Topic: Introducing the Google Chrome OS

[Nemesis]

Link to full article

It's been an exciting nine months since we launched the Google Chrome browser. Already, over 30 million people use it regularly. We designed Google Chrome for people who live on the web — searching for information, checking email, catching up on the news, shopping or just staying in touch with friends. However, the operating systems that browsers run on were designed in an era where there was no web. So today, we're announcing a new project that's a natural extension of Google Chrome — the Google Chrome Operating System. It's our attempt to re-think what operating systems should be.

Google Chrome OS is a new project, separate from Android. Android was designed from the beginning to work across a variety of devices from phones to set-top boxes to netbooks. Google Chrome OS is being created for people who spend most of their time on the web, and is being designed to power computers ranging from small netbooks to full-size desktop systems. While there are areas where Google Chrome OS and Android overlap, we believe choice will drive innovation for the benefit of everyone, including Google.

Appears that they are not positioning it as a full function OS but as a web centric device rather than as a general purpose OS. 

[knightstorm]

Now google can spy on you at every level.

[toasty0]

Agreed Nem, but in some of their marketing they are using buzzwords that would make it sound like a fully functioning OS.

[Dracho]

I work in the data compliance field and Google and its "Cloud Computing" concept is going to land someone in jail eventually... especially in the EU.

[Bonk]

I work in the data compliance field and Google and its "Cloud Computing" concept is going to land someone in jail eventually... especially in the EU.

Bah, no more than laptops and flash sticks are currently a security liability.

I imagine that most corporate/government "cloud" solutions provided by Google will be internal versions, much like their search technology. (Why can't people jsut organise documents and remember where they are?) Anyway, I see this as a move towards a replacement for the IBM mainframe type solution, but phrased in a non-threatening way. (contrived innovation)

It'll be like your old vt100 terminal connected to a VAX\VMS system, but prettier and way more expensive. (and less durable I'd wager too...)   

[Dracho]

I work in the data compliance field and Goggle and its "Cloud Computing" concept is going to land someone in jail eventually... especially in the EU.

Bah, no more than laptops and flash sticks are currently a security liability.

I imagine that most corporate/government "cloud" solutions provided by Goggle will be internal versions, much like their search technology. (Why can't people just organise documents and remember where they are?) Anyway, I see this as a move towards a replacement for the IBM mainframe type solution, but phrased in a non-threatening way. (contrived innovation)

It'll be like your old vt100 terminal connected to a VAX\VMS system, but prettier and way more expensive. (and less durable I'd wager too...)

Not so.. some laws require HR & personal data to have permission to cross a national boundary.  When you cannot state with certainty which country your data is in  (because it is in some "cloud"), you cannot comply with those laws. 

[Bonk]

Ya kinda missed my point. A cloud need not be international. It can be contained within a single campus, building or room even.

Good lord. I can't believe I'm debating the meaning of a made-up buzzword. It suffices to say that the load distributed server-terminal model is a very old one and does not really intoduce anything new.

[Dracho]

Ya kinda missed my point. A cloud need not be international. It can be contained within a single campus, building or room even.

Good lord. I can't believe I'm debating the meaning of a made-up buzzword. It suffices to say that the load distributed server-terminal model is a very old one and does not really intoduce anything new.

Yes.. at a definition level you are correct.  A "cloud" is simply distributed computing.  However, I was referring to Google specifically.  I've sat through presentations by one of their sales VP's and their "cloud" is set up in such a way that when you load data into it they cannot tell you what country the server is in where your data resides..   That'd be illegal under many nation's data privacy laws.

We asked specifically about this and their response was, "But it's so cheap"..which is not "here is how we comply with the law".  It was my impression they think that if they make it cheap enough it'll be ok and the law will accomodate them.  They've missed the whole concept of privacy as a fundamental human right under the EU Constitution.

There is an interesting OpED here:

http://www.nytimes.com/2009/07/20/opinion/20zittrain.html?_r=1&partner=rss&emc=rss

[Bonk]

On the other side of the same coin there is some measure of security in decentralisation of data. (I get the legal context wrt to google now though, thanks for the explanation)

... their "cloud" is set up in such a way that when you load data into it they cannot tell you what country the server is in where your data resides..

I don't buy that. I read that as: there is no money in it for us to provide you that information. Additionally, I can envision a scenario where a competitor could use the data to help reverse engineer the service. Which is the more likely explanation as they could just charge extra to provide the location data.

If on the other hand, what they say is actually true for some bizarre reason and the location data really is unknown, then with sufficient encryption and security policies I find it hard to imagine a more secure and sound solution. I picture it as analogous to striped volume on a disk array - and if this analogy is accurate then this "cloud" of Google's really does offer more than a simple load balanced terminal server setup.

I guess responsible government offices, credit agencies, insurance companies etc. will just need to be made aware of this in order to prevent some kind of legal logjam.

[marstone]

On the other side of the same coin there is some measure of security in decentralisation of data. (I get the legal context wrt to google now though, thanks for the explanation)

... their "cloud" is set up in such a way that when you load data into it they cannot tell you what country the server is in where your data resides..

I don't buy that. I read that as: there is no money in it for us to provide you that information. Additionally, I can envision a scenario where a competitor could use the data to help reverse engineer the service. Which is the more likely explanation as they could just charge extra to provide the location data.

If on the other hand, what they say is actually true for some bizarre reason and the location data really is unknown, then with sufficient encryption and security policies I find it hard to imagine a more secure and sound solution. I picture it as analogous to striped volume on a disk array - and if this analogy is accurate then this "cloud" of Google's really does offer more than a simple load balanced terminal server setup.

I guess responsible government offices, credit agencies, insurance companies etc. will just need to be made aware of this in order to prevent some kind of legal logjam.

Also, having data broken up and stored on different servers in different countries would make it harder for someone to hack one computer system and download usable data.

[Bonk]

Came across this in other browsing today and thought you might be interested Dracho:

http://labs.google.com/papers/gfs-sosp2003.pdf (also attached to this post as their server seemed quite reluctant to cough it up)

The paper is six years old but should either support or discredit their claim of no knowledge of data locations... a quick skim would seem to discredit this claim. But it has been six years and perhaps they are using a different distributed filesystem. The current codebase of HDFS ought to give an idea of where the Google file system might be today.

[Dracho]

Also, remember the guy who spoke to us was in sales.  He's parroting high-level concepts some techie told him and he wrote on a note card.

I think the bigger issue here is an inability to tag certain data as regulated and control where it lands.  That's probably on their "to do" list, but it would require a data center within each jurisdiction, which sort of defeats the economic incentive of having a distrributed model with a few cost-effective storage locations.

As for encryption, et-al., the tighest controls are never used.  It would be nice if they were, but encryption is pointless if your key management is poor, and either 10,000 ex-employees know the key (making it useless), or you regularly change the key for millions of customers. Customer-initiated Asymetric encryption using hardware only (no employees) has potential here, but cumbersome management is the basic reason encryption is reserved for important data sets.

[toasty0]

Ya kinda missed my point. A cloud need not be international. It can be contained within a single campus, building or room even.

It can, but there is no gurantee that it will be. And if it was, then why have the/a Cloud in the first place?

Good lord. I can't believe I'm debating the meaning of a made-up buzzword. It suffices to say that the load distributed server-terminal model is a very old one and does not really intoduce anything new.

LOL...ok, I agree with you there. Cloud==CoLo without geographic limitations...generally speaking. Also, Cloud is not exactly defined by any one standard. Meaning that each providor has a slightly to completely different definition of services they call Cloud Computing.

Btw, Draco's point is spot on and IS a big reason many major players are staying with physically tied CoLo service providors.

[Bonk]

Can We Abandon Confidentiality For Google Apps?

Get in there Dracho, and let em know how it is... Well, of course you don't have to, but this is a good opportunity to present your concerns. (Or was it you who asked the question?)