*
programming and human factors
by Jeff Atwood
*
Lately, I've been seeing these odd little signs pop up in storefronts around town.
All the signs have various forms of this printed on them:
Only 3 students at a time in the store please
We took that picture at a 7-11 convenience store which happens to be near a high school, so maybe the problem is particularly acute there. But even farther into town, the same signs appear with disturbing regularity. I'm guessing the store owners must consider these rules necessary because:
I'm just guessing; I don't own a store. But like the "no elephants" sign, it must be there to address a real problem.
When you go into a restaurant and see a sign that says "No Dogs Allowed," you might think that sign is purely proscriptive: Mr. Restaurant doesn't like dogs around, so when he built the restaurant he put up that sign. If that was all that was going on, there would also be a "No Snakes" sign; after all, nobody likes snakes. And a "No Elephants" sign, because they break the chairs when they sit down. The real reason that sign is there is historical: it is a historical marker that indicates that people used to try to bring their dogs into the restaurant
All these signs are enough to make me question the ethics of high school students in groups of 3 or more. Although, to be fair, I've seen some really shifty looking graduate students in my day.
In truth, these kinds of limits are everywhere; they're just not as obvious because there's often no signage trail to follow.
I'm sure you can think of lots of other real world examples. They're all around you.
There are people who act like groups of rampaging teenage students online, too, and we deal with them in the same way: by imposing rate limits! Consider how Google limits any IP address that's submitting "too many" search requests:
Several things can trigger the sorry message.
Often it's due to infected computers or DSL routers that proxy search traffic through your network - this may be at home or even at a workplace where one or more computers might be infected. Overly aggressive SEO ranking tools may trigger this message, too. In other cases, we have seen self-propagating worms that use Google search to identify vulnerable web servers on the Internet and then exploit them. The exploited systems in turn then search Google for more vulnerable web servers and so on. This can lead to a noticeable increase in search queries and sorry is one of our mechanisms to deal with this.
I did a bit of Google scraping once for a small research project, but I never ran into the CAPTCHA limiter. I think that entry predates its appearance. But it does make you wonder what typical search volumes are, and how they're calculated. Determining how much is "too much" -- that's the art of rate limiting. It's a tricky thing, even for the store owner:
Rate limiting isn't always a precise science. But it's necessary, even with the false positives -- consider how dangerous a login entry with no limits on failed attempts could be. This is especially true once your code is connected to the internet. Human students can be a problem, but there's a practical limit to how many students can fit in a store, and how fast they can physically shoplift your inventory. But what if those "students" were an infinite number of computer programs, capable of stealing items from your web store at a rate only limited by network bandwidth? Your store would be picked clean in a matter of minutes. Maybe even seconds!
Not having any sort of rate limiting in your web application is an open invitation to abuse. Even the most innocuous of user actions, if done rapidly enough and by enough users, could have potentially disastrous effects.
Even after you've instituted a rate limit, you can still get in trouble. On Stack Overflow, we designed for evil. We have a Google-style rate limiting CAPTCHA in place, along with a variety of other bot defeating techniques. They'be been working well so far. But what we failed to consider was that a determined (and apparently ultra-bored) human user could sit there and solve CAPTCHAs as fast as possible to spam the site.
And thus was born a new user based limit. I suppose we could create a little sign and hang it outside our virtual storefront:
Only 1 question per new user every 10 minutes, please.
There are a few classes of rate limiting or velocity checking you can do:
I was shocked how little comprehensive information was out there on rate limiting and velocity checking for software developers, because they are your first and most important line of defense against a broad spectrum of possible attacks. It's amazing how many attacks you can mitigate or even defeat by instituting basic rate limiting.
Take a long, hard look your own website -- how would it deal with a roving band of bored, morally ambiguous schoolkids?
Yes, however students in this context are minors and minors have a limited subset of rights that adults have. More importantly, they can't vote and therefore can't make something like this illegal in the future when they can vote (either because by then they'll agree with it or they'll have forgotten about it)
Restricted rights for minors are intended to protect the minors, not to protect adults from them. As for legality, that reminds me of when Afghanistan legalized voting for women. Tribal leaders were legitimately confused as to how women were supposed to vote when they could not leave the house.
Erik on February 23, 2009 1:07 AMLooking at it from the many years of experience as a convenience store manager:
Shoplifting is pretty much right out. Theft correlates more strongly with socioeconomic status than age, and while students have a low socioeconomic status per se, they also share their parent's status to a large degree.
I wouldn't even look very hard for shoplifting, because it's not very efficient - less than ten percent of inventory shortage, and virtually zero cash shortage, is caused by the customer. The greatest source of inventory shortage, and almost the sum total of cash shortage, is your own employees (roughly half simple counting error, roughly half intentional theft)
There are a couple of better reasons, namely the aforementioned large groups and obnoxiousness. Efficiency drops with high customer count, and let's face it, while most teens are decent and reasonable people, more than a few are obnoxious little bastards who will drive off other customers.
