I tried using a Chromebook as a dev machine several years ago - before Android apps. The chroot situation worked well enough, but the dev-mode boot was a deal-breaker.
Back then, if a Chromebook's local storage filled up, it would factory-reset itself. Is this still the case? This is one big thing keeping me from trying this again (which I'm very tempted to do so after reading this article). Investing in setting up a dev environment like this is fun, but only the first time around...
I think the author was arguing that the install was cloud-backed in such a way that you could simply factory-reset it and restore it, especially before and after travel through oppressive security inspections. I'm not sure it's completely described though.
What's the problem? I switched my asus chromebox to dev mode and installed ubuntu and didn't notice anything. I think there was some small tweak to get rid of the warning and hit f1 to continue or whatever it was.
In five years of running a Chromebook dev mode, I've never had that happen but just in case Crouton has a backup feature to save a gzip of your chroot onto a SD card etc.
I love my C201, also not very expensive. I opted for the 4Gb version.
My first setup was chromeos + crouton then I moved to linux on a sd card. I noticed I never boot into chromeos anymore so I got rid of it.
I have a C201 too...I reflashed the bootloader with libreboot and installed arch linux on it. It it actually quite snappy, and works fine for development!
That's what I thought. However, this article (http://lifehacker.com/how-to-install-linux-on-a-chromebook-a...) mentions crouton and being able to run Ubuntu. For instance, can I use apt-get, containers, etc.? Seems like there are two "solutions" .. one is to reboot into an open Linux system and the other is a more loose chromeOS?
This blog post details using a chromebook as a temporary device, such that you can travel with a blank machine, and provision at your destination with the data and apps you may need:
> It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. ... the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. ... I could treat it as a burner and move on.
Edit; I've been using a de-chromed chromebook for over a year as my primary dev machine and really like it. I developed and launched one side project with it. The model I have (Acer C720) is a dual core Centrino, 2GB of ram, and I upgraded the m2 sata to 120GB. For Python/PHP/Ruby, it's great. I would not do Java development on this set up though. Java IDEs eat battery life and I imagine jvm startup time is a burden on this, although I haven't even installed Java to find out.
Edit 2: to clarify, this is not about removing chromeos, but to use chromeos for it's security features. The article goes over using Termux to get a basic development/work environment setup on chromeos. Plus a lot other helpful tips.
I offered my experience de-chroming as an example, I really like the platform. Apologies if that was confusing.
> Edit; I've been using a de-chromed chromebook for over a year […]
Ok, but as the article states, they did not de-ChromeOS it because they wanted TPM and Verified Boot and FIDO-certified U2F security key so that they didn't defeat the whole purpose of buying a Chromebook.
FTA: “As far as Debian/Ubuntu (and crouton), that's fine as far as it goes, but then you don't end up with a Chromebook, just a cheap mini-notebook with flaky drivers. The whole point of this exercise is to retain the hardened posture of the platform and have a flexible, safe development environment without depending on the crutch of privileged access.”
Totally agreed, but given the engineering efforts that Google have gone through to make the hardware and software stack work in harmony and given Google employees use Chromebooks the author of the article wants to set up a working dev environment by adding to Chrome rather than nuking it and coming up with a semi-custom solution. My first comment was to point this out.
We all know you can put Chromebooks into dev mode and load Ubuntu, in fact I thought it was necessary to get the most out of Chromebooks. If it turns out that Chromebooks can make decent dev environments without nuking and installing Ubuntu or whatever and if they can run Android apps then Chromebook suddenly become a very interesting value proposition.
So, be inconvenienced in every aspects important to a dev but gain a bit of confidence in your machine (as long as you trust Big-G)?
verified boot seems like the only advantage here. You can buy an ebay business-grade laptop with TPM for 40 bucks USD readily, and they don't require reliance on Google or the requirement that one uses a neutered OS. (yes, yes, it's secure. It's a users' platform. Development on chrome OS at this point is an act of masochism.)
If secure travel is your thing, stash your data on a cloud provider and pull it later after you arrive at your destination. Go whole-hog and travel without an SSD and buy a cheap one at your destination with cash. Sprinkle in some libreboot for more confidence.
It'll still be cheaper than a 200 dollar chromebook, and you probably won't have to deal with some of the worlds' worst chicklet keyboards.
P.S. don't travel with a yubikey that isn't partnered with another. Would be a bummer to lose.
I am not saying you're wrong but I'd like some advice on what to buy. The x220 I've never seen dip below $100 with 4GB RAM and a hard disk or at least a caddy.
> The x220 I've never seen dip below $100 with 4GB RAM and a hard disk or at least a caddy.
ThinkPad caddys are dirt cheap. You can buy third party compatible caddys for under $10. [0]
In terms of a laptop with a reasonable build quality that includes a TPM, pretty much any corporate laptop will suffice. X220's command a premium because they're ThinkPads.
If you look at other options, something like the Dell E6220, which is from the same generation as the X220, can be purchased used for around $100. [1]
They don't support coreboot, but they're otherwise reliable machines. The Dell UEFI implementation supports only allowing signed updates and SecureBoot. Depending on your threat model this might be enough for you.
> You can buy an ebay business-grade laptop with TPM for 40 bucks USD readily
You'll have to buy something older than the E6220 mentioned above, but the Dell E6400 is available for $40. [2] That will have an integrated TPM.
If you want the literal 40 dollar laptop I had in mind, look around for an X60/X60s/X61.
They are old, but they are well equipped and I love their keyboard feel, plus TPM and all that jazz.
Their specs are pretty low-end nowadays, but I find that devs have too varied a range of preferences and tasks to judge what they need too readily.
If you're sitting in a huge IDE or photoshop or otherwise have a strong need for heavy lifting and high resolution during your travels, however, these cheapy business-grade laptops from yesteryear are probably a poor choice.
But I sit in emacs and IRC most of the time with music on -- they are perfect for that.
Sub $200 Chromebooks with decent keyboards: Dell 11 (2014 & 2015 models), Asus C202SA, and maybe the Lenovo educational models. At higher prices, of course, you have many choices: both Pixels, Lenovo and HP 13" and the Acer 14 for Work (all last year), the new Asus C302SA.
You can get a Acer 14 refurb for under $200 which is a good dev machine using Crouton with ChromeOS. Nothing else is going to be able to touch this. Sounds like you are just not up to date what is now possible with Chromebooks.
In March, we have seen reports of Android Studio possibly coming to Chrome OS. Android Studio would mean IntelliJ IDEA and the entire family of IntelliJ IDEs. That would make this an even better idea.
You can currently only use web based IDEs or Android based IDEs in Chrome OS.
There are some good web ones (Cloud9) out there and even a few Android based ones (AIDE). You won't be running any Windows or Linux IDEs though (because Chrome OS is not either of those.)
If you're referring to full-blown IntelliJ, Elcipse, VS, etc, the answer is no afaik. But if syntax highlighting, code completion and lightweight refactoring (within and across files) counts, then Caret or Zed might be worth a look. These are native Chrome apps, and don't require web access/connectivity. (I wrote most of the Chromebook piece in the OP and all my Go code using Caret, and am happy with it). I did some toy stress testing by opening up a few copies of War & Peace (1.5M+ line) text files in Caret. It took a couple of seconds to load, but search & replace and rapid scrolling/navigating worked well. Trying the same thing in vim either in Termux natively or via local ssh didn't hiccup at all. As mentioned in other threads, it's a side effect of design decisions, and naive assumptions about in-memory files. Kids today...
While I like the idea and the listed apps are just awesome (didn't know about termux, wow), the whole setup depends too much on google services for my taste :-/
Yeah, this is a no go for me. I don't use anything by Google at all. How can a security conscious person talk about privacy and security on a Google device? They are listening, filming and tracking every single thing you do near that device.
That ("They are listening, filming and tracking every single thing you do near that device") is a claim you're going to have to substantiate. Don't spread such rumours unless you can back them up.
If the claim being made was that they track your usage of their products, that would have been a reasonable response. But the claim being made is that they continuously monitor you through the webcam and microphone. That is extremely bold and, may I say, complete tinfoil nuttery.
Why is that so hard to believe? Personalized ads are huge right now, if you could listen in to people's conversations you can use the data to improve your ad conversion rate. If there's ROI in recording and doing the data collection you can bet they have at least experimented with it.
Can't imagine what recording webcams would do- but I suppose it might be effective for something.
He's not suggesting they are tracking you through their ad network as you go to websites that use them.
He's suggesting they are secretly filming you, logging your keystrokes, and rerouting your mic audio. That is a very bold claim that should be backed up or retracted.
