
How Chrome OS, Termux, YubiKey and Duo Mobile make for great usable security - walterbell
https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/
======
serf
So, be inconvenienced in every aspects important to a dev but gain a bit of
confidence in your machine (as long as you trust Big-G)?

verified boot seems like the only advantage here. You can buy an ebay
business-grade laptop with TPM for 40 bucks USD readily, and they don't
require reliance on Google or the requirement that one uses a neutered OS.
(yes, yes, it's secure. It's a users' platform. Development on chrome OS at
this point is an act of masochism.)

If secure travel is your thing, stash your data on a cloud provider and pull
it later after you arrive at your destination. Go whole-hog and travel without
an SSD and buy a cheap one at your destination with cash. Sprinkle in some
libreboot for more confidence.

It'll still be cheaper than a 200 dollar chromebook, and you probably won't
have to deal with some of the worlds' worst chicklet keyboards.

P.S. don't travel with a yubikey that isn't partnered with another. Would be a
bummer to lose.

~~~
keganunderwood
I am not saying you're wrong but I'd like some advice on what to buy. The x220
I've never seen dip below $100 with 4GB RAM and a hard disk or at least a
caddy.

Thank you for your help.

~~~
kogepathic
_> The x220 I've never seen dip below $100 with 4GB RAM and a hard disk or at
least a caddy._

ThinkPad caddys are dirt cheap. You can buy third party compatible caddys for
under $10. [0]

In terms of a laptop with a reasonable build quality that includes a TPM,
pretty much any corporate laptop will suffice. X220's command a premium
because they're ThinkPads.

If you look at other options, something like the Dell E6220, which is from the
same generation as the X220, can be purchased used for around $100. [1]

They don't support coreboot, but they're otherwise reliable machines. The Dell
UEFI implementation supports only allowing signed updates and SecureBoot.
Depending on your threat model this might be enough for you.

 _> You can buy an ebay business-grade laptop with TPM for 40 bucks USD
readily_

You'll have to buy something older than the E6220 mentioned above, but the
Dell E6400 is available for $40. [2] That will have an integrated TPM.

[0] [http://www.ebay.com/itm/Lenovo-Thinkpad-X220-X220i-Hard-
Driv...](http://www.ebay.com/itm/Lenovo-Thinkpad-X220-X220i-Hard-Drive-Caddy-
Rail-Kit-/231104104576)

[1] [http://www.ebay.com/itm/Dell-Latitude-E6220-13-3-Intel-
Core-...](http://www.ebay.com/itm/Dell-Latitude-E6220-13-3-Intel-
Core-i5-2520M-2-50GHz-4GB-RAM-320GB-HDD-23226-/122617775618)

[2] [http://www.ebay.com/itm/Dell-Latitude-E6400-Laptop-
Core-2-Du...](http://www.ebay.com/itm/Dell-Latitude-E6400-Laptop-
Core-2-Duo-P8600-2-4GHz-160GB-HDD-4GB-No-OS-/132235791263)

------
AdmiralAsshat
I'm not sure how much extra "security" you're really getting out of staying
strictly within ChromeOS. Yes, Secure Boot is disabled. However, the ChromeOS
partition is still encrypted, and you can manually encrypt any of your crouton
chroot environments, so someone looking at the thing still wouldn't be able to
peek into the contents. If you're asked, "Why is this in Developer Mode?", you
can answer, "I'm a developer."

Additionally, once Developer Mode is enabled, you _must_ hit Ctrl+D to move
past the warning screen every time. It is incredibly easy to inadvertently hit
Enter or Spacebar, and then have the Chromebook wipe itself and restore to
factory settings. I've done it inadvertently myself, and have heard multiple
reports of a developer's spouse/child accidentally clicking it, too. Unless a
Border Patrol agent knew exactly what they were doing, I'd be willing to bet
they'd accidentally wipe it as well.

Finally, while I'm aware that disabling Secure Boot in theory opens you up to
an Evil Maid attack, what is the likelihood that border patrol/customs would
have a malicious OS on hand, and the know-how to flash it? Worst -case
scenario, if you suspect they've tampered with the OS, simply hit Spacebar
_yourself_ as soon as you get it back, restore Secure Boot, and then start
over from scratch!

As an aside, if you are confined to ChromeOS, I highly recommend Caret as an
editor. It's a FOSS, Sublime clone chrome app that works swimmingly on
Chromebooks.

~~~
mrisoli
As someone who has an on-off interest in ChromeOS but with little to no
knowledge about it, does vim/neovim work? I found some vim version on the
chrome web store but it is last updated on 2014 and pinned to 7.4 which was a
bit disappointing.

