Security Experts See Chromebooks as a Closed Ecosystem That Improves Security (cnet.com) 192
The founder of Rendition Security believes his daughter "is more safe on a Chromebook than a Windows laptop," and he's not the only one. CNET's staff reporter argues that Google's push for simplicity, speed, and security "ended up playing off each other." mspohr shared this article:
Heading to my first security conference last year, I expected to see a tricked-out laptop running on a virtual machine with a private network and security USB keys sticking out -- perhaps something out of a scene from "Mr. Robot." That's not what I got. Everywhere I went I'd see small groups of people carrying Chromebooks, and they'd tell me that when heading into unknown territory it was their travel device... "If you want prehardened security, then Chromebooks are it," said Kenneth White, director of the Open Crypto Audit Project. "Not because they're Google, but because Chrome OS was developed for years and it explicitly had web security as a core design principle...." Drewry and Liu focused on four key features for the Chromebook that have been available ever since the first iteration in 2010: sandboxing, verified boots, power washing and quick updates. These provided security features that made it much harder for malware to pass through, while providing a quick fix-it button if it ever did.
That's not to say Chrome OS is impervious to malware. Cybercriminals have figured out loopholes through Chrome's extensions, like when 37,000 devices were hit by the fake version of AdBlock Plus. Malicious Android apps have also been able to sneak through the Play Store. But Chrome OS users mostly avoided massive cyberattack campaigns like getting locked up with ransomware or hijacked to become part of a botnet. Major security flaws for Chrome OS, like ones that would give an attacker complete control, are so rare that Google offers rewards up to $200,000 to anyone who can hack the system.
The article argues that "Fewer software choices mean limited options for hackers. Those are some of the benefits that have led security researchers to warm up to the laptops...
"Chrome OS takes an approach to security that's similar to the one Apple takes with iOS and its closed ecosystem."
That's not to say Chrome OS is impervious to malware. Cybercriminals have figured out loopholes through Chrome's extensions, like when 37,000 devices were hit by the fake version of AdBlock Plus. Malicious Android apps have also been able to sneak through the Play Store. But Chrome OS users mostly avoided massive cyberattack campaigns like getting locked up with ransomware or hijacked to become part of a botnet. Major security flaws for Chrome OS, like ones that would give an attacker complete control, are so rare that Google offers rewards up to $200,000 to anyone who can hack the system.
The article argues that "Fewer software choices mean limited options for hackers. Those are some of the benefits that have led security researchers to warm up to the laptops...
"Chrome OS takes an approach to security that's similar to the one Apple takes with iOS and its closed ecosystem."
Year of the Chromebook. (Score:3, Funny)
Re:Year of the Chromebook. (Score:5, Interesting)
Really, it's about how much it doesn't let you do.
If you are trying to be productive, chromebooks are exceedingly annoying because they are so limited.
This plays well with a lot of security researcher mindset, that would rather see useless computers than tolerate what they could imagine to be a security problem.
Sometimes they find legitimate problems (e.g. Heartbleed), but often the declare some severe CVE for "administrator can do administrator things" sorts of behaviors.
Then they wonder at why when they find a very severe issue and get a lot of credibility, why it goes away in a matter of weeks as they try to open/brand a wave of 'vulnerabilites' that are perfectly actually expected/intended behaviors by the developers and the users of that software.
Re:Year of the Chromebook. (Score:5, Interesting)
The point was to reply to the person saying that this story about chromeos somehow relates to Linux security model. While it does avail itself of certain linux features (SELinux), it's mostly about implementing a very limited sandbox and they can/do pretty much implement that wherever their browser runs. You can pretty much also get the same security by never running anything outside a browser context.
In many cases, sure, you are dealing with a situation where the owner of the device is not the operator of the device, and it's nice to limit them. However for security researchers protecting themselves, they should be able to do it either way.
I don't mind chromebooks, but I am a bit put off by the security community in how they sometimes treat enduser empowerment and their endorsement of ChromeOS rather than a more empowering linux distro reminds me of some negative interactions is all.
Re:Year of the Chromebook. (Score:4, Informative)
While it does avail itself of certain linux features (SELinux), it's mostly about implementing a very limited sandbox and they can/do pretty much implement that wherever their browser runs.
That's part of it, but only a part. Other crucial parts are the verified boot system, which ensures that even if the device does get compromised somehow it's essentially impossible for the compromise to be persistent, and the update system.
