×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

143 comments

Bug fixed (2, Informative)

PeekabooCaribou (544905) | more than 3 years ago | (#32158474)

Twitter says they have resolved this bug. http://status.twitter.com/post/587210796/follow-bug-discovered-remedied [twitter.com]

Re:Bug fixed (5, Funny)

Scrameustache (459504) | more than 3 years ago | (#32158694)

Twitter says they have resolved this bug.

http://status.twitter.com/post/587210796/follow-bug-discovered-remedied [twitter.com]

It's not so much fixed as unreproducible by way of disabling the entire "follow" feature. The twits are in a panic, wondering if they've offended people since their followers have all disappeared.

Does this work on Slashdot? (5, Funny)

InvisibleSoul (882722) | more than 3 years ago | (#32158806)

accept +1 Funny

Re:Does this work on Slashdot? (0, Offtopic)

Yvan256 (722131) | more than 3 years ago | (#32158884)

Looks like it works, but let's try it with something else just to be sure.

accept +5 MooCow

Re:Does this work on Slashdot? (2, Funny)

capo_dei_capi (1794030) | more than 3 years ago | (#32159188)

This board does not have Super Cow Powers.

Re:Does this work on Slashdot? (3, Interesting)

Idiomatick (976696) | more than 3 years ago | (#32160024)

I like that this was marked troll as if the mods were personally offended that someone dare suggest that /. doesn't have 'Super Cow Powers'.

Re:Does this work on Slashdot? (1)

capo_dei_capi (1794030) | more than 3 years ago | (#32160454)

Yup, this is definitely the last time I doubt the omnipotence of /.
Gonna get banned if I do it again, anyway.

Re:Bug fixed (1)

Scrameustache (459504) | more than 3 years ago | (#32159316)

It's not so much fixed as unreproducible by way of disabling the entire "follow" feature.

Aaaaaaaaand now it looks fixed.

Why do Web 2.0 sites have so much trouble? (0)

Anonymous Coward | more than 3 years ago | (#32159620)

What is it with the so-called Web 2.0 sites that makes them so much more prone to cock-ups like this?

If they aren't suffering from a security flaw like this one, they're suffering from horrible performance problems.

Take Reddit, for instance. They put it in read-only mode for many hours last week after users had their posting histories go missing and other problems arose.

It's not like these sites are getting that much traffic. Digg and Reddit aren't even in Alexa's Top 100 sites. There are many other sites out there that get just as much, if not more, traffic, yet their performance is just fine.

Maybe it has something to do with these sites using NoSQL? They've flat out rejected 40 years of accumulated database knowledge and experience in favor of messing around with network-aware hash tables. Maybe it's no surprise that they have so many problems, when they intentionally avoid best practices.

Re:Why do Web 2.0 sites have so much trouble? (1)

dskzero (960168) | more than 3 years ago | (#32159926)

I'd guess it's because there are more users more likely to stick their mouse pointers where they are not supposed to.

Re:Why do Web 2.0 sites have so much trouble? (1)

Michael Kristopeit (1751814) | more than 3 years ago | (#32160440)

those best practices are perhaps the reason twitter did not exist 40 years ago.

the key is LATENCY. if you want transactions and master slave replication with views and triggers with millions of active users that all want 1 second latency to view tweets and 1 second latency to publish tweets, then best practices can't help you.

Re:Bug fixed (1, Funny)

pitchpipe (708843) | more than 3 years ago | (#32158700)

Twitter Bug Lets Users Force Others To Follow Them

Who could resist following someone who was doing the "TwitterBug"? It's such an irresistible dance!

Solution... (-1, Offtopic)

ls671 (1122017) | more than 3 years ago | (#32158476)

Here is the solution I propose for them in order to strike a balance:

1) Do not hire anybody using social networking sites.

2) Make joining social networking sites a cause of immediate termination of employment.

Side effect in my case: 3) profit from the new job openings available ;-)

Seriously, I hear that this has even become an issue for military staff located overseas where tactical information might be leaked when sampling feedback from a sufficient number of individuals.