Whether or not a government can compel you to download and reinstall data to your laptop is a much trickier legal problem than whether they can ask you to show them what is on it currently (in the US they almost certainly can request that at the borders). It also adds to the hassle factor for the border crossing agent. If you are walking through customs/border entry with a in box, factory default chromebook in your checked baggage, changes the legal conversation.
Even if you aren't worried about state level inspection, this setup allows you to put the laptop in your checked baggage and not worry that your data has been intercepted by criminal enterprises in the case of rerouted bags or theft. This is a big boon for many business travelers as they are more worried about IP protection than privacy from governmental interlopers.
Any port used frequently will wear out - they have limited life spans due to the moving parts. I see it with my external display ports pretty frequently.
One potential solution is a USB hub, or even a USB extension cable you keep plugged in.
The reason people use u2f keys is because they can't be cloned and the key can't be extracted. I too like and use TOTP (with Authy), but it really can't beat specialized hardware.
I seem to remember reading that NASA would use short sacrificial extension cables so that ground tests would certify the jacks they'd be flying but not wear them out.
Regarding the TOTP app, I generally prefer FreeOTP to Google Authenticator/Duo/Authy, etc. It might not provide push codes, but at least the implementation is Open Source and the binaries come from a trusted source.
Yeah it's a mess when you recommend duo/authy not clear TOTP or internal system. It's a second factor but not the one that's worth implementing: basic link to email has same security and costs $0
Its true that push2factor have some disadvantages, but it has one really strong advantage above pure TOTP: phishing dosnt work as the 2factor is send directly to the site and cant be mitmed at your terminal. Read about it.
I bought the exact same machine, Samsung Chromebook 3, as soon as I realized I could run Termux on it.
I'm using it to poke at languages I'd normally never have the time to experiment with.
I'm on the train for about an hour every day, and I wouldn't feel comfortable with a "real" laptop - too likely to be stolen. But for $169? Not such a big loss.
I'm also really excited about how rock-solid this thing is, as a way to hand a kid a computer that can really teach them programming.
Does chromeOS allow you to remote wipe the box? That seems like that would be another advantage to this in the case of theft (note: definitely not in the case of the box being confiscated by a lawful authority).
> When things get completely borked (which in two weeks of heavy use only happened a couple of times for me)
how are people willing to live with this? I would be furious if I had to lose all my state and (for all intents and purposes) restart my machine multiple times in two weeks.
And if this "borking" happens right before or during a presentation (the author was writing about using this setup for giving talks on), this would be very embarassing for me and extremely annoying for the audience.
A work/presentaion machine has to be rock solid for me. No compromises, no workarounds and most certainly no "completely borked". Just pure solid.
My Macs have an uptime in months. Sometimes I have to restart a process, but needing to restart the machine is exceedingly rare outside of the normal security update related reboots.
Over the years I have given quite a few presentations to customers and at public talks. None of my machines ever let me down.
Despite using Arch Linux, and weekly "upgrade everything".
I know it isn't everyone's experience, but I was exceedingly choosey about the hardware that went into my machine, so that I could do this.
The only problem I've had in the last two years, was an incompatibility between ocaml and fish shell, which eliminated my PATH. Unfortunate, but an issue on the ocaml side of things. A big problem, for certain, but two years of bleeding edge updates, and that's it.
Mostly the same experience, running Debian Unstable on my X201. Keeping a simple environment (AwesomeWM and urxvt, rather than Gnome or KDE; dhcpcd, rather than NetworkManager) probably helps. I put it to sleep every day, often multiple times, and it never fails to come up, connect to Wifi, etc.
Oh, excellent; thank you. I mentioned it because this has bitten me, so I'll want to use that fix.
Fun story: for $REASONS, I have an Arch system with root on btrfs and /boot on ext4, and it doesn't usually have the boot partition mounted (it's a poorly done mutiboot issue). I recently discovered that this means if I forget to mount boot before updating I get stuck with no loaded drivers to mount /boot :) Thankfully kexec worked, but I'd like to not need to do that:)
1) Mid-2010 MacBook Pro, with RAM and SSD upgrades. This is my main machine at home. It has never had to be wiped and reinstalled, and it gets rebooted about once a month.
2) Late-2013 MacBook Pro. This is my work machine and the story is similar to my home machine. It's never needed a reinstall and gets rebooted about once a month as well.
