Jump to content


Photo

Chromebooks Vs Real Computers


  • Please log in to reply
27 replies to this topic

#1 Murph

Murph

    Hierophant Lord

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 18,516 posts
  • Gender:Male

Posted 10 April 2015 - 1300 PM

Why buy a Chromebook which only really works with a WiFi connection when you can get a real computer for not many pesos more with a real processor, real memory, real hard drive, real operating system that cannot be hacked (with proper precautions) such as produced by HP and others?  Anyone who believes that Cloud storage/Cloud computing is even slightly remotely secure needs their head checked. 


  • 0

#2 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 31,982 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 10 April 2015 - 2022 PM

Chromebooks = ChromeOS = Google = Coolness.


  • 0

#3 Fritz

Fritz

    Master of Panzer

  • Members
  • PipPip
  • 7,598 posts
  • Gender:Male
  • Interests:WW2, armoured combat history, 3D CGI, motorsports

Posted 10 April 2015 - 2034 PM

Google-is-evil-meanwhile.jpg

 

Of course, I googled for the image :D


  • 0

#4 Archie Pellagio

Archie Pellagio

    Now flouridating a water source near YOU!

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 15,224 posts
  • Gender:Male
  • Location:Montpelier, Vermont
  • Interests:Vermonter global conquest rampages!

Posted 10 April 2015 - 2046 PM

Wouldn't even think twice about one here, but people who live lives in permanent wifi bubbles are different I guess...
  • 0

#5 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 31,982 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 10 April 2015 - 2049 PM

Google-is-evil-meanwhile.jpg

 

Of course, I googled for the image :D

 

If you're in New Haven, you're all too close to the Hellmouth. ;)


  • 0

#6 TTK Ciar

TTK Ciar

    Member

  • Members
  • PipPip
  • 1,992 posts
  • Gender:Male
  • Location:Sebastopol, CA, USA
  • Interests:material engineering, composite armor, GPC, battletank technology

Posted 10 April 2015 - 2113 PM

Some of my friends swear by them. By pushing everything into "The Cloud"[tm], they don't have to worry about their laptop's hard drive crapping out or filling up, or someone stealing the laptop (they'll still have access to all their files, but the thief won't, and they will just have to replace the hardware), or software upgrades, or syncing data between their laptop and other devices.

It also makes for a cooler (temperature-wise), thinner, lighter laptop. And yes, for some people the "Google = cool" factor is a draw.

Not me, though. I'd never use such a thing. Would rather maintain my own hardware/software, and keep my data in my physical possession. If my laptop is thicker/heavier because of it, no big shakes. I never bought into that whole "thinner is better" crap, and compared to the rest of the stuff in my backpack a laptop weighs nothing. I'm not a bobble-headed stick figure to whom six or eight pounds is a burden, and I don't trust Google in the slightest.

*shrug* different strokes for different folks, is all.
  • 0

#7 Guest_Jason L_*

Guest_Jason L_*
  • Guests

Posted 10 April 2015 - 2310 PM

For me, physical thievery (ie someone busting into my office or apt) and jacking a laptop or a drive from my desktop has always been a more probably reality than a cloud based data breach, and while strong ecryption on physical data.

 

What do you guys think about the various options of an add on-ecryption layer to dropbox? Boxcryptor, Safemonk, etc.

 

Chromebooks are attractive on a cost basis - cheap as hell for a 15" unit with great screen and battery life. I think the real problem is when you get to the higher end chromebooks like the pixel that are basically neutered full featured laptops, why would you buy a chromebook pixel when you can get a MacBook air or an Asus Zen?

 

The Chrome OS only really works if you buy it as a low cost unit accepting that it's basically a smartphone-level system. That paradigm breaks down when you hit the pricepoint of the pixel.


Edited by Jason L, 10 April 2015 - 2311 PM.

  • 0

#8 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 31,982 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 11 April 2015 - 0011 AM

I'm skeptical about any encryption layer that hasn't been designed and tested by a wide range of academics and working security gurus. I'm really skeptical of any encryption SW that is targeted towards a niche application.

 

On those rare occasions I'll store data online, I'll encrypt the data locally and then upload. But I've not integrated online storage into my workflow, if there were daily uploads/downloads that wouldn't be too workable.

 

Generally I don't author enough unique content to make a daily copy to thumb drive a chore, and moving data around on thumb drives is an hourly occurence for me anyway (at work, where firewall rules are expressly designed to prove that the network admin is the prince of d-bags).


  • 0

#9 Guest_Jason L_*

Guest_Jason L_*
  • Guests

Posted 11 April 2015 - 0057 AM

Almost all of the 3rd party add ons use full round AES 128 or AES 256. I presume that's good enough for my data. Like, is there actually a bad way to implement full round AES?

