I hesitated posting this, because I don't want to be too negative, but: ugh. ChromeOS is just more Google adware/tracking-ware, locking people into the Google ecosystem, and (by default, at least) creating a more locked-down environment than a general-purpose OS would have (not quite iOS or even Android, but still not with the flexibility of a "mainstream" OS). I feel like Framework could be spending their time doing much better things. Granted, if they believe that this will be a big boost to their bottom line / margins / sustainability, then I'm in favor of it on the grounds of helping make sure Framework is a successful company.
My hope was that this is just running on the standard Framework laptop hardware, but it looks like it required a bit of a mainboard redesign, as well as a different input cover and keyboard. Extra hardware like that just makes their offering more difficult for a customer to navigate and understand, not to mention the added support and manufacturing burden on the company's side.
While I share your concerns, the user experience and security of ChromeOS is so much nicer than Windows, or Linux (haven't used a Mac for ages so can't compare), for most tasks for most people. It's what I'd recommend to my grandparents.
Also, completely disagree with your point about locking people into Google ecosystem - this is an OS that just runs a web browser. You need a Google account to log in, sure (actually, there's a guest mode too), but otherwise it's just a browser.
You disagree about the lock-in with Google and then go on to acknowledge that one would need a Google account to login? I’m struggling to understand your logic.
I would love a streamlined Linux desktop that is as technically sound as what ChromeOS does - isolations, integral updates etc. The fact that it comes with a forced leaky pipe to Google mothership to feed their ad monster is a non-starter. We at HN should stop calling it secure*(except you know Google tracking you).
PS. I feel the same way about Windows. So, may be I’m just a grey beard yelling at the sky.
Lock-in is when you can't (or it's too difficult/expensive to) change to another platform. Requiring a Google login to access a Chromebook ain't that. You don't need to like or agree with it (it would be nice to have the option of a local-only login), but it's different to lock-in (just like privacy is different to security)
To be fair, requiring a Google Account alone isn't lock-in; lock-in would be if the OS forces you to use Google cloud services for a bunch of essential tasks, which could then make it hard to migrate to another platform.
I'll admit that I don't know for a fact that it does require this, but I just kinda assumed it might. IIRC you can run Android apps on ChromeOS, and if you buy apps from the Play store, then you're stuck with ChromeOS if you want to continue to run them. Otherwise you lose that money you paid.
These two sentences are contradictory, aren't they? You do not need a google account to run a web browser.
If it really was an OS that "just" ran a web browser, you would be able to run said browser without being forced to use a google account that spies on your web browsing behavior.
I'm a fan of Linux and a fan of ChromeOS. but are the user experience and security better on ChromeOS than Linux? It's a bit simpler than linux but I'd say Linux is a close second.
I would let anyone, even a total stranger, use my Chromebook in guest mode without a second thought (as long as I am reasonably sure they won’t steal it, break it, or disassemble it).
(Disclaimer: I also work at Google but not directly on ChromeOS.)
Exactly. I would never let my (non-tech savvy) grandparents near a Linux machine without supervision, but I wouldn't hesitate to let them near a Chromebook in guest mode.
Linux is quite secure in the hands of an experienced user. ChromeOS is secure in the hands of anyone who's not state sponsored attacker-adjacent.
It's not quite the same as "guest mode" on ChromeOS, but I make user accounts (no sudo) for non-technical family members and let them use my machines unsupervised. What are you worried about here? Should I be worried?
It depends on how much you trust your family members and whether you worry about non-root malware.
Looking at my Linux machine, I notice that the default permission for home directories is 755. If I don’t think to tweak that, then I’m potentially exposing a lot of sensitive data to other users (and potentially the programs they run).
I’m a proficient Linux user but not an expert, and I’m racking my brains to think of what else might be exposed to other users on my machine.
I'm similarly racking my brain, and I came to the same finding.
755 permissions on the home directory lets others see what you have, which isn't great.
The good and bad news is, permissions on the files matter too.
SSH (private) keys for example categorically won't work outside of 600 permissions, meaning nobody else can read your private key - without escalating privileges
Now, if you go defining auth secrets in your shell profile (which is world-readable by default), probably something to reconsider.
Restricting umask is a good protection for this, for what it's worth. You can make it so that newly created files/directories are not accessible to the world
Would you be at all concerned about the security and privacy of your guest user’s data, given your employer’s propensity for slurping up and storing whatever user data they can get their hands on? What if your guest user was searching for terms related to abortion in a US state where that procedure is (or will shortly be) illegal? What if they’re doing that and you happen to be physically near a provider of abortions?[1]
Security does not only mean security of your own data stored on the device. A device made by Google will never be secure.
Then you are either uninformed or willfully ignorant of 1) how operating systems and browsers work and 2) your employer's past actions relating to collecting and storing user data.
I am uninformed as to how running a Google search as a guest user on ChromeOS has different privacy implications that running that same search using another operating system.
Sure, if I carried around a privacy-centric Linux box and told my guest to use Tor browser, I could see how that could change the privacy picture. But that isn’t exactly an apples-to-apples comparison.
If you believe that having the guest user run their search on a typical Linux, Windows, or macOS machine would be better for their privacy, I would be interested to hear how.
Also, if they’re running the search in guest mode and they don’t log into a Google account, nobody can know who’s making the search. It’s not like they’re looking through the webcam or something.
Your scenario is oddly specific -- I didn't say anything about a Google search, or about ensuring that the user doesn't log in. In fact, going to www.google.com in an incognito window pops up a little animated box on the right hand side encouraging me to sign in, so I'd expect there's a good chance that my guest user _would_ sign in if they visit a Google-owned site.
> If you believe that having the guest user run their search on a typical Linux, Windows, or macOS machine would be better for their privacy, I would be interested to hear how.
The main reason is that Google controls the entire environment on a ChromeOS device (kernel, userland, browser), and ChromeOS is closed source so it's not possible for me to easily know what is going on. In addition, Google makes money by collecting data about users, so there is an incentive to collect as much information as they can get away with (and they've shown repeatedly in the past that they do just that). Maybe there's a daemon running in the background shipping URL history off to some Google endpoint in the name of "telemetry", or maybe not. Or maybe it's something more innocuous-sounding like hashed or anonymized data (which could be reconstructed given Google's immense amount of data). But I don't know, and I don't think it's reasonable for anyone to implicitly trust ChromeOS at all given the business model of the company that makes it.
On most Linux distributions, nearly everything is open source and I'm free to audit what's going on. On macOS devices, the software is closed source, but the company's business model does not involve building a dossier on each and every person on the planet, so I trust them more (not fully, but more). In the past I would have said the same about Windows, but lately I'm not so sure and I tend to put them in the same bucket as Google.
edit: Also see my reply to you in a different sub-thread where I explain this in terms of threat models. If you were building a secure OS to protect high-risk individuals like journalists reporting on intelligence leaks, you would be crazy to recommend that the journalists to use an OS built for them by the NSA, MI5, or FSB. Would you feel any better about the recommendation if the government agency said "Don't worry, as long as you use guest mode and don't sign in, we won't collect any data about you"?
I guess in practice this doesn't come up often. but it's a powerful testament to your confidence in ChromeOS' security. You are implying that you don't feel the same way about a Linux user guest login. But why? What additional security measures are present in ChromeOS that are missing from popular Linux distros?
I don't doubt the features are there, I'm genuinely curious what they are.
You can harden and configure a Linux system to have many of the ChromeOS security features, but ChromeOS has all of these enabled by default:
- All user data is encrypted at the login level. A guest user cannot access any other users’ data. Whereas in Ubuntu, for example, home directories have 755 permissions.
- The Linux userspace in ChromeOS is actually running on KVM, so ChromeOS itself is insulated from user-installed malware.
- Verified boot is huge. It is theoretically impossible for a modification to system-level software to survive a reboot. An attacker would have to modify the hardware too. And even if someone stole your Chromebook and modified the hardware to run malware, your data is still encrypted.
What if the attacker is the one who built and shipped the OS to begin with? Everything you say is true, but it doesn't matter as long as user data (history, location, etc) is being shipped off to Google.
Or, put another way: your threat model is a nefarious hacker or three-letter-agency who might secretly modify your hardware/software to get your data. Mine is surveillance capitalism. ChromeOS is secure under your threat model, but is _built by the attacker_ under mine.
Both of these threat models are important to consider, but one is much more relevant to a larger portion of the population than the other.
I said it was more relevant than nefarious hackers or government agencies, not relevant in some subjective general sense. So whether or not they care is irrelevant to my point.
Do you have an example what might go wrong? I cannot imagine how can one mess up desktop Linux system without root privileges. Totally fill up the storage maybe?
They go to a shady website telling them to open a terminal and entering `sudo rm -fr /`, and you got unlucky that they entered the same password they used when logging in.
But! It's your fault! They shouldn't be able to sudo!
But that's the point. If they couldn't sudo, they could do something else as disastrous. It is difficult to secure a Linux system if the user is allowed to log in. If I needed to give someone access, I just would give him a freshly installed Linux virtual system, and if he deleted something important, it's his problem, not mine.
Without sudo privileges the worst they can do is nuke their own home directory, nothing else because that's the only path where they have write access.
I installed Linux to a number of people, mostly over 50, some over 70. All of them but one kept using it, and the one who went back to Windows was forced because of an application he had at work whose copy protection made it impossible to run it under WINE.
That was some years ago, with Linux desktop less advanced than it is now, and before the Windows GUI experience reached its lowest with Win 8 and beyond.
If you spend some time configuring the OS, Linux is actually much easier and safe to use than Windows for a series of often overlooked reasons:
1- Application installation and removal is centralized: you fire up the distribution package manager and can install almost all software, including lots of 3rd party, using the same interface; no need to wander around the net with the risk of landing on a malicious page disguised as a download site.
2- Drivers are built at kernel level and nearly all of them are already included: if you buy a new device, chances are that besides not having to insert any drivers CD, they are already included in the distribution.
3- Hardware support doesn't come with added bloatware: say, you connect the new printer and can safely ignore the accompanying CD or their manufacturer's site downloads, which usually will attempt to make you download crippled version of commercial products and other junk along the drivers. Under Linux you use the supplied applications with all hardware of that class.
etc.
Some 20 years ago I was working at a company operating in the sports betting field; we had abut 50 points of sale deployed all over the country and my assignment was to find a way to allow each remote point of sale to work in the safest possible way, no distractions and including remote support on demand. All of this of course in the cheapest possible way. The best thing about working in a small company is that sometimes you can earn the freedom of choosing the rope to hang yourself with: I'm not interested in the betting world, but that problem was intriguing, and I had carte blanche.
The solution I came up with after some fiddling was a RedHat distro plus WindowMaker "desktop" with a restricted launcher whose dockapps allowed the operator to check/write emails, file for a remote support connection, open StarOffice and a couple other things I don't recall. The system was essentially in kiosk mode, with the browser set so that it would open fullscreen to operate only on the company webpage. I had to write the scripts to file for remote support since all the points of sale had dynamic IPs which could change by the time we could reach them, therefore the connection had to be the other way around. I solved this by using a remote "pinger" written in Ruby that would periodically send some data about the remote station, so we immediately had the who+where data pair, and a receiving Ruby application on our side would populate a GTK list (I used Glade and Anjuta iirc) with the stations that asked for intervention. As soon as a local operator clicked on one element, a reverse ssh tunnel was opened and we had the remote shell ready.
To my memory that contraption never failed; with very slow connections (~2002, so 1 Mbit down/ 128Kbit up when we were lucky) luxuries such as VNC were out of question. 50 points of sales could be easily managed by a single operator.
Of course I'm not suggesting to turn every Linux PC in a tight closed terminal that does 3 things only.
My point is that you can effectively turn a Linux desktop into something that non tech people can work without troubles, but that doesn't come out of the box, as it doesn't with Windows: you can have everything from a dumbed down terminal that couldn't be crashed by a colony of cats walking on the keyboard for a week, to something so advanced and full of knobs that you can literally do everything, including shooting yourself in the foot. Some work is needed though.
I expect that the user experience and security are better on ChromeOS. But that depends on who you're trying to secure against. I'm not particularly worried about state-level actors or even garden-variety malware. But I am worried about surveillance capitalism, and that's what Google has built its business around. So I would not trust ChromeOS to be secure against Google.
(Having said that, I still haven't been able to completely wean myself off Google services, so Google already has plenty of data on me, and gathers more every day.)
It all boils down to if what you want is an OS or a browser. If an OS is good enough feature and security wise though, there's no reason to just want the browser for the same price.
> You need a Google account to log in
This is absolutely blatany lock in, let's not sugarcoat or pretend it is not at least.
First, you can use a Chromebook in guest mode, no Google account required (as said), but they you need to log in to your accounts every time (probably not a problem for people like my mum who log in every time they use a computer, and log out of everything when they're done.
But more to the point, lock in is when you can't move your data to another system. You need a Google account to log in (these days that's not much different from Windows or Mac basically requiring MS/Mac accounts), but you don't need to use the account for anything else you do on the Chromebook; it's just a browser. If you want to, you can export any data that browser holds (passwords, bookmarks etc) and import into any other browser. That's not lock-in. Lock-in is forcing you to continue to use a particular vendor's product because getting out of it is too difficult (usually proprietary data formats ala MS Office, or not allowing cloud exports)
Honestly, ChromeOS has been the best solution for my grandparents. I don't receive any calls to help them out with computer issues, which means I can spend more time with them instead of fixing stuff.
It is possible to create customised UNIX-like OS with custom kernels, read-only filesystems (mounted images) and writable directories mounted as tmpfs, booting from removable USB. Some call this "diskless". There are some drawbacks from using USB media such as lack of a good randomness source on boot but there are many advantages. Kernels and filesystems are just single files on the USB media and can be easily switched/updated. The system stays "clean". It is "like new" on every reboot. I was doing this with a netbook long before the so-called "Chromebook" came along.^1
The problem with Chromebooks is that they are designed to try to get people to "log in" to Google and to use "the [Google] cloud" for storage. Chromebooks in Guest Mode have an array of Google-authored daemons running the the background from read-only media. There is no way to disable them. You cannot even change the options passed to Chrome, e.g., to disable "Origin Trials". This setup is great if you love everything Google, but not great if you just like computers, you bought the computer for the hardware and drivers, and prefer to choose your own software. With these Google programs always running in the background, it means you do not have ultimate control over the computer, Google does. Another annoying thing is that ChromeOS, as well as Chrome, is a WIP. It is constantly changing. For example, bluetooth may be working fine and then suddenly there is an "automatic update" that breaks it. Then you wait for Google to fix it. I am not too fond of that approach to updates. For the systems I create I choose if and when to update them. I prefer stability as opposed to bleeding edge. Chromebooks OTOH assume the computer user is willingly along for the ride as the Chromebook development teams figures out what they are doing.
1. Google likes to boast about Chromebook security. Indeed the Google programs run from write-protected media, and the user is denied access to parts of the storage media, but this type of setup is nothing one could not achieve, before or after the arrival of the "Chromebook", using an open source project such as NetBSD. IMO, the benefit of the Chromebook project is the hardware support, not the deliberately limited storage, lack of user access to parts of the storage media, mandatory installation and running of Chrome and other Google programs. Additionally, one has to consider the "security" implications of an OS that steers people to use Chrome and cloud storage and to remain online. Those Google programs are constantly probing for internet access. ChromeOS is an OS that encourages risk-taking, i.e., giving more data to Google, including storing user data "in the cloud".
I always make diskless systems to be offline by default. I avoid running X11 unless needed, staying in VGA textmode by default. There is no phoning home for "updates" to an advertising company.
Chromebooks are not designed to be offline by default. ChromeOS forces users to launch a GUI and run Chrome. Google is always trying to collect more data about computer users.
You are right with many points: Chromebooks are indeed designed to be dumb terminals to Google's services. But on the other hand they have an amazing sandboxing system for all OS components and take security seriously. Compare this to most Linux distros that allow basically every local app full access to the user's account.
I wouldn't use Chrome OS as it is right now. But a degoogled version of it, maybe with some better local only support, or at least support to use a different cloud than Google's cloud, say some NAS in my home, and it would be a really nice device.
Because Chrome runs from read-only media on the Chromebook in Guest Mode, some Chrome settings (chrome://settings) are not changeable. For example, one cannot globally disable Javascript or cookies globally. It is possible to disable these "features" only using Developer Tools and therefore only on a per tab basis. Settings are lost when the tab is closed. Similarly, any changed settings in Chrome (through chrome://settings) are lost on reboot. As such, a computer user who dligently entered per site settings for privacy and security would lose all her settings every time she reboots the Chromebook.
Needless to say Chrome defaults favour Google and Google's advertiser customers. Making it impossible^1 for Chromebook users in Guest Mode to save and import privacy and security settings is a dark pattern.
1. Google employees will proclaim this is incorrect. All the computer user has to do is "log in" to Google in order to save her settings. Once logged in, Google can collect more data about the computer user. However non-employees of the corporation may not wish to "log in". Google employees assume that all computer users should trust Google, like they themselves do. Given that Google is collecting as much data about them as the law will allow, and then some, this is a curious assumption indeed.
It is possible to create customised UNIX-like OS with custom kernels, read-only filesystems (mounted images), writable directories mounted as tmpfs, and encrypted disks, booting from removable USB. Some call this "diskless". There are some drawbacks from using USB media such as lack of a good randomness source on boot but there are many advantages. Kernels and filesystems are just single files on the USB media and can be easily switched/updated. The system stays "clean". It is "like new" on every reboot. I was doing this with a netbook long before the so-called "Chromebook" came along.
The problem with Chromebooks is that they are designed to try to get people to "log in" to Google, to use Google-controlled websites, to use online software controlled by Google and to use online storage managed by Google rather than local storage managed by the computer user. The later may be more convenient but it also poses higher risk for computer users while at the same conferring commercial value to Google. The company wants computer users to use its websites and software in lieu of offline storage and offline software.
Chromebooks in Guest Mode have an array of Google-authored daemons running the the background from read-only media. There is no way to control or disable them. You cannot even change the options passed to Chrome, e.g., to disable "Origin Trials". With these Google programs always running in the background, it means you do not have ultimate control over the computer, Google does.
Another annoying thing is that ChromeOS, as well as Chrome, is a work in progress. It is constantly changing and the computer user is treated as a beta tester. For example, something like Bluetooth may be working fine and then suddenly there is an "automatic update" that breaks it. Then the computer user must wait for Google to fix it. There is no way to go back to the previous working version while waiting for the fix.
One has to consider the "security" implications of an OS that steers people to use Chrome, online storage and genrally to remain online as much as possible. Google programs are constantly running on Chromebooks and probing for internet access. As such, ChromeOS is an OS that encourages risk-taking, i.e., giving more data to Google, including storing more user data online. Chromebooks are not designed to be offline by default. ChromeOS forces users to run Chrome. Google is always trying to collect more data about computer users.
I always make diskless systems to be offline by default. I use offline storage. There is no phoning home for "updates" to an advertising company. I decide when and if I want to "update" the kernel or userland.
For android and web development with its matured linux subsystem it works really great, even audio/midi apps like reaper run as linux apps so its surprisingly powerful and of course a lot better than windows, on the right hardware it can be nicer than macos in terms of being open and able to code on it.
Sorry, I have a hard time even comprehending your point.
You can run Android apps, right? You can side-load Android APKs, right? Even install F-Droid? You can run Linux apps on many Chromebooks - this one, too?
You are. Though there are certain privacy issues that may be warranted, you seems to make remarks without base.
> Google adware/tracking-ware, locking people into the Google ecosystem
One will always get locked to some ecosystem. Some friends use Facebook as photo storage as REAL-WORLD-USERS do not want to run NAS, RAID, off-site backup. Others having $$$ have iCloud. People that know difference between SAS and SATA run rack-servers.
A simple browser based OS can help run 4GB devices. May be you are comfortable in 4K screen, with dwm tiling wm but others want $200 ChromeOS for just shopping, netflix etc. Oh yes, many people do not have time to download and watch ISO - and get locked into some ecosystem.
> Framework could be spending their time doing much better thin
Lets be honest, Framework knows what is IMPORTANT for themselves than you. This is a good thing. Every bit helps.
> Most non ARM devices can be fully unlocked to run bare metal linux. Just https://mrchromebox.tech/
The fact that you can unlock it and run regular Linux isn't really the point. Selling a laptop that is pre-loaded with ChromeOS means that it's intended that buyers actually run ChromeOS on it, and I expect most that buy it, will (otherwise they would just get the regular or DIY version). Framework simply endorsing ChromeOS in this fashion is enough of a problem.
> Though there are certain privacy issues that may be warranted, you seems to make remarks without base.
I don't think that's the case, and nothing you've written here seems to contradict what I've said.
> One will always get locked to some ecosystem. Some friends use Facebook as photo storage as REAL-WORLD-USERS do not want to run NAS, RAID, off-site backup. Others having $$$ have iCloud.
That doesn't have to be the state of the world, though. I think all of that is not great, and the solution isn't just to throw up our hands and endorse closed-ecosystem environments.
There are other, less-extreme options in between "I live inside Facebook" and "I run a home server and NAS and host my own social network at home". Unfortunately many of them still aren't quite user-friendly -- though some are -- and the Facebooks of the world wield far too much market power.
> Lets be honest, Framework knows what is IMPORTANT for themselves than you.
You seem to be unreasonably angry over what I said. Maybe cool off a bit? I even acknowledged that there might be good reasons for Framework's business to offer ChromeOS as a product, but you seem to have intentionally ignored that bit.
Hey there, just wanted to share my experience with you. I've used Macbooks for the past like 6 years for programming, after several jobs in Silicon Valley required it. Apple has been pretty much okay except for some key issues around memory consumption and overheating.
After they hit a supply line issue earlier this year, I decided to try getting a Framework instead.
Been using my Framework laptop for a month or so now consistently for heavy programming work, and it is the best machine I've ever had. Thank you! It also was the catalyst to get me into using Linux (Ubuntu) which has been a huge blessing beyond what I expected.
I posted a photo of myself at a coffee shop to a Discord group, and someone saw the corner of the laptop. They asked "Is that a Macbook I see?" and I explained to them "Nah it's a Framework" and shared the link. Didn't really expect much beyond that, but actually they loved it. Several people looked at it and said "Wow! This sounds amazing! Actually... going to save this for later..."
Having just bought a Framework to replace my 5-year-old XPS, I really hope I have the same experience as you. Do you run Linux, by the way? I hope Linux support is good.
The only problems I've had so far is the "brightness" fn keys don't work, and bluetooth isn't great with certain devices like Airpods.
The brightness keys isn't a big deal, can still set brightness in the OS. It's probably fixable through some manual keymapping.
Bluetooth is more annoying but I somehow doubt it's a hardware issue. I just ended up getting Sony wireless earbuds to complete my transition away from Apple.
That being said, I also tried to dual boot Windows. Windows really does not like the hardware, and the Framework driver install package (https://knowledgebase.frame.work/en_us/framework-laptop-bios...) had limited effect in fixing the issues. Lots of bugs with audio and graphics.
So, for now I would say it is too premature for Windows, but great for Linux!
You can enable the hotkey support by blacklisting the hid-sensor-hub driver:
vi /etc/modprobe.d/framework-als-blacklist.conf
Add the following:
blacklist hid-sensor-hub
And then restart
It worked, but it needed `hid_sensor_hub` with underscores!
and `sudo update-initramfs -u` before the reboot
Hi, I saw your comment about Bluetooth issues with your AirPods, and I wanted to let you know that I have been having great success using my AirPods after I swapped out Pulseaudio for Pipewire on my System76 lemur pro laptop running PopOS. I think Ubuntu is planning to migrate from Pulseaudio to Pipewire as the default sound server, but maybe they haven’t done it yet. Anyway, this might be something you want to try. I use them for zoom meetings 1-2 hours every day, and they are extremely reliable.
I see! It appears Ubuntu 22 has both Pulseaudio and Pipewire installed, and Pulseaudio is set to the default, with Pipewire just not enabled. Will poke around at it. Maybe they're making some incremental transition still.
Some people have been getting hard graphics lockups (seems to be an Intel 12th-gen GPU / GNOME issue that may be affecting more than just the Frameworks). I'm running Sway and have yet to have any lockups over a month and a half of usage, though. Here's the community discussion thread: https://community.frame.work/t/hard-freezing-on-fedora-36-wi...
I'm a huge chromebook fan actually -- but my current one is looking a tad unsupported (pixel slate)
I've been considering a framework as a replacement actually!
One of the things I really care about is battery life + sleep performance.
The article mentions:
> .* At the same time, the Framework Laptop Chromebook Edition is our most power efficient product yet with optimizations from Google and Intel that allow for long-lasting battery life.
Can you provide some numbers around the battery life improvements? Sounds exciting! (And are these going to be backported to the normal 12th gen boards, or is it a feature of the unique mainboard/not firmware?)
Can you speak to the OS image as well? Is there any non-upstream drivers that are relied on? I notice lots of chromebooks have drivers that aren't in the regular upstream kernel, but just in the chromiumos source. I'm hoping that I could eventually swap OS' if needed w/o getting a new mainboard, and want to see how viable that is.
Thanks for the hard work, and in advance for the questions!
(P.S. like everyone else, AMD would be exciting if you don't know that :p)
[edit] one of my biggest disappointments in my slate is that it never received vm-in-vm support with the newer kernel. Is /dev/kvm available in the linux container? I _think_ that goes hand in hand with the steam supuport, but not sure
Google has fairly strict requirements around power consumption. They have a standard test for 10 hours of active use through common use cases, which we were able to meet. For standby, the requirement is around 14 days. I have to double check where we are on the current software and firmware, but we are close to that number.
We actually did learn some things about the Intel re-timers through this product development that let us come up with ways to improve the behavior on the regular 12th Gen Framework Laptops. We are currently developing a firmware update for that that will improve both active and standby battery life.
> We actually did learn some things about the Intel re-timers through this product development that let us come up with ways to improve the behavior on the regular 12th Gen Framework Laptops. We are currently developing a firmware update for that that will improve both active and standby battery life.
Is this specific to Intel's 12th gen or can it also be ported to the 11th gen? I have an 11th gen Framework and am delighted with everything about the laptop except for battery life. If that could be improved, I would have absolutely no complaints whatsoever about the laptop.
We do have some learnings that would apply back to 11th Gen that are early in development. We also have a beta firmware for DisplayPort Expansion Cards that improves one area of active/standby power consumption, which applies to both 11th Gen and 12th Gen: https://community.frame.work/t/beta-displayport-expansion-ca...
Traditional chromebooks are fairly locked down, and make it difficult (and scary) to install an alternate operating system alongside ChromeOS, for users that want a bit more power. What is the situation like on the Framework edition? How open is the bootloader, and how tricky is it to enter (and stay in) developer mode?
The bootloader situation is the same as other Chromebooks. It is totally possible to get into and stay in developer mode to do what you would like with the system. In practice, doing things outside of ChromeOS depends on how robust community-driven development ends up around that.
Apologies for the direct question, but I've wondered, how does this make sense for your business? Chromebooks have typically been seen as cheap versions of laptops but Frameworks is priced above the average Chromebook price.
Is there a sense that there is an untapped 'premium' chromebook audience or will this make sense even without that. Perhaps you're looking for large/discounted partnerships with educational organizations?
It's a valid question. Since there are few to no current products in this segment, we really are testing it. We get to do tests like this much more efficiently than most because we can leverage our existing modular product and build just new modules needed for it.
I am (personally) a bit disappointed that you'd work on a Chromebook version first, before tackling AMD or a version with a dedicated GPU.
I'll need a new laptop soon, and would really love to see either and ideally both of those.
But for the company it's probably a good move. Get help from Google on battery optimisations, open up a new market and hopefully get a sizeable order from Google directly, all without a crazy amount of re-engineering...
I'm not GP, but tackling AMD or a dedicated GPU sounds like a ton more work than Chromebook. Plus Google partnered with them, so presumably helped with some of the work. I would guess this effort didn't really take all that much, but it allowed them to try a new bet that might pay off, and establish a potentially useful partnership. I too would rather a dedicated GPU and/or AMD option, but I care as much for the health of the company as I do for the product offering (since frame.work failing or changing would be a tragic loss) so this seems like a reasonable shot to take. I really hope it works!
