the hype and wildfire adoption will die down; two, that Twitter will fade into the background as the mainstream starts to recognize it as something they see on TV news broadcasts rather than a nifty, trendy tool for informing the world what you're doing; and three, that as other innovative companies catch on, the "real-time streaming conversations" phenomenon will expand beyond this one microblogging service. Twitter's legacy may very well have the word "Twitter" left out of it.
For the 140-zillionth time, let's not get ahead of ourselves.
With a new product called Vine, Microsoft is tackling the issue that, in the Digital Age, contact management is no longer static--where you are and what you're doing at a given moment can matter just as much as what your cell phone number is. But instead of focusing on roving business travelers, Vine's slant is community management and emergency preparedness. It's in a private beta test right now.
Here's how it works. You download a "dashboard" application, and then you log in with your Windows Live account. Its interface takes the form of a map, where geo-tagged notifications pop up if a news story or public safety announcement--sourced from 20,000 news sources as well as the National Oceanic and Atmospheric Administration (NOAA)--happens in a specific location. (You can set preferences to only display stories from locations and areas of interest that you care about.)
Your contacts are also listed on the dashboard, where you can check out alerts that they've sent you or even just keep tabs on their Facebook status messages. "Alerts" pop up like instant messages (or text messages, as you can opt to get them on your cell phone). You can also "check in" to let your neighbors know you're at home safe if, say, there's a tornado on the rampage outside, or if you're out of town.
Existing real-time, find-who's-where applications typically have a nightlife slant, like Buzzd and Foursquare. But Microsoft hopes that the same tools of convening can be used to organize community activities and stay in touch in the event of an emergency.
The company has unveiled the product in its home city of Seattle, and, according to the Seattle Times, plans to beta-test it there in addition to a rural Midwestern town and an "isolated island community," which makes the whole thing sound just a little bit Dharma Initiative. Just a little.
All joking aside, the Web's biggest players are gunning for a way to appropriately harness social media for emergency preparedness. Google's nonprofit Google.org arm has launched a project called Innovative Support to Emergencies, Diseases and Disaster (InSTEDD) with similar goals, and Google has invested $5 million in it. InSTEDD does not have a live software product yet, but organizers have said that it plans to use, among other things, a mash-up of SMS alerts and the Google Earth mapping application.
An e-mail snafu has led to the leak of Microsoft's decision to shutter its MSN Groups service, according to LiveSide.net. It's not a surprise, as MSN Groups was one of the last vestiges of Microsoft's Web services strategy pre-Windows Live.
MSN Groups will be closing on February 21, 2009. It'll be replaced with a new service, Windows Live Groups, which debuts on November 17.
Here's the catch: The LiveSide post indicates MSN Groups will not be migrating to Windows Live Groups; the new Windows Live service will be different enough so that the transition wouldn't be a clean one. Instead, the LiveSide post says that existing MSN Groups will transition to community site Multiply--in other words, Multiply is effectively acquiring MSN Groups from Microsoft.
Representatives from Multiply, which said earlier this month that it has reached 10 million registered users, confirmed the news. Microsoft representatives released a longer statement: "It is true that we are planning to close the MSN Groups service on February 21, 2009 and will offer you the opportunity to move your group to our new partner service, Multiply. We understand the importance of keeping your group together, so we partnered with Multiply to create a migration process that moves your group to their service to preserve your online community and its history.
This post was updated at 4:30 p.m. PT with comment from Microsoft.
Web-based chat and IM company Meebo has announced a few updates to its "Community IM" chat project, which it announced this summer as a means to power live chat features on partner sites. More specifically, there are more partners on board to add to the original eight.
According to CEO and co-founder Seth Sternberg, putting Meebo on partner sites will mean that it has a reach of more than 70 million people worldwide. Eventually, there will be ads placed on the chat app, and revenue will be split between Meebo and the partner in question.
As was the plan this summer, movie site Flixster will be the first to roll out Community IM support. Meebo CEO and co-founder Seth Sternberg said that this will be a snail-paced launch. "It's going to do a small rollout over time with a bunch of different partners, mostly because of scaling concerns," he explained. "We wouldn't want to roll it out to everyone all at once and then have the system collapse."
Sternberg said that the company has been smart with its expansion, given the fact that live chat takes a lot of hardware power, and high server costs have been cited as one of the factors that could doom a hyped start-up. "Meebo serves like 35 to 40 million unique (visits) a month right now, on what I think is 150 or less servers. For the number of uniques that we have, our server count is very, very low," he explained. "The server count is certainly going to grow with the Community IM...obviously that's going to put one heck of a strain on the back-end system, but that said, we're being very, very careful."
The current roster of Community IM partners, an array of blog sites, small social networks, and gaming sites, includes: AddictingCames, Bleacher Report, DanceJam, Dhingana, Fanpop, Flixster, GlobalGrind, IBeatYou, MyYearbook, OrangeShark, Piczo, PerfSpot, SparkArt, Sugar Inc., Tagged, UGame.net, Yaari, Zinch, and Zorpia.
Meebo debuted an ad network early this year and opened up the API for its "Meebo Rooms" group chat app.
Tokoni, a community site for "sharing stories," has formally launched after nearly a year of public beta. It has taken investment backing from eBay as well as the auction giant's founder, Pierre Omidyar, and was founded by former eBay executive Mary Lou Song and Alex Kazim, former president of the eBay-owned Skype. Kazim serves as Tokoni's CEO.
"We created Tokoni to fill the distinct need for an online community where individual stories of life's experiences have a voice and are valued, and where the collective wisdom of the community is celebrated," Kazim said in a release. "The growth of social media has enabled people to control how they create, consume, and share content and personal experiences online; however, participation in the social Web is still daunting to the mainstream. Tokoni makes sharing your own story easy."
Indeed, as an adult-focused "community" site rather than a social network, Tokoni's target audience is one that hasn't caught on to the blogging and Twittering craze, and offers a more Luddite-friendly forum for conversation by encouraging the posting, reading, and discussing of personal stories and experiences. Another site with a similar slant is Gather.
With the U.S. presidential election approaching, Tokoni (which means "help" in Tongan) has partnered with WomenCount.org to provide a forum for women to discuss political issues.
When I was at the Web 2.0 Expo in New York last week, many of the panelists and speakers invited the audience to ask them questions by submitting Twitter messages. A Google engineer named Taliver Heath has gone one step further by creating Google Moderator, an application that lets the audiences at lectures and discussions submit questions and vote on the ones they'd like to hear answered.
Google Moderator, earlier named "Dory" after the inquisitive fish from Finding Nemo, started out as an internal tool. It was originally intended for the audiences at Google's "Tech Talks" series, then was extended to company all-hands meetings and other lectures at the company's Mountain View, Calif., headquarters.
"There was never enough time for all the questions, and it wasn't clear that the best questions were the ones actually getting asked," Heath wrote in a blog post. "And since many of these talks were led by offices outside of Mountain View, it became harder for distributed audiences to participate."
After a few requests, Google has now released Moderator to the general public as part of its Google App Engine platform, and it's now available for free use. I'll start by asking a question about Moderator: What if audiences are too busy reading and voting on question submissions to actually listen?
Another prominent Google employee has jumped ship to Facebook.
Elliot Schrage, vice president of global communications and public affairs at Google, has been hired in a similar role at the fast-growing social network, reports Kara Swisher of All Things Digital.
Schrage's role at both companies, founded in a legal rather than marketing background, involves dealing with D.C. lobbyists and policymakers in addition to the press. His move to Facebook follows Sheryl Sandberg, who became chief operating officer at Facebook after a stint as vice president of global sales at Google. Schrage will report to Sandberg, Swisher writes, but he inquired about the role at Facebook directly through founder and CEO Mark Zuckerberg rather than Sandberg.
Elliot Schrage
(Credit: Google)Swisher posted an internal e-mail from Zuckerberg to employees. The young CEO explained that Schrage "will be responsible for developing the key messages we want people to understand about our products, our business and the growing global importance of social networking and what we do...Elliot will direct our efforts to work with users, media, governments and other entities around the world to ensure that Facebook's policies are transparent, responsive, effective and are recognized as being those things."
Facebook representatives were not immediately available to comment or provide a public statement.
The news was originally hinted at by gossip blog Valleywag, which said earlier this week that Schrage was interviewing for the Facebook post and speculated that it had to do with his opposition to some tawdry goings-on at Google's top ranks. But as headhunting firm Binc recently found, Google employees tend to leave the company for a variety of concrete reasons, not the least of which is the fact that corporate culture has made Mountain View less of the revolution and more of The Man.
Aside from Sandberg, Facebook already employs a number of other ex-Googlers such as Ethan Beard, former director of social media; Benjamin Ling, former head of Google Checkout; and YouTube's Gideon Yu, who made the jump to Facebook shortly after Google acquired the video-sharing site.
Several other high-ranking Googlers have left for non-Facebook (and even non-Valley) destinations, like Chief Information Officer Doug Merrill, who left the company for a job at music label EMI.
Discovery Communications, parent company of the Discovery Channel, TLC and Animal Planet, has made plans to acquire HowStuffWorks, which calls itself "the leading source of credible, unbiased, and easy-to-understand explanations of how the world actually works."
The news was originally reported in The Wall Street Journal, which named a price of $250 million.
Atlanta-based HowStuffWorks, which was founded in 1998 by North Carolina State University professor Marshall Brain (yes, that's his real name), pulls in about 3.8 million unique U.S. visitors per month, according to ComScore. Instead of issuing a press release to announce the acquisition, the site created a HowStuffWorks article in the "television" category called "The Future of Media is Now," explaining how the popularity of YouTube, video-enabled media players, and high-definition technology have created conditions ideal for such an acquisition.
According to the Wall Street Journal article, Discovery will integrate its own education-based video programming with HowStuffWorks articles and potentially factor HowStuffWorks into future broadcasts.
It's all part of a broader digital strategy for Discovery Communications; earlier this year, the company purchased the widely read environmental blog TreeHugger as a new-media property for its Planet Green network.
A representative for eco-blog TreeHugger has confirmed that the site has been acquired by Discovery Communications, parent company of the Discovery Channel, The Science Channel, Animal Planet, and several other properties. A report of the deal initially surfaced in the New York Post today.
A press release from Discovery and TreeHugger confirmed that the blog will be part of the upcoming Planet Green network, but financial terms of the deal were not disclosed. The New York Post had suggested a $10 million price tag.
"TreeHugger.com is a strategic complement to our digital media portfolio, aligning perfectly with Discovery?s corporate values and the Planet Green initiative," Bruce Campbell, Discovery Communications' president of Digital Media, Emerging Networks and Business Development, said in a joint statement. "Bringing TreeHugger.com into the Discovery family gives it the resources to continue doing what it does best: bringing green living to the masses."
TreeHugger founder Graham Hill added, "Discovery Communications, with its global reach and high level of commitment to Planet Green, is launching the most significant effort in green media to date--and we?re excited to be part of it."
