Google Reportedly Ditching Windows 1003
Reader awyeah notes a Financial Times report that Google is ditching the use of Windows internally. Some blogs have picked up the FT piece but so far there isn't any other independent reporting of the claim, which is based on comments from anonymous Googlers. One indication of possibly hasty reporting is the note that Google "employs more than 10,000 workers internationally," whereas it's easy enough to find official word that the total exceeds 20,000. "The directive to move to other operating systems began in earnest in January, after Google's Chinese operations were hacked, and could effectively end the use of Windows at Google. ... 'We're not doing any more Windows. It is a security effort,' said one Google employee. ... New hires are now given the option of using Apple's Mac computers or PCs running the Linux operating system. 'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.' ... Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
Re:I call bullshit. (Score:4, Informative)
They probably use this one [wikipedia.org].
Re:Flamebait (Score:5, Informative)
Aaaand ... after reading TFA, it confirms ChromeOS and dogfooding:
Employees said it was also an effort to run the company on Google’s own products, including its forthcoming Chrome OS, which will compete with Windows. “A lot of it is an effort to run things on Google product,” the employee said. “They want to run things on Chrome.”
Re:MACS???!?! (Score:4, Informative)
Except OS X isn't more secure. That's why it's always the first gone at pwn2own competitions.
Re:MACS???!?! (Score:3, Informative)
Macs have been offered at Google all along - all that appears to have changed here is the elimination of Windows as an option.
Re:neato (Score:3, Informative)
I'm not as smart as most of you slashdotters, but this seems smart in that they can write their own security updates with Linux, as opposed to waiting for Microsoft to fix them.
Yes, but in order to do that they're also creating a budget to support the programmers doing that.
Skepticism warranted? (Score:5, Informative)
Re:Developers on ChromeOS? (Score:4, Informative)
Tell me... what IDE runs on ChromeOS? Where's the Emacs for Android? When I see that, we'll talk. Until then, I don't think that Google's going to be able to migrate it's most vital employees (engineers) to "eat their own dogfood." Might be interesting to migrate support staff, but that's not where the heart of Google is.
Well.... since ChromeOS is built on Ubuntu [computerworld.com] I'll bet that anything that runs on Ubuntu should run on ChromeOS.
Re:IBM is headed that way too (Score:5, Informative)
This is a new Symphony, entirely unrelated to the old product [wikipedia.org], build on top of Eclipse technologies and forked OpenOffice code.
http://symphony.lotus.com/ [lotus.com]
Re:MACS???!?! (Score:5, Informative)
OS X has all the nice overflows, poor to no memory protection, problems with users ect that most consumer quality OS face.
Actually not really. It's not as prone to buffer overruns as C++ or C would be, thanks to Objective-C used to write most apps.
Also with Snow Leopard, it has fairly good memory protection at this point.
And the users are more partitioned off, because there are no programs that demand you run as admin the way you find Windows programs that flake out... not to mention no open ports by default.
Re:I want to see the long term results of this... (Score:5, Informative)
No, the number of unnecessary and undesirable services automatically deployed with Windows operating systems is quite profound. The automatic sharing of the C: drive as \\hostname\c$\, for example, has been nearly impossible to turn off for even a competent systems administrator without ripping out parts of the operating system you may want.
Shall we review the security risks of the almost mandatory use of dynamic DNS associated with Active Directory? Or the very poor security models of overburdening the Kerberos server underlying Active Directory with graphical and non-security related tools which have _nothing_ to do with that absolutely critical security service, yet are mandatory with the Windows "Server" releases required to run an Active Directory server? Or the denial of service attacks possible against an Internet-exposed Exchange server because it simply cannot handle a reasonable amount of direct SMTP traffic, especially broadly distributed spambots?
The Linux boxes simply do not run all these services and have all these vulnerabilities when they come out of the box because they don't _activate_ such services without giving the owner a patch to patch their systems. And users are not forced to run "Internet Explorer", that festering cesspool of security vulnerabilities, because someone locked the software update mechanism to a web browser with too many "features" to possibly secure.
Re:Developers on ChromeOS? (Score:3, Informative)
However, the main issue with Chrome OS is the vapor it's made out of.
Chrome OS isn't vapor... [getchrome.eu] It is still a beta so its not fully functional, but it is real.
Re:Not a big suprise (Score:3, Informative)
Re:Flamebait (Score:3, Informative)
It's the security stuff they are and are not feeling good about.
LoB
Re:something wrong with TFA (Score:2, Informative)
Windows has run-as. You can run programs as another user account without logging off. Create an administrative account and use run-as only when running the programs that need it. This is close enough to sudo to be useful.
