Normcore Tech

Share this post

Google Drive is production

vicki.substack.com

Google Drive is production

Look at me, I'm the source of truth now

Vicki Boykis
Apr 28, 2020
5
Share this post

Google Drive is production

vicki.substack.com

Art: Composition with Grid IX, Piet Mondrian, 1919

A couple weeks ago, Jack Dorsey tweeted that he was donating money to fighting COVID. A whole lot of money. 

Twitter avatar for @jack
jack @jack
I’m moving $1B of my Square equity (~28% of my wealth) to #startsmall LLC to fund global COVID-19 relief. After we disarm this pandemic, the focus will shift to girl’s health and education, and UBI. It will operate transparently, all flows tracked here:
docs.google.com#startsmall trackerDonations current value, $ 1,260,412,570.00 current share square price, $ 63.55 number of shares transferred to LLC,19,833,400 Total Remaining: , $ 1,252,144,422.00 Total Dispersed:, $ 8,268,148.00 Distributed: Date, Amount ,Category,Grantee,Link,Why? 4/2/2020, $ 100,000.00 ,COVID-19 ,Americ...
8:04 PM ∙ Apr 7, 2020
293,169Likes68,036Retweets

And he did it in a Google Sheet, which, in an interesting twist, is open to everyone.

https://docs.google.com/spreadsheets/d/1-eGxq2mMoEGwgSpNVL5j2sa6ToojZUZ-Zun8h2oBAR4/edit#gid=0

In researching (and interacting with) Jack previously, he doesn’t exactly strike me as the kind of person who would carefully track things in a Google Doc.

After all, 

Jack also loves to talk about his meditation schedule, intermittent fasting, and SaunaSpace. He also uses something called an Oura Ring to track his sleep, and he drinks “salt juice” (water, Himalayan salt, and lemon - I guess he’s working on self-actualizing into becoming a conductor of electricity?)

He also recently went on a silent retreat in Myanmar.

Looking at the sheet, there are a number of points for further investigation. We could talk about the charities he picked, the fact that he hasn’t updated it since 4/14, and the calculus of transferring Square shares to pay for all of this. 

But what’s most interesting to me is just how ordinary is it from an actual spreadsheet perspective. It has equations. It has links. It has tabs. Billonaires - they’re just like us! They freeze panes to lock in rows and columns!

I think the much bigger story here, though, is that absolutely everyone uses Google Drive, simply because it’s a tool all of us, regardless of status, class, or how many companies we own, have ambiently available in our digital lives. In much the same way that Excel still powers the financial economy (and lots, lots of other things), Google Docs has risen as a cloud complement. The worse story is that, since it’s tied to Google, an ecosystem that almost everyone is a part of, and because its consumer version is free, it’s wormed its way into the operational systems of companies where it now lives like a very dangerous Swiss army knife, used for anything and everything without thought given to the implications.

For example, after the botched Iowa caucus in January, Nevada tried to record some of its election results through Google Drive,

Details on the new system are patchy, but it seems that at least some caucuses will be tabulating and reporting their results through a combination of Google Forms and associated spreadsheets. There’s also some indication that Google Forms may be used to check voters in at caucus locations, although in both cases, there will be other options available as a safeguard.

On the tech side, the state party is operating from a regular enterprise G-Suite account, apparently connected with off-the-shelf iPads.  

And, as I wrote earlier, schools are fully embracing Google Docs for students and staff alike.  In tech, Google Sheets are also often used to share salaries in order to give employees negotiational leverage. From my own personal experience, they’re often used to collaborate on writing and editing books, editorials, and petitions, and as invoice systems for places that pay freelance writers, including lots of fun personal information such as addresses and bank account and routing numbers.

The more I think about it, the more I’m convinced that the world now runs on Google, and if Google Docs ever went down, it would be an even larger blow to the economy than Zoom or Excel at this point, but that the more it stays up, the more this cloud app owned entirely by Google becomes the most dangerous weakest link in all of our workflows.

This is not an exaggeration. A couple days ago, I put out a call for crazy Google Docs use cases, and got them in spades. 

Twitter avatar for @vboykis
Vicki Boykis @vboykis
Working on this week's newsletter,about Google Docs, and I'm convinced (from personal experience) there are people/companies using Google Docs in unholy ways, which I'd love to include (if you're ok with it). What's the craziest/least secure way you've seen Google Docs used?
5:30 PM ∙ Apr 26, 2020
88Likes14Retweets

Here are some of my favorite ones: 

GDocs as a payment system:

Twitter avatar for @joshlaurito
josh laurito @joshlaurito
@vboykis I built the AVClub’s freelance payment system (including negotiated payment rates and confirmation emails to the freelancers) with a colleague on top of a gsheet and we called it freelancelot!
1:01 AM ∙ Apr 27, 2020

GDocs as a chat platform: 

Twitter avatar for @peteskomoroch
peteskomoroch @peteskomoroch
@vboykis I’ve heard Netflix mostly used gdoc comments to communicate with eachother instead of slack or email.
6:18 PM ∙ Apr 26, 2020
Twitter avatar for @ikding
I-Kang Ding, Ph.D. @ikding
@vboykis I've heard that students from my kids' school use Google docs as impromptu chat rooms, since they know for sure it's not blocked by school networks. But that probably doesn't quality as "crazy" / "least secure". 🤷
5:45 PM ∙ Apr 26, 2020
31Likes2Retweets

Google Docs as a lunch resolution service: 

Twitter avatar for @adamlaiacano
Adam Laiacano @adamlaiacano
@vboykis At Project Florida we had a pretty complex sheet for building lunch orders from Cafe China including auto-generated venmo payment links to the person who places the order. If that counts.
6:20 PM ∙ Apr 26, 2020

And, finally, as a development platform: 

Twitter avatar for @clairebcarroll
Claire Carroll @clairebcarroll
@vboykis Control your kubernetes clusters via a spreadsheet github.com/learnk8s/xlsku… Nothing could possibly go wrong
github.comlearnk8s/xlskubectlxlskubectl — a spreadsheet to control your Kubernetes cluster - learnk8s/xlskubectl
10:58 AM ∙ Apr 27, 2020
16Likes2Retweets
Twitter avatar for @eric_oh_see
Eric @eric_oh_see
@vboykis hahahahaha, I am totally going to win this 🤓 - BigQuery data model -> Looker - Looker scheduled CSV report -> Fivetran email connector - Fivetran -> BigQuery - GSheet V8 script (queries BigQuery) -> populates Spreadsheet I set this up in December and :chefs_kiss:
8:30 PM ∙ Apr 26, 2020
Twitter avatar for @kara_ec
emre can kara @kara_ec
@vboykis A google sheet that is editable via link as a DB for a microservice :)
5:35 PM ∙ Apr 26, 2020
47Likes2Retweets
Twitter avatar for @junghoon_sonMD
Jung Hoon Son, M.D. @junghoon_sonMD
@vboykis Google Sheets has a "TRANSLATE()" function. Once just mass loaded a few hundred thousand non-English documents each cell and translated a lot of text quickly using their seemingly free parallel computing power/API without having to work with APIs...
6:12 PM ∙ Apr 26, 2020
21Likes1Retweet

And, here are some from DMs:

  • “Used a google sheet as a shared account password manager, which is probably common. But this one was secure because someone made the password column white text on white background.”

  • “Not exactly google docs but One non-engineering team at a company I know used Google Colab to run production api ingestion tasks. This included all secrets being pasted in plain text with this Colab being shared with multiple people.”

  • “P&L level figures on a doc set to link-sharing that anyone can find I can email the entire company by sharing a team drive with the entire org - the "all employees" emails list has tons of non-internal email accounts”

Finally, are a couple where the specifics were so terrible that I needed to edit them out: 

  • Doctors keeping track of groups of patients in Google sheets

  • Ad teams using Google sheets to manually construct complicated boolean queries in place of NLP to create ads responding to specific consumer sentiments

  • Companies keeping all their customer’s addresses in docs that were accessible to external vendors, and, really, anyone

  • A very large company that initially kept track of a multimillion dollar line-item budget in a database, but migrated to a single, enormous Google Sheet that’s directly editable by at least 5 people. 

The more stories I got, the more I became terrified that our entire economy (what remains of it, anyway) is only a “click to share” link away from exposure. (But if you have more stories, definitely put them in the comments.)

There are a number of things that make Google Docs extremely sticky and extremely dangerous. First, most people have Google personal accounts. When you open a work-related spreadsheet, if your Google personal account is the default on your machine, the document goes in there. 

