A large number of customers of Rackspace Cloud, including Techcrunch, have been experiencing downtime for the past 1h 20m or so. The status blog reports that the service was degraded, and other reports state that it is due to a power outage at the Dallas network operations center. Customers of both Rackspace Cloud and Slicehost are affected, putting services such as Posterous, Dailybooth and others out of commission.
by Nik Cubrilovic on November 2, 2009
by Nik Cubrilovic on October 27, 2009
A new generation of database products and companies is beginning to emerge, and one of the more interesting examples is Swedish-based Neo Technology, the developer and vendor of the neo4j graph based database (graph in the data structure sense). The neo4j product has been in development for over 8 years, and Neo Technology are today announcing a new $2.5M round of funding. The company has been developing the neo4j project as a commercial product, and is now taking it to market with a dual-license model.
by Nik Cubrilovic on October 26, 2009
Amazon has launched a hosted relational database service, Amazon RDS, as part of the suite available at AWS. The new service is a hosted MySQL database instance with the full capabilities and access rights as a normal self-hosted DB. As a hosted solution, the service has an ability to scale out across computational, memory and storage requirements while still being treated as a single db instance by the end user. Pricing stars at $0.11c per hour for the smallest scale specification, and is available now on the AWS site.
by Nik Cubrilovic on October 21, 2009
We received a number of tips early this morning that the majority of web servers at Twitter was exposing server and load-balancer status information to the public. The status page, which are an (often default) option in the open source Apache web server dump an output of all connections and state information for a particular server. The information is used by administrators to monitor servers, and the pages are often either removed entirely or locked down to prevent the information from being used for nefarious purposes.
by Nik Cubrilovic on October 21, 2009
Yammer, the Twitter-like short messaging service for business users, has been experiencing a prolonged period of downtime today due to DNS issues. The service first went down over 12 hours ago, was alive for a short period tonight, and then became unresponsive again a few hours ago. The issue is also affecting sister company Geni, who share the same DNS servers.
by Nik Cubrilovic on October 12, 2009
When email was first created in 1965 it was used as a method to communicate between time-shared mainframe computers. Email has rapidly evolved since then, with the evolution of rich desktop clients, corporate email systems and webmail. Despite the evolution in the core messaging system, and despite the explosion in use of email, the default method for accessing and viewing communications has remained the same: chronological order.
The first webmail imitated earlier mail clients by displaying messages in chronological order. The desktop computing paradigm was folders and files, sorted alphabetically. The web paradigm for accessing information has in most cases become chronological order, mostly because of the email and webmail legacy
by Nik Cubrilovic on October 10, 2009
The big story today is about Microsoft subsidiary Danger losing all T-Mobile Sidekick customer data from their servers. Danger is the company noted for the T-Mobile Sidekick, the revolution in cloud mobile, and most memorably, almost everybody living in 90210 having to get new phone numbers because of Paris Hilton.
Valued T-Mobile Sidekick customers received a notice today from the company updating them on the “data disruption” problem. The good news is that data is no longer being disrupted. The bad news is that there is no data left to be disrupted.
by Nik Cubrilovic on October 7, 2009
Google made a very minor but significant change to their search homepage earlier this week. While everybody else was distracted by the barcode logo, a few Chrome and Safari users may have noticed that the search buttons now have a certain zing to them, a new and pretty look, with slightly rounded corners, a border around them and a cool looking gradient.
Now, before you think or say, “baa baa techcrunch why is this a story Google change their button baa baa iphone twitter” (or something like that), what is important here is not what they did, it is how they did it.
by Nik Cubrilovic on October 5, 2009
A large number of web services are geographically restricted, such as Hulu, Pandora and Spotify. The reasons are usually to do with content licensing restrictions, or because US visitors (or visitors from other advanced economies) are of a higher value from a monetization perspective. A web application can only guess at the location of a visitor based on an IP address and other information, such as browser language and regional settings.
IP addresses are mapped to countries (and in some instances, further to states and cities) using large commercial datasets such as GeoIP from Maxmind, which is a ‘best guess’ database based on data it has collected (how, I would rather not know). The system is accurate enough to enable services to block on a country level, but often fail at a more local level.
by Nik Cubrilovic on October 4, 2009
The background debate about whether or not Twitter can actually scale has intensified. More than a year ago I asked “Twitter At Scale: Will It Work?” Today Twitter is far, far bigger. And the uptime woes continue.
