• Home

CodingExperiments.com

$ sudo make money

Search

Category:

  • Apple Inc.
  • Facts
  • Fun
  • Google
  • Google Android
  • Ideas
  • Internet
  • Linux
  • Microsoft
  • Programming
  • Rants
  • Security
  • Uncategorized
  • web 2.0

Archives:

  • April 2010
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007

Pages

  • About
  • About
    • The Authors
  • Commenting your code
  • How to Write Papers with Groff
  • ModCMS Anti-Spam Component Set
  • ModCMS Technical Specifications
  • Regular Expressions Guessing Game
  • Saving code directly to a web server
  • The (Almost) Perfect PHP 404 Page

Meta:

  • RSS
  • Comments RSS

Awesomeness tracker

CodingExperiments at Blogged View blog authority
Free Page Rank Tool

They Just Never Learn; Google Docs Gives Yet Another Example of Why Cloud Computing Is Dangerous

March 29th, 2009 by Rishabh Mishra

In this post, cloud computing is defined as the use of web applications such as Google Docs.

I’ve written a post about why cloud computing is dangerous.

I’ve written another post about why cloud computing is dangerous.

And now I’ve written EVEN another post about why cloud computing is dangerous, and that post is the one you are reading right now.

But regardless of my opinions on cloud computing, I felt that completely abandoning cloud computing or creating one’s own miniature cloud would be too difficult for nontechnical users. Perhaps the nontechnical users should avoid trusting random startups with data, but keep using the services of larger providers, like Google. Such larger providers couldn’t possibly be a poor choice to keep one’s data, right?

Well, apparently I’ve been proven wrong.

A security flaw has been found in Google Docs. Don’t get the idea that this is a small flaw; a minuscule crack in a great wall. Sticking with the wall metaphor, the security issue with Google Docs is a massive, gaping chasm where a wall should be. Sure, Google has well-read engineers that can quickly patch up security holes, but apparently the same excellent engineers could not have patched up the security issue in the first place1.

This raises an important question: If Google’s world-class engineers cannot prevent a user’s data from being stolen, who can?

Well, actually, anybody can prevent a user’s data from being stolen. Not putting the data online (even in a private online place) results makes it far more difficult to steal the data.

Granted, data often has to be put online for collaboration purposes, but there are still more secure ways to hold important data online. For a few USD a month, one can obtain a shared web hosting plan to install wiki software on2. The shared host should also provide support and features to help one secure his or her data3. Keep in mind that with shared hosting, one’s data is still on far-away servers, but one gets partial control of the system.

Now, I would like to finalize in saying that there is nothing wrong in using Google Docs or even a random startup’s cloud computing services; neither must be completely abandoned.If you are fine with anybody in the world reading what you put on far-away servers beyond your (at least partial) control, and are prepared for the unlikely situation that you lose your data, there is no harm in cloud computing.

1 I would like to point out that the engineers are Google are far better programmers than me, so this should be considered as an insult or a claim of superiority. I deeply respect the Google engineers, but do not think that far-off servers are a good place to store one’s data.

2 It is possible that there is a security flaw in the wiki software that one may put on a shared hosting server, but choosing open-source wiki software and using good security practices should hopefully mitigate this.

3 Granted, with a shared hosting plan, it is possible for the system administrator to look at your files, but the risk of having your data stolen is still lower with a reputable hosting company than a random startup.


Posted in Google, web 2.0 | View Comments

  • leatherdonut

    Because Google doesn't know shit about security?

    Their Google Search Appliance has laughable security which I found multiple exploits for...

  • Rishabh Mishra

    I disagree that Google knows nothing about security. The official response
    from Google posits many of the complaints as features (Ex: Images are kept
    after they are deleted so not to break references to the image elsewhere).

    Regardless of whether it is a bug or feature, I do not trust Google Docs,
    and do not think anybody else should.

    That said, I would like to restate that GDocs and other places to store data
    in the cloud (for free) are safe enough for data that isn't extremely
    important.

    In conclusion, I respect Google, but do not think users dhould store
    important data there.

  • Richard Cunningham

    It's bad that Google has flaws like this, and I'm glad someone brought these design/usability flaws to everyone's attention, which means it's more likely to be fixed.

    When comparing to desktop security or self-hosted clouds, I think the reality is that most people who administer those things have little idea of security. If you consider a given virus may affect millions of Windows machines, botnets regularly control millions of machines and so on. Even if someone maintaining a in-house cloud system is pretty good at security, what happens if something crops up while they are on holiday, long-term sick or quit. If then you require 2+ people to admin the cloud, then surely the main beneficiaries of the cloud are mostly too small to support this type of effort (if they weren't already at one full-time person).

    Whilst for some users they can do this in house better, I expect for the majority of users, the biggest flaw google docs has is the user choosing a weak password and/or writing down somewhere.

  • feint

    Everyday people lose sensitive data to hackers - I feel my data is more secure in the cloud. On shared hosting account your data is less secure - being able to be read not just by the adiministrator but by anybody working at that hosting company - do you really know your host! Further more, consumer wiki software is filled with security flaws - (i am constantly having to patch mediatemple).

    I trust the Google engineers over my hosting provider and of course they have security team - the open source guys don't - open source flaws are public knowledge (Wordpress gets constantly hacked)

  • Rishabh Mishra

    I doubt that *anybody* at a shared hosting company can read your data. For
    example, it would be quite suspicious for somebody working in the billing
    department at the hosting company to be dealing with the servers.

    Specific consumer wiki software may indeed be insecure, but I believe that
    generally, when given more control to how one's data is stored, it would be
    more secure than leaving your data at the mercy of somebody far away that
    gives the user very little control.

    To whether or not open source software projects have security teams, I
    cannot say due to the varying structure of different open source development
    teams. However, the fact that security flaws can be seen in the source code
    is a good thing I think. It allows "the good side" a fairer playing field
    with the malicious hackers because more developers can come to assist the
    good side, which isn't usually the case with proprietary software
    development.

    Wordpress constantly gets hacked due to poor security practices on
    self-hosted installations. Now, while this seems like a flaw in my
    suggestion on how users should store and collaborate on data. Shared hosts
    have tools to autoinstall wikis (and Wordpress) with some security
    practices, such as setting the proper file permissions, followed right out
    of the box.

    Ultimately, total security is not achievable, but I think that there are far
    safer alternatives to the cloud.

  • Matt Cutts

    If you haven't seen it, the Google Docs Blog just posted their reply: http://googledocs.blogspot.com...

  • Rishabh Mishra

    Matt Cutts? A delight to see you on my blog. I am actually a fan of yours.
    :)

    Thank you for posting the link to the Google Docs blog. I haven't touched
    Google Reader in ages, and wouldn't have ended up seeing it until much
    later.

    I read the post, and now that I have seen the issue from Google's eyes, I
    still think there is some potential for abuse. Hopefully, such potential
    should noe be minimized because of widespread knowledge of the issue.

    In addition, I see it was terribly unwise for me to have published a blog
    post about this issue the day after Google published an official reply.
    Regardless, I still stand by my Stallman-esque opinion of cloud computing,
    and still distrust Google Docs for more than simple notes.

    Thank you for commenting, and I will update the main post to reflect this
    information when I find a computer larger than a smartphone.

blog comments powered by Disqus

 
Wordpress Themes by and Website Templates by Blogcut Blogged Blog Directory Blog Directory - Blogged