PALO ALTO, Calif.--Facebook has unleashed a Tornado, and it's hoping that some eager engineers will go catch it.
Earlier this month, Facebook released the open-source Web server framework called Tornado, which powers the real-time streaming behind its latest toy, social feed aggregator FriendFeed. And on Wednesday evening at the office that most recently housed the FBFund incubator program, senior open programs manager David Recordon and director of products Bret Taylor held a "tech talk" to pitch Tornado to a crowd of several dozen interested members of the Web development community.
"We had actually been planning on open-sourcing (Tornado)" prior to Facebook's acquisition of FriendFeed, said Taylor, who had served as CEO of the start-up. "When we got to Facebook we thought it was a really good opportunity to do it."
The slant of Wednesday evening's talk (which was quite technical, so I won't be going into significant detail): if you're dealing with real-time, streaming content, Facebook thinks Tornado is for you. And if you've been listening to anything that Facebook has been saying recently, it believes the real-time Web is the future for everyone--not just its own company.
"FriendFeed's a real-time system," Taylor said as he described how the Python-based Tornado framework's non-blocking nature was ideal for real-time Web services. "Essentially, every active user of FriendFeed maintains an open connection to the FriendFeed servers."
Both Recordon and Taylor are recent arrivals at Facebook: Recordon joined Facebook last month as its resident open-source guru, and the company had acquired FriendFeed a few weeks earlier in a deal that brought on board both a top-notch engineering team (its founders, including Taylor, were Google veterans) and cutting-edge technology for amassing and indexing real-time Web conversations--so cutting-edge, in fact, that it was unclear as to how the mainstream would ever actually accept it.
At the time, there were questions about what, exactly, Facebook would actually do with FriendFeed. In the meantime it's become clear that acquiring the would-be Twitter rival allowed Facebook to leap ahead with some of its development of new, real-time-focused features as well as to enhance existing ones with FriendFeed's technology and brainpower.
Open-sourcing the technology doesn't have an obvious financial end for Facebook. But it will ideally mean that some of the developer community will be marching to Facebook's beat, at a time when the company continues to compete with the far smaller Twitter for a majority share of what's come to be known as the real-time Web.
As for its Python foundations, Taylor said that FriendFeed had been looking to build Tornado in a manner "sophisticated enough that we could do all the things we wanted but well known enough so that a new engineer could theoretically understand our code base right away...Python has a lot of its flaws, I wish it had real inline functions like Javascript, but for all of its flaws it's actually pretty nice to use in practice."
Taylor told me afterward that no concrete plans have been put into action as to which Facebook features may be getting a FriendFeed makeover (so as to speak) but hinted that one getting talked about for some enhancement from the former FriendFeed team is Facebook Chat, the site's instant messaging client, because of its obviously real-time nature.
Tornado isn't the first technology that Facebook, still criticized by some of the open-source community for its heavy reliance on proprietary technology and a login wall, has released as open-source code: well over a year ago, the company released the code for a significant portion of its developer platform.
The news started to emerge in various Twitter feeds and personal blog posts Monday: David Recordon, a Six Apart developer and prominent open-standards advocate, has left the blog software company to take a job at Facebook.
Recordon, who formally announced the job change on his LiveJournal, will take on the title of senior open programs manager. "This past year as I've worked closer with teams at Facebook, I've been impressed by their products, smart people, and innovation," he wrote in the post.
It wasn't so long ago that Facebook was seen as the ultimate in closed-off technology, with profiles hidden behind a log-in wall and features built with in-house technologies rather than open standards. At that time, a hire like Recordon would've seemed to many a ludicrous match. But Facebook's changing: it joined the OpenID Foundation earlier this year, made a big chunk of its developer platform open-source, and its Facebook Connect universal-log-in product has earned both developer and mass-market approval.
Recordon told me he doesn't want to say too much until after he's actually started at Facebook, which will be on Monday. But I spoke to a few of his soon-to-be Facebook colleagues, and they sound excited: the 5-year-old company has never had an already-prominent open-source advocate on staff, .
Facebook, which plans to raise its employee head count by 50 percent this year, made several very prominent hires earlier this month when it acquired start-up FriendFeed in a deal that seems to have been aimed largely at getting its ex-Googler founders on board at Facebook.
Correction 2:25 p.m. PDT: This story initially misstated David Recordon's new title at Facebook. It is senior open programs manager.
For the past few years, Facebook has been flirting with the possibility of supporting the OpenID log-in standard, which calls itself "an open, decentralized, free framework for user-centric digital identity" without actually building support for it.