The big problem with Twitter is asyncronous following without limitations on the number of connections, which means that a single account can theoretically have a number of followers limited only by the total number of Twitter users. This adds massive complexity to the system. Other services solve the problem by forcing both sides to agree to friendship. Others, like Facebook, limit the connections to 5,000 as well. But Twitter has no limits on complexity. And since they are a centralized, bottlenecked system, it is both hard to scale and easy to attack.
There’s a reason why the Internet is decentralized. It has to be. If the Internet were built like Twitter, every bit of data would have to pass through a single node. If that node went down, the Internet would go down.
As Twitter grows, it needs to be architected more like the Internet.
by Nik Cubrilovic on September 25, 2009
Squidoo founder and author Seth Godin has backed down on creating company pages by default as part of their new ‘Brands In Public’ service that launched a few days ago. The idea behind the new service is that brands are able to track feedback from customers on a public ‘lense’ (aka. a web page).
Feedback is aggregated from multiple sources, but mostly twitter and mostly by matching against the brand name. The concept itself is not an evil one, but Squidoo setup feedback pages for over 200 brands at launch without the express permission from the vast majority of them. The hitch was that if a brand wanted to control the lense and the feedback, they would have to pay Squidoo $400 a month – and it was that part of the deal that made a large number of people rightfully angry.
by Nik Cubrilovic on September 24, 2009
Moments ago Microsoft launched WebsiteSpark, a new program to provide web developers and designers free copies of Microsoft development tools, applications and server licenses for a period of three years. The program is the third and latest launch as part of the ’spark’ series of outreach and support programs designed to engage communities with new Microsoft products. The initial programs to launch were BizSpark, for startups, and DreamSpark, for students.
The WebsiteSpark program announced today provides eligible individuals or organizations with 3-year licenses of Visual Studio 2008, Expression Studio, Expression Web (also part of studio), Windows Web Server, SQL Server and DotNetPanel. To be eligible, an organization or individual developer must be in the business of building web applications or websites for others (ie. clients) and also have no more than 10 employees.
by Nik Cubrilovic on September 23, 2009
A Russian security group has posted a detailed blog post (translation here) about how they managed to extract the source code to over 3,300 websites. The group found that some of the largest and best known domains on the web, such as apache.org and php.net, amongst others, are vulnerable to an elementary information leak that exposes the structure and source of website files. A web surfer is able to extract this information by requesting the hidden metadata directories that popular version control tool Subversion creates.
by Nik Cubrilovic on September 16, 2009
Twitter continues to work through username squatting issues by reassigning trademarked and even non-trademarked user names to their more appropriate owners. It’s a manual process that sometimes takes weeks, but with Twitter’s growing importance more and more brands are trying to lock up their usernames. Now, though, Twitter has a new headache, and poor organization and planning around Twitter’s third party developer platform is to blame.
When Tweets are published there is an additional layer of information below the main message that says when the message was posted, and how it was posted. Here’s an example message Michael Arrington just posted from the Seesmic Twitter web app. If you click on “Seesmic” in that Tweet it takes you to Seesmic.com.
But there’s a problem. Twitter’s API allows developers to register any application name, and Twitter messages posted from that third party application will show that name and will link to anything the developer wants. Only names that contain “twitter” or “tweet” are filtered out. Everything else is fair game.
by Nik Cubrilovic on September 7, 2009
RSSCloud is a new format specification for feeds that solves polling and notification issues. It works by adding a cloud element to a feed which describes the path to a cloud server that should be notified when a feed is updated. The cloud server, in-turn, will send the updated feed content to all subscribers and aggregators. There is a description of this process on the RSSCloud website.
The protocol was designed by Dave Winer, who also drafted the original RSS specification and pioneered the use of feeds as a way to aggregate content. RSSCloud allows feeds to be more responsive and real-time. Rather than a polling model (’are we there yet, are we there yet’), it pushes updates and update notifications down to subscribers via a cloud server and API.
by Nik Cubrilovic on September 4, 2009
It was only three days ago that I wrote about the almost hopeless challenge of web security, specifically around new vectors with cross-site scripting attacks. Today came news that an XSS vulnerability had been found in the RubyOnRails development framework – and that applications built on the framework, such as Twitter and Basecamp, were vulnerable to XSS attacks.
