Max Krohn, CEO of Keybase, writes about the Slack security incident. I use Slack at work, and in fact started us using it. These security breaches are not surprising, although it’s weird that Slack just received new information about a security breach that took place in 2015.
The cloud is easy, but it’s not secure. You have third-parties attacking for data, but also the unclear motives of the companies holding the data for us (Germany just banned Microsoft, Google and Apple cloud tools from their schools because of data privacy concerns). It’s frustrating because these cloud-based tools are as problematic as they are convenient.
My journey with Slack started when it was a newish product, but as it got bigger, it got more attractive as a target. Unfortunately, once you have people using a tool, it’s tough to move them to someplace else (ie, the Keybase teams tool, which is supposed to be more secure than Slack). With the cloud, you need to be prepared to run to another tool when the current one is inevitably compromised. Of course, I could host something myself, but that’s a lot of work and cost for which I’d never be reimbursed.
Word processing in a web browser still isn’t great. It’s laggy and slow. I can see why someone–even a cloud-loving millenial–would prefer a word processing client instead.
It’s true. Cloud providers–especially American ones–are insecure on a number of levels. But on a practical level, they just make life so much easier. The thing of it is, I know I could host things like email and files on my own server, but I’m not sure how much more secure the data would be. Because while anyone can create their own cloud, keeping a cloud secure isn’t a trivial task. So I use hosted clouds and try to remember how many corporations are looking through my files. It’s not perfect but it’s convenient.
One day I hope to have the time and energy to create/find something more secure. Most probably a hosted solution in a privacy-minded country. If your family is already interested in security, I’d encourage them to explore alternative solutions. You might have a situation where your family is doing the leg-work of a secure cloud project for you!
As I mentioned yesterday, my book, The Librarian’s Guide to Academic Research in the Cloud is now out. The book focuses on how to think about and use cloud services in academic research, but the final chapter looks to the future of cloud computing. This is an excerpt from that chapter that seemed to belong here.
The Rise of Linux
Related to the potential rise of thin clients is the potential rise of the Linux operating system. Linux is based upon the Unix operating system and has historically been seen as a powerful, common server tool that is also used by some people as a desktop operating system. While there’s a wide range of software available for Linux, the desktop software ecosystem has never been able to compete with either Windows or OS X. Because of this lack of commercial software, Linux adaptation has been low, although there are quite a few vocal enthusiasts and public Linux communities. Enough so that despite the low adaptation rate, many of the services discussed within this book have some sort of Linux client. But because so many cloud services are designed to be interacted with via a browser, Linux has become a much more viable choice for users who wish to explore an alternative operating system, either for political, economic, or usability reasons.
As mentioned previously, Linux is based upon the Unix operating system. Linux is open source, meaning users can modify it. Linux is also cost-free. In fact, much of the work of Linux is built on the work of unpaid contributors around the world. The fact that it is open source means the code is always publicly available for anyone to use or to work with. This contrasts with OS X, Windows,and iOS, all of which use a proprietary code base to which only employees of the companies connected to the operating system have access.
Users seem to choose desktop Linux for several reasons. Many users gravitate to Linux because of its open source philosophy. Others choose it because it tends to be more customizable than proprietary operating systems, which need to restrict access to their code for competitive purposes. Others choose Linux because it is cost free. And others choose it because it tends to run better on older hardware, although that depends upon the type of Linux software being used.
A common barrier to entry for Linux for many has always been software. For instance, while there is a version of Microsoft Office for Windows and for OS X, there is none for Linux. And while there are many word processors for Linux, as mentioned in chapter 5, it can often be challenging to share work between two different versions of word processors. But with the rise of services available in the browser, Linux users no longer need to worry about compatibility. A Zoho document will open in any desktop web browser, regardless of the operating system powering the browser. Someone looking to experiment with Linux does not need to worry about finding the right Linux software to work with a file. Instead, the user can just use her browser and go ahead with her work.
Just as thin clients are a viable tool because so much work can be done using the browser, Linux also becomes a more viable choice when users do not need to worry about local software.
I’ve been playing with the Samsung Chrome OS notebook for work and so far it hasn’t really impressed me.
The concept is interesting — a netbook that’s optimized for Google services. There’s no need for a large hard drive because everything is in the cloud. This old Chromebook commercial is part of what got me excited about the concept:
Conceptually, the idea works to a point. You login with your Google credential (once the WiFi is configured as a guest) and you’re off and running. If you happen to have saved your Chrome/Chromium browser settings to your Google account, which I had, your browser is instantly configured and familiar.
Which is good, because the Chrome OS is just a browser. Nothing else. That’s your UI. And it’s weird. Because just about every other computing device in the world gives you more than a single window to work with.
Aura, the new desktop concept for Chrome OS, isn’t innovative, but it’s familiar. I think it’ll make a lot more sense to users. There’s a launcher area that lets you open applications, even though, as before, everything just opens in a Chrome tab. There’s also a taskbar with settings, since I imagine not everyone realized they could control their entire systems settings through a browser wrench:
The need for the launcher sums up Chrome OS pretty well. It’s supposed to be the essence of simplicity, but the simplicity requires a fair amount of background knowledge about the OS and about managing files and applications via the cloud. A fairly technically accomplished, knowledgeable user can totally ignore the launcher, but would a technically accomplished, knowledgeable user be content with an OS that’s just a browser?
Who is Chrome OS for?
My suspicion is the launcher, which can be summoned with Ctrl-caps lockmagnifying glass, is a recognition by Google that Chrome OS is too unfamiliar to average users.
A lot of the Chrome apps seem designed to give users a hook into familiar services. As a result, many Chrome OS apps can be pretty disappointing. The Dropbox app just opens up Dropbox in the browser. But there’s no actual automated syncing, which is kind of a huge part of Dropbox’s appeal. With cloud apps, the argument might be that there’s nothing to sync since there’s nothing on the local machine. But I imagine some people want an automated way to move stuff they download to their Chromebook up into their Dropbox account. And the presence of a Dropbox app implies the presence of the service. But really, the app is a bookmark, as are many of the Chrome “apps.”
Having said that, I love the Scratchpad app. It’s a simple text editor that supports light formatting but that syncs against your Google Docs account, placing everything in a Scratchpad folder. I find Google Docs horribly laggy to work with, across operating systems and browsers, but Scratchpad is quick and responsive, plus it opens up in a separate window, letting me Alt-tab between the browser and the text, which is about 95% of my workflow.
Opening non-cloud-based files still isn’t as easy or as simple as you would think. RTFs don’t open because they’re not a supported file format:
There’s also no Java within Chrome OS, which isn’t a deal-breaker but is inconvenient. For instance, I often screencast via the wonderfully simple Screencast-O-Matic, and that doesn’t work on Chrome OS. There are some screencasting tools in the Chrome store, but it seems silly to have to abandon something effective and familiar that works on every other computer I use.
Aura is a huge step forward for Chrome, but it still feels miles behind modern desktop experiences. It’s still hard to do things that are relatively simple on Windows, OS X, or any Linux desktop. And keep in mind that GNOME 3 and LibreOffice provide Google Docs integration, while still allowing users to use a full-blown desktop. Cloud integration is pretty much a given on modern devices. Aura isn’t providing anything that isn’t available elsewhere.
In fact, Aura still requires the user to think about what they want to do and then figure out how to do it within the constraints of the Chrome OS. Compare that to GNOME 3, where I click the meta key, type the application or file that I want, and it launches. It’s a huge, huge difference in user experience.
The Aura interface is workable, and the Samsung hardware is nice — the keyboard is great, the machine is light, and the screen is a decent size. But the price is around $350 (more for the 3G model). That’s a lot of money to spend for a netbook that won’t bend to the user’s will. I bought a refurbished Dell for around $200 a few years back, threw Ubuntu Netbook Remix on it, and had a netbook that was way more flexible and functional than Chrome OS will be by the time Aura moves to stable. And there’s nothing Chrome OS can do that any netbook with a browser can’t do, except maybe run Netflix.
Chrome OS is just OK until you factor in the price. Then you’re paying a lot of money for a machine that’s going to be challenging for most users to work with, at least at first, put possibly forever, depending upon the commitment and expertise levels of the user. And users already well-versed in cloud services are going to be able to re-create all of the functionality of Chrome OS on much cheaper hardware.
Aura’s a big improvement for Chrome but it’s still not enough. If Google doesn’t want to dramatically improve their OS, they might want to focus on cheaper hardware. At $350, it seems hard to justify what you’re paying for. But if Google and its partners could figure out how to bring in something at around $200, it might be something more people would be willing to work with and around.
The challenge of Aura, and the Chrome OS in general, is that it’s too expensive and basic for experts and too complex and expensive to users not accustomed to working in the cloud. Until Chrome figures out its audience, or simply gets much cheaper, it’s going to have a tough time attracting users.
Right now, it’s a long way from the disposable netbook imagined in that early Chromebook commercial.
This is an interesting David Pogue post predicting that as more and more data moves to the cloud, more and more ISPs (including home ones) are going to cap data.
I predict that as the cloud becomes less economically feasible due to these kinds of fees, the ability to save work and data locally will become a feature.
We moved from the mainframe-terminal model (which is kind of a cloud metaphor), to local, independent machines. Now, we’re back to the cloud.
Eventually, we’ll return to local computing. So don’t delete all of those local files quite yet.
I really don’t have anything against Apple. I choose to use Linux full-time, which is a choice not to use Apple, but it’s nothing personal. I don’t like Apple’s business model but it’s the same kind of innocuous dislike I have for raw onions and Justin Bieber.
I do appreciate the things Apple does well, though. They build very sturdy MP3 players, as I’m learning from treating my suddenly falling apart Sansa Fuze with the same kind of indifference I’ve treated iPods.
In general, though, Apple tries to do too much for its users. It eliminates as much choice as possible, so everyone has the same experience, regardless of their personal preferences.
I understand the problem iCloud is trying to solve: people have files everywhere and they often don’t have the right files in the right place at the right time.
But this isn’t a problem all people have. Most tech savvy people I know have figured out all kinds of solutions to this problem. A lot of the solutions revolve around DropBox, or DropBox-like services. But there are also home-grown solutions involving locally-controlled servers.
The beauty of most of these solutions is that users have full control over all of their files at all times. They know where they are and who has them and most have a way to move all of their files should the need arise.
iCloud is trying to be the solution people don’t have to think about. Steve Jobs has been banging home the refrain “it just works” to describe iCloud.
It’s a good selling point. Services should work. But Jobs doesn’t mean iCloud works. When he says “it just works,” he means iCloud is making important decisions for users. And the choices iCloud makes next fall could be dramatically different next spring, leaving users to roll with the punches. Because they’ve tied their files and data up in a service they can’t control.
2001 fans might remember that HAL just worked, too.
Linux enthusiasts tend to be more sensitive to control issues. We tend to want to make our own choices and we like to be able to modify our choices. Right now, I’m typing this in gedit, but if I decided to switch to another text editor, I could easily do so without losing the ability to view or edit any of the other posts I have saved locally on my computer.
But I understand not everyone has the expertise to manage their own files and data. Not everyone can keep track of their files.
I would argue the answer isn’t to handle this task for users, but rather to help users understand the process.
Conventional wisdom says most users don’t care about this. They don’t care how the sausage is made. They want something that “just works.”
But that’s not entirely true. Users do care. They care when files disappear. They care when they can’t access what they need. They care when they’re forced to pay ransoms to get at their data. And then, a backlash comes against whoever is responsible for managing the user’s data.
There’s a solution, though. Open standards for data portability would gives users the freedom to easily move their data whenever they want to wherever they want to move it.
Transparency would let users see where their data is and what the conditions are for them to access it.
And the best part is, those two ideas could exist in a service that “just works.”
In fact, with open data portability standards, the cloud services would improve at an impressive rate, since there would be true competition in the space.
iCloud doesn’t “just work.” It creates a layer of abstraction between users and their data and ultimately creates more work for Apple, who is now in the position of needing to manage increasingly complex tasks from a user base that is increasingly disconnected from its data.
The answer isn’t to make choices for users but to create systems that make it easy for users to make choices.
I recently looked into citation management tools for an article I’m working on.
About citation management tools.
So the whole thing was very meta.
Even though I run Windows 7 at work, I made sure I looked at free cross-platform tools. I wound up selecting Mendeley, Zotero, and citeulike.
I’ll post a link to the article once it’s available in a few months, but for now, I wanted to talk about these tools from a technical standpoint.
All three tools pretty much do the same thing. They allow users to capture book and article metadata and export the data in a bibliographic format, like MLA, APA, Chicago, ASA, etc.
They also allow users to organize their research, so all of their articles on a given topic are in one place. All three support tagging and have some social sharing aspects.
Technically, all three tools are different, though. Mendeley is a standalone client. Zotero is a Firefox extension. And citeulike is entirely web-based.
Mendeley is pretty robust, allowing you to organize web-based files as well as local ones. And the client has a web sync. But the sync didn’t work horribly well for me. Metadata would get corrected at work, but it didn’t seem to make it to my home set-up. But I was also syncing my data to Zotero and I wonder if there were just so many versions of things floating around, that Mendeley got confused.
One nice thing about Mendeley, though, is that they have a Linux client, so using it is really no big deal. It installs like any program, once you add the Mendeley repository.
I’ve played with Zotero on and off for years. Like Mendeley, there’s a web sync option, so you can access your research across computers. It works well but the Firefox dependency is a real killer. I don’t use Firefox very often and I don’t want to have to switch browsers when I’m doing research.
citeulike didn’t knock me out. It’s tough to get it to effectively grab metadata. It seems like at least 75% of the time, I had to export citations in BibTeX, a standard citation format designed for LaTeX, and then manaually import the BibTeX into citeulike.
But in the end, I’m sticking with citeulike because it’s web-based. I just install a browser button into ANY browser, and I can grab (some) articles relatively painlessly.
Mendeley has an easy browser button, too, but it still requires the client to export your work into a bibliographic format.
So even though Mendeley is easily the most robust of the three tools (you can view and annotate PDFs using it), citeulike is the easiest to implement. So I’m sticking with citeulike for now.
Zotero is working on a standalone client, and while I really love the ease with which Zotero grabs metadata, a client just feels like a lot of work. It’s something else that needs to be updated. It’s something else that needs to be opened. And it’s something else that needs to be installed.
Given that I usually print articles and keep them in folders, annotating them by hand, citeulike seems to be the easiest way to keep track of my research and generate semi-clean bibliographies.
Also, some institutions (including my own) provide access to RefWorks. RefWorks is pretty nice, but they only have browser buttons for Internet Explorer and Firefox. Like with Zotero, that’s kind of a deal killer for me, even though RefWorks has some nice functionality, like using a URL resolver to link to subscription material automatically.
I appreciate that Mendeley took the time to develop a Linux client and I feel like I should support that, but the idea of a standalone client feels like overkill. Having said that, I might eventually check out some Linux citation management clients, just to make sure I’m really not missing out on anything. Referencer is well-reviewed but looking for a new maintainer. And JabRef also looks interesting.
Committing to a reference management tool represents a new research work flow for me, but I’m hoping having everything in one place will eventually pay off for me.
But if nothing else, I’m learning lots about BibTex.