Showing posts with label Google Apps. Show all posts
Showing posts with label Google Apps. Show all posts

Tuesday, December 15, 2015

Calendaring in iOS, OS X, Outlook 2010 and Google Android/Chrome are all very different.

If you’ve ever wondered why healthcare institutions can’t easily share data between computer systems, just take a look at Calendaring in iOS, OS X, Outlook 2010 and Google Android/Chrome.

Google went down the road of calendar overlays. You can have as many calendars as you like and you can share them across a Google Apps domain or between Google users. Public calendars are available for subscription. My current Google Calendar calendar list holds twenty distinct calendars of which 8 belong to my family. (One for each family member, one for entire family, a couple of parent-only calendars that the kids don’t see.) In Google’s world, which is consistent across Chrome and Android, shared calendars can be read-only or read-write. Google supports invitations by messaging.

I love how Google does this, but I’m a geek.

I’ve not used any modern versions of Outlook, but Outlook 2010 also supported Calendar subscription. They didn’t do overlays though, every Calendar stood alone. I never found this very useful.

Apple did things differently. Not only differently from everyone else, but also differently between iOS, OS X, and iCloud.  OS X supports calendar overlays and subscriptions, but the support of Google Calendar subscriptions is  weird (there are two ways to view them and both are poorly documented). iOS has a very obscure calendar subscription feature that I suspect nobody has ever used, but it does support “family sharing” for up to 6 people/calendars (also barely documented). There’s an even more obscure way to see multiple overlay Google calendars on iOS, but really you should just buy Calendars 5.app.

iCloud’s web calendar view doesn’t have any UI support for Calendar sharing, I’ve not tested what it actually does. Apple is proof that a dysfunctional corporation can be insanely profitable.

All three corporations (four if you treat Apple as a split personality) more-or-less implement the (inevitably) quirky CalDAV standard and can share invitations. Of course Microsoft’s definition of “all-day” doesn’t match Apple or Google’s definition, and each implements unique calendar “fields” (attributes) that can’t be shared.

Google comes out of this looking pretty good — until you try to find documentation for your Android phone and its apps. Some kind of reference, like Google’s Android and Nexus user guides. As of Dec 2015 that link eventually leads to a lonely PDF published almost five years ago. That’s about it.

I don’t think modern IT’s productivity failure is a great mystery. 

Saturday, February 07, 2015

Google and the Net 2015: The Quick, the Sick and the Dead - 7th edition

I first published a Google Quick, Sick and Dead list in January 2009, at the dawn of Dapocalypse. This was six months after the Battle of Latitude; we were well into the post-Android Google-Apple War I. By then the iPhone was big, but not as dominant as it would get.

Less than two years later, in July of 2011, Google Plus launched. Five months later Google Reader Shares vanished and Google 1.0 was declared dead. Looking back, a lot of software became ill in 2011.

Again with the damned interesting times! Since then many cloud services have been killed or abandoned. We’re growing accustomed to major regressions in software functionality with associated data loss (most recently with Apple’s Aperture). I am sure businesses struggle with the rate of change.

Looking back the 2009+ software turmoil probably arose from 2 factors, one technological and one external. The technological factor was, in a word, the iPhone. Mobile blew up the world we knew. The external factor was the Great Recession (which, in Europe, continues today as the Lesser Depression). 

Of course if you believe the Great Recession has its roots in globalization and IT (including IT enabled fraud and IT enabled globalization) [1] then it’s really all a post-WW II thing. I suppose that’s how it will look to the AIs.

Which brings me back to my Google Quick Sick and Dead series. It’s been more than four years since the 6th edition. I haven’t had the heart to update the list the way I once did — too many old friends have become ill. I’m doing an update today because I started a post on the Google Calendar iPad experience and it got out of control.

As with prior editions this is a review of the Google Services I use personally — so neither Android nor Chromebooks are on the list. It’s also written entirely from my personal perspective; I don’t care how the rest of the world sees Google Search, for me it’s dying.

With those caveats, here’s the list. Items that have effectively died since my last update are show with a strike-through but left in their 2011 categorization, old items have their 2011 category in parentheses. Items in italics are particularly noteworthy.

The Quick (Q) 
  • Google Scholar (Q)
  • Chrome browser (Q)
  • Maps and Earth (Q)
  • News (Q)
  • Google Drive and core productivity apps - Docs, Sheets, Present (Q)
  • YouTube (Q)
  • Google Profile (Q)
  • Google Translate (S)
The Sick (S)
  • Google Parental Controls (D)
  • Gmail (Q)
  • Google Checkout (S)
  • iGoogle (S)
The Walking Dead (D)
  • Google Search (S)
  • Google Custom Search (D)
  • Google Contacts (Q)
  • Google Hangout (S): on iOS
  • Google Voice (D)
  • Google Mobile Sync (S)
  • Google’s Data Liberation Front (S)
  • Google Calendar (Q)
  • Google Tasks (Q)
  • Picasa Web Albums (Q)
  • Blogger (D)
  • Google Books (S)
  • Google Plus (Q)
  • Buzz (D)
  • Google Groups (D)
  • Google Sites (D)
  • Knol (D)
  • Firefox/IE toolbars (D)
  • Google Talk (D)
  • Google Reader (S)
  • Orkut (S)
  • Google Video Chat (S) - replaced by G+ Hangout
A lot has happened in four years. I was surprised to see I’d rated Google Search as “sick” in 2011 — but that was the right call. In my personal experience Search has moved into the Dead zone since; I am often unable to locate items that I know exist. I have to find them by other means.
 