As a developer I have done this; except in the reverse. IT wasn't flexible with domain user accounts so I ended up having an administrator account and used run-as to a local limited user. I did that to test that my code would work with minimal privileges.
Windows doesn't do anything to encourage this sort of thing but it certainly is possible if you care about security.
Re:something wrong with TFA (Score:4, Informative)
windows key + r /u:domain\user application.exe
runas
return or enter key
when prompted enter your password
use a- prefix accounts within a group on the domain for local administrator access.
use normal accounts for login and day to day.
I don't care about the OS "fighting" but make sure you look at all the details first.
Re:I call bullshit. (Score:3, Informative)
I have spoken with 4 Google employees, all who have given the same information.
They are moving to Mac or Linux, employee's option.
Exceptions are only given on a case-by-case basis.
Bullshit (Score:4, Informative)
Re:Flamebait (Score:3, Informative)
People managed to check email, schedule tasks and appointments, manage contacts and keep notes before Outlook came on the scene. There may no good one-stop alternative, but maybe that's not such a bad thing. Outlook is a bloated monster that, if running on its own, uses a horrible flat file database, and if running on a network, uses Exchange, which, when it works is great, but as anyone who has to debug it when it goes nuts knows, can be an absolute nightmare.
But there are some web-based apps like Zimbra and Gmail which are pretty darned good and that's certainly the direction my organization is looking at as we expand. Outlook-Exchange is absurdly expensive, and at some point you have to weigh the costs of all those Exchange CALs (not to mention all the Server CALs for accessing file and printer shares). For us its pure economics. With limited budgets and the need to expand, we're between a rock and a hard place, and if it means moving to a somewhat less convenient web-based mail/scheduling system, well, that's just the way it will be.
Re:Financials (Score:5, Informative)
Do you see now why that won't be a problem for Google?
Re:Skepticism warranted? (Score:1, Informative)
Google employees have been using Linux and Mac. For a long time. The employees I know got a choice of the three. Some got all 3. I'd speculate that Windows gets the release priority because Windows still holds the major market share for the not-employed-by-Google population.
Re:MACS???!?! (Score:5, Informative)
That's because the hackers want a Mac, not some lame old Windows box.
Sorry, but the contestants do not decide the order in which they attack the target computers. They are allocated timeslots randomly to each system. The Mac fails first because they haven't implemented some of the basic security precautions that the other operating systems have.
Re:something wrong with TFA (Score:4, Informative)
Re:Financials (Score:3, Informative)
Very hard to find accounting programs that do not require Windows OS.
When you're a $24B company, you don't use Quickbooks. You use Oracle Financials or SAP, neither of which require Windows.
Re:I want to see the long term results of this... (Score:1, Informative)
There is so much collective failure in this single post, that I wonder if the last time you used Windows was during NT4 (or even earlier).
Automatic (administrative) shares can be disabled by a registry key. Set that up to deploy to all computers in the AD, boom, gone. They're also inaccessible over the network by default in win7 and vista.
GUI tools are not required for managing AD since Vista. Powershell + server core. And are you trying to claim that a DDOS won't take any server offline, or are you defining "reasonable" as "any value Microsoft servers become unresponsive under, but not any value where another OS's server would do so, even if those numbers are the same, a waiver is granted for the other OS?"
Of course, the fact you mention IE and software update mechanisms means that you, at the very least, have not used anything Vista and beyond, nor have you used XP since...what, SP2? Hint: the browser has not been required for OS updates, software updates, etc for a long time.
Don't even get started on the "which browser is secure" debacle. Firefox, my browser of choice, has its own share of issues, as does Chrome, Safari, etc.
All in all, it seems like you should learn a new rant, because this one is old, outdated, and provably false.
Re:something wrong with TFA (Score:2, Informative)
I fail to see how this is fundamentally different that using a Linux/Unix sudo, except for not having to drop to the command line and enter a sudo command.
Modern Linux distros rarely require that -- there are GUI equivalents.
And the main difference is that for a long time, UAC behaved really, really stupidly. You could easily count on four or five UAC prompts per software install, and even one or two per Windows Update, making it a ludicrous number of times when setting up a new machine. And that's assuming everything works, which was far from a given.
Now, Windows 7 improved that a lot, and there's a lot of software which has been updated to work well, but contrast this to Linux, where the only programs which don't work properly (install to /usr or /opt as root, store user-specific stuff in dotfiles in $HOME) are programs which were sloppily ported from Windows -- basically, a few indie games and commercial apps (*cough* Oracle *cough*)
However, "UAC is worthless" just means this person hasn't followed the part where UAC has mostly caught up to where sudo was years ago. When Vista was launched, it really was useless.
Re:MACS???!?! (Score:3, Informative)
Apache is more popular than the Windows web server, yet gets hacked less, which completely debunks the idea that being a market leader is the only reason Microsoft products are so shockingly vulnerable to attacks.
Even it were true (and it isn't), it doesn't demonstrate anything of the sort.
OS X is a GUI shell on a BSD layer on a Mach engine. Like any flavor of *nix, it was designed from the ground up to live safely in networked, multi-user environments.
Just like Windows NT, you mean ?
It's an order of magnitude harder to hack than a Windows box, because of superior design. This has been demonstrated over and over for nearly a decade now, yet the MS fanboys continue with the silly drumbeat that Macs are only enjoying security via obscurity.
Please detail the "superior design". You might also want to comment on how OSX has consistently lost out to Windows (and everything else) in contests like pwn2own.
Re:Flamebait (Score:5, Informative)
Re:Flamebait (Score:5, Informative)
It's funny - google HR wants MS Doc format (Score:3, Informative)
A long time linux user, I sent in a resume to google HR in India and they
replied asking me to resend in MS Doc format!
Re:Flamebait (Score:5, Informative)
No need for online things like zimbra or gmail, the built in Mail, iCal and Address Book apps all have exchange integration, and between the three of them, cover all the functionality that Outlook does.
Re:Flamebait (Score:2, Informative)
Re:MACS???!?! (Score:3, Informative)
Very few Windows programs require admin privs to run after install. There are no open ports by default on Windows Vista +
Also, the certificates make it easier to know if anything wanting elevation is likely to be safe not; Windows will advise as appropriate.
Finally, Mac OS doesn't have a full ASLR implementation; and their NX implementation only works on 64 applications.
http://www.laconicsecurity.com/aslr-leopard-versus-vista.html [laconicsecurity.com]
The Backstroke (Score:5, Informative)
We'll see how long it takes Google to start frantically doing the back-stroke.
I don't think we will see Google doing a backstroke anytime soon. When you think about how badly Google was compromised, and what someone could do to them if they are every compromised like that again. What are their options.
1. Find a way to live without Microsoft and all the software that will ONLY run in a MS Environment.
or
2. Give to it, take the easy way, run MS software and just expect that you can survive any system breach no matter how badly you are compromised.
If it takes 5 years and a billion dollars, I am sure it will be worth it to Google in the long run. Also note. Google is not "talking" about switching. They are not trying to get a better price from Microsoft. They just quietly started to mandate that MS is not an option any longer.
Re:Flamebait (Score:3, Informative)
You had a point 10 years ago. These days most of the people that I work with use Macs not Windows. To be fair they tend to be self employed people in creative industries rather then enterprise drones. But nevertheless, the world is changing.
Remember the phrase "No one ever got fired for buying IBM"? I do. People used it to say that IBM had a complete lock on the business market. But not so long after they lost it.
The idea that someone might get fired for not using MS Office is FUD of the worst order. For sure many people don't get a choice of what kit they use for work. They use what they are given. But more people have the freedom to choose what they work with, and would laugh in the face of some corporate drone who thought their job depended on using MS Office. Someone sends you a file that has one of those ever decreasing compatibility issues? So what? Ask them to send it again in a more useful format. If you think that request is going to get you fired, get yourself a better job FFS!
Re:Flamebait (Score:3, Informative)
Again, the functionality required by 99% of the workers is more than provided by these alternatives.
Re:Developers on ChromeOS? (Score:1, Informative)
EMACS on Android? Here you go: http://www.emacswiki.org/emacs/EmacsOnAndroid [emacswiki.org]
Though I prefer vi and sed.
Re:Obvious question (Score:3, Informative)
The same way other companies do it...
We have no production windows systems, no windows systems which are used for day to day tasks...
What we do have, is a small handful of windows systems (mostly virtual machines) sitting in an isolated test network which are used purely for testing purposes and windows-specific development.
Re:Developers on ChromeOS? (Score:1, Informative)
Regarding IDE, there's Bespin [mozillalabs.com] which runs on ChromeOS.
Re:MACS???!?! (Score:3, Informative)
How is objective-c any less prone to a buffer overrun than C++?
Because more strings are likely to be C null-terminated strings in a C++ program, where pretty much every string in an Objective-C application will be an NSString.
Yes I know C++ also has string collection classes, they just aren't used with as much consistency.