Also, saying "system X uses SELinux" doesn't really tell you anything. Whether or not and how much benefit you get from SELinux depends on the configuration, and how restrictive you can make the SELinux config depends heavily on how much you have to allow software to do. Similarly for verified boot, if you must allow arbitrary software to be installed, then by definition you can't fully validate all of the software on the system.
So these restrictive, less-flexible elements of ChromeOS are actually a big part of what enables it to be so secure.
However for security researchers protecting themselves, they should be able to do it either way.
Go talk to a bunch of security researchers. The first thing they'll tell you is that nobody can be trusted to make good security decisions, not even security researchers/experts. It takes a team of security experts, plus outside researchers and security audit firms working together to make a system secure -- and even then it's a matter of asymptotically approaching security; you never actually arrive. No one person can understand all of the pieces and all of the interactions deeply enough to make good decisions.
Re: (Score:2)
Windows 10 with secureboot in S mode is pretty much the same thing. It has been a flop, as from a functional perspective all it does is prevent things you want to use from working. ChromeOS is in pretty much the same boat, if you want to do anything interesting you need Google's blessing, but Google somehow doesn't catch as much flak for that as MS did.
It takes a team of security experts, plus outside researchers and security audit firms working together to make a system secure
I refer to indivduals using a decently capable platform on their personal device. It can't be the case that an individual needs a team of security experts
Re: (Score:2)
It can't be the case that an individual needs a team of security experts to use their own laptop securely.
You would like that not to be the case. I see no evidence that your wish is fulfilled. Mostly people are okay as long as they don't do anything egregiously stupid, not because their systems are secure but because no one seriously bothers to attack them. Security by being uninteresting is fine... until it's not.
Re: (Score:2)
But but but.... the other end of the Chromebook is connected to Google, arguably one of the biggest personal data spies in the business. Nothing is secure there.
Define your threat model. If it includes a risk of getting targeted ads, then Chromebooks are not secure for some uses (and are secure for others). If you're worried about data leaking or being stolen, then Chromebooks are quite secure for whatever.
Chromebooks crowded out netbooks (Score:4, Interesting)
The Chromebook isn't a full blown laptop that can run all sorts of high end software.
True, but it did crowd more versatile compact laptops out of the market. To what extent did the introduction of the Chromebook in third quarter 2011 cause inexpensive compact laptops to cease being a market segment at the end of 2012 [slashdot.org]?
Atom no worse than a P4 (Score:2)
An Atom CPU is no worse in performance than a similarly clocked Pentium 4 CPU.* Thus an Atom laptop can still hold its own running Xubuntu, especially for things like lightweight hobby or contract programming work to pass the time on the bus commute to and from one's day job.
* Yes, this is telling about how inefficient NetBurst was, but bear with me.
Re: (Score:2)
The point about netburst was high clockrates, atom cpus tend not to have such high clockrates.
Most (all?) chromebooks can be repurposed to run a full blown linux if you want to, or you can run chromeos in developer mode which is basically linux anyway.
Press Space then Enter to lose all your data (Score:2)
Most (all?) chromebooks can be repurposed to run a full blown linux if you want to, or you can run chromeos in developer mode which is basically linux anyway.
As I wrote in this journal entry [slashdot.org], a Chromebook in developer mode will wipe its storage if someone else turns it on and looks at it funny. This loses all installed software and all commits that have not yet been pushed to a remote repository. How would one go about repurposing a Chromebook to run GNU/Linux without running the risk of it being wiped?
GalliumOS and MrChromebox as an alternative (Score:3)
Someone accidentally wiping your developer-mode Chromebook is a valid concern. But you can reflash the firmware with something like MrChromebox's Firmware Utility Script to prevent that. I did that on the Acer 15" Chromebook I am using to write this post. It now runs GalliumOS (based on Xubuntu) and applications like Visual Studio Code and Minecraft. See: https://wiki.galliumos.org/Ins... [galliumos.org]
I did replace the flash memory with a 128GB module -- but that isn't strictly necessary. More details on all that in my c
Does flashing MrChromebox void HW warranty? (Score:2)
I would be happy with Xubuntu, as it's the same OS that I used on my last netbook from fourth quarter 2011 to mid-2017. But does "reflash[ing] the firmware with something like MrChromebox's Firmware Utility Script" cause me to lose eligibility for warranty repairs on the hinge or power jack? I had to have my last netbook's power jack repaired under warranty once.
Re: (Score:2)
1) You can connect to an SMB share while not in dev mode. You can push your data off at this time.
2) Activate Dev mode. (this DOES wipe the system and start it fresh).