I haven’t adopted any new Google Services since 2011. On the other hand hand many services I thought would die have simply remained “Walking Dead”. Google Scholar’s persistence is quixotic; I figure Larry Page is personally fond of it.
 
Google Calendar is the Canary case. Four years ago Calendar was due for some updates, but it looked healthy. My immediate family members each have 1 Google Calendar; with various other family and school calendars and event feeds our total number of subscribed calendars is probably in the mid 20s. We use Google Calendar with Calendars 5.app on iOS and Safari or Chrome elsewhere. We’re Calendar power users.
 
Since 2011 though Calendars has stagnated. Google’s only “improvement” has been a partially reversed 2011 usability reduction. Today, thanks to our school district’s iPad program, I got to experience Google Calendar on the iPad without the benefit of Calendars 5 
[2]. It’s an awful experience; the “mobile” view is particularly abysmal. Suddenly four years of stagnation leapt into focus. Google Calendar is now an Android/Chrome only product.
 
Looking across the list there’s a pattern. Google is abandoning its standards based and internet services, focusing instead on Android and an increasingly closed Chrome-based ecosystem. Presumably those two will merge and Google and Apple will become mirror images. It’s unclear if anything will inherit the non-video streaming internet, or if it will simply pass into history. Maybe our best hope is that smaller standards-friendly ventures like Fastmail, Pinboard, WordPress, and Feedbin may prosper in an ecosystem Google has abandoned.
  
Damn, but it’s been one hell of a ride. The take away for me is that I need to get away from Google, but that’s easy to say and hard to do. Replacing my family’s grandfathered Google Apps services with the Fastmail equivalent would cost over $600 a year and the migration would take a non-trivial chunk of my lifespan. History is better to read than to experience, and we’re still early into the AI age.
 
- fn -
 
[1] It’s a different blog post, but widespread hacking (governments included) and ubiquitous identity theft may yet kill Internet 1.0. As of as Jon Robb predicted in 2007 the Internet itself is ailing.
[2] I haven’t been able to get my own iPad purchase past Gordon’s Laws of Acquisition. Those same laws have stopped my iPhone 6 purchase. Maybe I can justify the iPad by keeping my 5s.

See also:

Friday, August 09, 2013

Americans traveling through Canada: Telecom 2013

It goes something like this:

  • Remove my personal (iPhone) mobile number from my work Google Voice (GV) account and set that number to forward all calls or SMS as transcribed text to my email.
  • Add my iPhone mobile number to my personal GV account and make GV the voicemail service for that number. Turn off call forward, set to forward GV calls or SMS as transcribed text.
  • Change iPhone GV app to use my personal GV account
  • Make Emily GV the voice mail for her cell, confirm her iPhone GV app is correct
  • Set home phone to forward to Emily GV
  • Pay AT&T $30 prorated for 80 min Canadian talk on my iPhone cell number (locked phone)
  • In Canada buy Virgin Mobile SIM & 1GB data ($30 or so) for daughter's unlocked 4S and make that a hotspot.

On return, undo all.

See also: 

Monday, October 31, 2011

Dapocalypse now: Google's day of infamy

I shared thousands of articles through Google Reader.

They were a part of my extended memory. I often searched that repository.

This evening they are gone.

I had expected bad news, but I didn't expect the entire shared story repository to vanish.

Yes, there's a JSON export. I will do it of course, but Google is not providing any tools to navigate or transform that data set. The export of data in a non-useable format is no export at all.

Dapocalypse now. Google, I want a divorce.

Update: The JSON export links aren't working for me.

Sunday, September 04, 2011

Google Quick, Sick and Dead - 6th edition.

It's been only four months since the 5th edition of Google Quick, Sick and Dead - 5th edition. It's been a busy time though, with the launch of G+ and Google recently announcing another set of official closures. The terminations were of products I thought had already been discontinued, so I don't have them listed below.

As with prior editions this is a review of the Google Services I use personally - so Android is not on the list. Items that have moved up or are new are green, items that have moved down or officially discontinued are red, in parens is the prior state.

For me personally the news is not good -- both Google Reader and Google Custom Search are now on the Dead list (though Google has finally fixed the broken icon that was displaying with custom search). These are two of my favorite Google services, but neither of them deliver significant ad revenue to Google. That, in a nutshell, is the problem with relying on Google's cloud. G+ is mildly interesting, but so far it's not doing anything useful for me.

The Quick (Q)
  • Google Scholar (Q)
  • Gmail (Q)
  • Chrome browser (Q)
  • Picasa Web Albums (Q)
  • Calendar (Q)
  • Maps and Earth (Q)
  • News (Q)
  • Google Docs (Q)
  • Google Voice (Q)
  • Google Search (Q)
  • Google (Gmail) Tasks (Q)
  • YouTube (Q)
  • Google Apps (Q)
  • Google Profile (Q)
  • Google Contacts (Q)
  • GooglePlus - G+ (new)
  • Blogger (S)
The Sick (S)
  • Google’s Data Liberation Front (S)
  • Google Translate (S)
  • Books (S)
  • Google Mobile Sync (S)
  • Google Checkout (S)
  • iGoogle (S)
The Walking Dead (D)
  • Buzz (D)
  • Google Groups (D)
  • Google Sites (D)
  • Knol (D)
  • Firefox/IE toolbars (D)
  • Google Talk (D)
  • Google Parental Controls (D)
  • Google Reader (S)
  • Orkut (S)
  • Custom search engines (S)
  • Google Video Chat (S) - replaced by G+ Hangout
See also:

Wednesday, August 31, 2011

Google's identity failure: recreating the joy of Buzz

Google + requires us to use our "true name". In may case John F, not "John Gordon" or any of my other aliases.

Charlie Stross has a good rant on why this is a bad idea. He finishes with a set of solid recommendations (emphases mine) ...

Google is wrong about the root cause of online trolling and other forms of sociopathic behaviour. It's nothing to do with anonymity. Rather, it's to do with the evanescence of online identity. People who have long term online identities (regardless of whether they're pseudonymous or not) tend to protect their reputations. Trolls, in contrast, use throw-away identities because it's not a real identity to them: it's a sock puppet they wave in the face of their victim to torment them. Forcing people to use their real name online won't magically induce civility: the trolls don't care. Identity, to them, is something that exists in the room with the big blue ceiling, away from the keyboard. Stuff in the glowing screen is imaginary and of no consequence.

If Google want to do it right, they're going to have to ditch their naming policy completely and redo from scratch.

To get it right, they need to acknowledge that not everyone has a name of the form John Smith or Jane Doe; that not everyone uses the same character set or same number of names. They might be able to get away with insisting on a name that appears on a piece of government-issued ID; but then they need to acknowledge that people have legitimate reasons for using one or more pseudonyms, allow users to register pseudonyms associated with that name, attach pseudonyms to different (or even overlapping) circles of friends, and give the user a "keep my real name secret" check-button. Then and only then they'll begin to develop a system that has some hope of working.

I can't improve on Charlie's rant. He's one of many, but he says it well.

Unfortunately, this isn't the first time Google got it wrong. They made the exact same mistake with the Buzz Profile. I wrote about that over a year ago ...

Gordon's Notes: The Buzz profile problem: I am Legion (feb 2010)

I am father, brother, in-law, son, and spouse. I am coach. I am volunteer. I am citizen and activist. I am a physician. I am an (adjunct) professor. I am an oddity in a large, conservative, publicly traded corporation. In the corporation I am a team member, known to some customers, occasionally publicly facing, known in various ways and various places. I have other roles and have had many more over time.

I am Legion. So are most middle-aged persons.

Only one person knows all the roles and all of the stories that are not excruciatingly boring (hi Emily).

That’s the problem with Google Buzz, and why my Google Profile doesn’t include my pseudonymous (John Gordon) blog postings or my Google Shared items.

Buzz is tightly linked to my Google Profile, and my Profile is trivially discoverable. I don’t want corporate HR or a customer or business partner to instantly know that I’m a commie pinko Obamafanboy with a dysfunctional Steve Jobs relationship.

I have LinkedIn as my bland corporate face, and, despite Facebook’s innate evilness, a FB profile for friends and family. Inside the corporation I’ve a blog that serves as a limited persona.

We all have many roles, identities, avatars, personae, limited liability personae, characters, facets and so on. The problem with Buzz today is that it’s tied to the Google Profile, and that profile is the closest thing to my unified public face. It crosses boundaries. So it can only hold the limited information channels that are available to all.

Google hasn't learned enough from the disastrous failure of Buzz. They're repeating old mistakes, and seeing old results. Already G+ activity seems to be falling, and losing people like Stross isn't helping.

This can be fixed. Like Charlie says - give us a hard identity that the police can track if need be. Tie it to credit cards. Heck, for a fee "validate it" so we can better protect ourselves against identity theft. Then give us as many pseudonyms as we want, and give us tools to manage them while keeping our TrueName to ourselves.

Saturday, May 21, 2011

Google Quick, Sick and Dead - 5th edition. Reader is ailing, but there's been a turnaround

Google Reader is not well. In particular I'm seeing broken bits in the "Following" infrastructure. People Search is hanging for me, I have active "follower" feeds that are missing controls like unfollow, I find "anonymous" in the list of persons I "Follow" and so on.

This is a big deal for me. I rely on Reader.

Which reminds me that it's been seven months since the the 4th edition of Google: The Quick, the Sick and the Dead. Time for my review of the Google Services I use personally (so Android is not on there). Items that have moved up are blue, items that have moved down are red, in parens is the prior state. I had Reader as "Sick last time, so it's unchanged.

