Hacker News new | past | comments | ask | show | jobs | submit login
Chrome Enterprise (blog.google)
418 points by pgrote on Aug 22, 2017 | hide | past | web | favorite | 262 comments

I'm hesitant to invest anymore into the Google ecosystem after reading about how account termination can happen without detail, or recourse to resolve. [1] The last thing I need is more lock-in to a Google world.

[1] https://news.ycombinator.com/item?id=15065742

I actually agree with this. I'd be too concerned about if Google or a Google AI bot randomly decided to deactivate or delete my work life. As a company what recourse would you have? I'd also be concerned about losing work and trade secrets etc... Yeah no. Just no.

1. Offer a service

2. The enterprise is skittish to adopt because there's no support, so when users get locked out, they often have no recourse, which is bad for business

3. Address this—fill in the missing piece and introduce support

4. People react as if you didn't just announce you would be offering a solution to the very thing they're complaining about

I get what you're saying, but Google's history here is atrocious, which is why business' are skittish, people aren't just going to take their word for it. You go first, if you and 100 others have a good experience maybe that attitude will change. Until then, hard pass.

FWIW, I think Google has been turning things around for their paid services. I've had to contact Project Fi customer support a few times, and found it vastly superior to all previous experiences with telcos. They're also probably getting a ton of experience in dealing with enterprises thanks to GCP.

With that said, this announcement doesn't look like it has any relevance to regular consumers. I'm gradually migrating as many things as possible away from Google, having realized that I'd have no recourse if they locked me out my accounts. Their TOS [0] says services can be terminated at any time. I'd feel a lot more comfortable if we had a guaranteed grace period for migrating away upon your Google Account being terminated. IANAL though, so maybe I missed something?

[0] https://www.google.com/intl/en/policies/terms/

I manage several GSuite accounts. The tech support staff is friendly and helpful, but if the problem is outside their list of known issues or current outages, they're basically useless. They aren't developers and they have no access to investigate underlying system data/logs, let alone resolve anything.

...and that's where the true problem with Google is. There's no mechanism to report/escalate a well-defined and reproducible technical bug - even as a technical sysadmin with a paid account. ...and if a data issue only impacts a small number of people, it'll never get fixed.

The GSuite forums are bombarded with usability questions, and real tech issues are given the old "let's see which FAQ I can post to get some karma" response.

Calling the help desk might get the issue escalated, but it's far far more time consuming than if I could just put a normal bug report together with a screenshot.


I actually work in the GSuite support organisation you refer to .

Firstly, I'm sorry if you feel that you weren't provided with an appropriate level of support. Or that troubleshooting took inordinate effort/time on your part.

Secondly, you probably know this, but there are multiple tiers of support - and there are meant to fairly well defined paths for escalation. Obviously the front line is very much basic initial troubleshooting for the average user - the products cater to a fairly wide range of technical skills/background.

Feel free to reach out to me anytime if you want - my HN username at <company that makes Chrome> dot com.

Likewise I've never had a problem contacting someone at Adwords. I've spent like £200 total as well so I'm not exactly a big business spender.

They are, and it comes down to a time/cost thing. Yes, you can roll your own infrastructure, domain and manage your Win/Mac laptops (which most places already do) or you can see if using Chromebooks can save on employees that don't need full laptops.

But most likely you're still going to need that AD or LDAP managed infrastructure because several roles aren't going to be able to get by with a Chromebook (not something I could see my self doing Scala development on personally).

And then it comes down to, what's the point? You're either already securing your company data and backing it up or you're already using hosted services for everything (Office365, GitHub Enterprise, Dropbox Enterprise, etc)

I agree it seems like more Google lock-in and for something so terribly simple too. I mean except for things like the managed app store, you could just get some really cheap Linux laptops and you'd get the same end result.

Well, from my understanding PWC switched to Google for Business so I guess large corporations are not skittish.[0]

Also, Google does offer support, usually via a third party plus fanstastic Google for Business (G Suite?) support, as well, in my experience.

[0] http://www.pwc.com/us/en/increasing-it-effectiveness/google-...

> ...so I guess large corporations are not skittish.

You're basing that off of a sample size of one?

It is a part of PWC's core business to recommend such changes to their client businesses. Their Google experience could make or break corporate attitudes towards paid Google services.

how about Salesforce, HP, and a few others....


I guess you've described the 4 steps to existing as a company that makes itself known for burning the fuck out of people without recourse - you don't get to have a good reputation in the areas you want.

That user just said "hm, google-something, business-something... eh, no thanks I don't want to get fucked over." Which is inaccurate but that's what happens.

And thus you see the supreme importance of never having the public find out you've ever, even once, locked someone out without recourse.

What about the importance of understanding what a business support agreement is?

Let's say for arguments sake, you have a business support agreement and then it comes out in the news that your business (or maybe just a rogue employee) has done something horribly racist or sexist. Maybe not even racist or sexist, but that something that gets blown out of all proportion and so people think what happened was racist or sexist.

The twitter mobs are baying for your blood. Some Employees inside Google might also be baying for your blood.

Will Google decide to end the business support agreement, and would you bet your business on the answer to that question being 'no'?

Yep. And that's called a reputation.

The company I work for uses Google extensively. Simple stuff like Google Admin is abominably slow, and important things we need like Google Groups are, to be frank, rubbish.

Google Docs is OK, but Google Sheets is abysmal for any serious amount of data. It seems very hard to have Google listen to our concerns.

Interesting. I guess it depends on your definition of "serious amount of data". Our entire accounting system is built on Google Sheets, including about ten thousand transactions in four currencies per financial year. The system summarises by country and cost centre, and has sheets that provide our current profit and loss, and nice things like all the fields in each of the tax forms we have to complete.

OK, we are a small organisation, but I'm happy to recommend Google Sheets to anyone but power users. If you are crunching a lot more data than this, then I certainly agree that using a browser-based spreadsheet is not optimal.

My experience with docs was closer to the parent's. Sheets was fun for having a quick platform to hack out a few things for internal use, but it struggled to remain snappy for our org of about 120 persons. For example we had to start strictly tracking all POs and requests for spending and at first the sheet operation we had was okay, but it suffered once the entire department got to using it.

The admin panel was also horribly slow and just was a pain to work with, especially once we became the target of a long running phishing attack and would have dozens of accounts locked out every day. It was easily a 30 minute process to restore access to cleaned accounts since the panel at the time (2012-2016) didn't have a way of mass management of users.

It's sad I'm being downvoted for speaking about our experience using Google. I work for a major Australian company and we dove right into Google. I'm not entirely negative about it, lots of it is great, but there are still significant gaps.

His comment is relevant as to how would a new product be perceived through the experience had with other products offered by the same company.

Your comment is/was not necessarily relevant to the more political issue of being forcibly removed from having access to your data with absolutely no way of recovering it.

I think you're just being downvoted for being off-topic. This part of the thread's about how trustworthy Google is as a host, and the likelihood of being locked out of your account for some arcane reason, and a discussion of the merits and flaws of their products doesn't fit in smoothly.

Should you really have to pay extra for the privilege of not being locked out?

The problem with destroying trust is that it's really hard to rebuild it.

You can introduce missing pieces and support all you like, but if people think they can't trust you based on your previous history, then it won't make a whit of difference.

yeah... if you count "enterprise" "support" as a "solution" to what they're complaining about.

The comment I'm responding to is literally about questioning how a business could be comfortable using this. What do you want me to say? Do I have the complaint wrong?

There's nothing to say.

"And thus you see the supreme importance of never having the public find out you've ever, even once, locked someone out without recourse."

It says you have 24/7 enterprise support. It doesn't say that your paid accounts will be immune to whatever process is used to shut down a Google account (including Gmail, Hangouts, Blogger, YouTube, etc) without warning or explanation.

Even inside a given service - you think Viacom suddenly stops paying top talent without notice? They at least buy you dinner first.

The comment you responded to is a troll.