Re:Solution... (4, Interesting)

PeekabooCaribou (544905) | more than 3 years ago | (#32158532)

Slashdot has comments, friend/foe, and journal (blog) space. What's to prevent you from getting fired for using Slashdot?

Re:Solution... (1)

ls671 (1122017) | more than 3 years ago | (#32159186)

> Slashdot has comments, friend/foe, and journal (blog) space.
> What's to prevent you from getting fired for using Slashdot?

much less obvious when comes the time to link it to my identity. Not that it is impossible although ;-)

I never told my Slashdot ID to anybody I know, I don't friend/foe anybody and I have no journal. Additionally, I try to be careful about what I post.

When can I pass the interview ? ;-)

Re:Solution... (1)

Abstrackt (609015) | more than 3 years ago | (#32159274)

> Slashdot has comments, friend/foe, and journal (blog) space. > What's to prevent you from getting fired for using Slashdot?

much less obvious when comes the time to link it to my identity. Not that it is impossible although ;-)

I never told my Slashdot ID to anybody I know, I don't friend/foe anybody and I have no journal. Additionally, I try to be careful about what I post.

When can I pass the interview ? ;-)

When you work for a company I'm pretty sure they know your identity. I think it's also safe to assume they don't care what your /. ID is, just that you're wasting company time.

Re:Solution... (1)

drachenstern (160456) | more than 3 years ago | (#32159898)

And yet some of us have been using slashdot for as long as we've been on the web (roughly so ~ more or less) as younger folks know it today.

I've been using this nick since 95 ish and haven't hidden that fact as far as I can remember. It was only lately that I even got an email addy that matched my real name (and that only for job hunt purposes). So I guess the fact that you don't share your username outside /. is related to the fact that you only got on the internets a couple years ago?

Also, who the f*ck cares? It's /.. We're supposed to be crackpots. Why be careful about what you post?

Re:Solution... (0)

Anonymous Coward | more than 3 years ago | (#32160712)

That reminds me of a Breakfast Club quote: "Demented and sad... but social."

Re:Solution... (1)

WrongSizeGlass (838941) | more than 3 years ago | (#32159146)

1) Do not hire anybody using social networking sites.

2) Make joining social networking sites a cause of immediate termination of employment.

Are you kidding me? How on earth do you expect employers to spy on their employees without the employees handing out their personal lives on a sliver platter? Sure, everyone wants the "best and the brightest" employees ... but do you really need a Rhodes scholar to do your accounts payable paperwork? Or handle your returns department? Of course not. Employers use these sites to "safely" monitor their herd of employees without "going to far".

Re:Solution... (1)

ls671 (1122017) | more than 3 years ago | (#32159360)

Sorry I posted on the wrong topic, I had a FA linking to a topic about social networking sites and jobs in "sensible activity fields" on my /. front page and it doesn't seem to be there anymore ;-))

It might be a /. bug, I can`t explain it ;-(

Re:Solution... (2, Interesting)

ls671 (1122017) | more than 3 years ago | (#32159502)

Sorry I posted on the wrong topic, I had a FA linking to a topic about social networking sites and jobs in "sensible activity fields" on my /. front page and it doesn't seem to be there anymore ;-))

Here is the link I posted to, it apparently has been rescheduled from 1:27 PM to 3:09 PM eastern time. So it seems like a /. problem.

http://tech.slashdot.org/story/10/05/10/1652245/Businesses-Struggle-To-Control-Social-Networking?art_pos=1 [slashdot.org]

Probably not a bug (5, Interesting)

BadAnalogyGuy (945258) | more than 3 years ago | (#32158554)

Consider that selling a list of users and their preferred content information to advertisers could result in a huge profit for Twitter. Then imagine a captive audience forced to receive what is essentially spam tweets.

This is definitely a feature, not a bug. And this disabling of the feature for the time being is a temporary measure to let the furor blow over before reactivating it later.

Twitter isn't a public utility. It's a business just like Google and Microsoft. They will find a way to monetize your behaviors.

So what should you do? Stop using Twitter?

Re:Probably not a bug (5, Insightful)

fotbr (855184) | more than 3 years ago | (#32159102)

A strange game. The only winning move is not to play.

Re:Probably not a bug (5, Funny)

fustakrakich (1673220) | more than 3 years ago | (#32159776)

That might not be allowed. If you don't sign up with these social networks, you will be flagged as a "loner" type , and put on the no fly list. Customs already does this to people who don't have a credit card. I speak from experience. So, what have you got to hide? Sign up already!

Re:Probably not a bug (0)

Anonymous Coward | more than 3 years ago | (#32159128)

So what should you do? Stop using Twitter?

Yes.

Re:Probably not a bug (0)

Anonymous Coward | more than 3 years ago | (#32159176)

So what should you do? Stop using Twitter?

Yes.

Re:Probably not a bug (1)

trytoguess (875793) | more than 3 years ago | (#32159550)

So what should you do? Stop using Twitter?

Not a bad solution, this [twitter.com] link claims locking your twitter account would also work.

Re:Probably not a bug (3, Insightful)

Dalambertian (963810) | more than 3 years ago | (#32160026)

The suggestion that we should stop using twitter because of spam is quite strange. Has spam stopped you from using email?

Re:Probably not a bug (0)

Anonymous Coward | more than 3 years ago | (#32160132)

So what should you do? Stop using Twitter?

Please?

Re:Probably not a bug (0)

Anonymous Coward | more than 3 years ago | (#32160512)

That doesn't make any sense. The bug is that you can sign people up to follow your tweets by simply forging the expected "ack" for what would normally be the "syn" on a protected account. This would allow the user to do things like unfollow or block unwanted twitter accounts that are used for advertisers.

Twitter has already said that they are creating an advertising system that will insert ads into your twitter stream. These supposedly will be single ads, inserted at the top, similar to google's searches. These will not be advertiser streams that you will be signed up to receive: they will simply appear in your stream. You will have no recourse to stop following or ban the ads, as they are phantoms in the system. They behave nothing like the bug listed here.

Making it a public call would be even more foolish, as advertisers would be able to use it without actually paying Twitter. They could just sign people up on their own. What would be the profit in that? Twitter needs to control access as the gatekeeper in order to make advertisers pay.

And do you really think Twitter the company doesn't have in-house tools to add anyone to anything they want to? What would they need this hacky external method for?

Think it through. This is a bug, pure and simple. Someone wrote the authentication for protected accounts a long time ago, and didn't put a lot of thought into it being a worldwide phenomenon. Yes, Twitter is going ad-supported. But this bug has nothing to do with that.

Don't be silly (1)

Snaller (147050) | more than 3 years ago | (#32160540)

"So what should you do? Stop using Twitter?"

Exactly. They'd loose 90% of their users like that if it they started doing that.

Re:Don't be silly (0)

Anonymous Coward | more than 3 years ago | (#32160802)

Exactly. They'd loose 90% of their users like that if it they started doing that.

They'd turn 90% of their users loose? Good heavens! Can you imagine 90% of Twitter's users, loose in the wild, making hideously abbreviated statements and acting like they're important because a bunch of other abbreviated-minded people follow them? It'd be an unprecedented disaster! It'd be as if all the braindead SMS texters suddenly started talking exactly like they text, in the real world!

We have to stop it from happening! Twitter can't LOSE * a single user over this!

*: You illiterate moron.

Re:Probably not a bug (0)

Anonymous Coward | more than 3 years ago | (#32160688)

Or it could just be a bug.

Re:Probably not a bug (2, Insightful)

Jer (18391) | more than 3 years ago | (#32160976)

Whether or not this would be useful for spam, it would be more profitable for Twitter to be able to control it, rather than letting individuals force other people to follow them. This is clearly a bug - there's no financial benefit to Twitter with this and if it went on for too long they'd lose users (which is probably why they shut off the follower mechanism as soon as the bug was publicized).

Not to say Twitter couldn't introduce their own advertising scheme. Just that if they did they'd want it to be one they controlled - and took payments for - not one that random spammers could exploit for free.