But limiting the number of students is still the wrong way to do handle the situation. Even better, the store should have more staff on hand for customer rushes (in this case, lunch and after school) - all registers open with good fast cashiers, one or two people stocking (really, keeping an eye on people), and the manager present to handle any problems as quickly as possible. Limiting their numbers accomplishes nothing but losing their custom, both in the immediate sense (they would buy something if allowed to) and in the long run (if you deny their custom as teenagers, you'll never recapture it later)
rndmnmbr on February 23, 2009 1:25 AMSlightly off-topic, but here's a picture I took in Berkeley in summer 2006: http://www.flickr.com/photos/cbguder/184477072/in/set-72157594181553318/
And these signs were everywhere, that's why I took the picture in the first place.
Can Berk Güder on February 23, 2009 1:31 AMIf I had a simple site that required authentication to be able to post questions and submit answers, I'd:
- Perform a captcha and email address verification on sign-up
- Have a report spam/inappropriate link on each user-submission
- Perform back-off algorithms similar to resends of packets for asking for captchas. e.g. Captcha every authenticaton, and then on the submission of the first 50 questions or answers. If none of their submissions were reported by other users as spam, start captcha-ing slightly randomly submissions for another 50, and then remove captchas permanently for that account unless they are reported for spam.
- If more than one of their submissions is reported as spam by multiple users, reset the account's captcha counters and warn the user. If they are reported a second time by multiple users, lock/ban the account.
I know it's complicated, but I think it's a decent compromise. Yes/no?
BG on February 23, 2009 1:52 AMspeaking about kids getting a tough time from store owners. We have a store near us that has the following sign:
Students are not allowed into the store with their school bags. Bags must be left outside.
Of course, kids being kids, the bags tend to go missing from outside the store :P
In all seriousness, I'm sure there is some sort of breach of basic rights here.
Shay on February 23, 2009 1:52 AMI just read Neil (SM)'s post.
I think the progressive timer idea would work well there, too. Let the user perform up to x searches in a minute, then x searches in 10 mins, then x searches in an hour. If x is 3, that's only 9 searches per hour. But, following his behavior, he'll probably make the bulk of them up front while revising his search terms. Then, he'll find a good set of thread results and spend the next 30 mins reading through them all (no searching). You still prevent large amounts of big queries on your system, but you're more smartly tailoring it to the behavior of your users.
BG on February 23, 2009 1:58 AMTHREE students? They could wreak havoc. One could cause a diversion while the others filled their pockets.
In my hometown, Wayland Mass, there was/is a small convenience store right next to a pizza place, where kids would hang out. The store had a limit of ONE student at a time.
drop.io - requires flash = fail.
Adobe might claim that 99% of users have Flash -- but dig deeper to find the truth.
Peter on February 23, 2009 2:40 AMRe: students -- I don't think it's to stop shoplifting per se (though that probably also happens), but just to prevent loitering. If just one or two people walk in, it's probably because they need to buy something. If ten high school students walk in, 9 of them (or maybe all) are just causing a ruckus and aren't real customers.
So it's not really intending to be discriminatory (like the ethnic examples people gave), at least not against a group. It's just trying to ensure that only legit customers come in. Arguably, no loitering would be less imflammatory, though perhaps the historical artifact is that students is a good proxy (maybe even more effective, if students tended to heed the n students sign more reliably than no loitering).
@Neil (SM) and others with forum search problems - Just use Google search with the site: modifier... For example, to search this site, type programming font site:codinghorror.com to find all Jeffs (great) posts on programming fonts.
Chad Geidel on February 23, 2009 2:43 AMOnly 3 students at a time in the store please
You read it wrong. The sign says only 3 at a time. That's because one or two students don't have enough money to buy anything. You need at least three students to shake up enough change for a purchase.
That's why you'll often see one or two students waiting in front of the store. They are just waiting for another student so they have enough to go in.
Joe Student on February 23, 2009 3:33 AMRather than annoy genuine users with more CAPTCHAs or timeouts, I would filter the questions using a Bayesian style spam filter. These have been proven to be easy to implement and highly effective.
An excellent read: http://www.paulgraham.com/spam.html
The spammers are only a small minority, so the rest of us shouldn't be treated as criminals.
Freddy on February 23, 2009 3:46 AMI think that entry predates its appearance.
Nah, it has been around for a while. I remember running into it at school last year (last school year, 07) in networking class, some time during first semester. Apparently a lot of people at the school were searching Google at once.
Zoasterboy on February 23, 2009 3:50 AMThey really just limit the size of the groups of 'students', because they don't buy much, and they really irritate the hell out of the grownups.
Rocketboy on February 23, 2009 4:04 AM If the sign said Only 3 black people at a time in the store,
you would probably respond very differently.
That's ridiculous. A teen will one day became an adult. That's not discrimination. It's like the voting age or the drinking age.
A black person will always be black...unless he's Michael Jackson.
Jake on February 23, 2009 4:57 AMTake a long, hard look your own website -- how would it deal with a roving band of bored, morally ambiguous schoolkids?
Sounds like /b/.
