T N: > On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum <[email protected]> wrote: > >> It runs software that is in Debian, the GNU/Linux operating system. I >> know, I've written some of it (eg: tlsdate). They do a good job of >> locking things down but it is basically just another distribution of Linux. >> > > I don't agree it's "basically just another linux distribution" in that most > distros (zero?) aren't using the dm-verity Google mostly wrote and > contributed upstream for their purposes. The distro's could use it. > Chrome OS is also totally stripped down compared to a typical linux > distribution. It's runs X but the window manager is customized and their > own (open source, but nonetheless).
ChromeOS is just a distribution of Linux with the Linux kernel and with a user space that performs a bunch of the same functionality as any distro. They take more care with security than most distros but until they're running a BSD kernel or something and drop all the code in common with other distros, I don't see major differences. Their main difference comes from a focus on security in a holistic sense and I respect their efforts. This is mostly splitting hairs but not every Linux distro is a sysV unix clone, ChromeOS is another variant and a reasonable one. > > But yes- it's a Linux kernel with an admixture of userland things, some of > which are GNU, some of which are not. Most of the positive security model comes from isolation and the idea that the ChromeOS team scoped out a specific specification for each thing they wished to solve. I appreciate the effort and I hope that most of their work is adopted by other distros. > > > This is hilarious. >> >> I would *never* use a laptop that lacks a way to protect all your >> traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious >> surveillance as an at risk person. > > > It has ssh and supports a number of VPN protocols. What's so funny? > As I said in another thread, I hadn't seen that they supported any VPN endpoints; my original ChromeOS device had no VPN support at all. I'm glad to see that they support IPSEC and OpenVPN (gladly no PPTP!). Ideally, I would like to see them offer an SSH setup wizard where it also uses OpenSSH as a VPN transport. I plan to look into their VPN setup - I would love to see that they're not vulnerable to the issues in our recent vpnwed paper. > > >> Not only because the remote systems >> will have your exact geographic location and because a lack of anonymity >> allows for targeted attacks, but also because the local network is well >> known to be seriously hostile! >> >> A persistent backdoor on your Chromebook is not actually impossible. I >> have a few ideas for how to make it happen and I've discuss >> security/development issues with the ChromeOS team on a nearly daily basis. >> > > Good luck with that. Maybe you want to make some money this year at Pwnium? > Weaponizing an exploit and persisting something malicious aren't the same problem. Consider a Chrome extension that logs all the urls one visits in the browser, will the ChromeOS security model prevent it? > >> Yes, you can't compare Chrome OS's attack surface to a typical linux >>> distribution, or even a highly customized linux install which doesn't >> have >>> the hardware root of trust. >>> >> >> Actually, I think you can compare it - one major advantage is that you >> can protect your network traffic and compartmentalize your risk with any >> Secure Boot enabled Linux distro. You can also do it without secure boot >> and it isn't terribly hard as long as you draw arbitrary lines like "the >> EFI firmware blobs and hardware are out of scope" which is what happens >> with Secure Boot systems anyway. >> > > I think you're seriously missing the point here. My remarks were well > qualified. Conditionals have to met: > > - IF you want low cost (time is money, so efforts to set up a Linux secure > laptop that are time consuming are expensive, as is all the time you spent > to learn how to do these things in the first place) Download Tails and boot it up. > - IF you want a somewhat naive user to use the device (eg. journalist) > - etc. Ditto. I train journalists all the time and the only people who have issues are journalists with Macbooks, as there is a specific problem with new apple hardware and booting from a USB disk. In those cases, a DVD is read only and does just fine. > > All you're saying is that "If I'm a total techie weenie with nothing but > time on my hands I can do way better than a Chromebook". > > Well of course. I don't disagree with something along those lines. But > that's not the practical use cases I was trying to summons. > I'm not making that statement at all. > That said, to the extent that I sort of implied a Chromebook is some kind > of safe thing to use in China for a person at risk... well.... no. I would > not want to stand on that! And I actually agree with what you're saying as > far as that goes. > Ok. > My point was for something off the shelf, I know of nothing better and as > far as it goes... I'd say it's a step up for a lot people who should be > using more secure IT technologies and methods than they are (such as some > journalists), and they can take that step with minimal investment in time > and energy and a chromebook will meet their needs. > I'd suggest users have no hard disk and boot off of a Tails USB disk. Now we've reduced the attack surface to the BIOS/EFI layer - something that I suspect is pretty crappy all across the board. While ChromeOS will complain if it is shut down, I remember that it won't complain about being in Developer mode if it wakes from sleep. Thus, it is totally possible to hand someone a compromised ChromeOS device that is awake, let them login and you've won without even having to reflash the core OS. All the best, Jacob > Trever > > > > > > >> >> All the best, >> Jake >> >>> >>> >>> >>> On Wed, Feb 6, 2013 at 12:15 PM, Nadim Kobeissi <[email protected]> wrote: >>> >>>> The biggest (and very important) difference between Linux and >> Chromebooks >>>> is the hugely smaller attack surface. >>>> >>>> >>>> NK >>>> >>>> >>>> On Wed, Feb 6, 2013 at 2:36 PM, Brian Conley <[email protected] >>> wrote: >>>> >>>>> Andreas, >>>>> >>>>> Plenty of Syrians do have internet access, and use it on a regular >> basis. >>>>> >>>>> Also, lack of appropriateness for one use-case doesn't necessitate lack >>>>> of appropriateness across the board. >>>>> >>>>> Linux is a great solution for many use cases, but as has been >> elaborated, >>>>> quite a terrible one for many others. >>>>> >>>>> Brian >>>>> >>>>> >>>>> On Wed, Feb 6, 2013 at 7:44 AM, Andreas Bader <[email protected] >>> wrote: >>>>> >>>>>> On 02/06/2013 04:24 PM, Tom Ritter wrote: >>>>>>> Nadim, I'm with you. I'm not sure it's the perfect solution for >>>>>>> everyone, but like Nathan said, if you already trust Google, I think >>>>>>> it's a good option. >>>>>>> >>>>>>> On 6 February 2013 07:12, Andreas Bader <[email protected]> >>>>>> wrote: >>>>>>>> Why don't you use an old thinkpad or something with Linux, you have >>>>>> the >>>>>>>> same price like a Chromebook but more control over the system. And >> you >>>>>>>> don't depend on the 3G and Wifi net. >>>>>>> We started with the notion of Linux, and we were attracted to >>>>>>> Chromebooks for a bunch of reasons. Going back to Linux loses all >> the >>>>>>> things we were attracted to. >>>>>>> >>>>>>> - ChromeOS's attack surface is infinitely smaller than with Linux >>>>>>> - The architecture of ChromeOS is different from Linux - process >>>>>>> separation through SOP, as opposed to no process separation at all >>>>>>> - ChromeOS was *designed* to have you logout, and hand the device >> over >>>>>>> to someone else to login, and get no access to your stuff. Extreme >>>>>>> Hardware attacks aside, it works pretty well. >>>>>>> - ChromeOS's update mechanism is automatic, transparent, and >> basically >>>>>>> foolproof. Having bricked Ubuntu and Gentoo systems, the same is not >>>>>>> true of Linux. >>>>>>> - Verified Boot, automatic FDE, tamper-resistant hardware >>>>>>> >>>>>>> Something I'm curious about is, if any less-popular device became >>>>>>> popular amoung the activist community - would the government view is >>>>>>> as an indicator of interest? Just like they block Tor, would they >>>>>>> block Chromebooks? It'd have to get pretty darn popular first >> though. >>>>>>> >>>>>>> -tom >>>>>>> -- >>>>>>> >>>>>> But you can't use it for political activists e.g. in Syria because of >>>>>> its dependence on the internet connection. This fact is authoritative. >>>>>> For Europe and USA and so on it might be a good solution. >>>>>> -- >>>>>> Unsubscribe, change to digest, or change password at: >>>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> >>>>> Brian Conley >>>>> >>>>> Director, Small World News >>>>> >>>>> http://smallworldnews.tv >>>>> >>>>> m: 646.285.2046 >>>>> >>>>> Skype: brianjoelconley >>>>> >>>>> >>>>> >>>>> -- >>>>> Unsubscribe, change to digest, or change password at: >>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>>> >>>> >>>> >>>> -- >>>> Unsubscribe, change to digest, or change password at: >>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>>> >>> >>> >>> >>> -- >>> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >>> >> >> -- >> Unsubscribe, change to digest, or change password at: >> https://mailman.stanford.edu/mailman/listinfo/liberationtech >> > > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
