Archives for the News category

Facebook source leaked - get it all here

Earlier today TechCrunch posted an item regarding Facebook servers exposing raw PHP code, with blogosphere echo chamber making its rounds, telling a more negative story each time around.

There are two important things that need to be addressed. First. No matter how sexy a theory about disgruntled employee or cunning attacker may sound, the story posted by Brandee in TechCrunch comments is somewhat duller - sometimes those .php files end up being served raw, not interpreted by PHP, on an Apache server.

Second. Source code is not user data. Not to go into Web Page Building 101 here (the course might be available at a local friendly community college), but data is stored in the databases, which are then accessed by some code (PHP in this case), and displayed to the user. What’s displayed is always visible to the user (View Source in your browser), the code is sometimes open (Wordpress, Joomla, Drupal) and sometimes not (pretty much any non-standard Web site out there), while DB is always locked down from outside peeks, unless you have developers do some stupid things, like leave username and password in the PHP code, and allow outside access. Generally speaking, even if I have all the source code for a certain Web site, it’s still impossible for me to take a peek at the data.

But most of you didn’t come here for the lesson in basic Web building. Judging by the title, you wanted to get Facebook source. The more the better. So here it is.

1. Facebook Thrift - developed, supported and actually used by Facebook, this is a set of libraries and code generators to allow for maximum throughput data transfers between a client and a server. If you’ve got some server that speaks C++ or Java, and some client that speaks Python or PHP, you can have those two living in perfect harmony, clients issuing the client requests in whatever language they prefer, and servers responding back with the data structures in their preferred language. Read the whitepaper here or join the group here. And guess what, you can download the source.
2. Memcached - originally written by the guys who created LiveJournal, this “high-performance, distributed memory object caching system” is quite popular inside Facebook, as evidenced in this mailing list posting by our engineer Steve Grimm. You can naturally get the source of that, too, to add it to your Facebook source collection.
3. phpsh - another product written by Facebook engineers and used throughout the company. Ever wished PHP had an interactive shell, just like the one you get when you download Python? Facebook’s phpsh is written (get this) in Python, but offers some of the best interactive shell features to a PHP developer. Ever need to execute a single function just to see what the output will be? Just type the function name with parameters and see it run. Curious to see where a certain function lives? Just do d function_name to get the definition of that function together with its location in the codebase. e function_name opens up emacs, and gets you to the exact location of that function in the code. It’s downloadable here with source available.
4. Facebook toolbar for Firefox is also open source, since that’s the way Firefox extensions are distributed. Ever wanted to build a Firefox toolbar of your own incorporating some features of Facebook into it? By installing the toolbar, you get the sources for it placed in your Firefox extensions directory.
5. Facebook’s APC - what would you give for a copy of Facebook’s APC configuration? Don’t answer yet, as Facebook engineer Brian Shire provides it for free in his APC@Facebook talk he’s given at PHP conferences. It talks about optimal configuration and trade-offs one needs to consider when optimizing a large number of servers running PHP.
6. Facebook’s PHP client for Facebook platform - granted, it would be weird if the company did not open source that, but nevertheless, if you ever wanted to see samples of PHP code and run them against Facebook servers, this is your best bet. Java client is available from Facebook as well, with the rest of the client code being unofficial, which doesn’t mean it’s not good, it’s just written and supported by someone else.
7. And finally, PHP scripting language. Not developed by Facebook, but actively used with some contributions to the codebase as well. In fact, a quick search around mailing list area lets you know what those contributions are. PHP is downloadable, with source, naturally, available to anyone who cares to peruse it.

Hopefully this will satiate any hunger for Facebook code, and when you feel yourself very comfortable with everything described above (or maybe none of that was news to you), feel free to drop me a line with a resume attached, if you so desire. The name is alex, what follow after @ should probably be obvious.

News site visits explored

CNET News.com in an article Daily news lost on Facebook generation refers to a study by Joan Shorenstein Center on the Press, Politics and Public Policy at Harvard University, which reports that the current college generation is losing interest in everyday news:

only a third of teens said they seek out news on the Internet. The other two-thirds of teens said that they read the news when they happen “to come across it.” In other words, if they’re on Facebook and haven’t tailored a real news feed, they’re likely not going to come across it there.

A similar article is in New York Times and The Guardian discussion. Is that so? To find out, I ran a Facebook poll without specific targeting asking the visitors whether they actively visit the news sites out there. As you can see, an exact 33.3% of the 1,000 respondents actually head out to a news site, while 28% are totally indifferent to the online news.

But who’s to blame? Turns out, it’s all women’s fault. 40% of males, but only 26% of females visit the news sites actively. Also, only 24% of males don’t read news at all, while 33% of females responding to the poll admitted no interest.

Not that it’s a bad news, unless you’re in news site business. Spend a few evenings with Fooled by Randomness by Nassim Nicholas Taleb, and you will see how instead of separating the signal from the noise, most of the media out there is in business of just creating more noise, and sensationalizing the non-existing news in case of a slow news day.

Price optimization popular in retail industry

Even if you spent a single day in an Economics class, you’re probably familiar with a concept of supply and demand, where the price for a product has an impact on the demand and subsequent sales of it.

Associated Press runs an article on retailers employing mathematical models for price optimization, where some products are priced higher to generate higher margins, and some are discounted to generate larger volumes even at the expense of per-product margins. DemandTec, Oracle and SAP are some of the companies producing those mathematical models for retailers around the country, with AP listing some of the pricing optimizations employed currently.

Most of the time, according to the article, the calculations are not made in vacuum, but in comparison with existing sales and current product selection. So three power drills selling for $90, $120 and $130, all generate certain among of profit for the retailer. The higher the price, the higher the profit, as markup is universal among all the models. High-end consumers go for the $130, while bargain hunters think there’s nothing wrong with $90 drill. Result? $120 drill doesn’t sell that well. Pricing optimization places the second drill at $110, where it’s suddenly affordable for those who used to buy $90 drills. After all, it’s only additional $20.

There’s an older article in CFO Magazine justifying the cost of price optimization systems for CFOs.

Amazon crashed itself

That Amazon promotion on XBox 360 for $100 did not go too well this morning. I logged in at roughly 10:45, checked My Account, just to make sure the cookie that’s saved into Amazon system is fresh and new, so I am not presented with the login screen somewhere in the process. At about 11:00 am the site was completely inaccessible with Firefox tab icons spinning away for minutes at a time.

Greg Linden provides some insight as a former Amazonian:

When I was at Amazon, every year we in engineering would try to avoid spikes in traffic, especially around peak holiday loads, and every year marketing folks would want to run some promotion specifically designed to create a mad frenzy on the site. Usually, we convinced them to change the promotion, but apparently engineering lost (or was asleep at the switch) this year.

People who didn’t get the console got kinda upset with the site performance.

In related news, did you know you could build MySQL clusters on Amazon’s E2 service, while utilizing S3 for storage? Due to sudden availability of free time I did some reading on MySQL Cluster this morning.

Spy cameras round-up

Newsweek runs a comparison of spy cameras under a deceptive title “Spyware”. Why would a journalist get interested in miniature voice and video recording devices? In some parts of the world, that’s the only way to do reporting. Jamais Cascio spoke at Yahoo! last Friday, talking about the trends in media and social participation, and one of his slides featured Project Witness, which will supply small cameras to citizens in countries that have poor human rights support, and even help smuggle the tapes or digital videos out of the country.

Beware of that 1099

If you read through daily mail carefully, you probably found out that you (could be named) a winner in the great sweepstakes, or the vacation of the lifetime can be yours, if you just call right away. According to Washington Post article, there’s a new scam circulating around:

Marketing pitches masquerading as the 1099 forms detailing non-payroll income have been arriving in taxpayer mailboxes, while e-mails that appear to be from the Internal Revenue Service are really identity theft scams designed to collect personal financial information.

Did you give Scottrade your SSN?

Because their eCheck vendor got 0wned, and apparently stuff like your name and address, home phone number and mother’s maiden name and Social Security number (if you used it for authentication) is now up for sale in some shady IRC room, where participation is by invitation only.

We are contacting you to inform you that Scottrade has experienced a data security issue with the eCheck Secure service. Our records indicate that you have used eCheck Secure for the purpose of electronically moving funds from your bank to Scottrade. We will detail what we know about the situation and also what steps you should consider taking to safeguard your information.

On October 25, 2005, Troy Group Inc., the provider of the eCheck Secure service and other services to the financial services industry, reported to us that a computer hacker had compromised its eCheck Secure servers. As a result, some of your personal information, including your name, driver’s license or state ID number, date of birth, phone number, bank name, bank code, bank number, bank routing number, bank account number and Scottrade account number may have been compromised. If you used your Social Security number as your driver’s license or state ID number, your Social Security number may have been compromised as well. We do not know whether the hacker has actually accessed and/or used any of your personal information. However, Troy has notified us that it has blocked further unauthorized access to the information. The eCheck Secure service cannot be used to withdraw funds from your Scottrade account. Troy has filed a report with the FBI and is investigating in conjunction with a forensic analysis firm that it has retained. Scottrade has also contacted the FBI on this matter, and has a dedicated team to work on this issue and assist our customers who may have been affected.

Better watch those checking/savings accounts closer now.

Official: coffee good for you long-term

Forbes magazine suggests coffee might be actually good for you:

It may be time to take coffee off the list of life’s guilty pleasures. New studies indicate that moderate coffee drinkers can not only enjoy their morning java jolt, but they may also get significant health benefits in the process.

Annual coffee sales in the US are estimated at $19.2 bln, worldwide - $70 bln.

David Berlind on AllofMP3.com legality

David Berlind from ZDNet got an official answer from IFPI regarding AllofMP3.com status:

We submitted a complaint to the most senior Moscow prosecutor in July (this is the third submission) and are awaiting that decision. Allofmp3.com was declared illegal by the court in Germany in May. The portal to the site in Italy, allofmp3.it was shut down by the Italian police in July. By the way, the Russian Organization for Multimedia & Digital Systems (ROMS) does not have the authority to licence the site and was thrown out of CISAC in October last year for purporting to grant licences it was not entitled to grant. We have consistently said that the site breaks international copyright laws by its sale and digital distribution of copyrighted music without the consent or authorisation of the rights holders.