Exactly this. Offering AMD or dGPU is a whole other level of engineering, supply chain, and support effort. Google itself may also be good for a few thousand orders, just from all their now orphaned Pixelbook users. And presumably that’s still a tangible amount of sales for a company the size of Framework. Plus they apparently already found some power management improvements that will also apply to all their laptops, just by getting their devices ChromeOS ready. Actually seems like an excellent business decision.
Google employees have been switching to HP Dragonfly chromebooks but that may be back ordered now, so I could see many of us requesting the framework if it's made available internally. I'm going to see if I can get Google to allocate me one of these framework Chromebooks, and if not, I will purchase one on my own.
There are some other premium Chromebooks. Google started things off with the Pixelbook, which it appears they are now discontinuing. HP and Samsung have produced some high end Chromebooks.
They're a niche market: C-level executives at companies that use Chromebooks, developers at those companies, Linux fans who will mostly use the Chromebook to run Linux apps. They make more economic sense as an adaptation of a laptop that is already being sold for other markets rather than as a dedicated product.
The Pixelbook line never did enough volume for Google to make money on it. It was a proof of concept, a way of showing that a Chromebook didn't have to just mean a low end and cheaply built Acer or the like, but could be something that higher end users would happily use and not be ashamed to be seen with when they do a presentation. Now that other companies are making premium Chromebooks, there is no longer a need for Google to produce them.
While cheap Chromebooks abound, the market for Chromebooks has matured significantly and a lot of vendors offer high quality 'premium' solutions that really meet people's needs, while typically costing less than say Apple's offerings. Framework is jumping on that bandwagon.
I'm comparing this with the 12-gen DIY offerings, and it seems like it's mostly the low-end configuration of the DIY with ChromeOS installed. The FAQ says there are some subtle differences like louder speakers and a "more power optimized battery". Can you clarify what "more power optimized" means (a rather vague statement as the specs page suggests the same capacity and durability)?
I noticed the 256GB of storage is different from the DIY options. I'm guessing this is driven by hardware support limitations for ChromeOS. I'm wondering if the same is true with the RAM.
The FAQ also says you can add memory and storage later, but I noticed the FAQ mentions "We recommend using modules from Google’s Chromebook compatibility lists, which can be viewed in our Knowledge Base, and are available for purchase on the Framework Marketplace." I didn't find that compatibility list anywhere in the Knowledge Base, but I did find this post (https://community.frame.work/t/introducing-the-framework-lap...) which seems to suggest you can upgrade to 64GB of RAM and 1TB of NVMe storage, though it's not clear if that's using parts that are on Google's compatibility list or not. Can you provide any clarity on this?
The power optimizations are in the Mainboard electrical design, firmware, and OS, and improve both standby and in-use efficiency. The battery itself is identical to the one in other Framework Laptops.
On the storage, we use Western Digital SN730 and SN740 drives, which are also what we put in the pre-built Framework Laptops. These are roughly equivalent to the SN750 and SN770 retail drives, respectively.
On the memory and storage, ChromeOS technically has an allow-list for memory and storage, though in practice we have seen modules not on the list work fine. We'll be adding that list onto the Knowledge Base. We will be making parts that are on the list available in the Framework Marketplace for guaranteed compatibility (the memory we already have, and we'll be introducing SN730/SN740 storage up to 1TB).
> The power optimizations are in the Mainboard electrical design, firmware, and OS, and improve both standby and in-use efficiency.
It'd be nice to see improvements in the mainboard of the standard laptops as well. I imagine, in theory, much of the firmware and OS improvements could be installed on one of them already.
> On the storage, we use Western Digital SN730 and SN740 drives, which are also what we put in the pre-built Framework Laptops.
Ah, now I see it. The pre-built one has 256GB & 512GB options that the DIY ones don't have. I'm always amused by how specs differ between OEM and non-OEM parts.
> On the memory and storage, ChromeOS technically has an allow-list for memory and storage, though in practice we have seen modules not on the list work fine. We'll be adding that list onto the Knowledge Base. We will be making parts that are on the list available in the Framework Marketplace for guaranteed compatibility (the memory we already have, and we'll be introducing SN730/SN740 storage up to 1TB).
Awesome. Thanks. These were really helpful answers. As feedback, I'd say it would be nice to be able to select different starting memory options in particular, but this is a really great offering.
1. Does this come with CoreBoot and the jumper/screw to unlock CoreBoot like other Chromebooks?
2. Does this come with the silly Chromebook keyboard that is missing two keys on the left side?
If it does, is it compatible with the normal keyboard part?
3. When will you bring a motherboard with an AMD APU?
1. Could I swap mainboards to upgrade the 11th gen framework to the chromebook version?
2. Is the coreboot chip flashable with custom firmware? / Is the boot process locked?
This might well be the mainboard I've been waiting for. Congratulations on shipping this!
I noted this in another comment, but that mainboard swap should work. You'll likely need a Chromebook-specific Input Cover and Webcam for full functionality though, and this is an upgrade path we have done limited validation effort on thus far.
When switched into developer mode, it should be possible to update and customize firmware. There is a pretty active community for Chromebook firmware customization out there.
Also curious about this. If the mainboards are compatible (especially if they’re usable outside the laptop like the current ones are) this is very interesting.
Google is committed to a minimum of 8 years of security updates. We don't have currently have official support for other OS's, but there is an active community of people bringing other OS's to Chromebooks.
Google provides specific support dates on its Pixel and Chromebook devices. For instance, under "About ChromeOS", mine says, "This device will get automatic software and security updates until 2027."
In case of doubt you can always replace the OS with whatever Linux distribution you choose, which only leaves closed-source driver/fw blobs - but that problem is shared with every other general-purpose computer these days.
Why this over getting an AMD laptop? After the terrible experience of going back to Intel, I doubt I'll ever bother with an Intel laptop ever again. Is Intel giving benefits to ensure you don't support AMD?
I don't work for Framework, but my guess is that AMD doesn't make a chip with powerful enough IO controllers to operate the Framework. It's a shame, because I also like the Ryzen mobile chipset, but even the M1 wouldn't have enough IO bandwidth to drive 4x Thunderbolt 4 ports at full speed. Love them or hate them, this is part of the Intel 'package' that you're paying for.
Besides, now is a terrible time to start offering AMD laptops. You want them to drop a 6000-series laptop when the next-gen mobile Ryzen chips were announced less than a month ago? Have some patience!
> next-gen mobile Ryzen chips were announced less than a month ago
Technically the only mobile Ryzen chips announced so far are based on Zen 2 which is about to become two generations old. Expect "next-gen" mobile chip announcements in January.
(The recent Zen 4 announcements have been for desktop parts.)
5000 and 6000 mobile chips are Zen 3 with some skus that are Zen 2. The 6000 series mobile chips with Zen 3 and RDNA 2 are available today and are excellent.
Yes - to clarify, some mobile 7020 chips were recently announced, but they are Zen 2 based (as evidenced by the third digit.) I just wanted to be clear that no "next-gen" (i.e. Zen 4) mobile 7000 chips have been announced.
One thing worth noting is that basically, even now (almost 10 months post announcement), almost no one has a 6000U laptop outs (a search on Amazon and Best Buy shows two 6800U laptop models total, one Asus and one Lenovo). Two niche vendors, XMG and Star Labs, have both publicly stated that they would have loved to have offered Ryzen 6000 laptops, but couldn't get any allotments. There are were also well documented chipset issues - even into the summer Lenovo and Asus talked about requiring firmware updates to enable their USB4 ports.
That being said, starting w/ Rembrandt, AMD now has full 40Gbps USB4 controllers built on-chip. I'm really looking forward to Ryzen 7040 because Phoenix looks great (Zen4 + RDNA3 on TSMC N4 - yes please) and hopefully USB4 support has matured enough on the AMD side that Framework is able to release something.
Yes. This is why I don't really buy all this talk of Intel is "dead and finished" and will "fade away" in the next 5 year ... Even though Intel has an inferior product to AMD, they are really good at selling their product and don't mind indulging in unethical (or even illegal) market practices to do so. They still have a lot of money and they use it well to undercut their competitors. AMD shines in technical competence against both Intel and Apple, but is weaker than both when it comes to marketing and selling their product.
I think it is more complex than that. AMD uses TSMC foundaries to make their chips and has to compete with nVidia and Apple for capacity. Intel can guarentee their yields because they own their foundaries.
This is old news. AMD has since cancelled orders because of GPU sales falling off a cliff. They have enough for Framework, if Framework wants to jump on to make something
Is the hardware any different? If not, why sell this as a separate machine instead of providing a ChromeOS image that can be installed to a standard Framework?
Sibling comment got it correct, but worth noting that you can install ChromeOS Flex on a regular Framework Laptop. It won't have the same level of optimization that the Chromebook Edition has, and Google only has functionality like the Android Play Store enabled on Chromebooks. https://cloud.google.com/blog/products/chrome-enterprise/chr...
> we’ve partnered with ChromeOS because of their commitment to long-lasting speed and transparency. The Framework Laptop Chromebook Edition is built with the Titan C security chip and receives automatic updates for up to eight years, all to keep your Chromebook fast and secure.
The Chromebook version has a different keyboard than the regular one. Like most Chromebooks, it only has a large control and alt key in the bottom left. Plus no caps lock, you get a search key instead I think.
Thank you so much for making a keyboard without a Windows key and for selling it separately as well. The product page says it’s only compatible with the Chromebook edition though, does this just mean the function keys won’t be mapped or that it won’t work at all?
The Chromebook Edition keyboard will work on a regular Framework Laptop. It is just physically missing the fn and Win/super keys and has fn row artwork that won't match.
Does it have another key in its place? The Windows key is one of my favorite things about Linux in a desktop/laptop machine: a key that isn't used by any applications, which I can dedicate entirely towards window management, without worrying that it will conflict with any application key bindings.
ChromeOS! Specifically, the Mainboard is custom-designed for ChromeOS. This means it uses coreboot instead of a proprietary BIOS and has Google's Titan C security chip.
There are some other smaller differences. To keep the cost down, the top cover is aluminum-formed instead of CNCed, for compatibility reasons we weren't able to bring our fingerprint module in, and we were able to improve both audio quality and speaker loudness with an improved audio CODEC and louder transducers.
> coreboot instead of a proprietary BIOS and has Google's Titan C security chip
This is what I was hoping when I got the announcement via email. The question is if this will be locked down to chromeos or if it's possible to install your own keys to load a linux distro while still retaining verified boot capabilities.
Interesting - does this mean it'll be possible to create a Coreboot edition of the original Framework motherboard design, or is that capability related to Titan C?
It is technically possible to, and we've provided development systems to a few coreboot developers. This is something we'll be putting more energy into next year as we grow the Framework team.
Can you elaborate what you mean with improved audio quality?
My headphone jack on the 12th gen. (batch 1) model has a constant loud static/white noise which is very audible when listening to music even at max volume.
> To keep the cost down, the top cover is aluminum-formed instead of CNCed
Forging is in no way inferior to CNC, on the contrary, a forget aluminium part should have more rigidity per unit of thickness, depending on the alloy.
I guess, you got to volumes big enough to open the mould for forging?
If you need an audio engineer, I can refer you one fellow. He worked at Apple, Harman, Asus, BBK, and is now looking to relocated from the East Bloc.
The formed top covers are thick aluminium foils that are folded by machines.
They did show signs of lack of rigidity in the usage of the laptops (it was shipped with the first Framework laptops, and later replaced by CNC for this very reason).
I couldn't find any marketing material pointing out the switches on the originals, so I assumed this was a change for the Chromebooks. But you're right, I managed to find an image of a Framework laptop where the switches are visible.
Looks like a yes: "...you can multitask with ease on top of running heavy Chrome workloads. ChromeOS supports downloading Android™ apps from the Google Play Store, developing on Linux with Crostini, playing PC games with Steam on ChromeOS Alpha, and more."
Beyond laptops / more speculative - are there other hardware devices you'd be curious about branching out to some day? AR/VR headsets, robotics, servers for rendering/ML on the edge, etc.?
Will this support Android apps from Google play? If so, could this ChromeOS build be installed on a normal framework? Reason I ask is that ChromeOS flex doesn't support Android apps.
It is truly unfortunate that an ARM-based variant isn't available.
When you don't care about single-core performance and compatibility, there really isn't much reason to use x86 at all. For me personally, my priority is by far battery-life (and LTE support is a nice bonus).
I'm refraining from using Framework until they get an ARM device out to replace my current ARM chromebook (Acer Chromebook Spin 513, my NixOS configuration: https://github.com/L-as/NixOS-lazor)
With Coreboot and the ChromeOS Linux kernel running well on the device, how much would it take to release a Framework Laptop Linux Edition based on the Chromebook mainboard, but with a standard keyboard and somewhat optimized for a pre-installed Linux distribution?
I would imagine that regular Linux won't do as well as ChromeOS in terms of battery life, but perhaps still considerably better than the Windows mainboard+firmware.
Didn’t google make a version of ChromeOS that can be installed on a lot of regular laptops? Seems to me it’s possible there may not be any hardware difference between the Chromebook edition and other Framework laptops.
The Chromebook edition is based on the "brya" motherboard design shared by other Chromebooks with 12th gen Intel processors, so it won't be the same as the usual 12th gen Framework board. You can install Chrome OS Flex on the standard Framework mainboard, though; I think earlier commenters have provided more detail.
We have compatibility filters in the Marketplace to indicate what is compatible. Technically, every module is compatible, but some will turn it into not a Chromebook. For example, you can drop a regular Framework Laptop Mainboard or Input Cover into it.
Keeping it as a Chromebook with ChromeOS, there are specific firmwares required for the Touchpad and Webcam that required us to create variants. The Fingerprint Module we have is also not compatible with ChromeOS.
We have "Register your interest" set up for other countries currently. Depending on how much interest there is, this is something we will consider as we go forward.
Are there plans to develop a touchscreen and a tablet mode for the the framework? And if so, can we at least re-use some of the existing parts, other than the mainboard?
I understand if you can't make promises here, I'm also on a product team :)
I wish you success and I hope the collaboration with google was financially rewarding but end of the day everything that doesn't work out would mentally hurt and thereby reduce chances of future successes. I would request you to kindly focus!
I have a couple HP Chromebook 13 G1 laptops that I loved quite a lot for ~5 years as my primary personal laptop. It worked really well for 95% of my needs, especially once it got the Linux container support (which was ~4 years in).
The first one I got was $550 for the 8GB RAM model with i5 and "retina" screen, that was a refurb from Woot, almost half off. The second one I got around a year ago when Linux container support landed, 16GB RAM, i7, "retina" screen. That one I got off ebay for $120 landed. I also got my son one that he used until a few days ago. Pretty decent little machine for that price.
My son switched to a $120 Windows ASUS laptop this past weekend because the Chromebook wouldn't run Windows games. I was half expecting him to give up on the new laptop because 4GB isn't much RAM, but he says it works great.
My mother in law was recently asking for laptop advice for a "ward of the court" she oversees that could do with a laptop to do zoom meetings for the court appearances, and to use for school. I went looking for Chromebooks and found: they are all priced the same as a similarly speced Windows laptop. The things I value about ChromeOS ("instant" updates, "nothing really on the device", "security") aren't things the average person (let alone teen) really care about... Kind of hard to recommend a Chromebook for the average person these days, unless I'm missing something.
I'm having a hard time imagining the audience for this product. EDU most likely isn't going to go with this product due to cost (and can get easily complex, imagine trying to juggle all the expansion ports being lost by students), and typical audiences for ChromeOS devices don't always overlap with audiences who want easy repairability (and most likely are purchasing the device for the lack of nuances that other OSes provide).
I'm on a $150 Chromebook from Costco right now because it has a really nice display for text, it gets 8 hours of battery life at full brightness, and there's nothing I do that I can't do on another computer, somewhere else.
And somehow, this thing got my attention. I don't have any interest in their traditional PC laptop line, but I've been waffling over buying a Pixelbook for years because dealing with Google Support is worse than entering a contract with a devil.
If it helps you reconcile it, Framework doesn't do bulk or business orders right now, anyway, so the target demographic is only individuals.
Christmas gifts for my parents. I've had them on Chromebooks for the last few years, and my father is a tinkerer (Western Electric in the 70s) who routinely opens up laptops, phones, cameras, etc. for repairs or just because.
"just because" is a great personality trait to have (in the context of learning more) and I'm thankful my father had the same attitude.
When I was a child we used to disassemble mechanical/electrical things around the house simply because I asked "How does that work?". On occasion the reassembly didn't quite go to plan and a replacement kettle/toaster/VCR had to be sourced rather swiftly :-)
People are sleeping on how awesome Chrome OS is. It really is awesome. The 2020 equivalent of 2005 OS X vs. Windows. From there, Linux container. It's mind-boggling to me because I switched _off_ Apple the last 5 years after realizing how powerful it is to be able to pick up a well-made powerful laptop for $600 instead of $2400. It's so much better to have something thats an iPad and a laptop. Ugh. Anyways. Underrated. Really really underrated. (disclaimer: I work on Android at Google)
I concur! I have a few ChromeOS devices at home and, more often than not, it's a simple pleasure. And now with ChromeOS Flex, even more hardware can become more pleasurable. Yes, I know there are some downsides with Flex, but, in this case, I simply feel more ChromeOS, in either form, is, well, better.
Yes, tl;Dr got one at work for iOS dev a couple months back and I gotta be honest OS X is a real drag at this point. Brings me no pleasure to say this. Was such a huge fan.
Displays wider color range, CPUs faster, that's pretty much it on the positives side.
As someone else said, it’s great for gifts. If you’re “the tech guy/gal” in the family, you have to fix people’s broken tech. With this, it’s a chrome book so it should be easy to use, minimal handholding, and if something breaks it’s easy to fix.
As someone who is a CHRONIC mis-placer of [things], this comment made me chuckle...
I fricken lost my titanium SPORKS from my kitchen, one of which was a "businuss card" gift from JD Blair... and I know that nobody stole my sporks... but for the life of me I have no idea where my sporks are, my THREE pairs of $500 glasses that costo made for me and so many other stupid things...(FFS I literally just bought a pair of $150 BT headset, and left it behind within two days of purchase (i was able to get them back - but, yeah...))
I cant imagine if my laptop had removable parts (I leave shit in Ubers all the time)
Chromebook ecosystem is completely saturated with low end / low cost devices so there is not a segment of the market there that is not being met. Even the "high end" devices are often computationally anemic (Pixelbook series with Y series CPUs and eMMC drives). As a Chromebook user I am glad there are at least 2 high end options now (Framework and HP Elite Dragonfly).
I mean isn't that a fair question all around? Why pay more for a high end laptop when you can just buy a cheap chromebook? The myth that ChromeOS is just a web browser is just that a myth. It can do so much more. Some people like a high end laptop, but also prefer the safety and security that ChromeOS provides. I owned a Pixelbook and loved it. Honestly still miss it. I would absolutely buy another high end ChromeOS device.
I mean, a desktop with a full-featured OS like Ubuntu (or Windows or Mac or whatever) can do so much more, and that justifies a higher price of the equipment. If I'm paying to have only Chrome and nothing else, I should be getting some kind of huge discount ...
Would you pay more to have a dumb phone that only does calls, than a smart phone?
ChromeOS has real Linux with terminal, Android with any app store you fancy, frequent updates that probably won't break your stuff, it's sandboxed all around, one can skip Chrome and use Firefox (and VLC and others) either from apt, Flatpak AND/or Android, machines are mostly touchscreen, Libre Office full install possible, if your machine is beefy enough you get Krita, you can totally skip the Google experience apart from Parameters (I do), and I'm missing some other good points. What not to love (beside it's Google and whatever you do end up feeding the giant hdd serving ads Google really is)?
As one who always get second hand Chromebooks, right now is the time to get a like new Acer 713 with i5 or a new ThinkPad C13 with R5 on the cheap. I've got both this week (cost C$825 total), will end up keeping the best for my needs, give the other to a relative.
An enterprise chromeos device (usually the higher end ones fall into this category) can run windows via parallels, web pages via the chrome browser, linux CLI and GUI apps via crostini, and android apps with google play support. Out of the box without any major modifications. Which Linux distribution offers that amount of functionality out of the box?
I have the original Pixel 2013 vintage and I do not regret paying for that machine. However, it was exceptional for its time with a user experience that I still believe is the best it can be.
Nowadays I have a Lenovo Flex 5i Chromebook with an 11th gen intel, 8Gb RAM and a normal Full HD display. It costs approximately half the Framework laptop. The keyboard is really good and backlit, the speakers are MaxxAudio and that actually means they are really good. The flip hinge, touch screen and pen (in the box) work great.
Out of laziness I do developer things on it. Rather than move to the next room to use my 'proper' computer, I install the linux apps and it works really seamlessly. I get that Android is not quite right, but, if you just want to have your notifications come through, it works great.
USB C is a game changer and I no longer want to be able to take my computers apart. I don't want the fans running more than a gentle breeze and I don't want to be taking the machine apart every year to vacuum out the cruft.
In the early Windows/DOS days you would be spending hours moving dip switches and trying to get the machine to work. It was much like automobiles a century ago where constant fiddling was required.
There is a difference between getting work done and tinkering. With a laptop that just works you are doing work not tinkering.
We all want more RAM, CPU speed and so forth and the upgrade option is fine in principle. But do you buy a car with the 1.6 litre petrol engine with the 'benefit' that you can put a 5 litre V8 in there? Nope. But some people make money off YouTube doing this sort of thing so it seems an acceptable 'use case'.
I am not actually negative about the proliferation of Chromebooks at all expense levels, to me they certainly do not have to be bargain basement - hence Chromebook Pixel. But money talks and half of $999 is an unusual spend on a Chromebook, never mind $999.
I'm not sure if HN is a representative audience regarding interest in ChromeOS, but personally all I hope is the money Framework makes from this allows them to release a larger model on which I can slap Linux on. Lightweight 15" laptops with great Linux compatibility aren't so easy to find.
Got my hands on one. Because the screen is tall and keyboard a bit larger it doesn’t feel nearly as cramped as most 13” notebooks. Believe it is 13.5 as well, helps a bit.
It is indeed. The intent of that is to communicate that no matter what the OS is doing, the privacy switches for the camera and microphone are yours to control. The switches function at hardware level with no possibility of software override.
Soory to be harsh, but advertising hardware features "to give you control over your privacy" for a device that runs Google's tracking-ware OS is questionable to say the least.
>> The intent of that is to communicate that no matter what the OS is doing, the privacy switches for the camera and microphone are yours to control
Then why partner with such an OS ? It is not just the HW switches when I cannot use the very Framework chromebook without a google account - where is the privacy in that.
I was very excited for Framework and I appreciate your responses here but this feels too early a backward move for Framework. Is the market/partnership worth the trust hit ?
I hope I am wrong but this seems like going the Don't be evil way.
I hate "performance" Chromebooks but I very much appreciate giving end users the choice to get their weird Google OS if they want it. More consumer choice at no cost in other features is only a good thing.
I wonder if it will have proper CCD (Case Closed Debugging)[0] support.
With CCD, you are pretty much free to mess around with the "BIOS" of the machine, without fear of being put in a bad situation.
It also provides a serial terminal to the "AP" (application processor), e.g. available to the OS.
In other words, the Cr50 provides a controlled and user-controlled (but not user-owned) sideband channel to debug the system, even on consumer hardware.
Why user-controlled? Because it requires asserting presence to "Open", which with the design of ChromeOS basically requires being the owner of the device. Why not user-owned? For official ChromeOS devices, AFAIK that firmware cannot be replaced by a user with their own builds.
> the Cr50 provides a controlled and user-controlled
The Cr50 is as far from user-controlled as you can get. It can MITM your keyboard, reflash your firmware, and obeys only the holder of the private key corresponding to `LOADERKEY_A`:
Thanks for taking the quote of context. It's not like the sentence as a whole could ever have any more meaning than a snippet of it.
As I clearly stated, what is user-controlled is the sideband channel to debug the system on consumer hardware. The sideband channel under the current implementation of Cr50 is entirely user-controlled. This is a fact, as the end-user of the machine has control over the sideband channel.
I did not state any judgement about the GSC itself and its firmware.
And please don't start spreading FUD around hypotheticals of updates changing that. Yes it is possible. But a lot else and worse is possible under that scenario, so it serves no purpose but to spread FUD. And is still irrelevant to the content of the previous comment.
I am asking you, please do not ever derail what I say with FUD or out-of-context quotes ever again.
Yeah. Maybe this will turn out to be a genius strategic move, but it just seems weird.
It's the same sort of cognitive dissonance as if a Michelin-starred sushi restaurant just announced they're adding a Subway Footlong sandwich to their menu.
Switches won't do much if your photos and videos are on your laptop through some other physical means (e.g. disk/network) or if you put them there when the switch was not active.
Yes they also don't protect you from car accidents or heart disease. What's your point?
The purpose of a privacy switch is to make sure that Google (or anyone else, including hackers) isn't spying on you through your camera or microphone. This one accomplishes exactly that.
> How will the switch protect me if I'm in a video call with my SO?
The switch exists for when you are NOT on a video call. It completely cuts the video feed going into the OS on the hardware level. How is that so hard to understand for people here?
It's not hard for anyone to understand. If you're worried that the OS is hijacking your camera, why would you stop being worried just because you're using the camera.
Because when I'm using my camera I make sure not to do things like walk naked in front of it forgetting that there's a camera there? For other people the thing they don't do while on a video call might be having an affair, or using drugs, or...
Your argument seems similar to "why would you care about a microphone spying on you 24/7 if you're willing to sometimes have conversations that might be overheard?"
Yes obviously when you use your webcam you're aware that it's not impossible you're being spied on, and some people may choose to never have a webcam for that reason. For those of us who are happy to take that risk for video calls, we don't have to also accept that we can be spied on any time the laptop is open.
The other guy is arguing that you don't have to accept that risk at all if you don't use an OS from a data harvesting company.
I don't care who watches me through my camera, I was just trying to point out that people aren't stupid about the hardware switch. Some just find it ironic that there is a hardware shut off for a camera on a computer operated by Google.
Apple, Microsoft and Google are all data harvesting companies. And any other OS, including Linux, can have spyware, rootkits or other malicious software installed all the way down to the BIOS. If you want privacy when around an internet-connected camera and microphone there is no substitute for a hardware switch.
Again, the discussion is about camera security at all times, not just when you're not using it.
I think regardless of the fact that it is technically possible with any hardware and any operating system, it is difficult to argue that the risk is the same on Linux as it is on windows or ChromeOS.
I doubt ChromeOS or windows are spying on you through your camera either when you are or are not using it, but people can be sure their Linux distro isn't.
Never transmit onto the internet anything that would ruin your life if it became public, that's my motto. Regardless of how safe the transmission is in theory.
I hope this works out for them. The largest market for Chromebooks are schools but are schools willing to pay Frameworks price? I don't believe so but I hope I'm wrong.
We bought refurb HP and Lenovo laptops for less than $400. >$900 for student laptops is a big no-go. I guess if you were a bigger University, but I cannot see it for the average school.
I don't think that math adds up correct, $400 is over half the cost. If they last 2-3 years and a framework lasts 5-6 years before needing repair, it's at about break even (assuming we need to buy a brand new $400 laptop every 2-3 years).
Buying parts for a Framework will cost more than parts for a $400 laptop of which there are thousands on ebay of every single part. For example let's assume the screen is broken and we have a $400 laptop which can be replaced on. A new screen is about $100-150 (based on a quick ebay look of $400 laptops). A new screen for a frame.work is $180.
Your ONLY option with a frame.work is to buy through them at the moment, there is no other part providers. You are at the mercy of frame.work to provide support for parts and supply.
With a $400 Lenovo a quick ebay search can provide you every single part from all over the world at a variety of costs. As well as the normal companies that provide parts for them (and Lenovo themselves).
I would be disappointed in framework if they locked out 3rd parties from selling replacement parts. That's the whole point of right to repair.
My hope is that if people rally behind a platform like this, it will drive the price down too.