J. Stoever on February 23, 2009 5:03 AMFascinating.....Zzzzzzz
Pardeep on February 23, 2009 5:12 AMJeff, can you recommend some rate throttlers for ASP.net?
Some techniques are mentioned here: http://msmvps.com/blogs/omar/archive/2007/03/24/prevent-denial-of-service-dos-attacks-in-your-web-application.aspx
Matt Sherman on February 23, 2009 5:27 AMI've hit that screen so many times in regular usage at home, at work, at a friends', and at school. There's no single thing that's more likely to make me finally switch from Google to an alternative (probably Live Search) than all those *#%(#@% false positives.
I haven't switched yet, and to be fair it's been a long while since I've seen them. There was a time though where I was getting this at least twice a month and lasting for most of the day when it hit (and yes, ethereal and other network monitor tools confirmed that I wasn't infected and spamming Google).
Ens on February 23, 2009 5:43 AMJon, that is incredibly discriminatory.
Yes, completely. But what's your point? It's neither illegal nor (for most people) unethical. And it serves a material purpose.
but nobody would dare ban old people. Young people are the last group
it's acceptable to discriminate against. Offtopic, but it burns me
being a former young person and all.
I don't care for it much either, but it doesn't seem to be a grand sin, really.
The reason you don't ban old people is because they have much more power. But there are other ways to discourage them from mobbing the premises...
Josh on February 23, 2009 5:46 AMNeil (SM):
In the case of forum searches I think a good compromise would be a threshold. For instance, instead of 1 search every 30 seconds, you could have 10 free searches from your IP and then 1 search every 60 seconds. You converge at 20 searches in 10 minutes per IP and after that the algorithm is really even more conservative than it was before, but still less irritating.
Ens on February 23, 2009 5:52 AMI remember running into it at school last year (last school year, 07) in networking class, some time during first semester.
If you read the linked post, I did that Google scraping in 2004. I'm pretty sure the Google rate limiting CAPTCHA wasn't on the scene back then.
Jeff Atwood on February 23, 2009 5:57 AMOkay, so now I'm in a position where I (1) don't want to seem like I'm harping on this thing about children's rights when it's not the point, and (2) don't want to seem like I'm posting an opinion and then running away when people actually challenge it. Since I don't feel like turning this blog into my personal soapbox, I'll say my piece here and welcome anyone to email me if they want to continue the discussion: ijmaxwell AT gee-mail.
I could defend the black analogy, since I don't think that whether people will continue to be X in the future has anything to do with whether it's okay to discriminate against X. I mean, if hypothetically black people *would* cease to be black someday, would that mean it was okay to keep them out of your store after all?
Unfortunately, I'm having trouble coming up with a real-life example of a protected group that people grow out of (though religious affiliation is one that people can enter and exit as they please), so I'm limited to these hypothetical situations here.
But then, even if we're only forbidden to discriminate against permanent attributes, why would an only 3 black students sign be a problem? Again, this is strictly *more* permissive than the rule this store actually has.
More importantly, they can't vote and therefore can't make
something like this illegal in the future when they can vote
(either because by then they'll agree with it or they'll have
forgotten about it)
Yes, it's true that this seems to happen. It's kind of unfortunate, really, how short memories are.. However, I can vote, I still don't agree with it, and I still haven't forgotten about it. My sixteen-year-old self had some dumb ideas, but so did my twenty-two year old self and many of my family members' current, all-grown-up selves, and I think my dumb sixteen-year-old self should have been respected at least as much as all the other dumb people in the world. I think it's unfortunate that the world spends so much time talking about special children's rights while apologizing for the violations of actual normal rights that they deal with on a daily basis.
Ian Maxwell on February 23, 2009 7:36 AMI was shocked how little comprehensive information was out there on rate limiting and velocity checking for software developers, because they are your first and most important line of defense against a broad spectrum of possible attacks.
I agree with this. I've spend some time thinking about this and for non-trivial systems (e.g. distributed front-ends for load balancing, remote authentication services, standard authentication protocols) this is a hard problem and I've yet to find a good discussion of the issues much less real advice.
Von on February 23, 2009 7:51 AMIf you read the linked post, I did that Google scraping in 2004. I'm pretty sure the Google rate limiting CAPTCHA wasn't on the scene back then.
Oh whoops, I just looked at the post date. Thanks!
Zoasterboy on February 23, 2009 8:10 AMThis is really boring stuff, I hope I don't ever have to think about stuff like this.
But then again, I can see the necessity of such measures, but wouldn't you rather work on new features instead of doing that?
Hoffmann on February 23, 2009 8:37 AMOff topic: This picture is a good example of bad door design. Why do they have a vertical bar when the want people to pull it? Is that not against people's natural instincts?
Anonymous Web User on February 23, 2009 9:40 AMYou guys blabbing on about student rights and discrimination are completely missing Jeff's point. That sign on the convenience store is most likely not there simply because the owner hates students - it is there because the owner has had problems with large groups of students in the store before. The owner is now taking steps to control it. The fact that these types of signs show up all over the place means that students are generally causing a problem.
