areyouevenreal @ areyouevenreal @lemm.ee

Posts

9

Comments

976

Joined

2 yr. ago

ChromeOS literally is Linux so obviously it can do everything that Linux can. It is effectively a SUPERSET of Linux

This is dumb. I was experimenting with unofficial ChromeOS builds since before the first consumer Chromebook. I've also used an actual production Chromebook as well. I've even used the distro ChromeOS is derived from which is called Gentoo.

If this was actually a good idea why aren't some businesses doing it already? Linux servers are everywhere yet I have never heard of one running ChromeOS. Google who make ChromeOS don't use ChromeOS for servers, they use conventional Linux distros like Debian with their own software running on top such as Borg or Kubernetes.

First I am going to assume you mean a Linux distro (e.g. Debian, Ubuntu) rather than just Linux, as all distributions are a superset of just Linux, as Linux is only the kernel.

It's also not in anyway a "superset" of a conventional Linux distribution. It doesn't even have a package manager without having to use a VM. You can't install a different browser without using a VM. ChromeOS capabilities have improved a lot since I have used it, by supporting VMs at all and by allowing Android apps. That still doesn't compare to a real Linux server solution. On a Linux machine I can natively run containers, not just VMs. I can install apps natively. I can configure my own security systems and sandboxing. I can even run Windows apps and games with Wine and Proton, android apps with Waydroid. I also get a much newer kernel, older Chromebooks didn't get kernel updates throughout their entire life. Maybe that's changes but who knows.

Another big thing Linux servers have is advanced file systems like BTRFS and ZFS, that have advanced RAID like functionality with automatic data integrity protection using checksums, snapshots built in, and other fancy features like transparent file compression. Does ChromeOS even support regular software RAID?

ChromeOS just isn't designed for servers, it never has been. You're trying to use a car to haul a lorry load. It's not that cars are bad, they just aren't designed to do that. You could use Chrome OS for employee workstations, at least some of them anyway, but not for servers.

Go and use a real Linux distro or a real Linux server and get back to me.

Now you are being ridiculous. We are talking about code than runs in the kernel but is not part of any official kernel module including device drivers.

This is false. That module is signed by Microsoft. That means they tested it themselves. To load a module that isn't signed on Windows requires serious tinkering and is something no business would do. I have actually done those steps myself, so I have direct personal experience here. If you had watched that video I sent you, which is by a retired Microsoft Engineer, you would know about this.

Dude you are the person who thinks that the Cloudstrike code running in the kernel that is neither part of the kernel nor part of any official kernel device driver code is somehow equivelent to the actual kernel. You are also the person who made the completely nonsensical claim that ChromeOS Linux "can't do nearly the same things" of Linux. So GTFO with the snarky shit, because I'm the one wondering how you can be so confused about basic stuff.

For one you apparently don't listen. I said it's a kernel driver/module not a core kernel component. It does however still run in kernel mode (ring 0 on x86) and has access to everything any other thing running in kernel mode has access to including the NT kernel itself. It doesn'tq matter from a permissions perspective if it's a driver/module or a core kernel component, the CPU protections don't distinguish between the two by design. What does make a difference is when and how it's loaded into kernel space/kernel mode. That's why safe mode works, as it just doesn't load that component.

I am not the one getting basic things wrong here. When I used ChromeOS originally it had maybe half the capabilities it has now, but even now it just isn't as capable as a conventional Linux distro. Saying it can run VMs means nothing because so can regular Linux, in fact you can run ChromeOS in a VM, or Windows, or FreeBSD all on a Linux machine. Even at the same time if you really want.

I've been using the internet since 1983. How bout you? LMFAO.

Using and understanding are not the same. I have a Masters in CS, soon to be starting a PhD in Cyber Security. You meanwhile apparently have no experience or qualifications worth telling me about. I actually use Linux systems daily and run my own Linux based servers. Specifically I use Proxmox since that's an actual server solution.

Because you didn't do enough research. My Chrome OS comes with an outer VM, an inner VM, the heavily locked down user mode, and the kernel mode. My Linux programs run in the outer VM by default. I would have to turn on developer mode just to get to the actual user mode.

I did plenty of research. It says the VMs run inside of a container, but a container is not a Virtual Machine. It is technically a form of virtualization, so you're half right. I would take the time to read up on how containers actually work. They share the same kernel as the host machine, and don't emulate hardware the way virtualization solutions do.

Also none of this is part of the default setup, which doesn't include any Linux VMs, just the locked down user space. You actually can do Virtual Machines inside Virtual Machines on Linux. It is called nested virtualization. My hypervisor Proxmox actually supports that as standard. You can also do containers inside virtual machines and virtual machines inside containers. The former I actually use as part of my own server setup. The point being none of this is unique or special in ChromeOS.

The issue being it seems they block VPNs based on the screenshot. At least that's what I am thinking this iCloud thing is

No you don't have any evidence at all. You were specifically speaking about Chrome OS using VMs inside VMs. That article doesn't mention VMs once.

I never once disputed that it was more secure than an average Windows installation, because frankly that's obvious. What you don't seem to understand is what can be done to lock down modern Windows and Linux systems.

Yes it was a ridiculous system to have kernel mode code on the filesystem. Even if a bad pointer didn't crash the system a hacker could have put in their own code. And yes such a terrible security system would have affected Linux too. But with ChromeOS, the system is already secure. No need to use a terrible security system like Cloudstrike in the first place.

For one the same article you are referencing talks about using anti-malware on ChromeOS as Chrome OS isn't malware proof. Though I don't think it's possible for Chrome OS to break so badly from one of these products.

ChromeOS though isn't actually suitable for running servers like Windows and Linux are. It can't do nearly the same number of things. It's a bit like comparing a knife to a safety razor. One is safer for shaving sure, however the other one can be used for cooking, hunting, wood work, etc.

Second all kernel mode code lives on the filesystem. How did you think it worked? On Linux and Windows the kernel itself needs storing somewhere, as do the modules.

You keep showing me again and again that you don't understand the world of computers and modern IT infrastructure. Do you even have any qualifications or work experience in IT?

Edit: I actually did some research myself. ChromeOS can use a Virtual Machine to run Linux software, but not in it's default configuration. There is also none of this VMs inside VMs stuff you were talking about. If you want to see virtualization really put to work look at a modern server setup or something like Qubes OS.

https://chromeos.dev/en/linux/linux-on-chromeos-faq#can-i-access-files-when-the-container-isnt-running

Maybe you should learn to make pizza at home. Detroit style pizza is relatively easy to make if you know how to produce bread. Thin crust can be done, it's just a little more effort.

Says person who thinks Visual studio is the best IDE

Automatically reverting the kernel wouldn't do anything as the kernel nor the module Crowdstrike uses were updated. Rather the file the module reads was updated and replaced with a corrupted version that causes the module to crash when it tries to read it.

There is a great video explaining the basics of what happened here: https://youtu.be/wAzEJxOo1ts?si=_agkbdBHJnhQmbdP

Microsoft already have a mechanism to disable problematic modules on next boot. Problem being that Crowdstrike registers itself as an essential driver, as they don't want the system to boot without it for security reasons.

You keep saying Chrome OS uses VMs for security. Unless something has seriously changed since I last read up on their security mechanisms they don't. Maybe something has changed. Do you have any evidence? If not you're just talking out of your arse.

Any of the JetBrains suite.

I'm guessing Crowdstrike issues a lot more Windows updates than Linux updates?

Not really. Linux is used for critical servers everywhere. No reason to update it less often.

It's not that Linux can't have security problems. I still remember the very first internet virus in 1987 that traveled thru Unix machines. But Windows is the worst OS for critical systems precisely because it is the most common OS. Anything is better than windows. Linux, MacOS, or even an old IBM mainframe OS and those awful tn3270 terminals. Also, Chrome OS in particular has VMs instead of other VMs. It really is designed to be much more secure than Windows

This isn't a hacking attempt. It's not a security breach. None of the "Windows is more common" stuff is actually valid in this case. The fact it's not actually true is even more funny. When it comes to servers and smartphones, and the total number of devices in general, Linux outnumbers Windows. Linux isn't actually niche in the slightest, only purists running Arch or Ubuntu think that because they ignore any Linux they don't like, like Android.

You also don't understand anything about ChromeOS security either. They don't use VMs for system security. Early Chromebooks actually had virtualization disabled! Sandboxing and virtualization aren't the same thing. The reason it's secure is largely because it can't do anything, it uses an a/b root system, and it has secure boot by default. It's not that fancy anymore.

Chrome the web browser also has sandboxing on Windows, and modern Windows uses secure boot. Edge and Chrome have the same foundation btw. What it's missing is the immutable a/b root system, and the fact Windows allows running arbitrary executables when ChromeOS doesn't. There are actually tools for making Windows immutable, and with group policy or things like S mode you can restrict who can run what executables. Meaning with the right settings it's almost as secure as ChromeOS. Even more funny Windows actually does use virtualization based security. So you have that backwards too.

Stop talking about shit you don't understand and learn about it instead.