The vulnerability was discovered by Brian Masterbrook. He probed Twitter with some Unicode characters and found it vulnerable, tried the same thing on Basecamp and found it vulnerable, and then deduced that it must be a problem with RubyOnRails. He has an excellent and detailed write-up on his site about the process he went through. If you are running RubyOnRails anywhere, stop now and read his post as well as the security notice from the Rails developers and get your servers updated (the patch is in the notice, it will be in the release branch ‘today or tomorrow’).
by Nik Cubrilovic on September 1, 2009
We wrote this morning about Gmail suffering some turbulence, but it appears now that it has completely crashed and disappeared. Both Apps For Domain and the usual consumer Gmail service are down completely. Google seem to be going backwards on fixing the problem, this morning they sent out an alert saying:
September 1, 2009 8:18:00 AM PDT
Google Mail service has already been restored for some users, and we expect a resolution for all users in the near future. Please note this time frame is an estimate and may change.
I use Apps For Domain for everything – my contacts, my email, my todo list, my chat, my documents and more recently, my phone. As soon as it went down, I noticed in less than a second. I am now completely stuck, after a few months of being impressed by how I was able to run my entire life on Google.
Read More
by Nik Cubrilovic on August 31, 2009
Today we are trusting the web with our most personal and important data, from private photos and social graphs to finances and key work documents. Our hesitation to share such information has dropped over the years as our trust in our favorite services grows. Yet all the while, the web is actually growing less secure, as sites are left open to new attacks that can spread easily and leave users totally unaware when they’ve been compromised.
Looking back on the history of the web, classic security protection involved patching servers to assure latest versions were running, monitoring advisories from vendors, and maintaining some level of filtering and firewall to keep basic attacks out. Simple moves on the part of an admin or developer could protect sites from 99% of automated scripts. But a few years ago, a new security can-of-worms was opened, as new exploits that took advantage of simple oversights within web applications were being used to steal large amounts of user data.
by Nik Cubrilovic on July 19, 2009
The Twitter document leak fiasco started with a simple story that personal accounts of Twitter employees were hacked. Twitter CEO Evan Williams commented on that story, saying that Twitter itself was mostly unaffected. No personal accounts were compromised, and “most of the sensitive information was personal rather than company-related,” he said. The individual behind the attacks, known as Hacker Croll, wasn’t happy with that response. Lots of Twitter corporate information was compromised, and he wanted the world to know about it. So he sent us all of the documents that he obtained, some 310 of them, and the story developed from there.
This post isn’t about the confidential information taken from Twitter. It’s about exactly how Hacker Croll was able to get such deep access to Twitter in the first place.
It’s clear that Twitter was completely unaware of how deeply they were affected as a company – when Williams said that most of the information wasn’t company related he believed it. It wasn’t until later that he realized just how much and what kind of information was taken. It included things like financial projections and executive meeting notes that contained highly confidential information.
We’ve already said a lot about all of this and the related “server password = password” story that was discovered by another individual last week. But we’ve got two more stories to tell. The first, this post, is exactly how the hacks took place, based on information gathered from hours of conversations with Hacker Croll. The second is what was happening behind he scenes with Twitter as the story unfolded. We’ll post that later this week.
When the story first broke the true scope of what had taken place and how it occurred was not understood. Various bloggers speculated about the cause of the attack – with some placing the blame on Google while others blaming the rising trend of hosting documents in the cloud.
We immediately informed Twitter of the information we had in our possession (and forwarded it to them), and at the same time reached out to the attacker. With some convincing, the attacker responsible for the intrusion at Twitter began a dialog with us. I spent days communicating with the attacker in an effort to gain insight into how the attack took place, what the true scope of it was and how we could learn from it.
by Nik Cubrilovic on August 21, 2008
Amazon today launched a new web service – EBS, the Elastic Block Store (yes I also first read it as ‘Elastic Book Store’) for EC2. EBS provides persistent storage for EC2 computing instances, and the service is public today and available to all customers after a period of alpha testing with some users.
Previously EC2 instances were able to access temporary storage as part of the compute instance, or persistent storage only on S3 – the Amazon online storage service. The difference between EBS and S3 is that EBS allows block-level access, so that it can be mounted just like any other local storage device from within EC2 and can be accessed across servers and between instances. S3 is accessed as a web service, so performance for latency sensitive applications was never optimal (such as running a database store). EBS provides a much higher level of performance comparable to high-grade local storage in terms of both access times and availability.
Persistant block-level storage for EC2 is perhaps long overdue, as one of the criticisms of EC2 when it first launched was the inability to run a fast data store across snapshots, which made running databases or other data-intensive applications slightly more complicated. Services such as RightScale have built products around helping developers scale and manage MySQL instances on EC2. Other cloud-based computing services such as Mosso or virtual servers from providers such as MediaTemple have had persistent storage options, although what Amazon have developed with the combination of EC2, S3 and now EBS is a tiered approach which provides more flexibility to developers.
