January 16th, 2009
Q&A with a Twitter technologist: 'Think: we're a startup'
Yesterday afternoon when U.S. Airways flight 1549 crashed into New York’s Hudson River, microblogging site Twitter erupted as it always does during a major news event. At the time I happened to be chatting with John Adams, Twitter operations engineer and security industry veteran. “Twitter is going nuts,” he said, and then he was gone.
Since Twitter launched, countless bloggers have earned a great deal of page views by presuming they understand the inner workings of Twitter’s technology and business practices. Despite a history of stability issues and recent security concerns, however, Twitter is a strong company with a solid offering, rock star leadership and a quickly growing team and infrastructure. I spoke with Adams yesterday to find out more about what Twitter is really doing about security, the challenges of being a startup with such a rapidly growing user base, what the team does during crises such as U.S. Airways flight 1549, and, quite frankly, why people should stop telling them what to do.
Q. [Jennifer] What exactly happens when Twitter goes crazy like that (re: U.S. Airways)? What do you do?
A. [John] The traffic surge was way worse than MacWorld, but we’d fixed the problems that caused us problems during MacWorld. When we saw the traffic we then watched our graphs to make sure that Twitter could handle the load adequately. If we begin to see tell-tale signs of issues, we react.
Q. Do you ever go to work and think, “Please no major events today” so you can get regular work done?
A. Yes.
Q. Last week’s unrelated hack and phishing scams were all over the news. It was bold of Biz (Stone) to so openly discuss what happened — what have you guys learned and changed?
A. Twitter’s compromise last week was of an admin account, as you know. We should not have allowed those tools to be accessible from the Internet, and that access has been greatly restricted now.
Q. Why were they accessible in the first place?
A. It’s typical of startups to have a permissive environment until they grow larger and start taking security more seriously. I’m not saying this was intentional at Twitter, it’s my opinion that many startups do not spend adequate time on security because they are far too busy keeping the lights on and developing code. Also, startups are usually coordinating many engineers and business people without a good infrastructure (say, VPN, best practices, and strong crypto).
Q. So was this all part of Twitter’s “coming of age,” so to speak?
A. As any service becomes larger and larger people will want to attack it because it becomes an attractive target. Saying ” I hacked <joebob’s web2.0 company>” vs “I hacked Twitter” has a completely different feel to it, right?
Next: Changes in Twitter’s security –>
Jennifer Leggio, aka "Mediaphyter," writes about the "social business" side of social media - including enterprise, security and reputation issues. See her full profile and disclosure of her industry affiliations.
For daily updates on Jennifer's activities, follow her on Twitter.
Subscribe to Social Business via Email alerts or RSS.
| 01/16/09
