operations contact @ facebook?
Hi All, Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned. Thanks in advance. Leland Vandervort Director, Technical Operations Gandi SAS Paris t: +33 1 70 39 37 59 m: +33 6 31 15 15 07
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front. -- TTFN, patrick [*] No, I do not work for FB.
The application is not being hosted on the VPS servers, but rather on the mutualised blog platform and is impacting on other customers of this platform. We have VPS services available for the app developer in question to host his application on should he desire to do so. Leland On Mon, 2009-10-05 at 10:57 -0400, Patrick W. Gilmore wrote:
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
Patrick W. Gilmore wrote:
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
The original poster is from Paris. Do consider the possibility that there are different jurisdictional rules or service terms in force from your own. -- Alex Balashov - Principal Evariste Systems Web : http://www.evaristesys.com/ Tel : (+1) (678) 954-0670 Direct : (+1) (678) 954-0671
On Oct 5, 2009, at 11:10 AM, Alex Balashov wrote:
Patrick W. Gilmore wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned. Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote: put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
The original poster is from Paris. Do consider the possibility that there are different jurisdictional rules or service terms in force from your own.
I certainly did not. And I would suggest we refuse to do so as an industry. The UN lists 192 countries, and there are several others (e.g. Vatican City, Scotland, etc.) which others may count. Many of these have provinces or states or whatever, and almost all have cities, towns, counties, etc., each of which may have its own laws & regulations. Operationally speaking (see, this is on-topic :), trying to consider every single one of those possible laws, rules, social norms, preferences, political slants, religious authorities, and whatever else may come into the mix when putting an object or code onto the Internet is simply not possible. Giving in to it, even a little bit, leads to ridiculous restrictions and stifling of many things on the 'Net. We should all push back HARD whenever someone over here tries to tell someone over there what to do. The OP responded with a quite reasonable answer (shared infrastructure) that had nothing to do with local jurisdiction. That is an operational issue. What laws your country, province, county, town, or church has set up for you should have zero operational impact on me if my gear is not in the same place. And maybe someday we can even get away from that whole "in the same place" idea. (Hey, one can dream.) -- TTFN, patrick
Patrick W. Gilmore wrote:
On Oct 5, 2009, at 11:10 AM, Alex Balashov wrote:
Patrick W. Gilmore wrote:
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned. Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
The original poster is from Paris. Do consider the possibility that there are different jurisdictional rules or service terms in force from your own.
I certainly did not. And I would suggest we refuse to do so as an industry.
The UN lists 192 countries, and there are several others (e.g. Vatican City, Scotland, etc.) which others may count. Many of these have provinces or states or whatever, and almost all have cities, towns, counties, etc., each of which may have its own laws & regulations.
Operationally speaking (see, this is on-topic :), trying to consider every single one of those possible laws, rules, social norms, preferences, political slants, religious authorities, and whatever else may come into the mix when putting an object or code onto the Internet is simply not possible. Giving in to it, even a little bit, leads to ridiculous restrictions and stifling of many things on the 'Net. We should all push back HARD whenever someone over here tries to tell someone over there what to do.
The OP responded with a quite reasonable answer (shared infrastructure) that had nothing to do with local jurisdiction. That is an operational issue. What laws your country, province, county, town, or church has set up for you should have zero operational impact on me if my gear is not in the same place.
And maybe someday we can even get away from that whole "in the same place" idea. (Hey, one can dream.)
That is a very fair point. I cannot come up with any appealing counterarguments. -- Alex Balashov - Principal Evariste Systems Web : http://www.evaristesys.com/ Tel : (+1) (678) 954-0670 Direct : (+1) (678) 954-0671
We have had issues with a FB application basically doing a DOS against a network. This was not on our servers but somewhere out there on the Internet. It was an application that was going rogue. It was talking to several of our user¹s using this application. FaceBook caught it and made the developer fix the App. I am sure we were not the only ones seeing the issue. Justin From: "Patrick W. Gilmore" <patrick@ianai.net> Date: Mon, 5 Oct 2009 10:57:28 -0400 To: NANOG list <nanog@nanog.org> Subject: Re: operations contact @ facebook? On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front. -- TTFN, patrick [*] No, I do not work for FB.
On Mon, 5 Oct 2009, Patrick W. Gilmore wrote:
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
Sounds like it's an app on facebook that's causing unexpected access to something on their systems...perhaps kind of like being /.'d ? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
I guess the facebook app allows any FB user to check availability of domain names or to request Gandi's whois database. From what I saw, FB people do not check every applications neither before or after publication. And that could create some issues out there. Patrick W. Gilmore a écrit :
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
On Oct 5, 2009, at 10:46 AM, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
Clearly I do not have all the information, so please forgive me for being confused. But since when do I[*] have to ask you before I put an application on my server? If FB put an application on your server, that seems like something you should have known up front.
That's far from the only possibility. The ability of a site such as FB to generate an inadvertent but effective DDoS against a smaller site in a variety of ways is quite significant, and depending on the specifics, failure to mitigate such damage once being made aware of it could even open one up to penalties under regional computer crime laws... of course, that's making a bit of a jump and some assumptions, but it is certainly a different possibility from the one you suggest. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Mon, 5 Oct 2009, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
You might be able to reach the right people at ops@facebook.com jms
Thanks Justin... will give it a shot; hopefully they're relatively rapid :) Leland On Mon, 2009-10-05 at 11:31 -0400, Justin M. Streiner wrote:
On Mon, 5 Oct 2009, Leland Vandervort wrote:
Would anyone happen to have an operations contact at Facebook by anychance? Our systems are being overwhelmed by a facebook application that we were neither aware of nor condoned.
You might be able to reach the right people at ops@facebook.com
jms
This is a classic case of one of the problems of the increasingly numerous and powerful Web dev platforms - as you let other people either control your app through an API, or even write code that executes on the server-side, you're increasing the cycles available to an attacker. It's similar to the dns reflector attack.
participants (9)
-
Alex Balashov -
Alexander Harrowell -
Benjamin Billon -
Joe Greco -
Jon Lewis -
Justin M. Streiner -
Justin Wilson - MTIN -
Leland Vandervort -
Patrick W. Gilmore