There's also the fact that we currently aren't pricing in the cost of e-waste, much like how gas in the US doesn't currently price in the cost of climate change related damages. It could be that those $400 laptops are artificially cheap for now, but once you start charging companies for planned obsolescence, it doesn't make financial sense anymore.
Well, the thing is, because of COVID and some other factors, we figured it was better just to give it to the student and tell them if they break it, then its their problem. Admittedly, a bit mercenary, but we are a community college and students should lean to be careful. Now, we'll help of course in odd circumstances and we did purchase extended warranties.
Strangely, its easier to get money for purchases than have a repair budget, but that US government funding for you.
This is awesome! I still use my Pixelbook, and I love it, and was always dismayed that it seemed to be yet another great product that Google lost interest in.
For folks wondering "who's the market in this?", the Linux container support in ChromeOS is awesome - my Pixelbook was actually a great dev laptop (I ran postgres, VSCode, Node, etc on it), just with age it's lack of upgrades is starting to show. So for me, on the "ChromeOS side", for me it's a benefit that it's basically just browser and android apps, and then on the Linux side I have everything I need for development.
Google definitely has not lost interest. The Chromebook team at Google is actually involved in almost (all?) Chromebooks made. Since Google is responsible for all firmware/software updates for the life of that Chromebook, they are involved in that way. As well, the hardware/firmware teams here do a lot of the core engineering to getting the core parts of the hardware working (motherboard/cpu at a minimum). And all BSP's end up living in the ChromeOS source tree I believe: https://www.chromium.org/chromium-os/external-bsp-hosting/
Thanks for your response, it's very helpful. I'll check out the HP Elite Dragonfly too.
As the sibling commenter mentioned, though, Google did just shut down their Pixelbook division, which is what I was referring to. And as a corollary, if you can forward this to anyone that matters, Google's product marketing is the absolute worst. And I say this as a big fan of Google's developer-focused products. Case in point, I'm a giant Pixelbook fan. If Google is shutting down Pixelbook development, why can't Google just put something on their store to point to alternatives, like you have?
As another example, I am heavily invested in GCP, and I'm a big Firebase fan. Yet I can hardly think of any other company that sells to enterprises that is so loath to even show a hint of what's on their roadmap. I get it, priorities can change, and you don't want to put something out there that is (incorrectly) taken as a promise. But tons of other companies have to deal with this problem, and with Google it's almost impossible to get any status about important bug fixes or feature requests.
> Google's product marketing is the absolute worst
As long as ‘killed by Google’ continues to be a well-known meme, they could have the best marketing department in the universe and it wouldn’t make a lick of difference..
That's pretty silly. I know you're exaggerating a bit, but marketing is in the business of public perception. If google took steps to reverse the trend, and the marketing department could highlight that, that would kill the meme.
But the marketing departement isn’t the firefighters. They’re the marketing of the parks departement. Once the firefighters put the fire out (Google engineering stops haphazardly killing products), marketing can attract people to the parks again (Google marketing attracts people to their services).
I feel like I'm missing some information here. Is it the engineering team that kills projects? I would think whoever's controlling the funding has their hand on the plug...
I think that makes sense though—partnering with companies like Framework and HP to get the hardware right while refocusing on the software experiencing in-house doesn't mean they don't believe in the market fit for the Pixelbook or the technologies that powered it, it just means that there was enough interest externally that Google doesn't need to take on the hardware complexity/supply chain risk/etc. Partnering with other companies that are already experts in that seems better then trying to get everything right themselves from scratch
(Disclaimer: I have not been following the Pixelbook news or really even considered the device before today, but people on this forum seem to like it)
I have a Pixelbook that still gets ChromeOS updates regularly- the Android and "Linux on ChromeOS" features are still half baked. After wakeup - Android apps hang or show empty windows, Terminal takes minutes to work, and a reboot usually fixes everything. (This is after a powerwash and being on the stable channel)
I think the hard thing here is that they want to keep the Linux VMs totally isolated from ChromeOS itself, so that they aren't opening up users to attacks. This is taking a lot of effort to get right.
I will say, the Pixelbook was super underpowered. They use the ultra-portable Intel CPUs that have a TDP of 7W, which makes them super slow with anything CPU intensive. The Dragonfly chrombook has a 15W base power usage, and can boost up to 55W, which allows for way more CPU intensive operations.
Yeah, they are half-baked in that they are trying to be a VM for Android and Linux apps, and neither are perfect yet. As far as I can tell, both are still receiving attention.
Yep, this is why saying "an i5" is meaningless. It covers everything from "weaker than a modern phone" to desktop CPUs that pull 150W and perform as such.
It also covers models introduced from 2009 through today. It gives you an idea of how it was placed in the product lineup when it was launched, but not which product lineup, so... not very helpful.
I agree - some of the updates I've received have been so half baked, including the Android apps forever-hang, that I wondered if anyone real was involved in this release. I finally got rid of my chromebook for a pittance because I just got tired of the mess.
I’m seriously tempted by this. I’m not a chrome user today; I have heard that when MV3 comes out, I won’t be able to use adblockers in Chrome. Is that right?
After spending £2k on a high end HP x360 only three years ago, and suffering since from horrid thermal throttling, crazy loud constant fans, terrible battery life (2.5 hours at almost idle light web browsing usage) and a spicy pillow battery, followed by being ghosted by their tech support (three attempts to contact) and finally discovering via YouTube that they don't even supply battery replacements for this model, I can only recommend you stay as far away from HP as possible.
I love Linux and I would consider myself a power user (understanding HW arch, working with kernel sources).
Basic Chromebook apps (+ Play Store) are something that "just work" for 80% of time for my use-cases (which is, browser and ssh-ing into a power machine in ze cloud/DC). I also have rather good understanding of threat models here, and the quality of the sandboxes and HW roots-of-trust, hardening and software isolation on a typical Chromebook, so it gives me a relative piece of mind for specific use-cases (personal/family files etc.). Supporting an extended family, if they can get used to Chromebooks (it covers 99% of their needs, esp. that Android apps can be installed here) is a bliss.
Customizing Linux is mental fun, but on a road you probably something that just works, and typical Linux is rough at edges - GFX support, hibernation, esp. if you don't want to stick to some LTS distro, b/c you always need this newer package for dev purposes or tinkering.
The remaining 15% is covered by a VM, which seems really nicely integrated (X11 proxy etc). The remaining remaining 5% cannot be covered - custom kernels, custom USB drivers, occasional need to use Windows, but that's fine, I can do that on a desktop or on some random, cheap, low-power laptop.
In essence, it's just a thin client on steroids, which almost always works in its basic form. But if you want something more interesting, there's always a VM with some Linux distro, or Android apps via the Play Store. But these are optional and don't affect stability of the core system, if you don't use them.
I agree that there are tons of great use cases for Chromebooks (I've owned like eight of them, including the Chromebook Pixel, and love them), but I also think that once you start getting into Android or Linux-heavy use cases, native devices are better than Chromebooks.
An Android tablet is a muuuuuch better experience for running Android apps than the Pixel Slate. A Framework running Fedora is a muuuuuch better experience for doing dev work than a Chromebook.
ChromeOS is great when used for what it is, and it's cool that it can flex to handle edge casey things with VMs. But if the VM stuff is most of what you want to do, just go a different way.
9 years, and I'm exaggerating a bit for effect; it's actually five of them. (HP 11 G2 in 2013, bought because it was tiny and worked well. Replaced with a Toshiba something, because it had a better screen and was faster. Replaced with a Chromebook Pixel 2015 because it was the god tier amazing Chromebook of your dreams. Replaced with an HP X2 because it was a convertible tablet and I wanted a convertible tablet. Replaced with a Pixel Slate because it was a faster and better-screened convertible tablet and I like things that are better.)
None of them were replaced because I strictly speaking needed to replace them, and all got handed over to someone else who happily used them.
I'm the poster of the original comment, and I don't work for Google, but your comment pretty much summed up perfectly my thoughts as well, and is a big reason why I'm a ChromeOS fan.
Less biased opinion here (don't work for google, don't hold stock, am primarily a Linux user at home), but I use(d) a Pixelbook for all the same reasons mentioned above, though I now use a Framework as my primary laptop, but mostly because I wanted to switch from Chrome -> Firefox for a bunch of other reasons.
Biased but informed opinion: I own a Framework Laptop running Ubuntu 22.04.
Linux on a server or a desktop isn't so bad. Linux on a laptop is awful. Hibernation isn't supported. Battery life is mediocre, and battery drain in sleep is significant. If I close the lid on my Framework at 75% and come back the next day, it will be at 25%. If I come back in 3 days, it will be completely dead. Even on a device designed to support Linux (Framework, Thinkpad, whatever) the Bluetooth experience is....err......well, if you don't have anything nice to say don't say anything?
ChromeOS isn't perfect, but as a laptop I'd much rather run it (with Crostini to get a Linux development environment) any day.
> Even on a device designed to support Linux (Framework, Thinkpad, whatever)
There's apparently a world of difference. Nothing about the Framework suggests it was designed for Linux.
A proper Thinkpad does not have issues with hibernation, or losing battery, or graphics, or any of the other things you mentioned.
I just want something that works, and will receive updates as long as there are users. I don't want to muck about with VMs, or Crostini, or whatever it's called. Sounds like I must never let go of my Thinkpad.
I'm glad you've had that experience, but it hasn't been mine. I've owned other laptops running Linux and have had plenty of coworkers with experiences as well. Heck, there's an entire team at Google dedicated (full of incredibly smart people who know way more about Linux than I ever will) to trying to get Linux running well on laptops. Plenty of people shared their experiences in this thread: https://news.ycombinator.com/item?id=32293541
The vast majority of people I know who tried running Linux on their laptop switched to Mac/Windows/ChromeOS. Containers and subsystems like WSLv2 or Crostini make it mostly painless to do Linux development while having a host operating system that has people paid to make the experience great rather than volunteers who generally want to work on shiny algorithms rather than fixing UX bugs.
More specifically: I've run Windows on the Framework and it was generally great (I wished it was a touchscreen, but that's about it). Maybe with the right magical device I could get a great Linux experience, but it's not worth having to search and compromise for me. I can install Windows on anything and it will work. I can buy any of the few Macbooks on sale and it will just work. I can buy any Chromebook and it will largely work out of the box. Linux is the only OS that makes me carefully check that my exact set of chipsets and components will probably not be a complete disaster. I buy laptops based on their hardware specs (screen, keyboard, trackpad, weight, ports) rather than their compatibility with an operating system.
Not to take anything away from your experience, but drawing conclusions from threads like those is not the whole picture. That will be skewed against people who use problematic hardware, and say things like "the Linux way is tweaking everything".
But it's really not. Linux is mainly for users, by users. You're going to a very diverse set of users and experiences. For every tweaker out there you're going to find someone like me who just wants a unix-like operating system, with Perl and Python and everything else available with a minimum of fuss. They just don't speak up very often, because there's not much to something that works.
Of course it's important to mention the problematic bits too, and there's been many. I've mostly run Debian for over twenty years, and there has been several times where I had to fix issues from migrations such as rootless, utf8, python3 things, and file format migrations. For a long time things like hot plugging monitors, projectors and printers were a bit of a gamble.
But for the most part it's given me an environment where I can use a wide range of tools from emacs to nmap, from git to latex without giving a second thought how to configure paths, and how to fix some random missing dependency for a package to build, or why nginx doesn't pick up the changed file date. All those things have been ironed out by someone who went before me. That's worth a lot.
> I buy laptops based on their hardware specs (screen, keyboard, trackpad, weight, ports) rather than their compatibility with an operating system
Yes, that pretty much explains everything.
That's a luxury available to users only of a completely dominant software platform.
A Mac user could never say that. If you want OSX you must carefully buy supported hardware. You can buy a hackintosh, but don't fill up threads with complaints how bad the suspend works, and that the picture quality of the webcam is subpar.
Speaking for myself, I know what software I want to use. I do not care about hardware specifications in any other way than it runs my software reliably. Sometimes that means you can pick any color you want, as long as it's black. Black as my laptop.
The hackintosh world is fascinating, and a really useful analogy. It makes the Linux experience (which, in the last half decade, has been largely good) look utterly seamless and polished, at least with the bigger distros. I own a MBP and will continue to use Apple laptops, but their excellence depends entirely on controlling the entire end-to-end product. And there's nothing particularly weird or objectionable about that. But it makes what the Linux community has been able to do, supporting an almost arbitrarily large set of hardware, that much more impressive. (This, incidentally, is one reason I don't get into OS wars: they're all doing different things in wildly different ways, even if, for the most part, they're capable of the same core tasks.)
> I can install Windows on anything and it will work.
Not necessarily. There's plenty of instances of devices working poorly in Windows before the issues get patched (if they are at all).
If you want something that 'just works', you are indeed better with the Apple ecosystem. They control the hardware and software.
The only way around these issues is to pressure vendors to provide better Linux support. The only reason Windows laptops tend to work better out of the box (or at least with all hardware working to some extent) is because of all the testing done by vendors.
> A proper Thinkpad does not have issues with hibernation, or losing battery, or graphics, or any of the other things you mentioned.
Not sure if my E495 would qualify as a "proper thinkpad", although I've read about the same issues on T series laptops, I've almost never managed to make my laptop sleep in the 3 years I've owned this laptop starting from kernel version 5.4.x to the present 5.19.x. Whenever I try to 'systemctl suspend', one of the following things happens
- the laptop sleeps for a few seconds and wakes up
- the laptop sleeps for a few seconds and wakes up completely frozen and I have to perform a hard reboot
- the laptop doesn't sleep and freezes and I have to perform a hard reboot
- the laptop sleeps successfully but when I wake it up, the screen is messed up with green colors all over the place, hard reboot needed
My laptop also kept freezing randomly from 5.4.x to 5.14.x.
The T- and X-series is what people usually refer to as the "real" Thinkpads, which existed before this Lenovo nonsense. Lenovo labels widely varying hardware under the Thinkpad brand, but that's not what you want as a Linux user.
I don't know about the E-series specifically, sorry.
As I wrote before, I have observed similar issues reported by many T series owners when I was desperately scouring the Internet for a fix for months. Of course, I haven't used a T series ThinkPad so I can't say if these issues got resolved or not. I gave up long ago and now keep my laptop on 24x7 when I'm not traveling.
