Yale Delays Move To Gmail 176
Mortimer.CA writes "The Yale Daily News is reporting that the move to Gmail has been postponed. After further consultations with faculty and staff, the concerns raised 'fell into three main categories: problems with "cloud computing" (the transfer of information between virtual servers on the Internet), technological risks and downsides, and ideological issues.' In the latter category, 'Google was not willing to provide ITS with a list of countries to which the University's data could be sent [i.e., replicated], but only a list of about 15 countries to which the data would not be sent.'"
Know what... (Score:5, Interesting)
I would be more than a little interested in that list too...
Re:Know what... (Score:5, Informative)
It's probably most of the countries. Google has their own highly-redundancy file system that spans thousands of servers and even different datacenters and locations. Even data that is deleted could remain in the system for 9+ months. I think it's highly possible all of the data travels around the world and is stored in several locations.
Re:Know what... (Score:5, Informative)
That would be correct, if you look at their BGP advertisements it would figure that Google would have to transit it's own data.
So if your request for data (YouTube video etc) isn't located in the DC that you connected to, they would have to transit that data across their own links. It would then make sense that they would replicate their own data over those same links during the night on that side of the world when the link is quiet.
Re: (Score:2)
If they're going to replicate it, and the data is traveling across their own network anyway, wouldn't it make more sense to store a copy locally while they're sending it to your browser?
Re: (Score:2)
Yup especially if it's something like an email fragment which you could well re-request.
If you have enough bandwidth though..... After you have done the request for the data and it's been returned to the client, you would then have to update the master that the data is now stored on another location, which you then have to manage that data in another location. Nope, that doesn't make any sense. The front end would only get the data and that's it. If the master sees that the front end was too far away, it mi
Re:Know what... (Score:5, Interesting)
So if I'm Dutch and store my downloads from Seventeen in my Google account, and that data makes its way over to the U.S., does that mean I've committed a child porn crime?
Re: (Score:2, Interesting)
What's Seventeen in Holland? When I hear that name, I think of an American magazine for teenage girls.
Re: (Score:3, Informative)
When I hear that name, I think of an American magazine for teenage girls.
It's a Dutch magazine for men who like teenage girls.
Although, I'd wager that most of the "girls" have been around the track a few times since the last time that they were "teens" . . . or that anyone called them "girls," for that matter.
Re:Know what... (Score:5, Interesting)
> ...does that mean I've committed a child porn crime?
No, because _you_ have done nothing inside USA jurisdiction. It may mean Google has, though.
Re: (Score:2)
> ...does that mean I've committed a child porn crime?
No, because _you_ have done nothing inside USA jurisdiction. It may mean Google has, though.
Even google's liability may be limited as they can claim common carrier.
Re:Know what... (Score:4, Informative)
They might claim it, but that doesn't make it so.
Re: (Score:2)
Why? The basic principle is that a service provider is handling too much data to implement any sort of editorial review. It would be impractical to expect them to do so. If their motivation is to provide a service not explicitly meant to facilitate illegal activity then they shouldn't be held at fault for what they redistribute and link to.
Re: (Score:2)
Tell that to Gary McKinnon [wikipedia.org] and Dmitry Sklyarov [wikipedia.org].
Re: (Score:2)
Gary McKinnon was in the UK, arguably 'under USA jurisdiction'. The UK may *claim* to be an independent nation but thats debatable.
Dmitry Sklyarov was foolish enough to visit the USA, where he was 'under USA jurisdiction' and where he was arrested.
Re: (Score:2)
So, what you are claiming in the McKinnon case is... If I'm standing in the U.S. near the Canadian border, and I use my assault rifle to shoot someone standing in Canada, then I haven't committed a crime in Canada, because I haven't crossed the border. And I haven't committed a crime in the U.S. because it's not a crime to discharge a firearm.
That's very convenient. Somehow I think I would be arrested and extradited very quickly despite this.
Gary McKinnon allegedly broke into computers in the U.S.