3) Lenovo ThinkPad x131e (Intel). This is my travel computer, serving a similar purpose as the Chromebook mentioned in this article (minus presenting stuff). I'm running OpenSUSE Tumbleweed on this - frequent updates lead to frequent reboots. There's also all the associated weirdness that comes with running a rolling release Linux on a machine that requires proprietary WiFi drivers (they tend to lag by a couple of days). When I ran OpenSUSE Leap it was almost as solid as the Macs.
I'd call the Macs "pure solid" machines, or as close as I can reasonably get. The ThinkPad is decent and the weirdness with it is really my fault.
I reboot my laptop every day. I shut it down at night. It's all in what you're used to doing. There's no particular inconvenience, though it can seem that way if you're disorganized and don't ever close anything for fear of losing your place.
(author here) I think this was misunderstood. I don't mean the _entire_ Chromebook or OS was unstable -- just the opposite actually. I was referring to having to restart Termux twice in two weeks. Two weeks of constant wake/sleep cycles on and off battery, and plugging/unplugging from an external monitor.
In one case it was a hard kill and I lost one ssh window that had been open for a week. In the other, the Termux gui came up and I never dropped my session (the ssh process never died). I'm not yet familiar enough with the Termux internals to understand that. As far as the Chrome OS stability, it's been one of the most stable machines I own, and I say that as a long-time MBP & Librem owner. 99% of the reboots were intentional as I reinstalled the whole build from Powerwash to Erlang hello world, to make sure I got the details right for the post (and to help troubleshoot some minor install roadbumps a couple of my reviewers experienced).
On the presentations, I joined multiple Hangouts & BlueJeans (WebRTC) video client calls with zero trouble. Signal and Wire voice worked like a champ too.
So while I certainly understand some of the comments here, for _my_ use case — a reliable $160 multi-week travel/burner dev notebook with strong security, I'm more than satisfied. And of course it's not in the same league as my $2K++ MBP. I would never try to run a big JDK app, but for offline Go and Python work, it fits my bill.
Yeah, that's pretty terrible. My GNU/Linux machines have months long X11 sessions with firefox, libre office, hundreds (I've hit the window limit) of xterm windows, and lots of other stuff open while waking up and sleeping (s2ram) multiple times every day.
I've them crash once every few years after I'm done setting them up, usually it goes down because I run out of power or want to update the kernel. There's no good reason some GUI should die because of waking up from sleep.
Wondering if Google would themselves launch such a workspace. https://www.youtube.com/watch?v=mfLc4U8pnPk
The idea is to have a vnc/remote-desktop style machine on AWS. Just need only a client (secure chromeOS)
I have a potential application for a U2F keys and I'm wondering why you recommend the $18 Yubikey on Amazon versus the $10 one that is also FIDO certified. Is there a difference in the function or some other important difference?
Not the OP but, I use a $6 one without a button that simply activates on insert. Unfortunately the company that sold them is more interested in bulk sales and the stopped selling individual units. I plan to eventually replace it with the Feitian ePass NFC FIDO U2F Security Key, which is still $17 but includes NFC which I could use with my android phone. for that functionality from Yubi you would need the $50 Yubikey Neo.
One of the BIGGEST drawbacks using a Chromebook with 11.6 inch screen that nobody here talks about yet, is the grainy and crappy 1366 x 768 screen resolution! I've been a long time Macs guy anything inferior than RetinaDisplay will considerably straining my eyes before I am used to it. Dell XPS 13 included.
In fact I do! QHD is 1440p (2560x1440)[1] whereas Retina Display on a 13inch MacBook Pro is at 2560×1600, therefore Dell XPS 13 with QHD is still inferior.
If you're going to compare to a Mac, it's better to look at the higher end Chromebooks like the Pixel 2, HP Chromebook 13, and Samsung Chromebook Pro. They all have screens with pixel density and quality that's on par with the 15" MacBook Pro I have.
Exactly! With a comparable price tag, Chromebook doesn't have advantages (if any), let alone of the Chrome OS's less user friendly stack (GUI based apps and whatnot).
Scaling the same pixel density up to 13" and 15" yields 1614x908 and 1862x1047, respectively. So that's equivalent to arguing that there's no need for a better-than-1080p screen on even 15" laptops. Certainly many people are satisfied with 1080p, but there's a reason that modern high-end laptops offer (much) higher-resolution displays.