At what point do you stop using web browsers in a snit over some corporate bullshit? IE/Edge is MS, Apple does bullshitty things and Firefox is funded by Verizon/OATH.

Would you pay for an insurance service against this, meaning that if this occurs you get paid out whatever monetary sum you had paid the premium against? (And just so everyone knows, insurance fraud is illegal, can be a felony in all 50 states, and lands you in jail.)[1]

It would certainly give peace of mind and the next time we read about 1 person in 10 million facing such a problem, we can think, "maybe they should have just paid $10 in insurance." As a public service the insurer could also publish rates of lockout.

I've had this idea for some time, so if you want it you need to reply with a resounding, yes, you'd pay for it. For the record, I'd pay for it. But I need to find 9 million other people too.

[1] I'm not a lawyer or even actuary.

I'd pay, given I have enough trust. I'd also be happy to e.g. half my payout for legal assistance in retrieving whatever access was taken away.

The issue I see is, what happens when a spam-account gets blocked? And how do you keep people who knowingly break e.g. google policy from forming the majority of your customers.

Thanks, but your and the other reply weren't enough :)

Given that google doesn't usually accurately describe why accounts are closed, such an insurance company would never be able to prove insurance fraud and be completely exposed to it.

Unfortunately, people lie - even to themselves. The only way to see if such a service is viable is to actually offer it.

[And for the record - yes, definitely.]

thanks, but your and the other reply weren't enough :)

Recently I had a domain entirely blown away by a mistaken Google algorithm. We were doing some large computations on Google Compute Engine, much larger that this account had done before, and it tripped some sort of hack flag.

As billing account owner, my account was suspended. That meant I could no longer receive emails, because that was the same account. The Google project was also suspended, terminating all servers and the DNS records for the domain, which were using Google nameservers.

That meant it was impossible to do the Google account recovery process, which relied on adding records to the domain to prove we owned it.

It was also impossible for me to open a support ticket without being able to log in or access the domain.

Thankfully, we had another account on the project that was still able to log in and open the ticket.

It was really a terrible experience. The moral of the story is you can't rely on one provider for everything, especially if they don't have accessible customer support.

Google really should not algorithmically blow away a corporate account in good standing without some notice and cure period offered.

That is a mind-bogglingly large ball drop on Google's part.

That's horrific! How can such a large company be so inept not to think this through?

Holy shit. As someone whose first.last@gmail address is basically their online passport, I'm going to spend this evening doing what I can to spread things out and investigate alternatives to their assorted services that actually come with support.

If Google suddenly turned me off right now I don't really know what I'd do. Probably cry in the shower.

1. Get your own domain and email address 2. Use mailgun to forward to gmail 3. Set Gmail from to your new mail 4. Slowly start changing your login/email everywhere you use Gmail 5. Make a proper backup of all your Gmail mail

In time, you will no longer depend on Gmail for the rest of your life and can just switch to, for example Fastmail, any time.

Doesn't Fastmail has similar terms of service, i.e, that they can terminate your account any time for any reason whatsoever. Source : https://www.fastmail.com/about/tos.html

This is the biggest reason I am hesitant to try fastmail.

Fast mail are generally good at support, so unlike google you're not dealing with a black hole when something needs to be fixed.

Yes, but their terms of service are absolutely preposterous (unjustified and unannounced termination at anytime).

Most mail providers can terminate users for any reason, but at least with a few days of notice, allowing you to move the data elsewhere.

This is why step 1. is important, along with step 6. have an automated backup of your mail, whatever the provider.

I'd like to do this, but 2 things are keeping me with gmail. The first is their spam filter. I find it works pretty damn well. I don't think a self-hosted solution would beat it.

But for me, the really killer solution is their 'important mail' filter. I'd love to find an alternative to gmail with a similarly well-functioning system.

"Important mail" just never worked correctly for me :/

Fastmail's spam filter is good† and customisable[0] (with niceties like score displayed right there[1]), to the extent that I just forward things from Gmail by wildcard-disabling the Gmail spam filter[2].

† the learning filter won't kick in until you make it learn 200 messages.

[0]: https://s3.postimg.org/v42zaper7/Screen_Shot_2017-08-23_at_1...

[1]: https://s3.postimg.org/ryidkhw4z/Screen_Shot_2017-08-23_at_1...

[2]: https://s3.postimg.org/lyumgubcj/Screen_Shot_2017-08-23_at_1...

You can add your own domain to Gmail if you use G Suite, the SME offering. It's $50/user/year, but in exchange, you get to turn off ads, and I think there's some support included.

Google can still terminate your account without notice, but if you're using your own domain, you'd at least be free to move to another service immediately.

Oh, and don't forget to get regular backups, so you don't have to start at zero in the case of an account termination.

if google suddenly decided to ban me from all its services it would suck

My main email is in gmail still,no more google searches (resorting to bing would suck), no googlemaps to help navigate, and youtube for content, etc

going to swap to proton mail later or just use my hosting provider on my domain to handle email. Plus local backups

There's a distinction between business and personal services.

Any consumer facing service faces similar issues. Microsoft in the consumer division has down similar things.

This. Having been burned by Google in the past I just closed the window when I read "24/7 support." It just seemed like a slap in the face somehow.

There's a difference between 24/7 support for a paid product (50$/year per device), and support for a free internet service backed by ads.

Enterprise services get far better support. Personal services are used by literally billions of users, with possibly millions of fake bot accounts spamming all the time, so it's not surprising that sometimes false positives happen. And providing support to billions of people is not easy.

Whoever said anything about free services? Google's cloud services sure ain't free, nor is G Suite. I stopped using Google's free services long ago, and now am fully divested from their paid ones too. I can't possibly imagine recommending any of my enterprise clients use this either, based on my experience of Google's so-called support.

>>Enterprise services get far better support.

Better is relative. it is accurate to say it is better than the no support they give to free consumers. But it is a far cry from "good" support

I agree. I think to CentoOS vs RedHat or any terrible product made by IBM (I'm looking at you WebSphere). I've been at companies where we had multi-million dollar support contracts and it was still next to worthless; involved zipping and shipping tons of logs files, and ultimately was solved with help from people on IRC/StackOverflow or some random forum than by the support company themselves.

If you've got good devs and admins, the support is really not all that useful. When it comes to managed chromebooks, I bet you could get a similar cost saving experience if you took one desktop and one linux admin and had them try sourcing chromebook-like PCs, installing Linux on them and experimented giving them to employees only needing access to web apps.

Sure you don't get the managed chrome store or whatever, but I bet it'd meet most use cases for a lower cost. Some high schools have managed chromebook programs so there are people out there doing this already.

24/7, but for how many weeks? :)

Well, you can probably get about 50 weeks* of that if you sign up now. *expected TTL of this product before it gets discontinued

Edit: ~source: https://en.m.wikipedia.org/wiki/Category:Discontinued_Google... I didn't calculate the average lifetime for their discontinued products, but there are many.

Are you bundling free consumer products with paid SLA'd enterprise products?

I'm know some of the specifics around this - and whilst I will not comment in any official capacity or on the specifics here, I can offer the following general principles which may be applicable here:

1. More often than not, it's not something nefarious or convoluted, but something very simple. 2. A lot of the things Google does are for the protection of the users themselves (whether from themselves or from outside forces).

(Disclaimer: I work for Google).

When your life is screwed up due to your primary google account of over a decade (that has god knows what all data, memories, contacts, brand association etc.) being shut down with little to no recourse, it does not matter that it was not nefarious or convoluted.

It especially does not matter that it wasn't nefarious when Google isn't going to listen to you anyway unless you happen to write a blog post that happens to get viral in the right circles.

It's not like there's a simple form that you can fill and which is reviewed and resolved in a few days reliably if your account gets deactivated by mistake. At that point you might as well be banging your head on a wall for all the good that will do.

> It's not like there's a simple form that you can fill and which is reviewed and resolved in a few days reliably if your account gets deactivated by mistake.

