Language Selection

English French German Italian Portuguese Spanish

Google

Putting Linux on your Chromebook is easier than you think (and totally worth it!)

Filed under
GNU
Linux
Google

If you need to use those productivity programs that Chrome OS just doesn't offer, or you just want to try something new, Linux on your Chromebook has you covered.

You've may have seen chatter on the internet about installing Linux on your Chromebook. Plenty of longtime Chrome OS users are doing it, and it allows the use of programs like GIMP (a Photoshop replacement), or Darktable, (a Lightroom alternative) as well as plenty of programs for video and audio editing. It's a way to use your Chromebook for the few power-user features you might need. It's also completely free and easier than you think.

Read more

Google Developer Kees Cook Details The Linux Kernel Self-Protection Project

Filed under
Linux
Google

At the Linux Security Summit last month, Google developer Kees Cook shared the current workings of the Kernel Self-Protection Project (KSPP). The project, he said, goes beyond user space and even beyond kernel integrity. The idea is to implement changes to help the kernel protect itself.

To understand the importance of the project, Cook said, we need to think about the multitude of devices running Linux, such as servers, laptops, cars, phones, and then consider that the vast majority of these devices are running old software, which contains bugs. Some of these devices have very long lifetimes, but the lifetime of a bug can be longer still.

Read more

How Chromebooks Are About to Totally Transform Laptop Design

Filed under
GNU
Linux
Gentoo
Google
  • How Chromebooks Are About to Totally Transform Laptop Design

    Google’s first Chromebook was the kind of laptop you’d design if you didn’t give a damn about laptop design. It was thick, heavy, rubbery, boring, and black. Black keys, black body, black trackpad, black everything. Everything about the Cr-48 was designed to communicate that this device was still an experiment. Even the name, a reference to an unstable isotope of the element Chromium, was a hint at the chaos raging inside this black box. “The hardware exists,” Sundar Pichai told a crowd of reporters at the Cr-48’s launch event in December of 2010, “only to test the software.”

    Moments later, Eric Schmidt took the stage and preached about how the “network computer” tech-heads had been predicting for decades was finally ready to change the world. “We finally have a product,” Schmidt said, “which is strong enough, technical enough, scalable enough, and fast enough that you can build actually powerful products on it.” Apparently already sensing the skeptical feedback Chrome OS would get, he gestured toward the audience and told them “it does, in fact, work.”

  • 7 Reasons Why You Should Buy a Chromebook

    Chromebook is a different thing from Netbooks with the fact that it does not have Windows being a huge difference. Chromebooks thus run on a fresh and different operating system that while it is not an old OS it isn’t a desktop kind of OS either but a mobile one.

    Chromebooks have pretty hardware, especially if the Haswell processors they are running on, which are energy efficient, are anything to go by. Nonetheless, there are many reasons why buying Chromebooks make a lot of sense.

How Google Uses and Contributes to Open Source

Filed under
Google
OSS

Engineer Marc Merlin has been working at Google since 2001 but has been involved with Linux since 1993, in its very early days. Since then, open source adoption has dramatically increased, but a new challenge is emerging: Not many companies care about the license side of open source, Merlin stated in his talk “How Google Uses and Contributes to Open Source” at LinuxCon and ContainerCon North America.

Read more

Google's Fuchsia OS is out in the open and shrouded in mystery

Filed under
OS
Google
OSS

Google is developing a new operating system named Fuchsia, and the early source code is already public. Google itself and Fuchsia’s developers haven’t explained what the OS is for—but we can dig into the source code to learn more.

Read more

How Google created a new kind of open source program office

Filed under
Google
OSS

How does Google benefit by embracing a mission that goes beyond wielding industry influence? The benefits are not easy to calculate, but there are metrics that are objective, such as perceived influence compared to actual engineering contributions. Google may not contribute the most code and, before Kubernetes, its open source projects were either small efforts or tightly constrained and not very open (e.g., Chrome, Android), but it carries great (one might say outsized) influence in open source developer circles, which gave it a great platform to launch Kubernetes and increase its chances of success. But Google did things like create Google Code, which at one time was a massive repository of the world's open source code, and it created the Summer of Code. Although neither of these initiatives involved massive code contributions by Google, they enabled developers around the world to collaborate and write more code. To date, no other company—vendor, user, or otherwise—has embraced this mission to the same degree as Google. Although this is great for Google, one wonders when some other enterprising company will invest in a similar vision.

Read more

VintOS Promises to Be the Chromium OS Fork You've Always Wanted and Needed

Filed under
GNU
Linux
Gentoo
Google

Dylan Callahan from the Chromium OS for SBCs (Single-Board Computers) project, which unfortunately was discontinued due to lack of interest from users, informed Softpedia today, September 5, 2016, that he's working on a new Linux-based OS.

We have to admit that we're quite surprised to see that developers aren't giving up on their ambitions of creating the best fork of a well-known Linux kernel-based operating system, in this case Chromium OS. While Chromium OS for SBCs was aimed at embedded and IoT devices, the new one is targeted at all PCs.

World, meet VintOS! What's VintOS? Well, it's upcoming open-source fork of Chromium OS, the operating system on which the famous Google Chrome OS is based. To make a name for itself from the get go, VintOS is named after one of the founding fathers of the Internet, Vinton Cerf, and it's explicitly designed with educational purposes in mind.

Read more

Acer’s New Chromebook

Filed under
GNU
Linux
Google
  • Acer’s convertible Chromebook R13 is built for Android apps

    Those itching to run Android software on ChromeOS should check out the new 2-and-1 device from Acer. The convertible $399 Chromebook R13 laptop has a 13.3-inch 1080p touchscreen that makes it suitable to run all variety of mobile apps. Google announced back in May it would begin letting Android developers support ChromeOS starting in the fall, and Acer is one the first device makers to produce a laptop-tablet hybrid that fits the bill.

    With regards to specs, the R13 comes with 4GB of memory in 16GB, 32GB, or 64GB varieties with about 12 hours of battery life. It packs a MediaTek quad-core processor and also supports USB-C as well. It’ll be available starting in October, when Google plans to have already rolled out full support for Android apps on ChromeOS.

  • Acer's convertible Chromebook R 13 is designed to welcome Android apps

    Acer’s versatile Chromebook R 13 is one good device to run Android apps because it can function as a laptop or tablet.

    The 2-in-1 has a rotating 13-inch full HD screen that gives it dual functionality. The touchscreen gives it a mobile-like interface to run Android apps.

    The device has Chrome OS, but Google is making it possible to run Android apps from Google Play store on newer Chromebooks. Acer will add Android app support to the new Chromebook, the company said.

    Android app support adds to the versatility of Chromebooks, which are popular as cheap and low-cost laptops. The shipments of 2-in-1s are growing, and Chrome OS is better suited for those devices than Android.

    PC makers like HP and Dell are giving up on Android tablets but are interested in Android apps on Chromebooks. It made sense for Google to add Android app support, with tablet shipments declining and Chromebook shipments growing.

How Google Does Open Source

Filed under
Google
OSS

Marc Merlin has been working as an engineer at Google since 2002 and has seen (and done) a lot of open source and Linux work during that time. Speaking at the LinuxCon North America event this week, Merlin provided a standing room only audience with an overview how Google uses and contributes to open source.

"Google wouldn't be around today without open source software," Merlin said.

Read more

Android/Google Leftovers

Filed under
Android
Google
Syndicate content

More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers