The content has been bookmarked!
There was an error bookmarking this content! Please retry.
Posted by Sadek Drobi on Jun 06, 2008
The increasing activity and hostility of spammers and the sophistication of their spamming tools are a constantly growing concern for the web. The recent spam attack on Craigslist triggered many reactions in the blogosphere seeking to analyze spammers’ techniques and implications of the spam’s spread.
John Nagle, quoted by Mike Masnick, describes, for instance, the way tools like CL Auto Posting Tool defeat Craigslist’s anti-spam techniques:
Craigslist tries to stop spamming by checking for duplicate submissions. They check for excessive posts from a single IP address. They require users to register with a valid E-mail address. They added a CAPTCHA to stop automated posting tools. And users can flag postings they recognize as spam.
Several commercial products are now available to overcome those little obstacles to bulk posting.
[…]
Random text is added to each spam message to fool Craigslist's duplicate message detector. IP proxy sites are used to post from a wide range of IP addresses. E-mail addresses for reply are Gmail accounts conveniently created by Jiffy Gmail Creator […] An OCR system reads the obscured text in the CAPTCHA. Automatic monitoring detects when a posting has been flagged as spam and reposts it.
Even the largest companies, like Google, having at their disposal “thousands of employees and enormous budgets” are not safe from spammers attack. The blog of Websense Security Labs describes what new techniques were used to defeat Google’s CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart – so that random Gmail accounts can be signed up and created for spamming purposes.
Two authors consider the implications of the growing threat of spam for the web. The author of Discipline and Punish blog emphasizes the fact that “this problem will only grow and grow as the web becomes the fundamental architectural and communication medium”. He finds it rather surprising that while many prospects are being made “about Web 5.0 and the Semantic Web few of these visions give much consideration to the threat of spam” whereas “spam is already a major factor in the viability of web 1.0 institutions” and Web 2.0 is even more vulnerable to spam given its focus on social, collaboration and aggregation. In his opinion, “the ability to resist the endless waves of spam” will define the viability of future distributed architectures. Not taking this into consideration would be “a big mistake”.
Also in response Craigslist attack, Jeff Atwood pointed out that spammer’s activity “undermines the community's trust […] and devalues everyone's participation.” He goes along the same lines as Discipline and Punish as he argues that “when you design your software, work under the assumption that some of your users will be evil” because “when you fail to design for evil, you have failed your community”.
Discipline and Punish blog highlights however the fact that in Web 2.0 context, spam is not necessarily the product of “bad guys”. The author believes indeed that “social networks like Facebook and super-aggregrators like FriendFeed introduce a new type of social spam” by encouraging spammy behavior from their users thus introducing “a new type of social spam that comes primarily from your "friends"”
If several authors provide suggestions how to fight spam coming from “bad guys”, e.g. by developing new kinds of CAPTCHA or involving the community with spam control, no solutions have been yet put forward with regard to “social spam”.
Attila Szegedi talks about performance tuning Java and Scala programs at Twitter: how to approach GC problems, the importance of asynchronous I/O, when to use MySQL/Cassandra/Redis, and much more.
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor.
InfoQ spoke to the authors of Software Systems Architecture on a couple of new topics, the System Context viewpoint and Agile, which have been added to the second edition.
Alex Papadimoulis discusses ugly code, where it comes from, how to avoid it, and how to get rid of it.
John Davies examines Visa’s architecture and shows how enterprises have architected complex integrations incorporating Hadoop, memcached, Ruby on Rails, and others to deliver innovative solutions.
Sean Comerford unveils ESPN.com’s architecture, what components are used and why, and the current changes the website goes through.
Are there repeated patterns of failure on Enterprise Agile Enablement efforts? Sanjiv and Arlen discuss Seven Deadly Sins to avoid when adopting Agile in an enterprise.
Erik Dörnenburg answers: What is Enterprise and Evolutionary Architecture?, discussing 4 issues: Turning strategy into execution, Ensuring conformance, Where do the architects sit? Buying or building?
No comments
Watch Thread Reply