GMail Trouble

March 2, 2011

At the beginning of this week, a considerable number of Google Mail users got a rude shock when they tried to access their accounts: some were unable to log in at all, and many found that their stored messages had, apparently, vanished.  The cause, according to a post on the Gmail Blog, was a buggy update to Google’s storage system software.  Only a small fraction of GMail users (Google says ~0.02%) were affected, but that is cold comfort if you are one of the lucky ones.  Fortunately, Google does know how to run data centers, and the missing messages were not permanently lost.  Google is in the process of restoring them from tape backups, and has promised to post status messages on the Google Apps Status Dashboard.  At this time, Google says it has restored the majority of affected accounts.

As a result of this problem, there has been some fairly predictable discussion of whether it is wise to trust a “cloud” provider, such as Google, with one’s E-mail or other important documents.  This is not a new issue; as I’ve written a couple of times before, it is a question that one must answer with respect to any outside service provider, whether it is Google storing your E-mail, or the bank guarding your safe-deposit box.  And I think the idea that you can avoid problems by doing everything yourself is generally nonsense; in the E-mail case, I feel fairly sure that Google’s backup mechanisms are more likely to be reliable than those of the typical user.

However, I think it is also possible to use this incident to motivate constructive thought about making sure one’s messages are secure.  There are various options for using Google Mail: it can be used purely as a Web-based system; it can be used as an IMAP server, where the messages are read and written on the client, but stored on the server; or it can be used as a POP server, where messages are periodically downloaded and stored on the client.  In this last (POP) case, Google’s service allows you to automatically archive downloaded messages on the server as well.

Because of this archiving capability, and because Google provides such a large free allocation of storage (7557 MB currently), this gives a typical individual user the ability to set up quite a secure E-mail system.  By using the POP access method, one can have a copy of E-mails on one’s own machine, and back them up there by whatever means seems appropriate; by using the archiving function of GMail, one can also have an off-site backup, something that it is generally awkward for an individual user to set up.

I think the moral of the story is that neither Google Mail, nor any other service, provides a magic bullet that will remove all of your worries about service reliability and backup; but by carefully using the facilities that are available, it is possible to create your own system that will deliver a high level of reliability at very reasonable cost.


Adobe Updates Flash for Windows, Reader for Linux

March 2, 2011

Adobe has released a new version, 10.2.152.32, of its Flash Player for the Windows platform.  It appears, from Adobe’s product home page for Flash Player, that there has also been an update to version 10.2.152.33 for Mac OS X since the all-platform update on February 8.   The most recent version for Linux remains 10.2.152.27.

I recommend installing the new version as soon as you conveniently can; because the player is installed widely across multiple platforms, it is an attractive attack target.  You can get the most recent version of Flash Player from Adobe’s download page.  Windows users should note that they may need to download two updates: one for Internet Explorer, and another for other browsers.

Adobe has also released the new version 9.4.2 of the Adobe Reader for Linux.  (The corresponding versions for Windows and Mac OS X were released in early February.)  You can get installation packages from Adobe’s Reader download page.

Update Wednesday, 2 March, 20:15 EST

The initial information I got on the Flash update was incorrect.  It apparently fixes a couple of issues affecting Flash developers, but is not a security update.  So there’s no need to rush the update.  My apologies for the inconvenience.


%d bloggers like this: