-
Website
http://codingexperiments.com/ -
Original page
http://codingexperiments.com/they-just-never-learn-google-docs-gives-yet-another-example-of-why-cloud-computing-is-dangerous/ -
Subscribe
All Comments -
Community
-
-
Top Commenters
-
Popular Threads
:)
Thank you for posting the link to the Google Docs blog. I haven't touched
Google Reader in ages, and wouldn't have ended up seeing it until much
later.
I read the post, and now that I have seen the issue from Google's eyes, I
still think there is some potential for abuse. Hopefully, such potential
should noe be minimized because of widespread knowledge of the issue.
In addition, I see it was terribly unwise for me to have published a blog
post about this issue the day after Google published an official reply.
Regardless, I still stand by my Stallman-esque opinion of cloud computing,
and still distrust Google Docs for more than simple notes.
Thank you for commenting, and I will update the main post to reflect this
information when I find a computer larger than a smartphone.
I trust the Google engineers over my hosting provider and of course they have security team - the open source guys don't - open source flaws are public knowledge (Wordpress gets constantly hacked)
example, it would be quite suspicious for somebody working in the billing
department at the hosting company to be dealing with the servers.
Specific consumer wiki software may indeed be insecure, but I believe that
generally, when given more control to how one's data is stored, it would be
more secure than leaving your data at the mercy of somebody far away that
gives the user very little control.
To whether or not open source software projects have security teams, I
cannot say due to the varying structure of different open source development
teams. However, the fact that security flaws can be seen in the source code
is a good thing I think. It allows "the good side" a fairer playing field
with the malicious hackers because more developers can come to assist the
good side, which isn't usually the case with proprietary software
development.
Wordpress constantly gets hacked due to poor security practices on
self-hosted installations. Now, while this seems like a flaw in my
suggestion on how users should store and collaborate on data. Shared hosts
have tools to autoinstall wikis (and Wordpress) with some security
practices, such as setting the proper file permissions, followed right out
of the box.
Ultimately, total security is not achievable, but I think that there are far
safer alternatives to the cloud.
When comparing to desktop security or self-hosted clouds, I think the reality is that most people who administer those things have little idea of security. If you consider a given virus may affect millions of Windows machines, botnets regularly control millions of machines and so on. Even if someone maintaining a in-house cloud system is pretty good at security, what happens if something crops up while they are on holiday, long-term sick or quit. If then you require 2+ people to admin the cloud, then surely the main beneficiaries of the cloud are mostly too small to support this type of effort (if they weren't already at one full-time person).
Whilst for some users they can do this in house better, I expect for the majority of users, the biggest flaw google docs has is the user choosing a weak password and/or writing down somewhere.
Their Google Search Appliance has laughable security which I found multiple exploits for...
from Google posits many of the complaints as features (Ex: Images are kept
after they are deleted so not to break references to the image elsewhere).
Regardless of whether it is a bug or feature, I do not trust Google Docs,
and do not think anybody else should.
That said, I would like to restate that GDocs and other places to store data
in the cloud (for free) are safe enough for data that isn't extremely
important.
In conclusion, I respect Google, but do not think users dhould store
important data there.