Twitter avatar for @jbendeaton
Ben Deaton @jbendeaton
@vboykis Mostly the thing where you click on a Google Doc link from your work gmail account and it opens with your personal Google account.
8:11 PM ∙ Apr 26, 2020

And where “in there” is, is a different story, too. We no longer own anything in the cloud. 

Twitter avatar for @JennyBryan
Jenny Bryan @JennyBryan
It feels like Microsoft, Google, and Apple are all trying to create a world where people have no freaking clue where their files are saved and I think this is a Really. Terrible. Idea. This is the root cause of our kids' greatest agony re: online learning right now.
6:34 PM ∙ Apr 22, 2020
593Likes84Retweets

Google doesn’t give us a very fine-grained view or control on these files. As I wrote before, what’s ours is no longer ours. 

I was really surprised. Memes are, in an internet that’s been entirely corporatized and controlled top-down by Amazoogle and advertising, the People’s Content. They come from the bottom up, from message boards and reddit threads, from Photoshop and Powerpoint, and make their way online. And yet, we have no control over them, no way to save and catalog them, to search through them.

The people before us left behind vellum manuscripts and paintings, wrinkled photographs and handiwork, letters that smell of sealing wax - evidence that humans were here, doing human things, living.

What will be left of us when the servers are turned off and the last Baby Yoda gif disappears into the ether?

Another enormous problem is link-sharing. There are millions of spreadsheets out there that are accessible to the public with a link. Hackers have already previously exploited it, but surprisingly for a problem this big, there doesn’t seem to be a lot of other news about it. If hackers are working on exploiting this already, then we just have not heard anything about it lately.

Finally, it’s hard to tell which documents are ours and which are someone else’s. For example, as soon as I opened Jack’s sheet, it went into my own Drive, where it will now stay, for a very long time:

Twitter avatar for @AlanMCole
Alan Cole @AlanMCole
Time for one old curmudgeon tweet: Back in the day there was a clear directory hierarchy on computers designed to be visible. When you loaded and saved files, even within applications, you could see that system. These efforts to obscure the directory system from the UI are bad.
2:38 AM ∙ Apr 26, 2020
486Likes53Retweets

We, as tech professionals and security professionals, spend hundreds of millions of dollars securing our clouds, our personal laptops, our databases and now we’re harping on Zoom’s security issues.

But I haven’t seen much press at all about how much of a problem it is that a company has not only managed to embed itself into our consciousness with search, but now also lives inside our companies as a complete production system that people rely on to track revenue, run databases, manage vendors, and, yes, distribute billions of dollars.

I’m not saying that all of this is going to come crashing down, mostly because many of thse systems operate through security by obscurity, but maybe we (and Jack) should back our stuff up at least every once in a while, and maybe take some of these docs out of production.

What I’m reading lately:

  1. Why are Taleb’s ideas so good (I personally have long been a fan) and yet it’s so easy to hate him? The Taleb starter pack.

  2. TFW you’re a data scientist IRL

    Twitter avatar for @redditships
    relationships.txt @redditships
    I [30M] found my girlfriend’s [29F] spreadsheet tracking our entire relationship
    Image
    Image
    6:19 PM ∙ Apr 25, 2020
    9,820Likes1,061Retweets
  3. Cuomo’s Powerpoint aesthetic

  4. Bleak but good content

    Twitter avatar for @Springcoil
    Peadar Coyle @Springcoil
    How can Data Scientists survive layoffs? peadarcoyle.com/2020/04/26/how…
    Image
    8:50 AM ∙ Apr 26, 2020
    74Likes19Retweets
  5. Saudi Arabia now owns Ticketmaster?


The Newsletter:

This newsletter’s M.O. is takes on tech news that are rooted in humanism, nuance, context, rationality, and a little fun. It goes out once a week to free subscribers, and once more to paid subscribers. If you like it, forward it to friends and tell them to subscribe!

Swag: Stickers. Mug. Notepad.

The Author:
I’m a data scientist. Most of my free time is spent wrangling a preschooler and a baby, reading, and writing bad tweets. Find out more here or follow me on Twitter.

Share this post

Google Drive is production

vicki.substack.com
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 Vicki Boykis
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing