Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning everybody. All right. So today's topic is the ultimate and irony. I am broadcasting live on Twitter talking about the future of Facebook. So today and tomorrow is the F eight Facebook developer conference. Um This is something they run every year. Um It is uh sort of um the state of the nation around Facebook as a platform.
It is encouraging folks to come out and to build their business. Uh on Facebook itself, you can catch a lot of it streaming live today. Um on this monster of a website that downloads just the landing page of 3.1 meg um to give you an idea of how they view mobile.
Um Ironically though the push is on mobile. Now, the interesting thing about this year's fa is more about what it's not going to announce. Now every year they come out and they say some say some crazy stuff. Um Here you can see tech meme, there is a list of stuff that you know, is not coming because you know, of all the scandal around Cambridge Analytica.
So it will be interesting to see what actually gets announced if they announce any devices if they announce any, um, any big pushes because over the last little while they've actually been cutting down on the number of API S that were available and making fixes in light of the scandal in light of GDPR.
But they've really handled these API updates poorly. Um, some of them, they gave us up until August 1st, um, to make some changes, but they made some breaking changes that took place within two weeks, which is really hard to get um into your um application.
So there's a list actually you can see of breaking changes on the site. Now, this is sort of a, a big um let's see, let me just switch over here to the camera. This is a big change in Facebook's mentality. A lot of the time Facebook was pushing people to build on their platform, they've been pushing people to advertise on the platform and obviously, they've been under scrutiny um over the last little while about Cambridge Analytica and um how they handle privacy and data in general.
Now, what, what the heck does this have to do with security? Well, Mornings with Mark and, and all my social stuff isn't just about security, it's about privacy as well, but there is a very critical security aspect here. Now, I have been espousing a certain idea, a certain definition of cybersecurity for a while now and I hope it takes off.
Um And that is very simply put this way is that the goal of cybersecurity is to make sure that your systems work as intended and only as intended. Now, when you're building on top of another company's platform and you're building on top of it for free, it is very difficult to ensure that your stuff is working as you intend and only as you intend if that platform keeps changing.
So this isn't like a cloud provider relationship where you're going to Aws or Azure or GCP and you're getting compute power and storage and database services and you're paying them for that service. Facebook is offering an open platform for you to build on.
This is very similar to how Twitter has sort of had this love hate relationship with all of us developers, right? They yanked the API, they've restructured the API now they're killing the streaming API. It's difficult building on top of somebody else's platform because there's competing interest.
They're saying, hey, come on provide value on the platform. At the same time, they need to make money off the platform. So if you're not paying to build on the platform, there is this risk, this threat of platform changes. And we're seeing that right now with Facebook.
So this ties back to security under the idea of resiliency is the foundation of the application you're building secure. Is it stable? Is it resilient? So Facebook is going to make api changes that are breaking with minimal notice. Can you ensure that your data is still being processed and treated with the level of care and security controls that you are expecting that's extremely difficult to do and sort of the ground is shifting underneath you.
I think the analogy I would use and a link to this video down below in the comments and I'll tweet it out here at marknca, Jimmy Fallon had one of my favorite uh favorite guests on uh couple week ago, Delaney.
Um I forget which science museum he works for, but he's a scientist and he has lots of creative experiments. And on the late show with, with Jimmy, he did an experiment where they were standing on sand and then he pushed a huge amount of gas through the sand and of course, that caused the sand to turn to more of a fluid state.
So fluid education and they both sunk down and they could move through the sand like it was a really thick liquid. And as soon as they turned off the gas, it locked again, that is the ultimate analogy. Here you are standing on a platform.
There is trouble for that platform provider. There's fluid moving through the sand, you sink down and you can move around and everything is dynamic. And the question you should be asking is, is your data secure? Is your platform resilient? Are you still creating systems that behave in the manner that you expect because the gas switches off and the SAN solidifies again, you're stuck where you are and you sort of cast your shit in with this free platform.
It's not a bad thing necessarily, but it makes it very difficult to determine what's going on because it's out of your control and you're reliant on this third party with whom you do not necessarily have a commercial or contract, two way partnership, um relationship with, you may have a contract, but it's on their terms.
Um That's very difficult as a business to build up on that. And that's absolutely a critical and key security question. Um Because resiliency is a fundamental piece of cybersecurity and we need to start getting our heads around that aspect. So it would be very interesting to see what happens today at F eight.
They are live streaming the event again, I'll tweet that link out at marknca drop in the comments. So you'll see announcements, there's a ton of media coverage around it. So, um you know, all eyes are on Facebook, we'll see if they own up to the platform uh troubles.
We'll see. Um Excuse me, where they go follow online. I'll be tweeting out when I can. I'm on the road um tonight and then at an event called Cloud in Toronto, that Trend Micro is hosting tomorrow. Um So I'll be uh you know, not as focused on the F eight stuff.
I'll be focused on the cloud se event, but I will be tweeting it out and wrapping up probably Thursday or Friday. We'll dive back in and see what's going on. What do you think about building on somebody else's platform when you're not paying for access to that platform or paying for that platform as a business?
How does that tie into your cyber security resiliency strategy? Let me know either in the comments below or at marknca. Um I hope you guys are having a great uh start of your day. Have a wonderful Tuesday and I will talk to you tomorrow.