Even a few days is unacceptable. There are times in my life where, if my Google Calendar, Google Docs, and email had all been shut off simultaneously, even for only a few days, I would have been completely fucked. Think travel, etc.

I switched to a different email provider for this reason.

(Remember that this also includes your phone, if you're on an Android device).

> Even a few days is unacceptable. There are times in my life where, if my Google Calendar, Google Docs, and email had all been shut off simultaneously, even for only a few days, I would have been completely fucked. Think travel, etc.

If you want that level of service, maybe you shouldn't use a free product.

You can have a free product, or you can have good, responsive, human customer service. You can't have both.

If you chose a free product, be ready to handle the consequences of your decision like everybody else.

> If you want that level of service, maybe you shouldn't use a free product.

...did you not read the part where I said I switched to a different provider?

And I was a paying customer - I had a Google Apps account, which comes with an annual fee for providing those services.

Of course, the problem isn't about me personally - it's that so many other, less technically savvy people aren't aware of how vulnerable they are to this problem. They don't think about it until it happens to them.

> You can have a free product, or you can have good, responsive, human customer service. You can't have both

This dichotomy is both reductive and inapplicable. The problem, as explained in this thread, is that Google has a reputation for bad service, even for their paid offerings. It exists, which is more than can be said of the support for the free products, but it's still not good enough. And again, most customers aren't aware of the extent of this and its implications until it's too late.

> They don't think about it until it happens to them.

Agreed, and doesn't need to be less tech-savvy people, just look at HN. People seem to expect good and free service.

> This dichotomy is both reductive and inapplicable.

And is still unavoidable. You can't have both.

> And again, most customers aren't aware of the extent of this and its implications until it's too late.

It is the same behavior with airline tickets. Consumers almost always buy the cheapest ticket, and later complain about the quality of the service.

Although I agree with the sentiment of your post, I do not consider the use of google products even close to free. It comes with a heavy price to pay in privacy, and they do make a significant amount of money from each customer they can keep in the herd. Google is probably a main reason why people think they can expect quality and free. But google will never provide service unless they hemorrhage customers over it -- despite the fact that their income could more than support some basic customer service -- at least to actually review suspended accounts and give people a reasonable chance to explain themselves.

I am sure the first objection will be "you don't actually pay". Does a farmer not owe his (cash) cow at least basic veterinary (customer) services? I honestly feel like that objection is as naive as claiming that exploitative international trade doesn't actually kill anybody, when there are entire populations held in poverty and without basic safety rights over decades or even centuries due to unjust practices. So I guess the counterpoint to "it's free, don't expect anything" is "if you can't provide a complete product including understanding the problems that derive from it and treating people with respect, you shouldn't offer it at all". Money does not define social responsibility, engaging publicly with other people does.

> I do not consider the use of google products even close to free

It is still "free". You don't pay anything to use it.

> they do make a significant amount of money from each customer they can keep in the herd

No, they make a small amount of money from each customer. By far not enough to provide human 24/7 customer support.

> despite the fact that their income could more than support some basic customer service

If that's a fact I'm sure you'll be able to provide enough support to such a claim.

But let's do some basic math. Let's say that Gmail has 1B users, and each user will use customer support once every 2 years, and that each support ticket costs $10 to provide (I've heard similar numbers). Probably far more when you think about all the languages and products.

That's $5B in support per year. Which is 20% of their 2016 profit.

There you go, you can't have a free service and good customer support. Proven.

But hey, you're welcome to vote with your wallet and clicks, and move to another provider that gives free products with free, good, 24/7 human customer support.

Let me guess: you won't. Because there are none. Because it doesn't make any financial sense.

> You can't have both.

It is entirely irrelevant to this thread and discussion. We are talking about the service for one paid product (Google Apps), on a thread announcing the service for another paid product (Google Chrome Enterprise).

> We are talking about the service for one paid product (Google Apps), on a thread announcing the service for another paid product (Google Chrome Enterprise).

No, OP is talking about this case, which is a free product:


I'm reading this thinking the same thing.

I've never put myself in a position where a freeware product had that much impact on my life. Heck I even pay to backup the paid services to a third party so I have a failover there.

You shouldn't blame Google, you should blame yourself.

I don't mind paying Google say ₹50 a month for the ability to reach a customer service agent when things go wrong. And one who's actually empowered to fix things, not a mindless drone.

Just because it's a consumer (rather than business) account doesn't mean we shouldn't have customer service, if we're willing to pay for it. There's no reason Google can't cater to us while also providing no-service free products.

> I don't mind paying Google say ₹50 a month for the ability to reach a customer service agent when things go wrong. And one who's actually empowered to fix things, not a mindless drone.

I'd bet that type of customer service costs far more than that.

> Just because it's a consumer (rather than business) account doesn't mean we shouldn't have customer service, if we're willing to pay for it. There's no reason Google can't cater to us while also providing no-service free products.

And I'd bet there are too few consumers willing to pay for it to justify Google offering. It is the old argumentum ad capitalismum, if it would make money, I'm sure Google would offer it.

Then increase the fee. BTW, it's like insurance — I expect to pay the fee whether or not I actually use customer service. It's not that I'll pay the fee only when I actually talk to customer service. If it's the latter model, the fee could be higher, like, "Pay ₹1000 and get service for the next month."

Even if few people are paying for it, it's worth it to address the negative perception about Google.

You seem to be assuming that Google (or any other company) does everything right, so if they're not doing it, it's a bad idea. That's not true. Companies make mistakes all the time.

> Then increase the fee.

Then nobody will use it, and you've set up a massive support infra in 100's of languages for ~0 paying users.

> You seem to be assuming that Google (or any other company) does everything right, so if they're not doing it, it's a bad idea. That's not true. Companies make mistakes all the time.

I'm assuming that people making those decisions are as smart as me, and if I can think about it, I'm sure they thought about it.

I never base my arguments solely on "other people are making mistakes".

That's before we get into the issue of trying to serve both a mass market and a niche at the same time. It doesn't work. Google should not try to serve the several thousands or few million users who want a fully-featured, paid product for personal use.

You don't need "massive support infra in 100's of languages". Start with English and see if it works. Then expand slowly, making sure the service remains profitable each step.

An add-on of the kind I'm suggesting is exactly the way to serve both a mass market and a niche at the same time. Everyone uses Gmail, but the few who want support for personal use pay. That's much less effort than building another product with paid support.

It's also no different from freemium mobile apps where 2-5% of users pay.

Google decision-makers are smart, but not infallible.

If you need 24/7 support get a mail account at a provider who has a tech office near your home/office. In my uni most people do not care if they lose their gmail

> get a mail account at a provider who has a tech office near your home/office.

In other words, a second-tier email service rather than the best in breed.

> In my uni most people do not care if they lose their gmail

No one's forcing them to pay for support.

(Remember that this also includes your phone, if you're on an Android device).

Is that inherent in using Android, or only if you use Google's own apps and online storage for your calendar etc?

It's not inherent in AOSP, but it's true for most Android users.

To helpful please name your provider

To alleviate the email issue: forward every incoming email to your outlook/apple account. Make copy of old email using IMAP to outlook/apple. Not ultimate solution but can be helpful. Oh BTW enable 2FA.

You're free to export and make backup of your data at any time with google takeout.

See the sibling comment for why this "solution" is a joke. Also keep in mind that takeout is completely buried so fewer than 1% of the users know about it, let alone use it enough to not get screwed by a lockout of their most recent data.

Compared to "takeout" permanently forwarding mails is better. That way you always have 3 copies. One in gmail, outlook, and apple. Well hope you don't screwup so much that all of them block you at the same time.

Well also less than 0.001% of the users accidentally lose their account and don't get it back so.

That’s still a manual, non automatable backup. To have any reasonable backup strategy you’ll need to find something service by service, giving up some that just have no API nor compatible query language (I think keep is part of that, you’ll have no way to auto backup)

Then I'd need some other software where I could start a server and import my data. Otherwise it's useless.

If this software exists and it is an adequate substitute to Google products.. well, let's just use it then.

