Something has been rocking the boat over at Twitter, where stability issues on Monday afternoon caused the company to temporarily take down Twitter Lists, a popular and relatively new feature that lets members group Twitter accounts into categories.
"We began experiencing a very high rate of errors and we are working on the underlying problem," a post on the Twitter status blog read. It was later updated saying, "We are now recovering from this unexpected downtime. The Lists feature is temporarily unavailable as we diagnose the cause of the outage."
Many members had reported sightings of the "fail whale," Twitter's error message featuring a cartoon whale, earlier on Monday. It may have been more noticeable than usual because of the day's status as "Cyber Monday," a big day for holiday e-commerce deals--which in this day and age means plenty of people hunting on retailers' Twitter accounts for fire-sale promotions.
Obviously, amid all the seasonal shopaholism, somebody forgot to feed the whale.
CheckMySite, a company that monitors uptime of Web sites, announced on Thursday that Twitter still has some serious performance issues.
CheckMySite continually monitored Twitter's uptime over the past 12 months and found that Twitter wasn't able to maintain an effective uptime rate during that period, though it did perform better in some months rather than others.
CheckMySite's report found that Twitter's best uptime between October 2008 through the end of October 2009, was in December 2008, when the site was up 99.97 percent of the time. During Twitter's worst month, August 2009, the its site was up just 99.15 percent of the time.
Without any comparison, Twitter's figures probably won't mean much. Realizing that, CheckMySite compared the social network's uptime to Facebook and MySpace. According to CheckMySite, both Facebook and MySpace "have an uptime of 100 percent, meaning there is virtually no occurrence of frustrated access among visitors."
"Any company that has an uptime statistic of less than 99.9 percent should definitely work to improve the situation," Andrew Stock, CheckMySite's international sales director said in a statement.
Twitter has suffered from uptime issues almost since its founding. For a while, it was so bad that some postulated that it could lead to the site's downfall. In recent months, Twitter's uptime seemed to improve, though it experienced a few snags along the way. Evidently, things haven't been as good as some thought.
Twitter did not immediately respond to request for comment.
Twitter's servers were on the fritz again on Tuesday, with members receiving server timeouts and third-party applications unable to access the microblogging service. This appears to have begun around 11:45 a.m. PDT.
Twitter posted an update to its status blog when the servers had been in flux for about 10 minutes: "Responding to site downtime. We're working to recover from a site outage and will update as we learn more."
The service was back up about a half hour later. At 12:17 p.m. PT, Twitter confirmed that it was an attack. "We're back up and analyzing the traffic data to determine the nature of this attack," the company said.
Outages used to be commonplace at Twitter when the small start-up's servers were unable to keep up with the massive amount of data flowing through them. They gradually became less and less frequent. But this one's particularly notable because it happens as Twitter is still reeling from a denial-of-service attack last week that targeted a Georgian activist blogger but ended up knocking Twitter's servers offline for several hours. Other services, like Facebook and LiveJournal, were also affected by the attack.
More updates when we hear them...last updated at 3:57 p.m. PT.
Oh, snap! I'm not even getting a fail whale!
Twitter was inaccessible for several hours on Thursday morning, followed by a period of slowness and sporadic time-outs (and more outright downtime). The company is blaming an "ongoing" denial-of-service attack but has not said anything further. Facebook has also confirmed that it was targeted by a DoS attack that rendered some of its features slow or non-functional.
Judging by the timeline of my TweetDeck client, it looks like the problems started right around 6 a.m. PDT.
"We are determining the cause and will provide an update shortly," Twitter's staff posted at 6:43 a.m. PDT on the service's status blog.
Then, around 7:49 a.m. PT, the company posted, "We are defending against a denial-of-service attack and will update status again shortly."
Around 8:15 a.m., the status blog post was updated with "The site is back up, but we are continuing to defend against and recover from this attack." (I still was unable to access Twitter.)
Perfomance monitoring firm AlertSite says that Twitter's home page went down at 6:05 a.m. PT and was showing 40 percent availability at 8:04 a.m. PT, but that timeouts were continuing from most of its monitoring locations at 8:30 a.m.
Way back when, Twitter outages were so commonplace that it was worth reporting when it didn't crash--as when it stayed afloat during the entire South by Southwest Interactive Festival in 2008. Now, a few million dollars of venture capital later, the service is far more stable.
Twitter wants to establish itself as a communications standard rather than just a social-media brand. It's been a crucial platform for information exchange in the face of global events where more traditional means of broadcasting have been inaccessible or blocked.
Problems at Facebook, too
Some features of Facebook were also experiencing uptime issues on Thursday--one reader speculated that log-in servers may have been down--which raises the issue of whether a hosting company problem is to blame. Alternately, a denial-of-service attack could have been targeting both high-profile companies.
Facebook responded later in the morning on Thursday with a statement. "Earlier this morning, we encountered issues within our network that resulted in a short period of degraded site experience for some visitors," the statement read. "No user data was at risk and the matter is now resolved for the majority of users. We're monitoring the situation to ensure that users continue to have the fast and reliable experience they've come to expect from Facebook."
About an hour later, the company revised the statement to confirm that a denial of service attack was involved. "Earlier this morning, Facebook encountered network issues related to an apparent distributed denial of service attack, that resulted in degraded service for some users," the updated statement read. "No user data was at risk and we have restored full access to the site for most users. We're continuing to monitor the situation to ensure that users have the fast and reliable experience they've come to expect from Facebook."
But the Facebook outages were not on the same scale as Twitter's by any means, said Ben Rushlo, a senior consulting manager at performance firm Keynote. "There's been a few slow data points but you couldn't even put them in the same sort of stratosphere of comparison," Rushlo told CNET News.
Publishing site LiveJournal also appears to have been affected by attacks on Thursday.
Botnets, bot herders, and DDoS attacks
DDoS (distributed denial-of-service) attacks typically come from a collection of compromised computers called a botnet, said Graham Cluley, a senior technology consultant at Internet security firm Sophos. The botnet computers can inundate a Web site's servers with communication requests, legitimate or malformed to cause extra trouble.
Botnet-based DDoS attacks are difficult to deal with because it can be hard to distinguish legitimate communications from those that are part of the attack. And just blocking access from the IP addresses of offending computers poses complications: "You don't want to block legitimate users. The computers probably sending (the DDoS) traffic to Twitter belong to legitimate people," Cluley said.
DDoS attacks can be motivated by people seeking ransom money or seeking to make a political statement, but Cluley suspected that's not the case in this particular attack. "My guess is this is most likely some kid in a back bedroom who has access to a large botnet and is showing off to his friends what he can do," Cluley said.
Twitter is unusual in that much of its use comes not through its Web site but through an application programming interface (API) that lets software such as TweetDeck interact with the service. API access also suffered during the outage.
"Often there is collateral damage" during a denial-of-service attack, Cluley said. "Other servers can begin to fall over."
There have been a notable number of DoS attacks recently in the social-media space: On Wednesday, URL shortener Trim claims that one such attack rendered its truncated URLs inaccessible for some time; earlier in the week, blog network Gawker Media was downed by an attack that targeted The Consumerist, a property that it recently sold but still hosts on its servers.
Denial-of-service attacks are actually waning these days as bot herders rent their botnets to those who want to use them to send spam or host malicious software that can be used to compromise other computers, said John Harrison, group product manager of security response at security software company Symantec.
"Organized crime and other groups have gone off to other things. It's more lucrative for them to use the Internet, not to take the Internet away," Harrison said. Using a botnet in a denial-of-service attack can reveal computers to be part of a botnet, for example when an administrator notices high network traffic from a compromised machine, so keeping a low profile can save the botnet for use another day.
To keep a PC from becoming part of a botnet, Harrison recommended keeping the operating system, browser, browser plug-ins such as Adobe Systems Flash and Reader, and other software up to date, and naturally to install antivirus software. "All it takes is one vulnerability to potentially have malware installed," he said.
