Slashdot Mirror
Google Explains Tuesday's Drive, Docs Bug That Marked Some Files As Violating Terms of Service (9to5google.com)
On Tuesday, Google's cloud-based word processing software was randomly flagging files for supposedly "violating" Google's Terms of Service, resulting in some users not being able to access or share their files. Google today explained the issue and addressed concerns that arose. 9to5Google reports: Several users on Tuesday morning reported no longer being able to open certain files they were working on in Docs, while others were locked out mid-edit. "On Tuesday, October 31, we mistakenly blocked access to some of our users' files, including Google Docs," Google said in a blog post. "This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS)." Afterwards, Google provided a comment to Gizmodo noting that a code push made earlier that morning was at fault and that full access had been restored to users hours after the bug first arose. Today's clarification goes on to explain how that error on Tuesday caused Drive to "misinterpret" responses from the antivirus system designed to protect against malware, phishing, and spam. As a result, Docs "erroneously mark[ed] some files as TOS violations, thus causing access denials for users of those files."
Looks like it's to drop using Google Drive as my go-to backup for my work projects, or much of anything else, for that matter.
On the other hand: no real consolation to those locked out by the bug
Move data to the cloud, do not complain when data disappears for a short time or forever.
Out of your hands now.
This is The Cloud. They're not YOUR files, they're OUR files.
It's not just "the cloud", such a thing could happen on any network. It's that you must "trust" that Google will revert the issue and grant you access to *your* documents. They don't have to.
If you want news from today, you have to come back tomorrow.
Honestly, what did you think? As soon as you put them into the cloud, they're no longer yours.
Why don't stupid users understand: YOU DON'T OWN YOUR DATA. It belongs to the mega-corporations. Idiots. Personal computing is dead. Long live Corporate Computing.
"OK; as a word we commonly use has now been associated with terrorism and banned by the search algorithms, we suggest instead of 'the' you use 't__he' or 'Teh'".
We hope to have this solved soon.
Truth isn't Truth - Guliani
I'm playing it safe and storing all my documents on Microsoft OneDrive.
... they scraped them all.
It little behooves the best of us to comment on the rest of us.
It just goes to show you should never use as primary storage a service that will, for any reason, censor or lock content - because someday anything you have may be declared "wrong".
I don't mind editing documents and moving them into the cloud, I don't even necessarily mind iCloud based apps like Keynote that stores things to iCloud - but there at least I can save a Kyenote file locally and work with it there if I like. Google Docs have always been a bit too "pure cloud" for my liking...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.
Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.
That's way better than what you will ever achieve with crappy consumer equipment.
... the cloud is.
It little behooves the best of us to comment on the rest of us.
... you didn't know that Google could cut off access to files in Google Drive? How the hell did you think it worked? I thought this site was news for nerds, not news for my grandma?
It came off a perfectly innocent looking thumb drive that I found in a parking lot in Langley, W. Virginia.
Have gnu, will travel.
I treat the cloud copy as a cheap off-site backup. Between google docs, onedrive, and box I have a good chance of recovering from any one of them blocking me. And, it only matters if my local hard drive copies get lost by theft, stupidity, or natural disaster.
I'd be much more concerned if I has business processes, particularly customer facing processes, that relied on consumer-grade cloud services. Getting custom written agreements with consumer providers is almost impossible without being a huge business.
Long term keep your data away from any deep file "inspecting" cloud product.
If you have the bandwidth to upload, you can share with your collaborators and colleagues as needed.
Too many checksums, SJW, AV efforts trying to look into your data with cloud services.
Keep your data sets, ideas, tech, optimisations, language use secure from been searched, sorted and questioned.
If a server product is needed find a real hosting company with real hardware that can offer a fully self encrypted service.
Domestic spying is now "Benign Information Gathering"
"the cloud" is really just "someone else's computer" and if you store data on it, that other entity can deny you access to it.
Never forget that in order to even do this, a process has to read your files. If searching your files is easy in the cloud, it is because there is an index of those files. If those files contain confidential data, you now have a third party which has built an index of the contents of your file that you do not control, cannot delete, cannot turn off, etc.
This is not a recipe for keeping secrets, let alone keeping access.
See subject: "From win & lose but STILL somehow - it's CLOUD'S ILLUSION I recall..." themesong for Google today!
* What a BULLSHIT LIE on their end... lol!
(You've got to be TOTALLY STUPID to believe in 'cloud = safe' or 'cloud = secure' bs...)
APK
P.S.=> "It was a 'bug'" lol - the ONLY bug is in their brains... apk
If what Google says is true - that the files were accidentally marked as malware, phishing, or spam - then they were giving users a pretty terrible error message saying user documents violated the TOS. Why not spell it out - hey, we flagged this file for malware, phishing, or spam. At least then the user doesn't think that *they* did something bad by violating the TOS.
Whattaya mean, sending plaintext files to someone else is "not a recipe for keeping secrets"?
NT
Today's clarification goes on to explain how that error on Tuesday caused Drive to "misinterpret" responses from the antivirus system designed to protect against malware, phishing, and spam.
This is pure speculation on my part, but based on the description above it sounds like they forgot to use C++11's "enum class", which would have caught the mistake at compile time.
C++11 enum class fixes this by adding strong typing:
p.s. Why I assume it's a C++ bug: In the past few weeks I watched a bunch of CppCon 2017 videos. In one of those videos, Google's Titus Winters said that his team had just re-factored 250 million lines of C++ code at Google (source: CppCon 2017: Titus Winters “C++ as a "Live at Head" Language”).
So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.
Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.
That's way better than what you will ever achieve with crappy consumer equipment.
I have 100% availability at home. Why would you keep stuff at googles house?
Until your hard drive blows up, your LAN goes down or your computer goes on the fritz. It's not like local file servers are magically immune to failures.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Beta Testing to see who notices.
Now to analyze the data and react accordingly.
Thanks Google. And Obama ;)
TFS is nothing more than Google saying the bug was a bug due to buggy code that buggily flagged things based on a buggy interpretation of another component's output.
How many files were affected? Why some and not others? Why is the antimalware component involved? What's there to misinterpret from its output?
I get so many companies pitching me cloud this and cloud that. My response has consistently been, I don't trust the cloud for any business critical processes/data. The sales reps will laugh their snipe little laugh and make some pithy comment about 'oh, you must be old school'. Yet we see time after time stories like this, almost always portrayed by the company in question as a 'glitch' or a 'bug' and that it has been addressed and fixed. We are reassured that it will never happen again.... until the next story when it happens again. Here is a good one, not quite a cloud story but close enough to make my point of putting your trust in yourself and not relying on someone else for your stuff to work... so on day a couple weeks ago I try to log into VMware console flash version on Chrome, lo and behold it doesn't work because of something Chrome was doing to block flash. Prior to upgrading to 6.5, I NEVER HAD A PROBLEM logging into VMware using the locally installed app. Now I am held hostage to whatever tiff/security issue between Chrome and Adobe.
I will continue to listen to them call me old school, but when you can't get to your data on the cloud, rest assured I will be laughing. And if you are competitor, I will be laughing on the way to the bank.
If you don't control the data, you don't own it. Just because can you put your data on somebody else's computer because it's easy doesn't make it right. Get a clue people.
This is the fallacy of "the cloud"
How about fuck you, Google. They're MY FILES, you have NO RIGHT to do this.
because someday anything you have may be declared "wrong".
Yup. It is not at all the same thing as running a virus scanner at home. I have no idea what they're scanning or how they decide what punishment to enforce based on what they find. If I did know, I would have no faith they wouldn't change their answer tomorrow because of "Trump and literal Nazis" or some other such SF hysteria. The real mistake of this push was leaking to a wide audience that this secret scanning regime exists. Thank god I can still buy a physical hard disk without agreeing to a TOS about what bits I write to it. Fuck this noise with a ten-foot witch's broom.
If anyone suggested such an interface for a car, you'd be taken to the loony bin. But some clown thought this was OK for a ship. While usually ships don't crash if you make a mistake quite as quickly as a car, that's by no means a certainty. A ship should have a real wheel and a physical throttle control.
So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.
Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.
That's way better than what you will ever achieve with crappy consumer equipment.
Looks like Google employees are presenting.
Sorry church, The cloud is advertized as the ultimate in security, and availability, Fuck you and your cloud is better than "consumer equipment.
Here comes the curse. May you get locked out of the biggest and mot important document you ever had, th eone your boss and your jobs depend on, and you only have it in teh cloud, since who would put it oncrappy consumer equipment. Go to the customer and tell them you got nothing.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Until your hard drive blows up, your LAN goes down or your computer goes on the fritz. It's not like local file servers are magically immune to failures.
In those cases, would the cloud somehow still work? That's a hellava cloud that gets th edat through a busted LAN and a non-functioning computer. Majick!
This access denial is a non-polishable turd. If I'm working on a project and suddenly "The cloud" locks me out of it, I'm well and truly screwed with tight deadlines. Wait - I know the answer - I'm supposed to both use the cloud andlocal storage along with my multiple backups. Which means the one item that is redundant is - the cloud.
I'll use dropbox or equivalent for transfer if I have to but never anything stored there or any other cloud storage or backup that isn't directly under my control, and that I can't put my grubby mitts on.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
... you didn't know that Google could cut off access to files in Google Drive? How the hell did you think it worked? I thought this site was news for nerds, not news for my grandma?
Be nice - your grandma is a great lady.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
The cloud is for backups and archives.
Google drive, at least on PCs, has a local copy stored, so even if a backhoe cuts the fiber, I can still work on a file.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Nope not a google employee. Or a seller of goggle products.
And no one actually involved in cloud transformations advertises it as the ultimate in availability or security. The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane. You price up what it would cost you to have HA between two server groups across two locations, with your own dedicated fibre connections.
Now factor into that 3 year hardware lifecycles, and having enough spares that you can bring a dead machine back online within an hour and the costs really start to mount up.
The cloud options let you leverage economies of scale to get close to that level of reliability. But there are draw backs. This event is one of the risks of a SaaS offering. If you are IaaS or PaaS you have contention risks. And for all of them you have comms circuit risks.
Also why am I only having it in the cloud? Consumer equipment is perfect for consuming. So there is no reason a document isn't replicated there. Given this was google docs it would be trivial for all files to be synced using drive stream and hence being able to access the most recent interation on any PC.
Just Other People's Computers.
There are encryption layers you can add to your Google Drive, so even they can't see what you store (BoxCryptor is the one I use but I'm sure there are many others). Doesn't work for Docs and Spreadsheets, but who uses those anyway??
Could easily have happened for a million other reasons
But it didn't. It happened because Google didn't like the contents of your documents.
I don't recall ever agreeing to let Google even fucking read my documents, let alone tell me whether they're "acceptable" or not. So fuck Google, no more Google Docs for me.
I had a google doc affected by the bug. It showed that my group's study guide was marked as containing infringing content. At first, I thought it was due to the copy pasta tables and some graphics or the fact that I shared it with non-google account holders (via link). As the document owner, I still had access to the document, but I was prevented from sharing it.
As a quick workaround, I opened the doc, Cntl-A, Cntl-C, and then Cntl-V into a new document. I then shared this new document and was back in business in a few minutes.
your LAN goes down
How would the LAN going down impact my ability to access the documents stored locally on my computer? (hint, it won't)
You do have a point about the other two, but mentioning the LAN going down just seemed odd.
Nope not a google employee. Or a seller of goggle products.
And no one actually involved in cloud transformations advertises it as the ultimate in availability or security.
That doesn't mean that we don't hear that often and loudly. Employee, zealot, or useful idiot, the glowing reports of unassailable security, 100 percent uptime, and almost miraculous reductions in cost of infrastructure and eliminating employees have been shouted from the rooftops for years.
The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane.
Well okay. But who needs ultimate? The cloud certainly doesn't approach ultimate, and stupid stuff like expired security certificates (microsoft) and arbitrary lockouts from your own information by google are as much failures as hardware failures. And this still doesn't address the fact that they are scraping the files.
Also why am I only having it in the cloud? Consumer equipment is perfect for consuming. So there is no reason a document isn't replicated there. Given this was google docs it would be trivial for all files to be synced using drive stream and hence being able to access the most recent interation on any PC.
Tell me - would you store classified data in your cloud?
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Go to the customer and tell them you got nothing.
Unfortunately, that usually works. "Computer problems" is the big catchall excuse these days. Can't buy tickets for whatever - or even stuff at the mall. "Computer trouble" indeed. And people just accept - because everybody knows that computers crash now and then. Except me, who complains and tell them to fix it or call the supplier who definitely can fix it.
Computer crash is the dumbest excuse ever - when even I can get two years uptime on an old but internet-facing machine that doesn't even have ups. People who have actual budgets for stuff have no excuse at all.
FTFY
Mis-identified as malware ---so this was an auto-immune disease?
Get a load of the guy who thinks its "his" files. LOL.
Read the Terms Of Service sometime bub.
WTF?! You already knew that.
"Believe me!" -- Donald Trump
A couple people were walking in a woods, when they spotted a hungry grizzly bear, and it started charging toward them. One of them started lacing up his shoes, preparing to run. "What's the point?" said the other, "You can't outrun a grizzly bear." The reply: "I just have to outrun you."
We're in a world gone mad, where incompetence and malice-or-corruption (depending on how charitable you wanna be about it) dominate. The benchmark for your home fileserver's reliably isn't perfection; it just has to be better than alternatives (e.g. "you're the product, not the customer" type services).
And that's pretty damn easy to achieve. My file server doesn't even have a "check if this file complies with my TOS, and then delete it just to spite myself" to ever possibly malfunction. Why would I deliberately build additional risk into it?
"Believe me!" -- Donald Trump
I do store classified data in the cloud. I don't store it in google docs though.
Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.
Believe it or not Microsoft's Azure product is very secure if configured correctly.
You uploaded it to a platform that allows you to edit the documents in a web browser. How exactly did you NOT think you gave permission to google to open your docs?
If they can't open the docs they can't give you the ability to edit them. And then you have to expect them to build protections to stop bad docs taking the system off line.
Congratulations on completely missing the point.
Google can provide CRUD capabilities without ever knowing the content of the data.
It's the same way that a DBA can administer a database without ever looking at its data. In theory that's not possible but in practice it's very easy. Just the same for Google and docs.
I do store classified data in the cloud. I don't store it in google docs though.
Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.
Believe it or not Microsoft's Azure product is very secure if configured correctly.
That is only remotely the cloud we're talking about here.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
See subject: I heard references to "cloud" way, Way, WAY back circa 1994 asI 1st started doing cross-platform coding to AS/400 midranges (OS/400) then & per the song?
I DON'T WANT TO KNOW "CLOUD" @ ALL, lol... @ least not in its present showing!
APK
P.S.=> There ya go... apk