Tag Archives: news

Can You Hear Me Now? Staying Connected During a Cybersecurity Incident | Cybersecurity

We all know that communication is important. Anyone who’s ever been married, had a friend, or held a job knows that’s true. While good communication is pretty much universally beneficial, there are times when it’s more so than others. One such time? During a cybersecurity incident.

Incident responders know that communication is paramount. Even a few minutes might mean the difference between closing an issue (thereby minimizing damage) vs. allowing a risky situation to persist longer than it needs to. In fact, communication — both within the team and externally with different groups — is one of the most important tools at the disposal of the response team.

This is obvious within the response team itself. After all, there is a diversity of knowledge, perspective and background on the team, so the more eyes on the data and information you have, the more likely someone will find and highlight pivotal information. It’s also true with external groups.

For example, outside teams can help gather important data to assist in resolution: either technical information about the issue or information about business impacts. Likewise, a clear communication path with decision makers can help “clear the road” when additional budget, access to environments/personnel, or other intervention is required.

What happens when something goes wrong? That is, when communication is impacted during an incident? Things can get hairy very quickly. If you don’t think this is worrisome, consider the past few weeks: two large-scale
disruptions impacting Cloudflare (rendering numerous sites inaccessible) and a
disruption in Slack just occurred. If your team makes use of either cloud-based correspondence tools dependent on Cloudflare (of which there are a few) or Slack itself, the communication challenges are probably still fresh in your mind.

Now imagine that every communication channel you use for normative operations is unavailable. How effective do you think your communication would be under those circumstances?

Alternate Communication Streams

Keep in mind that the middle of an incident is exactly when communications are needed most — but it also is (not coincidentally) the point when they are most likely to be disrupted. A targeted event might render critical resources like email servers or ticketing applications unavailable. A wide-scale malware event might leave the network itself overburdened with traffic (impacting potentially both VoIP and other networked communications), etc.

The point? If you want to be effective, plan ahead for this. Plan for communication failure during an incident just like you would put time into preparedness for the business itself in response to something like a natural disaster. Think through how your incident response team will communicate with other geographic regions, distributed team members, and key resources if an incident should render normal channels nonviable.

In fact, it’s often a good idea to have a few different options for “alternate communication channels” that will allow team members to communicate with each other depending on what is impacted and to what degree.

The specifics of how and what you’ll do will obviously vary depending on the type of organization, your requirements, cultural factors, etc. However, a good way to approach the planning is to think through each of the mechanisms your team uses and come up with at least one backup plan for each.

If your team uses email to communicate, you might investigate external services that are not reliant on internal resources but maintain a reasonable security baseline. For example, you might consider external cloud-based providers like ProtonMail or Hushmail.

If you use VoIP normally, think through whether it makes sense to issue prepaid cellular or satellite phones to team members (or to at least have a few on hand) in the event that voice communications become impacted. In fact, an approach like supplementing voice services with external cellular or satellite in some cases can help provide an alternate network connectivity path at the same time, which could be useful in the event network connectivity is slow or unavailable.

Planning Routes to Resources and Key External Players

The next thing to think through is how responders will gain access to procedures, tools and data in the event of a disruption. For example, if you maintain documented response procedures and put them all on the network where everyone can find them in a pinch, that’s a great start… but what happens if the network is unavailable or the server its stored on is down? If it’s in the cloud, what happens if the cloud provider is impacted by the same problem or otherwise can’t be reached?

Just as you thought through and planned alternatives for how responders need to communicate during an event, so too think through what they’ll need to communicate and how they’ll get to important resources they’ll need.

In the case of documents, this might mean maintaining a printed book somewhere that they can physically access — in the case of software tools, it might mean keeping copies stored on physical media (a USB drive, CD, etc.) that they can get to should they need it. The specifics will vary, but think it through systematically and prepare a backup plan.

Extend this to key external resources and personnel your team members may need access to as well. This is particularly important when it comes to three things: access to key decision-makers, external PR, and legal.

In the first case, there are situations where you might need to bring in an external resources to help support you (for example, law enforcement or forensic specialists). In doing that, waiting for approval from someone who is unavailable because of the outage or otherwise difficult to reach puts the organization at risk.

The approver either needs to be immediately reachable (potentially via an alternate communication pathway as described above) or, barring that, have provided approval in advance (for example, preapproval to spend money up to a given spending threshold) so that you’re not stuck waiting around during an event.

The same is true for external communications. You don’t want to find your key contact points and liaisons (for example to the press) to be MIA when you need them most. Lastly, it is very important to have access to legal counsel, so make sure that your alternative communication strategy includes a mechanism to access internal or external resources should you require their input.

The upshot of it is that the natural human tendency is to overlook the fragility of dependencies unless we examine them systematically. Incident responders need to be able to continue to operate effectively and share information even under challenging conditions.

Putting the time into thinking these things through and coming up with workarounds is important to support these folks in doing their job in the midst of a cybersecurity event.

Ed Moyle is general manager and chief content officer at Prelude Institute. He has been an ECT News Network columnist since 2007. His extensive background in computer security includes experience in forensics, application penetration testing, information security audit and secure solutions development. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the information security industry as author, public speaker and analyst.

Source link

How to Conquer Your Fear of Arch Linux | Best of ECT News

A recent episode of a Linux news podcast I keep up with featured an interview with a journalist who had written a piece for a non-Linux audience about giving it a try. It was surprisingly widely read. The writer’s experience with some of the more popular desktop distributions had been overwhelmingly positive, and he said as much in his piece and during the subsequent podcast interview.

However, when the show’s host asked whether he had tried Arch Linux — partly to gauge the depth of his experimentation and partly as a joke — the journalist immediately and unequivocally dismissed the idea, as if it were obviously preposterous.

This story was originally published on Nov. 7, 2018, and is brought to you today as part of our Best of ECT News series.

Although that reaction came from an enthusiastic Linux novice, it is one that is not uncommon even among seasoned Linux users. Hearing it resurface in the podcast got me contemplating why that is — as I am someone who is comfortable with and deeply respects Arch.

Common Concerns

1. “It’s hard to install.”

The most common issue skeptics raise, by far, is that the installation process is challenging and very much hands-on. Compared to modern day installers and wizards, this is undoubtedly true. In contrast to most mainstream Linux distributions (and certainly to proprietary commercial operating systems), installing Arch is a completely command line-driven process.

Parts of the operating system that users are accustomed to getting prefabricated, like the complete graphical user interface that makes up the desktop, have to be assembled from scratch out of the likes of the X Window server, the desired desktop environment, and the display manager (i.e. the startup login screen).

Linux did not always have installers, though, and Arch’s installation process is much closer to how it was in the days of yore. Installers are a huge achievement, and a solution to one of the biggest obstacles to getting non-expert general users to explore and join the Linux community, but they are a relative luxury in the history of Linux.

Also, installers can get it wrong, as I found out when trying to make some modest adjustments to the default Ubuntu installation settings. While Arch let me set up a custom system with a sequence of commands, Ubuntu’s installer nominally offered a menu for selecting the same configuration, but simply could not to execute it properly under the hood once the installer was set in motion.

2. “The rolling releases are unstable.”

In my experience, Arch’s implementation of the rolling release model has been overwhelmingly stable, so claims to the contrary are largely overblown as far as I am concerned.

When users have stability problems, it’s generally because they’re trying something that either is highly complicated or something for which there is little to no documentation. These precarious use cases are not unique to Arch. Combining too many programs or straying into uncharted territory are more or less equally susceptible to stability issues in Arch as with any other distribution — or any operating system, for that matter.

Just like any software developers, the Arch developers want people to like and have a good experience using their distro, so they take care to get it right. In a way, Arch’s modular approach, with each package optimized and sent out as soon as it’s ready, actually makes the whole operation run more smoothly.

Each sub-team at Arch receives a package from upstream (wherever that might be), makes the minimum number of changes to integrate it with Arch’s conventions, and then pushes it out to the whole Arch user base.

Because every sub-team is doing this and knows every other sub-team is doing the same, they can be sure of exactly what software environment they will be working with and integrating into: the most recent one.

The only times I’ve ever had an update break my system, the Arch mailing list warned me it would, and the Arch forums laid out exactly how to fix it. In other words, by checking the things that responsible users should check, you should be fine.

3. “I don’t want to have to roll back packages.”

