Did you notice that Google added twitch-level sync co-authoring, a drawing tool, rulers, and other features to Google Docs? Along with new functionality, they also unleashed a strange new process for rolling out versions. For more, see my blog entry at:
Leave it to the Onion to nail down an issue – in this case the amount of trust so many people are putting in a megacorporation that promises not to be evil. Personally, I don’t put that much out on Google, but if they buy Yahoo, Zoho, Netflix, and my health insurance company I’d be very afraid …
The Onion: “Google Responds To Privacy Concerns With Unsettlingly Specific Apology” (3/2/10)
A bunch of quick news hits from Google:
Google’s CEO Eric Schmidt was interviewed on NPR yesterday where he was asked about privacy.
Mr. Schmidt said:
our company makes a commitment to people to respect people’s privacy and their personal information because it’s central to the trust that we have with end users … I don’t think anyone wants everything revealed. That’s why we have doors and shades and so forth.
But Google didn’t seem to care too much about privacy last year when it latched onto a common legal chiche to claim full license (just to promote its services) to anything people submit or even display on Google’s sites. Or when it added an “incognito mode” to Chrome to protect your privacy, but also added a unique id buried in each browser as described in Google’s privacy notice for Chrome.
And Google’s belief in security-through-obscurity hampers its principled standpoint on privacy. When people granted access to a shared doc in Google Apps can find older versions of the doc’s attachments just by knowing the URL, that’s not protecting privacy. Presciently, a commenter on the TechCrunch blog said “Doesn’t beta imply ‘This thing is buggy. Use it at your own risk?” That leads to the next bit of news …
Google finally took the “beta” tag off some of their most popular webware, such as Gmail, according to the Google OS blog.
As the commenter I mention above demonstrates, many (most?) people assume beta = buggy. Or, from the vendor’s point of view, the right to dismiss bugs by saying “well, it’s beta!” As a former commercial software developer, I can attest that my publisher considered beta to be more about the number of bugs in the system, not features. The GA version of software was about the same as the beta, but it reliably worked.
In the Gmail blog, Keith Coleman, Gmail’s Product Director, performs the artful dodge. He asks the correct question “why Google keeps its products in beta for so long”. He then evades answering it with a bunch of “some say”, “some people thought”, “others said that” statements, then jumps to “The end result (many visible and invisible changes later) is that today, beta is a thing of the past. Not just for Gmail, but for all of Google Apps — Gmail, Calendar, Docs, and Talk.” Thanks, Keith, for telling me how people not in charge of Gmail would answer the question, but “some say” your answer is the one we’re looking for.
Mr. Coleman points to a set of great features they’ve added, as if to say “we must have awfully high standards if all these features are needed to get past beta”. But a product generally comes out of beta when it has the basic administrative features needed to make it usable and a high level of reliability.
I think Mr. Coleman’s real answer that others said for him is that “over the last five years, a beta culture has grown around web apps, such that the very meaning of ‘beta’ is debatable.” If the term beta is now useless, that seems to be an argument not to use it rather than to throw it on everything for years. Just standing behind your product is better than trying to redefine a term to make it meaningless.
Free version of Google Apps gets buried, then emerges
The Google OS blog jokes (?) that “the free edition, … is still available, despite Google’s efforts to make it more difficult to find”. After TechCrunch reported on Google Apps Standard Edition (GASE) being buried, it partially resurfaced. There’s now a link to GASE, but without the key word “free” or a comparison of features. So it’s there, but a bit obscured. This fuels speculation that there’s a split inside Google regarding whether the free version of Google Apps should be pushed, hidden, or hobbled. I suspect wiser minds will prevail and the free version will emerge into the full daylight again.
Google launches an operating system
I’m saving the best for last here. This is the most interesting of the recent spurt of news hits from Google. As many suspected (and Google openly acknowledged) when the Chrome browser was released, their intent was to create a platform for web applications to run on more than a place to browse web pages.
