A Reservation-Thieving Bot Battle on Urbanspoon

A fun story in Ars Technica today about an engineer who hacked a bot that hacked Urbanspoon:

It’s not uncommon for new San Francisco Bay Area restaurants to spring up and take both the neighborhood and nation by storm (see Mission Chinese Food). But State Bird Provisions (SBP) in the Fillmore district lived this ascent in hyper speed. Despite only opening in 2012, the small plate virtuosos earned distinctions like Bon Appetit’s Restaurant of the Year 2012, the James Beard Foundation’s Best New Restaurant 2013, and a place in Zagat’s 10 Hottest Restaurants in the World. Needless to say, it’s hard to just walk up and get a table, even midweek. SBP easily made theSanFranciscoWaits Tumblr.

Diogo Mónica, a security engineer at Square, knows this pain as well as anyone. He was a fan from the start, calling SBP “nothing short of spectacular.” But as the restaurant’s profile grew, its online reservations portal kept returning the same message: “No reservations are currently available. Reservations are taken online up to 60 days in advance. As tables become available, they will be shown here.”

Rather than getting discouraged, Mónica went to his developer tool kit. He SSHed into his remote server and wrote some code to get notified (via e-mail) every time the SBP reservations page changed. (See the code in full on his blog.) He learned that new reservations open around 4am everyday, saw that most were gone by 5am, and received heads-ups about newly available times from cancellations. But curiously, his setup revealed that most of the primetime reservations were scooped up by 4:01am.

“One day I found myself looking at it and noticed that as soon as reservations became available on the website (at 4am), all the good times were immediately taken and were gone by 4:01am,” he wrote. “It quickly became obvious that these were reservation bots at work. After a while, even cancellations started being taken immediately from under me. It started being common [to receive] an e-mail alerting of a change, seeing an available time, and it being gone by the time the website loaded.”

How does one deal with reservation-thieving bots? With one’s own reservation-thieving bot, of course. 

This is like Inception for programmers. Read the story for the rest of the highlights.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s