Conversely, I have a ThinkPad X1 running Fedora 36 (and, previously, 35), and it has never given me a problem ... well, other than because I messed with one too many things. The only thing I did was to disable the so-called "modern suspend" in BIOS and it has run like an absolute dream.
Not trying to contradict you. Just noting how even within one manufacturer's footprint (and "linux" however we define that for the purposes of this conversation) YMMV.
I concur. While I know all the world is Linux, I run OpenBSD on many of my hobby systems. I love OpenBSD’s simplicity, but, IMHO, it’s missing too many things to be a good laptop OS. With ChromeOS I get the support a laptop environment requires, while still having the Debian VM to take things further.
System76 seems to have finally gotten to the bottom of the battery issues with their Lemur Pro. It's all about the drivers, and getting drivers that do power management right for devices that are miserly is surprisingly difficult.
I've noticed this on my framework running Pop but my XPS running Ubuntu has comparable battery life to the last MacBook I owned (granted, these are now both "old" laptops relative to the contemporary designs that have ludicrous battery life).
I will say I agree, you can't use a Linux laptop and take a video call without being tethered to power.
Well, as long as we're sharing personal anecdotes as absolute judgements, then allow me to throw my own hat into the ring.
I have never had a problem with suspend, hibernate, nor excessive battery drain (beyond what the hardware should do) on any of linux laptop setups.
Thats starting from a thinkpad in 1998 (yes), all the way to my current amd 4800 tongfeng (generic chinese oem laptop maker).
Along with quite a few chromebooks thrown in along the way (all of which were developer-mode enabled, WITH secure verified boot turned back on, so had full access to linux apps WITHOUT using crostini vm's).
But, seeing as how chromebooks are essentially machines running GENTOO LINUX with a custom google ebuild overlay, then perhaps their reliability should be another plus checkmark for "linux on laptops", and not somehow a ding against that.
Sounds more like a list of problems with Framework. Battery life on my x1c is similar to Windows (TLP FTW!) and with working S3 (what Lenovo calls "Sleep mode: Linux" in their BIOS) battery drain during sleep is very low. Can't say anything about quality of Bluetooth stack though since I don't use it.
Sounds like something that Framework should fix. There's nothing wrong with the Linux kernel per-se.
I have an older Dell Chromebook (turned into a Linux machine once Google stopped OS updates). Battery drain during sleep is pretty significant with either ChromeOS or Linux.
Personally, I chose ChromeOS as the bare-metal OS for my laptop because I think it's the best of both worlds:
For web browser-based stuff, I have a constantly-updated state of the art browser with full vendor-backed hardware support for everything around graphics, sound, USB, Bluetooth, etc, anything else I might want, plus probably the best sandboxing you can get as far as protecting the core system from any malicious web exploits. It also works rather well in tablet mode with convertible devices. IME, getting all of this on bare-metal Linux and having it stay working for years is very hit-or-miss.
For linuxy CLI stuff, I have a built-in Linux container with a nice terminal. Everything I've wanted to do as far as CLI stuff works great, including Vim + Tmux, developing and compiling in any language, systemd services, docker and k8s CLI support. I've opened at least a dozen or so PRs on various open-source projects and maintained server clusters working entirely on a Chromebook. All the driver and display stuff is taken care of by ChromeOS so I never have to mess with config for it.
In practice, full, stable hardware compatibility and battery life. The Linux experience on the Framework Laptop on recent distros (e.g. Ubuntu 22.04.1) is solid, but battery life will still generally be better running Ubuntu on top of ChromeOS.
One reason is all the binary artifacts are peak-optimized for the platform and this yields significant, often 10-20% lower CPU usage than plain vanilla binaries offered by all other Linux distributions. This includes the kernel, which in ChromeOS is built with LLVM with profile-guided optimization. Faster software translates directly to longer battery life. Every other distribution is years behind Google in terms of tooling.
I'm not sure if there are any single good URLs I can give you. The best way to learn is to read the chromiumos repo and see how they build the image, how they collect and deploy profiles, etc. You can also look at the mailing list of clang-built-linux to see how their kernel is built with clang and how they integrated that with their profile pipeline.
In the end though it is cultural and not technical. Debian will bend over backwards to make sure That One Guy can still install the latest version on his old Centaur CPU, from floppies. ChromeOS is laser-targeted for specific, allow-listed hardware platforms. If you are philosophically committed to the eternal comfort of That One Guy, the Debian way makes more sense. If you just want software that's faster and more secure, ChromeOS has the better way.
I'd just like to put a vote of confidence in for That Guy, I think we should absolutely have an option for them.
Which is a roundabout way of saying; it's critically important that we don't over-optimize for the central, happy path (just wanna browse securely on whatever hardware ya got). The most interesting things (and the most valuable) frequently come from the edge cases, which are absolutely supported by keeping an eye on the needs of "That One Guy". Unix interoperability has given us a bounty of awesome shit and I anticipate it will continue to do so.
Battery life of ThinkPad that supports Linux with TLP installed and properly configured will be very similar to Windows. And to address FUD from other reply to your question: AFAIK official Firefox builds for Linux use PGO as well, however PGO has quite less impact on battery life than what another commenter suggests.
The usual reason for a lot of those boil down to "poor driver support", but this is the same hardware with what I would presume is the same Linux kernel so same drivers, so what's the difference?
It tends to specifically be an issue with encrypted swap, because encrypted swap uses a random ephemeral encryption key. Honestly, I think in a lot of cases it makes sense to simply There are solutions for this: https://help.ubuntu.com/community/EnableHibernateWithEncrypt...
I think the real challenge here is for distro vendors to figure out how to provide a better user experience around this. There's no reason that the ephemeral key can't be stored in a sealed state that can be recovered as the machine wakes. There are obviously some security implications to this, but I think it's fair to say that a lot of users would prefer making that trade-off.
There's a lot of security models that rely on RAM being more difficult for an attacker to access than disk (as you can imagine it is much easier to ensure things stored to disk are resistant to compromise than to ensure that nothing in working memory is usable by an attacker). Swap is that in between case where storage is memory, so that creates a unique challenge.
What you want is that if someone steals your hibernated laptop, that absent a way to securely authenticate themselves as you, they can't restore the working memory of your laptop. If you think about it, if they could, much of the point of many security precautions would be lost.
Ah of course, I haven't thought about it that way, thanks for your explanation.
I guess it depends if you're willing to put all eggs in one basket so to speak. But instead of disabling hibernation outright maybe distros can find a compromise there.
My anecdotal experience with friends that tried Linux is that it left such a bad impression when they opened they're laptop the next morning and it's lost most of its battery life that some actually went back to Windows.
I think you may have missed what was being asked? I think they assume that an LVM PV is encrypted and could contain the block filesystem and swap volumes as LVs. There is already a boot-time process to unlock such an LVM setup. Why should the swap require a separate encryption key?
As a Fedora user, this is how my disks have been setup for many years, and I don't understand why Fedora have disabled hibernation. During wake from hibernation, the kernel and boot ramdisk would need user input to unlock the PV and to decode the LVs. Then, the hibernation state would be visible at the same time as the other filesystem state, and the kernel could decide whether to load the hibernation image or continue a normal boot sequence.
This seems to provide the protection of content needed for theft of a hibernated machine. I don't know whether there is some unhappy sequencing flaw in the dracut-generated ramdisk (between when the wake-versus-boot decision has to be made and the LVM decryption is done), or, whether someone at Fedora has decided that the threat model is different than we discuss above?
> I think they assume that an LVM PV is encrypted and could contain the block filesystem and swap volumes as LVs. There is already a boot-time process to unlock such an LVM setup. Why should the swap require a separate encryption key?
Again, the reason why it's different is the security model for memory is different from the filesystem. This is exactly what I was getting at: the fixed key. Encrypted swap volumes typically are set up to use ephemeral keys that are "forgotten" when you power down. The idea is that you only have access to that memory while the computer is running. When you boot up again, whatever data is in the swap partition is just noise. As mentioned in the link I provided (https://help.ubuntu.com/community/EnableHibernateWithEncrypt...), the current solution is to switch to using a fixed key, much as you described. That fundamentally changes the security model, and not in a subtle way.
I think there's a solution that more closely approximates the security model, with only a minor compromise: when you boot up, you generate an ephemeral key in the secure enclave, and use that to encrypt your swap. When you hibernate, the secure enclave encrypts all the metadata (including the ephemeral key) into a sealed state that is stored on disk with the swap information. When you restore, the sealed data is read back into the secure enclave (and erased) and it can then decrypt swap as needed. This still means the hibernated memory state is fully recoverable by whomever is able to authenticate with the enclave, but that's what everyone wants. On the upside, if you shut down the machine (rather than hibernate), the ephemeral key is lost, so there's no way anyone can recover what's on your swap, even if they have access to whatever fixed key(s) you have used for your LVM volumes.
If you're really paranoid, you could even generate a new ephemeral key on restore and reencrypt the entire swap volume with the new ephemeral key, though I'd question what realistic threat model that would really address.
Maybe we're not talking about the same scenarios/alternatives? If I've set up whole-disk encryption with a security level I trust for my persistent storage, how is that not appropriate for the persisted hibernation state? To me, hibernation state is a subset of persistent storage needs, not some categorically different thing. The coupling between running system and persistent state seems so strong to me that I consider them one equivalence class of data and requiring one consistent protection standard.
I adopted the conveniently offered, software-based whole disk encryption mode when installing Fedora. A luks-encrypted LVM PV is the only luks mapping at runtime, and a naked /boot volume is the only volume not allocated as an LVM LV in that encrypted volume group. Thus, I have selected my storage security posture. I expect the cold or detached storage device to be resistant to inspection. Due to the unencrypted /boot, I have doubts that there is tamper-protection of the future running software, should I temporarily lose control of the physical device. I have no illusion that the running kernel lacks access to the plaintext content.
My swap is an LV in that encrypted volume group. Why is hibernation disabled on Fedora? This is where I feel like there is a poorly communicated threat model or some other unstated assumption that I do not appreciate. (But see my last paragraph below for a possible answer!)
Are people concerned about the written hibernation state using the same key as the filesystem volumes? I.e. that knowing how to unlock the whole-disk encryption means you can reconstruct the hibernated image too? I don't see why I, as a user, should care to protect the hibernation image even more than all my regular data. Similarly, if I have the key I can potentially attack the root volume (while offline) to inject all sorts of malware, such that I could exfiltrate RAM state from the running system in the future. Swap isn't required to open me to that attack.
Are people concerned about regular swap state being available on disk during system operation? I.e. the running Linux luks mappings can be abused to inspect swap state? I am not sure I can appreciate this angle, since I think it is farfetched that the swap mapping can somehow be more resistant to attack than the filesystem mappings in the same running kernel.
Are people concerned about regular swap state being left on disk during a non-hibernated shutdown? If so, I would suggest that the swap crypto should not be conflated with the hibernation crypto. Add an ephemeral cipher to swap if you must, but use framing/metadata to reliably distinguish the ephemeral swap "noise" image from a valid hibernation image. I'm OK saying that hibernate must write an entire image and not assuming that regular swapping can opportunistically prepare any hibernation state prior to a hibernation event actually commencing.
While writing all this, I have thought up another possible angle. Maybe this is the actual Fedora issue? I can see that control of an offline hibernation image means control of a future running system image, and this might violate some secure boot agenda? I.e. I can tinker with the hibernated state to introduce a "hacked kernel" and ask the system to restart with that. I can see why secure boot might prevent return from hibernation. This requires some integrity-protection chain to enable the trusted bootloader and kernel to verify a hibernation image before opting to load and restart it. I can see how a variation on your "sealed state" approach could address this. But note, it only requires integrity protection and does not actually need another layer of confidentiality protection.
> Maybe we're not talking about the same scenarios/alternatives? If I've set up whole-disk encryption with a security level I trust for my persistent storage, how is that not appropriate for the persisted hibernation state? To me, hibernation state is a subset of persistent storage needs, not some categorically different thing. The coupling between running system and persistent state seems so strong to me that I consider them one equivalence class of data and requiring one consistent protection standard.
Yes, we are talking about different scenarios. As I said, you can absolutely set up your swap to use a fixed password and then it will work fine as you describe.
> Are people concerned about the written hibernation state using the same key as the filesystem volumes?
That might be part of the concern, but it's more that it is possible to recover previous memory/swap state with a key that can reasonably be subsequently recovered.
Let's imagine a scenario where I have a secure password, that I enter into my browser, to say, access my bank's website. That's stored in memory by my browser & the GUI, but it is not normally allowed to be put on disk for security reasons. Then I hibernate my laptop and it gets written to the encrypted hibernate volume that uses a fixed password. I restore my laptop and go about my business. I might even reboot the laptop several time subsequently without thinking much about it. Then, someone finds a way to compromise the password used for swap encryption using any number of possible attacks (some you described). Now, not only do they have access to all the stuff on my computer, but they also have access to the contents of the encrypted swap volume, which unless I was lucky and the particular swap page was overwritten, the compromise goes back to the memory of the runtime from long before the machine was compromised. This would include this password that was very intentionally NOT stored on that computer, in order to avert precisely this kind of threat.
> If so, I would suggest that the swap crypto should not be conflated with the hibernation crypto.
That's another possible avenue, not that unlike what I was suggesting. It's worth noting though that these days there may not be much value in having separate passwords for swap vs. hibernate, since swap is rarely used on laptops.
They are all different security trade-offs, and it is debatable which is the right one. I don't think the current default is the right one for most users, but I do understand it.
You definitely can. Actually relatively simple if you know your way around Linux. This is a good guide for Arch [1]. I think there's a couple more steps on Fedora or if you're using zram in general but it's definitely doable. I've even got it working with secure boot using my own keys.