A massive series of DoS attacks hit the Web a decade ago, long before either Facebook or Twitter was remotely close to existence. They hit the likes of CNN.com, Amazon, E*Trade, eBay, and Buy.com, and were such a serious problem that the FBI held a series of press conferences to address concerns.
There has been no indication that a single party, or groups of hackers in tandem, was responsible for the Facebook and Twitter attacks, or whether there was any connection to the other DoS attacks on smaller sites earlier this week. But it's probably not a coincidence that they all happen to coincide with the annual Defcon hacker convention.
One security expert thinks he may have found a connection. "Today's outage is happening at the same time a new version of the Koobface malware has been found in the wild that is using both Twitter and Facebook messages to send invitations that are designed to lure potential victims to fake AV web pages," an e-mailed statement from Paul Henry, a security analyst at the firm Lumension, explained. "The speculation is that the onslaught of bogus messages that are directing users to malicious pages may in fact be overwhelming Twitter."
More to come when we hear it. Last updated at 12:10 p.m. PT.
CNET News' Stephen Shankland contributed to this report.
One of the myriad URL-shortening services out there, found at Tr.im, suffered an outage for some time Wednesday, rendering many links unable to redirect.
The service--which is owned by a start-up called the Nambu Network--believes hackers are to blame. "From this end it appeared we suffered a denial of service attack, and we took appropriate action to get the website back to full service," a Trim representative said to CNET News in an e-mail.
There's another, less likely possible culprit: Airline JetBlue hit one million Twitter followers on Wednesday, and announced a one day-only commemorative deal that would shave 20 percent off the cost of any flights booked through a promotional link. It used Trim as the URL shortener for the link in question, and acknowledged in its "JetBlue Cheeps" Twitter-deals account that heavy volume from the sale may have unexpectedly caused the outage.
Whether or not it was the JetBlue promotion that crippled Trim, there's a bigger-picture problem here: URL shorteners like TinyURL, Bitly, Owly, Isgd, and related offerings from Digg and StumbleUpon, are a huge deal when we've all grown accustomed to fitting stuff into 140-character fields. Some, like Bitly (which Twitter uses as its automatic link shortener and which has been talked up as a possible acquisition for the microblogging company) and Trim, offer some tracking data and analytics surrounding the links plugged into their systems.
But when one crashes, so do all the links associated with it. Or what happens if a URL shortener goes out of business altogether? There would be a whole lot of lost, broken links out there. Some very small URLs could have a very big impact on the organization of the Web.
This post was updated at 1:13 p.m. PT.
Are My Sites Up?, the uptime monitoring service, now has an application for iPhone users that lets them keep an eye on all their domains when they're away from their computer. While the service offers free SMS and e-mail notifications in the event that your site goes MIA, there hasn't been an easy way to add new sites on the go, which this app does in spades.
You can add and edit new sites to keep an eye on, as well as delete them entirely. There is, however, no way to set what kind of notifications you want to get for each domain, which I'm told is coming in a future revision. Another small caveat is that you must subscribe to one of the service's three premium plans to use it, so free users cannot partake.
While this app isn't much to look at just yet, it's one that could be promising with the upcoming iPhone OS 3.0 update, which enables push notification in third-party apps. This means you could get real-time notifications when one of your sites is down even when the app isn't running. It would also let you hop straight to the site in question to double check.
Here's a quick demo of what it looks like from creator Chris Coyier:
The Google Apps status dashboard indicates which services are working. (Click to enlarge.)
(Credit: screenshot by Stephen Shankland/CNET Networks)The day after a 2.5-hour Gmail outage, Google has launched a promised Google Apps status dashboard to better communicate with customers whether their online applications are up and running.
When a needed service fails, people can be mollified--and can better plan what to do--if they hear what's going on and, what went wrong, and when the service will return. To this end, sites such as SalesForce.com and Amazon Web Services offer dashboards that show how well their services are functioning. Now Google has followed suit.
"The Google Apps Status Dashboard represents an additional layer of transparency that we believe will be particularly useful for our business users, and it's also relevant to users of our consumer products," said Tessa Prescott of the Google Apps sales team in a blog post Wednesday. "Customers can use this Status Dashboard to check on the current service status of individual services such as Gmail, Google Calendar, Google Talk, Google Docs, Google Sites and Google Video for business."
In the case of the recent Gmail outage, Google offers information about when the problem was discovered, the status of its repair, and a detailed postmortem of what went wrong.
One of my favorite new tools Are My Sites Up (previous coverage) has a new premium service for its heavier users. $75 gets you some niceties like no ads, secured RSS feeds, direct messages via Twitter, and faster checks on your sites. Users can also add an additional 10 sites to watch on top of the 50 you get with the free level of service.
Coming to the site soon is a mobile interface, statistics tracking, and an IM bot that will send you a message when there's a problem with one of your sites.
Users who are on the fence with this and something like Pingdom might want to keep in mind that Are My Sites Up does not charge anything to send you a text messages, which many other monitoring services do. One thing it's missing however, as some users have pointed out, is that you cannot set it to watch sites on certain ports, which is likely to be fixed in a future release.
Are My Sites Up is a free service that monitors Web sites to see if everything is up and running. You simply plug in the URLs of whatever sites you want to keep an eye on (they don't even have to be yours), and it will send you an alert if it notices one is down.
It does this by visiting each page on your list--up to 50 per user--every 15 minutes. If it can't load the page, you get an e-mail. You can also plug in your mobile phone number to get an SMS alert.
I very much like the idea, since you just set it and forget it. It's a nice complement to downforeveryoneorjustme.com which does the same check, but for the people unsuccessfully attempting to visit your site who believe their local undersea cable may have been cut again.
(via Delicious)
(Credit:
CNET Networks)
Correction, 4:05 p.m. PST: The name of the senior product manager for Google Apps was misspelled. It is Rajen Sheth. Also, Pingdom had an incorrect number for total downtime in its "more likely" scenario. It is 55 minutes.
Pingdom argues Google can get away with more outages because smaller ones fall between the service level agreement gaps.
(Credit: Pingdom)Pingdom, a company that monitors Web site availability, has concluded that Google gives itself a lot of wiggle room in its service level agreement for its Google Apps service.
The service level agreement (SLA) gives credit to paying customers if the service falls short of promised availability--99.9 percent measured monthly for Google Apps. Pingdom points out that because Google only counts downtime periods that last at least 10 minutes, the company could get away with intermittent problems that are shorter.
"What if Google Apps was down for 9 minutes, up for 1 minute, down 9 minutes, etc.? That would mean 54 minutes of downtime each hour, but Google still wouldn't count it because none of the individual downtimes lasted 10 minutes (or) more," according to a blog entry Thursday. In a "more likely" scenario with outages lasting 3, 8, 12, 5, 9, 14, and 4 minutes, the total of 55 minutes of actual downtime would only be counted as 26 minutes for purposes of the SLA.
Google, while concerned about uptime, isn't as concerned about the SLA terms or what it called Pingdom's "hypothetical scenario," though.
"If you look at our SLA and compare to others' in the industry, it's identical," said Rajen Sheth, senior product manager for Google Apps, pointing as an example to Microsoft's hosted Exchange service. Service providers need to set a threshold somewhere "to distinguish between a real outage and intermittent errors," he said, and Google is trying to be transparent about where it sets its.
That may sound like dodging the question about an accumulation of small outages, but the company does have a point that a blip probably shouldn't count as much as a catastrophe. Realistically, shortening the interval would probably squeeze Google on the other end to lower its 99.9 percent uptime commitment or perhaps raise its $50 per user per year price. There's no free lunch here for customers.
And after all, although SLAs are important, customers will rapidly abandon ship if a service breaks, credit or no credit.
Notably, Google monitors not only each customer account's uptime, but also each user of that account. It also gives credits even if only part of the service goes down while other parts are available, Sheth said. And though only some customers were affected by a significant Gmail outage in August, Google offered SLA credits to all Google Apps customers.
Google has promised a better dashboard to inform customers about outages. "During the times when we've seen outages, the No. 1 thing we need to do is communicate with our customers," Sheth said.