The Quick (Q)
  • Google Scholar (Q)
  • Gmail (Q)
  • Chrome browser (Q)
  • Picasa Web Albums (Q)
  • Calendar (Q)
  • Maps and Earth (Q)
  • News (Q)
  • Google Docs (Q)
  • Google Voice (Q)
  • Google Search (S)
  • Google (Gmail) Tasks (S)
  • YouTube (S)
  • Google Apps (S)
  • Google Profile (S)
  • Google Contacts (S)
The Sick (S)
  • Google Reader (S)
  • Google’s Data Liberation Front (S)
  • Google Translate (S)
  • Custom search engines (S)
  • Books (S)
  • Google Mobile Sync (S)
  • Google Video Chat (S)
  • Google Checkout (S)
  • Orkut (S)
  • iGoogle (S)
  • Chrome OS (D)
  • Blogger (D)
The Walking Dead (D)
  • Buzz (D)
  • Google Groups (D)
  • Google Sites (D)
  • Knol (D)
  • Firefox/IE toolbars (D)
  • Google Talk (D)
  • Google Parental Controls (D)
The Officially Dead - since last edition
  • Google Video
  • Google Base (D)

Since the last update there are two new recognized and official deaths - Google Video and Google Base. (See prior editions for other terminated products, I don't carry those forward). I missed that Google Base had died, that didn't get a lot of attention! It moved to a merchant service that I don't track. Google Video had an interesting demise. Google at first intended to delete content, but then reneged and now promises to migrate videos to YouTube.

To my surprise, however, Google has done better over the past seven months than I'd thought. Eight products have improved significantly; two moved out of the Dead zone! That tells me there's hope for Reader. It's been ailing for a while, but it's certainly not Walking Dead. There's a good chance for a reboot, probably as part of scrapping Buzz and the "Follower" model.

The most important improvement has been in the most important product -- Search has been much better since Google moved against the content scrapers.

This is a real reversal from seven months ago when I wrote ...

Seven products have moved from Quick to Sick - including Search. That's a big one. Google suggest is fun, but Google is losing the splog wars. Too many of the results I get back are splog noise. I love Reader, but the Notes/Comments silliness has to mark it as Sick. I also love the Data Liberation Front, but they're not getting traction any more. I suspect they've lost funding. Translate hasn't made progress on the non-Euro languages, so it's increasingly irrelevant.

A good turnaround for Google. Keep it up!

Saturday, May 14, 2011

Reliability and the Cloud - Redundancy required

Hardly anyone noticed, but yet another Google cloud service failed this week. There was understandably more attention to Amazon's recent service failure (2008 too). These aren't a surprise, I've had my share of complaints with Google's cloud services.

Despite all of the problems with Cloud services, of which the most serious is Cloud provider bankruptcy, Amazon and Google are relatively reliable. In my corporate workplace, the average worker loses 2-5 days of work each year due to machine upgrades, backup failures and hardware failures. Cloud services aren't quite that bad, but corporate IT is a low standard. Cloud services aren't good enough.

The answer to Cloud reliability, is redundancy. The designers of the late 20th century American space shuttle knew this well ...

... The shuttle uses five identical redundant IBM 32-bit general purpose computers (GPCs), model AP-101, constituting a type of embedded system. Four computers run specialized software called the Primary Avionics Software System (PASS). A fifth backup computer runs separate software called the Backup Flight System (BFS). Collectively they are called the Data Processing System (DPS)....

The design goal of the shuttle's DPS is fail-operational/fail-safe reliability. After a single failure, the shuttle can still continue the mission. After two failures, it can still land safely.

The four general-purpose computers operate essentially in lockstep, checking each other. If one computer fails, the three functioning computers "vote" it out of the system...

The Backup Flight System (BFS) is separately developed software running on the fifth computer, used only if the entire four-computer primary system fails. The BFS was created because although the four primary computers are hardware redundant, they all run the same software, so a generic software problem could crash all of them ...

It's not hard to do the math. A series of 5 procedures each with 90% reliability has a 40% chance of failure (1-0.9^5). A different system with 5 systems of similar reliability run in parallel has a 0.001% (.1^5) chance of failure.

In Cloud terms similar redundancy can come from multiple service providers, with the ability to switchover. File requests, for example, could be alternately routed to both Amazon S3 and to a corporate owned server. Reliability comes from two very different systems with uncorrelated failure probabilities [1][2].

This switchover requirements requires Cloud services to be dumb utilities - or to support some kind of local cache. To safely use Google Docs, for example, there has to be some way to fail over to a local device, perhaps by synchronizing files to a local store. Similarly, to use a Cloud blogging service one would want control of the domain name, and blog software that published to two services simultaneously. In the event of failure, the domain name could be redirected to the redundant server.

None of this is new. Back in the days when Cloud services were called "Application Service Providers" (ASP) I went through the same reasoning process with our web-based Electronic Health Record. I'm sure there were very similar discussions in the 1970's era of 'dumb terminals'. These things take time.

We'll know they Cloud is maturing when failover strategies become ubiquitous. Of course by then we'll call the Cloud something else ...

[1] Of course then the switch fails. There are always failure points, the trick is to apply redundancy to those that are least reliable, or where redundancy is most cost-effective. The Shuttle, infamously, couldn't survive a failure on launch of its solid fuel system.
[2] From a security perspective, two systems like this are two sources of security failure. Multiple systems increase reliability, but decrease security.

Saturday, December 18, 2010

Google's kid problem - something for the GOP led house to chew on

Google has a kid problem.

The latest example is the new Google eBooks iOS app. It seemed like a good option for my kids iOS devices. Problem is, like every Google app I've looked at it, it has an embedded browser. Disabling Safari doesn't disable webkit use, so the browser is always available. A full Google search prompt is only a few clicks away, so the iPhone eBook app effectively disables iOS parental controls.

Just like Google's ad platform disables iOS parental controls.