It's relatively time consuming to do this. And how often should I do it? It's not as simple as the name suggests.

Pretty rough to not tell people what that 'very simple' thing is, and how deactivating their account through a terms of use violation is 'for the protection of users'.

I think with great trust comes great responsibility, and Google is eroding this trust, as shown in this thread, with kafkaesque processes around account termination.

I doubt it's one simple thing but any number of simple things and they can't tell you for the fact that they like their job.

Yes, I happen to like my job, so won't comment on specifics =).

However, as a general principal, I've found that Google has very robust protections to protect users from both themselves, and from malicious outside forces.

(Disclaimer: I work for Google).

This answer shows exactly what is wrong with Google. People working there think they just "know" what is better for users without even having the trouble to talk to them. This is not the kind of company that I want to deal with as a customer.

It's not about "knowing" better - it's about the fact that I like my job, and have not had clearance to comment publicly on the specifics.

However, the general principals I stated do apply in many cases.

Also - the author of that post has posted a reply:


I read that twitter reply as

Without the huge stink that my prominence created, I would still be locked out. Also, I'm not allowed to talk about why I was banned (which would help others not get banned), nor how someone less notable could've gotten their life back.

> A lot of the things Google does are for the protection of the users themselves

"..those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.”

> 1. More often than not, it's not something nefarious or convoluted, but something very simple. 2. A lot of the things Google does are for the protection of the users themselves (whether from themselves or from outside forces).

I recently had an issue where a hijacker, from another country, was able to take over my account and change the password, without access to the backup email, the SMS, or anything except the password.

Google even mailed me a warning that this user from another country was accessing the account, and changing the password.

When I tried to get it restored – I knew the phone number (but had no access anymore because the number was reassigned to another person), had the old password, access to backup email, knew the content of emails on the account, etc – I was denied.

It was easier to get the user who got my old number, contact them, and go together with them through all the steps to get the account back.

To top it even off, after I had contacted Google support about this originally, they never contacted me back – instead, once I recovered the account, I found that instead they had talked with the hijacker.

And you tell me this was to protect me? Honestly, fuck that.

Yep. Similar things have happened to people I know, and I recently went on a rampage, locking down a ton of things related to third parties due to someone attempting to get access to my accounts.

A lot of people hate this answer, but do not entrust Google, Yahoo^H^H^H^H^HOath, or any other big free service with gatekeeper status to anything financial or, really, anything more important than chatting with pals. Host it with someone trustworthy; if that is not you or someone you personally trust, then someone you pay, who will listen to your instructions to, say, never change credentials over the phone, or however you wish to structure it.

> And you tell me this was to protect me?

...In the same sense that the managers of public buildings' preference for you to piss yourself in public over cleaning formerly public restrooms is "for your protection".

Did u have 2FA?

Sadly, no, because I had stopped using the account in 2011 (the name I had choosen for the email, well, I wanted a different one, so I opened a second Google account, and used since then that one).

But in 2011, no 2FA existed yet, so the old account had none. I had mostly forgotten about it.

Still, I didn't want anyone using it to spam to friends, family, etc in my name.

> 1. More often than not, it's not something nefarious or convoluted, but something very simple.

Then let's not make them happen.

> 2. A lot of the things Google does are for the protection of the users themselves (whether from themselves or from outside forces).

Please please please listen to customer and figure out how to protect them.

This makes it sounds like someone (or some nation) was trying to break into the account.

It's worst than this. Every large Internet company has this flavor of totalitarian customer-NO-service relationship with their users. It's like you are an ant that they can step on any given Monday at 1:45 PM and Google couldn't care less. And it will not change until either the government intervenes (I hate this solution) or people do exactly as you and I are doing, we do not do business with them no matter how much candy they want to throw our way.

I have exactly zero interest in doing business with Google ever again. I don't even look at their new product announcements. I saw what they did to one of our clients about a decade ago. I have never since even looked at a Google service nor recommended them. Search, maps and AdWords are the only things I use. I won't touch anything business critical.

When a company deals with their clients the way you might expect a prepubescent third world country dictator might treat his subjects, well, the best idea is to just stay away.

While login happens with a Google account, guest logins are possible.

The advice given typically is to have a separate account for the device 'ownership', that way, even if your main account gets blocked you still have access to it.

See for instance this blog article which talks about that: https://blog.lessonslearned.org/building-a-more-secure-devel...

'factory resetting' a device is easy too so that you can get rid of the device in a nice pristine state...

I thought this account termination was an overreaction until it happened to me a few years ago.

Never went another day without an IMAP client.

I'm not sure if you're objecting for ideological or practical reasons. I totally get the ideological objection, but on practical grounds,

1. Is this a problem if you're using a G Suite account run by a company instead of a personal Google account (as in the linked case, as far as I can tell)?

2. Is this a problem if you're using on-prem AD for auth instead of Google accounts, which is one of the things specifically being introduced in this launch?

I mean, independent of whether you think this was Google shutting down free speech or whatever, it totally seems like neither Google's algorithms or humans should be able to shut down a single corporate account (there's of course cases for shutting down an entire corporate G Suite setup, e.g., if it's used by spammers), but also that seems like such a basic feature that I would have assumed that's written into the contract.

Google products, services, and features are like farm animals or Hogwart's instructors in Defence Against the Dark Arts. Don't become too fond of, or used to them.

This is not a problem and would not happen for an enterprise customer.

Except when it does - for example CloudFront and GoDaddy vs. Stormfront.

Agree or disagree with a user, but paying for a service doesn't guarantee you get to keep it.

Shopify has made the decision to keep Breitbart as a customer on the pretense they just provide an apolitical service, but crowds certainly tried to pressure them to take a stance and drop them.

I think most companies can live with the caveat that they may be dropped if they are Nazis or white supremacists.

> paying for a service doesn't guarantee you get to keep it

I wish OVH would follow that idea when it comes to booting spammers off their network. Failing that, I moved my boxes (that also serve mail, but the legitimate kind) off their network, which ended my troubles with ip range based blacklists.

Sometimes companies need to decide which sort of customers they want to retain.

The author of that post offered an official statement:


Not only this but Google also has a TERRIBLE track record for just ending products with little or nor warning

I would NEVER trust a Google Operating system in the Enterprise. For example they are pushing a use case as Kiosk's Kiosk need to run for years with stability, not be at the whims of a company that can kill the product in a whim or make substantial non-backward compatible changes to it ever 12 months

Things like Google Glass, which were expensive consumer products people shelled a lot of money for.

OS/2 was used in ATMs for a really long time, and so was WinXP in kiosks. There are a lot of systems that still use XP yes (causing many security nightmares), but Microsoft did support that OS for an incredibly long time. I agree, I wouldn't use anything Google for a Kiosk. You're better off with custom packages ontop of Ubuntu LTS or something similar.

> Microsoft did support that OS for an incredibly long time

And you could pay Microsoft to keep supporting it. Sure, it might be several million dollars to keep XP support for another year (and big increases each year)... but for some large customers it was available (banks with ATM's based on XP).

> Things like Google Glass, which were expensive consumer products people shelled a lot of money for.

Glass was never a consumer product; Explorer Edition was fairly clearly marketed to people developing apps or investigating potential.

Even for "free" level accounts, there is no information on support or anything if you buy something like Drive storage. No info on termination, how to get support (leaving an entry on a rammed, replete and bursting forum is not support) or anything. And there's nobody to ask or get into regarding any of this. eg. can I use gdrive CLI to upload or does this fall foul of the general terms "try to access them using a method other than the interface and the instructions that we provide"?

Where is my data stored? Does it stay in EU datacentres or does it go to the USA? How would I get support if you terminated my account as I would not be able to log in? etc. etc.

I'm slowly leaving google because of that. The only problem is that the alternatives are either not so good or harder and more expensive to set up.

It's not only about Gmail or contacts. I have literally all my photos in Google Photos. Imagine losing all of them if my account gets deactivated for some reason. I'll be downloading pretty soon.