That sounds more like a (3, Insightful)

abbynormal brain (1637419) | more than 3 years ago | (#32158556)

test command embedded into the code that allows "dummy" testing within the development environment. Either way - oops.

Re:That sounds more like a (3, Insightful)

squiggleslash (241428) | more than 3 years ago | (#32159108)

I'm going to stick my neck out and suggest it's more a case of someone deciding not to check for errors in a bit of code.

In Twitter, you can have either protected tweets or unprotected tweets. If the former, then if someone wants to follow you, they have to request it, and you can either "accept" them following or deny it.

It looks to me that the commands are sent in-band, and that the command "accept " is related to the above code. What isn't happening is any check that the person identified ever actually sent a request in the first place.

So, this isn't an evil conspiracy to send people advertising (was BAG being serious?), and I doubt it's test code either. The above just "fits" with everything we know about twitter.

Re:That sounds more like a (3, Interesting)

AndrewNeo (979708) | more than 3 years ago | (#32159372)

They're likely sent in-band because most SMS commands are the same as the web interface. You can follow, direct message, etc. through both SMS or the update interface.

Of course (1, Funny)

Monkeedude1212 (1560403) | more than 3 years ago | (#32158570)

Justin Bieber is actually a secret computer hacker, breaking simple algorithms like this is cake for him.

In fact, all of his music is about IRC.

Re:Of course (1, Funny)

Thelasko (1196535) | more than 3 years ago | (#32158912)

From what I understand, this bug was discovered by someone who calls himself "Bobby Tables [xkcd.com]." However, there appears to be no records of such person in any school system computers.

So...? (5, Funny)

fahrbot-bot (874524) | more than 3 years ago | (#32158594)

All your tweets are belong to us?

Re:So...? (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#32158748)

I was thinking more the "In Soviet Russia" meme, but couldn't come up with anything that sounded remotely original.

"In Soviet Twitter, you follow who you are told" was the best I could come up with, but it's lame enough to be a joke on me, really. "In Soviet use of Soviet meme, Joke is you!" I guess.

mod 3o3n (-1, Troll)

Anonymous Coward | more than 3 years ago | (#32158786)

(7000+1440+700)*4 was what got me Halt. Even Emacs

and i thought people just hated me (1, Insightful)

alen (225700) | more than 3 years ago | (#32158848)

looked up my twitter and i have 0 followers now

Re:and i thought people just hated me (0)

Anonymous Coward | more than 3 years ago | (#32158990)

I still have the same number of followers.

In-Band Signalling (3, Insightful)

captaindomon (870655) | more than 3 years ago | (#32158880)

This is one of the difficulties of In-Band Signaling [wikipedia.org]. Their communication channel is so limited that handling secure signaling is difficult.

Re:In-Band Signalling (2, Insightful)

Amouth (879122) | more than 3 years ago | (#32159026)

not exactly.. their failure was not implementing some type of request/accept queue system.. and if they did they bypassed it and gave the accept message the ability to add people even if they where not in the queue, which is just stupid.

while i agree that In-Band Signaling is not easy to do right, and that they do have a limited communication channel.. they do not have a limited processing or back-end infrastructure..

there is no excuse for this type of screwup..

Re:In-Band Signalling (1)

MarcoAtWork (28889) | more than 3 years ago | (#32159268)

it's not *that* difficult: you could have a simple UUID sent on follow requests that has to be returned in the accept/not accept response for example; the fact that twitter fixed this issue very quickly could mean that that this was indeed a testing command that was left in and that the user-initiated follow/unfollow works a bit more securely...

Re:In-Band Signalling (1)

drachenstern (160456) | more than 3 years ago | (#32159964)

well, go ahead and accept me at my /. twittername and see if it works. I think they've disabled follow/unfollow requests for now

Plus, I really wanna see if it shows up on both ends of the queue, or just the one end.