3) In Dev Mode, install MrChromebox's UEFI bios. This completely replaces the bootloader.
4) Install GNU/Linux
YES, this voids the warranty. I remind you that it is absurd to complain about this, as Google is only going to support chromeos anywyay.
Re: (Score:2)
These devices are essentially a chromebook, just without the custom chromeOS boot loader.
Under the hood they are basically the same kind of beast: eMMC based storage, 4gb of non-upgradable RAM, Celeron or Atom processor, SPI/i2C based bus with keyboard and mouse attached.
If you can get the chromebook cheaper, you are basically getting the same thing, just with a little extra legwork needed. Some chromebooks have NGFF based storage, which you can replace with a fantastically larger storage device. (Most are
Re:Year of the Chromebook. (Score:5, Insightful)
Even though you can do more with a mac (or even an iPad, especially the iPad pro)....chromebook is still better?
Re: (Score:3)
One difference is that Google Chrome, the pack-in browser on a Chromebook, is more capable (in support for web platform features) than Safari, the pack-in browser on a Mac or iOS device. And any third-party web browser on an iPad will have exactly the same deficiencies in support for web platform features as Safari due to their shared Apple WebKit engine.
Re: (Score:3)
Re: (Score:2)
This year I think it's up to 99.9%, or maybe another nine.
OTOH, last time I used Gnumeric it seemed to have disimproved over the earlier versions. And AbiWord was pretty basic, at the time I tried it I don't think it would have server more than 80% of the users. Of course, in both cases that was nearly a decade ago now (not quite). But judging by the way Gnome3 GUI has changed I don't expect things to have improved.
OTOH, you didn't mention LibreOffice, which is the one I prefer.
Re: Year of the Chromebook. (Score:2)
Re: (Score:2)
What is it you can do with an iPad that you can't do with a Chromebook? Keeping in mind that you can run android apps.
Re: (Score:2)
Pretty much everything described on this page, for starters: https://www.apple.com/uk/educa... [apple.com]
Re: Except for (Score:2)
I'm doing something like this. I have a bare-minimum $5/mo. VPS set up for Python development, and I VNC in from my Chromebook, my Mac or whatever I have handy.
The Chromebook has ssh, VNC, MySQL tools, most of what I need. And I could back the car over it, pick up a new one for 2 bills, have everything back on it in a few minutes.
It is my exclusive air travel machine, in the new Security State. I travel with it wiped back to bare metal.
It does several things exceedingly poorly:
1. Connecting to WiFi that re
Re: Except for (Score:2)
Revise and extend on that WiFi work around: you have to know in advance about the browser/WiFi issue, and install your blank junk account while on a working network BEFORE you travel. Can't set up the junk account with no working network, so it can't get you out of trouble if you haven't prepped.
Year of the crapbook (Score:2)
Your school system is habituating people to crippled, minimal devices - the very poster child for dumbing down the students.
Chromebooks are only a good answer to going backwards.
Re:Year of the crapbook (Score:5, Insightful)
Your school system is habituating people to crippled, minimal devices - the very poster child for dumbing down the students.
Chromebooks are only a good answer to going backwards.
Unfortunately, going backwards is a trend that is taking over all of society.
Over the last 30 years, computers have become more and more powerful, hard drives and monitors have become bigger and cheaper, and yet today most people spend all their time staring at a phone with a 5 inch screen and the power and storage of an early 90s era PC.
Re: (Score:3)
To be fair, that's all the power the average person actually needs. For many years they were forced to use huge beige boxes that sucked 200 watts because that's what the average geek was using. It helped drive down the cost of our hardware, but ordinary people still hated using them.
Now that computers are mainstream and commodity items, the tides have turned. Geeks are being forced to use tablets and phones, and it's likely that out beloved desktops will shortly return to workstation price ranges due to
Hyperbole (Score:2)
My phone has a 2960x1440 display; that's higher resolution than my desktop monitors are. It is small, but that's a feature, not a bug. It also can do displayport-out to a 4K display and connect to a bluetooth keyboard, should I desire that.
It also h
Nope (Score:2)
Nope. Your ASR-33s were just somewhat clumsy interfaces, not computer systems. And other than wasting paper and being slow, they could do a lot of what those early glass CRTs could do. The important parts, in terms of letting you stretch your computing chops.
Re:Year of the Chromebook. (Score:4, Insightful)
Full blown laptops are geek toys, designed for geeks by geeks... The average reader of slashdot might be capable of operating such a tool, but most people are not and many people would never have bought such a machine at all if it wasn't the only available tool for doing some key activity (eg internet access)...