And it's not just account termination.

Google is known to drop services just like that.

I guess it's better to not become too dependent on them indeed.

Imagine being a men's health or men's right organization and being locked out of all your data and contacts.

Until someone makes something that I like as much, I'm not going to cut off my nose on the off chance it might spite my face.

I thought this was a special version of Chrome the browser and I think many people will too. Especially someone like my brother who works at a corporation. If they told him they’re switching to Chrome Enterprise he’d be a tad confused.

Side Note: the reading experience on this blog is one of the best I’ve seen on mobile. Love the text size though the header animation was not the smoothest. Nonetheless great job.

This was my thinking as well. I expected "Chrome OS Enterprise" not "Chrome Enterprise" to represent Chrome OS in the enterprise. It's a confusing set of naming conventions.

That and the fact that Chrome Enterprise Support already exists but a different thing (cf. https://support.google.com/chrome/a/answer/6351685?hl=en ) proves once again that Google does not do marketing. They take marketers money, but that's a different job!

Reminds of of the .Net naming debacle several years back from Microsoft. Wonder if any of the same folks are now at Google?

The .net naming debacle is still raging between .net core, .net standard, .net framework, and their various versions. Sort of makes sense if one followed the previous 50 episodes but if you missed one...

Especially since when you download the Chrome Browser for Business MSI file, it's "chromestandaloneenterprise.msi", leading some distribution platforms to simply call it "Chrome Enterprise".

Paid support for "Chrome Browser for Business" is called "CHROME ENTERPRISE SUPPORT" too. Argh.

"Enterprise Support Agreements for Chrome Google now offers phone and email support for Chrome, including help with deployment, management, configuration and more...LEARN ABOUT CHROME ENTERPRISE SUPPORT"

Also see: https://support.google.com/chrome/a/answer/6351685?hl=en

How can they not see this as incredibly confusing? I'm constantly surprised by Google's poor naming and branding choices.

It is odd. Alexa, Siri, Cortana, Google Now. Which one is least easy to work into a sentence?

The same one that correctly sets expectations that you're interacting with a service and not a person?

That's separate from the issue. For example, what do I mean if I say:

I like using google now to check the weather

Whether it sounds like a persons name isn't the issue.

FYI, the new iteration isn’t called Google Now anymore but Google Assistant. Not that that helps with your complaint.

> Not that that helps with your complaint.

Unless I'm misunderstanding the complaint (which is possible, it wasn't actually explained very well, just through an example or two but without a definition), it does help with the complaint.

Unless the complaint is actually "I like my services to have single word monikers", in which it doesn't, but in that case I'm not sure I think it's a complaint worth addressing without some explanation as to why that's actually important.

"Google now" is not memorable, and when used in various common sentences, the words are ambiguous. You could be talking about the company or the search engine. Similar for "Assistant", though a bit less so.

Whether it's a person's name or not, I know what Siri is. There are two word brands that work fine as well. Company <very common term> though, is hard to pull off.

> Similar for "Assistant", though a bit less so.

> Company <very common term> though, is hard to pull off.

I think when <very common term> actually describes what the service does, it's an entirely different story. If I say I'm using Google assistant to map a route for me, or answer some search terms, even if there isn't a marketing campaign that's pervasive enough to seed the service name in my memory and the memory of those I am talking to, there's a high likelihood they know or can figure out what I'm talking about. There's only so much room for people to remember service names like that and expect them to be ubiquitous. I would much rather they be called Apple/Amazon/Google assistant so I didn't need to know them. It's not like there's a high chance of me using Siri or Alexa any time soon, since I don't own any devices that provide them. I don't use Cortana because why bother, I only have that for my desktop/laptop, and I can just as easily (if not more easily) search with text generally.

Ah, you mean the ambiguity that "now" could mean what it usually does? As in, "I like using Google right now..."

That's one example, yes. Two more:

Do you like google now? Is google now the market leader?

Also, the wake word is entirely different..."ok Google".

I can figure it all out. My mom, though? Alexa makes more sense to her.

It's almost as if the folks in charge of naming Microsoft's products got hired to name Google's

Does remind me a bit of the Microsoft Surface being a table, and then being a laptop. Although to really copy Microsoft they now need to rename the product a bunch of times[1].

[1] https://en.wikipedia.org/wiki/Microsoft_account

on reading experience of their Keyword blog: Absolutely agree it is great to read it on mobile. However, I subscribe to 'Official Google Blog' email updates and the reading experience of these blog posts is terrible on Desktop and mobile email both. Sometimes the pictures are not scaled-to-fit in email and need to scroll endlessly on horizontal side. Also the text size is too small when reading the email on Gmail Android app. Something Google needs to work on how to display their own blog newsletters on email.

I still do....what is it then?

An "Enterprise" version of Chrome OS.

> Side Note: the reading experience on this blog is one of the best I’ve seen on mobile.

Although I think they sacrificed a bit too far there. The features checklist is just an image with a "link" to supported devices that does nothing and a little red squiggle under text.

Yea the image checklist is not the best. I’m guessing some marketing person had that and the copywriter didn’t know how/couldn’t do that in html/css.

And the alt text ‘Enterprise_License.png’, because screen reader users would never need to compare features.

There is such a thing already. Google Chrome for businesses: https://enterprise.google.com/chrome/chrome-browser/

And paid support for "Google Chrome for Business" is called "Chrome Enterprise Support".


they removed context menu though, i wanted to [s]google[/s]bing rentkil company mentioned there and failed.

One of my annoyances on consumer Chrome OS is that the built-in VPN support is tricky. There's a JSON format, ONC (https://chromium.googlesource.com/chromium/src/+/master/comp...), that maps to OpenVPN options. When I last used it the documentation was a bit tricky though it may have improved, I couldn't find ONC equivalents for some of my .ovpn options, and, most frustratingly, there was very little specific feedback if you try to import a configuration that isn't right. Because of all that I wonder if it was developed so Google could support specific large customers' VPNs (think school districts or companies) and its public availability was mostly an afterthought.

If you leave the GUI, you can also run openvpn yourself on a good old .ovpn file, but you lose some of the nice security properties you get with the default Chrome OS setup, you have to do cros-specific hacks to make it work (https://github.com/dnschneid/crouton/issues/2215#issuecommen... plus switching back and forth between VPN and non-VPN DNS by hand), and last I checked it made ARC (Play Store) apps' networking stop working.

I would consider paying a premium just to get my Chromebook connecting to work's VPN smoothly, though of course I'd love it if improved VPN functionality were available to everyone by default.

At some point I'm probably also going to take a second look at the latest ONC docs. It looks like they've improved since I first looked at VPN setup a while back.

Please do check: https://unfix.org/projects/chromeos-openvpn-onc/

which is a WebUI thingy I wrote to solve exactly that problem.

[disclaimer: "advertising" tool I wrote]

Neat tool, and glad it's here for others to see. It doesn't look like it matches the specific kind of ovpn setup I'm using (for example, I don't have a client key/cert).

When I last looked at the situation, I couldn't find an ONC equivalent for some of the options in the .ovpn file. It might be the docs or even functionality have gotten better. (I remember looking at some PDF, for example, and now there's https://chromium.googlesource.com/chromium/src/+/master/comp...) It's also possible I just missed something last time. Either way I should take another look.

What about non-OpenVPN? Any good option that works well with Chromebook?

Pulse Secure, Cisco, F5, Palo Alto and SonicWALL provide VPN clients for Chrome OS. The Cisco AnyConnect client will also work with the open source openconnect vpn server although doing so is a violation of the client's license. L2TP/IPsec VPNs are supported out of the box.

As there is a Linux kernel underneath, basically anything could in theory work; but non-standard options require 'developer mode' operation which kinda destroys the security model of ChromeOS.

Android apps (on some models of the laptops) might work though.

Having support for Wireguard would be pretty neat, but afaik not possible yet.

OpenVPN works quite fine for my use cases up to now.