Instead of worrying about rights, worry about preventing the students from causing enough problems that such actions from store owners are necessary. Once a solution to that problem is found, there will be no need for these signs.
This is really scraping the bottom of the barrel.
herewego on February 23, 2009 10:00 AMJeff, I dont think the examples you've given are good enough.
- Most ATMs only allow you to withdraw $300 cash maximum in one day.
Free email accounts typically limit how many emails can be sent per day.
- Internet providers limit individual download and upload speeds to ensure they aren't overselling their bandwidth.
- There's a maximum on how many Xbox Live Points you can add to your account per day. (All 500+ Rock Band songs aren't going to download themselves, after all.)
- Google limiting too many requests from one IP.
All of the above have NOTHING to do with stealing things -- which is ALL that shoplifting is about. All of the above are about safeguarding OTHER fellow users of the system - because these are defined by the scalability of the system.
Shoplifting has NOTHING to do with scalability. Stealing even one ear-bud is a PROBLEM.
See, I can, unwittingly, with no real mal intensions create an interaction that goes beyond what a system allows.
Are you suggesting that an average teenager does not know that they are stealing when they shoplift?
OK, now to the real problem given that shoplifting is a real problem, how do shopowners limit that liability?
- Encourage buying - loyalty points? you'll get the 4th pencil for free!
- Talk to shoplifters - Tell them how it badly impacts your business.
- You probably opened the store at a wrong place - or started the wrong business!
- There must be better ways!
I think it is important if you're going to be limiting questions to fail fast. I should be able to type in a whole question and then be told I have to wait 7 more minutes before I can post it. There should be a timer on the page counting down or it shouldn't let me start to compose in the first place.
stimms on February 23, 2009 10:05 AMI should be able to type in a whole question and then be told I have to wait 7 more minutes before I can post it
Does Google tell you how many more queries you need to issue before you get CAPTCHA-blocked?
Putting out a sign isn't always a smart idea. Better for the limits to be invisible to 99% of users.
Jeff Atwood on February 23, 2009 10:08 AMRe. the signs themselves, I've seen those for a long time around here, and I'm not sure they say anything about the moral character of teenagers (or even students). They do say something about the moral character of adults. If the sign said Only 3 black people at a time in the store, you would probably respond very differently. Or even Only 3 black students, even though that sign would be strictly more permissive than Only 3 students.
Then again, maybe this really is about schooling (which people can control), rather than age (which they can't). I wonder if a group of kids in the store could offer the defense that they're all dropouts.
Ian Maxwell on February 23, 2009 10:08 AMDoes Google tell you how many more queries you need to issue before you get CAPTCHA-blocked?
No, but your limits seem much lower and your audience much more technical. The limits would be invisible unless you had already posted a question in the last 10 minutes. I can imagine clicking post and then having to wait 7 minutes being a big turn off. I'll be interested to see your statistics on how frequently the limit is being hit.
stimms on February 23, 2009 10:23 AMThey do say something about the moral character of adults. If the sign said Only 3 black people at a time in the store, you would probably respond very differently. Or even Only 3 black students, even though that sign would be strictly more permissive than Only 3 students.
Right, and the analog is with an IP Address. How do you tell what kind of person is behind that IP Address, or if it's even the same person? No way to know!
So when you block for actions by IP (by *far* the most common technique) you are accepting the inherent ambiguity of judging someone by actions from their IP.
Jeff Atwood on February 23, 2009 10:24 AMTimely entry today, Jeff. We were about to launch a site with no limits at all. We thought about it at the start, said we'd get to it later 'cuz we had bigger problems. We forgot all about it.
Until now.
I can imagine clicking post and then having to wait 7 minutes being a big turn off.
Trust me, I've been working intimately with Stack Overflow for the last six months, and you *ABSOLUTELY DO NOT* want new users posting more than one question every 10 minutes.
We should have done this months ago, for reasons that have nothing to do with human "look how fast I can type a CAPTCHA!" (sigh) attacks. The attack mitigation is just a nice bonus!
Jeff Atwood on February 23, 2009 10:28 AM1st page!
seriously tho, Jeff: were you ever discriminated like this as a teenager?
abel on February 23, 2009 10:43 AMThese signs started appearing in the UK about 25 years ago along with a general increase in uncontrollable thugs rampaging about the town when school was out.
Rich on February 23, 2009 10:46 AMLimiting by IP is bound to be an increasingly problematic way of doing things, especially as further oppressive laws pass. Sweden is ready to pass a law allowing monitoring of all private internet traffic. Encryption circular/onion routing services like TOR are bound to increase in popularity, making more and more request originate from the same apparent IP.
Mikael Hedberg on February 23, 2009 11:15 AMRight, and the analog is with an IP Address. How do you tell what kind of person is behind that IP Address, or if it's even the same person? No way to know!
This seems a lot less discriminatory because an IP is an instance rather than a class, to borrow a software design metaphor. On the other hand, some sites block entire countries because of problems. I block China on a site I run because I have no customers in China and only get attacks, something on the order of a few hundred a day.