Now there are many new tools which are far more suitable for most people's needs (chromebooks, tablets, phones, games consoles etc), the niches that require a full blown laptop are shrinking.
Re: Year of the Chromebook. (Score:2)
so you are saying most people should just get their bitch ass back in the kitchen and make us more pie?
Re: (Score:3)
I think he's saying that most people aren't interested in using the tool the way you want to use it, and would rather consider it a side issue that they didn't need to pay attention to.
If that's what he's saying, I believe he's right.
Re: Year of the Chromebook. (Score:2)
what he's saying is most people are tools. As long as we narrow that down to most Americans are tools i also agree.
Re: (Score:2)
I wonder how the kids will feel in 20 years after Google has tracked and stored their entire digital childhood. Yes it excels at what it was meant to do, spy on you every move.
Re: (Score:2)
The challenge comes in as you try to continue to get open ended devices in a world where you have more and more people locked into the google ecosytem or similar. Sure, different tools for different purposes, but that can cause difficulty when your tool of choice becomes more and more rare in the face of tools you do not like.
Re: Year of the Chromebook. (Score:3)
I started using a Chromebook a few years ago thinking that it would be limited to these tasks. However, I've found that I don't use my MacBook any more... For anything. Seems the Chromebook meets all of my needs. When I first got it I set up Linux on it thinking that I could use that for any "heavy duty" tasks but I haven't needed it.
Re:FOSS needs managers (Score:5, Informative)
Indeed, chromeos may be a closed system in its default configuration, but its still open source and its success actually provides significant benefits to those of us who want to use regular linux distros...
You used to get websites which check your user agent string and reject anything which is not windows or macos, such things are less common these days thanks to mobile and chromeos...
Manufacturers shipping devices with chromeos ensures that the hardware is compatible with chromeos, and thus also with linux. The same hardware can also usually be bought in other models of devices. Previously most non-server hardware was never tested with linux and could have all kinds of stupid compatibility problems.
Re: FOSS needs managers (Score:2)
not sure i'd call chromeos a closed ecosystem. Everything you do on the device is being sold to the highest bidder, its about as wide open as an ecosystem can get. Sure, you can't do anything useful on the device itself, but there is absoluely nothing 'secure' or 'closed' about all the data sucked back to the mothership.
Re: Year of the Chromebook. (Score:4, Insightful)
If you talked to 10,000 consumers who own Chromebooks, I doubt even 1% of them would be able to tell you they own a device running Linux.
If you talked to 10,000 consumers using Bing, I doubt even 1% of them would be able to tell you they're accessing servers running on Linux. So fucking what?
FOSS got tossed out the fucking window.
In what universe is FOSS running on millions of devices equivalent to being "tossed out the window"?
The infamous Year of the Linux Desktop ended up being nothing more than a bastardized commercially-branded closed ecosystem running on a personal tracking device that the masses happily sold their digital soul to get.
Ah yes, zealous hyperbole FTW.
Malware (Score:4, Insightful)
Everything from Google, a giant advertising company that wants to track your every move. Fools.
Re: (Score:2)
Depends what your threat model is. If you're worried about leaking data to corporate entities, then Apple / Google / MS based devices are always going to be a potential problem. If you're worried about organised crime or hackers then you're probably better off on a Chromebook as it's pretty locked down from those threats, and a Linux distro is quite easy to make insecure if you install the wrong service and/or don't keep it updated.
But please don't give me "but Apple are secure because they tells me so!" -
Re: Malware (Score:2)
Apple makes its money upfront from the user.
Apple makes its money selling CONTENT to the user. Sure, they make money on hardware sales, but they make much, much more selling $1 apps and songs to end-users.
Re: (Score:2)
Being security experts they are probably more interested in what they can measure, rather than paranoid forum posts. So they likely use some of their most basic tools, like Wireshark, to verify that their Chromebooks were not spying on them.
Re: (Score:3)
Re: (Score:2)
What does that even mean? Can you give a specific example?
Also, where are the ads in Chrome OS?
Soviet Union (Score:5, Funny)
VERY secure.
Re: (Score:2)
VERY secure.
Terrorists still seem to find ways to kill large numbers of people in the “very secure” Soviet Union.
Google security ... (Score:4, Insightful)
... an oxymoron.
i bet a reasonably secured Linux distro (Score:5, Interesting)
Re: (Score:2)
In case people don't see exactly how clever your comment is, ChromeOS is a Gentoo-based Linux distro with a prebuilt frozen userland and Google administration. It really does come down to trust of Google, once that information isn't being obscured.
