Sunday, April 14, 2019

Outage Communication

This post isn't bashing cloud providers, although that's an easy target.

What this is about is to give some examples of outage communication from various providers. And yes, Google and Facebook are in different sectors but the wide differences in their outage communications are still interesting.

On March 12, 2019, Google suffered an outage that impacted Gmail and a variety of their services that depended on their file system. Over the next several hours they posted 3 updates on their G Suite Status Dashboard. The first noted that they were having an outage. The second update was posted in under 2 hours and stated that they were continuing to investigate. It also enumerated the services that were impacted. The final update was 2 and 1/2 hours later and said that the issue was resolved.


But Google didn't stop there. 2 days later they posted a thorough postmortem (archive.is) that identified a root cause and remediation and prevention.

That's the way to communicate.

On March 13, 2019 Facebook had a 14-hour outage which took down the Facebook social media service, its Messenger and WhatsApp apps, Instagram, and Oculus.

Here's Facebook's communication on that outage.


Yes, that's it.

Which of these would you prefer from your services provider? Ask about that before you sign a contract and consider putting a requirement for communication and follow-up in the contract.


Sunday, April 07, 2019

Just Don't Play Facebook Games

If you're my friend on Facebook, please don't play games on Facebook. When you do, you authorize Facebook to share your profile information with the game company. This often includes details such as the Facebook user ID, a list of Facebook friends (that's where I come in), likes, photos, groups, checkins, and user preferences like movies, music, books, interests, and other.

Once the game company has your data (and mine) Facebook has no control over what the game company does with it or who it shares it with.

Oh, I'm sure they have policies about what can be done with the data but there really is no way to enforce it.

As an example, the company that operated the "At the Pool" Facebook game, left all their Facebook user profiles, etc, on a publicly accessible Amazon Web Services (AWS) server for anybody to access.

Here's an excerpt from an article on ZDNet on this Facebook data leakage:
[T]he company has lost control over its most important asset - its users' data - which is now leaking left and right from all the no-name companies and mom-and-pop developer firms who've collected it over the past few years.