Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Solves Sharing Bug In Google Docs

Posted by timothy on from the use-of-journal-achievement dept.

RichardDeVries writes "Three weeks ago, I contacted Google about a bug in Google Docs that shared documents without permission. The issue has been resolved and affected documents have had their collaborators removed. The documents' owners have been notified: 'To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually.' See my journal entry for details on my contact with Google. Although I think Google handled the issue admirably, this raises questions (again) about cloud computing, as well as Google's eternal beta-status for a lot of their services."

11 of 69 comments (clear)

  1. I'll keep my docs offline thanks by syousef · · Score: 4, Insightful

    Prime reason to avoid online office suites and the like. Another good reason is that even these days Internet access is not a given 24x7 every place you want to be.

    --
    These posts express my own personal views, not those of my employer
    1. Re:I'll keep my docs offline thanks by Anonymous Coward · · Score: 4, Insightful

      The big deal is getting a response out of google. It's akin to praying at the Wailing Wall and having God come on down to buy you a Manischewitz.

      Man-O-Manischewitz What a Wine!

    2. Re:I'll keep my docs offline thanks by stesch · · Score: 5, Insightful

      People don't care. Really. There was a worm a few years ago that sent office documents to random e-mail addresses. I received an Excel price list from a bike shop. A co-worker some Word documents from a doctor. People don't care. They continue to use this kind of software and putting documents on Google's site isn't less secure than what they are doing right now.

  2. Google's eternal beta-status by ddrueding80 · · Score: 5, Insightful

    It seems Google treats their beta products better than most treat their production stuff. Fitting, considering Google has more users of their beta stuff than other companies have paying users.

  3. Well by mysidia · · Score: 5, Insightful

    It raises more immediate questions about SAAS, which Google docs is, not cloud computing. (Google docs is software as a service, not a cloud computing service like Amazon ec2.) Someone else's custom app can have a bug, and leak your data.

    So can your provider's closed-source proprietary cloud computing applications, user provisioning, storage, etc.

    If, however, the provider uses an open-source hypervisor (like KVM), and open-source provisioning, management tools, and scripts (so the wrong user isn't given access to your storage), cloud computing should be much more secure than a SAAS platform like Google docs.

    But yes, it does raise some question about services like ec2, because they're fairly opaque and using proprietary software, how can you possibly prove that their provisioning system is secure (in that YOUR elastic block store can't accidentally be provisioned onto someone else's ec instance)?

    One possibility is to use full-drive encryption on all your volumes, and require interaction with custom software on your side to boot your instances.

  4. Raises questions? Really? by ozric99 · · Score: 5, Insightful

    Although I think Google handled the issue admirably, this raises questions (again) about cloud computing, as well as Google's eternal beta-status for a lot of their services.

    Really? I don't use Google Apps but I don't think the act of fixing a bug in any way raises questions about the overall concept any more than Microsoft fixing a bug in Sharepoint would raise questions about closed source Windows services, or fixing a bug in KnowledgeTree would raise questions about similar open source services.

    Software application has bug; bug gets fixed. Jesus people, why is this different from any other similar bug being fixed? Oh, it's Google, better get blogging.. Gotta get those ad impressions up.

  5. Re:Raises questions? Really? by nametaken · · Score: 3, Insightful

    When there's a bug in my internal doc collab and versioning service, it isn't exposed to the entire world.

    I think that's the question raised.

  6. What's with the lemming movement in IT... by tjstork · · Score: 3, Funny

    My god, every time someone comes up with a solution in IT, we have this built in expectation that everyone should fall on board. Cloud computing is just the latest. Are we to now upgrade every system to use the "cloud". Are we to do web applications for everything? This isn't an engineering profession, its a fashion one. We're not like Mr. Spock from Star Trek. We're like the guy on America's Next Fashion Designer.

    --
    This is my sig.
    1. Re:What's with the lemming movement in IT... by Teckla · · Score: 3, Insightful

      My god, every time someone comes up with a solution in IT, we have this built in expectation that everyone should fall on board. Cloud computing is just the latest. Are we to now upgrade every system to use the "cloud". Are we to do web applications for everything? This isn't an engineering profession, its a fashion one. We're not like Mr. Spock from Star Trek. We're like the guy on America's Next Fashion Designer.

      There are a bunch of good reasons web applications have become popular.

      First, they're easy to deploy. Put up a web page, point the users to that web page, and you're done. No need for an installer. No need for an updater. No need to convince users to download and run an executable (which is a scary and complex undertaking for many of them).

      Second, they're relatively safe for the user. Which puts the user at less risk, navigating to a web site, or downloading and running an executable which may or may not contain malware?

      Third, they're cross platform. With a little effort, your web application will run on Windows, OSX, and Linux. This should make Linux users very happy, since it helps even the playing field between Windows and Linux!

      Fourth, in many cases, web application providers can offer superior document management. For example, regular users aren't good at keeping backups, and in the old days, just plain said goodbye to their archived email if their hard drive crashed. Or, if they upgraded from a Pentium 3 computer to a Pentium 4 computer, they spent hours trying to configure their new email program, and then more hours trying to move their archived email from their old computer to their new computer. Compare that to web email, which Just Works.

      Do web applications involve risks and tradeoffs? Yes, this article demonstrates that. But it's up to individuals to decide what risks and tradeoffs are worthwhile, and many, many people choose web applications because the advantages are worth it to them.

      Claiming that web applications are successful only because they're fashionable to developers these days is, well, just plain stupid. The fact is, web applications are the best choice among the alternatives for many users, and plenty of developers recognize that fact and leverage it by building web applications instead of thick client applications.

  7. Re:Raises questions? Really? by Firehed · · Score: 5, Interesting

    Well let's say that you're using SharePoint internally, and there's a bug in it. It's not exposed to the entire world, but it IS exposed to the entire organization (which can be just as bad, depending on the bug). More importantly, it's on a hundred thousand different sysadmins to patch said bug on their own MOSS installations, rather than a SAAS company patching it once and having the bug fixed for everyone.

    Imagine for a moment if IE was somehow SAAS instead of a desktop app. That would mean that IE6 would NO LONGER EXIST, and that everyone would have an up-to-date version of IE7. And as soon as IE8 comes out of beta, IE7 will also die - instantly, worldwide - and then web developers everywhere will rejoice.

    Obviously that simply doesn't work for a web browser (well, it could, but not as it's done now - and it's obviously not the most practical approach), but for all of the problems that SAAS can bring, it also solves a tremendous number of other issues. For something where security is priority number one, it's often not the best choice, but you can't beat it for keeping things up to date. And when you're dealing with closed-source software, that's already beyond your control so you might as well reap the benefits of the instant updates.

    --
    How are sites slashdotted when nobody reads TFAs?
  8. Re:From your journal by Synn · · Score: 3, Informative

    More work I know, but more control if you implement it properly.

    I seriously doubt you're going to get your average user to use FTP successfully and I doubt most companies could "implement it properly".

    What Google offers instead:

    Jane goes to http://docs.mycompany.com, creates the document. Clicks on sharing and shares it with Bob in accounting. Simple and easy.

    Is this solution open to bugs in Google Docs? Sure is. But your web/ftp server solution is also open to exploits in both pieces of software AND since it's more complex it's more open to user error.

    How does Jane upload it so only Bob and not Bill in accounting can edit it? How does she make it so only Mark, Matt and Jessie in development can view it?

    Google Docs makes that trivial to do. Also Bob and Jane can work on the document at the same time and any changes go out instantly to the viewers. Plus the document has versioning built in.