Re: (Score:2)
Although since it's open source, could someone not create a fork that was linked to someone else's service instead of google's?
Not trusting google is fine, but people without the technical knowledge to operate a full blown laptop could hire someone they trust to manage a forked chromebook for them.
Re: (Score:2)
Free people use their private BBS,
..on their own..
Only one particular Linux distro (Score:5, Informative)
First let me establish to what extent I am qualified or not to address this question:
I've been a security professional for 20 years. Most of that time I used Linux exclusively. Recently I've also started using Mac. You'll find my name in the kernel change log.
There are three main areas of security; confidentially, integrity, and availability. Most of the time when people say "security" they mean confidentially first, with some thought to integrity, and they rarely think of availability. For confidentiality and integrity, the top two things an OS can do to help is limit the attack surface (such as not running unnecessary daemons or other software) and provide quick, reliable updates. The only code that can't possibly be hacked is code that isn't there, so the most secure system is the most minimal system. Real-life attacks use known vulnerabilities 99.99% of the time, so quick, automatic updates to resolve known issues are very important.
There is one Linux distribution that stands out for avoiding any unnecessary code (and potential vulnerabilities) and providing quick, reliable updates. That distribution is ChromeOS. It's well ahead of the others. It would be rather difficult indeed to set up a general-purpose distribution such as Ubuntu, which is made to support servers of all kinds, all kinds of workstations, etc, to be as secure as Chrome OS.
The third leg of security is availability. If the features and functions you need aren't available on ChromeOS, it won't work for you. Normally we think of availability as "not subject to denial of service or random crashes", but if the service you need is denied by the creator of the OS, that has the same effect as a denial of service attack.
ChromeOS is therefore well ahead of any general-purpose OS in terms of security - for users who don't need anything ChromeOS doesn't provide. That's a LOT of people. It even suits my needs while traveling because my travel device only needs to SSH to my main machines, and provide a web browser.
Re: (Score:2)
> If the features and functions you need aren't available on ChromeOS, it won't work for you.
I'm afraid that this includes over 90% of all laptop users. Without support for robust, fully Microsoft compatible document or spreadsheet handling for business professionals, without robust gaming support for even those few Steam games that have been converted, and without the developer support to handle virtual environments for other development, they remain useful only as web browser tools.
Good luck SSHing from transit (Score:2)
It even suits my needs while traveling because my travel device only needs to SSH to my main machines, and provide a web browser.
Good luck SSHing from a moving city bus. It won't stay near one Wi-Fi access point long enough for your Chromebook to associate. If you're buying cellular Internet service just to use SSH from your Chromebook, you end up needing to include the price of a cellular subscription over the course of your Chromebook's useful life in its effective price.
And where are your "main machines"? If at home, many home ISPs use NAT that blocks incoming connections [slashdot.org].
Re: (Score:2)
(It was a company mobile, and I was doing company business. Data plan not a problem!)
No company mobile (Score:2)
Couldn't you use your mobile phone as a Wi-Fi access point?
Not in my case. I have programming jobs for two different companies, one in an office and one from home. I work on projects for the latter to pass the time while riding the city bus to and from the former. Neither provides me "a company mobile". And with many of these being graphical and interactive (yet lightweight in CPU use), I would need to tunnel X11 or VNC over SSH, which would run up the latency and data usage even if I do manage to install some sort of X server or VNC viewer.
Re: (Score:3)
For confidentiality and integrity, the top two things an OS can do to help is limit the attack surface (such as not running unnecessary daemons or other software) and provide quick, reliable updates.
Confidentiality is having everything you do uploaded to the worlds most prolific data collection and advertising agency?
Talking confidentiality and integrity on a system that clearly isn't trustworthy in the first place is a waste of time.
The only code that can't possibly be hacked is code that isn't there, so the most secure system is the most minimal system.
Fundamentally misguided. Amount of code is not as important as organization of code.
Real-life attacks use known vulnerabilities 99.99% of the time, so quick, automatic updates to resolve known issues are very important.
Well over 90% of attacks exploit users not systems.
There is one Linux distribution that stands out for avoiding any unnecessary code (and potential vulnerabilities) and providing quick, reliable updates. That distribution is ChromeOS.
Only realistic hope in the near term is better hardware and isolation at hypervisor level.
