Facebook isn’t having a good week. Yesterday a portion of its home page code was posted on a blog named Facebook Secrets and then last night the same blog put up Facebook’s search code for all the world to see.
Facebook has been firing off Cease and Desist letters to everyone who posts the code, though it remains unclear whether it’s actually illegal to post it considering no laws were broken in obtaining it. It’s also worth noting that what’s been posted so far is at least good-looking, well-organized code.
But that’s probably cold comfort for Facebook who no doubt would like to know who’s behind Facebook Secrets (the main site which hasn't complied with the C&Ds).
Although Facebook Secrets contains no hints as to who is in charge, last night’s code post very likely came from the same server malfunction that Facebook blamed for the initial code exposure.
Mashable claims that the source of the code leak is one Trae McNeely:
The code was later reposted by FacebookSecrets, a blogspot blog, and got thousands of Diggs. But a quick check on Digg (search for PHP or another unique term) shows that the wmdtalk story was the first chronologically. In other words: McNeely was the source and FacebookSecrets was a copy.
According to Mashable, McNeely also “claims responsibility for the posting of the Nicolas Berg beheading video and Kobe Bryant’s accuser’s information.”
There is however nothing that ties McNeely to Facebook Secrets.
On a separate note, in yesterday’s post I wrote that PHP is somewhat notorious for exposing code as text, which as it happens is perhaps a bit hyperbolic on my part. However misconfigured servers are common enough that the author of a book on PHP, which I am editing, devotes a whole chapter to setting up Apache.
However, as a technical point, the main way PHP ends up served as text is a fault of the Apache PHP module, not the language itself. I tend to take a holistic view of development environments and consider for instance mod_python to be integral of python and the same with PHP and mod_php, but as some readers pointed out, you can run PHP as CGI and probably never encounter this problem.
So for the fan bois I offended, consider “notorious” retracted, though the flaw still does exist whether you want to admit it or not — just ask the Facebook developers.
Source by blog.wired.com
Offers Development Services For