Blue Box (5, Interesting)

John Whitley (6067) | more than 3 years ago | (#32158906)

Heh, it's tempting to view this as an accidental homage to the blue box [wikipedia.org].:

An early phreaking tool, the blue box is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism. The most typical use of a blue box was to place free telephone calls - inversely, the Black Box enabled one to receive calls which were free to the caller.

For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)

Re:Blue Box (1)

TubeSteak (669689) | more than 3 years ago | (#32159118)

For those new to the party, on early telephony networks the telco's control signals were sent on the same channel as the content (voice) signals. Some bright folks figured out how to exploit this weakness. Oops. ;-)

The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.

Which only makes Twitter's glaring mistake all the more embarrassing.
It's up there with Norton's "stopkeylogger" fiasco.

Re:Blue Box (3, Informative)

hitmark (640295) | more than 3 years ago | (#32159226)

yep, telcos operated on the "security by obscurity" system. Only their own personnel should in theory know the unlisted numbers to the switches and so on. But thanks to anything from grabbing manuals from the back of repair trucks, to wardailing whole area codes, this didnt work in the long run.

Re:Blue Box (1)

morgan_greywolf (835522) | more than 3 years ago | (#32159404)

Which only makes Twitter's glaring mistake all the more embarrassing.
It's up there with Norton's

Damn it! Why does your post keep crashing my browser? There's nothing after this...

Re:Blue Box (2, Insightful)

cgenman (325138) | more than 3 years ago | (#32160590)

The main difference being that back in the blue boxing days, security was an afterthought and now it's a multi-billion dollar industry.

It's a multi-billion dollar industry... that gets called in after-the-fact once a tool gets really popular.

it's all fun and games (0, Offtopic)

circletimessquare (444983) | more than 3 years ago | (#32159340)

until you realize that as twitter creeps further into english language use, the following conversation following english language convention is only a few months away:

"i was going to twitter that until i got the tweet you twatted yesterday and i realized its no fun twuttering anymore, you twat"

"don't call me a twat you twit"

(shudder)

Re:it's all fun and games (1, Funny)

Anonymous Coward | more than 3 years ago | (#32159706)

saying twat in the context of twitter was funny for like the first 5 minutes of twitter existing

Testing (4, Funny)

Dan East (318230) | more than 3 years ago | (#32159358)

modfunny 318230

Re:Testing (0)

Anonymous Coward | more than 3 years ago | (#32160048)

You're doing it wrong ... it would be modfunny 32159358

(But then you didn't know your mid when you posted, did you?

Re:Testing (0)

Anonymous Coward | more than 3 years ago | (#32160314)

it works! quick freeze the mod system, it's got the same bug as Twitter!

Conan saw it coming (1, Insightful)

Anonymous Coward | more than 3 years ago | (#32159410)

http://twitter.com/ConanOBrien/status/13631062967

It's twitter (0)

Anonymous Coward | more than 3 years ago | (#32159668)

It's twitter. Did you really think it takes that great of an actual programmer to write that site? I mean they did decide to make a massive site using Ruby on Rails and then write their own message queue in Ruby, ignoring the 100000 existing queues that were better in Ruby and other languages. Is anyone shocked that they can't implement basic logic and security properly?

Recursive twittering (1)

Jesus_666 (702802) | more than 3 years ago | (#32159930)

Has anyone abused this to follow themselves? That has much more fun potential than pretending random strangers care about your tweets.

Re:Recursive twittering (1)

Phrogman (80473) | more than 3 years ago | (#32160208)

I would agree, but the only people following me are random strangers - possibly because I signed up for Twitter, sent one tweet as a test, and haven't been back again. I just don't see the point if you aren't a celebrity who wants to get more publicity.

Re:Recursive twittering (1)

cgenman (325138) | more than 3 years ago | (#32160630)

If you have a large group of friends and associates, it's a nice way to let each other know of goings-on. Things like BBQ's, beach outings, cocktail nights, etc.

If people you know aren't using it, then it is exceedingly useless.

Re:Recursive twittering (0)

Anonymous Coward | more than 3 years ago | (#32160776)

You're a real cocktail, fruit!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...