Google Explains Tuesday's Drive, Docs Bug That Marked Some Files As Violating Terms of Service (9to5google.com) 97
On Tuesday, Google's cloud-based word processing software was randomly flagging files for supposedly "violating" Google's Terms of Service, resulting in some users not being able to access or share their files. Google today explained the issue and addressed concerns that arose. 9to5Google reports: Several users on Tuesday morning reported no longer being able to open certain files they were working on in Docs, while others were locked out mid-edit. "On Tuesday, October 31, we mistakenly blocked access to some of our users' files, including Google Docs," Google said in a blog post. "This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS)." Afterwards, Google provided a comment to Gizmodo noting that a code push made earlier that morning was at fault and that full access had been restored to users hours after the bug first arose. Today's clarification goes on to explain how that error on Tuesday caused Drive to "misinterpret" responses from the antivirus system designed to protect against malware, phishing, and spam. As a result, Docs "erroneously mark[ed] some files as TOS violations, thus causing access denials for users of those files."
Google can arbitrarily ban me from my own files? (Score:5, Insightful)
Looks like it's to drop using Google Drive as my go-to backup for my work projects, or much of anything else, for that matter.
Re:Google can arbitrarily ban me from my own files (Score:5, Informative)
This is The Cloud. They're not YOUR files, they're OUR files.
Re: (Score:2)
So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.
Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.
That's way better than what you will ever achieve with crappy consumer equipment.
Re: (Score:2)
Until your hard drive blows up, your LAN goes down or your computer goes on the fritz. It's not like local file servers are magically immune to failures.
Re:Google can arbitrarily ban me from my own files (Score:4, Insightful)
Until your hard drive blows up, your LAN goes down or your computer goes on the fritz. It's not like local file servers are magically immune to failures.
In those cases, would the cloud somehow still work? That's a hellava cloud that gets th edat through a busted LAN and a non-functioning computer. Majick!
This access denial is a non-polishable turd. If I'm working on a project and suddenly "The cloud" locks me out of it, I'm well and truly screwed with tight deadlines. Wait - I know the answer - I'm supposed to both use the cloud andlocal storage along with my multiple backups. Which means the one item that is redundant is - the cloud.
I'll use dropbox or equivalent for transfer if I have to but never anything stored there or any other cloud storage or backup that isn't directly under my control, and that I can't put my grubby mitts on.
Re: (Score:2)
Google drive, at least on PCs, has a local copy stored, so even if a backhoe cuts the fiber, I can still work on a file.
Re: (Score:3)
A couple people were walking in a woods, when they spotted a hungry grizzly bear, and it started charging toward them. One of them started lacing up his shoes, preparing to run. "What's the point?" said the other, "You can't outrun a grizzly bear." The reply: "I just have to outrun you."
We're in a world gone mad, where incompetence and malice-or-corruption (depending on how charitable you wanna be about it) dominate. The benchmark for your h
Re: (Score:2)
So there was a minor outage that was caused by software? Could easily have happened for a million other reasons that no one would care about.
Would the outage have exceeded 12 hours? I can't see any RTO details, but if not you are still well within 99.9% availability.
That's way better than what you will ever achieve with crappy consumer equipment.
Looks like Google employees are presenting.
Sorry church, The cloud is advertized as the ultimate in security, and availability, Fuck you and your cloud is better than "consumer equipment.
Here comes the curse. May you get locked out of the biggest and mot important document you ever had, th eone your boss and your jobs depend on, and you only have it in teh cloud, since who would put it oncrappy consumer equipment. Go to the customer and tell them you got nothing.
Re: (Score:2)
Nope not a google employee. Or a seller of goggle products.
And no one actually involved in cloud transformations advertises it as the ultimate in availability or security. The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane. You price up what it would cost you to have HA between two server groups across two locations, with your own dedicated fibre connections.
Now factor into that 3 y
Re: (Score:3)
Nope not a google employee. Or a seller of goggle products.
And no one actually involved in cloud transformations advertises it as the ultimate in availability or security.
That doesn't mean that we don't hear that often and loudly. Employee, zealot, or useful idiot, the glowing reports of unassailable security, 100 percent uptime, and almost miraculous reductions in cost of infrastructure and eliminating employees have been shouted from the rooftops for years.
The ultimate option remains having multiple instances of each server stored in diverse on-prem datacenters where you control all access. But the cost of doing that is insane.
Well okay. But who needs ultimate? The cloud certainly doesn't approach ultimate, and stupid stuff like expired security certificates (microsoft) and arbitrary lockouts from your own information by google are as much fai
Re: (Score:2)
I do store classified data in the cloud. I don't store it in google docs though.
Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.
Believe it or not Microsoft's Azure product is very secure if configured correctly.
Re: (Score:2)
I do store classified data in the cloud. I don't store it in google docs though.
Some of the cloud options offer security that is at military classification. Some of data that I work with cannot leave the country, has to remain inside certain datacenters and has a load of other security requirements around it. We still use the cloud.
Believe it or not Microsoft's Azure product is very secure if configured correctly.
That is only remotely the cloud we're talking about here.
Re: (Score:2)
Could easily have happened for a million other reasons
But it didn't. It happened because Google didn't like the contents of your documents.
I don't recall ever agreeing to let Google even fucking read my documents, let alone tell me whether they're "acceptable" or not. So fuck Google, no more Google Docs for me.
Re: (Score:2)
You uploaded it to a platform that allows you to edit the documents in a web browser. How exactly did you NOT think you gave permission to google to open your docs?
If they can't open the docs they can't give you the ability to edit them. And then you have to expect them to build protections to stop bad docs taking the system off line.
Re: (Score:2)
Congratulations on completely missing the point.
Google can provide CRUD capabilities without ever knowing the content of the data.
It's the same way that a DBA can administer a database without ever looking at its data. In theory that's not possible but in practice it's very easy. Just the same for Google and docs.
Re: (Score:2)
... you didn't know that Google could cut off access to files in Google Drive? How the hell did you think it worked? I thought this site was news for nerds, not news for my grandma?
Be nice - your grandma is a great lady.
Re: (Score:2)
There are encryption layers you can add to your Google Drive, so even they can't see what you store (BoxCryptor is the one I use but I'm sure there are many others). Doesn't work for Docs and Spreadsheets, but who uses those anyway??
Re: (Score:2)
DevOps! Continuous Deployment! (Score:3)
On the other hand: no real consolation to those locked out by the bug
Re: (Score:2)
I always tell that to my employer.
Re:DevOps! Continuous Deployment! (Score:5, Funny)
So, DevOops.
Re: (Score:2)
Goshdarnit, I thought I was the king of puns.
Are you looking for a crew chief?
Re: (Score:2)
Well, I guess there's some consolation in having it provide pretty much full availability with zero scheduled downtime otherwise.
Cloudy Ownership (Score:2)
It's not just "the cloud", such a thing could happen on any network. It's that you must "trust" that Google will revert the issue and grant you access to *your* documents. They don't have to.
Re:Cloudy Ownership (Score:4, Informative)
Re: (Score:1)
Re: (Score:2)
How would I flag my data on my own network or computer as violating my Terms of Service? The mind boggles. It definitely is "the cloud". The cloud means you don't control your data.
That pretty much ends the argument!
Re: (Score:2)
It's not just "the cloud", such a thing could happen on any network. It's that you must "trust" that Google will revert the issue and grant you access to *your* documents. They don't have to.
The only person I trust is me. I've lived long enough to know that my documents won't mean a damn thing to anyone else. And for any cloud service, I'm just another customer.
So I'm stored locally, with one local and one backup not stored here. Pretty simple, as I care about my most important customer.
Stupid users (Score:1)
Google bug... (Score:4, Funny)
"OK; as a word we commonly use has now been associated with terrorism and banned by the search algorithms, we suggest instead of 'the' you use 't__he' or 'Teh'".
We hope to have this solved soon.
Fuck you Google (Score:3, Funny)
I'm playing it safe and storing all my documents on Microsoft OneDrive.
In other words ... (Score:2)
... they scraped them all.
Never trust a service that will censor in any way (Score:1)
It just goes to show you should never use as primary storage a service that will, for any reason, censor or lock content - because someday anything you have may be declared "wrong".
I don't mind editing documents and moving them into the cloud, I don't even necessarily mind iCloud based apps like Keynote that stores things to iCloud - but there at least I can save a Kyenote file locally and work with it there if I like. Google Docs have always been a bit too "pure cloud" for my liking...
Public domain ... (Score:2)
... the cloud is.
It can't be malware (Score:2)
It came off a perfectly innocent looking thumb drive that I found in a parking lot in Langley, W. Virginia.
Set up your own computers (Score:2)
If you have the bandwidth to upload, you can share with your collaborators and colleagues as needed.
Too many checksums, SJW, AV efforts trying to look into your data with cloud services.
Keep your data sets, ideas, tech, optimisations, language use secure from been searched, sorted and questioned.
If a server product is needed find a real hosting company with real hardware that can offer a fully self encrypted service.
