01.31
(Update 2 : Google blog points out that it is their fault code isn’t tested well, hence the disaster. The lesson? You should test your code well before you roll it out. =) )
(Update : Google is back working, and with malware detector down. I searched one of the hosting malware sites for Total Defender ( WARNING! total[hyphen]defender.com ) and I went to the site without getting a intermediate warning page at all. So, is Google putting all users at risk by keeping their usability (ad revenues) up? Geez, Google =]
Site note, during the server down time, Live and Yahoo! is working fine. )
Hackson Leung tipped me off a Google breakup. The time is 0700 in California and Google seems to went crazy, reporting every website as a harmful site. Moreover, the “stopbadware.org” server is up but the web server seems not to be responding. It seems that Google is using stopbadware.org as a database for malicious websites, and by default it is assumed malicious. Now that StopBadware.org is down, every website in Google all around the world is affected.
Someone is DoSing the StopBadware.org?
Google is totally unusable, as if the Internet froze.
I wonder how much Google is losing every second?
===
All sites are marked harmful.
Google and all other website are going Malicious.
Stopbadware.org is down, and Google Malware Diagnostics return Server Error :
English
lol
This also affecting Gmail spam filtering as well. As they said,
http://gmailblog.blogspot.com/2009/01/this-mornings-spam-filter-issue.html
This kind of error ( a blacklist ) is really hard to test. Is there any good way for this kind of testing? I can only think of random sampling of a list of “assumed Ok” web site.
Google is telling you, no site is good site
C’mon, disconnecting from the Internet means no more risk from it!
@KK Lo
I think they should have manual deployment and sign-off testing on test machines before the code is deployed. I suspect that Google search engine is able to fit in one box or two (search engine + database).
Of course, since we don’t know the architecture of Google search, it is not easy to say that they can perform such deployment or not. Maybe the Google search need to deploy with at least 100 or 1000 boxes, which is a very high cost.
On the other hands, they may have some better approach to test their services
@.hac
What is strange is why it involved manual deployment in the first place. That feature is there for quite awhile.
@KK Lo
I think what you mean is just the single test case “No website other than those in the blacklist will be marked as malware”. I came up similarly like yours. Strings : Boundary test inputs and test input generation.
@log0
I suspect you misunderstand my words. I mean they SHOULD have deployment and sign-off testing which they didn’t. This should be done in a copy of the real server which is in their test labs.
Since this is a bug in their code (I think they updated it), but not in StopBadware.org, Google should be able to discover this failure when doing they test that I mentioned.
BTW, I think they may only perform the build verification test only.