I need to connect to my work's OpenVPN network, so I can't really use other options and don't know much about them.

Sounds great until they shut your shit down without explanation, and all you're left with is a support number that is about as helpful as a brick wall...

I don't get how people in this thread keep comparing a paid enterprise product, to a free ad-backed product used by billions of people. The cost you pay is mostly for the 24/7 support. These are two entirely different services that can't be compared. It's near impossible to provide quality fast support to billions of people for free, especially when there are millions of fake users in the middle trying to use the exact same free systems to abuse and break the system.

I don't get how people in this thread think "paid enterprise support" means that much. In practice, it typically means having an unempowered third-party enter your problem into the robo-form instead of entering it there yourself.

That, and where does it say he was using a free account? A lot of universities are on the paid google suite.

I've had great support for Google Cloud directly from Google via paid support.

Anecdotes are great but it literally says 24/7 support in the article. That seems like it means there is someone to talk to all day, every day (which is obviously best effort but so are most other products).

They offer much clearer support time-frames for enterprise products (ie things you pay for)

Was there any such recourse with using Google Apps or Microsoft tools?

Is the cloud the universe now?


Were you a paying customer?


Please don't post unsubstantive comments here, and please especially don't post flamebait.


This is probably the perfect OS for any shared terminal: libraries, internet cafes, etc. You don't need native apps, just a locked down browser that can keep your settings and bookmarks across devices.

Not a popular opinion here I know, but I'll say it anyway. Not a single word in that blog post about privacy.

Chrome OS is already widely used in US schools (and tracks student online activities), now we have a 'business-friendly' version of Chrome OS.

What kind of analytics does a cloud OS like this record? What does Google do with that data? Even if that data is 'anonymised' (a pretty meaningless term nowadays), in aggregated form that gives Google staggering quantities of data that they can mine for the future. Why did Google not even mention the word privacy once in that blog?

> Not a single word in that blog post about privacy.

Probably because there's nothing new to be said:


And there was a good article from the NYT this year about the controversies:


There are very strict laws about using children's data, so I'd assume that the data collecting is kept to a minimum for Chromebooks in schools

Are there? What specific laws? Even with such laws, I'm sure Google's legal team has picked through them to harvest the most amount of data possible from those students.

Just today I was thinking about high traffic areas in Waze and Google Maps. Sure they're going to use traffic cameras and municipal reporting services if they exist, but you have to wonder to what extent they're using location data from all those phones not currently running a navigation app.

Simple, there is no privacy in the cloud and nobody seems to care.

If the companies that serve the cloud provided all the privacy they possibly could, would we then actually have privacy? That is, would NSA not be able to refer random communication to the parallel construction department for prosecution? The chain of privacy will only ever be as strong as its weakest link.

Notwithstanding the Active Directory integration, this is the clearest shot across the bow of Microsoft's on-prem management suite yet.

The naming is puzzling. But I'm sure MS shops are used to weird names, and aren't likely to get pedantic about whether or not there should be an "OS" in there. They likely went with the simpler name to build on mindshare among decision-makers, and to intentionally muddy the waters to their benefit.

Is this just a re-branding of "Chrome device management"?

I wish they'd come up with something Family-oriented. I've got my mom, girlfriend, and girlfriend's children all using low-end Chromebooks / Chromebases as their primary computers, and I'm using one for about 80% of my computing. Chrome device management would be useful for us but $50/year per device plus needing to buy G.suite per user is a bit much.

I'm curious, what would you use device management tools for? They auto-update, so it's not that, and they don't hold much local software (other than Android apps). It seems like a small enough number of devices that it's fast enough to run one-off tasks on each of them manually.

By their nature there really isn't much one-off stuff to be done. We've got the kids on Supervised (local-ish) accounts which lets us monitor their browsing habits and enforce SafeSearch but that's about it.

The glaring hole is that they can't install Apps / Extensions and there's no way for us to do that on their behalf.

This is targeted at the enterprise like the product name says. $50/device for a huge corporation this product is for is just a dot on the balance sheet. For Google, charging consumers for products is just a fraction of the money they make showing ads to consumers.

A big chunk of business is dead in the water without Excel (and to a lesser extent Word/Powerpoint).

And no don't tell me google sheets. Great for sharing data...ultra crap for data manipulation.

As someone who doesn't use either, what are the big features you see missing in Google Sheets?

FYI I've found that e.g. pivot tables work fine in Sheets. I also prefer some of the UI details.

It's not so much big features but rather an accumulation of small things missing that basically kills it for a power user.

The biggest issue for me is lack of keyboard shortcuts. If you use Excel a lot and have all the shortcut keys in muscle memory you can do things at speeds fast approaching magic. There are literally offices where first person to use the mouse during the day buys beers after work.

There is also random sht missing that matters to me but apparently not to some dude at google HQ. Like the ability to remove duplicates from a list.

Don't get me wrong - google sheets is great. It's just not a replacement for something that has been tweaked to perfection over years.

MS is going to get killed on multiple fronts in the coming years. Excel is not one of them. Nothing is even close.

GSheets still can't scale up to the larger models our Finance team builds.

I'm sure that's true. But for 90% of organisational users, Sheets will handle everything they need. Plus do intuitive sharing, automatic backups, and all the other advantages the cloud provides... for far less TCO than a traditional PC.

Browser-based apps will always be far less powerful than native OS apps, and any sensible company will provide beefy machines for their engineers, finance team, graphic designers etc. And browsers for everyone else.

Plenty of other programs that are great for data manipulation. They are dead in the water without office due to vendor lock-in and not willing to spend the time switching to a different system.

It's one thing switching internally, but if you need to deal with customers/suppliers/authorities etc who send or receive Excel format spreadsheets, it's kind of hard to switch. Paying a few hundred dollars a year, for a business, is a small price to pay to have things work relatively seamlessly (compared to alternatives such as LibreOffice).

Also I think you are underestimating what people use Excel for. I've seen companies uses macros, tens of tabs, and basically build the software that runs their business in Excel. It's not just a simple spreadsheet.

Lots of enterprises out there with many users who need nothing more than a web browser, email, light word processing and maybe slideshow software. Active Directory integration makes the migration possible. Chrome OS provides it all in a way which dramatically reduces maintenance costs compared to Windows.

If Google starts showing some reduced TCO figures, they'll start to pull a lot of converts.

Be careful, there is the idea that the IT guy has of what the other employees "just need" and what they actually do. Unless you are talking about a really low level employee who is only authorised to use company hardware to press certain buttons on certain forms, it's likely that most employees deal with much more complicated workflows than their IT department realises.

Can't believe I'm writing a post to support MSFT of all people, but really, you can get a pretty low maintenance windows install these days - see the ASUS 'winbooks' & note that msft offers cloud based AD & office..

So have enterprise Linux distros, for at least a decade now. People still use Windows.

Because Linux still isn't ready to roll out for the average enterprise office user. My mother, father, wife, and sister all have higher ed degrees and fruitful careers and can't realistically use a linux machine - even today. Linux' open nature has been it's greatest achievement, and it's worst enemy. Lack of commonality or agreement on package sources, etc., has led to an ecosystem that's all but inaccessible to the Real World.

I love it myself, but until you can walk into a Best Buy and a quarter of the options are Linux machines that the sales people can show off as well as the mac airs and surfaces, it's going to stay for people like me.

And that's just the home world. Trying to bring business into it? Unless your staff is purely development oriented, you now have to retrain every one of them (and probably most of the developers). Linux for wide spread average business user use is a non starter.

I work in Tech and can work well with Linux shell but still use Windows as my main OS. I've tried various Desktop environments, none was as nice and productive as working with Windows for me. I still try it every year but so far I've always gone back after not more than a week.

And Excel remains very powerful for quick data analysis, quicker than python tools for most one-time work.

I think that Linux will become more successful where people don't interact closely with the OS (Phones, Kiosks, simple terminals) but Windows will remain dominant on most computers.

"Because Linux still isn't ready to roll out for the average enterprise office user. "

And my point is, how will Chrome OS enterprise be different?

