digg

Facebook Connect Join Digg About

Facebook PHP Leaker Revealed: SlashGear Author

mashable.com "We got an email a few minutes ago from the guy claiming to be the Facebook PHP code “leaker”: Trae McNeely of the SlashGear blog. Based on the link to the forum thread he provided, we were able to confirm with about 90% accuracy the story below."

Who dugg this? Made popular Aug 14, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

59 Comments

show profanity settings
expand all
  • cmiz, on 10/10/2007, -1/+51I've got the real code leaker's name right here... httpd.conf
  • Brianguy2000, on 10/10/2007, -0/+24I can use that code to open my own site called ***** Book! A community of drunks that wanna get laid.
  • Scyth3, on 10/10/2007, -0/+21Best comment in the leaked code:
    "// Holy *****, is this the cleanest ***** frontend file you've ever seen?!"
  • riklomas, on 10/10/2007, -0/+17Myspace?
  • PatrickA, on 10/10/2007, -3/+20He's getting SlashSued.
  • electrichead, on 10/10/2007, -0/+16It sounds like they are not suing him for "taking it", they are threatening to sue if he doesn't remove the source code from his site (tonycai.com).
  • capiCrimm, on 10/10/2007, -0/+12because if I by accident get an early copy of Harry Potter and the Deathly Hallows sent to me in the mail, it does not allow me to copy and redistribute the book to everyone I meet.

    His own copy is legal, or at least grey area, but once he starts showing other people he's infringed the copyright.
  • cygnus2112, on 10/10/2007, -1/+9The guy is an attention whore. He also "leaked" the video of Nicholas Berg's beheading? Wow, what a nice guy.
  • rolosworld, on 10/10/2007, -0/+7I wouldn't call him a leaker, since it was an server misconfiguration.. the php was not been parsed, so the server was sending the actual php code. I was one of those who received the code, and I couldn't care less.
  • gdgi, on 10/10/2007, -0/+7Buried because the whole situation is ***** retarded. The LEAKING was done by Facebook's servers - and is 100% their own fault.

    The code in question is interesting from a curiosity standpoint, but is absolutely useless for anything practical.
  • cactus476, on 10/10/2007, -1/+890%, Are you sure? I was personally leaning toward 87% accuracy.
  • Scyth3, on 10/10/2007, -0/+6Link to the code itself: http://facebooksecrets.blogspot.com/
  • gcnaddict, on 10/10/2007, -3/+9I see what you did there.
  • davewashere, on 10/10/2007, -1/+6I'd like to see the math for that 90% accuracy figure. My numbers are showing something quite different. 31.3(repeating, of course)% to be precise.
  • NerdyNinja, on 10/10/2007, -0/+5@wicketr - PHP isn't terrible for large applications, really - just look at Facebook (considering how many hits it gets, and how complicated the site has become, I'd say it's doing just fine). Considering the design of PHP is modular and it's compiled before execution (and not parsed) I don't see what your problem with it is. I consider it to have more flexibility and functionality than ASP.NET and isn't slow like Java.
  • sputnike, on 10/10/2007, -0/+5Ahhh so that's who the fake steve jobs is.... Oh wait, wrong story.
  • BigCalhoun, on 10/10/2007, -0/+4I thought Myspace is where pedophiles go to try to get laid.
  • inactive, on 10/10/2007, -1/+5They'll love him in PMITA prison.
  • gcnaddict, on 10/10/2007, -1/+5not funny/
  • scottmeves, on 10/10/2007, -0/+4He also wasn't the only one who leaked it... There were lots of people visiting facebook that were accidentally presented with source code. I don't think that this was the "only" guy. search digg for earlier articles about it (http://digg.com/programming/Facebook_server_outputting_raw_source_code)
  • Anteros, on 10/10/2007, -0/+3The code really shows nothing much at all, I don't see what the big deal is.
  • rolosworld, on 10/10/2007, -2/+5btw.. I see no copyrights on the source code, and since it was served to him. I see no illegal action.
  • loconet, on 10/10/2007, -0/+3meh, so much drama for a silly php configuration error. There isn't anything revolutionary in the source code (from the *VERY* little code posted, it actually looks pretty bland, dare I say surprisingly amateurish to me). I think they are more afraid at someone finding a bug in it than people copying anything substantial from it.
  • KibibyteBrain, on 10/10/2007, -1/+4Uh, no. That is not how copyright works. If I give you a copy of my book, that does not relinquish the copyright of my text, with or without a notice of copyright. It is harder to fight a copyright case in court without a formal notice, but you still technically have full rights. This guy could get in trouble, but the evidence against him may not be strong enough to allow it to go to court...time will tell.
  • ridv34, on 10/10/2007, -0/+3Nice, now I'm going to make my own facebook, with blackjack, and hookers! In fact, forget the facebook! Ah screw the whole thing...
  • TubbyCat, on 10/10/2007, -0/+2Everybody knows it was the aliens.
  • UlicBelouve, on 10/10/2007, -1/+3What I want to know is if this leak can collaborate the theories of Facebook's ties to the CIA. This was a post from another Digg discussion:

    I was on facebook one time and I clicked on one of my friends link and it for some reason it came up with a bunch of the php source code. One thing that kind of caught my attention was this part of it(I took a screenshot because I can't post code here.): http://www.danieljanderson.com/images/source.jpg

    That's only a part of the code.... Look at this: http://web.archive.org/web/20060110032336/http://www.danieljanderson.com/images/source.jpg

    This could be why they want to pull it. But I'm wary on believing it unless there is collaboration.
  • neoform, on 10/10/2007, -3/+5I'm still waiting for the full source code damnit..
  • neoform, on 10/10/2007, -0/+2There's already been a second page posted.. clearly more than 1 page was taken.

    And matching SQL databases would be very easy if you had the full code. Why would I want to see it? To know how a massive website is designed in order to better code my own sites.. what else?
  • inactive, on 10/10/2007, -3/+5The only thing worse than PHP is poorly implemented PHP.
  • burty89, on 10/10/2007, -1/+3Why do Americans see everything as being about America?
  • eclipxe, on 10/10/2007, -0/+1No. The source doesn't show anything about monitoring. You can set the tinfoil hat down now.
  • ozziek, on 10/10/2007, -0/+1Is this an easy mistake to make in PHP coding?
  • tyfighter, on 10/10/2007, -0/+1I wish I could divine accuracy from occurrences that don't involve statistics in any way.
  • wicketr, on 10/10/2007, -0/+1Fairly useless code without any of the libraries. woopie!
  • LordofShadows, on 10/10/2007, -0/+1I thought it was funny, am I now a racist?
  • Chicken001, on 10/10/2007, -3/+4This entire event is utterly retarded. Their server had a hiccup and (well every server does this), he downloaded the file. Just as I thought, just as I got buried in the last one for saying it. No one will ever get the full source code. The only wrong thing I see about Facebook is that they do not dare to put up a message saying, "Facebook is under maintenance." like what Digg.Com does and what I do when I edit my site. Face the facts, the only way you can get the source code if you wait for every hiccup of Facebook and download every page then create a SQL data-base to match theirs exactly how they set it up. It's more painful to get working than to write your own. Honestly, what good is it if you do have the holy-grail of how they written their site? It's based on their servers so you can't do anything, you can't expose any secrets.
  • carguy84, on 10/10/2007, -2/+3I've never seen real PHP code on a high traffic site before, but this code looks awful. It's amazing servers can even handle requests. Look at all the files that get included with each request! Does PHP work like .NET where it actually saves the precompiled page as one file in memory, or is it like classic ASP where the server actually has to call each of those includes and then spit out the output?

    god damn
  • in2deep, on 10/10/2007, -0/+1This should be interesting!
  • NerdyNinja, on 10/10/2007, -0/+1PHP can be partially precompiled by the Zend Optimizer, as I understand it. And personally, I prefer PHP for development and/or rapid prototyping to ASP.NET.
  • themunch8, on 10/10/2007, -0/+0I definitely got some source code that day while using facebook. I wonder if anybody else did and saved it besides those two pages?
  • inactive, on 10/10/2007, -7/+7That dude has a huge mouth
  • doshindude, on 10/10/2007, -1/+1inb4lolmyspace
  • tuxidomasx, on 10/10/2007, -2/+1shoulda posted it to a Swiss server

    then he could laugh at them and make fun of their C&D letter on the site
  • decades, on 10/10/2007, -2/+1As for the code; it's pretty well done, though...
  • plizard, on 10/10/2007, -3/+2SALUTATIONS!
  • neoform, on 10/10/2007, -3/+2damn racists stealing america's honor.
  • crushfan, on 10/10/2007, -2/+1Very grey area (like #444) -- since you have a small chance to prove you have that copy for educational purpose. [Depends on the possibility to impress the judge by whinning like "I was trying to learn PHP.. :("]
  • XtremeBain, on 10/10/2007, -1/+0Sweden maybe?
  • inactive, on 10/10/2007, -2/+1You also assume that Facebook is a well-coded, well structured website. Looks can be deceiving.
  • Fetching more discussions...
    Show 51 - 59 of 59 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.