Erik on February 23, 2009 11:20 AMJon, that is incredibly discriminatory. I used to work at a retail place near a factory, and all the workers, largely poor and Latino got off at the same time. Despite the problems, if we did the same thing to them, we would have (rightfully) been looking at a lawsuit. I personally didn't mind them at all, I hated serving old people because they split meals, complained constantly and were terrible tippers, but nobody would dare ban old people. Young people are the last group it's acceptable to discriminate against. Offtopic, but it burns me being a former young person and all.
Erik on February 23, 2009 11:25 AMI've seen those signs that limit ammount of school kids in school in UK and New Zealand too but this is very boring anyway.
Tim on February 23, 2009 11:37 AMHow did that go with the 2pac spammer on SO? Do you get that a lot?
I was shocked how little comprehensive information was out there on rate limiting and velocity checking for software developers
True, and I hope you're planning to follow this up with some links to resources on implementing rate limiting. Since you've implemented this on SO, do you have any implementation tips for us?
Bruce Boughton on February 23, 2009 11:48 AMTrust me, I've been working intimately with Stack Overflow for the last six months, and you *ABSOLUTELY DO NOT* want new users posting more than one question every 10 minutes.
Does that affect the rate a user can reply to a question?
Would a curve-like rate limiter be more user friendly while still fairly effective? For each question asked, within a time-frame, increase the 'cost' for asking the next question. Users with valid questions might not see the rate-limiter in action, but spamming users would quickly see it and hit a wall.
As a user of Tor, I do get the sorry.google.com page most of the time. But what really annoys me is that it does not always offer any captcha validation when I make a direct query. This forces me to go back to its home page, make the query from there, get the sorry page again but with the captcha, solve the puzzle and finally get my search results. And lately, even that has occasionally failed to ask the captcha question. It is frustrating.
Is there any other effective search engine with as simple an interface?
everling on February 23, 2009 11:49 AMAt Drop.io, for our API, we allow you to select which rate limit you would like for your application (via API Key).
Because obviously, as you have stated... rate limiting by API key would be nice for web servers, but not for iPhone applications...
The choice gives people time to think about their application... Though it does breed apps that are linear in where they are deployed (ie *only* clients or *only* servers)...
Jake Good on February 23, 2009 11:53 AMActually, I think that the idea, in general, is good;
However, as it has been already pointed out, it'd be nice if the question that didn't pass the rate limiter would be stored (at least the last one only) if you are a registered user;
Hey Jeff - How about allowing questions or answers that have been made by new users to be viewable only by established users (say 1000+ rep) and not publicly viewable - except by the poster. Those posts are marked such that the established users who see the post know that they're waiting for moderation and can single click an accept link which increments a counter next to it. Once 5 established users have accepted the post then the view limitation is removed.
So to the new user it appears as if the post is out there in the public. We assume that enough established users will quickly see the post and moderate it in minutes (if not seconds).
The ISPs have already oversold their bandwidth. The caps are to prevent them from being bitten by how far they have oversold it.
jj33 on February 23, 2009 12:02 PMWhen I worked at a gas station in high school, we weren't warned about young people, we were warned about Gypsies (not kidding). Apparently they are a big threat to shoplift.
Kris on February 23, 2009 12:03 PMMore on topic, Jeff, do you think it is easier/better to implement things like rate limiting after the fact, or incorporate it into the initial design?
Erik on February 23, 2009 12:21 PMThere's no particular reason that the user needs to know about the limits. Let them type in questions as often as they want - if they haven't already sent one in the last 10 minutes, post it instantly, but if they've already posted one then delay it in a queue until 10 minutes is up. If a user's queue contains a whole bunch of posts, something is amiss and something can be done.
dan on February 23, 2009 12:22 PMOn the students thing - it's also because kids tend to loiter a lot (though, the no loitering signs supposedly have that covered) and because kids are harder to monitor in larger groups and tend to steal more since by and large they have no income.
As for enforcing it, I'd wager a bet that it's not a hard and fast rule. If four students are in the store at the same time and they're all being good, then no need to kick anyone out. If they're being unruly and maybe even getting into a fight or something.
When I was in High School, the principal actually came over the central intercom and told everyone in the school that he has been informed that the gas station across the street has told us we (students) are no longer welcome there. No 3-at-a-time, no one was allowed there anymore.
If the sign said Only 3 black people at a time in the store, you would probably respond very differently.
Yes, however students in this context are minors and minors have a limited subset of rights that adults have. More importantly, they can't vote and therefore can't make something like this illegal in the future when they can vote (either because by then they'll agree with it or they'll have forgotten about it)
Schnapple on February 23, 2009 12:40 PMOne thing that irritates the hell out of me are the forum searches that limit you to one every 30 seconds. Generally I'm searching a forum to find the answer to some problem I'm having and it usually takes more than one search to find what I'm looking for. Couple this with the fact that many forum search mechanisms are god-awful to begin with (but that's another rant for another day.)