Read the rest of this entry at TechCrunchIT.
by Nik Cubrilovic on August 13, 2008
iPhone application development house taptaptap has published sales figures for the first month of sales for their two AppStore applications, bringing further insight into overall sales volume and figures for the online store. The two applications developed by the company are WhereTo, an application that provides a more general GPS interface to the iPhone with location-based services, and Tipulator, a simple tip calculator.
WhereTo retails for $2.99 in the store and 24,094 copies were sold in the first month – netting the company just over $50,000 in revenue after Apple took their cut (it currently ranks #69 on the top paid application list). Tipulator retails for 99 cents, and sold 3,168 copies which resulted in just over $2,200 of revenue (it is currently unranked). The table below outlines overall sales volumes and revenues for each application:
taptaptap AppStore sales and revenue numbers for US sales, month 1
| WhereTo | TipCalculator | |
| URL | AppStore | AppStore |
| Price | $2.99 | $0.99 |
| Number Sold | 24,094 | 3,168 |
| Gross Sales | $72,041.06 | $3,136.32 |
| Net Sales (after AppStore cut) | $50,597.40 | $2,217.60 |
| Total Gross | $75,177.38 | |
| Total Net | $52,815 |
The resulting net profit and sales figures are good for a small company that has developed one application that is relatively sophisticated, and another that is very straight forward and simple but yet still brings in $2,000 a month. There is definitely great revenue potential for developers of iPhone applications, as users of the AppStore and the iPhone in general are more likely to pay for applications. Integrating with iTunes makes the process simple for the user, but for the developer poses a challenge as all applications must be submitted to Apple and must meet their approval.
We should also note that while both of these applications have done well, their download figures unsurprisingly pale in comparison to those of Facebook and Tap Tap Revenge, both of which have over 1 million users. The real money in the App Store may well lie in monetizing these free applications, be it through integrated advertising or downloadable content (though it remains to be seen what restrictions Apple will place on this kind of strategy).
by Nik Cubrilovic on August 8, 2008
After the recent outbreak of a worm that hacked user Facebook accounts and disseminated through users contacts, Facebook responded with a post with advice to users on general tips about web security. Facebook head of security Max Kelly, a former FBI computer forensics examiner, wrote a blog post with advice to Facebook users including:
As a Facebook user you can help us protect you by doing the following things:
* Report any spam message or posting you see. The more reports we get, the easier it is for us to respond decisively.
* Never share your Facebook password with anyone. Never. No Facebook employee will ever ask for it, and no one else should know it. If you are ever prompted to log in to Facebook, make sure it’s from a legitimate Facebook web address. If something looks or feels off, go directly to www.facebook.com to log in.
Never entering your credentials on a non-Facebook site is very good advice, which most users should know by now and should adhere to. The problem is that Facebook do not seem to support these same principals when it comes to a users credentials from other sites, such as a users Google username and password, which Facebook requests when a user imports their contacts. The screenshot below is from Facebook, its the feature where a user can login to their Google, Hotmail or Yahoo account, from within the Facebook site, to retrieve their contacts.
This very feature directly contravenes what Facebook has stated in its own good security advice. While the message below the box does state that they do not store passwords, the point is more that the practice of users directly entering credentials from another site is a very poor design decision and generally very poor practice. Each one of the sites that Facebook integrates with supports oAuth or a similar authentication protocol that does not require the user to enter both their username and password. Better yet, most of those services also provide an API where the user can grant permission to Facebook to only access their address book, and not their whole email and certainly not every other service tied into it.
The Facebook security team have stated what is good practice on their blog, perhaps its time for them to direct their energies internally and evangelize support for oAuth and other open data formats as both a more secure and conveniant mechanism for data exchange.
by Nik Cubrilovic on August 2, 2008
Over a year has passed since Google completed the acquisition of feed massaging and hosting service Feedburner, and today some users now finally have their feeds hosted on what appears to be Google’s servers and infrastructure. At Techcrunch we have always been big fans of Feedburner, and their widgets and RSS subscriber counts have adorned almost all of our sites since their first days. At some point in the past 12 hours, the feed URL at feeds.feedburner.com began to redirect to feedproxy.google.com. Our subscriber count widget dropped to displaying a zero count for a few hours while the domain change took place.
