Tag Archives: facebook

Why is Facebook so fast?

It has been a time since my last post.

Truthfully, even now, I have been too busy to make a come-back. But I think a little writing will help this blog doesn’t seems as an abandoned castle.

Well, for sometime, I come across this question on StackOverflow:

Why Facebook performance is so good?

500 millions user, split for america, europe, asia. It means there’s more than a millionpeople viewing pictures, chatting with friends or update status at a time. How can they make it?

The main language of Facebook is PHP & MySQL, which doesn’t have reputation to scale well. AFAIK, people tends to use compiled language(like Java, .NET) for big enterprise application. Those languages enforces good practice like refactoring habit, good architecture,… while PHP does not. Moreover, scripting language can not run faster than compiled one, right?

There’s no single reason, but a whole lot of reasons:

  1. Heavy usage of caching (APC and memcached), which drastically cuts processing time. Slide 12 compares load time with APC (~130 ms) versus without it – 4050 ms. That’s 30x faster!
  2. Usage of HipHop, which converts PHP into C++ code (which is then compiled into much more efficient machine code than actual PHP).
  3. Facebook uses PHP and MySQL, but that’s not the only thing they use. For example, they useErlang for their chat, Hadoop clusters for some of their storage. If you go visit their careers page, you’ll see they are hiring developers with experience in C++, Java, Python, and others.
  4. Facebook has data distributed across many, many servers. In June 2010, FB had 60,000 servers. (think that’s too much? Google had half a million… 5 years ago)
  5. Facebook sends as little traffic as possible: they use static CDNs to deliver static content. Gzip to compress data. Cookies, Javascript, HTML – everything is cut back to reduce the number of bytes sent over the network. They use a technology they call “BigPipe”, which sends partial content rather than the whole page.

to mention a few…

Gotchas of Authentication Flow for application on Facebook – OAuth 2.0 (2)

Facebook logo


Vietnamese: bài viết này trình bày tiếp một số điểm có thể gây nhầm lẫn trong quá trình chứng thực Facebook OAuth 2.0.


Following the first article, this one continue presenting about the cases that can make developers confused.

3. Big Facebook logo prevent redirection:

According to Facebook documents, the server must redirect users to “authorization page”  to grant permissions.


But every redirect command sent from server leads to a blank page with a big blue Facebook logo instead!
If the same URL is put directly in a browser, then it goes to the correct page.

In short, Facebook has stopped the redirection from a third-party server. The user needs to redirect themselves, or we can help them by redirecting with javascript.

4. Tricky privacy settings:

One thing developers should know is that Facebook give full privacy control to the users. A user can change permissions any time they want. It means after a user approve your application, they still can:

  • Change their email, personal information
  • Choose to not provide you their real email, but a proxy email of Facebook
  • Remove some permission of your application (for example, publish feeds on wall)

Ofcourses, Facebook provides callback functions when those permissions change. However I don’t think it’s worth the efforts to handle all of these events, at least for a quick prototype application.

5. De-authorization callback

The authorization callback is the URL that Facebook will call if a user remove your application. At that time, the application should remove all user data that they save: access token, personal information…

At first glance, this seems to be a moral requirement. But in practice, obsolete data should not be kept anyway. Believe me, Facebook data flow is fragile, and you are asking for business logic troubles if not following the rule.

Gotchas of Authentication Flow for application on Facebook – OAuth 2.0 (1)


Vietnamese: bài viết này trình bày một số điểm có thể gây nhầm lẫn trong quá trình chứng thực Facebook OAuth 2.0


The Facebook Authentication Flow is rather complicated than it seems, and not very well documented. Here are some tips that maybe helpful if you are trying to make things work:

1. Notice parameters returned from Facebook:

  • code: When Facebook returns “code” parameter in Http request to your redirect URI, it means you need to use that code to request for access token.
  • signed_request: Signed request has several children parameters. An usual presumption is that this signed request always has Facebook ID of the current user. In fact it does if your application has already been authorized by that user. If not, you need to redirect the user to the giving-permission page.
  • request_ids: is used if your application has the “invite friends” functions. This is a comma-separated string (for example: “158187550924606,158187550924608,158187550924614″). Each number in that string is ID of an invitation sent (maybe by > 1 user). So we can say that a new user can accept the invitation of more than 1 Facebook user. In fact it is, since the app request may appears like “Viet X & Nam Y has invited you to use this app“. People often find it confused because they presume that a user can only be referred by only 1 user.

2. Always ask Facebook if your access token valid:

Even if you ask user to give “offline_access” right to your application, there’s a good chance that your stored access token will get expired. How do you know? Well, the only way available now is using your access token to request something, and if it fails, ask for a new one. That’s the way it works.

sometimes it’s hard to say a thing, though simple.

(to be continued)

The total of your FB friends – complicated rules confuse users

Facebook friends

It’s a shady day today. It’s great being outside with the small rain, windy air & not too harsh sun. I feel it’s really a good time to take a break, after all the long days.. but now, instead, I return home to write this tiny article.

Facebook’s great success makes “FB developing” one of the technology “buzzword” today. When making a website, there’s a good chance (if not always) the customer will ask to socialize things up, and well, the certain solution is Facebook. And I can be sure that many of developers would be proud to call themselves “Facebook app developers”, a title which seems more shiny to non-technical buddies.

Well, actually, the inside is not that glorious. If you do not concern much about IT, you may not know that most people who call themselves “FB dev” actually have no relation to Facebook. They just use the API libraries that Facebook provides to build application on Facebook Platform.

And that APIs sometimes sucks.
(warning: technical stuff next)

Surely Facebook has invested some efforts in their APIs. But personally, I think it’s not good enough comparing to their big success. Facebook APIs is rather likely to change, their documents are not very-well organized, and sometimes, make developer’s life harder because of mysterious “bugs”. I myself once met a bug like that – which is named the total friend number.

If  in any chance, you notice that your FB friend number increase or decrease(without adding or removing any friend), you will know what I talk about. And you may already find a friend which is in your friendlist, but you can’t see them in your Mafia war clan.

Our case is like this: in the project we use RestFB APIs to retrieve user infomation from Facebook to import into our system. Things work fine, until the QCs complain that her friend number on Facebook is different to the number of friends we got from calling FB APIs.

And the bug hunt begin :)

First, I think that it’s because of Facebook. Sometimes I see my total friend number varies after several seconds. It go up then go down without any reason. I thought that some of my friends deactivate their account, so they won’t be count at that time.

But our experienced QC brings another surprise: she point out 4 person who are her active friends on Facebook, but “invisible” in the list we got from RestFB service(249 in her list vs 245 returning by Facebook APIs). Very real & very magical – I can’t understand what happened, so I ask her to carefully filter the friends that we can’t get from the APIs. It maybe because some sort of text format – RestFB may have some bugs when users put strange characters in their username. And when the QC re-check – thanks God – she saw that she have 250 friends, not 249! Even Facebook doesn’t know how to count, man!

About 4 people that missing in the list, we eventually find out what’s the trouble. Facebook privacy settings is complicated indeed. They provide a setting option that give the user right to turn off all applications. Whenever the user activate this function, they are invisible in all application, which means their friends can not invite them in any FB platform applications, games, and so on..

In the end, we closed that bug. It’s such an irritating experience when working with third-party APIs.