Now Google has announced the Google Chrome Operating System, targeted at lightweight devices like netbooks. Indeed, targeting heftier PCs would ruin the point of the venture, which is to say you don’t need local storage and processing when the cloud is there to serve you.
The OS won’t be ready until 2010 (does that mean beta in 2010, which means GA in 2017?). I’m interested to see it. The lesson Microsoft has learned about operating systems on small devices is that you can’t start with a full-scale OS and start trimming – you have to start fresh and build the OS for light weight from the ground up. There’s a lot of room for improvement in lightweight OS and Google is in a good position to rethink the problem with web apps in mind. But please – don’t make it advertising funded! Sidebars and popups with ads on some web sites I can live with, but not on my desktop. And the issues behind the news items above – beta (buggy) software, privacy, pricing model consistency – become even more important with an operating system. Google will have to form a companywide consensus to these 3 issues before plowing into the OS biz.
L. Gordon Crovitz provides an attention management primer in today’s WSJ. “Information Overload? Relax” is worth reading or pointing others too as a quick summary of information overload, the idea of managing it, and attention. Best quote:
Rather than pitch our BlackBerrys and iPhones into the sea, imagine the benefits once we have figured out how to manage the chaos of endless data and routine multitasking, a process that will help refine our judgment about information and refocus our attention on what’s truly important.
Mr. Crovitz describes both ends of the information overload spectrum. I wrote about this previously, saying “There’s no ‘right’ answer in the debate between those that believe information overload will soon cause the heads of information workers will begin to pop like popcorn as they slump over in their fuzzy cubicles and those that believe we’re just adapting to the new flow.” Mr. Crovitz comes down 100% on the “we’ll adapt” side of the spectrum in this article, but I believe it’s a rhetorical device since he has generally been on the “it’s a crisis” side of the spectrum in previous columns on this subject.
The only minor quibble I have with his article is where he says:
As one data point, a search for “Information Overload” on Google returns 2.92 million results in 0.37 second.
No, actually, if you search on “information overload” with quotes around it Google returns 1.53 million results. He searched on information overload without quotes which returns anything with those two words close together. As you can see in the figure below, the noise he’s including in the search results involves iron overload (hemochromatosis), a serious but rather separate issue. Granted, 1.53 million is still a lot, but using the tool properly trims almost 50% of the noise from the result set.
The built-in irony of that meta-mistake is brilliant. Mr. Crovitz misuses a tool that is, itself, a symbol of the overabundance of information at our fingertips – while searching for the term that names that overabundance! I don’t mean to pound on Mr. Crovitz – I wish to use this instance to demonstrate a point: that while technology cannot solve information overload, it can be part of the solution. Before getting into fancy R&D projects and algorithms that try to formulate probabilistic estimates of which news items may be of interest or how to automagically prioritize your inbox, people should learn to use the basic features that already exist. If information overload bothers you, it’s worth the effort to learn basic attentional features of the tools you use. By “attentional” I mean how they can help you pull important information forward and push less important information back from the reader’s point of focus. Quotes around words that are only of interest when together is just one example.
Google announced Wave at its conference on Thursday, resulting in some bubbly coverage by the IT press. Check out the video from Google’s conference where they announced Wave (although allow 1 hr 20 min).
I watched the announcement and sometimes during effusive vendor presentations I feel like the guy at magic shows trying to get past what the magician wants you to focus on to reveal how the tricks are done. That’s how I felt watching the video of the presentation where Google Wave was introduced.
For example, the story accompanying Google Wave includes some magician’s hand-waving about eliminating e-mail and reinventing communication (“e-mail was invented 40 years ago before the internet … instead of point-to-point like e-mail, there’s a server-hosted conversation that participants connect to …”) as he slips a collaborative workspace into your pocket. Boil this down and it’s a workspace instead of channel. Workspaces have been around 40 years too and also pre-date the internet as bulletin boards, usenet, etc.
The spell checker (an applause line brought up at least 3 times in the presentation) is contextual which is neat, but I don’t think the technology was created by Wave. While they didn’t mention its origins, I suspect it comes from the work done in Google Translate that implements statistical translation (one of two machine translation methods with the other being rule-based). By analyzing a truly enormous amount of text that is deemed to be accurately translated (one blog reported that Google used 200 billion words from United Nations documents as input), a learning system can develop inferences about how words are to be used and, given a new piece of text to translate, the highest probability of proper translation based upon past experience.
The presenter demos real-time editing with color highlighting and cursors for different editors. When the presenter asked if we could picture students taking notes in a class together, I thought “Yes, I can picture it very easily because I’ve seen SubEthaEdit.” Real-time collaboration editors have been around for a while. What’s cool is not that you can do that at all (“Imagine …”), but that it’s working in a browser and has an open API.
Beyond the re-purposing and re-skinning there are some advances:
- You can respond to parts of messages, which should be handy for those people that include several points in a message that you want to break apart. This also works in larger pieces of content so it acts as a larger content review process (comments are inline instead of in bullets to the side like Word)
- Google made the decision to have text entry be synchronous (you can check an async box to turn that off) so people can see what’s being typed as its typed.
- There’s a playback mechanism. Wikis inherently have logging, so it seems an obvious but fun next step to play through the changes.
The audience seemed happy. There were applause lines for dragging and dropping photos into a discussion, wiki-like changing of other people’s text and markup, drag and dropping a link to a collaboration space.
To me the upside is not the new invention (or re-invention) of capabilities. Think about Google Maps. The cool thing about Google Maps wasn’t that a programmer could overlay data on maps and scroll/zoom around it. That had existed for quite some time. What was cool is that the API made it so easy and embeddable that great applications (“Mapsups” as one client of mine called them) started showing up everywhere.
Well, Wave was created by the Google Maps team. If they can do the same thing with collaboration spaces and synchronous collab that they did with the Maps API we could see much better use of web-based collaboration. Too often collaboration tools have been modal rather than blending contextually into other apps. Hopefully Wave can make some inroads here. And that was, indeed, the point of the presentation which was to get developers excited about using the APIs to get the snowball rolling. It would have been useful to get past the presdigitation and instead of pretending this is all new or the “e-mail killer” to point more to the APIs as the real value.
There’s been some lively internal discussion here about the desirability of automated browser updates for security patches.
An article in Techzoom.net called “Why Silent Updates Boost Security” practically salivates at the thought of patches automatically and instantly being deployed. It praises Google for its 5 hour automated update cycle and states “After 21 days of releasing Google Chrome 18.104.22.168, an exciting 97% share of active Google Chrome 1.x users were using the latest Google Chrome 1.x version.”
That excitement wasn’t shared over at cnet (“Google issues, then reissues Chrome security fix“) where they wrote “Google fixed security holes with a new release of its stable version of Chrome–then released a replacement shortly afterward to prevent a batch of crashes that turned up as well.”
I agree with my fellow analysts that the idea of pushing out silent updates does not and should not sit well with enterprise IT. Still, I understand the other point of view too. Just creating a patch and putting it on your website isn’t likely to have much impact. The majority of browser security breaches are targeted at personal PCs who don’t have IT staff to push out updates and don’t even know what a patch is.
One part of the answer then could be creating separate versions of the product (consumer and enterprise) that have different patching strategies. Another part of the answer is that vendors need to take extreme caution when pushing updates directly to anyone’s browser. It seems the balance has shifted to quickly trying to close holes rather than the primacy of a personal user’s control over their desktop environment. It needs to shift back. Lastly, a middle ground between silent updates and passive posting of patches needs to be used. This includes effective NAGs that let the user know their security patches are outdated (red alert in the titlebar perhaps?), but are not overly disruptive to users.
Robin Wauters on TechCrunch reports on some security holes Ade Barkah found in Google Apps:
It appears that if you share a document carrying a diagram – a feature Google introduced yesterday – with anyone, this person will be able to view any version of any diagram that has been embedded in the document. That basically means that if you create a diagram with sensitive information and later decide to strip some of it away before sharing the document in view-only mode, the person you share it with will be able to revert to previously saved versions simply by tweaking the URL a bit, uncovering what you thought you were still hiding from him or her.
Thank you Google for providing a perfect example of the trend I call “content landmines” (see More on the Top 5 Trends for NextGen Authoring; content landmines was called “dangerous findability” at the time). The idea is that the flipside of the “living documents” trend (that documents follow a meandering path through many versions before reaching their completion – if they are ever “done” at all) is that the old versions of documents can continue to live on, revealing information through changes that you thought were hidden in a “final” version. A common example is tracked changes and comments that can be turned on and examined in Microsoft Word contract sent to a potential customer. That would be the result of carelessness. But with Google, the author did nothing wrong and the landmine can still blow up in their face.
I found the commentary on Robin’s blog post to be quite amusing. A number of commenters shrugged it off with statements like:
- “If you want your files to be secure in the first place, just don’t share them on the cloud.”
- “The type of person that uses Google docs, don’t care about security.”
- “Doesn’t beta imply “This thing is buggy. Use it at your own risk” (DNA)
- “Simply put, Google Apps are a fun tool. Not really intended for business. Don’t put your secure/important files within Google tools.” (Greg)
Ah, if Google only publicly agreed with DNA and Greg and endorsed these statements then this indeed would just warrant a shrug of the shoulders. Granted, the intention is clearly that security would work properly and when the outcome doesn’t match the developer’s specified behavior it’s a bug, pure and simple. But a bug, in freebie, beta, “fun” software – <shrug>.
But Google really sells this stuff. It charges money to enterprises for Premier Edition (see product comparison). There is a team (albeit a relatively small one) dedicated to enterprise applications. They tell people this is appropriate for an enterprise to use despite the “beta” tag on it.
So take your pick Google: you can have an enterprise development team and charge real money for GAPE or you can provide a fun, free, buggy, kinda secure (just through obscure URLs) web app. But not both.
When you’re the big guy, it doesn’t take long for people to try taking you down. I recognize that Chrome is in beta, so expect some issues like the carpet-bombing flaw it inherited by using an old version of WebKit. Or that some pages (even from Google’s own services) don’t render correctly or consistently. Hopefully Google quickly addresses these issues, which isn’t a given since they are the inventors of the “perpetual beta”.
But I would expect the lawyers would have their act together. And, being a non-evil company, they would err on the side of giving away too many rights rather than storing them up for potential future use. Putting beta-like technical glitches aside, here are four issues from the blogosphere that stick with me as longer term concerns:
1. The Register points out that in section 11 (Content license from you) Google’s ELUA states that I still own my content, but they can reproduce it. I’m no lawyer, but that could be fishy. Here’s the clause (emphasis added):
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
2. CNet also mentions the content licensing clause, and adds that a door is left open to targeted ads based on your browsing history, searches, and information.
17.1 Some of the Services are supported by advertising revenue and may display advertisements and promotions. These advertisements may be targeted to the content of information stored on the Services, queries made through the Services or other information.
17.2 The manner, mode and extent of advertising by Google on the Services are subject to change without specific notice to you.
3. Some have attacked Chrome’s privacy characteristics. InsideBayArea (among many others) notes the strange contradiction in adding the “incognito mode” to protect your privacy, but also adding a unique id buried in each browser as described in Google’s privacy notice for Chrome:
Your copy of Google Chrome includes one or more unique application numbers. These numbers and information about your installation of the browser (e.g., version number, language) will be sent to Google when you first install and use it and when Google Chrome automatically checks for updates. If you choose to send usage statistics and crash reports to Google, the browser will send us this information along with a unique application number as well.
4. InformationWeek points out, even the Incognito mode doesn’t hide web log information from the web servers.
So far, none of these issues mean something nefarious is happening or will definitely happen in the future. But they could be used against users in the future. I would expect a non-evil company to refrain from stockpiling weapons (legal disclaimers in this case), not to just refrain from using them.