I just went through this process with Gentoo on a framework laptop. Here are some random, likely incomplete notes to make this work. It uses a swap file on an encrypted filesystem
1. Create a swap file. Our rule of thumb is ram + sqrt(ram) for hibernate
fallocate -l 72GiB swapfile
chmod 600 swapfile
mkswap swapfile
swapon swapfile
swapon --show
2. emerge suspend
3. Get the number to use with resume_offset later. In the current case, it was 125798400
swap-offset /swapfile
emerge sys-boot/grub
grub-install --target=x86_64-efi --efi-directory=/boot
vim /boot/grub/grub.cfg
timeout=5
menuentry 'Gentoo Linux 5.18.19' {
root=hd0,1
insmod all_video
linux /kernel-5.18.19 root=/dev/mapper/root resume=/dev/mapper/root resume_offset=125798400
}
4. Fix suspend.conf
vim /etc/suspend.conf
resume device = /dev/mapper/root
resume offset = 125798400
5. Setup an initramfs
cd /usr/src
mkdir initramfs
cd initramfs
mkdir -p bin dev etc proc sys new-root
cp -a /dev/{null,console,tty} /usr/src/initramfs/dev/
cp -a /bin/busybox ./bin
cd bin
for i in `./busybox --list`
do
ln -s ./busybox $i
done
cd ..
cp -a /sbin/cryptsetup ./bin
mkdir -p ./run/cryptsetup
lddtree -l /sbin/cryptsetup
Copy in all of those files until the local cryptsetup works appropriately
vim init
#!/bin/sh
# Define a rescue shell
rescue_shell() {
echo "Error in boot process, dropping to a shell"
exec /bin/sh
}·
# Mount our devices. We sleep prior to dev to hopefully finish loading.
mount -t proc none /proc
mount -t sysfs none /sys
sleep 2 && mount -t devtmpfs none /dev
# Decrypt the root partition
cryptsetup --allow-discards luksOpen /dev/nvme0n1p2 root || rescue_shell
# Attempt to resume
printf '%u:%u\n' $(stat -L -c '0x%t 0x%T' /dev/mapper/root) > /sys/power/resume
# If we're not resuming, mount the new root
mount -o noatime,discard -t ext4 /dev/mapper/root /new-root
# Unmount (cleanup) our devices
umount /proc
umount /sys
umount /dev
# Boot from the unencrypted partition
exec switch_root /new-root /sbin/init
6. Suspend should be working with:
echo shutdown > /sys/power/disk
echo disk > /sys/power/state
or preferably
loginctl hibernate
Anyway, there's a lot of missing detail in there, but the idea is that there's a swapfile inside the normal encrypted root partition. For me, I've enough ram where I don't really use swap unless hibernating, so a swapfile versus a separate encrypted swap partition suffices.
ChromeOS has a great separation of concerns and isolation of environments. I have my work profile and my personal profile, which are totally separate. I have my browser environment and my dev VM, which are totally separate. Different activities are cleanly partitioned.
This has obvious security benefits but also is just a really nice, simple way to manage the system. I can fuck up a dev VM without impacting anything else, I can click random links on my personal profile without impacting work, etc.
It also just does what I want it to do. I browse the internet, I program. It's good for those things. So... why Linux?
I appreciate the folks here being open about their biased opinions, because they are completely out of line with the reality I've seen. I teach IT in a college and I run a non-profit the refurbishes computers.
I have not seen a remotely significant difference between ChromeOS and Linux (with Chrome Installed) for the vast majority of users.
It is true that Linux on ChromeOS is annoyingly fiddly and my suspicion is that this is the Google mind (perhaps subconsciously) not wanting to reveal how generally unnecessary "ChromeOS" would be in a world that collectively "knew that the Linux Desktop existed." And I do mean this "without modification," i.e. most of your top 20ish Distrowatch distros fare perfectly well here.
No, I mean they turn on computer, there's a Chrome icon, and a start menu etc etc. It's pretty much the same experience. I'm not sure if they literally can much tell the difference.
They added it about 4-5 years ago, and really it just keeps getting better and better. I'm really in awe of the tech chops of the team that did this, especially around security. You'll often hear it referred to as crostini: https://chromeos.dev/en/linux
To be clear on what you're getting: It runs a (Linux) VM and you get root on (a container on) that VM. Not trying to rain on your parade (because it's really quite useful!) but it's limited in what it can do. (eg it can't change the host's wifi MAC address.)
Chromebooks have easy access to developer mode which gives you root access to the host OS though, so it's kinda moot.
Thanks for the detailed description. Might still consider it, or at least look for a cheaper Chromebook just to play around with and get a feel first.
At any rate, Chromebooks sound more capable than I previously gave them credit for, enough so that they will now be part of my evaluation next time I upgrade.
Between the Framework Laptop now supporting Chrome OS and some of the info in this thread, Chromebooks and Chrome OS no longer seem like just the cheap Google Docs appliances for schools that I originally thought they were, which is pretty cool.
I'm also going to add, and this is a spicy take, for every day browser tasks ChromeOS beats out both Windows and macOS.
It took them awhile to get there, but with virtual desktops, gesture support, the hardware back button, Chrome tab scrolling (actually OP), I found that ChromeOS is the day-to-day best operating system for browsing the web.
As you note, the Linux support is great but requires a pretty beefy processor, my Pixelbook was the i7 and it still chugged a bit. But overall, amazing OS today, really miss that laptop.
Which means that Google can simply lock you out of your Chromebook, for entirely arbitrary (and not even necessarily disclosed) reasons, at any moment. There's no practical avenue of appeal - Google is vast and even governments have trouble keeping it to heel. Individuals have no chance against these obdurate nation-sized entities. I think any Chromebook purchase, beyond the most cheap and cheerful throwaway, would be a crazy hostage to fortune.
There is a single "desktop" user on chrome os - 'chronos'. Even when you login with different accounts, everything is still running as chronos (id 1000).
What happens is that there are separate loopback filesystems, 1 per each "google account", all stored under /mnt/stateful_partition. These filesystems are encrypted (ecryptfs). When you login, the relevant filesystem is decrypted and bind mounted over /home/chronos.
All of this is done locally, no network queries involved. I don't think that you lose your local files if your google account is somehow borked. You just lose the online aspects of that.
But as a general rule, your overall point about not being too reliant on googlopoly is one which should be well taken.
Interesting, thanks. That's something then - I don't know much about ChromeOS. I've considered it for parents, but in the end have opted for something modest running one Linux or another.
A true laptop-appliance with an immutable-ish OS, decent security and fast/easy updates is actually a quite compelling notion. I'd be pretty uncomfortable with it not being local-first for user data though.
Actually, in many ways, what you're asking for in your 2nd paragraph is pretty much what chrome os is.
BTW, chrome os is actually gentoo linux under the hood (with the portage pkg manager stripped out at the end). At one time, there was even a shell script doing the rounds which put portage back on it.
Your larger point re: Google reliance is still a valid one, but one which holds true even if you run chrome on another linux distro. If you really look at it, I'm not sure if a chromebook is less private than that.
> Actually, in many ways, what you're asking for in your 2nd paragraph is pretty much what chrome os is.
Indeed, that was my point. Something like ChromeOS is a great idea.
> Your larger point re: Google reliance is still a valid one, but one which holds true even if you run chrome on another linux distro. If you really look at it, I'm not sure if a chromebook is less private than that.
Privacy's not my main emphasis. The world is in a state of gradual physical collapse. My (wealthy) region has had infrastructure destroyed by successive waves of fire and flood, and it will never recover (eg. we'll never again have year-round roads or always-on internet). We're the vanguard of what is coming to all. Entirely network-dependent devices aren't appropriate technology for our time. a fortiori for single-corporation-dependent devices.
Coincidentally, I've been doing a deep dive into offline-first, mesh & p2p related projects (nncp, yggdrasil, etc).
Would be interesting to see a linux distro with builtin plumbing for such things. Eg: constant snapshots, cached locally and then forwarded on to your other devices (once they are network reachable), all within a local mesh network that you define, which sits on top of the public internet (and bypasses NAT and firewalls)
> A true laptop-appliance with an immutable-ish OS, decent security and fast/easy updates is actually a quite compelling notion. I'd be pretty uncomfortable with it not being local-first for user data though.
I was thinking more for the sort of non-technical users a Chromebook would suit, which at a minimum means pre-installed with little or no admin needed. Chromebooks are a great idea, it's just a pity they're so deeply intertwined with Google services (though given way the consumer market has developed, some such corporate entanglement is I suppose inevitable).
Ah, yeah. I don't think anyone sells laptops with Silverblue pre-installed, so that would be a hurdle. After that though, IMO Silverblue fits the bill very well, and may surprise you with how polished its update/upgrade flow is, especially compared to Debian-family distros.
Regular Fedora Workstation is my standard OS these days, so I suspect Silverblue may be in my own future. I look forward to giving it a try when time allows & curiosity overwhelms!
Aside from Linux distros per se though, I think there's a need for something like ChromeOS (preinstalled, appliance-like, as foolproof as possible), but without the deep single-corp dependence. Unfortunately I don't think the market in its current state is capable of filling this need.
Not going to comment much on how much of a risk it is to use a Google product in this way. Just going to say that ChromeOS is pretty much designed to work with Google's primary apps: GMail, Drive, Hangouts (or whatever it's called these days), etc. So my point is that if you want to stay out of the Google ecosystem, it wouldn't make sense to use ChromeOS in any case.
A willingness to selectively use the Google ecosystem, versus signing over your bare ability to even use a purchased general-purpose computing device entirely to Google's pleasure, are two distinctly different things though.
I'm not making a 'Google is evil' argument (that would be a different conversation). I just couldn't bear to trust any corporation with that degree of arbitrary power over physical objects in my possession, regardless of whether or not I'd use their webapps. The power imbalance is just too great. Google (or Microsoft or Apple) is, in practise if not in theory, above any law that can be wielded by individuals.
I'm with you. We're driving into the world of Snow Crash like Tina Belcher, and all I hear when folks talk about how marginally better for browsing these devices are is: "ehhhhhhhhhhhhh".
On a more specific (read: paranoid) note, these security chips give me the heebie jeebies. How long until I need to register a program hash with the FAANG-that-be just to run my own software?
As also a current pixelbook user (it's now mostly a tablet replacement now that I bought a Framework), the only thing that would make this a full pixelbook replacement is a touch screen and a 360 hinge, so I can use it as a tablet.
Perhaps the next iteration, though that means replacing the whole chassis/screen (those seem harder to repurpose than the mainboard)
Yeah I love my chromebook as a cheap, almost throwaway device, for when I go on business trips. It's light, it keeps me away from my favorite games, if I drop it no big financial loss. All my work "work" is in the cloud.
This is excellent. The last major missing piece was coreboot, and this presumably delivers that. Also, could you please make/sell suzyQ cables (https://www.sparkfun.com/products/retired/14746)? They've been OOS since COVID. Edit: Is i5 the only option ? There's no i7 option on the order page.
I hope this does not backfire as a product without a target audience. I want to see framework succeed in making modular hardware, not at offering lock-in services from Google or even promoting ChromeOS and other Google products.
I use a Chromebook for development as well. It's $100 computer and it is just fantastic. I throw it around with such peace of mind, and the battery life is just incredible!
It has only one issue for me, it does not have enough power to run MS Teams on the brownser, and the Android app does not work well.
It looks like you can configure the DIY without an OS, and they have official guides up on installing Fedora, Ubuntu, Manjaro and Mint: https://frame.work/nl/en/linux
I think he means one where all the components are selected because they are well supported by Linux drivers, and dispensing with x86 only components. That would indeed be useful. I would even pre-install Ubuntu on it and then users can replace with ____ (insert favorite distro here). You can be sure that the vast majority of people using a distro other than Ubuntu know how to install it.
I don't think they could win with a "Linux Edition" laptop. What distro would they ship with? Pop!_OS? Ubuntu? Debian? Fedora? Alpine? Manjaro? No matter what they choose, I suspect they'd just get accused of picking sides and the vast majority of users would just re-install with their preferred distro.
Yep, this is indeed the main reason behind this. We polled the community and found a pretty even split between several major distros. Rather than having inventory explosion from a large number of OS-specific SKUs, we optimized for shipping without an OS and writing easy to follow install guides.
Linux only editions nevertheless makes sense if you want to cut down on the chipset cost.
AMD chipsets have SoundWire, and MIPI CSI/DSI support, but there are no way to use them in Windows. Intel is starting to support them as well with Alder Lake mobile.
SoundWire is way simpler than HDA, and availability/cost is better.
Connecting the whole suite of peripherals over i2c allows to dispose of wide LIF cable from the front panel. No LPC EC needed.
MIPI CSI cameras are vastly superior to USB ones, and are dirt chip for price/picture quality due to the size of smartphone market.
Tablet use MIPI DSI panels price/quality is superior to LVDS panels, and you will never get such thin laptop-use panels.
Linux can use non-SMBus battery gauges, and PMICs. Again, you can forego paying the x86 premium on SMBus vs. i2c controlled PMICs.
The older I get, the less I care about which distribution comes on a linux laptop. The fact that it exists at all is a reason to consider the model.
A production linux laptop is a clear statement, "All of our hardware is immediately compatible with linux. Sure, our distro has little warts, but you can either install your own or `apt-get install fluxbox`, copy in your config files, and get right to work, ISL."
I don't think it's a very big deal to say "yes, we're fully compatible with Ubuntu" and let you spend ten minutes installing it. I don't need someone else to install an OS for me.
The actual important thing is that all their hardware has Linux drivers.
Depends if the laptop manufacturer wants to make promises like "Battery life: 20 hours of 1080p video streaming"
Most laptops that achieve that require the hardware, OS and browser working together. I've seen laptops that, when running Linux, struggle to last through an hour-long video call.
I don't care which distro they ship as long as it works. My company will not buy me a laptop without operating system and I will not recommend to my friends laptop without operating system.
ChromeOS is a privacy nightmare I cannot recommend to anyone which is a real shame because it is perhaps the most secure consumer focused workstation operating system out there.
I wish any vendor would offer a privacy-by-default telemetry-disabled ChromiumOS option I could actually recommend.
2. google does has privacy option, partially thanks to the EU forcing them
and as far as I can tell they are not randomly "undone" with updates from
time to time
3. a lot of more common users do also have instagram and similar, do most things
through android/iOS apps and use google search and chrome, or some chrome derivate.
How much additional information does using ChromeOs expose?
Don't get me wrong for most people on HN it probably is degrading privacy. But this is not targeting the common HN user.