Re: (Score:3, Insightful)
No, because _you_ have done nothing inside USA jurisdiction.
Country's jurisdiction is over anyone who ever passes through its borders. The fact that action itself takes place outside the borders doesn't matter here - if U.S. law says that something is a crime even when it doesn't happen on U.S. soil, then they can absolutely charge him, and should he ever happen to find himself in U.S. at that moment (or later) - arrest and sentence him.
Re: (Score:3, Informative)
IANAL but if you then accessed / distibuted that in the US you could be in trouble. Given that your data wouldn't be re-assembled (And certainly not in your possession) till you accessed it in The Netherlands you should be fine. Aside from plausible deniability and all that.
Honestly, I would be more worried about the UK:
http://www.theregister.co.uk/2009/01/24/extreme_pron_law_live/ [theregister.co.uk]
Re: (Score:2)
OK, but he isn't a US citizen (Well doesn't indicate that he is). What are they going to do? Extradite him and charge him? If this was the case, why the hell haven't they done this to the rest of the world?
Re: (Score:3, Insightful)
OK, but he isn't a US citizen (Well doesn't indicate that he is). What are they going to do? Extradite him and charge him? If this was the case, why the hell haven't they done this to the rest of the world?
Ask Manuel Noreiga. He was rather forcefully pulled out of Panama for crimes against the United States.
Re: (Score:2)
He got into trouble for passing data across a US network?
I think he got into trouble for more than that.....
Re: (Score:2)
It's gotta suck when the captain announces that due to mechanical difficulties, your flight is being rerouted to a some little country that you've never been in but which has issued an arrest warrant for something you did (who knows, maybe critiquing their leader or something).
Re:Know what... (Score:5, Interesting)
I would be more worried about "If I'm Dutch, and doing something at a research lab at my university" whether its corporate funded, military, or maybe medical research with client data included... Would a nosy sheriff of a county with a large, competing university in the US be able to subpoena my emails, since it might be stored in the US servers?
Re: (Score:2)
That one I don't know about, plausibly. I guess at that point of you have to think about your data retention laws and your requirements for keeping that data secure and whether putting it into the cloud is actually the right thing. Perhaps put it into the cloud encrypted?
While looking for another link earlier, the city of Los Angeles ran into similar problems with their police dept and they didn't move. http://www.msnbc.msn.com/id/31967328/ [msn.com]
Whether Google is working with them on this one, or whether LAPD is
Re: (Score:2)
Would a nosy sheriff of a county with a large, competing university in the US be able to subpoena my emails, since it might be stored in the US servers?
As you saw with China, Google sets up a Google company for each country.
While the data might be stored on Google's global network, the nosy sherrif would probably have to subpoena "Google Netherlands"
If you google for "Google [Country]" you'll see what I mean.
http://www.google.com/#q=google+france [google.com] is the first one I tried.
Re: (Score:2)
Post-harmonization, the Dutch laws on child porn are pretty much the same as those in the US. I wouldn't know anything about this, other than getting it from a Dutch child-porn investigator. They are a customer and we talk at trade shows and such.
I don't think even in the US you are going to have much trouble with pictures of a 17-year-old unless you rub their noses in it. Pictures of a nine-year-old will get you a jail term of an obnoxious length and they will trot out all the other pictures just to hel
Re: (Score:2, Insightful)
I think they forget the notion that i.e. "stealing is wrong" can also be described as "ideological" but it's quite evidently more than some theory. It really is better for everyone when that "ideal" is recognized. Privacy is no different.
Re: (Score:2)
Maybe privacy is too generic a term to cover what they actually care about.
Putting your data on a server, and having the server in remote locations accessible by many other people is routine these days. They certainly can't claim Google is violating their privacy when it is just replicating a practice they already engage in.
What is privacy in the context of an organization that certainly has multi-person access rules to any bit of data legitimately on the system? The data isn't Private if a dozen people c
Re:Know what... (Score:5, Informative)
I was just thinking the same thing. Our law firm is considering GMail as a possible alternative to Outlook/Exchange, and this is one question I know we overlooked. Most of our debate centered around a) loss of control over the data (Federal Discovery Rules), and b) privacy.
Re:Know what... (Score:4, Informative)
Re: (Score:2)
Re:Know what... (Score:5, Insightful)
It surprises me that you even discussed the option of having confidential documents stored on a system that makes little guarantees about security or privacy, and that by design distributes your data around the world.
Re: (Score:2)
Surprises me as well, but the dollars can outweigh the sense when your entire budget is founded on someone else's goodwill.
Re: (Score:3, Interesting)
Assuming you are in the US....
You need better lawyers in that firm. If you were concerned about privacy, you should have realized that the US government has very few privacy protections it must follow for snooping on overseas data. So if you store your stuff in Europe, the US government can get to it without much worry. They may not be able to *use it against you or your clients* in a domestic criminal or civil trial, but they can get access to it with little in the way of liability.
Re: (Score:3, Interesting)
Google owns a company called Postini that you can use to archive your email -- they can keep you in compliance with email retention rules.
Privacy is a big concern. I sort of feel like it's over anyway -- google already knows everything about everyone.
I found the admin tools to be a little lacking. If A is out of town, and B needs to get into their email, that sort of thing. It's harder to go in and tweak a user's settings for them than it is with our current system (notes).
Re: (Score:2)
Surprisingly enough, this was actually fairly low on the totem pole of requirements. The assumption is that it'll be an administrator's job to create all the accounts and manage the passwords, so getting A into B's mail would be possible. Of course, that puts a lot of eggs into one basket, but that should give you an idea of how badly attorneys DO NOT want to be forced to think about the technology they use.
I've heard good things about Postini's solution,
Re: (Score:3, Interesting)
I should point our sales critter at you! FastMail does very similar things, and has an archival system for businesses needing to retain all emails for discovery purposes.
We also have very good privacy policies - plus being Australian based but with all the servers in the US, we're very well set up to protect privacy.
Australian privacy and telecommunications law means we _can't_ comply with US subpoenas, it has to go via a convoluted mutal assistance treaty that ends up going via the Australian Attorney Gen
Re:Know what... (Score:5, Interesting)
Oh, you'd be surprised how many have already made the switch. My firm's a non-profit, so the costs alone, or lack thereof in GMail's case, are a huge incentive to make a switch. Couple licensing fees with sharp increases in demand for management of issues like retention policies that can vary with statutes of limitations, data loss, time-based archiving, and legal compliance and its easy to understand why a lot of firms are just giving up as the headaches just don't seem worth the effort.
Personally, I'm leery of the, but it's hard to go your boss with a proposed budget of close to $100,000 for an internally managed system versus $0 (and some geek's time) to drop the problem on someone else.
Re: (Score:2)
Re:Know what... (Score:4, Funny)
"10 USD/mailbox/mth for exchange hosting"
And this is different from Google how? Id much rather put my security in the hands of the best software company in the world with a stunning track record for security.
Re: (Score:2, Interesting)
"10 USD/mailbox/mth for exchange hosting"
And this is different from Google how? Id much rather put my security in the hands of the best software company in the world with a stunning track record for security.
Apparently you missed the recent issues with the Chinese govt? That was only the most recent publicized breach they had.. No offense but if you consider Gmail's track record "stunning" I would hate to see what you consider awful.
Re: (Score:2)
Hosting is still a third party solution, which brings you back to the privacy aspects. It's not so much the number of mailboxes as it is the storage needs for retention and retrieval. Attorneys operate on the assumption that NOTHING can ever be deleted. EVER. Factor in server costs, line fees, mail server hardware, storage hardware, administrative add-ons like DLP boxes, search appliances, and compliance software and you climb the cost charts pretty quick.
Re: (Score:2)
Re:Know what... (Score:5, Interesting)
Fully understand, and didn't take it as turfing.
The problem is that in the non-profit sector you have a long history of going with the lowest common denominator. Since I've been at this firm I've had to fight for things as simple as a "thou shalt not browse the porn" policies. Because they're so technologically "green" there's often not enough of a framework in place on which to build a good system, so there's a high tendency for "rip and replace". The system I've been nursing for the last ten years is such a system, and when I announced we were approaching critical mass, we brought in consultants to analyze what was in use and recommend options based on what the attorneys said they needed.
This is where the costs began to climb. The attorneys recommended systems that would require them to invest as little personal responsibility as possible (think: HAL 9000 level AI). Thanks to some rather unrealistic demands, and some outright paranoia, most all of the vendors came back with quotes in the 100K ballpark, and most of these dictated a complete top-to-bottom overhaul.
Nothing's been decided yet, so we're still mushing through the options looking for cheaper alternatives.
Re: (Score:2)
...internally managed system
Sorry man, you are no more qualified than Google.
Depending on the number of users, $100k for an in-house exchange system is not that bad. A couple good servers will run you $15-20k by themselves, and licensing with Exchange is a bitch, but integration with AD and a number of other perks make it well worth it over time.
Re: (Score:2)
Re: (Score:2)
Depending on the number of users, $100k for an in-house exchange system is not that bad.
If you have <100 users then you need a $500 box from Fry's, then Linux, Postfix and Cyrus. If you have more users then the $100K price is probably not a concern.
Good for them (Score:3, Insightful)
I would delay the move for aesthetic and functional issues like:
1: Why can't I simply move from composing an email to the many labels without being warned about losing my work? Yahoo figured this out and so should Gmail.
2: The interface is still wanting big time. Heck this is 2010!
3: Though Gmail's search is fast, filtering is still so basic. YahooMail's filter is good. Google can surely do better. When I search for an email from someone, I would like the opportunity to filter further "on the fly"...in real time...say by attachment type if any, subject and so on. Currently the filter functionality does not cut it!
4: Sorting by sender, subject, time of arrival etc is non existent! This is on a service that prides itself on users never having to delete email! For those with tens of thousands of email, Gmail is mediocre!
Re: (Score:2)
You know, as a side note, I often find myself saying "I figured it'd be better now...it's freakin' 2010!!!"
Times are a-changin'...just not that quickly.
Re: (Score:3, Informative)
http://mail.google.com/support/bin/answer.py?hl=en&answer=7190 [google.com]
If you run a search for "sarah sextapes found" and then realize you have too many e-mails and only one you want has an attachments, go back to the search bar (which still has your filter) and add "has:attachment", then click search again.
If you want to filter incoming e-mail, add options like "AND has:attachment" to the end of fields your already using. Such as From: "bill AND (has:attachment OR subject:more pr0n)"
Re: (Score:2)
If you want to filter incoming e-mail, add options like "AND has:attachment" to the end of fields your already using. Such as From: "bill AND (has:attachment OR subject:more pr0n)"
By the way, I meant filtering search results. Your suggestions work beautifully but the question is...they work for who? For the "power user", yes but for the Joe Six Pack, or my mother, I doubt this approach is more efficient than Yahoo's.
Who is going to go back and add strings like has:attachment when for YahooMail, these search criteria are already implemented, are available and usable by a click and provide results on the fly? Even better, the has:attachment is further organized by attachment type. Who
Re: (Score:2)
You must mean "Search the Web". That lets you use all [google.com] the [google.com] commands [google.com] you're used to.
Re: (Score:2)
4: Sorting by sender, subject, time of arrival etc is non existent! This is on a service that prides itself on users never having to delete email! For those with tens of thousands of email, Gmail is mediocre!
'From:{sender}', 'subject:{subject}', 'after:{mm/dd/yy}' or 'before:{mm/dd/yy}'. Problem solved?
Re: (Score:3, Interesting)
'From:{sender}', 'subject:{subject}', 'after:{mm/dd/yy}' or 'before:{mm/dd/yy}'. Problem solved?
No sir/madam!
By just looking at what you have written, I can conclude that it will not sort! Or will it?
Re: (Score:2)
I guess not, although I've never personally missed the feature. While you're right that many common tasks take too long to perform (for me, I want to easily bookmark an 'is:unread in:inbox' search), saying GMail is behind the times ignores its other benefits. For example, I'm to busy enjoying the convenience of threaded conversations, I've rarely ever needed the other searching features.
Re: (Score:2)
Just use your favorite IMAP client to access GMail. Personally, I use GMail via IMAP too, because GMail's web interface won't display mails in non-proportional fonts, basically ruining any ASCII diagrams I get or send (or I haven't yet figured out how to configure GMail to get rid of those proportional fonts).
Re: (Score:2)
Re: (Score:2)
Potential support issues (Score:5, Interesting)
I was considering a GAPE deployment for a much smaller organization (about 150 users) and ran into real problems finding answers to some questions. In my particular case I was considering a migration off of Exchange. The exact specifics involved were really vague and often times the suggestion was, "Talk to a solutions provider." I went ahead and talked to two of them. When I pressed them for specifics about GAPE replication of Exchange features (Public Folders for example), I got a lot of vague answers along the lines of either, A. "Well, it can kind of do that." or B. "You don't need to do that because the Google way is better."
The major consideration that turned me away from Google was their support (or seeming complete lack of it). I had a terrible time getting my pre-sales questions answered when I went directly to Google. The "premiere partners" (companies that are trying to make a business based on deploying GAPE for organizations) were just as vague. One of them even admitted to me that they have problems getting answers out of Google about new features, or the status of outstanding issues.
I am subscribed to a thread on Google's forums that details people's real world problems with Google support.
http://www.google.com/support/forum/p/Google+Apps/thread?hl=en&tid=384dd0d72db87c6d [google.com]
Some of the people are obviously idiots who can't read the documentation. The large majority of them have serious problems that are ignored. Just recently someone mentioned that Google quoted them 5 days to recover an accidently deleted mailbox.
I don't doubt that Google Apps could very well be a great product. The key is that it "could" be a great product. Great products require great support. Great products require a certain ease of implementation and use. As it stands currently, GAPE is more like a beta framework that requires a lot of heavy lifting on the part of an IT department. It is hardly a production ready, polished product that can be sold as a service.
Re: (Score:2, Interesting)
Re: (Score:3, Insightful)
I think the problem is that Google is trying to get in to a new kind of market and they aren't ready for it. They are used to providing free, no tech support kind of services. You access their site and do what you want, but if you can't figure it out, too bad, there's no number to call. Everything is very much a system where they internally decide what to provide, put it out there and see what people do with it.
Fine for free web services, not fine for businesses. Businesses have specific needs for their ent
Re: (Score:2)
Re: (Score:2)
So which countries does Yale consider "bad?" (Score:2)
Google was not willing to provide ITS with a list of countries to which the University's data could be sent [i.e., replicated], but only a list of about 15 countries to which the data would not be sent.
Okay, so did ITS compose a list of countries it felt were unacceptable (along with logical reasons for why)? And if so, which countries, specifically, were on ITS' list that weren't on Google's list? Serious, I'd love to know which countries Yale has a beef with that Google doesn't.
Re: (Score:2)
I don't "have a beef" with most random people on the street, but if my bank is proposing to distribute bits of my money to them, I'd like to know who they are.
Re: (Score:2)
Obviously he doesn't.
Re: (Score:2)
The US government decides who's naughty or nice. Google "us export restricted countries" and you will find the list.
The government usually lets companies, universities and whatever ship products and stuff around the world without much ado. In other words, your company does its own control, and just sends a list at the end of the year to the government and says, "I exported X widgets to Spain. However, your are NOT allowed to ship to the countries "on the list" without special permission. If you are cau
Re: (Score:2)
My side point was that if they ask which countries the data WILL be in, and Google responds with which countries it WON'T be in, the reasonable response would be to assume it MAY be in ALL OTHER countries. Then, just compare that list with your no-no list. Sometimes it's easier to list out the negation. :)
Gmail wouldn't be their weakest link (Score:2, Interesting)
If you forced a login with a quick time out for all of those gmail accounts, that's a hell of a lot more secure than storing the documents on your laptop, which can be stolen and broken pretty easily. (These kids aren't going to password protect bootup and encrypt the hard drive. ) If you need an e-mail even if the internet is down, it should probably be in your notes in your word processor anyway. And unless you're not going to use WiFi, you are already sending your data over insecure connections.
And if yo
Re: (Score:2)
You don't have to go with Google. I was just pointing out that an unencrypted laptop is vastly more insecure than hosting your e-mail at an ISP, with proper password policies and session timeouts.
The hysteria about cloud computing is just a sideshow to actual security concerns, like physical access, multiple layers of encryption, and the social engineering that usually negates the first two. And if you don't know that, I hope you aren't an IT consultant.
I want a Google App Appliance. Please? (Score:2)
So, if you use Google for search, you can buy a "Google search appliance" and install it in your machine room and use that to provide your service.
I really, really want the same thing for Google Apps. The question of whether storing a document in "Google Docs" violates FERPA or something simply doesn't come up if the box is sealed in a room on a private network that you have tight control over. Running our own GMail and Google Calendar server appliances in our machine room just wouldn't make the lawyers n
And what about their current system? (Score:2)
The concerns about the Google cloud need to be weighed against Yale's current system. Every system has vulnerabilities.
Whatever countries they are worried about, are they sure that people from those countries can't hack into their systems and find what they are after more easily then they can do same for Google's systems?
What about the danger from someone within Yale's organization (one of the most common threats)? Is that worse with Gmail or with their current system?
Finally some common sense (Score:2, Insightful)
Some good concerns, but mostly FUD/ignorance (Score:4, Informative)
We're going through this same conversation at my employer (a higher-ed liberal arts university). This article came up yesterday in my team, and we had a bit of a discussion about it. Here's the email I sent out to the group about the article and Yale's decision. Hopefully this will help to clear up some of the misinformation in the article.
Anyone else done this, comments? (Score:3, Interesting)
I'm considering doing this for a small business I support.
It's about 15 users and they currently run exchange, I'm tired of supporting it and frankly too lazy, people keep suggesting google handling the mail.
I've set up a test domain and used Outlook and Thunderbird to connect to it via IMAP (that's the right way to do it, right?)
I'm in Australia on ADSL2 links, 20mbit and 16mbit are the 2 I've tested from, the performance seems 'laggy' and I'm curious what the cache implimentation of Outlook 2007 is like?
I want the users experience to be very close to what they get with exchange or at least comparable.
The users have huge mailboxes (most of their work is email - a LOT of communications) so they need massive mailboxes - the smallest is 1gb and some of them have them in the 15gb range. (Please, please don't tell me 'you're doing it wrong' or 'users need to be trained to XYZ' - this is how they work, this works for them and helps them get stuff done better, it needs to be this way) :/ Does anyone know a way around this or plans for it to change? :/
Now the first major issue, besides the lag on IMAP is the folder limitation google have in place. I can create folders and subfolders and more subfolders but the path depth for the folders is quite shallow compared to an outlook PST. This is due to 'folders' being implimented via tags on gmail
I agree the users shouldn't have ridiculous folder depth but they really do need fairly extensive folder information
\name of project\name of company\name of person\ for example is pretty difficult to do via IMAP Gmail
Anyone else have some overall general comments about moving to externally hosted mail with google (or someone else?)
Re: (Score:2)
I must be missing something. For 15 users, even ones with mailboxes as big as you claim, Exchange is essentially fire and forget. If all 15 of your users are using 15G that's a 225G store size, which is well within the limits for Exchange 2007.
What are you doing that makes you "tired of supporting it"?
Re: (Score:2)
Maybe Google even sent them a link. [justfuckinggoogleit.com]
Re: (Score:2)
Google a list of countries... remove those 15, and there you go.
There is no fucking way there are google servers in 190 some odd countries.
I mean you really think they keep a server in the Vatican or Swaziland?
Re: (Score:3, Funny)
I mean you really think they keep a server in the Vatican or Swaziland?
Of course not! Those two were on the list :P
Re: (Score:3, Funny)
Google definitely doesn't run servers in catacombs deep beneath the Vatican. The rumors are completely false that they could have a distributed storage system hidden in the endless mists of Angel Falls. And it would be utterly absurd to think they maintain a datacenter at the L2 point 1.1 million kilometers beyond the Moon.
Re: (Score:3, Funny)
Re: (Score:2)
It's not a moon, it's a datacenter?
Re:Easy solution (Score:4, Insightful)
There is no fucking way there are google servers in 190 some odd countries.
The cliche IT answer to "Where does your cloud store data?" is "Why do you want to know?" And it is with good reason.
Are you trying to avoid embargoed countries? The list of places it will not be stored should be pretty good. Are you trying to avoid a specific country? Again, the list of places it will not be stored will reveal enough.
If your customer (in this case, Yale would be Google's potential customer) wants data stored in a specific country, they gotta ask why instead of just caving. If you care WHERE your data is stored, then you don't really want Cloud storage. And I'm pretty sure Google would like to reserve the right to have servers in the Vatican if they got a sweet deal there.
This is kind customers with non-functional requirements ("you should use SQL Server, I saw an ad in InformationWeek magazine that says it costs less in the long run!").
Re:Easy solution (Score:5, Insightful)
There is no fucking way there are google servers in 190 some odd countries.
The cliche IT answer to "Where does your cloud store data?" is "Why do you want to know?" And it is with good reason.
The answer is NOYB (none of your business) and it is with good reason. Even though Google provides the service, the data belongs to the customer, i.e. Yale. It is in Yale's discretion where they want to store their data and what reasons they are willing to give out to 3rd parties for doing so.
However, I'll give you a good reason. If Google can guarantee that the data will be stored in certain countries (or even offer an option for an extra fee or whatever), then it will satisfy Yale's comfort level with respect to the privacy and legality of their data.
For example, for argument's sake, if Google could guarantee the data would only stay in the U.S. Yale would be well aware of the legal process and rights with regard to their data. However, this may not be the case in other countries such as China, Iran, Italy, Indonesia, etc.. I bet there are plenty of Chinese students studying at Yale, and there are professors of Chinese descent who then would be exposed if the data is stored in China. If Chinese government gets access to their communication and determines it needs to put certain individuals on their watch list based on their views on free speech, human rights, government, etc. they will risk being detained and jailed next time they travel home to visit relatives or after they finish school. It is in Yale's interest to protect their faculty and students from such threats.
And, from no reasonable perspective, does Yale have to come out and state to any 3rd party, including Google, that so and so is a member of their faculty and they have a concern that that person's communication is stored in such and such countries then they may have a problem. It's NOYB.
On the other hand, why doesn't Google provide an additional service to their clients where they, the clients, get to pick the countries to which their data could potentially be replicated? It seems like a feature that their clients (companies, universities, governments, etc.) would very likely pay extra for; especially considering Google's own recent encounters with Chinese and Italian governments.
Re: (Score:2)
This is kind customers with non-functional requirements...
I dunno if you know this, but federal regulations have created an assload of non-functional requirements. State and local regulations add to this significantly as well.
Re: (Score:2)
No, but you'd be surprised how many places www.google.com is a 15ms ping from. I'm in a little middle-income country hanging off Asia's rear end, with not that many more people than metropolitan NYC, and we've got Google servers by the rackload just for the local audience.
