Simon Willison’s Weblog

89 items tagged “facebook”

2021

I saw millions compromise their Facebook accounts to fuel fake engagement. Sophie Zhang, ex-Facebook, describes how millions of Facebook users have signed up for “autolikers”—programs that promise likes and engagement for their posts, in exchange for access to their accounts which are then combined into the larger bot farm and used to provide likes to other posts. “Self-compromise was a widespread problem, and possibly the largest single source of existing inauthentic activity on Facebook during my time there. While actual fake accounts can be banned, Facebook is unwilling to disable the accounts of real users who share their accounts with a bot farm.” # 9th June 2021, 3:40 pm

2020

The open secret Jennings filled me in on is that OpenStreetMap (OSM) is now at the center of an unholy alliance of the world’s largest and wealthiest technology companies. The most valuable companies in the world are treating OSM as critical infrastructure for some of the most-used software ever written. The four companies in the inner circle— Facebook, Apple, Amazon, and Microsoft— have a combined market capitalization of over six trillion dollars.

Joe Morrison # 20th November 2020, 9:11 pm

CG-SQL (via) This is the toolkit the Facebook Messenger team wrote to bring stored procedures to SQLite. It implements a custom version of the T-SQL language which it uses to generate C code that can then be compiled into a SQLite module. # 22nd October 2020, 6:25 pm

Project LightSpeed: Rewriting the Messenger codebase for a faster, smaller, and simpler messaging app (via) Facebook rewrote their iOS messaging app earlier this year, dropping it from 1.7m lines of code to 360,000 and reducing the binary size to a quarter of what it was. A key part of the new app’s architecture is much heavier reliance on SQLite to coordinate data between views, and to dynamically configure how different views are displayed. They even built their own custom system to add stored procedures to SQLite so they could execute portable business logic inside the database. # 22nd October 2020, 6:22 pm

A manager on Strategic Response mused to myself that most of the world outside the West was effectively the Wild West with myself as the part-time dictator – he meant the statement as a compliment, but it illustrated the immense pressures upon me.

Sophie Zhang # 15th September 2020, 9:21 pm

“I Have Blood on My Hands”: A Whistleblower Says Facebook Ignored Global Political Manipulation (via) Sophie Zhang worked as the data scientist for the Facebook Site Integrity fake engagement team. She gave up her severance package in order to speak out internally about what she saw there, and someone leaked her memo to BuzzFeed News. It’s a hell of a story: she saw bots and coordinated manual accounts used to influence politics in countries all around the world, and found herself constantly making moderation decisions that had lasting political impact. “With no oversight whatsoever, I was left in a situation where I was trusted with immense influence in my spare time". This sounds like a nightmare—imagine taking on responsibility for protecting democracy in so many different places. # 15th September 2020, 9:11 pm

Pysa: An open source static analysis tool to detect and prevent security issues in Python code (via) Interesting new static analysis tool for auditing Python for security vulnerabilities—things like SQL injection and os.execute() calls. Built by Facebook and tested extensively on Instagram, a multi-million line Django application. # 7th August 2020, 8:50 pm

Announcing Daylight Map Distribution. Mike Migurski announces a new distribution of OpenStreetMap: a 42GB dump of the version of the data used by Facebook, carefully moderated to minimize the chance of incorrect or maliciously offensive edits. Lots of constructive conversation in the comments about the best way for Facebook to make their moderation decisions more available to the OSM community. # 12th March 2020, 11:44 am

2019

What is a Self-XSS scam? Facebook link to this page from a console.log message that they display the browser devtools console, specifically warning that “If someone told you to copy-paste something here to enable a Facebook feature or hack someone’s account, it is a scam and will give them access to your Facebook account.” # 8th April 2019, 6:01 pm

In January, Facebook distributes a policy update stating that moderators should take into account recent romantic upheaval when evaluating posts that express hatred toward a gender. “I hate all men” has always violated the policy. But “I just broke up with my boyfriend, and I hate all men” no longer does.

Casey Newton # 25th February 2019, 2:09 pm

2018

XARs: An efficient system for self-contained executables (via) Really interesting new open source project from Facebook: a XAR is a new way of packaging up a Python executable complete with its dependencies and resources such that it can be distributed and executed elsewhere as a single file. It’s kind of like a Docker container without Docker—it uses the SquashFS compressed read-only filesystem. I can’t wait to try this out with Datasette. # 13th July 2018, 7 pm

Migrating Messenger storage to optimize performance (via) Fascinating case-study of a truly gargantuan migration. Messenger has over a billion users, and Facebook successfully migrated its backend storage from HBase to their MyRocks database (a fork of MySQL with a storage engine built on their SSD-optimized RocksDB key/value library) without any user-visible downtime. They ended up using two migration paths: one for the 99.9% of regular accounts, and a separate path for extremely high volume accounts (businesses with very active chat bots or support systems). # 27th June 2018, 3:05 pm

Pyre: Fast Type Checking for Python (via) Facebook’s alternative to mypy. “Pyre is designed to be highly parallel, optimizing for near-instant responses so that you get immediate feedback, even in a large codebase”. Like their Hack type checker for PHP, Pyre is implemented in OCaml. # 11th May 2018, 5:47 pm