So after my first search doesn't work out, I'll go back and modify, only to be greeted with some Search Flood Protection Warning that wants me to wait another 30 seconds before I can continue.
I'm not saying I know a better solution, or even that I wouldn't necessarily do the same thing if I had to, just that it irritates the hell out of me when I come across it.
Neil (SM) on February 23, 2009 12:59 PMI always figured those signs related to students with backpacks and/or bags. Many stores around my school used to ask students to leave their bags at the register/front of the store while they were in there.
I think that request is fair enough. Limitting the number of school aged kids is a bit far out.
`Josh on February 23, 2009 12:59 PM@Mike Dimmick
Because of the limited space available, most people in *Africa* are behind a NAT.
FTFY - you will get dynamically assigned IP addresses in Europe, but they're definitely not NAT-ed (of course, there are community mesh networks and whatever, but those are corner cases within the margin of statistical error).
I wonder what happens if there's only two students in the shop. Does the owner go out and find the third and drag him in?
I'll get me coat.
Skizz
Skizz on February 24, 2009 1:14 AMStore has less than $30 after dark -- roflmao :D. American creativity knows no limits.
Emil on February 24, 2009 1:30 AM@Ian Maxwell
You are an excellent whiner!
Theo on February 24, 2009 1:31 AMIt is good to limit the traffic if there is too much. Still I believe that curing the reason of traffic should be first in the priority list. For example if teenagers shoplift much, then there might be something wrong in the methods they have been raised or there might be something wrong with the society. Of course anything is not an excuse for shoplifting, but still. In software the required bandwidth can be minimized eg. by changing pictures to small jpgs. I hate it when I buy a computer game and it doesn't run on my machine. But there are games that run, and I play those until I upgrade the machine. I don't want to upgrade the machine just because a new game became to market and the game requires almost a super computer to run smoothly.
Silvercode on February 24, 2009 3:04 AM@Tim
I've seen those signs that limit ammount of school kids in school in UK and New Zealand too *but this is very boring anyway*. (emphasis mine)
Yep.
IPv4 address allocation is *incredibly* unfair around the world. You can see how they're allocated at http://www.iana.org/assignments/ipv4-address-space/.
Apple have a whole Class A, 16 million IP addresses, to themselves. So do Ford Motor Company, and the UK Ministry of Defence. HP in effect have two (Compaq bought Digital, and HP merged with Compaq).
Because of the limited space available, *most people in Europe and Asia are behind a NAT*.
Mike Dimmick on February 24, 2009 3:35 AMHmmm, if I'm over 21 but taking a night class, does this mean me?
Steve on February 24, 2009 4:26 AMNo dogs in restaurants - because they cannot be controlled
Only small groups of students - because large groups cause problems
Only 1 forum post per 30 seconds - because people who do more are usually spammers
Dogs can be well behaved in restaurants, but they *tend* not to be, and other customers may complain even if they are well behaved (I would..)
Large groups of customers are a good thing when they do not discourage other customer from entering the store, and they are all buying goods, large groups of students *tend* to be unruly and put off other customers and *tend* not to buy much... shoplifting is not (generally) a problem with students (or if it is then a lone student will shoplift as well)
Enthusiastic forum posters are a good thing, but someone who posts many times a minute *tend* not to be contributing anything useful, or is a spambot
I wonder how many searches a minutes you have to submit to get the captcha on Google? I suspect it is more than is humanly possible?
Jaster on February 24, 2009 5:46 AM@everling
Is there any other effective search engine with as simple an interface?
Try scroogle:
http://www.scroogle.org/
We actually have a limit on the number of http requests per hour on an IP. It might sound crazy but I monitor how often it happens (the site sends me an email with relevant info anytime someone receives the message, and it gives them a nice little email link to complain if they want to).
So far it's caused very few false positives and defeated an army of problems, especially from the perspective of website statistics.
Practicality on February 24, 2009 7:20 AM@Mike: Just as crazy is having as many unallocated / future use blocks as they do, despite claiming that IPv4 address space is nearly used up.
Listed as unallocated:
1/8
2/8
14/8 (as of Feb 2008)
23/8
27/8
31/8
36/8
37/8
39/8
42/8
46/8
49/8
50/8
100/8
101/8
102/8
103/8
104/8
105/8
106/8
107/8
175/8
176/8
177/8
179/8
180/8
181/8
182/8
183/8
185/8
233/8
Listed as future use:
240/8
241/8
242/8
243/8
244/8
245/8
246/8
247/8
248/8
249/8
250/8
251/8
252/8
253/8
254/8
255/8
That's a total of 47 of 256 /8 blocks. That around 18.36% of IPs in the IPv4 system that aren't allocated... not counting the 16 /8 blocks reserved for Multicast, the 127/8 block reserved for a single IP (127.0.0.1), or counting any unallocated blocks in the CIDR networks.
R. Bemrose on February 24, 2009 7:35 AM233/8 was a typo, it should have been 223/8
R. Bemrose on February 24, 2009 7:36 AMNice post, these real world problem turned into more abstract design discussion posts are good!