 

*edit, actually I see now that there are number of possible side channel attacks.


Edited by Jason L, 11 April 2015 - 0059 AM.

  • 0

#10 Murph

Murph

    Hierophant Lord

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 18,516 posts
  • Gender:Male

Posted 11 April 2015 - 1113 AM

I don't like the security, and the requirement for a full time wifi connection to do anything, but also you can't really add Android apps (yet) which are handy.  The Wifi thing breaks the deal for me, although the kids school is pushing the concept for cloud computing/homework for them.  But I will get them a real laptop that has a dvd drive, multiple USB ports, and a hard drive above 16 gb.  If all you are going to do is web surf, and let Google have all your personal information, then I guess they are great.  Maybe, just maybe if Libre Office was available on a Chromebook, I might be possibly, somewhat tempted for about 6 microseconds to think about one. 


  • 0

#11 TTK Ciar

TTK Ciar

    Member

  • Members
  • PipPip
  • 1,992 posts
  • Gender:Male
  • Location:Sebastopol, CA, USA
  • Interests:material engineering, composite armor, GPC, battletank technology

Posted 11 April 2015 - 1430 PM

Be very skeptical of all cryptosystems. Even the best implementations are dependent on underlying infrastructure which has vulnerabilities which can be leveraged to compromise the cryptosystem.

Plus, folks are always discovering new side-channel attacks, as JasonL mentioned, and over time weaknesses in the underlying algorithms eventually emerge, always.

All of the RNG software commonly available for Windows, MacOSX, and Linux have known weaknesses. You can get hardware RNG devices, but you don't know if the vendor has deliberately introduced a weakness (qv NSA bribing RSA to incorporate weakness into their SecurID USB token).

You can build your own RNG hardware, but you'd better know what you're doing, and where does it stop? Hardware vendors (Sony, Samsung, Huawei, Cisco, Intel, Google, Apple) have all shipped products with security backdoors in the past. Are you going to build all of your computer hardware yourself, from silicon up?

Furthermore, D-Wave has been improving upon their quantum computing technology, making it more powerful and less expensive. It is still insufficiently complex to implement Shor's Algorithm, which would obsolete all cryptosystems which are based on the difficulty of factoring large numbers, but they're getting there (D-Wave's current offerings provide a quantum annealing function, which makes cracking some encryption schemes marginally easier).

This means to ensure your data remains secure in the future, you will need to use encryption which is not vulnerable to Shor's Algorithm, else your adversary can simply make a copy of your encrypted session and store it until D-Wave makes a SA implementation available. The eggheads are still figuring out DH equivalents suitable to postquantum public key encryption (the most promising are based on euclidean lattices, like NTRU), but they still have a ways to go.

If you limit yourself to encrypting/decrypting your data on your own hardware and only transporting it in encrypted state, there are a great many adequate solutions. A simple OTP-fed NLFSR-based stream cipher would be sufficient. You'd better be sure that the hardware on which you encrypt/decrypt that data is secure, is all.

Or you can not worry about it too much, and accept a degree of risk. Just because a half-dozen companies and/or intelligence agencies could get at your data if they really wanted it doesn't mean they want it. If your expected adversaries are random thugs, local police, or smaller corporate players, imperfect security could still be plenty.
  • 0

#12 Guest_Jason L_*

Guest_Jason L_*
  • Guests

Posted 11 April 2015 - 1645 PM

Maybe this is an erroneous analogy, but I see crypto security like anything else: be they bike locks, front doors, etc. You're never going to have something that is impenetrable without seriously encumbering yourself (financially, lugging around a 30 lb lock, etc, etc), but what you can do is make yourself a hard target relative to the value of what you're protecting, and especially an unattractive target compared to everyone else's lax standards.

 

On the list of things I worry about, a few companies having access to my "data" is ultimately pretty far down. The concept itself is offensive, but the amount of damage they could do is vanishingly small when push comes to shove. For stuff like fanancials, etc. The risk of a bank level or tax agency level compromise is far more likely than getting personally compromised.


  • 0

#13 BP

BP

    Kulak

  • Members
  • PipPip
  • 11,841 posts
  • Gender:Male
  • Location:Charleston, SC, USA
  • Interests:Tanks. No shit.

Posted 11 April 2015 - 1652 PM

Just use Axcrypt for every file, with the password TankNet.


  • 0

#14 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 31,982 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 11 April 2015 - 2114 PM

Is that what you use on your pornbook?


  • 0

#15 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 31,982 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 11 April 2015 - 2126 PM

Or you can not worry about it too much, and accept a degree of risk. Just because a half-dozen companies and/or intelligence agencies could get at your data if they really wanted it doesn't mean they want it. If your expected adversaries are random thugs, local police, or smaller corporate players, imperfect security could still be plenty.

 

That is my attitude, in a nutshell. I'm not worried about governments getting my encrypted data, because they have ways. I'm worried about some faux hipster in Starbucks snagging my netbook while I am collecting my frapp, imaging the SSD, and selling the image file somewhere out there in the digital wasteland.

 

To summarize TTK's screed, any app which encrypts/decrypts data at rest and/or data in flight will essentially involve 6 things:

- the encryption algorithm(s)

- the compilable software implementation thereof;

- the various utility functions; hash functions, PRNGs, etc.

- the compilable software implementation thereof;

- the design of the main program and its function calls of the above;

- the compilable software implementation thereof.

 

For example; you can have a great symmetric encryption algorithm, correctly implemented in C or whatever, great utility functions also correctly coded, and a correct program design, but an implementation of the program that leaves the password in cleartext in RAM that gets stored in the hibernation file.

 

Data protection schemes that rely on SSL/TLS have been found really sloppily implemented (defaulting back to SSL 1.0, which is broken). Likewise for anything using certificates; a couple of years ago some informal testing showed that popular browsers were not rejecting sites with bad/forged certs.


  • 0

#16 TTK Ciar

TTK Ciar

    Member

  • Members
  • PipPip
  • 1,992 posts
  • Gender:Male
  • Location:Sebastopol, CA, USA
  • Interests:material engineering, composite armor, GPC, battletank technology

Posted 11 April 2015 - 2305 PM

Well-said. I did sort of ramble in random directions a bit .. a screed indeed.

Ultimately your data is always vulnerable to the "thumbscrew attack", where the adversary kidnaps and tortures you until you decrypt your data for them.
  • 0

#17 Ivanhoe

Ivanhoe

    purposeful grimace

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 31,982 posts
  • Gender:Male
  • Location:deep in the heart of ... darkness, USA
  • Interests:military technology, military history, weapon systems, management/organizational design, early American history

Posted 11 April 2015 - 2340 PM

Or have a family member arrested for drugs, tax evasion, etc.


  • 0

#18 DB

DB

    Crew

  • Members
  • PipPip
  • 11,222 posts
  • Gender:Male
  • Location:Hertfordshire, England

Posted 22 April 2015 - 0821 AM

If it's government, accuse you of having "stuff" and demand you decrypt it. The punishment for failure to decrypt being the same as for being found guilty of having "stuff".

 

Of course, this proves to be a sticking point when they're demanding you provide the decryption key for a scrap .tmp file full of random scribblings.

 

Sidebar: "Compressible Encryption" Oh, Microsoft, you do amuse me so.


  • 0

#19 Archie Pellagio

Archie Pellagio

    Now flouridating a water source near YOU!

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 15,224 posts
  • Gender:Male
  • Location:Montpelier, Vermont
  • Interests:Vermonter global conquest rampages!

Posted 23 April 2015 - 0525 AM

Well-said. I did sort of ramble in random directions a bit .. a screed indeed.

Ultimately your data is always vulnerable to the "thumbscrew attack", where the adversary kidnaps and tortures you until you decrypt your data for them.

 

If there is anything that valuable on your computer you should really be considering security measures that are a little more...kinetic. ;)

 

Like anything it is about layered defence against realistic threats. If someone is willing to go Jack Bauer on your ass, an encryption program isn't worth squat unless you're willing to die to protect whatever the hell you do on your computer. At the very least you should have significant physical security measures for your house/office and be thinking about close personal protection by professionals.

 

At the end of the day I'm sure the NSA can keep an up to date database on what level of GTA5 I'm up to, my library of saved memes and cat pictures and that I wrote an essay in 2002.

Protecting against someone pinching my computer and minimising the dangers of hacking through the interwizzle is really the only threat I can realistically protect against. If Moulder and Scully want access, I'm sure they can.


Edited by Archie Pellagio, 23 April 2015 - 0533 AM.

  • 0

#20 TTK Ciar

TTK Ciar

    Member

  • Members
  • PipPip
  • 1,992 posts
  • Gender:Male
  • Location:Sebastopol, CA, USA
  • Interests:material engineering, composite armor, GPC, battletank technology

Posted 23 April 2015 - 1417 PM

Like anything it is about layered defence against realistic threats. If someone is willing to go Jack Bauer on your ass, an encryption program isn't worth squat unless you're willing to die to protect whatever the hell you do on your computer. At the very least you should have significant physical security measures for your house/office and be thinking about close personal protection by professionals.


On one hand I completely agree, but on the other hand no matter how well-hardened/armed you are against physical threats, there's always someone bigger than you.

Like most things security, it boils down to tradeoffs between convenience (and thus productivity), cost, and risk, and is always a matter of degree rather than absolutes.
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users