I have the Samsung Chromebook 3 (same size and resolution). I don't mind it at all. By comparison, the 14" Lenovo from my employer has the same resolution and looks worse. The Chromebook is no retina display, but it's not that bad in my opinion.
Not really an issue for me. Almost all of my work can be done through the terminal and through Emacs. For maximum visibility, I run a full screen terminals with large font and good contrast. I really wouldn't have it any other way, as I'm not a fan of GUIs. Of course, I still retain the ability to spin up a GUI if I am forced to do so. The only effect the screen has is that it does not entice me to watch videos (which is a great feature for a work machine).
Also, it feels like this Samsung Chromebook 3 is just tiny bit (I am sure it isn't but it feels that way) of upgrade from the famous Dell mini 9[1] from almost a decade ago.
It was super hackable and most people bought it installed hackintosh on it and with a near perfect hardware compatibility with OS X Snow Leopard. A few friends of mine went to Africa for a few months with Dell Mini 9 and were able to freelance their with a fully functional yet super affordable hackintosh Mac. I wish Dell can have another of those netbook lines with compatible hardwares.
I have been using the YubiKey for over a year now, and the novelty wore off.
I lost my key a couple of weeks ago and was surprised how easy it was to get back into my accounts with just my phone. There is no point in using something like that if providers allow you to failover to more conventional authentication methods without any hassle; the keys are useless. They are not going to add manual verification for a couple of people who lost their YubiKey.
YubiKey is useful for instances when you want to grant somebody access to something with just a key. I don't see it going beyond that anytime soon.
Even for providers that do provide seamless failover, the inevitable "we see you requested an account recovery" email would serve as useful canary to know you're being targeted.
Well I imagine in most people's cases if they've managed to compromise their email then the game is already won.
Anecdotally, someone got my steam account credentials. I discovered this when they tried to change my password. Fortunately I had Steam's two-factor enabled and got the notification (2-factor is required to change steam account passwords), which alerted me to change my password. They actually tried the account recovery option and I got an email notification about that as well.
So in situations like that such notifications can be quite useful. But yeah, if they've compromised your most critical accounts/devices then YubiKey isn't going to save you. I don't think that's a knock against it.
I've been running the Chromebook Pixel 2015 as my primary dev machine since it came out. Unlike the author however, I've opted for the less-secure "dev mode" on the laptop, and do everything in crouton. (Java web / Android, mostly).
It may not be as secure, but it's hella convenient (still use 2FA). ChromeOS boot is < 5 seconds, and I just stay there for web browsing / netflix. Dropping into crouton is another < 5s when I need to do dev work, or play steam games.
Everything important on the laptop is backed up to some cloud service or another, but it's expensive enough that I'd be distraught if I lost it (plus they stopped selling them).
I'd be more worried about somebody straight up stealing the laptop than any other security risks I may be running by running in dev mode.
I love the idea of natively developing in ChromeOS, but at this point it just seems like more hassle and fighting the system than it's worth.
I've been doing the same thing, but as I work with Docker often I had to waste a bunch of time compiling a custom kernel[0], which I ended up trashing after about a week because who cares?
Instead, I just have my Chromebook and a VPC on Google Cloud that I SSH into for work. Theoretically I wouldn't be able to work if I didn't have internet access, but I've never actually run into that problem. I still have dev mode off, but I don't think turning it on is a huge risk.
Steam games though? I didn't know you could do that.
Awesome link, thanks! Docker is actually the one thing I was never able to get working properly in my chroot!
Re: Steam games, yup it's powerful enough to run most indie games that support linux (which is an increasing number, recently). The biggest constraints are GPU and disk space. I've had a few good runs of FTL (Faster than Light) on long-haul flights.
You just gotta make sure you keep an eye on the battery, since if it dies you accidentally wipe the system :/
177 comments
[ 2.6 ms ] story [ 232 ms ] threadBack then, if a Chromebook's local storage filled up, it would factory-reset itself. Is this still the case? This is one big thing keeping me from trying this again (which I'm very tempted to do so after reading this article). Investing in setting up a dev environment like this is fun, but only the first time around...
> It's pretty neat to consider the possibility of pre-travel "power washing" (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. ... the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn't lose too much sleep. ... I could treat it as a burner and move on.
Edit; I've been using a de-chromed chromebook for over a year as my primary dev machine and really like it. I developed and launched one side project with it. The model I have (Acer C720) is a dual core Centrino, 2GB of ram, and I upgraded the m2 sata to 120GB. For Python/PHP/Ruby, it's great. I would not do Java development on this set up though. Java IDEs eat battery life and I imagine jvm startup time is a burden on this, although I haven't even installed Java to find out.
Edit 2: to clarify, this is not about removing chromeos, but to use chromeos for it's security features. The article goes over using Termux to get a basic development/work environment setup on chromeos. Plus a lot other helpful tips.
I offered my experience de-chroming as an example, I really like the platform. Apologies if that was confusing.
Ok, but as the article states, they did not de-ChromeOS it because they wanted TPM and Verified Boot and FIDO-certified U2F security key so that they didn't defeat the whole purpose of buying a Chromebook.
FTA: “As far as Debian/Ubuntu (and crouton), that's fine as far as it goes, but then you don't end up with a Chromebook, just a cheap mini-notebook with flaky drivers. The whole point of this exercise is to retain the hardened posture of the platform and have a flexible, safe development environment without depending on the crutch of privileged access.”
https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rul...
> I've come to fully appreciate Google's Chrome OS design. The architecture benefited from a modern view of threat modeling and real-world attacks.
This linked in the article explains what he means https://www.chromium.org/chromium-os/chromiumos-design-docs/....
We all know you can put Chromebooks into dev mode and load Ubuntu, in fact I thought it was necessary to get the most out of Chromebooks. If it turns out that Chromebooks can make decent dev environments without nuking and installing Ubuntu or whatever and if they can run Android apps then Chromebook suddenly become a very interesting value proposition.
It is so close to being usable. It is such a user friendly operating system, it just falls short on a few significant fronts.
1. Developer mode should be friendlier to use (no horrible noises on boot, no delayed boot time).
2. It needs support for electron-based/alike apps to run natively in browser windows without crouton. E.g. vscode.
verified boot seems like the only advantage here. You can buy an ebay business-grade laptop with TPM for 40 bucks USD readily, and they don't require reliance on Google or the requirement that one uses a neutered OS. (yes, yes, it's secure. It's a users' platform. Development on chrome OS at this point is an act of masochism.)
If secure travel is your thing, stash your data on a cloud provider and pull it later after you arrive at your destination. Go whole-hog and travel without an SSD and buy a cheap one at your destination with cash. Sprinkle in some libreboot for more confidence.
It'll still be cheaper than a 200 dollar chromebook, and you probably won't have to deal with some of the worlds' worst chicklet keyboards.
P.S. don't travel with a yubikey that isn't partnered with another. Would be a bummer to lose.
Thank you for your help.
ThinkPad caddys are dirt cheap. You can buy third party compatible caddys for under $10. [0]
In terms of a laptop with a reasonable build quality that includes a TPM, pretty much any corporate laptop will suffice. X220's command a premium because they're ThinkPads.
If you look at other options, something like the Dell E6220, which is from the same generation as the X220, can be purchased used for around $100. [1]
They don't support coreboot, but they're otherwise reliable machines. The Dell UEFI implementation supports only allowing signed updates and SecureBoot. Depending on your threat model this might be enough for you.
> You can buy an ebay business-grade laptop with TPM for 40 bucks USD readily
You'll have to buy something older than the E6220 mentioned above, but the Dell E6400 is available for $40. [2] That will have an integrated TPM.
[0] http://www.ebay.com/itm/Lenovo-Thinkpad-X220-X220i-Hard-Driv...
[1] http://www.ebay.com/itm/Dell-Latitude-E6220-13-3-Intel-Core-...
[2] http://www.ebay.com/itm/Dell-Latitude-E6400-Laptop-Core-2-Du...
They are old, but they are well equipped and I love their keyboard feel, plus TPM and all that jazz.
Their specs are pretty low-end nowadays, but I find that devs have too varied a range of preferences and tasks to judge what they need too readily.
If you're sitting in a huge IDE or photoshop or otherwise have a strong need for heavy lifting and high resolution during your travels, however, these cheapy business-grade laptops from yesteryear are probably a poor choice.
But I sit in emacs and IRC most of the time with music on -- they are perfect for that.
Get a dealer account and you get 20-40% off the listed prices. I applied and got the account in about a week or two.
"Grade A" refurbs are in really good shape.
Cheapest X220 (Grade A) right now is $153.60 ($192.00 list).
That's why the author has you setup a new account so that you can segment your burner data from your real life.
