Show Me the Code
▻http://revealingerrors.com/show_me_the_code
In talks, I’ve mentioned a configuration error on #Facebook that resulted in the accidental publication of the Facebook source #code. Apparently, people looking at the code found little pieces like these (comments, written by Facebook’s authors, are bolded):
$monitor = array( ’42107457’ => 1, ’9359890’ => 1);
// Put baddies (hotties?) in here
/ Monitoring these people’s profile viewage.
Stored in central db on profile_views.
Helpful for law enforcement to monitor stalkers and stalkees. /
The first block describes a list of “baddies” and “hotties” represented by user ID numbers that Facebook’s authors have singled out for monitoring. The second stanza should be self-explanatory.
Facebook has since taken steps[1] to avoid future errors like this. As a result, we’re much less likely to get further views into their code. Of course, we have every reason to believe that this code, or other code like it, still runs on Facebook. Of course, as long as Facebook’s black box works better than it has in the past, we may never again know exactly what’s going on.
Like Facebook’s authors, many technologists don’t want us knowing what our technology is doing. Sometimes, like Facebook, for good reason: the technology we use is doing things that we would be shocked and unhappy to hear about it. Errors like these provide a view into some of what we might be missing and reasons to be discomforted by the fact that technologists work so hard to keep us in the dark.
[1] ▻http://mirror.facebook.com/facebook/patches/ap_source_defense.patch