But there are all these Elephants in my project.
And I can't afford an elephant gun.
Google is embracing complete user-access anarchy in its new-age collaboration tool, Google Wave, so that early testers won't be tempted to fall into their old emailing habits. A puzzling attribute of Google's new open-communication sandbox is the complete lack of permissions. As it stands today, if a person is invited to a …
Perhaps down at the Chocolate Factory, the sun is shining and everyone loves everyone else.
This certainly isn't the case where I work. I can so easily imagine all manner of backstabbing and information removal, crediting other peoples work, inserting mistakes to make an idea look lame - the list goes on.
Not having used wave I can't comment on whether there's a full history of any changes made - effectively, version control?
That could work. If you've got a clear path back though the changes made, who made then and when, then it's a good idea.
It is probably going to be quite a while before wave takes on any serious roles and right now nobody really knows how people will use wave. Wave is going to end up being used for things nobody envisaged.
Adding restrictive features like permissions potentially prevents the evolution of some usage models.
People are creatures of habit. Add permissions now and people will quickly lock down wave to their current usage models (ie. something crap like sharepoint + IM).
Most people think permissions are wanted, if not needed, for some applications. Likely permissions will be provided at some point. But not now. Give wave a chance to do something different first.
In the world of collaborative code, version control is (despite being an annoyance) pretty much accepted as essential thanks to the number of fuckups that you get without it, so I can't see the business arena being much better. Granted we'll find new ways to use the technology if it really is as cool as the hype says, but not providing any kind of permissions system does appear to be a lack of features rather than an insightful business decision. Perhaps we should give up backups as well, in the name of digital liberties and transience?
Yes... I too would like nothing better than to be misquoted and dragged through the mud because someone edited my messages and pretended the new content came from me. Yes, after all, once my name is cleared all will be forgotten and my reputation will back to the way it was before, right?
</sarcasm>
Back in the pre-CAD days, we used paper files for collaboration. Anyone could grab a pencil and draw what they wanted; but they didn't because they knew their place in the team.
An open system is not such a bad thing - control freaks might wig out, but as long as nothing can get really maliciously damaged then it's ok (ie. good backups....) and if it logs all access - great! A top way to get the idiotic muppets who uck feverything up fired. Just like the old paper days.
"Did you erase the new hospital gas layout plan?"
"yes"
"you're fired."
Problem solved!
"...clearly some potentially disastrous situations ahead if an army of underlings can simultaneously fiddle with something like a quarterly report or grant application without permission."
...not if we execute the early adopters who screw up - I'd be willing to bet that the rest would will learn quite fast.
"Adding restrictive features like permissions potentially prevents the evolution of some usage models"
Yes, and *not* having permissions potentially prevents the evolution of other usage models.
Permissions are not a restrictive feature. They are an enabling feature. They enable the person responsible for a document to prevent people from putting in stupid content or otherwise fucking it up behind his back. Without this basic feature many many uses for collaborative software are nixed.
The only guy who thinks permissions are restrictive is the guy who doesn't have the permissions. But there is a reason that guy doesn't have the permissions.
...long, long ago.
This shit's just warmed-over "groupware", isn't it? Except it's "groupware" in the "cloud". Dog help us all.
Yeah...I remember "groupware"...one of those solutions in search of a problem. Jeezus, I can't wait 'til this '80s nostalgia crap is over.
Because of course they know better than their users, and there's no reason to give us any choice in the matter. Just like their stupid "conversation" view in GMail, stripping topic tags out of Usenet messages, installing a backdoor (google updater) without permission and so forth.
Yep, it's much more believable that they were so blinded by the new "paradigm" they were creating, they completely forgot about security. Now they are just trying to save face.
Can't see this sort of paradigm not being abused. Look at how much problems have been caused by all the network protocols that were designed without security in mind (back when everyone using the internet knew everyone else using the internet).
For example, the message from the boss to HR saying "no payrise for you" will end up saying "big payrise for you".
If anyone can edit any message you send, then the messaging system will end up (quite rapidly I suspect) being viewed as unreliable.
"we realized if you put all those permissions in place, everyone would immediately lock down everything because that's what we're accustomed to."
Err, maybe that's because those of us who have worked in the REAL WORLD for more than a year or two realize that every Tom, Dick, and Harry out there doesn't need the ability to totally fuck things up. Do secretaries get to configure routers? Do janitors make major decisions in board meetings? For the most part, no, they don't. The stupidity of Google's altruistic assumptions is the foolishness of youth.
Or maybe I'm just getting old.
Get a New Job. Sounds Grimmers!
Adrian Esdaile, Yes, I agree, in that sense it does sound more natural, let social structures define permissions instead of reliance on technology, inside a business this should not be a problem, and if it is you has some bad people who need weeding out or if such things are the normal order of the day, the place is fcuked.
Organisations already have codes of conduct and ways of dealing with staff who makes mistakes.
In the offices I've worked that have open policies (Microsoft, Cisco), staff are far more responsible (with their work ethics) than the kind of staff that indulge in backstabbing snipery, in say, a council office. Then you've got the kind of office that doesn't give a sh*t and would actually enjoy 'humorous' edits.
Bring it on! Can we lose the tie too?
In Google Wave you can use the "Playback" tool to track what changes were made to the thread.
I changed my colleagues post and then realised what I had done (there was nothing to stop me doing it) and I was a bit concerned, but less so when we realised it was accountable.
So I think it endorses good morals and if people step out of line then the Playback feature can be used to "name and shame" those users - let them happen to someone once and you'll see your colleagues trust go out the window (possibly for good) so if people know they can be tracked then they will be very unlikely to try dirty tricks like modifying other peoples posts.
Also, if you edit another users post then your thumbnail picture appears alongside that post (as if the two of you were collaborating) and so it's clear to see straight away if you think your thread has been tampered with and by who!
We recently used Wave to collaborate on a project at work, and one of the members accidentally added his friend to the Wave. We couldn't remove him though, so then he had access to all of this company information that he wasn't supposed to. This was in the preview version. However, in the developer sandbox, it seems that any Wave participant can remove any other participant, so I could be working on something important and then find myself unable to get back in to the Wave, and I've lost everything? How is that better than email?
@Intgralist:
I work on the financial industry as a programmer and I am accustomed to computing environments where restrictions are strictly enforced with technological solutions: account roles, special RSA keys, etc. Of course there are audit logs on every system tracking access and usage, but *NEVER* has anybody even thought once that since we have the audit logs, we don't need the passwords nor the access controls, and should just rely on trust and the ability to look back at the accountability logs to find out what happened and who did it.
Why is that? Dealing with a security breach (or system abuse) usually has a very high cost: not only do you have to deal with the damage incurred, but you have to perform the investigative work, which takes considerable time and other resources.
The alternative in this scenario (in order to ensure the authority of the data) is equally expensive, perhaps more so: to have every single consumer of a document or resource analyse the audit log (every time they are to access it) associated with it to verfiy that it hasn't been tampered with, otherwise they risk polluting the corporate knowledge chain with faulty information.
Faced with these potential problems, it is certainly preferrable to restrict access to such resources so that only those with the proper authority can modify them. Of course, security breaches could still occur, but now they are an exceptionally rare case, rather than a matter of course.
Lets not forget that when Google released Wave to the world originally in their demo presentation, when asked about security they clearly stated something akin to "we didn't worry with such things yet because we wanted to get the technology working first; but we'll certainly deal with those issues once we have a working system." (I paraphrase, of course.)
It seems rather obvious that the time has come to build such security into the infrastructure, yet it may turned out to be less fun and sexy than building the whole federation system of which they are so proud. Or perhaps it just proved too hard to retrofit it into the current model (which was admittedly designed with *NO* security in mind). In any case, it is lazy and disingenious to just say that it was always meant to be this way.
-dZ.
@DZ-Jay yes I see what you mean, hmm a bit of a conflict then with regards to security (especially if you consider the situation that Anthony Chambers mentions after mine where there may be a possiblity to remove a user from a Wave altogether).
Although it wont be easy, I'm sure Google have the technical capabilities to build in some kind of approval system, or more specifically, a request system. So if I wanted to edit another persons post then I would have to request access from them, they would have to approve that access and be able to choose whether I'm allowed access for that one time edit or whether I have access to all their posts within that Wave, or through any of their waves.
Alot of work I'm guess it would be a safer system for it. Yes it slows down the collaboration speed, but there has to be a compromise somewhere.
"...installing a backdoor (google updater)..."
It's a backdoor?
That's funnny, I'd rather assumed it was a marketing tool designed to sell multicore CPUs and SSDs. Removing* this wonderful piece of crapware from your PC does more for boot times than upping the CPU frequency by a gigahertz, adding a gig of RAM and swapping the HDD for a velociraptor.
*I do mean "removing" rather than "uninstalling", as the uninstall option appears to do nothing bar expunging the end-user visible bits.
email cover 80% of our collaborative needs with 10% of the effort of something like wave.
everyone is opted in to email, not everybody will opt in to wave. certainly not many people with control over the budget. If they are not in, then it becomes something the low-level techies bond around that has no impact on anything.
wave and silverlight, in the future's bin