Look at my history. I've been talking about OurDoings here for years. If somebody wants to say every such comment should include a disclaimer I'll listen, but I won't be lectured on transparency from an account like izboyd created just for posting this one comment.
This vulnerability is an example of Facebook's failure to think things through. It does push my buttons and I'm going to say something. Just because it's popular doesn't mean it's good.
My issue with your comment is that you jumped on a /bug/ in Facebook to push your cause.
Analogy: Let's say I had a car company that competed with a fictitious competitor, Toyonda. There was a news story on HackerNews about a software bug that caused all Toyonda Freerunners to crash whenever somebody pushed the gas too long. I then posted a comment that my car, the Legendary Esquilax, doesn't have that bug. It's self-serving and adds nothing to the conversation.
Now, if you said something like, "Our Esquilax line of cars uses an O(1) lookup on the rotor hashtable to avoid a backup of 'gas' events which caused the bottleneck bug at the root of the Toyonda issue." That would be interesting, provide useful news about competing products, and potentially spark a discussion about the "right" gas pedal algorithms.
About your comment on lecturing: I signed up with Hacker News to post a comment. Every person needs an impetus to join a community, and your comment provided that for me.
Thanks for following up. I understand where you're coming from now. Unfortunately in this instance there's not a lot of potential for interesting discussion about the "right" way to form semi-private URLs on a host that isn't doing authentication. You need enough randomness; that's obvious. Apparently it wasn't obvious to Facebook.
This vulnerability is an example of Facebook's failure to think things through. It does push my buttons and I'm going to say something. Just because it's popular doesn't mean it's good.