Peter on February 24, 2009 8:37 AMre: Your experience with craigslist
There's no rate limiter like a cease and desist letter.
Dennis on February 24, 2009 9:27 AMFor my website or web app, definitely.
But for my clients, wait. There are many things in this. This world is full of unscrupulous people and your clients are a subset of that set. There's a lot of overlap. Plus there's ignorance.
Two really well designed web pages that do snappy work can take multiple football-fields of server farms, across the globe - just TWO web pages of a very elementary web app we are familiar with.
There are people in this world who pay you for making websites and they look at this 2-page wonder and say - Hey! that has just two pages, how difficult could it get!
And if you were to tell them that Wall Street is going crazy over those two pages, they'd laugh at you. But it's they who need to be laughed at, no, pitied.
Most of my customers want websites and they have very able answerers/advisers who tell them that a web page is well a page - if it does things, it is a page plus some bells and whistles - how much could that be?
With such a customer, you need to give them exactly that - a web page with bells and whistles. When their site gets hacked badly, and they come running at you, ask them that given that the world is full of thieves, would they blame the carpenter or the brick-layer or the gardener or the electrician or the plumber for their home being burgled?
That's the only language they understand - that of experience.
Tell them that they'd have to take extra precautions for that and call in some experts. Tell them that you have that expertise and that you can do that too, but that costs because they never told you they wanted an unbreakable site - they asked for a page plus bells and whistles.
No kidding. Don't ever give more than needed to such clients. Let them learn the hard way. I've tried being perfect on Day One. The result is that I have been perfect on day one - but not my clients - even about their only work - checking and paying. Ignorance about programs and technology is found everywhere. It is in the air you breathe ;-) .
The people to show off your good code are other developers who have scruples and knowledge.
and you've got to keep looking for the signs that tell these from those - eventually, it is case-by-case, as are most things in this world, actually.
/rant
pragmatist on February 24, 2009 11:05 AMJeff, it is not shoplifting or keeping an eye on them.
Teenagers as a group tend to be a pain in the ass. They all want to show off how cool they are. So they bother other customers or mess up your store. It doesn't mean they're going to steal from you.
Not letting a dog in a restaurant is simply because dogs CAN be annoying if they don't behave. The only solution is to ban all dogs, because it's hard to decide which dog will behave. It's not because they dislike dogs, they want their customers to be satisfied and a constantly barking dog won't do that.
Herman on February 24, 2009 12:33 PMVery cool post, very well written! I would have thought to read something like this in a magazine.
Right, just to be clear, I haven't read ALL the comments, but would like to say that, in terms of determining the type of person behind the IP address, Google icould/i use the user info it gathers as you surf, or any other type of info it has on you. And even though you may have a dynamic IP, you still (probably) only have one or two or three GMAIL accounts being used from that computer.
So in essence, it would probably make more sense to look at the behaviour of the users trying to access whatever it is you're limiting and then applying restrictions to the computers (MAC addy?) to those who are abusing the service, or who seem likely to do so. Of course this is not perfect, but could work better than simply creating a bottleneck by applying restrictions to everyone.
LeoH
www.bizarredesigns.com
On the origin of ridiculous signs... this one's pretty funny:
Dogs are welcome in this motel. We never had a dog smoke in bed and set fire to the blankets. We never had a dog who stole our towels or played the TV too loud. We never had a dog that got drunk and broke up the furniture or punched holes in the walls. So, if your dog can vouch for you, you are welcome too.
From: http://www.ashrita.com/blog/every-dog-has-his-day
Andrew Vit on February 25, 2009 4:48 AM3 must be the limit that 1 store holder can keep an eye on at any given time. So what we need is more advanced charging systems where all items have RFID, which are read when the person goes through a reader. The products might be in pockets, puches, bags or a trolly. Whatever the case - nobody leaves without paying for whatever rung up.
Not a hard system.
How does this equate to your problem of a spammer? When faced with a problem in the current system, come up with a better system.
Have people report a question OR reply as spam. People are much better at identifying spam than any computer/system you can put in place. If enough people flag a question, reply or user as spam, their account and all posts can be put on hold until reviewed. Like graffiti getting painted over - if spam is taken down quickly every time it is put up, the spammers lose interest and stop doing it as much.
Can't this process be open to abuse? Yes - but once reviewed as safe you can raise the bar for the question/answer/uer to be marked as spam again. Similarly, if a particular user is marking too many things as Spam within a short timespan, their account can just as easily be marked spam worthy.
That's what I would do anyway.
Philip on February 25, 2009 5:54 AMFor those interested in the child rights issue raised here, I urge you to consult the UN convention on the rights of the child:
http://www.unhchr.ch/html/menu3/b/k2crc.htm
This convention has been ratified by 193 countries including every member of the UN bar Somalia and - that bastion of freedom and democracy - the United States. Obviously, it's arguable whether this particular practise is covered by the UNCRC; although article 15 states Parties recognize the rights of the child to freedom of association and to freedom of peaceful assembly., that probably doesn't cover shop premises which are, after all, private property - IANAL.
However, I think it's safe to assume that the intent of the CRC, and of those nations that ratified it, was to end discrimination against children, which this certainly feels like. Of course, certain laws may involve discriminating against children (in the interests of health, for example) but I am not aware of any law regarding the number of people in a shop.
Saying that the sign is there because the owner has previously had problems with children is no defence. Any form of discrimination can be 'justified' by reference to an individual example. That does not excuse tarring an entire race, gender, or generation with such an ugly brush.
Bobby Jack on February 25, 2009 5:58 AM@Bobby Jack
Well if that UN convention makes it impossible to limit the number of students in a store, the US made a very wise decision not to sign it.
Theo on February 25, 2009 9:22 AM@Bobby Jack
Actually, young or not, I think the Only 3 students in the store at a time, please. is probably less offensive than the far more accurate Only three loud, obnoxious, shoplifting dickheads in the store at a time please.. Funny that you should mention the right of assembly, though, because I've met a very large number of perfectly likeable teenagers that simply make asses of themselves when in groups with their peers. Strangely, that sense of anonymity translates very well to web design, when users feel free to do whatever they like when they do not feel like they have identified themselves. Jeff draws an excellent parallel here.
For a good view of what life would be like if children had legal rights equal to those of their parents, read Serpent's Teeth by Spider Robinson.
Dustman on February 25, 2009 11:22 AMI think one can remove the limit on IP-basis, because it only annoys the regular users and does not limit the bad users at all.
The good users are annoyed once more than a single user is behind the same router, which is certainly common, think universities, schools or companies.
On the bad side, I have myself implemented a program that circumvents such filters and limitations on IP-basis in a few hour in python. Just grab a proxylist, some async communication and URLs to call (or a pattern to construct those) and you are done circumventing the IP-based filter. Thats no magic, thats basic internet usage with some programming experience.
Hk on February 27, 2009 1:50 AMThe flood control/rate limiting I implemented for my app has two parameters:
1. The number of seconds which must elapse between subsequent times the action is attempted
2. The number of times the action can be taken within this timeframe before rate limiting starts
Therefore, I can set the flood control on 'login attempts' to allow 6 at once, and then 1 per 45 seconds after that, per IP.
If forum search interfaces did this, it would prevent the inevitable 'please wait 30 seconds' warning after refining your first search phrase.
trr on February 27, 2009 1:51 AMRe. google robot warning:
The warning DOES actually pop up inadvertently when using cybersearch + the awesome bar in Firefox 3; it happens something like several times a week. Though that is probably due to bad implementation ... every character you type in the URL bar is being transmitted to google and searched. Can get annoying...
jim on March 3, 2009 8:41 AMThat´s a great article!
I´ve bookmarked and subscribed the feeds!
Thanks.
http://www.pontodiesel4x4.com.br
Paulo on April 20, 2009 9:00 AMI'm horrible for not reading through all the other comments, (if there are more people like me it means you're not reading my comment)
BUT
if you are limiting password tries (as in the twitter case) you should not then lock the account out completely. (as this can then be used by evil-doers to lock people's accounts.
Denying your good users their service with even needing a DOS attack...
just thought you didn't mention this.
orathaic on May 13, 2009 11:07 AMI know the point of your article was not to discuss the motivation for the signs. BUT...
I always got the impression that the reason for them was not because they would shoplift - it's because they detract from the experience for other customers. I'm thinking about one deli near me in particular:
#1 - they travel in packs. They get off for lunch at the same time, and 15 of them will show up at the deli at the same time. So if you are unlucky to show up just _after_ they do, you have a 20 minute wait, and you're going to leave and go somewhere else to buy your sandwich.
#2 - they're obnoxious. Criticize me if you want, I see them all the time, and they are loud, rude, and profane. I remember what I was like at that age and I was pretty similar. I don't fault them, I just don't want to be around 20 of them at once.
My deli tried the 3 at a time thing (even having a bouncer outside during lunch hour). But since, I've noticed that they've changed to simply having a separate sandwich line for students. This works great - they don't prevent other people from getting served promptly, and they are far enough away from the other (higher-paying, I might add) customers so as to be less of nuisance.
Message from the world of Lotus Notes.
A nice rate limiting strategy is used by the Notes Client. When you enter a wrong password, Notes displays the password dialog after a small delay, each time you fail, this delay doubles/triples (ok I havent timed it exactly). Very quickly this time ramps up to very substantial amounts of time, we all know how quickly exponential curves get very steep.
This achieves the same thing as a fixed rate limit, but it doesn't penalise the average legitimate user who might get it wrong once or twice, but it will punish the evil monsters.
I always thought it was a very clever idea, oh and yes you can configure password locking, but I never bother as this technique works so well.
Simon
Simon Mottram on February 6, 2010 11:13 PMThis is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
| Content (c) 2009 Jeff Atwood. Logo image used with permission of the author. (c) 1993 Steven C. McConnell. All Rights Reserved. |
Subscribe in a reader
Subscribe via email
Posted by: |