~~~
leggomylibro
Yes and no.

Yes, they work.

No, they don't capture shortcuts like 'ctrl+W' which are handled by ChromeOS.

~~~
chasote
There is a chrome extension called Crosh Window that keeps the Chrome
shortcuts from coming in. That way things like Ctrl-w in Vim still work. edit:
this might just be when going through crouton though. I don't really use the
crosh shell except to boot up my chroot.

~~~
leggomylibro
Oh cool, I'll have to check that out. Thanks!

------
Sodman
I've been running the Chromebook Pixel 2015 as my primary dev machine since it
came out. Unlike the author however, I've opted for the less-secure "dev mode"
on the laptop, and do everything in crouton. (Java web / Android, mostly).

It may not be as secure, but it's hella convenient (still use 2FA). ChromeOS
boot is < 5 seconds, and I just stay there for web browsing / netflix.
Dropping into crouton is another < 5s when I need to do dev work, or play
steam games.

Everything important on the laptop is backed up to some cloud service or
another, but it's expensive enough that I'd be distraught if I lost it (plus
they stopped selling them).

I'd be more worried about somebody straight up stealing the laptop than any
other security risks I may be running by running in dev mode.

I love the idea of natively developing in ChromeOS, but at this point it just
seems like more hassle and fighting the system than it's worth.

~~~
ChristianBundy
I've been doing the same thing, but as I work with Docker often I had to waste
a bunch of time compiling a custom kernel[0], which I ended up trashing after
about a week because who cares?

Instead, I just have my Chromebook and a VPC on Google Cloud that I SSH into
for work. Theoretically I wouldn't be able to work if I didn't have internet
access, but I've never actually run into that problem. I still have dev mode
off, but I don't think turning it on is a huge risk.

Steam games though? I didn't know you could do that.

[0]:
[https://gist.github.com/christianbundy/ba62890a7c2f8128bcbb](https://gist.github.com/christianbundy/ba62890a7c2f8128bcbb)

~~~
Sodman
Awesome link, thanks! Docker is actually the one thing I was never able to get
working properly in my chroot!

Re: Steam games, yup it's powerful enough to run most indie games that support
linux (which is an increasing number, recently). The biggest constraints are
GPU and disk space. I've had a few good runs of FTL (Faster than Light) on
long-haul flights.

You just gotta make sure you keep an eye on the battery, since if it dies you
accidentally wipe the system :/

------
le-mark
This blog post details using a chromebook as a temporary device, such that you
can travel with a blank machine, and provision at your destination with the
data and apps you may need:

> It's pretty neat to consider the possibility of pre-travel "power washing"
> (resetting everything clean to factory settings) on an inexpensive
> Chromebook and later securely restore over the air once at my destination.
> ... the engineering challenge here was to find something powerful enough to
> comfortably use exclusively for several days of coding, writing, and
> presenting, but also cheap enough that should it get lost/stolen/damaged, I
> wouldn't lose too much sleep. ... I could treat it as a burner and move on.

Edit; I've been using a de-chromed chromebook for over a year as my primary
dev machine and really like it. I developed and launched one side project with
it. The model I have (Acer C720) is a dual core Centrino, 2GB of ram, and I
upgraded the m2 sata to 120GB. For Python/PHP/Ruby, it's great. I would not do
Java development on this set up though. Java IDEs eat battery life and I
imagine jvm startup time is a burden on this, although I haven't even
installed Java to find out.

Edit 2: to clarify, this is not about removing chromeos, but to use chromeos
for it's security features. The article goes over using Termux to get a basic
development/work environment setup on chromeos. Plus a lot other helpful tips.

I offered my experience de-chroming as an example, I really like the platform.
Apologies if that was confusing.

~~~
igravious
> Edit; I've been using a de-chromed chromebook for over a year […]

Ok, but as the article states, they did _not_ de-ChromeOS it because they
wanted TPM and Verified Boot and FIDO-certified U2F security key so that they
didn't defeat the whole purpose of buying a Chromebook.

FTA: “As far as Debian/Ubuntu (and crouton), that's fine as far as it goes,
but then you don't end up with a Chromebook, just a cheap mini-notebook with
flaky drivers. The whole point of this exercise is to retain the hardened
posture of the platform and have a flexible, safe development environment
_without_ depending on the crutch of privileged access.”

~~~
madez
You can have verified boot, and use the TPM and the U2F security key without
the chrome os on a chromebook.

~~~
igravious
Totally agreed, but given the engineering efforts that Google have gone
through to make the hardware and software stack work in harmony and given
Google employees use Chromebooks the author of the article wants to set up a
working dev environment by _adding_ to Chrome rather than nuking it and coming
up with a semi-custom solution. My first comment was to point this out.

We all know you can put Chromebooks into dev mode and load Ubuntu, in fact I
thought it was necessary to get the most out of Chromebooks. If it turns out
that Chromebooks can make decent dev environments without nuking and
installing Ubuntu or whatever and if they can run Android apps then Chromebook
suddenly become a very interesting value proposition.

------
andrepd
So, the solution to the uncertain threat of airlines picking your luggage and
stealing your computer or its data is... giving over your data to somebody
that it's _certain_ it's spying on you and whose business model is to comb
over your data.

How is this not "you won't catch me, I'll just throw myself off a bridge"?

Also, termux has ~600 packages. Debian has 50,000. Besides the basics, you're
liable to need packages you just don't have in termux, which makes it a
serviceable environment in a pinch, but not one where you want to do your work
on.

~~~
microcolonel
It might be better to give your data to someone who has to tell you how
they're spying on you, than to somebody who legally shouldn't be able to but
does so anyway.

~~~
andrepd
It's a false alternative. Encrypt your hard drive with a key on a thumb drive
on your person. Problem solved: nobody can read your hard drive unless they
physically get your key as well.

~~~
chiefalchemist
Yes. But then you're still left without your laptop. Under his scenario, he
loses his hardware, it's inexpensive, so he just buys a replacement without
breaking a sweat. The lost machine was already wiped so the reinstall was a
given anyway.

I hear ya. But he was fairly particularly and upfront about his scope.

------
pilif
_> When things get completely borked (which in two weeks of heavy use only
happened a couple of times for me)_

how are people willing to live with this? I would be furious if I had to lose
all my state and (for all intents and purposes) restart my machine multiple
times in two weeks.

And if this "borking" happens right before or during a presentation (the
author was writing about using this setup for giving talks on), this would be
very embarassing for me and extremely annoying for the audience.

A work/presentaion machine has to be rock solid for me. No compromises, no
workarounds and most certainly no "completely borked". Just pure solid.

~~~
Finnucane
>Just pure solid

Does that actually exist?

~~~
shakna
I reboot once a month, so that it reboots at all.

Despite using Arch Linux, and weekly "upgrade everything".

I know it isn't everyone's experience, but I was exceedingly choosey about the
hardware that went into my machine, so that I could do this.

The only problem I've had in the last two years, was an incompatibility
between ocaml and fish shell, which eliminated my PATH. Unfortunate, but an
issue on the ocaml side of things. A big problem, for certain, but two years
of bleeding edge updates, and that's it.

~~~
yjftsjthsd-h
If you upgrade Arch without rebooting, don't you get messed up by losing
unloaded kernel modules (because Arch doesn't keep old kernels)?

~~~
shakna
Hasn't been an issue yet.

But it ever does, I'll probably adopt and adapt one of the solutions from this
thread [0].

[0]
[https://www.reddit.com/r/archlinux/comments/4zrsc3/keep_your...](https://www.reddit.com/r/archlinux/comments/4zrsc3/keep_your_system_fully_functional_after_a_kernel/)

~~~
yjftsjthsd-h
Oh, excellent; thank you. I mentioned it because this has bitten me, so I'll
want to use that fix.

Fun story: for $REASONS, I have an Arch system with root on btrfs and /boot on
ext4, and it doesn't usually have the boot partition mounted (it's a poorly
done mutiboot issue). I recently discovered that this means if I forget to
mount boot before updating I get stuck with no loaded drivers to mount /boot
:) Thankfully kexec worked, but I'd like to not need to do that:)

------
devy
One of the BIGGEST drawbacks using a Chromebook with 11.6 inch screen that
nobody here talks about yet, is the grainy and crappy 1366 x 768 screen
resolution! I've been a long time Macs guy anything inferior than
RetinaDisplay will considerably straining my eyes before I am used to it. Dell
XPS 13 included.

~~~
datguacdoh
If you're going to compare to a Mac, it's better to look at the higher end
Chromebooks like the Pixel 2, HP Chromebook 13, and Samsung Chromebook Pro.
They all have screens with pixel density and quality that's on par with the
15" MacBook Pro I have.

~~~
ufmace
> They all have screens with pixel density and quality that's on par with the
> 15" MacBook Pro I have.

Alas, they also have price tags more on par with a Macbook.

~~~
devy
Exactly! With a comparable price tag, Chromebook doesn't have advantages (if
any), let alone of the Chrome OS's less user friendly stack (GUI based apps
and whatnot).

------
fredley
I tried using a Chromebook as a dev machine several years ago - before Android
apps. The chroot situation worked well enough, but the dev-mode boot was a
deal-breaker.

Back then, if a Chromebook's local storage filled up, it would _factory-reset_
itself. Is this still the case? This is one big thing keeping me from trying
this again (which I'm very tempted to do so after reading this article).
Investing in setting up a dev environment like this is fun, but only the first
time around...

~~~
andmalc
In five years of running a Chromebook dev mode, I've never had that happen but
just in case Crouton has a backup feature to save a gzip of your chroot onto a
SD card etc.

------
mkohlmyr
I used my CB30 as a dev machine for a little while, both using cloud
environments (koding, codeanywhere) and using vscode under crouton.

It is _so close_ to being usable. It is such a user friendly operating system,
it just falls short on a few significant fronts.

1\. Developer mode should be friendlier to use (no horrible noises on boot, no
delayed boot time).

2\. It needs support for electron-based/alike apps to run natively in browser
windows without crouton. E.g. vscode.

~~~
soniman
You probably know this but ctrl-d avoids the delay and the noises.

~~~
swiley
Pressing keys while it's booting up is pretty scary with the threat on the
screen to delete everything.

------
Aissen
Regarding the TOTP app, I generally prefer FreeOTP to Google
Authenticator/Duo/Authy, etc. It might not provide push codes, but at least
the implementation is Open Source and the binaries come from a trusted source.

~~~
homakov
What is push code?

~~~
Aissen
I meant a push notification to accept/decline login (so without code in fact).

I've seen Google Authenticator do this (for Google accounts), or the Blizzard
Authenticator. I would guess that Duo has a product for this.

~~~
homakov
Then it's separate feature from TOTP. It's not a real 2fa because it works
like service>duo>user where duo can accept anything for you.

~~~
Aissen
Agreed. I said "TOTP app" where I should have said "2FA app".

I still think it's a second factor. Only a third party might have access to
the factor too, like SMS codes/3DSecure.

~~~
homakov
Yeah it's a mess when you recommend duo/authy not clear TOTP or internal
system. It's a second factor but not the one that's worth implementing: basic
link to email has same security and costs $0

~~~
rdslw
Its not that simple.

Its true that push2factor have some disadvantages, but it has one really
strong advantage above pure TOTP: phishing dosnt work as the 2factor is send
directly to the site and cant be mitmed at your terminal. Read about it.

~~~
homakov
What stops phishing? The attacker triggers push request, victim accepts -
everything is the same?

------
VikingCoder
I bought the exact same machine, Samsung Chromebook 3, as soon as I realized I
could run Termux on it.

I'm using it to poke at languages I'd normally never have the time to
experiment with.

I'm on the train for about an hour every day, and I wouldn't feel comfortable
with a "real" laptop - too likely to be stolen. But for $169? Not such a big
loss.

I'm also really excited about how rock-solid this thing is, as a way to hand a
kid a computer that can really teach them programming.

------
g00gler
Don't do it!

I got a Lenovo 14" IdeaPad N42-20 and desktop to replace my 256gb MacBook Pro.

It turned out to be a bad idea, mostly because the screen is terrible. It's
the same resolution as the Samsung 3 mentioned in the article.

It also seems so small compared to a 15". Side-by-side windows isn't very
nice, either.

I find myself working less because I don't feel like sitting at my desk or
using the Chromebook.

~~~
ardaozkal
I worked with 1366x768 for years and don't really think it's THAT bad.

~~~
g00gler
It's useable, far from the worst I've used, but it's bad.

I'm planning on buying a MacBook pro again but I'll keep my Chromebook for
something I can use haphazardly.

------
atopuzov
I love my C201, also not very expensive. I opted for the 4Gb version. My first
setup was chromeos + crouton then I moved to linux on a sd card. I noticed I
never boot into chromeos anymore so I got rid of it.

~~~
em3rgent0rdr
I have a C201 too...I reflashed the bootloader with libreboot and installed
arch linux on it. It it actually quite snappy, and works fine for development!

~~~
atopuzov
I also run arch linux. I tried setting up debian recently, works good too. Do
you run 3.14 kernel (linux-veyron) or the mainline (linux-armv7)?

------
andmarios
As a side point about Termux, Android 7 finally stopped hijacking the
control+space combination, so you can use emacs efficiently.

Termux is really useful, giving you an almost complete linux environment in
Android phones and tablets. You can install it via Google Play, no need for
root or any modification to your device. Add an external keyboard and you can
work on the go.

~~~
bergie
Termux is pretty awesome. I used it for most of my work when working on a
Pixel C.

[http://bergie.iki.fi/blog/working-on-
android-2017/](http://bergie.iki.fi/blog/working-on-android-2017/)

------
chx
In March, we have seen reports of Android Studio possibly coming to Chrome OS.
Android Studio would mean IntelliJ IDEA and the entire family of IntelliJ
IDEs. That would make this an even better idea.

~~~
devy
Is it not currently possible to install any GUI-based IDEs into Chrome OS?

~~~
Sargos
You can currently only use web based IDEs or Android based IDEs in Chrome OS.

There are some good web ones (Cloud9) out there and even a few Android based
ones (AIDE). You won't be running any Windows or Linux IDEs though (because
Chrome OS is not either of those.)

~~~
signifiers
If you're referring to full-blown IntelliJ, Elcipse, VS, etc, the answer is no
afaik. But if syntax highlighting, code completion and lightweight refactoring
(within and across files) counts, then Caret or Zed might be worth a look.
These are native Chrome apps, and don't require web access/connectivity. (I
wrote most of the Chromebook piece in the OP and all my Go code using Caret,
and am happy with it). I did some toy stress testing by opening up a few
copies of War & Peace (1.5M+ line) text files in Caret. It took a couple of
seconds to load, but search & replace and rapid scrolling/navigating worked
well. Trying the same thing in vim either in Termux natively or via local ssh
didn't hiccup at all. As mentioned in other threads, it's a side effect of
design decisions, and naive assumptions about in-memory files. Kids today...

------
cjsuk
Yubikeys tend to wear out your USB ports after a bit I found, at least on my
X201 and the X61 that preceded it.

~~~
falcolas
Any port used frequently will wear out - they have limited life spans due to
the moving parts. I see it with my external display ports pretty frequently.

One potential solution is a USB hub, or even a USB extension cable you keep
plugged in.

~~~
cjsuk
Or use Duo's mobile app which has no mechanical parts!

~~~
ardaozkal
The reason people use u2f keys is because they can't be cloned and the key
can't be extracted. I too like and use TOTP (with Authy), but it really can't
beat specialized hardware.

~~~
cjsuk
I agree entirely. However I'm willing to trade off convenience on this.

------
qb45
_Nearly every how-to and blog post I 've found on "Chromebooks for developers"
essentially starts with either: "Boot into Developer Mode" or "Install
Debian/Ubuntu as the main OS". I'll just say it: This is bad advice. It would
be akin to recommending that friends jailbreak their shiny new iPhone. You're
obviously free to do as you wish with your own gear, but recognize that at
Step 1, you'll have lost most of the core security features of Chromebook_

Well, it's possible to temporarily unlock firmware write protection and
replace Google key with your own and run self-signed kernels and arbitrary
distribution securely. But indeed, I haven't heard of anyone actually going
through the effort to do so.

~~~
sliken
Just install linux, select full disk encryption, done.

What threat does the chromebook protect against that isn't fixed by FDE?

~~~
qb45
FDE isn't really "full disk" because it still leaves the kernel image
unencrypted so that it is accessible to the bootloader. This image can then be
maliciously edited by an "evil maid" attacker.

Chromebooks use kernel signing to prevent this. The problem is, Google doesn't
give you keys to your hardware so you have to replace them yourself or use
devmode which disables kernel verification.

Another possible solution is to keep the kernel on an external, physically
secured pendrive and never forget to press CTRL-U during boot (to stop a
hypothetical attack involving a malicious kernel installed to the internal
flash which exfiltrates your FDE passphrase or something like that).

------
albertgoeswoof
What's the alternative solution for a cloud/remote based factory wipe, travel
and restore? Is there anything on Linux that offers the same quality of user
experience without being hampered by chromeOS and dealing with Google/a 3rd
party?

~~~
danjoc
Get two yubikeys. Set up LUKS full disk encryption the usual way on Ubuntu.
Install yubikey-luks and yubikey-personalization-gui. Set up yubikeys for HMAC
challenge response on a free slot. Enroll both keys using yubikey luks. Clear
slot 0, leaving you with an encrypted brick unless you have one of two
yubikeys. Mail one key to your destination. Leave the other key at home.
Travel, pickup key, use it to access device at destination. Before you return
home, unenroll the key. Once you arrive home, use the home key to re-enroll
the travel key. Repeat as necessary.

