darrencauthon/arg.txt

## arg.txt
Faulty premise, lots of assumptions
I believe HookSlide is lacking the necessary facts to reach the conclusion that the voting is being hacked.

Let’s look at it from a technical perspective by pretending that we had to build the MLB voting website. I’m sure MLB would demand the following:

1) Voting must be valid and accurate. No hacking the vote!
2) The voting site must stand up to TONS of web traffic from around the world. No downtime!
3) It must be friendly for visitors to vote. Don’t scare people away!

Checking for valid votes is expensive, as it will require computation and many database lookups across millions of records. Combine that with making a real-time check as thousands of users from around the world are hitting your site… at the same time?!?!?! That’s a very hard problem.

If I had to architect a system to do this, I’d remove real-time from the equation. I’d build an optimized, simple system that would take all sorts of votes with practically no validation. Pass me a vote, I accept it and return a "thank you" in a few milliseconds. No database lookups, no computations, no captchas, no user validation… just a pure pipeline into the ballot box database.

That handles (2) and (3). But now we have a system where we’re taking input from everywhere. What about (1)?

We scrub the input after the fact. MLB has all of the information it needs to check for bad inputs. IP address, check. Email address, check. Email address validation, check (they get a bounce notification if you use a bad email). Name & basic info, check.

Is MLB scrubbing the data? They say so, but nobody knows except them. That’s where I think HookSlide’s argument collapses. It looks technical as he has a script that submits votes, but he has no knowledge of what happens to that vote… and then he jumps to a conclusion.

Perhaps HookSlide is right, perhaps not, but the fact that MLB doesn’t return an error or a "go away bot" message doesn’t mean his script works. And as I’ve pointed out, it makes a lot of sense for MLB’s voting system to operate the way it appears to operate.
	Faulty premise, lots of assumptions
	I believe HookSlide is lacking the necessary facts to reach the conclusion that the voting is being hacked.

	Let’s look at it from a technical perspective by pretending that we had to build the MLB voting website. I’m sure MLB would demand the following:

	1) Voting must be valid and accurate. No hacking the vote!
	2) The voting site must stand up to TONS of web traffic from around the world. No downtime!
	3) It must be friendly for visitors to vote. Don’t scare people away!

	Checking for valid votes is expensive, as it will require computation and many database lookups across millions of records. Combine that with making a real-time check as thousands of users from around the world are hitting your site… at the same time?!?!?! That’s a very hard problem.

	If I had to architect a system to do this, I’d remove real-time from the equation. I’d build an optimized, simple system that would take all sorts of votes with practically no validation. Pass me a vote, I accept it and return a "thank you" in a few milliseconds. No database lookups, no computations, no captchas, no user validation… just a pure pipeline into the ballot box database.

	That handles (2) and (3). But now we have a system where we’re taking input from everywhere. What about (1)?

	We scrub the input after the fact. MLB has all of the information it needs to check for bad inputs. IP address, check. Email address, check. Email address validation, check (they get a bounce notification if you use a bad email). Name & basic info, check.

	Is MLB scrubbing the data? They say so, but nobody knows except them. That’s where I think HookSlide’s argument collapses. It looks technical as he has a script that submits votes, but he has no knowledge of what happens to that vote… and then he jumps to a conclusion.

	Perhaps HookSlide is right, perhaps not, but the fact that MLB doesn’t return an error or a "go away bot" message doesn’t mean his script works. And as I’ve pointed out, it makes a lot of sense for MLB’s voting system to operate the way it appears to operate.