I wish Apple would give all apps with embedded browsers and NC17 rating. Still, this is Google's problem -- not Apple's. Google has the same problem with Android devices (no parental controls at all) and with Google search (no effective parental controls). I'm sure Chrome OS will be no better.

I guess we have to wait until the founders have kids. The one bright side of the GOP dominated House is that they might give Google a hard time about this. Google is no friend of the GOP, and those guys know how to turn the heat up.

Google may have to start paying attentions to kids. They can start by having their iOS devices disable WebKit use when Safari is disabled.

Tuesday, November 16, 2010

Apple-Google armistice day - Google Voice for the iPhone is available.

Google Voice for iPhone is available, the first Apple Google war is over. It lasted from about July 27, 2009 to Nov 9, 2010.

I speculated on why it was ending in September when the ceasefire was official. I listed nine items. If I had to pick one cause it would be Facebook shafting Apple at the Ping launch.

Monday, September 20, 2010

Google's two factor authentication and why you need four OpenID accounts

My Google account was hacked two weeks ago, so today Google is deploying two factor authentication to (paid) Google Apps.

What, you think that's coincidental? You underestimate my power (cue mad laughter).

This is a good thing, but it won't prevent a keystroke logger from pinching your password if you use an insecure (ex: XP) machine. On the other hand, maybe I'll switch to a trivial password and just rely on the more robust 2nd factor.

Which brings me to OpenID and OAuth. In my latest post-hack "what am I doing" post I warned against OpenID. The only thing worse than losing a critical password to keystroke logging is losing a critical OpenID password.

Since then I've been thinking about where we're going, and I think there's a place for OpenID/OAuth and two factor authentication.  More specifically, there's a role for multiple OAuth (I'll drop the /OpenID for now) accounts - one for each of the five credential classes.

What's a credential class? Think  in terms of how you'd feel about someone taking your credentials ...
I: You want it? Take it.
II: I'd rather you didn't.
III: Help!! Help!! 
IV: I'll fight you for it.
V: Kreegah bundolo! Kill!! 
We need a master account with Category V security. The One Ring account has two factor authentication and a robust reset procedure that might involving banks and other identity authentication services. It may be tied to a strong identity as well, but that's another post. You only enter these Category V credentials on a secure machine and an encrypted connection. The Master Account can be used to override and change the passwords on lesser accounts.

From the master account we have four other credentials (un/pw combinations), each with OpenID/OAuth services.

The Class IV credential service is what we use with Gmail and a range of high-end OpenID/OAuth services like banks. We enter these credentials only on a secure machine - but there's a degree of comfort from having a Class V account that can change passwords. On less secure machines maybe we use two factor authentication.

The Class III credentials are what we use anywhere that has credit card capabilities. Use these for Amazon and iTunes.

Class II credentials are for your spam only Yahoo email and the New York Times.

Class I credentials are for the Minneapolis Star Tribune.

In a world of widespread OAuth/OpenID type services and this type of master account we really need to know five passwords, and only three of them have to be decent passwords. We can manage that.

This is where we will go.

We can do it now of course, by setting up five Google accounts. It will probably get a lot easier when Google Apps start providing full Google account services for each user, with optional two factor authentication.

In fact, this is so simple I'm surprised MyOpenID doesn't do it already.

Maybe in two weeks.

Sunday, September 19, 2010

GV Mobile is back. What's next?

This pusilanimous Apple web site document justifies a reasonable amount of Apple hatred. It was written after Apple declared war on Google in July of 2009 ...
Apple Answers the FCC’s Questions 
Contrary to published reports, Apple has not rejected the Google Voice application, and continues to study it....
The following applications also fall into this category.

  • Name: GVDialer / GVDialer Lite... 
    Name: VoiceCentral.. 
    Name: GV Mobile / GV Mobile Free...
One of the most wretched things about this press release is that none of the complaints Apple had with Google's application (some legitimate) actually applied to GV Mobile and its competitors. Banning them, along with Google Apps like Latitude, was proof that Apple wasn't protecting the user experience, they were in a commerce war with Google.

Since then the FTC has been squeezing Apple, and GV Mobile is back (bit of a botched debut though). I wonder if they pointed out that while Apple might get away with blocking Google Voice, they had gone too far when they blocked GV Mobile. If that's true, I wonder if we'll see other Google related apps appear, like a Google Latitude client that actually works (sorry Latitudie).


PS. Yes, I know the formatting of this post is a mess. Google has outsourced their Blogger rich text editor to Microsoft Adobe. You have a better explanation? (I wrote Microsoft, but, really, this stuff they do well.)

Saturday, September 11, 2010

Thunder in the Cloud: Lessons from my hacked Google Account

It was just another week in the age of insecurity. Yet another low tech Windows-only trojan spread throughout American corporations, costing a day or so of economic output and probably acquiring a rich bounty of passwords. Twitter implemented a defective OAuth security framework. Oh, and my Google (Gmail) account was hacked.

The last of these was the most important.

Cough. Go head, laugh. Check back in three years and we'll talk. For now, trust me on this. There are some interesting implications.