~~~
albertgoeswoof
Ok but there are major downsides with this:

1\. If I change my plans I have to go back home or go to my original
destination to pick up a key to decrypt 2\. I might get there before my
yubikey arrives 3\. An adversary might look at my machine, and know there is
data on there (in the chrome book case it just looks like a new machine), they
could then detain me indefinitely or travel with me to my destination and
force me to decrypt

So it's not practical for casual use IMO

~~~
danjoc
You won't reach alberts-hacker-cloud.com behind the great firewall. The
warning message you get from the internet police won't be a pleasant
experience either. But try it and learn the hard way. Let the fear and dread
wash over when you realize how far away from home you are, and how utterly
alone you are in a foreign system.

~~~
yorwba
Have you ever actually been to China? The great firewall acts as a blacklist,
not a whitelist. If you don't publicly announce the server you are going to
use, you'll be able to access it. If the traffic pattern looks suspicious, you
might have to deal with randomly dropped connections or throttling, but with
the right internet provider or one of the working VPNs, those aren't an issue
either.

If it comes to the point where the police gets involved, no level of crypto is
going to help you anyway. You'd better try to contact your country's embassy
so they can get you out.

------
talkingtab
I have a potential application for a U2F keys and I'm wondering why you
recommend the $18 Yubikey on Amazon versus the $10 one that is also FIDO
certified. Is there a difference in the function or some other important
difference?

~~~
camiller
Not the OP but, I use a $6 one without a button that simply activates on
insert. Unfortunately the company that sold them is more interested in bulk
sales and the stopped selling individual units. I plan to eventually replace
it with the Feitian ePass NFC FIDO U2F Security Key, which is still $17 but
includes NFC which I could use with my android phone. for that functionality
from Yubi you would need the $50 Yubikey Neo.

~~~
ardaozkal
Tbf, yubikey neo has much more features than feitian epass.

------
kasey_junk
Does chromeOS allow you to remote wipe the box? That seems like that would be
another advantage to this in the case of theft (note: _definitely not_ in the
case of the box being confiscated by a lawful authority).

~~~
hmmm___food
If and only if the machine is enrolled and managed via the Apps Admin console.

------
bgrohman
"As far as Debian/Ubuntu (and crouton), that's fine as far as it goes, but
then you don't end up with a Chromebook, just a cheap mini-notebook with flaky
drivers."

Hmm, I'm not sure about that. I went the Crouton route on my $169 Chromebook,
and now I have both ChromeOS and Ubuntu. Plus I can switch between them
quickly. And if I understand Crouton, the chroot is actually using the same
kernel and drivers as ChromeOS. I haven't had any driver issues. And it's easy
to set up encryption for your chroot. I think it's a good solution.

------
geogriffin
The chromeos security model praised in this article seems quite too
conservative for devs to me, considering the inconvenience trade-offs:

\- persistent state is discouraged, but not disallowed. in fact, when the
browser is exploited, any/all internal state necessarily must be be accessable
and modifiable. i'm taking an educated guess that persistent browser internal
state is less guarded against exploitation than external inputs.

\- once pwned, most of your important data can probably be captured and
accounts taken over before you ever decide to reboot. it's a PITA to have to
reboot before accessing anything sensitive; no one should have to
think/remember to do that. (maybe if chromeos were serious about preventing
persistent threats, they'd force a reboot every night?)

\- yes, it's defense-in-depth, but security is a game of trade-offs, where
convenience often trumps technical security mechanisms in terms of increasing
security overall.

I enable dev mode, but I appreciate the "stateless" sentiment in terms of
encouraging data backup. i think I end up backing up my data (git push, etc.)
more often than I would on a non-chromeos laptop, because it "feels" like more
a necessity; especially after my 2 yr-old son hit the spacebar during that
god-awful dev-mode bootup warning screen, and proceeded to factory-reset my
chromebook.

------
cosatelo
Chrome OS always has me torn. Its a beautiful well designed OS with a great
concept behind it, however, its obviously non-usable from a privacy
standpoint.

------
grondilu
I used to own a chromebook and I loved it... until it failed.

I had computers that failed before, and usually I could manage to repair them
somehow, most often by using a linux liveUSB, but with this chromebook, I've
tried many things but I could not do anything. No access to BIOS, not bootable
USB, nothing. Complete black box.

So I'm not sure I'll buy an other chromebook anytime soon.

------
free_everybody
Great article! Here's a thought.

Why not get a used MacBook Air off Ebay for ~$400? Top notch OS, great
support, sturdy design, great battery life...

