For non-coders, a little explanation of why mobile apps from Google, Spotify, Apple, NYT, Venmo, Walmart and many others all broke for a little while this afternoon. (Short version: they all use code from Facebook, so when that broke, they all started crashing.)

A little context: one surprising thing about programmers is they all regularly, routinely make use of code written by strangers on the internet, often even code written by people who work at competitors. This is the magic of “open source” and it’s kind of amazing.

But there’s also a way that companies try to use open source to extend their influence or dominance in the market. In this case, Facebook absolutely wants every app on the internet to use FB for login, since that will make both the other companies & their users dependent on FB.

For apps, using Facebook login is apoealing — users already have an account. Easy! And FB made that even easier by writing the code *for* you if you’re a programmer who wants that feature. You can just go get it for free & plug it into your app pretty simply.

The tricky part, though is that now your app is dependent on that code from Facebook. You have to trust that it works the way they say it will, or you have to read all the code and fully understand it. (That’s almost as much work as just writing the code yourself.)

So, understandably, everybody just plugs in the Facebook code (often called a “library” or more formally a Software Development Kit, “SDK”) and focuses on the more important features of their app.

But while lots of open source code libraries that you might use just perform a certain function in your app, like displaying a picture or formatting some data, this Facebook code also relies on a service on Facebook’s site running properly, too. Today, that service got broken.

The result is kinda wild: a minor configuration change on a Facebook server that isn’t even visible to regular users made dozens of high-profile apps from some of the biggest companies in the world all start crashing when you open them — even if you weren’t using Facebook at all.

Done right, open source is magic. It gives coders super powers to build things they could never do alone. But it can also be a strategy that makes huge parts of our online experience dependent on a few companies, and vulnerable to their choices.

This was just (“just”) some apps crashing for a little while. A few weeks ago, it was Zoom using a Facebook library that sent data in ways they didn’t disclose. We don’t have a cultural fluency in how to talk about the interconnectedness of all the tech around us.

These issues matter a lot. Our kids are now spending all day connected to apps that use this code. We’ll need to have trusted apps for COVID tracing that *don’t* have these issues — but even if they are done right, many won’t trust them because they’ve learned to be skeptical.

Simply put, we have to demand of our technology what we have of our food, clothing, medicine and other essential needs: visibility into how they’re supplied & sourced, understanding the workers & working conditions that shape them, and accountability when the system has failures.

When the supply chain for Tylenol was vulnerable, the manufacturer addressed the issue directly. When consumers wanted to know their tuna was dolphin-safe, companies responded. Who makes your apps? Where are they sourced? Which apps do you use that were made by people you trust?

By request, I've turned this thread into a little more fleshed-out piece that you can easily share. I hope it's of use. https://anildash.com/2020/05/07/when-everything-crashes/ (And obligatory plug: all the millions of apps on @Glitch are a big step toward everyone having tech that we can trust.)