Re: (Score:2)
You do have to decide who to trust (Score:2)
> Confidentiality is having everything you do uploaded to the worlds most prolific data collection and advertising agency?
That's something you have to consider. Whether you choose ChromeOS, ChromiumOS, Windows, Ubuntu or something else, and whether you use Google docs or not. You can use Windows and trust Microsoft with all your data of you want to. Personally my "consoles", the machines I touch daily, are just SSH consoles, so Google isn't getting anything from me other than browsing history.
You're righ
Re: (Score:2)
I don't get this at all. Google is very impressive at collecting, organising and searching data. They monetise data. That creates a conflict of interest with acting as a custodian of your data.
Both aligned interests and conflict of interest (Score:2)
It's an interesting thing. As you said, Google analyzes the data in order to serve relevant ads, and also uses it to provide better services, which they use for more ads. So there is an inherent conflict of interest there. Many people don't use Google services for that reason, and that makes sense.
ALSO like Coca-Cola has their secret formula, and KFC has it's "eleven herbs and spices", every company has their crown jewels. Google is not Microsoft - they don't survive by selling Office 365. Their most valua
Re: (Score:2)
I hear your take, and your examples are illuminating:
1. Top-secret research (fighter jet development)
2. Credit card info
3. On-boarding checklist for new developers
Three different levels of security required for three different levels of sensitivity of data. Thing is, while everyone would agree that example 1 requires specially hardened systems, surely you'd agree that almost everyone requires secure computing that protects information like example 2? And not by creating an air-gapped local secured system, e
Secrets you tell everyone aren't that secret (Score:2)
When I mentioned credit card information, I was talking about a database full of other people's cards, knowing that some of those people have only one account, with a low balance. A stray $100 charge will have them overdrawn and they'll start getting overdraft fees. Then they won't be able to buy gas or food until pay day. A high level of confidentiality is required.
For MY OWN credit card that I use to buy stuff online every day, I recognize that is sent to a lot of different companies who have widely varyi
Re: (Score:2)
Do you have any evidence that everything you do on a Chromebook is being uploaded to Google? Do you think that no one in the security community has bothered to check, say with a packet sniffer or MITM attack?
Chrome OS has a lot of other stuff that no other Linux distro replicates, at least not without extensive hacking. Secure boot, for example. Do you know what is involved in setting that up on a random laptop with random Linux distro? Or sandboxing apps to the degree that Chrome OS does by default?
Re: (Score:2)
You may need to clarify whether you're talking about the user's security, or the security of the corporation.
Re: (Score:3)
would be just as good as long as it is in competent hands
Exactly the problem. Vast majority of users, including most IT professionals, are not security competent. Expecting people to know the ins-and-outs of computer security before they can be secure is a non-starter.
Re: (Score:2)
would be just as good as long as it is in competent hands
Exactly the problem. Vast majority of users, including most IT professionals, are not security competent. Expecting people to know the ins-and-outs of computer security before they can be secure is a non-starter.
More than that, security researchers will tell you that they, themselves, aren't competent to make good security decisions. It's why they use Chromebooks.
Systems are too big and complex for one person, however expert, to fully understand. Building a secure system requires teams of specialists, not just specialists in security but specialists in the security of particular parts of the system. Plus pen testers, security auditors, etc., who take a more holistic view, but with access to all of the specialists
Re: (Score:2)
True, but honestly, what good is that?
For more than a decade, we've been beyond the point where competent folks can secure their machines. The challenge now is to make it the default behavior so that anyone can run a secure user machine without effort.
Besides being excellent for the incompetent, accomplishing this challenge also frees up the competent to apply their competence to other tasks. That is, it's a benefit for everyone the intellectual effort required to accomplish a task is reduced.
Someone said t
Re: (Score:3)
If you're worried about security, OpenBSD would probably be better. Theo's pretty fanatical about it.
Re: (Score:2)
The “problem” (from the typical user’s point of view) is that BSD folks have no problem with hearing “no, we don’t allow that because it could lead to potential security concerns”. Most users don’t want to hear about what they aren’t allowed to do - when forced to choose they will pick convenience over security, every time.
Re: (Score:2)
they will pick convenience over security
And what would be an example for that? Why should convenience be automatically insecure?
Re: (Score:2)
If you're worried about security, OpenBSD would probably be better. Theo's pretty fanatical about it.
Theo isn't remotely as fanatical about security as the ChromeOS team. He also doesn't have the same control over the hardware that runs the systems, nor the software that runs on the systems, as the ChromeOS team does. OpenBSD doesn't even have a Mandatory Access Control system like SELinux, and if it did it couldn't lock it down as hard as ChromeOS can... precisely because OpenBSD has to be allowed to run arbitrary software, while ChromeOS does not.
I'm not saying OpenBSD isn't a nice system, nor that The
Chrome OS (Score:2, Funny)
I can see why one would purchase a cheap laptop with Chrome OS for their children in middle school or high school but once they are college bound only a quality laptop that is neither repairable nor upgradable running macOS with 10 dongles will do.
- Tim in Cupertino
AP Computer Science (Score:2)
I can see why one would purchase a cheap laptop with Chrome OS for their children in middle school or high school
Middle school maybe. But how would a high school student taking AP Computer Science complete his homework using Chrome OS?
Re: AP Computer Science (Score:2)
But how would a high school student taking AP Computer Science complete his homework using Chrome OS?
104K students enrolled in AP CS classes last year, that's between 1-3,000 students per state/year - that is not a meaningful percentage of high school students in America.
College Board Pushes for CS as HS Grad Requirement (Score:2)
What percentage of the high-school students in the US are in this group [of students taking programming]?
100 percent, if the College Board gets its way [slashdot.org]. The College Board administers SAT and AP tests that high school students take to determine their eligibility to attend university.
Data leaked to Google ? (Score:4, Interesting)
No mention of how much is leaked to google: copies of your files sent there or other metrics that google might sniff. But if you are happy with that then yes it is secure.
Safe from whom? (Score:2)
title should add "Self-proclaimed" to the "security expert" part.
General Purpose Computing (Score:4, Insightful)
Sure, I'll agree with summary. A closed system is inherently harder to hack. And harder to put malware onto if the model is excluding unsigned/unapproved code.
But is this something we really want? We've heard that 'they' would like general purpose computing to be revoked from the general population, or at least severely limited.
This is a step in that direction, under the guise of 'It's more secure!', yeah, it's also locked down and useless for any function other than it's designated function. I'm not really interested in this. I don't think it's a good idea to be pushing this kind of solution.
It's a nice looking 'gift', but it's trojan horse. A trojan to train the population that they don't need general purpose computing, and that general purpose open computing is dangerous and unsafe. Not good.
Re: (Score:3)
General purpose open computing *is* unsafe for most people, and people with zero technical knowledge using complex general purpose systems has resulted in epidemics of compromised machines, identity theft and all manner of other problems.
Many people are better off with a hardened device managed by someone else, wether its a chromebook, tablet or games console (a console is fundamentally no different, its just designed to play games instead of browse websites).
Were it not for a need to access the internet, m
Of course they would see it that way (Score:2)
It's true for most people. (Score:2)
Most people I wouldn't trust to maintain mission critical security on a productive workstation. They click on FunnyCatsVideo.exe and could tell a client from a server if their life depended on it. For these such a thing as a chromebook truely *is* the more secure solution.
Google watches over you.
That's not just a disadvantage. Which is why I recommend it to all ordinaries with no money and no grasp of computers. The ones with money I tell to get the apple stuff.
Re: (Score:2)
I have used ABP for the last few years, but i recently(2 weeks ago) switched to safescript because i was sick of websites abusing my eyes. Much better! May have to configure for $favoritesites but other than that, i see what i want and nothing more.
Re: Oh you... (Score:2)
Check out Pi Hole to deep six ads.
Re: (Score:2)
I like https://addons.mozilla.org/en-... [mozilla.org]. I am some what fair and just (some might say a fair bastard and just a cunt but that's another story, service in the military the things they teach), I let some run and block others. Scripts on bad sites get blocked, scripts advertising bad products get blocked, over the top ads or ads in front of content get blocked, the rest run, even pop ups well more accurately open up in a new tab are allowed.
Ads, paywalls, or what else? (Score:4, Interesting)
The real version of AdBlock Plus has been malware since they started deciding some ads were acceptable for the end user.
If you oppose all web advertisements, would you prefer having to pay $5 for each distinct domain that you visit in a month? That'd make web search engines a lot less convenient. If you have a third option in mind other than ads or paywalls, I'd be interested to read it.
Re: (Score:2, Insightful)
How about we gets less intrusive and trespassing ads? This argument of "wah, I'm not making money!" is BS these days, especially with malvertising being one of the two biggest vectors for compromise out there.
Ads are one thing, security and privacy are another. Sites can do other things than sling "free iPhone" shit, or try to run cryptocurrency miners.
I run uBlock and PiHole, and if a site doesn't like it, there are tons which can take their place and are friendlier. Stop trying to hack my machines, and
Re: (Score:3)
The real version of AdBlock Plus has been malware since they started deciding some ads were acceptable for the end user.
If you oppose all web advertisements, would you prefer having to pay $5 for each distinct domain that you visit in a month?
How about we gets less intrusive and trespassing ads?
Personally, I agree. And I admire Daring Fireball's print-like model [daringfireball.net], also seen on Read the Docs [readthedocs.io], where the advertiser sends the ad image to the publisher and the publisher hosts it. Firefox Tracking Protection blocks ads that track me but allows publisher-hosted ads, such as those on Daring Fireball and Read the Docs. But I imagine that fibonacci8 would disagree because "deciding some ads were acceptable for the end user" would amount to "malware".
Re: (Score:3)
I second this..
I never blocked ads until they started becoming intrusive (sound, delaying page loads, breaking page layout or altering it as they load slowly etc)...
I block ads on this site because the default ads sometimes break scrolling in safari on osx.
Re: Ads, paywalls, or what else? (Score:4, Interesting)
i'd rather sites that offer nothing of value just died, then maybe we could find half decent sites back on the clearnet like the good old days.
Re: Ending ads may end home ISP economies of scale (Score:2)
Actually, I'm pretty sure my broadband is subsidised by stolen american tv shows.
What else: MIcropayments (Score:4, Insightful)
Micropayments.
I visit your web page and stay for more than ten seconds, you get a penny.
I'm be totally for this rather than ads or site-specific paywalls or being data-mined.
Micropayment processor data mines you (Score:2)
Micropayments.
I visit your web page and stay for more than ten seconds, you get a penny.
How would the website know whether I viewed it for more than ten seconds if I've turned off JS?
I'm be totally for this rather than ads or site-specific paywalls or being data-mined.
And how would the micropayment processor assure readers of their privacy? Because the main problem I have with Google's "Contributor" micropayment system is that it shares a parent company with AdWords and DoubleClick and therefore likely shares Contributor users' browsing history as well.
It's your choice (Score:2)
If JS is the means to implement this, then the website would know not to serve you a page if it couldn't work with your browser. This is easily done. If JS is off, you're already not seeing a good deal of content on the web; this would just be more of what you're already experiencing. A web site could refuse to serve you anything, or it might serve you a watered-down or "teaser" version of the available content.
OT
Re: (Score:2)
I expect that reading terms of service would go a long way to letting you know if your "likely" is "actual."
So let's do that. The Contributor TOS [google.com] cites the general Google TOS [google.com] and Google Payments TOS [google.com], which in turn cite the Google Privacy Policy [google.com] and the Google Payments Privacy Notice [google.com]. The Google Privacy Policy states in footnotes on "advertising services" [google.com] and "linked with information about visits to multiple sites" [google.com] that Google routinely uses Google Analytics data to "improve relevance" of advertising by building an anonymized interest profile about each viewer, aka the "TiVo thinks I'm gay" phenomenon. The latter
Reason, or lack thereof (Score:2)
I consider myself reasonable. I always read them from start to finish. Mind you, it's a very rare website/service that I actually venture into that has that kind of required agreement, so this is a pretty minor issue for me. Also, it doesn't take long to figure out if a site is mining, and if that's a reasonable trade for whatever they are offering. (usually, no.)
Otherwise, if you ag
Re: (Score:2)
The ability to block ads that use 3rd party scripting. Granted, that's pretty much all ads these days, but it's a step in the right direction.
Seriously, the ability to block scripts from 3rd party sources should have been a feature in browsers since day one. The ad companies would have been forced to cope whether they liked it or not.
Re: (Score:2)
Why stop at $5? Make it $10 or hell, even $100 for big sites!
I'd say make all sites paywalled and see how many will be left standing after a couple of months.
When an article cites another on a different site (Score:2)
Other than your $5 figure vastly inflating the value of ad impressions these days
The $5 figure is based on the minimum buy-in for a subscription to ad-free use of a website, which in turn is based on fees per transaction charged by payment processors as well as the opportunity cost of serving a paywall notice without ads to visitors instead of an article with ads. Some sites will offer access for, say, $5 per month or $20 per year (buy 4 months up front and get 8 free).
I would be perfectly fine with the option paying money to not be bombarded with ads and tracking scripts. It’s why I’m a subscriber at sites like Ars Technica.
You mentioned "sites", plural. To how many such sites do you subscribe? This becomes important if an article on a site