I am not saying it is, normally old systems are the least secure. The bit you're not getting is that this system is almost certainly air gapped, just not by choice. It can't work with modern networks. It can't work with modern viruses. Any exploit a modern hacker would think to use probably doesn't exist yet. It's a bit like trying to break someone's car by putting sugar in the fuel, except they ride a horse. Do you get it yet?

Does it run on Wine?

Just because it doesn't have TCP/IP doesn't mean there isn't networking. Networks existed before the Internet and its Internet Protocol after all. It wouldn't be so much air gapped as so archaic that only the most targeted attacks would work, and only if there is an infected PC acting as an intermediate between the Internet and ye olde network. Chances are it was never connected to the modern Internet as the technologies just aren't compatible.

Mainly people are down voting you because Linux had also been affected by Crowdstrike before. Only a few months ago at that. There aren't any more defenses in Linux systems against this kind of problem than there are in Windows ones. This isn't even strictly speaking a security issue either. It's more like a bug in critical software that just happens to be security related. It's a bit like when that Grub update broke some people's arch setups.

I think when dealing with these types of people being harsh is very much warranted. They earned a harsh response based on their general behavior on this forum. I could easily be as harsh or more if someone managed to piss me off. So you're tone was actually justified and you shouldn't be too harsh on yourself.

You do have to be very careful not to implicate anyone who isn't at fault, and that includes unemployed disabled people including autistic people. That also includes people with personality disorders who are regularly thrown under the bus in a world where the majority Them being unemployed or poor or what have you is as much the fault of society as it is their bad attitude - no one should be poor in an ideal world. That's all I wanted to make clear. That being said there are plenty of disabled people including autistic people who are just arse holes, and it's fine to call them that too.

I sincerely hope we find a way to effectively treat narcissism and other personality disorders one day. It causes as much suffering to the individual in question as it does the people around them.

As explained in that source eBPF code is still running in kernel space. The difference is it's not turing complete and has protections in place to make sure it can't do anything too nasty. That being said I am sure you could still break something like networking or critical services on the system by applying the wrong eBPF code. It's on the authors of the software to make sure they thoroughly test and review their software prior to release if it's designed to work with the kernel especially in enterprise environments. I am glad this is something they are doing though.

The other fix was reboot your Windows computer at least 15 times.

How is that an argument against anything I have said?

Not everyone was affected though

Only machines running crowdstrike were affected, not all Windows machines. So in neither case were all systems affected. In this case though Microsoft doesn't bare any responsibility as they didn't distribute the software. In the case or Arch and EndeavourOS they had a responsibility to check packages before they shipped them to users. In this case the OS maker was more at fault.

I am not praising crowdstrike here. They fucked up big time. I am saying that the concept of security software needing kernel access isn't that unheard of, and is unfortunately necessary for a reason. There is only so much a security thing can do without that kernel level access.

You know this conversation has been challenging to read. The guy you are talking to is clearly an arsehole through and through, and I have also had the displeasure of dealing with them. I do though think you have to be cognizant of the fact that most people with autism do not have full time employment, and is isn't all our fault. Some of the world does conspire against autistic people since we are a minority up to an including attempted genocide of us and other disabled people.

That being said you are 100% correct that autistic people can have personality disorders including narcissism. It's especially funny you managed to find evidence of that within their own source, and they have had to go back and delete the comment. I hope they go and reflex upon there behavior and that's it's not something serious like narcissism that's caused them to act like this. Narcissists do require some amount of sympathy as it's not their fault they ended up that way - it is primarily the products of psychological trauma and genetics after all.

Yeah pretty much all security products need kernel level access unfortunately. The Linux ones including crowdstrike and also the Open Source tools SELinux and AppArmor all need some kind of kernel module in order to work.

Windows does have a fallback mode called safe mode and that's exactly what's being used to fix this utter mess.

Package management isn't going to save you from this as it didn't save the Linux systems affected last time. It didn't stop Arch Linux from failing to boot after a Grub update either.

Windows also has drive cloning tools, that isn't unique to Linux.

NixOS isn't immutable. It's not an a/b root system and / isn't read only. Rather it's what's known as reproducible. I am not convinced NixOS would make this any easier either given how simple the fix was. Funnily enough though tools exist called ansible and puppet for configuring systems in repeatable ways that apply to both other Linux systems, Windows systems, and even macOS.

There are like one or two valid points in this whole comment and the rest is pretty much falsehoods and misconceptions.

Edit: Forgot to mention tools exist to make Windows immutable as well. So that is an option.

I am not shitting on their contributions. All I am saying is that as a large company they aren't anymore my friend than Microsoft. Generally they still exist and make contributions. Microsoft didn't kill them like the person I am replying to is insinuating.