Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning everybody. How are you doing today? Um Another day, another business hotel room. This time, I'm in Chicago for the Aws summit here. I'm giving a talk later on today. Um And I think at some point, I'm gonna have to give uh a Mornings with Mark episode dedicated to creative hotel room setups to get semi decent lighting.
Um At least this is a bit easier than in San Francisco when it was too early and the lighting was crap and you saw all the uh the bad um webcam uh footage. Uh but uh sitting in front of a nice beautiful uh window because it looks fantastic uh As far as the weather here in Chicago.
But today I want to talk to you about tooling in easy tooling. Um because two things kind of crossed my radar um yesterday when I was uh wrapping up serve conference, but I thought merit a discussion. Um So the first is uh Facebook was in front of um congress um talking again about um Russian influence and that led 538 which uh does a phenomenal job um on data um for all sorts of things.
Um not just politics but a lot of sports stuff. They had a great world Cup tracker. Um Nate Silver runs that um and uh it's under the ESPN umbrella I think. And one of the media conglomerates anyway, Nate and his team do a phenomenal job on um statistical analysis of uh open data sets and they released about uh just try 3 million tweets um up on github uh related to Russian influence um on Twitter.
And um I know there's a lot of politics there and I don't want to dive into that. What I did want to call out was that it was interesting that in their repo that they put on github, they said we're putting this here because maybe other people will have a different view on it, um be able to run um different tools um to see what's going on.
And it sort of prompted a few ideas in my head, obviously, you know, the data subject conventions, all that kind of stuff. Um But a bigger question of how little tooling we have to handle um big data sets for average folks, for people to pull out information.
Um So we see this in other areas. But I mean, how would you if I give you 3 million tweets um in a machine readable format, how would you go about making sense of them? Right? Maybe maybe somebody enterprising would like try to import them into Excel or something, but most people wouldn't have an idea of how to process that or how to visualize that and convey that information.
And I think that's an area where we need to work on significantly, not just security privacy. Um but in general, but I think it impacts security significantly. Um In fact, I'm giving a talk at AWS not today but um re invent in the uh Christmas time about handling security data because there's so much of it, there's a massive massive amount of data being generated by a lot of our security tooling by a lot of our tooling around handling data that we don't know how to properly process it from a machine perspective or from a human perspective.
So there's um there are great tools in the cloud um on how to, how to process this data, but how to present it in a meaningful way I think is a really um big challenge. There's lots of great work out there. Um But it's not in the hands of everyday users, right?
Um And I think that's a huge gap that creates a problem for people to understand um the data because you can be presented with certain graphs and things like that. And I was ranting the other day. Um What uh uh Reuter, Reuters? Jeez it's early um Reuters had published a chart of the stock um Facebook stock drop and the Y axis was started at 100 and 70 went to like 230 so it showed this precipitous drop.
When in fact, if you look from 0 to 240 the drop over the big of the long term was not that significant. And yeah, it was a huge hit, but it was not like all the stock just crashed and bottom up, but it was presented that way.
And I think that's a real problem is that especially in an era of fake news, of challenges of believing what you're talking about. You know, I talked about that on my CBC column this week about um deep fakes. Um It's hard to believe what you see.
So having access to the raw data and the ability to process and understand it, I think is becoming more and more critical. Um So I wanted to mention that and then the other thing that's somewhat related um was a trade off that bit somebody in the butt.
Um So reddit was breached by some employee accounts got compromised even though the accounts had two factor authentication. So that's when you have your user name and password and then something else um to log in. And in this case that something else was a text message.
Um And the text message had been compromised and there were some tweets online where people had said, well, that's why you don't use a low quality second channel, something that's vulnerable to build something that you need to be secure. And that's a generally positive, that's a generally accurate statement.
Um The challenge is though is that it's a question of usability. There's a trade off to get something. Um when you're asking more of a user, so user name and password passwords already frustrate users when you're asking something else of those users. When you're saying, hey, I need you to also use a second factor.
You want to make that as simple as possible. So telling them to go install another app or use a physical key is a burden that may be challenging to put on people. So using a text message makes perfect sense. Um or using Apple's dialogue system makes perfect sense because it will get it out to more people and it will improve security.
Um However, in this case, it didn't. So for admin users, um it, you know, trusted it users asking them an additional burden is not unreasonable. But again, it comes down to accessible tooling. And I thought that was sort of an interesting balance between having all these data sets and being on a to process and understand them and having something practical like trying to log into a system in a way that doesn't give you the um the use that you need and the functionality that you need.
So um just sort of a random thought for today, you know, a couple of things that had bubbled up there. Um I think overall there's a huge push and need for better tooling. There's a huge push and need for better usability. And I think that's an area where security has an app.
Absolutely and utterly massive blind spot. Um, I track and attend as many as I can, uh, usability conferences and I've yet to see anything around security. Um, and that's over years of UX conferences and usability conferences. Um, that's not good. That's not good at all because it perpetuates a lot of problems and it makes things harder to use and security should be easy to use.
Um We've got a lot of work to do. What do you think? Hit me up online uh at marknca if you're watching the vlog in the comments down below, uh or as always by email me@markn.ca, let's keep the conversation going.
I hope you are set up for a fantastic day today. I will talk to you online and uh maybe tomorrow we'll see, I'm in transit. So uh I may have to uh push the show um and see you on Monday. Um But uh I will update on Twitter.
All right. Have a good one. Bye.
