Linked by Thom Holwerda on Fri 28th Jul 2017 19:44 UTC
Google

In the last year while talking to respected security-focused engineers & developers, I've come to fully appreciate Google's Chrome OS design. The architecture benefited from a modern view of threat modeling and real-world attacks. For example, Trusted Platform Module (TPM) hardware chips are built into every Chromebook and deeply incorporated into the OS. The design documents go into some detail on the specific protections that TPM provides, particularly around critical encryption functions.

I also learned that Chromebook is the daily driver for many of Google's own senior developers and security engineers. In short, the combination of the underlying Chromebook hardware with the OS architecture makes for a pretty compelling secure development environment.

[...]

It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. Since there is a wide range in Chromebook prices, the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. The threat model here does not include recovery from physical tampering; if the machine were somehow confiscated or otherwise out of my custody, I could treat it as a burner and move on.

Interesting guide on how to turn an inexpensive Chromebook into a burner developer device safe for international travel.

Thread beginning with comment 647295
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: cloud based
by BlueofRainbow on Sun 30th Jul 2017 02:36 UTC in reply to "cloud based"
BlueofRainbow
Member since:
2009-01-06

unclefester:

Maybe Google should send its Chrome OS development team for a code-in sprint in an area of the world with an abyssal broadband speed. This would force the development of an interaction model less dependent on the underlying network.

As I remember the stories from the first years chromebooks were deployed in schools, the major complaint was that the "cloud" traffic was so high that it often brought the school network to its knees. Since then, a hybrid approach allowing/promoting local storage for in-progress documents has been implemented.

It is worth mentioning, as a side bar, that MS Office and Windows it-self are becoming more and more reliant on the underlying network to function properly. Even for the stand-alone version, most of the help information is on-line; no network, no help! I don't know about OS X and how much it relies on the underlying network.

There may be good lessons to be learned about networking in areas with limited network infrastructure from the One Laptop Per Child (OLPC) project.

Reply Parent Score: 2

RE[2]: cloud based
by Alfman on Sun 30th Jul 2017 04:16 in reply to "RE: cloud based"
Alfman Member since:
2011-01-28

BlueofRainbow,

Maybe Google should send its Chrome OS development team for a code-in sprint in an area of the world with an abyssal broadband speed. This would force the development of an interaction model less dependent on the underlying network.



Yes they could have architected it to support local domain controllers and software repositories using a tiny fraction of WAN resources. It would be much faster, more reliable, and cheaper for many districts. It could be more flexible and potentially even more secure too. These are things that google's product engineers certainly would have discussed from early phases of development. Moreover google didn't design chromebooks in a vacuum they would have had lots of "active directory" engineers on hand, which is the technology used by windows domains and is extremely robust and mature with regards to all these scenarios. So I don't think the dependencies were an engineering oversight, rather I think it was quite deliberate and that google didn't actually want chromebooks running off of networks outside it's control.

I'm not against "cloud features" per say, but how I wish they would be using open protocols and that the owners would be able to elect where to host them (including self hosting) rather than being tightly locked into a hardcoded/proprietary service.

I must comes across as so cynical sometimes, haha. But just so you understand where I'm coming from: there are only a handful of major technology platforms, and I worry about those platforms tightly locking users into their own cloud services, it leaves independent service providers with a substantially unfair disadvantage and owners without sufficient choice over where to host their services (like chromebook being vendor-locked to google). We should not allow one form of monopoly to turn into another using vendor locking.


It is worth mentioning, as a side bar, that MS Office and Windows it-self are becoming more and more reliant on the underlying network to function properly. Even for the stand-alone version, most of the help information is on-line; no network, no help! I don't know about OS X and how much it relies on the underlying network.


Yes, windows 10 is pushing hard in that direction too. Apple's been ignoring OSx for years, but I kind of suspect if it has another push it could go closer to IOS in terms of control and apple store integration. Although I have no particular insights to make such a claim, haha.

Edited 2017-07-30 04:17 UTC

Reply Parent Score: 2

RE[3]: cloud based
by BlueofRainbow on Sun 30th Jul 2017 23:37 in reply to "RE[2]: cloud based"
BlueofRainbow Member since:
2009-01-06

Alfman:

Let's hope Google is actually listening to this discussion.

One issue with the big three - Apple, Google, and Microsoft - is that they are based in the USA. Thus, they see the world through the inherent filter associated with this base.

Another issue is that advertisement, app stores, and storage services are very lucrative. Like the food counter in a movie theater, the big three have only incentives to "tie" their customers to only their offerings.

Maybe, using the Chromium OS project, one could jump onto non-proprietary services?

Reply Parent Score: 2

RE[2]: cloud based
by unclefester on Sun 30th Jul 2017 07:02 in reply to "RE: cloud based"
unclefester Member since:
2007-01-13

Some of the early Chromebooks had 500GB spinning drives. They were fairly useful. The modern 16GB eMMC models are a joke.

Reply Parent Score: 2

RE[3]: cloud based
by BlueofRainbow on Sun 30th Jul 2017 23:27 in reply to "RE[2]: cloud based"
BlueofRainbow Member since:
2009-01-06

unclefester:

No matter how big is the hard/solid state drive, it will sooner or later be full. At that time, one has to use a flash memory card, an external drive, or a network drive.

Most chromebooks have a SDHC slot. The smaller uSDHC slot is starting to be common in the most recent crop of devices coming to market.

There is also the USB 3.0/3.1/C port allowing an external drive.

Ultimately, there is the cloud - although I would prefer using a memory card/external drive so as not to be paying bandwidth and storage fees associated with the cloud.

So, it is possible to go beyond the finite capacity of the internal hard/solid state drive.

Reply Parent Score: 2