Why Facebook is logging your IP address
I use facebook from quit different places. Mostly when I stay at home, or sitting at the company and waiting for another compiler run. Today I sign in as usual to see my friends recent activities, but at this time I was stopped by a page I haven't seen before. A "You are signing in from an unfamiliar location. For your security, please verify your account." screen appears after I entered my username and password.
At first I was confused about this page but realized soon that this is a great idea. Today I logged in from a different location where I haven't used facebook before. They noticed this as well and showed me this warning, because it will more likely prevent others from accessing my account. Others could have caught my password with a phishing website and this is a good way to raise the hurdles one more time for stealing my identity or getting a glance into my private data. But even if somebody have access to your account, you should never offer to much private information on any social network or website you use.
In order to successfully login I have to confirm my birthday. But this would be a problem if you use a fake one during the registration process which afterwards is easily to forget. Fortunately I know when I was born but I am curious about what would happen if I enter a wrong birthday intentionally.
Facebook shows me another page which looks similary to that one you can see above and asking me to confirm your email address by entering a security code. I was starting to ask myself how facebooks implementation would look like and how I could build this security check into a future web project. But now I realized something interesting.
The statement "You are signing in from an unfamiliar location." can only be said if they know some history about me. In this case they need to store the ip address and the date of the last login. But not just the last one. They need a reasonable amount of logins because they have to find out the most recently used places from where I was using facebook before. To save my IP address on each login maybe would be too much. Consider if you stay at home it's quite possibly that you use a dynamic IP from a pool of IP addresses which are issued by your local internet service provider and is shared with other people from the same ISP as well. In this case facebook needs to ask me to confirm my birthday every day, because every day I will get a new address. In my implementation I would just log the last part of a users hostname to find the location. I can imagine that facebook will do something similar. If your neighbor try to get access to your account and if he is also using the same ISP, this protection will not work for you.
IMHO asking for a birthday is better then nothing but still a weak confirmation. You just need to do some social engineering by asking friends or make a short phone call. And even if the caller is a completely stranger, it's most likely that an unwary person will easily offer her or his birthday.
If I fail to enter a correct birthday, facebook will on the next step ask for a security code. This solves a problem if someone has forget there birthday. But it will introduce new problems too. In my case the security code that facebook sent to my email account is 6 digits long. I tried it several times and they always send me the same confirmation code. This is also slightly problematic. With only 6 digits you need 1 million attempts to guess the correct code. This could take around 12 days if you try it every second. To prevent a relentless cracker from this brute force attack, there should be a security check on this security check. Simply done by changing the security code after several failed approaches.
The reason I think why they can not change the security code immediately after a failed try is because they have to wait long enough until the confirmation email has arrived in the users mailbox, has been read by the user and entered correctly on the facebook website. Otherwise it would be possible that someone can anger me by trying to confirm false security codes or request new ones, and with that at the same time invalidates the old codes. If I don't have enough time to answer this security question, I would be out of luck for a long time.
After entering the correct security code I can login as usual. Facebook needs to put my current IP address into a whitelist. I don't want to be asked for my birthday again, on the next time when I use the same location again.
I have to state that I really appreciate this efforts to increasing users privacy. Other websites should undertake similar improvements. It's a step in the right direction and should do its job very well. But I also have doubts. This security check requires the collection of many IP addresses. This data can go into wrong hands if someone is able to get access to the facebooks database. I don't like it very much if someone keeps track of all my virtual identifications. The question is how much data they really need for this security gain. I would appreciate at least to have an optout option on my privacy settings for disabling this kind of IP tracking.
I will study in Taiwan
On Friday I got a very exciting news. I was accepted by the National Taiwan University for a Master degree program and they published a list of all the 243 successful international applicants. Including me they accepted 9 students from Germany. I decided to study in the Graduate School of Electronics Engineering. It is a mixture of Computer Science, Mathematics, Physics and Engineering. I will go to Taiwan at the beginning of September and plan to stay for two years. I want to say thank you to all the people who make this possible for me.
Before I sent my application to NTU I already spent a lot of time for the application process. Asking my University to sign all my documents and transcripts. Some documents have to be translated into English, with the help of a authorized translator. Visiting several times the Taipei Representative Office in Munich for notarizing some documents, taking photos and participating in a English proficiency test.
Now I have to get everything done until my departure to Taiwan. This includes finishing my Diploma degree and selling or giving away most of my belongings which I can not carry with me to a new location.
Computex 2008
I took a day off and visited with my Taiwanese friend the Computex Taipei, the world 2nd largest computer exhibition. It is located around the Taipei 101 and also in the new opened Taipei World Trade Center Nangang Exhibition Hall. Computex offers a free bus shuttle service to get from one location to another, because the Nangang MRT Station is still under construction.
When we was in front of the first hall for registration they told us that the Exhibition is not open for the public, but as a foreigner it was very easy to get a free entry ticket. But for my friend it was impossible, since we had no invitation letter or business cards. After some research we found, that when she would act as my Chinese translator, she would also get a free ticket. No sooner said than done and finally we could enter.
At Hall 1 there are lots of small boots with tight corridors. But because it was not open for public it was still crowded with people from all over the world. Mostly on this place we found small companies which offer more specific hardware. Not what a consumer is really looking for. If you want to buy something here, you would order high quantities.
After a delicious lunch in a Japaneses restaurant next to Kunyang MRT Station, we took the free bus shuttle to Nangang. The Hall on this place is finished and very big, but around you can see some construction zones. Inside it has a nice flair and a lot of space which makes walking and looking more enjoyable. The building has two floors which are reached easily by an escalator. You will find here a lot of entertainment, game shows and very beautiful girls. There where are lot of photographs too, including me, but instead of taking pictures from the exhibitors products, they had only eyes for Taiwanese beauties. :) All in all, and because of the two different locations, the Computex seems to be very well organized and except for the lunch it costs us nothing.
Strong Earthquake near Taipei City
At 1:00am this morning the ground was shaking for some seconds. I was in my room in the center of Taipei and had several online conversation with friends at this time and all who living near Taipei said simultaneously Earthquake, 地震 (dì zhèn). A scary feeling. A 6.0 magnitude earthquake, the strongest I ever felt, 17.5 km East of Taipei City. Fortunately in the News this morning I read that it caused no damage.
Bali and Danshui Trip
Yesterday my coworkers and I had a nice trip to Bali and Danshui. We rent some bicycles and driving a long the Bali cycleway. Over the Guandu Bridge. After a while I took a rest because on of our bikes have to be repaired. At Bali we ate lunch. Then we took the ferry to Dansui and ride to the famouse fishermens warft. The the sun was shinine and the weather was very hot. So we eat icecream, and relaxed at this place. We then went to a university playground, relaxed and played basketball again some local students. I didn't make any point. Then we had a delious dinner. At this time we all was very tired from the day and went back home. On the Guandu Bridge we took a last photo.
Hobe Fort and Fort San Domingo
I and Peter Coyl went to Danshui to visit dutch forts.
At the twelfth year of Guang-Syu reign (1886), Ming-Chuan Liu, the first appointment governor of Taiwan, hired Lieutenant Max E. Hecht who was a German engineer to build the Hobe Fort in western style for establishing the coastal defense of Taiwan. That year was just after the Sino-French War (1884-1885). Above the main gate remains Governor Liu's inscription, "Bei-Men-Suo-Yao". The fort faces to the south with good covering and good camouflage. The site of the fort is a rectangle shape; from the outside to the inside of the fort: a fortified wall, a moat, a sub-wall, batteries, covering, a pass way and a court. The batteries and the sub-wall were grouted with concrete. The cannons were equipped at the fifteenth year of Guang-Syu reign (1889). The Huwei Fort has four batteries which were equipped with one 12-inch, ine 10-inch Armstrong breechload guns and two 8-inch Krupp breechload guns. They are all disappeared now.
The Fort San Domingo was built in 1629. It listed as a Grade 1 historical side and consists of the main fortifications, the former British consulate, and a southern gate.
OSDC Taiwan 2008
Together with John Sun from Yuan Ze University we visited the Open Source Developers' Conference in Taipei. The conference took two days and we attend Yahoo!, Google and other great talks mainly focused on Web 2.0. It was a familiar atmosphere and sometimes quit funny. I also saw some well known persons like Nate Koechley and Jim Huang.
National Palace Museum
Two of my friend from the Yuan Ze University visited me in Taipei and together we visted the Chiang Kai-shek Memorial Hall and later on the National Palace Museum. The Museum is rich an antique Chinese pieces. so much that they will replace everything after some month. It is very nice and I saw lot of beautiful things. Later on we went to a night market for dinner.
Hong Kong and Shenzhen Trip
On the last few days I was on a journey to Hong Kong. My visa for Taiwan expired and I only can get a new one if I leave this small Island. I first thought about to visit Philippines, but getting a Visa there is not so easy. So I flight to HK, booked a room in the Monkok district and stayed there for 3 days. I bought a Nikon D60 camera and went on sightseeings. Hong Kong is a beautiful city with many skyscrapers, mountains and temples. After I got all my visa stuff I took the train to Shenzhen. My friend was waiting for me and after I checked in the Hotel we ate dinner together. On the next day we went to the beach and relaxed the hole day. Shenzhen is after HK also a very nice city with high mountains and a beautiful clean beach.
Happy New Year
Happy New Year to all I know especially my family and my friends in Taiwan, Germany and China. May all you wishes became true. The last day in 2007 we decided to went to Taipei 101 watching the firework. We wanted to travel by train but it was to late and the train was very crowded so my classmate decided to take the scooter. With 12 degree it was very cold at this day but the trip was very funny. After a very delicious jiaozi (Traditional Chinese: 餃子)dinner in a small wooden house we went by bus to Taipei 101. Many people at this place sat on the street and waiting for the countdown. The 3 minutes firework was very beautiful. After this event most of the people went back home and it was very chaotic. You could also see the aftermath. Streets full of papers and waste.
Hualien Trip
At the weekend we took a two day trip to Hualien and the Taroko National Park, the east side of Taiwan. The natural scenery there is very beautiful. Steep cliffs, rocky valleys, long and dark tunnels through the mountains and impressive waterfalls.
Dinner with Taiwanese Students
I went with my classmate to Taipei to buy a special German food called "Weihnachtsstollen" and to meet intercultural partners. We had a great dinner in a Japanese restaurant and talked a lot about Taiwan and my country. On the next day we ate the stollen at the Chinese class.
Cjuke
My gifts for this year to the open source community are two projects. cjuke, a console based music player which I started during my first semester at the University. It is distributed under the GNU General Public License.
Christmas
For our Christmas party we decorated the room and some trees. Than I was invited by a good friend to her home to celebrate Christmas and we had a lot of fun. On the next day we did the same with most of the foreign students at the University. It was very enjoyable even if we had no vacation. Taiwanese usually don't celebrate this lovely event. At the end you can find a Christmas card for a friend, where I wrote Mandarin by myself.
Taipei 101
Today I had the chance to fulfil one of my long-time outstanding dreams, visiting the tallest building in the world, Taipei 101. Its huge size impressed me deeply. Shanghai was the first city were I saw tall buildings but I didn't go inside and on the top of those. The high-speed elevator, the fastest in the world, brought us in 40 seconds from the bottom to the 89th floor to a nice viewpoint. In a silently and peaceful atmosphere you can enjoy the nice view over Taipei. After back from heaven I met a friend and we joined a weekly meeting of the Taipei Open Source Software User Group, talking about FreeBSD ports system. Many famous people in the Open Source World have visit this Group, e.g. Mark Shuttleworth founder of the Ubuntu project. Not as usual this toke place in the office rooms of OpenMoko, an upcoming Linux mobile phone.