There are some good web ones (Cloud9) out there and even a few Android based ones (AIDE). You won't be running any Windows or Linux IDEs though (because Chrome OS is not either of those.)
Can't imagine what recording webcams would do- but I suppose it might be effective for something.
Because there's no actual evidence to support it.
He's suggesting they are secretly filming you, logging your keystrokes, and rerouting your mic audio. That is a very bold claim that should be backed up or retracted.
Even if you aren't worried about state level inspection, this setup allows you to put the laptop in your checked baggage and not worry that your data has been intercepted by criminal enterprises in the case of rerouted bags or theft. This is a big boon for many business travelers as they are more worried about IP protection than privacy from governmental interlopers.
One potential solution is a USB hub, or even a USB extension cable you keep plugged in.
I ended up liking the "Caret" editor - it's a Chrome App.
I've seen Google Authenticator do this (for Google accounts), or the Blizzard Authenticator. I would guess that Duo has a product for this.
I still think it's a second factor. Only a third party might have access to the factor too, like SMS codes/3DSecure.
Its true that push2factor have some disadvantages, but it has one really strong advantage above pure TOTP: phishing dosnt work as the 2factor is send directly to the site and cant be mitmed at your terminal. Read about it.
I'm using it to poke at languages I'd normally never have the time to experiment with.
I'm on the train for about an hour every day, and I wouldn't feel comfortable with a "real" laptop - too likely to be stolen. But for $169? Not such a big loss.
I'm also really excited about how rock-solid this thing is, as a way to hand a kid a computer that can really teach them programming.
how are people willing to live with this? I would be furious if I had to lose all my state and (for all intents and purposes) restart my machine multiple times in two weeks.
And if this "borking" happens right before or during a presentation (the author was writing about using this setup for giving talks on), this would be very embarassing for me and extremely annoying for the audience.
A work/presentaion machine has to be rock solid for me. No compromises, no workarounds and most certainly no "completely borked". Just pure solid.
Does that actually exist?
Over the years I have given quite a few presentations to customers and at public talks. None of my machines ever let me down.
That said, multiple times a week is very silly. Once a month would probably top out my personal tolerance for similar bugs.
Despite using Arch Linux, and weekly "upgrade everything".
I know it isn't everyone's experience, but I was exceedingly choosey about the hardware that went into my machine, so that I could do this.
The only problem I've had in the last two years, was an incompatibility between ocaml and fish shell, which eliminated my PATH. Unfortunate, but an issue on the ocaml side of things. A big problem, for certain, but two years of bleeding edge updates, and that's it.
But it ever does, I'll probably adopt and adapt one of the solutions from this thread [0].
[0] https://www.reddit.com/r/archlinux/comments/4zrsc3/keep_your...
Fun story: for $REASONS, I have an Arch system with root on btrfs and /boot on ext4, and it doesn't usually have the boot partition mounted (it's a poorly done mutiboot issue). I recently discovered that this means if I forget to mount boot before updating I get stuck with no loaded drivers to mount /boot :) Thankfully kexec worked, but I'd like to not need to do that:)
I've got three machines that I use regularly.
1) Mid-2010 MacBook Pro, with RAM and SSD upgrades. This is my main machine at home. It has never had to be wiped and reinstalled, and it gets rebooted about once a month.
2) Late-2013 MacBook Pro. This is my work machine and the story is similar to my home machine. It's never needed a reinstall and gets rebooted about once a month as well.
3) Lenovo ThinkPad x131e (Intel). This is my travel computer, serving a similar purpose as the Chromebook mentioned in this article (minus presenting stuff). I'm running OpenSUSE Tumbleweed on this - frequent updates lead to frequent reboots. There's also all the associated weirdness that comes with running a rolling release Linux on a machine that requires proprietary WiFi drivers (they tend to lag by a couple of days). When I ran OpenSUSE Leap it was almost as solid as the Macs.
I'd call the Macs "pure solid" machines, or as close as I can reasonably get. The ThinkPad is decent and the weirdness with it is really my fault.
Like everything else, your experience may vary.
In one case it was a hard kill and I lost one ssh window that had been open for a week. In the other, the Termux gui came up and I never dropped my session (the ssh process never died). I'm not yet familiar enough with the Termux internals to understand that. As far as the Chrome OS stability, it's been one of the most stable machines I own, and I say that as a long-time MBP & Librem owner. 99% of the reboots were intentional as I reinstalled the whole build from Powerwash to Erlang hello world, to make sure I got the details right for the post (and to help troubleshoot some minor install roadbumps a couple of my reviewers experienced).
On the presentations, I joined multiple Hangouts & BlueJeans (WebRTC) video client calls with zero trouble. Signal and Wire voice worked like a champ too.
So while I certainly understand some of the comments here, for _my_ use case — a reliable $160 multi-week travel/burner dev notebook with strong security, I'm more than satisfied. And of course it's not in the same league as my $2K++ MBP. I would never try to run a big JDK app, but for offline Go and Python work, it fits my bill.
I've them crash once every few years after I'm done setting them up, usually it goes down because I run out of power or want to update the kernel. There's no good reason some GUI should die because of waking up from sleep.
Works the same as my $18 Yubi key but the little cover over the USB prongs keeps falling off...
You do realize the Dell XPS 13 has QHD as an option?
[1]: https://en.wikipedia.org/wiki/Graphics_display_resolution#QH...
I use dell xps 13 for half a year and I have 3200x1800 resolution. When buying a xps you have two screens to choose from.
Alas, they also have price tags more on par with a Macbook.
AFAICT the reason than even expensive 11" laptops generally don't run higher resolutions is that at that size you can't tell the difference.
It was super hackable and most people bought it installed hackintosh on it and with a near perfect hardware compatibility with OS X Snow Leopard. A few friends of mine went to Africa for a few months with Dell Mini 9 and were able to freelance their with a fully functional yet super affordable hackintosh Mac. I wish Dell can have another of those netbook lines with compatible hardwares.
[1] https://en.wikipedia.org/wiki/Dell_Inspiron_Mini_Series#9_Se...
I lost my key a couple of weeks ago and was surprised how easy it was to get back into my accounts with just my phone. There is no point in using something like that if providers allow you to failover to more conventional authentication methods without any hassle; the keys are useless. They are not going to add manual verification for a couple of people who lost their YubiKey.
YubiKey is useful for instances when you want to grant somebody access to something with just a key. I don't see it going beyond that anytime soon.
https://lastpass.com/support.php?cmd=showfaq&id=2546
Even for providers that do provide seamless failover, the inevitable "we see you requested an account recovery" email would serve as useful canary to know you're being targeted.
That was the whole point of my comment. It is up to the vendor and vendors do a horrible job.
> the inevitable "we see you requested an account recovery" email would serve as useful canary
There is nothing useful here. They are allowing you to bypass a secure key with a dumb email confirmation.
Your idea of a 'useful canary' is great; until you get rooted at 5 AM on a Monday morning and that email disappears before you wake up.
Anecdotally, someone got my steam account credentials. I discovered this when they tried to change my password. Fortunately I had Steam's two-factor enabled and got the notification (2-factor is required to change steam account passwords), which alerted me to change my password. They actually tried the account recovery option and I got an email notification about that as well.
So in situations like that such notifications can be quite useful. But yeah, if they've compromised your most critical accounts/devices then YubiKey isn't going to save you. I don't think that's a knock against it.
It may not be as secure, but it's hella convenient (still use 2FA). ChromeOS boot is < 5 seconds, and I just stay there for web browsing / netflix. Dropping into crouton is another < 5s when I need to do dev work, or play steam games.
Everything important on the laptop is backed up to some cloud service or another, but it's expensive enough that I'd be distraught if I lost it (plus they stopped selling them).
I'd be more worried about somebody straight up stealing the laptop than any other security risks I may be running by running in dev mode.
I love the idea of natively developing in ChromeOS, but at this point it just seems like more hassle and fighting the system than it's worth.
Instead, I just have my Chromebook and a VPC on Google Cloud that I SSH into for work. Theoretically I wouldn't be able to work if I didn't have internet access, but I've never actually run into that problem. I still have dev mode off, but I don't think turning it on is a huge risk.
Steam games though? I didn't know you could do that.
[0]: https://gist.github.com/christianbundy/ba62890a7c2f8128bcbb
Re: Steam games, yup it's powerful enough to run most indie games that support linux (which is an increasing number, recently). The biggest constraints are GPU and disk space. I've had a few good runs of FTL (Faster than Light) on long-haul flights.
You just gotta make sure you keep an eye on the battery, since if it dies you accidentally wipe the system :/