How Facebook Figures Out Everyone You’ve Ever Met

In real life, in the natural course of conversation, it is not uncommon to talk about a person you may know. You meet someone and say, “I’m from Sarasota,” and they say, “Oh, I have a grandparent in Sarasota,” and they tell you where they live and their name, and you may or may not recognize them.

You might assume Facebook’s friend recommendations would work the same way: You tell the social network who you are, and it tells you who you might know in the online world. But Facebook’s machinery operates on a scale far beyond normal human interactions. And the results of its People You May Know algorithm are anything but obvious. In the months I’ve been writing about PYMK, as Facebook calls it, I’ve heard more than a hundred bewildering anecdotes:

  • A man who years ago donated sperm to a couple, secretly, so they could have a child—only to have Facebook recommend the child as a person he should know. He still knows the couple but is not friends with them on Facebook.
  • A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
  • A woman whose father left her family when she was six years old—and saw his then-mistress suggested to her as a Facebook friend 40 years later.
  • An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”

Connections like these seem inexplicable if you assume Facebook only knows what you’ve told it about yourself. They’re less mysterious if you know about the other file Facebook keeps on you—one that you can’t see or control.

Source: How Facebook Figures Out Everyone You’ve Ever Met

New “Quad9” DNS service blocks malicious domains for everyone | Ars Technica

The Global Cyber Alliance (GCA)—an organization founded by law enforcement and research organizations to help reduce cyber-crime—has partnered with IBM and Packet Clearing House to launch a free public Domain Name Service system. That system is intended to block domains associated with botnets, phishing attacks, and other malicious Internet hosts—primarily targeted at organizations that don’t run their own DNS blacklisting and whitelisting services. Called Quad9 (after the 9.9.9.9 Internet Protocol address the service has obtained), the service works like any other public DNS server (such as Google’s), except that it won’t return name resolutions for sites that are identified via threat feeds the service aggregates daily.

“Anyone anywhere can use it,” said Phil Rettinger, GCA’s president and chief operating officer, in an interview with Ars. The service, he says, will be “privacy sensitive,” with no logging of the addresses making DNS requests—”we will keep only [rough] geolocation data,” he said, for the purposes of tracking the spread of requests associated with particular malicious domains. “We’re anonymizing the data, sacrificing on the side of privacy.”

Source: New “Quad9” DNS service blocks malicious domains for everyone | Ars Technica

Experian Site Can Give Anyone Your Credit Freeze PIN — Krebs on Security

What good does it do to lock down your credit with a credit freeze if Experian will hand over your PIN to anyone who asks?

An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian.

The first hurdle for instantly revealing anyone’s freeze PIN is to provide the person’s name, address, date of birth and Social Security number (all data that has been jeopardized in breaches 100 times over — including in the recent Equifax breach — and that is broadly for sale in the cybercrime underground).

After that, one just needs to input an email address to receive the PIN and swear that the information is true and belongs to the submitter. I’m certain this warning would deter all but the bravest of identity thieves!

Source: Experian Site Can Give Anyone Your Credit Freeze PIN — Krebs on Security

Bay Area housing: Sunnyvale home sells $800,000 above asking

This story caught my eye, when a modest, 2,000sf home in Sunnyvale, CA sold for $800,000 over asking price. True, there is a little real estate sleight-of-hand going on here with how it was priced but there’s no denying that this is an eye-popping sale.

This kind of outrageous housing market is what comes to mind when I think of what might happen if Amazon chooses to set up its second headquarters in the Triangle. I think of the stunning metamorphosis that’s taken place this year in the neighborhood surrounding East Raleigh’s Ligon Middle School, where affordable homes have been all but demolished in favor of fancy new homes, and I wonder how long it will be before no one here but stock-option millionaires can live where they work.

Be careful what you wish for, Raleigh. More on this in an upcoming blog post.

A house in Sunnyvale just sold for close to $800,000 over its listing price.

Your eyes do not deceive you: The four-bed, two-bath house — less than 2,000 square feet — listed for $1,688,000 and sold for $2,470,000.

“I think it’s the most anything has ever gone for over asking in Sunnyvale — a record for Sunnyvale,” said Dave Clark, the Keller Williams agent who represented the sellers in the deal. “We anticipated it would go for $2 million, or over $2 million. But we had no idea it would ever go for what it went for.

”This kind of over-bidding is known to happen farther north in cities including Palo Alto, Los Altos and Mountain View. But as those places have grown far too expensive for most buyers, future homeowners have migrated south to Sunnyvale, a once modest community that now finds itself among the Bay Area’s real estate hot spots.

Source: Bay Area housing: Sunnyvale home sells $800,000 above asking

DefCon 25

Having worked in IT for (gasp!) twenty-five years, I have long enjoyed the side of my job that deals with securing the networks I am responsible for. Network security is a game to me; trying to find and stop hackers before they find and stop me. As my blogging has revealed over the years, I enjoy solving a good mystery. How far back can a track an attacker? Or an adversary? How much knowledge can I dig up? This is all very fun.

My current job doesn’t deal with this directly as I am lucky to have a great team who watches the network. Still, I have to pay some attention to what’s what. So, when the department budget allowed for sending me to my first DefCon, I was delighted to go. Two weeks ago, I was on a plane to Las Vegas to join 25,000 other “hackers” in an intense, three-day powwow of matching wits, sharing forbidden knowledge, and proving points.

This year is the 25th anniversary of DefCon (i.e. “DefCon 25”). DefCon gets its name partly from the U.S. Department of Defense’s “Defense Condition” levels, as popularized by the movie “War Games.” Partly, it’s a made-up word with the “Con” meaning “convention.” DefCon was started (if I am correct) by Canadian bulletin-board owners who decided that on-line meetings were not enough. It has continued to be one of the premier conferences/training sessions that draws attendees from around the world.
Continue reading

As a Woman in Tech, I Realized: These Are Not My People – Bloomberg

A woman in tech suggests there’s a kernel of truth in the “Google Memo.”

No, the reason I left is that I came into work one Monday morning and joined the guys at our work table, and one of them said “What did you do this weekend?”

I was in the throes of a brief, doomed romance. I had attended a concert that Saturday night. I answered the question with an account of both. The guys stared blankly. Then silence. Then one of them said: “I built a fiber-channel network in my basement,” and our co-workers fell all over themselves asking him to describe every step in loving detail.

At that moment I realized that fundamentally, these are not my people. I liked the work. But I was never going to like it enough to blow a weekend doing more of it for free. Which meant that I was never going to be as good at that job as the guys around me.

Source: As a Woman in Tech, I Realized: These Are Not My People – Bloomberg

Brian Shul, SR-71 pilot

Author Brian Shul

Someone shared a clip from a talk Maj. Brian Shul (USAF, ret.) gave on his seven years as an SR-71 Blackbird pilot and I found myself looking up his whole talk and becoming captivated by it. Shul not only piloted the world’s highest-performing aircraft, he is an excellent photographer, too, and captured many once-in-a-lifetime photos of this glorious aircraft in action. Shul’s talk is funny, poignant, and inspiring as he expresses his love for flying, photography, and his love for life. It’s an hour long but well worth watching!

As early as 2007, analysis demonstrated that 400-V dc distribution had advantages; Now there’s a way to implement it.


Is DC power the wave of the future for computing environments?

Power distribution in data centers used to emulate the architecture of old telephone central offices. A “rectifier” would step down and rectify the ac from the power line and use it to charge banks of batteries that provided an unregulated 48 V dc, which was distributed around the facility to run the telephone equipment in the racks.

Since at least 2007, data-center engineers have been talking about distributing 400 V dc (sometimes 380 V). Data centers are bigger and use a lot more power than telco central offices. At a minimum, higher voltage distribution would mean lower I2R losses and/or thinner power-distribution cables.

Source: As early as 2007, analysis demonstrated that 400-V dc distribution had advantages; Now there’s a way to implement it.

Jumpseat: It’s All About the APU | Flying Magazine

I enjoyed this pilot’s story of how a broken APU on his aircraft caused a mess.

For more than 50 years of jet airliner operation, the APU has been an integral part of airplane independence. The APU is a small jet engine located within the structure of the fuselage. With today’s airliners, the unit is operable both on the ground and in flight. In flight, the APU provides both a backup source of electric power and a limited amount of air pressure at lower altitudes — usually below 20,000 feet.

On the ground, the APU is capable of being the sole source of electricity and the sole source of air pressure. Air pressure from the APU is the standard method utilized in starting the engines. When air is not available, starting becomes problematic. On this particular trip, an inoperative APU became more problematic than my copilot and I could have ever imagined.

Source: Jumpseat: It’s All About the APU | Flying Magazine

Amazon kills unlimited Amazon Cloud Drive option

Recently I had a scare when our home storage server went on the fritz. Years of photographs, videos, and files were suddenly in jeopardy as they appeared to vanish. Being a resourceful geek, once I caught my breath I was able to revive everything. Still, it was enough of a scare that I accelerated my quest for a good, offsite place to back up our files.

Part of this quest was getting gigabit fiber Internet at home, which I recently did when I could no longer wait for Google Fiber and signed up with AT&T Fiber. Untangling this brave new world has kept me busy recently, not leaving much time for blogging. I will have lots to say about this in the near future but suffice to say that having a fat pipe at home makes it easier to do any kind of backup to the cloud.
Continue reading