It appears that only select feeds have been migrated, mostly those with higher subscriber counts. This would indicate that Feedburner has turned to Google to assist with serving the load on high-traffic feeds. Over at TechcrunchIT I recently wrote about the problems that some acquired companies have experienced at Google. The proprietary software and hosting stack at Google can often lead to a slowdown in development, an often long migration phase and in some cases death for the acquired company or product. Feedburner has avoided these problems by remaining largely independent of Google since the acquisition, but at some point they have turned to pappa bear for assistance with handling load and we are seeing the results of that today.
by Nik Cubrilovic on August 2, 2008
In yet another case of widgets going crazy and causing havoc, a bug in Sitemeter has caused a large number of websites and blogs using the free web analytics tool to fail loading for users of Internet Explorer. Users of Google’s Blogger were amongst the first to report experiencing problems with sites running Sitemeter at 6pm pacific time on Friday. The problem has since been partially rectified, although some 16 hours later and without a notification or official response from the company either via email or on their blog.
Sitemeter proudly displays a list of the most highly trafficked sites running their service on their homepage. The sites include the entire Gawker Media network, the gossip blogger PerezHilton and the popular political blog DailyKos. We verified that all of these sites were failing to load in Internet Explorer, with nothing more than a blank page and a response in the form IE error window indicating a connection issue with sitemeter.com. The issue also affected our own Techcrunch France blog, which resorted to removing the sitemeter code as the only solution. The browser error indicates that the problem was with the Javascript code that is included in each page.
Uptime monitoring services such as Netcraft did not report any downtime for these sites, since the issue was Javascript and browser-specific rather than a broader HTTP connection issue. The main sitemeter website remained operational, while hundreds of bloggers posted about the problem and our tips mailbox filled with links and complaints on the issue.
Back in May, Michael wrote about how our own issues with widget providers on Techcrunch affected the performance and uptime of this site, and how having a provider not communicate such issues makes matters worse. There is no real reason for a widely used service such as Sitemeter to go down, as there are solutions available (such as using an IFRAME) where a fault in embedded code can be bypassed and at least allow the remainder of the page to load. Worse still, there is no real reason as to why, after 16 hours since the problems surfaced, there is no official word from the company despite the level of noise from users and visitors to the sites who have embedded the service.
Update: Turns out that this was the result of a bug in Internet Explorer, which the Sitemeter developers didn’t account or test for. The technical details and a description of the bug involved are here. Does this still mean that Sitemeter are to blame, or are we about to see the backlash shift to Microsoft because of a known bug and a developer not testing.
by Nik Cubrilovic on July 24, 2008
This morning at that OSCON conference David Recordon of Six Apart will announce on stage the formation of the Open Web Foundation. The new foundation is about providing a home for the development and ratification of web-related standards efforts. The foundation will be focused on developing the technical specifications of protocols used for communication and inter-operability between applications on the web. The foundation will also set out the legal terms and best practices for the use and transport of both private and public data, and the usage of web services.
We first reported on the announcement on Tuesday of this week after Chris Saad, the co-founder of the Data Portability project wrote a post about the announcement. The Data Portability project is focused on the evangelism of data openness and transparency, while the new Open Web Foundation will be focused on implementation issues.
Yesterday at the F8 conference Facebook announced their support for the new foundation, and we have learnt that Google, MySpace, Six Apart, Plaxo and many others will also be supporting the new initiative. Google and Facebook now have an appropriate venue where they can resolve their differences and work on a standard way to have their users interact with each other between the Facebook Connect and OpenSocial platforms. The web foundation also provides the technical details, as well as policy details, on how such a relationship between companies and products could work.
Currently there is not much more at the Open Web Foundation outside of a lot of strong backing, a lot of strongly willed organizers and a lot of initiative. The foundation hopes that within the next few months after the announcement today they will be able to release their first set of work on data standards and formats.
- Actively Discussed Posts
- NSFW: After Fort Hood, another example of how 'citizen journalists' can't handle the truth
339 comments - "Horrible Things" Slink Back Into Zynga
223 comments - Think The Droid Launch Was A Let Down? Not So Fast.
173 comments - Zynga To Remove All In Game Offers
110 comments - SnapNames: Apologies Shouldn't Be Conditional, Especially When You Steal From Customers
110 comments
Magic Beats Mighty
Magic Mouse Is Apple’s Best Mouse Ever, But… »
Mergers & Acquisitions
Google Buys Admob For $750 Million »
Last Week On TechCrunch
Skype, ScamVille, SnapNames, Someecards and Citizen Journalism.. oh my »
Mergers & Acquisitions
EA Acquires PlayFish For $400 Million »
Missing In Action
Popular iPhone App TweetDeck Gone Missing From The App Store »