This is targeting:
- existing ChromeOs users looking for an upgrade
- this includes devs
- this includes less tech affine people
- this includes people which bought that premium Chromebook with a 3:2 Google sold years ago
- this includes a bunch of google (ex-)employs which might have been the driving factor for bringing out a ChromeOs version
- this includes junior devs which grew up with a edu focused chrome book
- people which care about the mission of framework, but are not highly tech affine, they might seem rare but they do exist
- presents, Chromebooks can be nice presents to less tech affine users and if they anyway use mainly Chrome and similar it's not necessary "reducing their privacy"
- people feed up by Linux desktop issues but disgusted with Apple Hypocrisy and totally feed up with windows since a while
- especially if they are not supper sensitive wrt. privacy. And while such devs might sound like a myth on HN I have meet docents of them
Lastly it's the same hardware and probably more or less the same driver support issues, so the cost of shipping such a version is probably not too high while at the same time it can give you a bit more supply chain stability (by removing hardware choices outside of cards).
The main question is if the firmware is in a state where you could just install Linux or Windows if you want.
Giving ChromeOS devices to low tech users that cannot understand the privacy and lock-in risks feels like a tech version of giving kids cigarettes. It is simply unethical. The HN crowd can make informed decisions to give Google control of their entire digital lives but we should not make that choice for others.
I would never recommend Windows or MacOS to anyone for similar reasons so those are not a comparison I care about either. I would certainly recommend a Chromebook over either if someone absolutely has no choice but those three, but there are almost always other choices if you make some time to teach someone.
Most Linux distros are a security shit show so pre-installed linux machines are hard to recommend to anyone that does anything high risk on their machines like financial work or journalism.
Degoogled ChromiumOS feels like a good security/privacy balance for most people but that is not currently a user friendly option for installation and upgrades.
In practice I find myself using and teaching others using their machines for anything remotely privacy or security sensitive to install and use QubesOS. For all the excellent privacy and security design it has a high learning curve and strict hardware requirements making it untenable for low-budget or low-tech users.
Much of the HN crowd has their finances intertwined with forcing these kinds of choices on consumers. Sometimes I dream of an awful de-anonymized internet where your financial holdings are bound to every post that you make online. I think binding that incentive might change how we ingest opinions.
Already on the internet we can choose to use our real name when we are comfortable having our reputation tied to our words giving them more weight, and we can also be anonymous other times when we are okay with our words holding very little weight, but also very little risk to us.
I think many people, if they find a comment really impactful, will take a look and see if this was said by someone using their real name and if there are obviously relevant major corporate biases they didn't disclose. Or maybe I am weird and am just trying to justify that I personally do this often.
Regardless, both anonymous and identified communication are very valuable depending on the particular goal, and it should always be a switch everyone is empowered to be able flip at any time.
Sometimes when I am testing out ideas to decide how I even feel about something myself, I may choose to be anonymous.
Most of the time, I am fine with most of my posts on HN being under my real name and tied to my reputation and that of the security and privacy consulting company I run.
I still reserve the right to change my mind and be wrong sometimes and trust most of my target customers to give me some room for that :)
low-tech users don't care much for their privacy in my experiences. This may be due partially due to the lack of understanding, but also due to cultural differences different from the average hn user. The time needed to teach them how to use complicated security systems just isn't worth it for them most of the time. People have different priorities. Most people just want to use their computers as a utility or for playing fun games or something.
I'm sure there's some complicated oven i could use that would be way better in the long run but I just wanna make pizza sometimes, not the best pizza in the world at the perfect temperature.
If an oven leaked a lot of pm2.5 or Carbon Monoxide and it happened to still be legal, it would still be an ethical obligation for someone that is aware of these issues to recommend against that oven even if someone just wants the cheap/easy option and does not comprehend the risks.
Those that can comprehend significant technical risks are obligated to recommend a low-risk strategy until people have enough relevant understanding to take informed risks for themselves.
I would for instance never let a minor use apps like TikTok known to granularly monitor and sell their location and behavior to keep them maximally addicted and maximally profitable. If the user is an adult tech worker that understands how such apps work and has the means to actually understand the privacy policy... then I will find their choice stupid but it is their life.
I agree with most of what you said. I think privacy is important and it is important to educate people on these issues. I just think that say a grocery store worker that just wants to get the bills paid for next month and enjoy life a little has a different set of priorities than a tech worker making > 60,000 USD. There are more people like that in the United States than tech workers.
Not having the ServoV4 available to anyone but Google employees completely invalidates any praises of this thing being "open".
Additionally, the Titan C chip included on the mainboard doesn't appear to be socketed (please correct me if I'm wrong), so you're basically stuck with a proprietary processor hooked into your machine doing god knows what. Note that the Titan C isn't open source like the "OpenTitan" project, which means they're basically privacy-washing chromebooks.
I don't have a problem with them making a chromebook but not releasing Coreboot firmware for the existing boards is giving me bad vibes, really worried Framework's leadership is compromised.
This is great news! Chromebooks don’t have to be low spec machines! I recent bought a machine off of the list at https://support.google.com/chromeosflex/answer/11513094?hl=e... just so that I could have a decent device with decent specs to run ChromeOS Flex—and the more I use it, the more I enjoy a machine that Just Works, requires little maintenance and runs alongside the flexibility of a modern Debian Linux VM.
Congrats to frame.work for creating another decent product. But disappointed that it's an Intel device yet again. Why no AMD? (And can we replace ChromeOS with Linux or FreeBSD?)
Creating an AMD version of the Framework I assume takes a lot more work than just hitting up AMD and asking for some CPUs. Should they stop all other product development while waiting on AMD?
Unless Intel is helping them with the reference designs, I don't see how an AMD motherboard for their frame.work laptop is more difficult to design than an Intel one. Can you clarify why you think so?
Actually, I was thinking I'd like to see a Framework laptop with an ARM CPU. There are ARM based Chromebooks after all.
Other than Apple's M1/M2 chips, there aren't any ARM CPUs that can match the raw power of x86, but Apple has demonstrated what's possible. And it would do a lot to resolve the battery life.
I know, and understand that Intel offers better deals to undercut their competitors. But just search for all discussions on frame.work on Reddit or HN and you'll find that top most requested feature is an AMD CPU. Most of us know that AMD today makes slightly better CPU than Intel. And it's cheaper too! And AMD always has offered better support to upgrade their CPUs - upgrade-ability is one of the key features of frame.work.
I've used a Chromebook a fair bit over many models. I even got a beta CR-48 when they first launched. The best models are tent * yoga style and touch enabled and also come with a stylus.
I searched the Framework Chromebook page for "touch" and found 0 results. I hope they are working towards a touch enabled Chromebook.
I love my Chromebook and I'm not looking for a replacement, but I do still like to look at new devices.
I personally think that this Framework Chromebook is way to expensive at 999$, but I do fine from a non USD economy, so many technologies coming from US are too expensive for me. That being said, my vision has always been that Chromebooks are light, affordable and battery life that will last longer then you. I paid around 400€ for my Chromebook, the most important specification was FHD IPS display and at least 12h of battery.
I'm aware that Google made Chromebooks with very high prices, but I don't think many bought those.
That's why seeing this laptop for 999$ seem a bit too much, especially now that you can get M1 MacBook Air for the same price! And it's just as user-friendly, if not slightly more.
Still waiting for this laptop to be available where I live, I'm at the point where I'm loosing the last bit of hope and am considering to just buy a different product. Which really annoys me, because I was never as hyped for a laptop as for this one.
To keep inventory streamlined for this product, we only have a single configuration of the product. It is super easy to open up and add more memory to though. We include a screwdriver in the box and encourage you to explore the inside.
If Google partnered with Microsoft to bring the complete Excel/Word/PowerPoint programs to ChromeOS, I would jump ship in a heartbeat for our office fleet.
I wonder if CodeWeavers CrossOver can run Office on ChromeOS reliably.
That is a space they are quite directly trying to win with their in browser suite of office tools, and chromeOS is, partly, a vehicle for that. I would be surprised to hear that G and MS partnered in that sort of a way.
I’d be just as satisfied for Google Sheets to become the standard. I have seen XLSX/DOCX as the standard format for a long time. The Google Workspace (GSuite) products don’t interoperate seamlessly, and they are not a compatible solution.
This is like that modular phone thing that I haven't heard about in forever. I'm not sure how making a device appealing to 60K folks, maybe, makes any sense.
Seems like it's targeting the wrong crowd. Framework laptops would naturally appeal to the tinkerer and techie crowd, meanwhile ChromeOS is very much a casual user kind of OS. It makes sense to have $300 Acer laptops running ChromeOS, not so much a $1000 repairable laptop...
Win11 and macOS and desktop Linux all suck in various ways. ChromeOS actually has far better security, boots faster, has less obtrusive automatic updates, supports Android apps, runs Steam (in beta), and has real Linux that you can use underneath instead of PowerShell or Cygwin or WSL or Apple's weird environment with no native package manager and a set of outdated utilities and a git binary that requires accepting the XCode license agreement again every time there's an update...
Seems like half of HN readers think Google is the literal devil, but for the other half, why not ChromeOS?
Companies can offer multiple products.
If it fails to sell they will discontinue it but if it does well it can help Framework offer a broader range of products.
I would think that the upgradability has significant environmental upsides for schools (who otherwise end up ditching computers fairly regularly)
I suspect it also means laptops with minor damage can be fixed more economically or at the very least can be cannibalised for the working parts to fit to other school laptops.
I’m going to bet the opposite - no school is so flush with cash they can pay a 3x premium per laptop for students thet offers the same functionality. This seems like a misguided approach to obtain mass market appeal.
Many schools are already using Chromebooks. Framework is now making it so they won't get ripped off. This is an incremental improvement that I can see making Framework a lot of money actually
This is a great point. Also, even if it is actually cheaper in the long term because they can just upgrade parts from the modularity of it, I somehow feel skeptical that a school IT unit is going to have that level of foresight. Even if they do, will they be able to successfully persuade the suits that control the budget?
Yup, you're right, this could be a very tough sell.
It would need to last 3 times longer before needing a single replacement part for the cost to lifetime ratio to even out. Each replacement part in that timeframe pushes the value time out further. I'm not convinced it would be cheaper in the long run.
I wonder how often they have to replace those low priced chrome books, however. Maybe there is a good value proposition in buying a well powered machine that can be updated by an IT department in an age where laptops are never upgradable.
Dell released a "business class" 13-inch Chromebook (the Lulu platform) in 2015. It came with several options (e.g. Celeron vs i3 vs i5, 4GB vs 8GB RAM, choice of SSD storage size, touchscreen or not, etc). At the time it was released, the retail price for a non-touchscreen i3 was over $900. Again, that was not even the most expensive configuration, and that's 2015 dollars, not 2022 post-COVID inflation dollars. Many institutions went for the cheap Celeron-based models, but plenty others apparently opted for pricier ones (e.g. models with an i3 and a touchscreen, to give one example that I'm personally familiar with).
I may be misunderstanding, but in what way is this not DIY?
> Memory and storage are socketed, enabling you to load up whenever you’d like. The pre-built configuration comes with 8GB of DDR4 and 256GB NVMe storage and can be upgraded to up to 64GB of DDR4 and 1TB of NVMe storage. You can also use 250GB and 1TB Storage Expansion Cards to extend your space.
Right, absolutely. That's a choice that people get to make - they can either buy a Framework laptop that does have the ability to change out the OS, or if their threat model requires it, one that doesn't. Either way, they get upgradable components and future-proofing. I don't see how that's a negative for freedom.
I'm not opposed to this device and actually think it's kind of cool. I use a Lenovo Duet as a secondary device and generally enjoy ChromeOS.
But I see your statements as a little contradictory.. unless I'm missing something.
> this is a total validation of the idea that security does not require a locked-down device
> but the device is locked down in a way..
> Right, absolutely
Maybe we are using different definitions of "locked down." I just wanted to point out that there is a trade-off here. You are giving up some freedom that most DIY'ers would expect (arbitrary OS choice) by choosing the ChromeOS version.
> they get upgradable components and future-proofing. I don't see how that's a negative for freedom
Oh, I see what you mean. I'm referring to the argument from Dell and Microsoft that a "secure" device requires that there are no, or very few, user serviceable components. "Locked down" is an overloaded term here.
People love google’s pixelbook line, I think it just wasn’t a big enough commercial success to continue. I’ve used my pixelbook every day for like 5 years and it’s still incredible - boots in <1 second.
This class of comment is pretty tired. Google Pixelbook did not "flop" it proved the viability of the $1000+ Chromebook market for serious users. There are Chromebooks on the market at all price points. You can build-to-order a HP Elite Dragonfly with a state-of-the-art CPU, 32GB of RAM, and 512GB of flash for $3200 and these are back-ordered to March 2023 so clearly the customers exist.
> these are back-ordered to March 2023 so clearly the customers exist.
Worth remembering that "stock issues" / wait times etc. are as dependant on the production plans of the product as they are on demand. It can be a sign of lots or customers, or just that hardly any demand was expected and so even a tiny amount more takes a while to catch up on (especially if e.g. there are high-demand components that they'd rather put in products with a high profit margin), or... etc
This is a legitimate question, so I'm not entirely sure why you're being faded.
Chromebooks do have a reputation for being under-powered budget mobile devices because they do serve that sector. They also do a lot more that can't be done as easily on Linux, if you have hardware that can support it.
As others have said, Pixelbooks are still coveted devices, and I've been tempted for years to buy one. I thought the original Framework would serve that niche, but it ultimately didn't.
It’s intriguing to me. First, it’s a cheaper way to get started with Framework. Second, it’s a polished, secure thin client for web stuff. I already have a powerful home server, this could be my portable window to that device.
The brilliance is that framework doesn’t have to ship anything, unless customers pay a deposit, which would validate the demand. I don’t see how they could lose here.
Theoretically something like that could be possible, but that is not how we operate. Hardware products have typically >12 month development timelines. We opened pre-orders today with shipments starting in a little over 2 months from now. Pre-orders help us gauge production volume need, but not whether or not we should make a product.
My hope was that this is just running on the standard Framework laptop hardware, but it looks like it required a bit of a mainboard redesign, as well as a different input cover and keyboard. Extra hardware like that just makes their offering more difficult for a customer to navigate and understand, not to mention the added support and manufacturing burden on the company's side.