Do you think they'll write their own Printer management tools, or just install CUPS?

Will they write their own Active directory client, or just use SSSD or Samba or whatever RedHat is using these days?

From my experience most people use Excel to some degree. Google Sheets is ok but tends to be slower to work with than Excel and cannot handle larger amounts of data.

Not sure if the migration effort and lost productivity is worth the cost savings.

I would really like to have a computer for use at work where my IT department could feel like they had assurance that it was secure/virus free/malware free but from which I could sign into my personal accounts without feeling like I'm opening them to my IT department. Right now I just carry two laptops in my bag and it's really annoying. Wondering if Chrome Enterprise will enable this sort of thing.

Well, they could enable this sort of thing, but why would your IT department want that feature?

Because they're... not assholes? I think we've worked for different sorts of companies.

IT departments tend to exist in two states: pre-a-hole, and a-hole. The state transition is triggered by some screw up that may or may not be their fault but they take the blame for.

So they are assholes if they don't want to spend company resources allowing you to check your personal email while at work? Yeah, you've worked for a "different sort", the kind that waste money it seems.

Many places I've worked don't allow use of personal cell phones while at work, much less allowing access to personal accounts on enterprise equipment. Security is hard, adding complexity is a bad idea.

Yeah we've definitely worked at different sorts of companies. At the kind I've worked at, employee happiness and retention is valued way higher than whatever it is you think is lost by employees handling personal tasks at work (bandwidth? computer depreciation? time, when none of us work strict 9-5 jobs?)

Sounds like you were working for the Umbrella Corporation. Level 6 classified.

$50 bucks per device per year? For what, extra management frameworks on a chromebox? What a bargain /s

Google also have a perpetual Chrome Enterprise license that costs $150 per device. [1] For education and non-profits the same license is $30. [2]

$50/device/year does seem like a lot of money especially when Google expect a device will last 6.5 years. [3][4]

Surely lowering the cost of the business licenses even further would increase Chrome OS adoption significantly?

[1] https://shop.promevo.com/index.php/google-cloud/software/man...

[2] https://shop.promevo.com/index.php/google-for-education/soft...

[3] https://support.google.com/chrome/a/answer/6220366?hl=en

[4] https://chromeunboxed.com/googles-end-of-life-policy-for-chr...

6.5 years might be the support time frame, but with the build quality of most of these devices, 3 or 4 is more realistic. The higher end will certainly last longer, but I also suspect that those with the money to afford them will also update more frequently.

For enterprise customers, $50/seat/year is a rounding error.

On a related note, does anyone know how to bury a dead corporate user account? The company that gave it to me doesn't even exist anymore, but Google keeps insisting that "account action is required". The company terminated my login shortly before imploding, and I lost the associated phone number when I fled the country, so there is no way that I can get back in to shut it down myself.

I suppose I will eventually just buy a new phone in a few years, but I'm not thrilled about all that private work / business data that is sitting in limbo.

you can't leave us hanging like that. sounds like there is a wild story to be told!!

I have all kinds of theories about what actually happened. All I really know for sure, is that a bunch of wild accusations were thrown around at the execs by a small clique of powerful investors, with new accusations being generated as old ones failed to stick. Then the execs were fired for unmentioned reasons and sworn to silence, with the threat that no employees would be paid if anyone broke silence or failed to follow the orders of the interim CEO (total stranger).

This all happened over a single weekend. Considering that we were in a monarchy, and some of investors were royalty, I took that as my cue to get the F out of Dodge before my passport got locked. It took me a while to recover from the stress and the trauma; not knowing what ever happened makes it hard to put it behind me.

Even now, I am afraid to share too much detail, because I am unsure of how that would affect the people who remained in the country. Always have an emergency exit ready to go; $5K in cash will get you across most borders, if you play your cards right.

While there is Google Play Integration, there is no word on how they plan to integrate the corporate intranet - which is littered with thousands of custom applications ranging from payroll to HR to ticket and incident management.

Aren't most of these web-based, now that it's 2017?

Serious question - surely there are some custom non-web apps but I doubt they'd have released this if they didn't see some large companies who would find it a compelling cost reduction for big swaths of their staff.

Do you mean Internet web based or intranet web based?

Because tons of stuff is on-prem, e.g. Confluence, JIRA, Bitbucket.

Seems pretty clear they're betting most corporate applications will be web-based, with custom managed Android apps as another front-end coming online.

Is there a remote desktop to a virtual PC capability with this?

You can use the Remote Desktop Android app from Microsoft. You can also use the Chrome Remote Desktop.

Created a throwaway for this. But Google has a reputation for shutting you down without resort to any recourse and I can attest to this personally. Hope I'm not off topic, but I had a successful Android App which was taken down from the Playstore because I used a single keyword that was copyright, but it was really essential for this app and I had provided context for using the keyword. It was a free app anyway and I was making no money from it (no ads either). Anyway, they removed my app from the store and I had no way to get it back up- all my ratings, downloads, reviews were lost. The point here is that they didn't give me a chance to defend myself- one strike, and you're out and never coming back again. Imagine enterprises using Google products with this sort of an attitude.

I suspect Active Directory integration might make this actually have legs. Especially in the educational industry.

There is already sync from ad to g-suite, how does this significantly change things for education? Also, the education industry is already probably the biggest industry for Chromebooks i.e. it already has legs there.

I've always had the belief that the Microsoft juggernaut would continue its slow decline in relevance as mobile and web devices removed the need for Windows, and the improvement of apps like Google Docs, OpenOffice, etc. would eat away at Office from the other side.

But I really think now we're approaching the point where their fall might happen swiftly. Chromebooks are fine for the majority of corporate users. And if they catch on, there is no need for any of the Active Directory / Azure tie-ons that MS has been hoping would pull enterprise customers towards Azure, Office 365, and all the rest.

And even if Microsoft can convince customers to stay, they simply won't be able to charge the same prices they've enjoyed for decades now with the overpriced Office, Server, and Client access licenses.

And once an enterprise moves away from Active Directory and Office, I don't see any benefit of using the very expensive Sharepoint, Outlook, OneDrive, and other apps that have always been overpriced, but worth it as they integrated well together and saved companies more money via lower IT costs.

Most modern businesses run on MS Office. For Google to really gain market share, they need to be able to run heavily formatted MS Powerpoint slides and Excel workbooks with VBA macros with no pain for compatibility.

Some small companies can currently go with Chromebooks and the Google office suite (assuming they don't share many files externally), but for big business the compatibility needs to be there to switch from MSFT. Big businesses can't afford to refactor every single spreadsheet in existence to make the switch. Currently I have 2 Excel sheets, a Word doc, and Outlook open. Excel specifically is the most difficult to port elsewhere. Backward compatibility and network effects are immense.

It is great for education and siloed businesses though.

Until then MSFT owns the space and can charge significant annual license fees. I dont see that changing in the next decade.

I'm afraid this is the reality. LibreOffice is working towards this, and I really hope Google is too... but I'm not convinced :(

Sounds great until you realize that their "Hate Algorithm" or whatever will end up erroneously shutting down your computer one day.

I hope they finally acknowledge the Security Bypass they have in this "Enterprise" version... where it will be even more serious

https://bugs.chromium.org/p/chromium/issues/detail?id=718831 https://bugs.chromium.org/p/chromium/issues/detail?id=696378 etc...

It is fun to report those things to Google Project Zero and then find that people on that side obviously do not understand that security bypasses are... well... security issues.

full submission reproduced below, just in case they radar-disappear the item... duping items is apparently what Project Zero does so that the items disappear from Google results...


Thank you for an amazingly solid looking ChromeOS. Happy that I picked up a nice little Acer CB3-111, thought about plonking GalliumOS/QubesOS or heck OpenBSD on it, but with the TPM model and the disk wiping, not going to.

Just wanted to note this discovery so that you are aware of it and hopefully can address the problem as it would improve the status quo. Keep up the good work!