~~~
kasey_junk
a) because he was impressed by the ChromeOS security model? b) because he got
cloud sync/restore seamlessly out of the box? c) because thats twice as
expensive for a used item?

I get that people have _nebulous_ concerns about Google's privacy policy, but
he mentions specifically at the beginning of the article that he was
interested in the ChromeOS _security_ model. There are very few systems that
have a model that matches that for the threats they consider most problematic.

~~~
free_everybody
Those reasons are understandable. I guess I'm confused why a software
developer needs to save $200 on a travel device with < 1/10 the capability of
something a bit more expensive. Kudos to him for experimenting.

I would love it if Android apps could somehow replicate the dev tools of a
standard full-featured OS one day. I'm definitely a fan of ChromeOS.

~~~
chiefalchemist
1) I think he wanted to see how barebones he could go. He knew if he went
higher he'd be fine, but there's no challenge in that.

2) I think he was willing to do so because he knew not everyone has money to
burn.

3) At the price point he settled on he could treat a loss as a burner. And
$200 and you might not be as forgiving about a loss.

------
rkeene2
For all of those of you using DOD CACs or USG PIVs (NIST SP 800-73) smartcards
there is also CACKey[0] for ChromeOS, of which I am the author.

I worked with Google to port it to ChromeOS when ChromeOS grew certificate
provider support.

[0] [https://cackey.rkeene.org/](https://cackey.rkeene.org/)

------
devy
Also, it feels like this Samsung Chromebook 3 is just tiny bit (I am sure it
isn't but it feels that way) of upgrade from the famous Dell mini 9[1] from
almost a decade ago.

It was super hackable and most people bought it installed hackintosh on it and
with a near perfect hardware compatibility with OS X Snow Leopard. A few
friends of mine went to Africa for a few months with Dell Mini 9 and were able
to freelance their with a fully functional yet super affordable hackintosh
Mac. I wish Dell can have another of those netbook lines with compatible
hardwares.

[1]
[https://en.wikipedia.org/wiki/Dell_Inspiron_Mini_Series#9_Se...](https://en.wikipedia.org/wiki/Dell_Inspiron_Mini_Series#9_Series)

------
JepZ
While I like the idea and the listed apps are just awesome (didn't know about
termux, wow), the whole setup depends too much on google services for my taste
:-/

~~~
kaputsmack
Yeah, this is a no go for me. I don't use anything by Google at all. How can a
security conscious person talk about privacy and security on a Google device?
They are listening, filming and tracking every single thing you do near that
device.

~~~
lorenzhs
That ( _" They are listening, filming and tracking every single thing you do
near that device"_) is a claim you're going to have to substantiate. Don't
spread such rumours unless you can back them up.

~~~
ruleabidinguser
Indeed, how dare they suggest that Google would track! They would never do
such a thing!

~~~
lorenzhs
If the claim being made was that they track your usage of their products, that
would have been a reasonable response. But the claim being made is that they
continuously monitor you through the webcam and microphone. That is extremely
bold and, may I say, complete tinfoil nuttery.

~~~
albertgoeswoof
Why is that so hard to believe? Personalized ads are huge right now, if you
could listen in to people's conversations you can use the data to improve your
ad conversion rate. If there's ROI in recording and doing the data collection
you can bet they have at least experimented with it.

Can't imagine what recording webcams would do- but I suppose it might be
effective for something.

~~~
themacguffinman
> Why is that so hard to believe?

Because there's no actual evidence to support it.

------
limeblack
I have tried using Chrome OS as my main device and I'm basically going to use
this post to rant a little. Why does Chrome OS have to use basically a dock
like Macs.

I would love and probably use Chrome OS as main device if it looked like this:
[https://i.stack.imgur.com/9MCqo.png](https://i.stack.imgur.com/9MCqo.png)

------
m-j-fox
Cool. Question: what are your editor options? Any gui-based emacs or atom? If
not, do you at-least have text-based emacs in termux?

~~~
VikingCoder
Emacs works.

I ended up liking the "Caret" editor - it's a Chrome App.

------
omnifischer
Wondering if Google would themselves launch such a workspace.
[https://www.youtube.com/watch?v=mfLc4U8pnPk](https://www.youtube.com/watch?v=mfLc4U8pnPk)
The idea is to have a vnc/remote-desktop style machine on AWS. Just need only
a client (secure chromeOS)

------
jhoechtl
This certainly makes a great dev environment for golang as for development
golang has very reasonable requirements.

~~~
RBerenguel
Wouldn't want to compile some big Scala projects on it I suspect

------
tkubacki
My current view is that best what average fullstack dev can do is still to buy
beefy desktop with linux/nvidia + windows on virtualbox/vmware (for Windows
stuff). Additional cheap Chromebook is nice but eg. IntelliJ is to heavy for
it.

------
noja
What does this achieve? How does this stop anyone compelling you to do your
fancy setup?

~~~
kasey_junk
Whether or not a government can compel you to download and reinstall data to
your laptop is a much trickier legal problem than whether they can ask you to
show them what is on it currently (in the US they almost certainly can request
that at the borders). It also adds to the hassle factor for the border
crossing agent. If you are walking through customs/border entry with a in box,
factory default chromebook in your _checked_ baggage, changes the legal
conversation.

Even if you aren't worried about state level inspection, this setup allows you
to put the laptop in your checked baggage and not worry that your data has
been intercepted by criminal enterprises in the case of rerouted bags or
theft. This is a big boon for many business travelers as they are more worried
about IP protection than privacy from governmental interlopers.

------
akulbe
One thing I'm finding a limitation about this setup is that it's hard to do
some package installs, due to the toolchain limitations.

gcc is out. you have to install clang, but that doesn't work for everything.

------
ufmace
Anyone know why the author seems to be setting up to SSH into Termux? It looks
like Termux itself has a perfectly good console, what's the deal with trying
to SSH into it from a local client?

------
math0ne
Some cool idea's at play here but termux is so limiting I would have a hard
time getting any real work done.

------
digi_owl
I can't help but wonder if _sec has jumped the shark...

------
alexnewman
It would be perfect..... But no copy and paste in termux

~~~
signifiers
that is not correct.

------
homakov
Usable? Scanning codes and plastic sticks? Not really

------
korzun
I have been using the YubiKey for over a year now, and the novelty wore off.

I lost my key a couple of weeks ago and was surprised how easy it was to get
back into my accounts with just my phone. There is no point in using something
like that if providers allow you to failover to more conventional
authentication methods without any hassle; the keys are useless. They are not
going to add manual verification for a couple of people who lost their
YubiKey.

YubiKey is useful for instances when you want to grant somebody access to
something with just a key. I don't see it going beyond that anytime soon.

~~~
scottLobster
Depends on the provider. From some quick Googling Lastpass at least requires
email verification before disabling Yubikey support.

[https://lastpass.com/support.php?cmd=showfaq&id=2546](https://lastpass.com/support.php?cmd=showfaq&id=2546)

Even for providers that do provide seamless failover, the inevitable "we see
you requested an account recovery" email would serve as useful canary to know
you're being targeted.

~~~
korzun
> Depends on the provider

That was the whole point of my comment. It is up to the vendor and vendors do
a horrible job.

> the inevitable "we see you requested an account recovery" email would serve
> as useful canary

There is nothing useful here. They are allowing you to bypass a secure key
with a dumb email confirmation.

Your idea of a 'useful canary' is great; until you get rooted at 5 AM on a
Monday morning and that email disappears before you wake up.

~~~
scottLobster
Well I imagine in most people's cases if they've managed to compromise their
email then the game is already won.

Anecdotally, someone got my steam account credentials. I discovered this when
they tried to change my password. Fortunately I had Steam's two-factor enabled
and got the notification (2-factor is required to change steam account
passwords), which alerted me to change my password. They actually tried the
account recovery option and I got an email notification about that as well.

So in situations like that such notifications can be quite useful. But yeah,
if they've compromised your most critical accounts/devices then YubiKey isn't
going to save you. I don't think that's a knock against it.

------
tostitos1979
I'm a bit confused (did skim article only). Is this running ChromeOS or Linux?
Can I get steam games like stardew valley to run on it?

~~~
pjc50
ChromeOS, Termux, and probably not. You might be able to run some Android
games though.

~~~
tostitos1979
That's what I thought. However, this article ([http://lifehacker.com/how-to-
install-linux-on-a-chromebook-a...](http://lifehacker.com/how-to-install-
linux-on-a-chromebook-and-unlock-its-ful-509039343)) mentions crouton and
being able to run Ubuntu. For instance, can I use apt-get, containers, etc.?
Seems like there are two "solutions" .. one is to reboot into an open Linux
system and the other is a more loose chromeOS?

~~~
pjc50
Have you read the actual article? I thought it was quite thorough in
explaining what the author was doing and why.

------
kaputsmack
As long as you don't mind Google spying on everything you do.