First though, a quick review. Nothing obvious was done to my Cloud data by the hacker, I only know of the hack because of defenses Google put in place after they were hacked by China. Secondly I used a robust and unique password on my primary Google account and I'm a Phishing/social engineering hard target. So, in order of descending probability the security flaw was
  • Keystroke logging > Google false alarm (no hack) > iPhone app credential theft > WiFi intercepts >> Google was hacked > password/brute force attack.
I changed my password, but that doesn't deal with the real security problems (keystroke logging, WiFi intercepts, App credential theft). The other changes I'm making are more important.

That's the background. Why is this interesting? It's interesting because of what we can infer about motives, and the implications for the future of Cloud computing, iOS devices, and Apple.

Consider first the motives. The hackers owned my Google credentials for 24 hours, but they did nothing. They didn't change my passwords, they didn't send any email. The most likely explanation is that the next move was to identify and attack our mutual fund accounts by taking advantage of harvested data (58,000 emails, hundreds of Googel Docs), accessible internet data, and the stupidity of mutual fund security systems.

We're not rich by American standards, but emptying our accounts would be a good return on investment for most organized criminal organizations.

Secondly if I can be hacked like this, anyone can. I am the canary in this coal mine, and I just keeled over.

Ok, maybe the impractically pure and young Cryptonomicon live-in-a-thumb-drive-VM-with-SSL geeks are relatively safe, but, practically speaking, everyone is vulnerable. Windows, OS X or Linux - it doesn't make a difference. (But the iPhone/"iTouch" and iPad do make a difference. More on that below.)

When history combines motive (huge revenue hits) with opportunity then "Houston, We have a Problem". Sometimes freaking out is not unwise. 2010 network security is a market failure. The business model of Cloud Computing is in deep trouble.

I think I know how this ends up. Somehow, some day, we will all have layers of identity and data protection, designed so that one layer can fall while others endure. Our most critical data may never be committed to the network, perhaps never on a digital device. If I were running Microsoft, Google or Apple I'd be spending millions on figuring out how to do make this relatively seamless.

That part is fuzzy. What's clear is good news for Apple, though everyone else isn't far behind. Untrusted devices, untrusted software, and untrusted networks are all dead. That means shared devices are dead too. Corporations need to own their machines and trust systems, we need to own our machines and trust systems, and when we have both a corporate and a personal identity we need two machines.

Practically speaking, we all need iPhone/iTouch/iPad class devices with screened and validated software that we carry everywhere [1]. That means the equivalent of iOS and App Store, but software apps that provide Google access need to be highly screened. Practically speaking, they need to come from Google or Apple.)

We need secure network access. For the moment, that means AT&T 3G rather than, say, Cafe WiFi (Witopia VPN is not quite ready for the mass market). Within the near term we need Apple to make VPN services a part of their MobileMe offering with seamless iOS integration. Apple currently provides remote MobileMe iPhone annihilation, we need the iPhone/iPod Touch FaceTime camera to start doing facial/iris biometrics.

Yes, Apple is oddly well positioned to provide all of these, though Google's ChromeOS mayb be close behind.

Funny coincidence isn't it? It's almost as though Apple thought this through a few years ago. I wonder what they're planning now to enforce trusted hardware. Oh, right, they bought the A4.

The page is turning on the remnants of 20th century computing. Welcome to the new world.

-- footnotes

[1] Really we need iPhone/iTouch class devices with optional external displays. Maybe in 2013.

See also:

Post-hack posts (past week):
Pre-hack posts

And some warnings of mine that were premature -- because Team Obama converted Great Depression II into the Great Recession.

Sunday, September 05, 2010

After the Google Hack: Life in the transparent society

My Google Account (Gmail and more) was hacked on 9/3/10, a day before I wrote about the risks of online backup.

I had a 99th percentile password. It had six letters, four numbers, no words or meaningful sequences. It wouldn't be in a dictionary. On the other hand, like Schneier and other security gurus, I didn't change it often. I also had it stored locally on multiple desktop and iPhone apps. As far as I know it wasn't stored on any reasonably current web app.

If my password had been a bike lock, it would have been one of those high end models. Enough to secure a mid-range bike on the principle that better bikes with cheaper locks were easy to find.

That wasn't enough. For some reason a pro thief [2] decided to pinch my mid-range bike. They didn't do any damage, they didn't seem to send spam [1]. They seem to have unlocked my bike, peaked around, and locked it again.

Why would a pro bother? Trust me, I lead an intensely narrowcast life. It's interesting to only a few people, and boring to everyone else.

On the other hand, it wasn't always so. "I coulda been a contendah." I knew people who have had interesting lives, I still correspond with some. If a pro was interested in me, it was most likely because of someone like that. My visitor was probably looking for correspondence. Once they found it, or confirmed my dullness, they wouldn't have further interest in me.

Fortunately even that correspondence is quite dull.

I've changed my password. The new one is 99.9th percentile. Doesn't matter, I doubt I'm much more secure.

This isn't a complete surprise. Passwords died as a high end security measure about ten years ago. What's more surprising, except in retrospect, is that you don't have to really do anything or be anybody to get some high end attention. You only have to be within 1-2 degrees of separation of someone interesting. Security and "interest" are "social"; even a dull person like me can inherit the security risk of an interesting acquaintance or correspondent.

Welcome to the transparent society. If you put something in the Cloud, you should assume it's public. Draw your own conclusions about the corporate Cloud business model and online backup, and remember your Gmail is public.

footnotes --

[1] Of course they could erase the sent email queue, but I haven't gotten any bounce backs. Anyway, there are much easier ways to send spam.
[2] Russian pro, Chinese government equivalent, etc. Why pro? Because the hacker didn't change my password after they hacked the account, they didn't trash anything obvious, they didn't send out spam, and the access was by an abandoned domain. I'm not vulnerable to keystroke logger hacks except at my place of employment and wifi intercepts are relatively infrequent. Still, it's all probabilities.

Monday, June 28, 2010

Google: The Quick, the Sick and the Dead - 3rd edition

I wrote my first Google Quick, Sick and Dead list in January of 2009 and the second in November 2009.

It's interesting to look back a year and take note of what's gone (Notebook, Page Creator, Knol?) and what's improved (Documents).

It's been over six months since the last edition, so here's version 3. Note the choices are entirely my own. Nobody else would put Android in the "Sick" category. 



The Quick
  • Search and Scholar (Scholar deserves more applause)
  • Google Reader including Like and Share (brilliant work, even though Buzz tries to kill it)
  • Google’s Data Liberation Front (my heroes!)
  • Gmail (even though they'll never fix the !$$@ threading)
  • Chrome browser
  • Picasa and Picasa Web Albums (esp. with new pricing)
  • Calendar (CalDAV support is slipping though)
  • Maps / Earth
  • News
  • Translate
  • Custom search engines
  • YouTube
  • Books (because they keep trying)
  • Google Docs
  • Google Apps
The Sick
  • Google Profile
  • Google Contacts: pathetic
  • Google Mobile Sync: multi-calendar control is ridiculous
  • Android – increasingly desperate need for curated apps and a Google controlled phone.
  • Buzz – Brin needs to stay out of social
  • Google Reader Comments and Notes - irrational confusion, though Reader itself is great
  • Google Voice (iPhone web app is frozen in time)
  • Chrome OS (feels stillborn)
  • Google Video Chat
  • Google Calendar CalDAV support
  • Google Checkout
  • Orkut
  • iGoogle
The Walking Dead
  • Blogger (because Google can't fix the #$!$!$ draft editor, there's still no mobile view, and the 5000 item limit goes unfixed)
  • Google Groups
  • Google Sites
  • Google desktop (search)
  • Google Base
  • Gmail Tasks (forgotten, useless)
  • Knol
  • Google Wave
  • Firefox/IE toolbars (killed by Chrome)
  • Google Talk (neglected, Chat confusion)
  • Google Parental Controls
Compared to a year ago Google has more sick and dying projects. I think the war with Apple is really hurting them. I'm quite sad about Blogger's pending demise.

Google should turn control of Google Profile and Buzz to the brilliant Google Reader team.



Update 6/29/10: I used Windows Live Writer to repair Blogger editor mis-formatting. On reflection I moved a few more items from “Sick” to “Walking Dead” and I realized I should include “Parental Controls” as a (walking dead) product. 


Update 8/11/10: Blogger has since improved to Sick from Walking Dead. I like this graphic of Google's past flops. Also, I hate, hate, hate Blogger's new editor.
--
My Google Reader Shared items (feed)

Wednesday, May 19, 2010

Unanticipated cloud app problems: The child

I've written about several issues with cloud apps. Here's a novel one.

For good reasons, I want my son to have access to email and calendaring, but not to Google search. We use Google Apps for our family domain.

It doesn't work. One feature of the cloud is there are few or no parental controls. One might try OS X Parental Controls, but it has serious issues with https sources. There are workarounds for these limitations, but the workarounds all require full access to Google search.

Desktop apps are a good fit for controlled access, cloud apps are not.

Monday, May 17, 2010

Jean-Louis Gassée on Cloud 2.0 – post of the month

Jean-Louis Gassée blogs on Monday Note. He’s been doing it since Feb 4, 2008.

Gassée has done many things, but he’s best known for having been Apple’s CEO for a time. These days he’s a VC “general partner”. It’s safe to assume he’s rich beyond my paltry dreams of avarice. Why does he bother writing a not-terribly-famous blog? I don’t think it’s for the adword revenue.

My best guess is that he’s helping out the blog’s co-author, and that he writes for love. Alas for those who write to live, his free stuff is better than the best of the WSJ. Such is the curse of early 21st century journalism.

Today he takes on the Google-Microsoft cloud apps war. It’s fantastic stuff (emphases mine) …

Cloud 2.0 - Monday Note

… Last year, Microsoft’s total sales were $58B, down 3% from 2008 … Note the Operating Profit, 35%. The company spends 15% of its revenue in R&D and 28% in Sales, Marketing and General Administration….

… Compare this to Apple’s 29.5% Operating Profit, 3% R&D, and 9% SG&A [selling, general and administrative expense] with a comparable revenue level, in the $50B to $60B range annually…

… Microsoft’s Net Income is 25% of revenue, Apple’s is 22%….

… Microsoft Office represented 90% of the $19B Business Division sales, with a nice 64% Operating Profit … Roughly 60% of all Microsoft’s profits come from Office and a little more than 53% from Windows OS licenses (or what MS calls its “Client” business):

So… Office + Windows, 60% + 50% = 110% of Microsoft’s Operating Profit? The math is complicated by the losses in something called “Corporate-Level Activity”… …and, more importantly, by the hefty 73% operating loss in the company’s Online Services Business:

If I’m interpreting Gassée’s writing correctly, Apple’s numbers are only comparable to Microsoft’s because Microsoft “wastes” a huge percentage of revenue. Microsoft’s R&D percent spend is 5 times Apple’s and Microsoft spends 3 times as much on selling, general and administrative expense – not to mention “corporate-level activity”. If Microsoft were as stingy as Apple, their profits would be mind-blowing. Microsoft Office is a money-factory.

I’m reminded of an old Cringely column, in which he opined that Microsoft could have any profit number it wanted to have.

Gassée continues from numbers to user experience, saying the same things I’ve whined about but that, honestly, I never see mentioned anywhere else

.. Google Apps aren’t Office killers. I’ve been using Gmail in both the free and paid-for accounts. The basic email functions work well, but managing contacts is awful. (Months ago, I heard Google had an internal project called Contacts Don’t Suck. I’m still waiting.)…

… I’ve tried to use Google Docs to write, share, and edit these Monday Notes. Failure. Compared to any word processor, Google Docs feels clunky and constrained, and hyperlinks die when you download the document…

… Google Apps aren’t “there” yet. They’re still clunky, to say nothing of managing the “stuff behind the desk”. They’ve been quickly upgraded–perhaps too quickly– at the expense of the user experience. If managing Google Apps is as complicated as running an Office DVD install program, an important part of the Google theory falls apart. We see the trumpeted announcements of large organizations and governments that have turned to Google Apps, but what we don’t see is a courageous journalist going back to the proud early adopters a year later to tell us what actually transpired.

So why is it that only cranks like me and outliers like Gassée ever point out where Google fails? It’s a bit hallucinatory. Gmail’s contacts function has been terrible for years (starting with the weirdly isolated link to “contacts” in Gmail). Google Docs are still very weak (though about to move up a notch), and things are worse when you look at the channel confusion around Blogger, Google Doc, Buzz and Google Sites.

Really, I do love a lot about Google, but they have to give up on the idea that good design is emergent.

Go and read his Cloud 2.0 post and the “related columns” he references at the end. Don’t forget to marvel at the strange age we live in, where some of the best journalism is done for love*.

* P.S. As a bone to the pros, Gassée drops a broad hint on how they could write something interesting – go to the early adopters of Google Apps and tell us what happened.

Saturday, December 26, 2009

Tech Churn: OS X Server, MobileMe and the Cloud

I've been gradually working through all the expected and unexpected* consequences of moving in a new machine and sunsetting my 6+ year old XP box.

Along the way I've run into another example of technology churn.

In our home we have 5 users and a guest account that are distributed across four Macs - an iMac i5, MacBook dual core, iMac G5, and a surprisingly functional though immobile iBook G3 running Camino. Each machine has its own uses, and most have six accounts.

It's a furball. It doesn't work well, for example, to put all personal files on an AFP share (Spotlight doesn't readily index shares, Mail and Aperture have issues with shares, there's no trash recovery post delete, etc). It's a pain to distribute passwords (keychain), credentials, desktops, etc. Let's not discuss our modern backup mess, shall we?

Once upon a time the answer would have been reasonably straightforward. I'd buy a used Mac Mini, stick OS X server and two 2TB firewire drives (one backup and one local) and do manage desktops.

Except Apple's iCal server fiasco tells me their server team is in disarray. There's also a relatively modern alternative to consider; at one time this is what MobileMe was marketed for. It was have been kind of OS X server in the Cloud, accessible both from the home firewall and from remote clients. (As of 10.6, incidentally, I think a MobileMe user name/pw associated with a user account in the Accounts Preference Pane acts like a kind of (undocumented) alternative global user identifier.)

So should I make good user of our family MobileMe account? Well, I'm kind of doing that, but there's churn there too. MobileMe has been caught in the iPhone, photo sharing, Google Apps and Facebook swhirlpool. Nobody, not even Steve Jobs, seems to know what the heck to do with it.

Or maybe we could extend what we've been doing for 3 years, and move more of our family functions into the gCloud? If Google does deliver a $150 Chrome OS netbook then each child will have one. Maybe we should start now.

Or maybe, because there's so much technological uncertainty, we should stall for time.

I think we're going to stall for time -- which means some combination of an AFP share, a backup server, MobileMe synchronization and continued use of our successful family Google Apps domain. That means OS X Server stays on the shelf for at least another six months.

Tech churn is a pain.

See also:
Update 10/4/09: A positive review of OS X 10.6 server convinced me that I really don't want to go that route! If Apple does make MobileMe a sort of "OS X Server Lite" for that masses, however, I'd find value there.
--

Saturday, November 21, 2009

Chrome OS - the Parental Controls

I'm going to forget I read that Google imagines Chrome OS machines will sell for $400. That's clearly a ploy to sedate Microsoft.

I'll stick with my original expectation, that moderately crummy Google branded Chrome OS machines will sell for under $180 with battery.

If that happens then Chrome OS laptops will be huge in K-12 education, 23 years after I mercifully failed to sell a rural school district on a student Newton OS mini-laptop education model.

Huge, that is, if Google gets Parental Controls right. I ain't giving my kids Chromebooks unless I get full control over what they get to and what they do.

If we don't see Parental Controls emerging in Google App domains within the next six months, the Chrome OS may be missing an essential function.