Greets, Jeroen Massar <jeroen@massar.ch>


By disabling Wireless on the login screen, or just not being connected, only a username and password are required to login to ChromeOS instead of the otherwise normally required 2FA token.

This design might be because some of the "Second Factors" (SMS/Voice) rely on network connectivity to work and/or token details not being cached locally?

But for FIDO U2F (eg Yubikeys aka "Security Key"[1]) and TOTP no connectivity is technically needed (outside of a reasonable time-sync). The ChromeOS host must have cached the authentication tokens/details though to know that they exist.

The article at [2] even mentions "No connection, no problem... It even works when your device has no phone or data connectivity."

[1] https://support.google.com/accounts/answer/6103523?hl=en [2] https://www.google.com/intl/en/landing/2step/features.html


Chrome Version: 59.0.3071.35 dev Operating System: ChromeOS 9460.23.0 (Official Build) dev-channel gnawty Blink 537.36 V8


First the normal edition: - Take a ChromeOS based Chromebook (tested with version mentioned above) - Have a "Security Key" (eg Yubikeo NEO etc) enabled on the Google Account as one of the 2FA methods. - Have Wireless enabled - Login with username, then enter password, then answer the FIDO U2F ("Security Key") token challenge

All good as it should be.

Now the bad edition: - Logout & shutdown the machine - Turn it on - Disconnect the wireless from the menu (or just make connectivity otherwise unavailable) - Login with username, then password - Do NOT get a question about Second Factors, just see a ~5 second "Please wait..." that disappears - Voila, logged in.

That is BAD, as you just logged in without 2FA while that is configured on the account.

Now the extra fun part: - Turn on wireless - Login to Gmail/GooglePlus etc, and all your credentials are there, as that machine is trusted and cookies etc are cached.

And just in case (we are now 'online' / wireless is active): - Logout (no shutdown/reboot) - Login with username, password.... and indeed asks for 2FA now.

Thus showing that toggling wireless affects the requirement for 2FA.... and that is bad.


- Being asked for a Second Factor even though one is not "online".

As now you are walking through say an airport with no connectivity, and even with the token at home, just the username and password would be sufficient to login.


For the Google Account (jeroen@massar.ch) I have configured: - "strong" password

and as Second Factors: - FIDO U2F: Two separate Yubikeys configured - TOTP ("Google Authenticator") configured - SMS/Voice verification to cellphone - Backupcodes on a piece of paper in a secure place.

Normally, when connected to The Internet(tm), one will need username(email), password and one of the Second Factors. But disconnect and none of the Second Factors are needed anymore.


The Google Account password changer considers "GoogleChrome" a "strong" password.... might want to check against a dictionary that such simple things cannot be used, especially as 2FA can be bypassed that easily.....

Likely they’ll just ban your account for some "vulnerability abuse" or "hacking", even though they themselves said just days ago "this is not a vulnerability".

I’ve seen it before, reported a vulnerability to Google, got a "not a vulnerability, not eligible for anything" back, published the PoC on my website, and Google subsequently blacklisted my domain, IP range, and everything.

Can you link to more details? If this is true then it should be flagged and fixed.

Oh, it was. But only after I asked a Google employee via social media if he could flag it to get it fixed (which actually did help).

It’s a bit suboptimal when the only real way to fix issues is via HN or similar sites.

I don't believe the checkmark indicating "Cloud & Native Print" support on Chrome OS. I've got two Chromebooks and have used Chromeboxes at work and have never gotten printing to work reliably.

I don't like to lock into Google ecosystem at work but I also hate some Microsoft services at work.

You can run the Microsoft services locally if you wanted to. People hosted AD/Exchange for years before these new hosted services came along. Even when people outsource Exchange, they often still hosts their AD internally.

I assumed this was an enterprise version of Chrome, with the main difference being it doesn't auto update, thus being more friendly to the IT departments who administer a company's computers.

I think those days are gone. Firefox, Chrome, Vivaldi and Edge all do continual rapid releases with ever increasing version numbers. I think only Safari is the only major browser left that doesn't.

$50/device?? With that said, I suspect Facebook is working on a browser...that could compete well with Chrome...any reason why Facebook hasn't developed a browser?

Random observation: the font-background contrast ratio in this post makes it very hard to read comfortably.

David was working on the smart card authentication system for ChromeOS not too long ago. Glad to see this maturing.

That is a very compelling price point.

I thought there would be more discussion on this as well. Think it is interesting and doable. Some may complain it is too much, but if it really does what it says it may be worth it.

I've been seeing IT become increasingly frustrated at their inability to lock down the security on MacOS to the level they'd hoped. Wouldn't be surprised to see silicon valley startups issue Chromebooks out as the default in 3-4 years time. Especially if Google gets this right.

You asked about Silicon Valley startups and I work at one. I genuinely don’t think that today I could use a Chromebook to do any level of my work. I have used one in the past (though not for programming) and even that was miserable.

Just this weekend I retired my old Macbook and switched my dev environment to an Asus flipbook and preemptible VM's on google cloud. For offline work I boot linux from a usb-c flashdrive. Getting my VPNs working and eliminating Ctrl+w from my workflow was the hardest part.

Google has created the full ecosystem (phone, laptop, apps) to compete against the MS and Apple stacks. It's still a rougher experience, but for me, it has crossed the good enough threshold.

I don't know what your perception is, or how you were using it... and I don't actually do this on a daily basis, but I think if what you did was using crosh in a browser tab, there is a much better experience on ChromeOS to be had. I used crouton with X11 and it was IMHO decidedly serviceable.

I could not get used to using a shell in a browser tab; it was just too easy to accidentally lose my work by pressing ctrl+W.

But I have been a desktop linux user for ~20 years until switching to MacOS last year, when I got a new job and inherited my predecessor's Macbook Pro. So, getting E17 started, even with no GL acceleration, was really quite OK for me. (But as a desktop linux user, I'm sure I'm probably on a short list who would be ok with that... you might be too, I don't know how you were using it or what your background is.)

If I had something better than a 2012-model Samsung XE303C12 (anything but an ARM-based chromebook, I guess) something with an intel CPU that has Haswell chipset or Bay Trail, or i915 video, or the Chromebook Pixel line, or... I think it would be even better (with supported graphics acceleration, I mean.)

What were your issues/how far did you get, if you don't mind my asking?

good luck getting a 'locked down OS' on crouton. if you're going to do that you might as well install Ubuntu on the bare metal and do away with the middle man. Can't run Docker on a crouton machine either because the kernel they used for ChromeOS doesn't support containerization (yet).

Is that still the case? Bummer... yeah I forgot entirely this was a thread about making Chrome a more locked-down OS.

I was running Docker just fine on the ARM hardware until they upped the kernel requirements (so, probably v1.11? Something something, unsupported now...) I almost wound up compiling my own kernel, but it was too complicated,

I wasn't sure I'd be able to do it at all without switching to Chromium OS, and at that point I might as well set up a server doing nightly builds and run my own Omega protocol OS Update infrastructure.

Yeah, I would definitely not ask programmers to work on a locked-down ChromeOS machine without crouton.

I used a Toshiba Chromebook 2 (2015) for a development machine for a while. used crouton for some of that time, but eventually just reformatted it over to Ubuntu installed on the bare metal exactly because I could not use Docker on the ChromeOS kernel. I also thought about building the kernel myself, but said screw it, reformatting was easier. :)

Man what happened, we used to compile kernels all the time right...


theres an option on how to open the window where control-w doesn't kill your window, you can use it as you want. it was obscure and hard to find.

I suspected there might be as I was writing this! But didn't think to check when I was still using it. You can also probably save yourself losing work this way by using screen or tmux, of course...

except development on ChromeOS is akin to pulling your fingernails out millimeter by agonizing millimeter.

I would rather shave with a belt sander than use ChromeOS for any modicum of development ever again. Ended up installing Crouton on it, which made it workable, but then are you _really_ using ChromeOS anymore?

Is it April 1 already?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact