- This was a Java application, evidenced by the fact that users were hitting JSPs. Well built Java applications a very scalable, but this one was not.
- They experienced a software and not hardware failure. It was a possible to access the site, but making progress was almost impossible.
- 8 million hits in 90 minutes is a lot, but can be handled by a well-designed scalable system.
- They were probably not the victim of a malicious attack. Hackers usually demand ransoms these days. I did not hear anything about a ransom in the news. Staging a denial of service attack "just for fun" does not ring true and would require substantial resources.
- There was no "online queue". When users entered the site, the window claimed that they were given a place in line, and said not to reload, or they'd lose their place in line. I was thinking about how to implement this, and in theory it can be done with session IDs, but would be difficult to implement fairly and correctly. It may not be possible at all, and I know of no online queues like this. Users were better off hitting reload constantly which is what I did in about 20 Safari web browser tabs. I was actually able to make progress but not enough to buy tickets.
- Users that were closer to the servers in California with fast Internet had an advantage over users in Colorado. My wife's cousin was able to buy eight tickets without any difficulties from California, and mysteriously also easily surpassed the four ticket limit.
Oh and by the way, congratulations to the Rockies. They didn't win the World Series, but they had a much better year than anyone expected.