• Vex_Detrause
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    How does not letting logged-in account access tweet end up DDDosing the site?

    • freundTech@feddit.de
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      1 year ago

      They blocked access in the back end, but didn’t adjust the frontend to deal with this situation.

      If you try to access twitter while not logged in the frontend requests tweets from the backend, gets an error response and therefore tries again around 10 times per second.

    • Kissaki@feddit.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      The other reply seems more informed, but I’ll share another technical practice that would lead to increased load and thus risk of DDoS in general (I hadn’t heard of this change and issue of Twitter before reading about it here):

      Delivering webpages without a logged-in user means you can cache (remember) commonly returned data and pages. You can repeatedly deliver the same thing.

      For logged-in users, this is not the general case. A logged-in user has follows, blocks, and adjusted content selection. So rather than deliver a “standard view” a “user view” has to be generated.

      • themoonisacheese@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        This is generally true, but it would only result in minor increases in traffic as users sign up to see posts. The “create an account” page is cached to hell and back, obviously, and I don’t think anyone is going “oh geez better create an account so I don’t miss out!”