There is no such thing as "the cloud"... (Score:5, Insightful)
"the cloud" is really just "someone else's computer" and if you store data on it, that other entity can deny you access to it.
Re: (Score:2)
"the cloud" is really just "someone else's computer" and if you store data on it, that other entity can deny you access to it.
OTOH, nothing guarantees that you have access to data stored on your computer, either. Various sorts of downtime can and do occur. In the worst case, you may lose your drive and find that it's all gone, unless you're unusually assiduous about backups.
For the average person, and in the long run, it's likely that storing your data in a professionally managed data center where it's replicated and backed up automatically will give you greater total availability and much greater protection against loss.
Of co
Re: (Score:1)
Yep, as usual - backup your files. That's all you need.
Re: (Score:2)
Yep, as usual - backup your files. That's all you need.
... but hardly anyone does.
Re: (Score:2)
Yep, as usual - backup your files. That's all you need.
... but hardly anyone does.
Well then, grant access to your cloud provider to look at your files, and if you don't toe the line, you might not have access to them, or might even be arrested.
I really don't care if people store anythingon the cloud, I merely say storing anything there is an open invitation to lose it or to find yourself in trouble, deserved or not.. If you don't care, by all means do it.
By the way, don't people remember when an idiot was caught storing kiddie porn on Ubuntu's cloud service? They'll scrape it, they
Re: (Score:2)
Meh.
Kiddie porn is a special case, and rightfully so. Outside of that, none of the major providers is going to hand over any data without a court order, and they do a much better job of ensuring availability and security than you do.
Re: (Score:2)
Meh.
Kiddie porn is a special case, and rightfully so. Outside of that, none of the major providers is going to hand over any data without a court order, and they do a much better job of ensuring availability and security than you do.
So they just scrape it and block access fopr the LuLz? With no law enforcement intereststs, do you suggest that they are blocking access to people 's documents because they are buisness matters only? Like maybe some competitor of Google's?
I might be stupid, but that even sounds stupid to me.
"I've looked @ clouds from BOTH sides now..." (Score:2, Funny)
See subject: "From win & lose but STILL somehow - it's CLOUD'S ILLUSION I recall..." themesong for Google today!
* What a BULLSHIT LIE on their end... lol!
(You've got to be TOTALLY STUPID to believe in 'cloud = safe' or 'cloud = secure' bs...)
APK
P.S.=> "It was a 'bug'" lol - the ONLY bug is in their brains... apk
Re: (Score:2)
You really don't know clouds at all.
Re: (Score:2)
Whoosh. It's the next line in the song APK was quoting.
I've looked at clouds from both sides now
From up and down, and still somehow
It's cloud's illusions I recall
I really don't know clouds at all
Terrible error message (Score:3)
Re: (Score:2)
If what Google says is true - that the files were accidentally marked as malware, phishing, or spam - then they were giving users a pretty terrible error message saying user documents violated the TOS. Why not spell it out - hey, we flagged this file for malware, phishing, or spam. At least then the user doesn't think that *they* did something bad by violating the TOS.
I don't know if it was the case here, but it's often a good idea not to provide detailed information, because that helps people who are trying to figure out how to sneak stuff past the filters. That doesn't quite explain this case because if the attacker understands that "ToS violation" means "we detected your malware" then nothing was gained. But it's likely we don't have the whole story here, and there may be additional elements that make it make sense.
Or maybe not. It's impossible to say with the avail
Re: (Score:2)
Ah, yes, security through obscurity.
Re: (Score:2)
Ah, yes, security through obscurity.
No, that's not what it's about. At all.
What I'm talking about is more akin to rate-limiting brute force attacks on passwords, or not returning the error codes that enable the million message attack on RSA.
Only the top 1% of programmers... (Score:1)
NT
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Explains? (Score:3)
TFS is nothing more than Google saying the bug was a bug due to buggy code that buggily flagged things based on a buggy interpretation of another component's output.
How many files were affected? Why some and not others? Why is the antimalware component involved? What's there to misinterpret from its output?
And this is why we keep our stuff on prem (Score:2, Informative)
I get so many companies pitching me cloud this and cloud that. My response has consistently been, I don't trust the cloud for any business critical processes/data. The sales reps will laugh their snipe little laugh and make some pithy comment about 'oh, you must be old school'. Yet we see time after time stories like this, almost always portrayed by the company in question as a 'glitch' or a 'bug' and that it has been addressed and fixed. We are reassured that it will never happen again.... until the ne
Re: (Score:2)
I visit a dentist who is an absolute fanboy of alphabet - heating controller, email and probably his backend are all stored on google things.
Its mildly concerning but its nor my responsibility