This post originated from an RSS feed registered with PHP Buzz by Joe Grossberg. Original Post: Facebook Code Exposed ... So What? Feed Title: Joe Grossberg Feed URL: http://feeds.feedburner.com/joegrossbergatom/ Feed Description: My bullshit, your brain. Latest PHP Buzz Posts Latest PHP Buzz Posts by Joe Grossberg Latest Posts From Joe Grossberg

Due to a server misconfiguration, some of Facebook's PHP code was exposed to visitors.

My reaction: so what?

• Security through obscurity does not work as well as people often assume. It can even be counterproductive because of the false sense of, er, security it gives.
• The best Facebook code is not released yet (see Parakey)
• The Facebook functionality is trivial to reverse-engineer. Heck, the HTML, JS and CSS have always been "leaked" in plain text to every user.
• Facebook's competitive advantage is not their code. It is their employees, their buzz, their user base and their ideas.

A little embarrassing? Yes. Time for a security audit? Fuck yeah (and the blogosphere will provide a thorough one). Time for a new server admin? Maybe.

Heck, the PHP code they did reveal isn't exactly stellar stuff (though I give them props for readability).

If there's one thing this event reveals, it's that the best code does not win; the best idea does. I know a whole bunch of guys who could have written that app. But they didn't.

Wake me up when someone exposes Facebook's database. Or Mark Zuckerberg's laptop. Now that would be newsworthy.