Facebook Doesn’t Need Your Money
According to Om Malik, Facebook needs $300 to $500 million in order to make its site safe for children to use:
The New York attorney general has started investigating the safety measures Facebook has put in place, and based on his preliminary investigations, he is not happy. His staff has found sexual predators and a wide variety of pornographic material, including images and videos, prompting him to issue a subpoena.
Unfortunately, I think the premise is ridiculous. Facebook provides a large number of privacy controls that would allow children to:
- Prevent people finding them in searches
- Prevent strangers from viewing their profile
- Prevent their profile from showing up in Google and other engines
I see Facebook as a piece of infrastructure, like a telephone address book and cellphone, that you find and communicate with people. Generally that lets friends talk to each other, or lonely people find other lonely people nearby; sometimes it lets perverted old men call up kids. The problem isn’t technological; it’s social, and perhaps medical.
Facebook and MySpace are just the tubes; what goes through them isn’t, and shouldn’t be, their concern.
Facebook’s Next Trick: Different Information for Different Networks
So we all know that Facebook is going to let search engines start indexing parts of its member profiles so that it can cash in on vanity name traffic. This is all well and good, but one way Facebook could turn this from a PR prank into a serious feature would be allowing customization of your own profile by Network. That’s right–I want to show Search Engine visitors one thing, my friends another thing, my friends’ friends another, and something special for strangers and the people in my network.
So my friends would get to see this:
But I don’t want search engine visitors to see more than this:
You can, to some degree, use Facebook’s privacy controls to restrict information, but that’s slightly different than controlling its flow. New controls would let you seperate, for example, your friends and your girlfriend’s friends, or your personal life and professional profile. Facebook, put an end to “banking applicant has facebook profile of keg chugging,” please!
Facebook Adds “Application Palette” To Profiles
There’s nothing on the Facebook blog or Techcrunch yet, but Facebook just made its Applications a bit more viral by adding an application palette with all your added application icons to each user’s profile. The palette sits just underneath the profile picture:
It’s cute and probably useful. I was hoping for a bit more, like a nice mouseover that would give some kind of application description, but I suppose it’s a good start to cleaning up the clutter that the Facebook platform has introduced with arbitrary applications.
Facebook Index.php Source Code Leaked!
A newly created blog http://facebooksecrets.blogspot.com has posted a single, devastating post, the PHP source code to Facebook’s home page. The front page currently looks like this, and lets users log in or register:
My first question is Where did the source code come from? Who leaked it? How? Techcrunch offers two theories, the first that a Facebook employee leaked the code, and the second that facebook’s source code repository was hacked. Neither of these make any sense; what really happened is that a Facebook third party developer on the F8 platform found an injection attack that he could use to retrieve an arbitrary file. Since Facebook is written in PHP, it was inevitable that any injection attack would lead to a source code compromise.
My theory has proved incorrect, as minutes after the article went to press, a Facebook employee left the following comment on Techcrunch:
I wanted to clarify a few things in your story. Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
Thanks to you and the TC readers for helping us out on this one.
Brandee Barker
Interestingly, The Wrong Advice points out a blog entry which used to contain the source to profile.php and a commenter who claims to have gotten photo.php. Others have posted search and groups code online. Facebook isn’t just hacked, it’s leaking source code all the time.
The alleged source code contains some humorous comments, which I will list here:
- // FIXME?: is it sub-optimal to call this both in requests_get_cache_data and here?
- // Holy shit, is this the cleanest f****ng frontend file you’ve ever seen?!
- // make sure big tunas haven’t moved around
- // Merman’s Admin profile always links to the Merman’s home
- // Friend’s Feed Selector - Requires dev.php constant
I’ve got the feeling that Facebook, just like MySpace, is a web 2.0 site strung together with glue; glancing at the alleged code doesn’t make me feel great about their infrastructure. They have huge win32-api-esque functions like multiget_fresh_notstale_hashed_network_with_orientation (i made this up), a procedural, rather than object oriented structure, and no clean abstractions or MVC scheme. At least they’re using smarty for templating, though….
Update: They’ve added the code for Facebook’s s.php search feature. When will it stop!?
Facebook Platform Instability
Of the last 40 updates I’ve made to my Facebook Application for showing Stock Quotes, 6 have failed with a “Unknown data store API error.” While I have no idea what the error means, it seems to indicate that Facebook couldn’t save the data I sent it at a 15% rate for that period of 10 hours.
Other Facebook Platform issues include restricted growth, bugs in the developer application, downtime, and poor performance. Obviously, F8 will go through some growing pains before it fully matures.
