Slashdot Mirror
Google Explains Tuesday's Drive, Docs Bug That Marked Some Files As Violating Terms of Service (9to5google.com)
On Tuesday, Google's cloud-based word processing software was randomly flagging files for supposedly "violating" Google's Terms of Service, resulting in some users not being able to access or share their files. Google today explained the issue and addressed concerns that arose. 9to5Google reports: Several users on Tuesday morning reported no longer being able to open certain files they were working on in Docs, while others were locked out mid-edit. "On Tuesday, October 31, we mistakenly blocked access to some of our users' files, including Google Docs," Google said in a blog post. "This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS)." Afterwards, Google provided a comment to Gizmodo noting that a code push made earlier that morning was at fault and that full access had been restored to users hours after the bug first arose. Today's clarification goes on to explain how that error on Tuesday caused Drive to "misinterpret" responses from the antivirus system designed to protect against malware, phishing, and spam. As a result, Docs "erroneously mark[ed] some files as TOS violations, thus causing access denials for users of those files."
Looks like it's to drop using Google Drive as my go-to backup for my work projects, or much of anything else, for that matter.
On the other hand: no real consolation to those locked out by the bug
This is The Cloud. They're not YOUR files, they're OUR files.
It's not just "the cloud", such a thing could happen on any network. It's that you must "trust" that Google will revert the issue and grant you access to *your* documents. They don't have to.
If you want news from today, you have to come back tomorrow.
"OK; as a word we commonly use has now been associated with terrorism and banned by the search algorithms, we suggest instead of 'the' you use 't__he' or 'Teh'".
We hope to have this solved soon.
Truth isn't Truth - Guliani
I'm playing it safe and storing all my documents on Microsoft OneDrive.
... they scraped them all.
It little behooves the best of us to comment on the rest of us.
It just goes to show you should never use as primary storage a service that will, for any reason, censor or lock content - because someday anything you have may be declared "wrong".
I don't mind editing documents and moving them into the cloud, I don't even necessarily mind iCloud based apps like Keynote that stores things to iCloud - but there at least I can save a Kyenote file locally and work with it there if I like. Google Docs have always been a bit too "pure cloud" for my liking...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.
Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.
That's way better than what you will ever achieve with crappy consumer equipment.
... the cloud is.
It little behooves the best of us to comment on the rest of us.
It came off a perfectly innocent looking thumb drive that I found in a parking lot in Langley, W. Virginia.
Have gnu, will travel.
Long term keep your data away from any deep file "inspecting" cloud product.
If you have the bandwidth to upload, you can share with your collaborators and colleagues as needed.
Too many checksums, SJW, AV efforts trying to look into your data with cloud services.
Keep your data sets, ideas, tech, optimisations, language use secure from been searched, sorted and questioned.
If a server product is needed find a real hosting company with real hardware that can offer a fully self encrypted service.
Domestic spying is now "Benign Information Gathering"
"the cloud" is really just "someone else's computer" and if you store data on it, that other entity can deny you access to it.
See subject: "From win & lose but STILL somehow - it's CLOUD'S ILLUSION I recall..." themesong for Google today!
* What a BULLSHIT LIE on their end... lol!
(You've got to be TOTALLY STUPID to believe in 'cloud = safe' or 'cloud = secure' bs...)
APK
P.S.=> "It was a 'bug'" lol - the ONLY bug is in their brains... apk
If what Google says is true - that the files were accidentally marked as malware, phishing, or spam - then they were giving users a pretty terrible error message saying user documents violated the TOS. Why not spell it out - hey, we flagged this file for malware, phishing, or spam. At least then the user doesn't think that *they* did something bad by violating the TOS.
NT
Until your hard drive blows up, your LAN goes down or your computer goes on the fritz. It's not like local file servers are magically immune to failures.
The world's burning. Moped Jesus spotted on I50. Details at 11.
TFS is nothing more than Google saying the bug was a bug due to buggy code that buggily flagged things based on a buggy interpretation of another component's output.
How many files were affected? Why some and not others? Why is the antimalware component involved? What's there to misinterpret from its output?
I get so many companies pitching me cloud this and cloud that. My response has consistently been, I don't trust the cloud for any business critical processes/data. The sales reps will laugh their snipe little laugh and make some pithy comment about 'oh, you must be old school'. Yet we see time after time stories like this, almost always portrayed by the company in question as a 'glitch' or a 'bug' and that it has been addressed and fixed. We are reassured that it will never happen again.... until the next story when it happens again. Here is a good one, not quite a cloud story but close enough to make my point of putting your trust in yourself and not relying on someone else for your stuff to work... so on day a couple weeks ago I try to log into VMware console flash version on Chrome, lo and behold it doesn't work because of something Chrome was doing to block flash. Prior to upgrading to 6.5, I NEVER HAD A PROBLEM logging into VMware using the locally installed app. Now I am held hostage to whatever tiff/security issue between Chrome and Adobe.
I will continue to listen to them call me old school, but when you can't get to your data on the cloud, rest assured I will be laughing. And if you are competitor, I will be laughing on the way to the bank.
So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.
Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.
That's way better than what you will ever achieve with crappy consumer equipment.
Looks like Google employees are presenting.
Sorry church, The cloud is advertized as the ultimate in security, and availability, Fuck you and your cloud is better than "consumer equipment.
Here comes the curse. May you get locked out of the biggest and mot important document you ever had, th eone your boss and your jobs depend on, and you only have it in teh cloud, since who would put it oncrappy consumer equipment. Go to the customer and tell them you got nothing.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Until your hard drive blows up, your LAN goes down or your computer goes on the fritz. It's not like local file servers are magically immune to failures.
In those cases, would the cloud somehow still work? That's a hellava cloud that gets th edat through a busted LAN and a non-functioning computer. Majick!
This access denial is a non-polishable turd. If I'm working on a project and suddenly "The cloud" locks me out of it, I'm well and truly screwed with tight deadlines. Wait - I know the answer - I'm supposed to both use the cloud andlocal storage along with my multiple backups. Which means the one item that is redundant is - the cloud.
I'll use dropbox or equivalent for transfer if I have to but never anything stored there or any other cloud storage or backup that isn't directly under my control, and that I can't put my grubby mitts on.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
... you didn't know that Google could cut off access to files in Google Drive? How the hell did you think it worked? I thought this site was news for nerds, not news for my grandma?
Be nice - your grandma is a great lady.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Google drive, at least on PCs, has a local copy stored, so even if a backhoe cuts the fiber, I can still work on a file.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Nope not a google employee. Or a seller of goggle products.
And no one actually involved in cloud transformations advertises it as the ultimate in availability or security. The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane. You price up what it would cost you to have HA between two server groups across two locations, with your own dedicated fibre connections.
Now factor into that 3 year hardware lifecycles, and having enough spares that you can bring a dead machine back online within an hour and the costs really start to mount up.
The cloud options let you leverage economies of scale to get close to that level of reliability. But there are draw backs. This event is one of the risks of a SaaS offering. If you are IaaS or PaaS you have contention risks. And for all of them you have comms circuit risks.
Also why am I only having it in the cloud? Consumer equipment is perfect for consuming. So there is no reason a document isn't replicated there. Given this was google docs it would be trivial for all files to be synced using drive stream and hence being able to access the most recent interation on any PC.
C++11 enum class fixes this by adding strong typing:
Why do you consider the first sample wrong and the second one fixing it? The line VirusCheckerResult result = virus_checker.scan(file); introduces an uncontrolled uncertainty and any even slightly sensible programmer should deal with it properly by relying on whatever means are available. Enums are basically integers and, when taking random external inputs (e.g., the aforementioned file reading), you have to make sure that the given value yields within the expected range.
Any code taking random inputs without confirming that they meet the expected format is wrong regardless of the language. Note that I regularly rely on a relevant number of different programming languages with different levels of “programmer's helps” (e.g., strong typing) and my code is always perfectly adapted to the given conditions. Other than in very specific cases (e.g., a language like C performing notably better than virtually any other one) and/or when being used by unexperienced-in-that-language-or-in-general/bad programmers, there aren’t many absolute benefits associated with using a specific programming language. Or, in other words, the one to blame for any problem is always the developer/tester/manager/etc.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
My "there aren’t many absolute benefits associated with using a specific programming language" should be understood within the proper context of using the right tool for the job. A language like C cannot be used (at least, not autonomously or without provoking an unreasonable increase of complexity) in quite a few scenarios. Also the quality of the in-built or even just available resources of some languages might make their usage recommendable under certain conditions. Anyway, my previous comment was mostly meant for algorithmic/common-to-all-the-languages situations like managing input files or creating proper algorithms.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
I visit a dentist who is an absolute fanboy of alphabet - heating controller, email and probably his backend are all stored on google things.
Its mildly concerning but its nor my responsibility
There are encryption layers you can add to your Google Drive, so even they can't see what you store (BoxCryptor is the one I use but I'm sure there are many others). Doesn't work for Docs and Spreadsheets, but who uses those anyway??
Could easily have happened for a million other reasons
But it didn't. It happened because Google didn't like the contents of your documents.
I don't recall ever agreeing to let Google even fucking read my documents, let alone tell me whether they're "acceptable" or not. So fuck Google, no more Google Docs for me.
Nope not a google employee. Or a seller of goggle products.
And no one actually involved in cloud transformations advertises it as the ultimate in availability or security.
That doesn't mean that we don't hear that often and loudly. Employee, zealot, or useful idiot, the glowing reports of unassailable security, 100 percent uptime, and almost miraculous reductions in cost of infrastructure and eliminating employees have been shouted from the rooftops for years.
The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane.
Well okay. But who needs ultimate? The cloud certainly doesn't approach ultimate, and stupid stuff like expired security certificates (microsoft) and arbitrary lockouts from your own information by google are as much failures as hardware failures. And this still doesn't address the fact that they are scraping the files.
Also why am I only having it in the cloud? Consumer equipment is perfect for consuming. So there is no reason a document isn't replicated there. Given this was google docs it would be trivial for all files to be synced using drive stream and hence being able to access the most recent interation on any PC.
Tell me - would you store classified data in your cloud?
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
WTF?! You already knew that.
"Believe me!" -- Donald Trump
A couple people were walking in a woods, when they spotted a hungry grizzly bear, and it started charging toward them. One of them started lacing up his shoes, preparing to run. "What's the point?" said the other, "You can't outrun a grizzly bear." The reply: "I just have to outrun you."
We're in a world gone mad, where incompetence and malice-or-corruption (depending on how charitable you wanna be about it) dominate. The benchmark for your home fileserver's reliably isn't perfection; it just has to be better than alternatives (e.g. "you're the product, not the customer" type services).
And that's pretty damn easy to achieve. My file server doesn't even have a "check if this file complies with my TOS, and then delete it just to spite myself" to ever possibly malfunction. Why would I deliberately build additional risk into it?
"Believe me!" -- Donald Trump
I do store classified data in the cloud. I don't store it in google docs though.
Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.
Believe it or not Microsoft's Azure product is very secure if configured correctly.
You uploaded it to a platform that allows you to edit the documents in a web browser. How exactly did you NOT think you gave permission to google to open your docs?
If they can't open the docs they can't give you the ability to edit them. And then you have to expect them to build protections to stop bad docs taking the system off line.
Congratulations on completely missing the point.
Google can provide CRUD capabilities without ever knowing the content of the data.
It's the same way that a DBA can administer a database without ever looking at its data. In theory that's not possible but in practice it's very easy. Just the same for Google and docs.
I do store classified data in the cloud. I don't store it in google docs though.
Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.
Believe it or not Microsoft's Azure product is very secure if configured correctly.
That is only remotely the cloud we're talking about here.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Please go educate yourself [cppreference.com] about C++11 scoped enumerations.
Can you please tell me the exact part of my posts where I said or even insinuated otherwise?
Basically C-style enums allow implicit conversion to and from integers
As highlighted in my original comment, enums are basically integers so all the languages allow more or less easy transitions between both realities. Again, not sure where have you got that this point wasn't clear either in my first comment, which I kept quite generic without focusing on C++/C or in this specific implementation.
That's what fixes the bug in the grandparent post
No. For two reasons: one there is no bug (you don't know anything about the potential inputs/outputs; it might be a perfectly controlled situation); secondly and as explained in my original comment, having the input conditions controlled isn't language-dependent but programmer-dependent. If you are relying on a structure which performs whatever checks are required (your example with enums and C++), you can avoid caring about it. On the other hand, if such a thing isn't in place (your example with the C enum), you would have to do the checks yourself. There is nothing wrong with any of the languages, just with a bad programmer with an I-will-throw-it-there-without-checking-anything-and-hope-that-everything-turns-out-ok attitude (quite bad for life in general too, if you ask my opinion).
tl;dr: Unlike old-style enums, C++11 scoped enumerations are more than just window dressing for integers.
tl;dr: I never said or implied otherwise. As per the provided information, we don't even know whether this code can crash/is wrong. If it is wrong, the solution would be building a proper algorithm by maximising the means provided by the given language (don't check enums if you are using C++ or make sure that the inputs meet the expected boundaries in C). Even a further example to help you understand my point: why are you assuming that a number is being read? Perhaps the input source is also returning nulls or random strings and, in that case, both codes would be wrong :)
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Perhaps the input source is also returning nulls or random strings and, in that case, both codes would be wrong :)
And I mean that without even knowing the exact C++ behaviour (I have some experience in C, a lot in quite a few modern C-based languages, but not too much in C++), even if it could deal gracefully with almost any scenario (what I don't think that is the case), the difference among number valid enum, number invalid enum and not number would be ignored. What I want to highlight with this comment is that my whole intention since the start was to support proper, reasonable and flexible programming attitudes, rather than blind trust in abstract solutions or in something else (the language, the inputs or the next programmer) to take care of whatever for you. I replied about a week ago to another poster saying that concatenating SQL connection strings was absolutely wrong, pretty much the same thing than here.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Trolley McTrollface.
?! So, someone using his own account, the only undoubtedly linked to himself and his online-based business precisely focused on programming (on doing things properly always objectively and honestly without being part of any group/trend or unfairly favouring/criticising anyone and always trying to learn and to improve, etc.), the person whose starting comment and all the remaining ones have the sole purpose of critically discussing rather than blindly applying absolute truths. That person, myself, is the troll here?!
Let me do a quick recap: the original comment was absolutely criticising one of the most used programming languages ever, C, and supporting another one which introduced some improvements on it, C++. Both these languages can be safely considered old, as far as there are many newer languages compensating virtually all their limitations. I personally don't have any strong preference for any of them, but would use them if required. Saying that a language fixes the bugs of other one is very close to pure arbitrariness and, if you want to go down that path, I would recommend you to focus on newer alternatives than C++. This fact, together with trying to force critical thinking rather than blind repetition, was the whole point of my posts. So, in summary you are calling me t-r-o-l-l (apparently, you cannot write that word too many times here) for personally (rather than anonymously) promoting an open, practical and reasonable discussion as opposed to blind-repetition/fanaticism. Why? Because I promote common sense and anonymous, group-think and attacking-anyone-saying-otherwise benefits you? OK. I guess that I am fine with that label: t-r-o-l-l of the coward fanatics supporting what is bad for the most.
Go ahead and reply to yourself a few more times,
This isn't trolling either, right? Or a personal attack. The way in which I write or post here bothers you because isn't like yours or what you consider common and, even though I am not hurting anyone with my behaviour, you consider that (anonymously) censoring it is acceptable. Because everyone knows that people explaining too much, providing lots of over-information and doing so voluntarily at their own expense/time are the worst, right? Firstly, it comes Hitler, the mass murderers and, in the third position, people explaining too much, providing lots of over-information and being always ready to explain/reason. LOL. Although you deserve to be insulted (better: defined as what you really are), I will not do it because think that this description of your behaviour will do a much better job.
If you can't see the bug where it clearly says "/* bug; should have been VF_VIRUS; note: implicit (ViolationFlags)(int)VC_VIRUS == VF_TOS */"
So, you detect bugs by looking at comments?! When solving a problem, you mostly look for the label clearly stating "problem here, please solve", aren't you? That makes (again) lots of sense! LOL. Anyway, I don't think that this comment goes against what I have been explaining here. In that specific scenario, the original C code would be buggy, but the C++ version wouldn't be the logical solution either (creating the proper algorithm in C would have been). In any other scenario involving that same code or any other one taking random inputs, exactly the same story: enum boundaries would have to be checked/not depending upon the conditions/language. No need to bring C++ (or any other language) into picture to "correct a bug" provoked in C (or any other language). Logically, I mean all this when dealing with commonly-supported and generic conditions as highlighted in one of the previous comments to myself (really meant to help people like you who usually require a lot of over-explanations to understand anything properly).
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
BTW and even despite you have proven numerous lacks on the common sense front, I cannot refrain myself from asking you something: why trolling? As I understand it, there are two main meanings for that expression: either bothering others (mostly in a childish and quite random way; although it might also be used to censor previous behaviours) or relying on a somehow dishonest attitude to get some kind of gain. Do you think that any of this is even slightly applicable to this situation? You know, have you put all the pieces together to determine whether your attitude, impressions and outputs make actually any sense? Or, in other words, do you know what you are doing/what is happening here? What is your position (victim or aggressor), your knowledge and the real applicability of your words?.
I am a logged-in user with an account clearly linked to myself/my business/my knowledge/my attitude and am replying to someone who anonymously posted a kind-of-off-topic comment about two programming languages which I personally don't even use too much (I have been working quite a lot on C during the last months though). What could I gain with all that? How would I get any kind of advantage from C or C++ being used more/less or people thinking that using a different language is an acceptable way to fix a bug? Can you see in my profile here or in my website any reference to me being paid by the (non-existent) owners of any of those two languages? Do you think that I earn money or get a better reputation as a programmer, even as a person, by using my company's account for just bothering random anonymous people? If you do a quick research about me, you would see that there are quite a few express references to principles like honesty, fairness, objectivity, etc.; what do you think about all this? It is just a cover for my real activity, right? My only goal on life and my sole income source was, is and will always be to randomly and dishonestly attack anonymous people in internet talking about so irrelevant issues like advantages C/C++, right? Every time, I said something against what you think, I am lying and I only want to attack you, random anonymous coward, don't you think? Every time I click on the "post" button, I get $1000 because the world is a magical place where random words make sense and things just happen, right? LOOOOOOOOOOOOL.
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Weird! That previous post isn't being displayed in my profile, unlikely the other one which I wrote a while later. Note that when trying to firstly post it, I got a "lameness filter" warning which disappeared after converting some of the "troll"s into "t-r-o-l-l"s. I guess that those first posting attempts provoked it to be somehow demoted anyway. What a pity!
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.