Upgrades to Facebook’s link security (via) Facebook have started scanning links shared on the site for HSTS headers, which are used to indicate that an HTTP page is also available over HTTPS and are intended to be cached by browsers such that future HTTP access is automatically retrieved over HTTPS instead. Facebook will now obey those headers itself and link directly to the HTTPS version. What a great idea: all sites with sophisticated link sharing (where links are fetched to retrieve extracts and images for example) should do this as well. # 5th March 2018, 3:32 pm

The whole story is basically that Facebook gets so much traffic that they started convincing publishers to post things on Facebook. For a long time, that was fine. People posted things on Facebook, then you would click those links and go to their websites. But then, gradually, Facebook started exerting more and more control of what was being seen, to the point that they, not our website, essentially became the main publishers of everyone’s content. Today, there’s no reason to go to a comedy website that has a video if that video is just right on Facebook. And that would be fine if Facebook compensated those companies for the ad revenue that was generated from those videos, but because Facebook does not pay publishers, there quickly became no money in making high-quality content for the internet.

Matt Klinman # 7th February 2018, 3:51 pm

2017

Whatever weird thing you imagine might happen, something weirder probably did happen. Reporters tried to keep up, but it was too strange. As Max Read put it in New York Magazine, Facebook is “like a four-dimensional object, we catch slices of it when it passes through the three-dimensional world we recognize.” No one can quite wrap their heads around what this thing has become, or all the things this thing has become.

Alexis C. Madrigal # 13th October 2017, 1:09 pm

How do I receive automatic updates from a Facebook group by email?

Facebook’s API does provide a feed of recent posts to a group: https://developers.facebook.com/docs/graph-api/reference/v2.8/group/feed

[... 85 words]

2014

What is the best way one can expand his or her professional network?

Go to events—local meetups, conferences, tradeshows... there’s no better way of expanding your professional network than to attend events and build in-person relationships with people.

[... 46 words]

Calendars: When posting a facebook event page for an event that is repeated on two dates, should you use one page or two? (The events are games that are identical and should not have overlapping players)

I would use separate pages. The most valuable part of a Facebook event page is being able to see who is going to that event (and hence which of your friends will be there). If there are two events on two separate days you want to be able to maintain two separate lists of attendees.

[... 97 words]

2013

Does Facebook fly you to London when you apply for this office or are the interviews done remotely?

If they are anything like Google (which I expect they are) they will do the initial interviews remotely and then fly promising candidates to the London office (or even to California) for in-person interviews.

[... 58 words]

Why doesn’t xkcd site have social media share options?

My guess: he probably thinks they are a bit tacky.

[... 45 words]

Is there any way to generate thumbnails of web links like Facebook generates when we paste a link in status or comment?

There are a bunch of services that can do this. I’ve successfully used http://url2png.com/ for this in the past.

[... 48 words]

2012

Did Mark Zuckerberg have any knowledge on building scalable social networks prior to starting work on Facebook?

I’m going to bet he didn’t have this knowledge, simply because back when he launched Facebook in 2004 almost NO ONE had this knowledge—there simply weren’t enough “web scale” products around for the patterns needed to run them to be widely discussed.

[... 143 words]

Why does Facebook Comments Box only support two levels of hierarchy?

I’ve heard in the past that regular (i.e. non-geek) users often have enormous trouble understanding hierarchical comments—they don’t understand tree based file systems either.

[... 65 words]

If you missed out on joining to work at Google and Facebook, what should you do?

Remind yourself that there will always be more opportunities, and obsessing over what might have been is a huge waste of your time.

[... 45 words]

Does Facebook’s iPhone app use a proprietary web rendering engine instead of UIWebView?

I did my first bit of iPhone development recently (building the first version of the Lanyrd iPhone app) and there was one thing that came as a huge surprise: the principle reason that people think native apps are “snappier” or “more responsive” than native ones has nothing to do with the rendering performance of a webview vs a native view (especially on the iPhone 4S which is extremely fast).

[... 274 words]

2011

Why Facebook open-sourced its datacenters. Jon Stokes speculates that Facebook plan to use open source hardware to compete with Google at datacenter efficiency . This isn’t a new pattern. Years ago when I worked at Yahoo! I was furiously jealous of the secret sauce technologies that allowed Google to build big applications faster than anyone else, such as BigTable and map/reduce. Today, the open source world has created better, free alternatives—sponsored in part by Facebook, Yahoo! and other Google competitors. # 9th April 2011, 7:54 am

The Inside Story of How Facebook Responded to Tunisian Hacks (via) “By January 5, it was clear that an entire country’s worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades.”—which is why you shouldn’t serve your login form over HTTP even though it POSTs over HTTPS. # 24th January 2011, 6:06 pm

What are some good social media events that will take place in 2011 in Middle East and North Africa region?

User StartupDigestME on Lanyrd follows entrepreneurship events in the region which may also cover social media topics: http://lanyrd.com/people/startup...

[... 45 words]

2010

Are there any well-known websites that use Facebook connect or Twitter OAuth as the only sign-in solution without its own sign-in password?

Our site http://lanyrd.com/ only accepts Twitter OAuth logins (at least for the moment).

[... 42 words]