Now, the massive social network--once famous for its ultra-walled-garden approach to data and user experience--announced Monday that it has become an OpenID "relying party," which basically means that it's started, at last, to deploy support for the standard. Facebook joined the OpenID Foundation in February, even though many considered its Facebook Connect log-in standard to be a proprietary competitor.
But, Monday's announcement indicated, Facebook believes the two can work in tandem.
"We've always let our users express their real world connections," a post on the Facebook blog read. "From the beginning, Facebook users could use their college and workplace identities to establish real world networks. Now, they can use open standards to establish their identities on Facebook."
Most notably, you can now register for a Facebook account with your Gmail account, or can link an existing Facebook account with Gmail or other OpenID-participating services if they support automatic log-in.
"We've always believed that making the user experience as secure, lightweight, and intuitive as possible, which 200 million people can comfortably enjoy and understand, is one of our top priorities," the blog post read. That could be a subtle nod to the fact that OpenID, founded in 2005, has historically been a bit difficult for the non-tech-savvy to comprehend.
Facebook's blog post also said that security concerns have been an issue. In working with the OpenID community, "we shared our experience developing Facebook Connect, where we eventually came up with a design that ensures that users would know that they were providing their login credentials to Facebook, and not some unscrupulous site."
The plus side? Facebook's tests have indicated that if new users can register with an existing Web service account, like Gmail, that they are more likely to stick around.
A post on the Facebook developer blog announces the big application program interface (API) update from the social network that was first reported on Sunday night, which it's calling the Open Stream API.
It's the first major implementation of an emerging (read: brand new) open standard called Activity Streams, on which Facebook has been collaborating with developers for the past few months. Basically, what it means is that third-party developers will have access to a feed of all content posted to news feeds--notes, photos, videos, links, "likes" and comments, and activity from other applications built on the social network's platform.
"We've officially moved away from the Web of just blog posts, which a lot of these formats were originally designed for," said open-source developer and advocate Chris Messina, who has been spearheading the development of Activity Streams for about a year now.
"Over time, what I think will happen is (that) you'll see something toward the type of cleverness and ingenuity that has surfaced around the Twitter community, but in a way that is even more expressive and rich," Messina said. "In the case of Twitter, you're just talking about status updates; in the case of Facebook you're talking about a lot of different activities."
Previously, only status updates--the most Twitter-like part of Facebook--were accessible to developers. That's why this announcement likely makes the biggest difference to the creators of social feed aggregation applications like TweetDeck and Seesmic Desktop.
But because Activity Streams is an open standard, other social-networking and media-sharing applications will be able to use it too. This means that there could be, say, an Adobe Air-based desktop application that brings in updates across photo-sharing applications like Facebook, Flickr, and Photobucket.
Facebook is also targeting different types of developers--specifically mobile and desktop--rather than strictly the Web app developers whose creations made Facebook's platform such a wild success when it debuted two years ago.
"One of the most important stories to tell here is this is the first time that we've ever opened the core Facebook product experience, which was previously called the 'feed' and which we're now calling the 'stream,'" Facebook senior platform manager Dave Morin explained to CNET News. "We're especially excited to see the types of desktop applications and the types of mobile applications which developer are going to build for the stream. We've sort of never really allowed this before, so we're pretty excited to see what developers come up with."
Facebook will be holding an event on Monday afternoon in Palo Alto, Calif., to introduce developers to the new API. Presenting at the event will be representatives from Adobe, which is building a Facebook application in its Air runtime environment, and Microsoft, which is doing the same in Silverlight; contact management system Plaxo and third-party app Seesmic Desktop (which already has unveiled its support for the Open Stream) are also presenting.
The "stream" took front-and-center with Facebook's controversial redesign earlier this year. Inspired by the likes of Twitter, the revamped design marked a shift in strategy for Facebook from static profiles to a real-time flow of information. At the same time, it proved unpopular among some users.
But Facebook isn't the only big social-networking player to be implementing Activity Streams. The emerging standard was behind the upgrades to MySpace's MySpaceID product that the News Corp.-owned service launched in March at the South by Southwest Interactive Festival.
"It was sort of one of the earlier opportunities we had to take a nascent spec and see it all the way through to launch," MySpaceID product lead Max Engel told CNET News, adding that his team first started working on Activity Streams last September. It's what powers a new MySpace "gadget" for Google as well as its feeds' presence on the upcoming Yahoo homepage redesign.
"It's getting where we need it to be, which is like e-mail: where you can write a POP client and know (that) it works," Engel said. "It's not even a full standard yet, so it's sort of exciting to see so many people get behind something so quickly, and it's definitely indicative of the general momentum of people who are saying we'd rather work open than work closed."
This post was expanded at 11:23 a.m. PT.
A security hole in OAuth, the open-source protocol that acts as a "valet key" for users' log-in information, has led services like Twitter and Yahoo to temporarily pull their support, CNET News has learned.
Some developers were dismayed when Twitter pulled its support for OAuth, which it had only recently started to implement: blogger Jesse Stay wrote in a post about other restrictions to Twitter's developer API that its removal of OAuth is one of a number of recent examples of how the microblogging service has "pulled the rug out from under its developers."
In the interest of online safety, CNET News has chosen not to make the details of the security hole public. Here are the basics: The hole makes it possible for a hacker to use social-engineering tactics to trick users into exposing their data. The OAuth protocol itself requires tweaking to remove the vulnerability, and a source close to OAuth's development team said that there have been no known violations, that it has been aware of it for a few days now, and has been coordinating responses with vendors. A solution should be announced soon.
This is a particularly big deal for Twitter, as OAuth prevents users of a service from having to hand over their passwords to third-party services that use that service's application program interface (API), and Twitter relies heavily on developer-created enhancements to the service from clients like Twhirl and TweetDeck to statistics and analytics applications.
"OAuth is still in beta, for what it's worth," Twitter API lead Alex Payne said in (of course) a Twitter message on Wednesday. "We should have the current issue with it resolved soon."
Eran Hammer-Lahav, the OAuth community coordinator for this specific threat, spoke to CNET News later on Wednesday afternoon. "We have been aware of this threat for about a week now, and we have been coordinating with all known providers to help them understand the threat and deploy whatever mitigating factors they can," Hammer-Lahav said, adding that full details will be made available on the OAuth Web site at midnight Pacific time on Thursday. "There are no known exploits of this, so there are no reported attacks and the providers have either already deployed matters to address this or are doing it right now."
He highlighted Twitter's role in helping to keep things on the down-low at its own expense; when the service disabled OAuth, it did not mention that there was a security hole at its root.
"The community is extremely grateful to Twitter, despite the fact that they have been standing alone in the line of fire and taking the heat for this threat as if it was their own issue," Hammer-Lahav explained. "They basically took the PR hit in order to allow other companies to address it. They were doing it not to protect themselves, but to protect other companies."
Twitter co-founder Biz Stone responded to the threat on the company blog: "We take security seriously and felt the responsible thing to do was temporarily disable OAuth while this matter was sorted out. Yahoo and others made similar decisions," Stone wrote. "The developers working on Twitter projects that are in our beta test group felt this disruption the hardest and their patience is extremely appreciated."
This post was last expanded at 1:36 p.m. PT.
Facebook has joined the board of the OpenID Foundation and will host an OpenID Design Summit later this month, according to a post on the social network's developer blog.
This is a bit of a surprise because Facebook has developed its own universal log-in standard, Facebook Connect, which theoretically competes with the nonprofit OpenID standard. It should be noted that Facebook has not yet announced any official plans to make the two compatible, and that just joining the board and hosting an event might not quell the criticism from open-source advocates who say Facebook is still too proprietary in its nature.
Engineer Luke Shepard will be Facebook's representative on the OpenID Foundation board, a corresponding post on the OpenID blog explained, adding that Shepard has been "a huge internal advocate for OpenID" at Facebook. The board also consists of members from Google, IBM, Microsoft, PayPal, VeriSign, and Yahoo as well as seven elected "community" members. Many of the corporate board members joined about a year ago; OpenID creator Brad Fitzpatrick is now employed by Google and has helped to build its OpenSocial developer platform standard.
"Given the popularity and positive user experience of Facebook Connect, we look forward to Facebook working within the community to improve OpenID's usability and reach," the post by David Recordon and Chris Messina read.
Facebook's blog post, written by engineering VP Mike Schroepfer, expressed similar goals. "It is our hope that we can take the success of Facebook Connect and work together with the community to build easy-to-use, safe, open and secure distributed identity frameworks for use across the Web," Schroepfer wrote.
Facebook made a significant portion of its developer platform code open-source last summer.
Anyone who's ever edited or created a Wikipedia entry can attest to the fact that it's not that self-explanatory. They're in luck--the nonprofit anyone-can-edit encyclopedia has received $890,000 from the Stanton Foundation in order to make it easier to use.
More specifically, the grant was given to the Wikimedia Foundation, the organization that encompasses Wikipedia. It'll fund the hire of three new software developers in the foundation's San Francisco office. Then, per a press release, the team will "commission research to identify the most common barriers to entry for first-time writers, and then work to systematically reduce or eliminate them...hiding complex elements of the user interface from people who don't need them."
Wikipedia will make all new code open-source.
"Wikipedia attracts writers who have a moderate-to-high level of technical understanding, but it excludes lots of smart, knowledgeable people who are less tech-centric," Wikimedia Foundation executive director Sue Gardner said in the release. "One of our key priorities is to attract those people and persuade them to help write and edit the encyclopedia. I am thrilled that the Stanton Foundation recognizes the importance of that work, and will be helping us with it."
Also a plus for a more user-friendly Wikipedia: Ideally, its millions of articles will have a broader depth of coverage. My colleague Declan McCullagh did an assessment last year of the skew toward geeky pop-culture content: the article for the mythological figure Vulcan, for example, is about one tenth as long as the article for the Vulcans of Star Trek fame.
The Stanton Foundation was founded by broadcast executive Frank Stanton, who served as president of CBS (which publishes CNET News) from 1946 to 1971.
Facebook is known for keeping its cards pretty close to its chest, so to speak. But in recent months, the company has been drumming up its commitment to open source--and on Friday, Facebook announced that a piece of internally created software, called "Scribe," would be released back to the open source community.
So what is Scribe? Well, per a post on Facebook's blog, it's been instrumental in helping Facebook handle the enormous amounts of data that come through its servers. As the page for Scribe says, "If you use the site, you've used Scribe." More specifically, it's a "server for aggregating log data streamed in real time from a large number of servers...designed to be scalable, extensible without client-side modification, and robust to failure of the network or any specific machine," which means that the average Facebook user won't have much use for the newly open-sourced product.
The release of Scribe is also, in a sense, a message to some of the critics who've been skeptical of Facebook's ability to keep its infrastructure humming along at a reasonable cost now that it has more than 100 million active users sending messages and uploading photos around the clock. By releasing Scribe as open source, Facebook is effectively saying, "Not only can we come up with something to run our site efficiently, we'll let you see it, too."
Developers who have created applications for Facebook's platform can now bring them over to social network Friendster. This means that Friendster supports both Facebook's code and OpenSocial, the standard created by Google for social-network widgets.
"Friendster's support of both the Facebook and OpenSocial platforms is a big win for business and individual developers, as well as for Friendster users," David Jones, vice president of global marketing for Friendster, said in a release. "For the developers that have invested resources in developing and launching a Facebook app, Friendster has now made it very easy for them to 'port' these applications to Friendster...For Web 2.0 companies that have developed apps using Facebook and OpenSocial APIs, they now have the flexibility to choose between approaches when launching applications on Friendster."
Another social network, Bebo, now owned by AOL, announced that it would implement support for Facebook's platform late last year. Friendster marketing director Jeff Roberto told CNET News that Friendster entered into a licensing agreement with Facebook, which has since made most of its developer platform open source.
Could another social network do the same? Probably. "With an open platform, it's quite possible that others will embrace it," Roberto said.
Long before Facebook was a household word, Friendster was the first big social-networking site to take off in the U.S. But in 2004, plagued by technical problems, Friendster lost significant ground to MySpace (now owned by News Corp.) and later Facebook.
Since then, it's had quite a reincarnation. Friendster estimates that 78 percent of its 80 million users, like the Philippines, Hong Kong, Singapore, and Malaysia, do not use Facebook. If so, it would be to a developer's advantage to make an app available on both platforms.
In August, Friendster raised $20 million in venture funding and hired former Google employee Richard Kimber as CEO. Last December, it debuted its developer platform, and in September released OpenSocial support.
After social news site Reddit went open-source in June, this was a logical next step: letting members take the code and import it to their own sites, creating social-news hubs of their own. That's the company's latest announcement, per a blog post on Tuesday.
"Today is the day Reddit fully becomes a platform for building link sharing sites," a post on the company blog explained. Technically, developers could already do this. But now the site is making it easier for them to do so, and letting them customize the design of the voting system to fit their own sites; more importantly, they can import them off the Reddit domain.
Reddit Bacon.
The site's humor-inclined team referred to the site update as "somewhere between when a caterpillar becomes a butterfly and when six hydrogen nuclei combine to form helium and (eventually) life as we know it." More likely, it'll make the news-voting system proliferate on sites that wouldn't otherwise have it; Reddit's team brought up the example of an entire Reddit voting system devoted to people who love bacon, for example.
Though Reddit, which was acquired by Conde Nast's Wired Digital division in 2006, is much smaller than rival Digg and the fast-growing Yahoo Buzz, this could make some waves. Plenty of sites have tried to build third-party social news systems in-house, and Reddit's open-source alternative could make it easier to integrate this sort of thing.
Plus, the company is hosting a contest to see who can create the best "custom Reddit" from scratch (i.e., fewer than 250 subscribers) in a month. The winner gets a MacBook Air laptop, a $1,500 Apple gift card, and a bucketload of free Reddit gear. Go, bacon guys, go!