Re: (Score:2)
Could they store the data in the cloud like a RAID 0 array is set up? Only half the bits are on one server vs. another making it harder to extract data if a single server is compromised? Are they already doing something like this?
Hmm, this may not be the best idea. It would definitely make it harder to extract the info if one server was down, in fact, it would make it impossible. With RAID 0, removing one-half of the storage will render the other half unreadable, due to the way it stores information.
You may have been thinking of JBOD, which doesn't split the information on the member disks, but rather "lines it up" disk after disk, so there is only a small risk that information will cross over onto a different disk.
Re: (Score:2)
depending on the data you want, usually strip size is in the 1-4k range sometimes larger sometimes smaller so while you may not be able to extract an entire database file you can get useful info out of that database.
Experiment for at home:
1. create a raid 0 stripe on 2 disks
2. write a large amount of text to a file on the volume. (like an entire book in plain text)
3. shut down system and pull out one disk
4. restart system and run '/usr/bin/strings' on the raw disk device. (you'll find large chunks of your
Re:RAID (Score:5, Informative)
Sorta, Google call them shards.
http://news.zdnet.com/2100-9588_22-141569.html [zdnet.com]
Shards can be located by different masters and different masters are located in different locations according to the data type.
So I think Japan (That's where they just dropped their Asia - US cable after all, so it makes sense) has a "complete" replication of all Google data. Some data is also replicated to containers (YouTube etc) for hosting at major ISPs. So all email data would be replicated in non-realtime. If you request something that isn't in that DC it's located in the US or wherever is closest (I guess).
There are multiple "complete" copies on the east and west coast as well as European hub sites or directly connected to European hub sites.
If you ask for a citation, I can dig something up for you....
Re: (Score:2)
Is it resident in plaintext in these offsite locations?
Re: (Score:2)
Umm, ask Google?
But honestly, would it make sense for it to be encrypted? I would think it would be too computationally expensive and increase the response time of the request to encrypt this data.
Presumably, plain text and binary data (Video / docs etc) would be stored as just that.
Re: (Score:2)
It probably isn't encrypted, at least not for regular gmail users, but it also probably isn't in plain UTF-8 or HTML either. No doubt it's held in a custom database that wouldn't be easy to access without some knowledge of the system.
I'm pretty sure what goes out over the interwebs is plaintext though.
Re: (Score:2)
BigTable perhaps?
http://en.wikipedia.org/wiki/BigTable [wikipedia.org]
http://static.googleusercontent.com/external_content/untrusted_dlcp/labs.google.com/en//papers/bigtable-osdi06.pdf [googleusercontent.com]
So, each email segment (What you see as each email in your gmail web interface) would probably be assigned a docID which would then be put into bigtable which then went onto a gfs partition / shard.
Re:RAID (Score:5, Funny)
Only half the bits are on one server vs. another
While this is of course theoretical, if you put all the "zero" bits on one server and the "one" bits on another, you could also achieve fantastic compression ratios.
Come to think of it, this gives me a great idea for a defragmentation program...
Re: (Score:2)
Come to think of it, this gives me a great idea for a defragmentation program..
I believe they call what you're thinking of "disk wiping".
Re: (Score:2)
congratulations, that's officially the worst idea i've ever heard.
You don't get out much, I'm guessing, if that's the worse you've ever heard.
Re: (Score:2)
Re:So Cloud Computing is unsafe? (Score:4, Informative)
Yeah, they just print them out and leave them in the lobby.
Re: (Score:2)
If you could get into one of their data centres, find a master (Hope it's got the index you are after) break into it, then break into the boxes (Online or offline) then re-assemble the shards, sure.
Wouldn't it just be easier to threaten you or someone you care about and just say that something bad is going to happen unless you hand over the password?
Honestly, if they want access to the data that badly, installing a keylogger / screendumper when your not looking would be a shitload simpler.
Re: (Score:2)
You can set up mailing list addresses that you can assign to one or more people.
Re: (Score:2)