Originally published at: https://boingboing.net/2019/11/08/gif-site-gfycat-announces-mass.html
…
I agree with the suspicions of some in that this is really about cost. It’s very likely they tiered this data out to Amazon Glacier. It’s cheap to put in, but costs a lot to remove.
With the traffic profile they have, I can see them thinking it’s OK to eat the cost of a few hits to that tier each month. A campaign to hoover all of the data from there would likely send their cost metrics into alarm.
What Gfycat should have done is contact these archivists and be honest with them and work to some sort of cheaper solution where they could package this data into a snowball for unpacking at Gfycat and then transfer to them.
I mean, it’s pretty easy to tell if something is a DDoS attack purely if the traffic is nothing but syn-ack packets, which this traffic isn’t. It’s totally about cost.
That would show that it is an attack, but its absence is by no means evidence that it’s not an attack. If I knew you had (say) an unprotected search page involving an expensive database lookup, I could hammer on that query with perfectly ordinary POST requests to disable your server using a fraction of the resources. Generic TCP-level DDoS attacks you can buy from Russian websites aren’t the only form of DDoS.
I don’t know what the truth is here, and I wouldn’t be surprised if bullshit is involved, but I also wouldn’t be surprised if “innocent” screen-scraping really was hard to tell from a malicious attack; that sort of thing does happen.
I’ve no idea why anyone thinks that storing stuff in the cloud is ever a particularly good idea.
Cloud services are pretty much essential now because they make it so easy to scale. In the past, businesses would have to build a data center large enough to fulfill any possible scaling requirement before they started operations. Now they can scale up on demand.
But it does lead to a situation I find uncomfortable: companies these days don’t have core services which they call their own. I would like to have a RAID array which I could store a backup on. I get told to put it on S3. But I am trying to make a backup of S3. Thats the point.
I do understand using this as backup. What I don’t get is using it as your ONLY storage point., which it seems is what a lot of people do. Businesses should have at least some redundancies. Data is quite ephemeral.
I would agree but from my perspective as an Australian I am thinking: what would happen if Trump threw a fit one morning and told Amazon to stop dealing with Australia? Would our business just have to shut down?
And now they’re wasting their and Archive Team’s money on a frivolous lawsuit because they lacked the foresight to not set up their service in such a way that accessing it in mass was cost effective. Gfycat fucked up and now they’re panicking and trying to punt the cost of their mistake. It would be schadenfreude pie, except that Archive Team is still going to have to waste money fighting this lawsuit. I hope it’s in a state with good anti-SLAPP statutes so Gfycat is left on the hook for Archive Team’s legal fees.
Archive Team isn’t even a company, it is just the name of a bunch of individuals. They would have to sue individual people. Anyone can setup a worker and help their projects.
The lawsuit was just a threat, but it did succeed in them stopping the whole project, so there will be no more gfycat backup.
From what I understand after reading the letter and their tweets, it seems what they were mad about is the fact that the requests were random. Since there is no public list of Gfycat images they had to just try every url, and most are 404s.
I believe Anonymous’ Low Orbit Ion Cannon just used repeated GET requests. Crude, but with enough meatbots running it, effective.
I agree with you that there may be bullshit involved, but I’d also point out that whether an action is innocent or malicious doesn’t necessarily make a difference to the party on the receiving end of it. If the city shuts down the sidewalk blocking access to your business for a month to do some kind of repair they may have an innocent reason for doing so, but they should know better than to do so without any consideration. When people are writing scripts to download content far beyond what a normal user would they should have some consideration for the target of those scripts.
Of course me thinking we should have some consideration for one another is far from a good basis for a law suit, so I don’t really know if this is dumb as hell or not. And as for the underlying issue of this being a warning about giving too much power to too few private entities, I think it’s a good warning, but I don’t think humanity is in jeopardy of losing it’s cultural history if gfycat does disappear half its gifs with no warning.
This topic was automatically closed after 5 days. New replies are no longer allowed.