Package downgrades are related to, and probably the more feared manifestation of, the above. Again, if you’re not doing anything crazy with your system and the software on it, and you read from Arch’s ample documentation, you probably won’t have to.

As with the risk of instability that comes from complicated setups on any distribution, package downgrades are potentially necessary on distributions besides Arch as well. In fact, whereas most distributions assume you never will have to perform a downgrade and thus don’t design their package management systems to easily (or at least intuitively) do it, Arch makes it easy and thoroughly outlines the steps.

4. “It doesn’t have as many packages,” and “I heard the AUR is scary.”

The criticism of Arch’s relatively smaller base of total available packages usually goes hand-in-hand with that of the unofficial repository being a sort of Wild West. As far as the official repositories are concerned, the number is somewhat smaller than in Debian- or Red Hat-based distributions. Fortunately, the Arch User Repository (AUR) usually contains whatever the official repos lack that most any user possibly could hope for.

This is where most naysayers chime in to note that malicious packages have been found in the AUR. This occasionally has been the case, but what most of us don’t always think about is that this also can be said of the Android Play Store, the Apple App Store, and just about every other software manager that you can think of.

Just as with every app store or software center, if users are careful to give a bit of scrutiny to the software they are considering — in AUR’s case by scanning the (very short) files associated with AUR packages and reading forum pages on the more questionable ones — they will generally be fine.

Others may counter that it’s not the potential hazards of the AUR that are at issue, but that more so than with, say, Debian-based distributions, there is software that falls outside of both the official Arch repos and the AUR. To start with, this is less the case than it once was, given the meteoric rise in the popularity of the Arch-based Manjaro distribution.

Beyond that, most software that isn’t in any of Arch’s repos can be compiled manually. Just as manual installations like Arch’s were the norm for Linux once upon a time, the same holds true for compilations being the default mode of software installation.

Take Control With Manual Installation

With those points in mind, hopefully Arch doesn’t seem so daunting. If that’s not enough to convince you to give it a whirl, here are a few points in Arch’s favor that are worth considering.

To start off, manual installation not only gives you granular control over your system, but also teaches you where everything is, because you put it there. Things like the root directory structure, the initial ram filesystem and the bootloader won’t be a mystery that computer use requires you to blindly accept, because during installation you directly installed and generated all these (and more) and arranged them in their proper places.

Manual installation also cuts way down on bloat, since you install everything one package at a time — no more accepting whatever the installer dumps onto your fresh system. This is an especially nice advantage considering that, as many Linux distributions become more geared toward mainstream audiences, their programs become more feature-rich, and therefore bulkier.

Depending on how you install it, Arch running the heaviest desktop environment still can be leaner than Ubuntu running the lightest one, and that kind of efficiency is never a bad thing.

Rolling releases are actually one of Arch’s biggest strengths. Arch’s release model gives you the newest features right away, long before distros with traditional synchronized, batch update models.

Most importantly, with Arch, security patches drop immediately. Every time a major Linux vulnerability comes out — there usually isn’t much malware that exploits these vulnerabilities, but there are a lot of vulnerabilities to potentially exploit — Arch is always the first to get a patch out and into the hands of its users, and usually within a day of the vulnerability being announced.

You’ll probably never have to roll back packages, but if you do, you will be armed with the knowledge to rescue your system from some of the most serious problems.

If you can live-boot the Arch installation image (which doubles as a repair image) from a USB, mount your non-booted installed system to the live system, chroot in to the non-booted system (i.e. switch from the root of the live system to treating your non-booted system as the temporary root), and install a cached previous version of problem packages, you know how to solve a good proportion of the most serious problems any system might have.

That sounds like a lot, but that’s also why Arch Linux has the best documentation of any Linux distribution, period.

Finally, plumbing the AUR for packages will teach you how to review software for security, and compiling source code will give you an appreciation for how software works. Getting in the habit of spotting sketchy behavior in package build and make files will serve you well as a computer user overall.

It also will prod you to reevaluate your relationship with your software. If you make a practice of seriously weighing every installation, you might start being pickier with what you do choose to install.

Once you’ve compiled a package or two, you will start to realize just how unbounded you are in how to use your system. App stores have gotten us used to thinking of computing devices in terms of what its developers will let us do with them, not in terms of what we want to do with them, or what it’s possible to do with them.

It might sound cheesy, but compiling a program really makes you reshape the way you see computers.

Test in a Virtual Environment

If you’re still apprehensive about Arch but don’t want to pass on it, you can install it as a virtual machine to tinker with the installation configurations before you commit to running it on bare hardware.

Software like VirtualBox allows you to allocate a chunk of your hard drive and blocks of memory to running a little computer inside your computer. Since Linux systems in general, and Arch in particular, don’t demand much of your hardware resources, you don’t have to allocate much space to it.

To create a sandbox for constructing your Arch Linux, tell VirtualBox you want a new virtual system and set the following settings (with those not specified here left to default): 2 GB of RAM (though you can get away with 1 GB) and 8 GB of storage.

You will now have a blank system to choose in VirtualBox. All you have to do now is tell it where to find the Arch installation image — just enter the system-specific settings, go to storage, and set the Arch ISO as storage.

When you boot the virtual machine, it will live-boot this Arch image, at which point your journey begins. Once your installation is the way you want it, go back into the virtual system’s settings, remove the Arch installer ISO, reboot, and see if it comes to life.

There’s a distinct rush you feel when you get your own Arch system to boot for the first time, so revel in it.

Jonathan Terrasi has been an ECT News Network columnist since 2017. His main interests are computer security (particularly with the Linux desktop), encryption, and analysis of politics and current affairs. He is a full-time freelance writer and musician. His background includes providing technical commentaries and analyses in articles published by the Chicago Committee to Defend the Bill of Rights.

Source link

Telegram Provides Nuclear Option to Erase Sent Messages | Developers

By Jack M. Germain

Mar 26, 2019 5:00 AM PT

Telegram Messaging on Sunday announced a new privacy rights feature that allows user to delete not only their own comments, but also those of all other participants in the message thread on all devices that received the conversation. Although the move is meant to bolster privacy, it’s likely to spark some controversy.

Telegram Provides Nuclear Option to Erase Sent Messages

Telegram, a cloud-based instant messaging and Voice over IP service, is similar to WhatsApp and Facebook Messenger. Telegram Messenger allows users to send free messages by using a WiFi connection or mobile data allowance with optional end-to-end encryption and encrypted local storage for Secret Chats.

Telegram’s new unsend feature does two things. First, it removes the previous 48-hour time limit for removing anything a user wrote from the devices of participants. Second, it lets users delete entire chats from the devices of all participating parties.

Unsend Anything screenshot

– click image to play video –

Telegram also changed a policy regarding how users can or can not forward another’s conversation.

Privacy policies are critical to people who rely heavily on chat communications, noted Paul Bischoff, privacy advocate with

“Many people use chat apps under the assumption that their communications are private, so it is very important that chat apps meet those expectations of privacy,” he told LinuxInsider.

Obviously, if you’re a dissident in an autocratic country that cracks down on free speech, privacy is very important. However, it is also important to everyday people, said Bischoff, for “sending photos of their kids, organizing meetings, and exchanging Netflix passwords,” for example.

Potential Controversy

Telegram’s new unsend feature could stir controversy over the rights of parties to a message conversation. One user’s right to carry out a privacy purge could impact other participants’ rights to engage in discourse.

Regardless of who initiated the chat, any participant can delete some or all of the conversation. Criticisms voiced since the change in the company’s unsend policy suggest that the first participant to unsend effectively can remove control from everyone else. Telegram’s process allows deletion of messages in their entirety — not just the senders’ comments.

The chat history suddenly disappears. No notification indicates the message thread was deleted.

Privacy Treatments

Telegram Messenger, like its competitors, has had an “unsend” feature for the last two years. It allowed users to delete any messages they sent via the app within a 48-hour time limit. However, users could not delete conversations they did not send.

Facebook’s unsend feature differs in that it gives users the ability to recall a sent message — but only within 10 minutes of sending it.

“Telegram doesn’t enable end-to-end encryption by default, but you can get it by using the “Secret Chats” feature,” said Comparitech’s Bischoff.

End-to-end encryption ensures that no one except the intended recipient — not even Telegram — can decrypt messages, he said. WhatsApp and Signal encrypt messages by default.

Telegram has an incredibly strong brand, according to Jamie Cambell, founder of
Go Best VPN. It has a reputation for being the app of the people, since it’s been banned from Russia for not providing the encryption keys to the government.

“Its founder, Pavel Durov, actively seeks to fight censorship and is widely considered the Mark Zuckerberg of Russia,” he told LinuxInsider.

Why the Change?

The new unsend feature gives millions of users complete control of any private conversation they have ever had, according to Telegram. Users can choose to delete any message they sent or received from both sides in any private chat.

“The messages will disappear for both you and the other person — without leaving a trace,” noted the Telegram Team in an online post.

The change was orchestrated “to improve the privacy of the Telegram messaging application,” the post continues. “Its developers upgraded the Unsend feature “to allow users to remotely delete private chat sessions from all devices involved.”

The privacy changes are to protect users, according to the company. Old forgotten messages might be taken out of context and used against them decades later.

For example, a hasty text sent to a girlfriend in school can return to haunt the sender years later “when you decide to run for mayor,” the company suggested.

How It Works

Telegram users can delete any private chat entirely from both their device and the other person’s device with just two taps.

To delete a message from both ends, a user taps on the message and selects the delete button. A message windows then asks the user to select whether to delete just his/her chat messages or those of the other participants as well.

Telegram’s new feature lets users delete messages in one-to-one or group private chats. Selecting the second choice deletes the message everywhere. Selecting the first choice only removes it from the inbox of the user initiating the delete request.

The privacy purge allows users to delete all traces of the conversation, even if the user did not send the original message or begin the thread.

Forwarding Controls Added

Telegram also added an Anonymous Forwarding feature to make privacy more complete. This feature gives users new controls to restrict who can forward their messages, according to Telegram.

When users enable the Anonymous Forwarding setting, their forwarded messages no longer will link back to their account. Instead, the message window will only display an unclickable name in the “from” field.

“This way people you chat with will have no verifiable proof you ever sent them anything,” according to Telegram’s announcement.

Telegram also introduced new message controls in the app’s Privacy and Security settings. A new feature called “Forwarded messages” lets users restrict who can view their profile photos and prevent any forwarded messages from being traced back to their account.

Open Source Prospects

The Telegram application programming interface
is 100 percent open for all developers who want to build applications on the Telegram platform, according to the company.

“Open APIs allow third-party developers to create applications that integrate with Telegram and extend its capabilities,” Bischoff said.

Telegram may be venturing further into open source terrain. The company might release all of the messaging app’s code at some point, suggests a note on its website’s FAQ page. That could bode well for privacy rights enthusiasts.

“Releasing more of the code will have a positive effect on Telegram’s appeal, barring any unforeseen security issues. That allows security auditors to crack open the code to see if Telegram is doing anything unsafe or malicious,” Bischoff added.

Win-Win Proposition

Telegram’s new take on protecting users’ privacy rights is a positive step forward, said attorney David Reischer, CEO of
LegalAdvice.com. It benefits both customers who want more control over how their data and communications are shared and privacy rights advocates who see privacy as an important cornerstone of society.

It is not uncommon for a person to send a message and then later regret it. There also can be legal reasons for a person to want to delete all copies of a previously sent message.

For example, “a person may send a message and then realize, even many months later, that the communication contained confidential information that should not be shared or entered into the public domain,” Reischer told LinuxInsider.

Allowing a person to prevent the communication from being forwarded is also an important advance for consumers who value their privacy, he added. It allows a user to prevent sharing of important confidential communications.

“Privacy rights advocates, such as myself, see these technology features as extremely important because the right to privacy entails that one’s personal communications should have a high standard of protection from public scrutiny,” Reischer said.

Still, there exists a negative effect when private conversations are breached through malicious actors who find an unlawful way to circumvent the privacy features, he cautioned. Ultimately, the trust and confidence on the part of senders could be misplaced if communications turn out to be not-so-private after all.

Privacy Concerns First Priority

Privacy is extremely important to those who use chat communications — at least those who are somewhat tech-savvy, noted Cambell. For Telegram, privacy is the most important feature for users.

Privacy is extremely important to many Americans who want to have private conversations even when the communications are just ordinary in nature, said Reischer. Many people like to know that their thoughts and ideas are to be read only by the intended recipient.

“A conversation taken out of context may appear damnable to others even when the original intent of the message was innocuous,” he said.

Additionally, many professionals of various trades and crafts may not want to share their confidential trade secrets and proprietary information, Reischer added. “Privacy is important to all business people, and there is typically an expectation of privacy in business when communicating with other coworkers, management, legal experts or external third parties.”

Other New Features

Telegram added new features that made the app more efficient to use. For example, the company added a search tool that allows users to find settings quickly. It also shows answers to any Telegram-related questions based on the FAQ.

The company also upgraded GIF and stickers search and appearance on all mobile platforms. Any GIF can be previewed by tapping and holding.

Sticker packs now have icons, which makes selecting the right pack easier. Large GIFs and video messages on Telegram are now streamed. This lets users start watching them without waiting for the download to complete.

VoiceOver and TalkBack support for accessibility features now support gesture-based technologies to give spoken feedback that makes it possible to use Telegram without seeing the screen.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source link

The Rise of Activism in Tech Companies | Best of ECT News

This story was originally published on TechNewsWorld on Oct. 22, 2018, and is brought to you today as part of our Best of ECT News series.

Things have been changing at an almost unprecedented rate with regard to power structures. The last time I saw this happen was in the 1970s, when the Equal Employment Opportunity Commission took off. Suddenly a lot of the off-color, sexist and racist jokes that many executives regularly told could get them fired. A surprisingly large number of people got reassigned, fired, demoted, or otherwise punished for the same behavior that previously had made them “one of the guys.”

With the current #MeToo movement, any hint of wrongdoing — not only recent but going back to your youth — can have dire consequences on job prospects, image, and (depending on what you did) freedom.

This isn’t the only change. Employees who often were taken for granted — who might have faced firing or layoffs if they suggested going public with their anti-management views — have been popping up as a force in places like Google and Amazon.

What triggered this column was coverage of an employee event at Amazon, where employees spoke out against the firm’s efforts
to sell facial recognition to law enforcement.

To a large degree, it mirrored Google employees rising up and
stopping Google’s work with the Department of Defense, and Facebook employees
taking issue with an executive who stood behind the confirmation of the latest Supreme Court justice. (There is currently a huge effort
to remove Zuckerberg as chairman, which may be partially related to this.)

The power structure is changing, and if executives don’t get a clue, we likely will see the rise of a new and far more powerful set of unions — not based on old structures, but with the power of social media behind them. I think Cisco (and a few others) have a defense for this. I’ll explain and then close with my product of the week: the BlackBerry Key2, which has become my new favorite smartphone.

Rise of the Employee

The trigger for this apparent power shift from executive management to line employees has been the increasingly severe shortage of qualified employees across a variety of industries. In many of them — nursing, truck driving, etc. — legacy unions exist, which seem to be forming a barrier preventing the use of new tools (read social networks) as a weapon of change.

However, in the technology market, unions are almost nonexistent. That appears to have forced a dynamic rise of semi-organized employee actions against perceived bad corporate behavior.

This is particularly noticeable with millennial employees who have yet to be indoctrinated into the corporate way of doing things and appear to be resisting that indoctrination. Certainly, we’ve all seen new employees coming in with little or no job experience behaving badly because they don’t yet know the rules — but never at what appears to be a loosely organized effort to make change.

Typically, these indoctrinated employees either conform or they are forced to find employment elsewhere. With the shortages, though, firms have been less willing to fire or even strongly reprimand employees who are acting out, for fear of losing them and falling behind performance metrics.

There are concerns that either a reprimand or termination could result in a broad, coordinated, public social media backlash, which could be severely career limiting for the executive or manager who triggered the event (managers don’t appear to be as well protected right now).

New Class of Unions

Existing unions are largely ineffective today. I observed a strike action at a hotel the other day where the folks picketing (likely hired specifically for that task) were doing as much as they could to be annoying. However, the people they were pissing off were primarily folks who lived in the area, folks who were still working at the hotel, and folks who were checking into the hotel (guests who already had reservations).

There was very little impact, if any, on the decision-making executives, on people who had not yet booked, or on investors in the property. In short, because the striking union was using legacy methods that were overcome easily, the action was ineffective.

However, it is clear that tech workers have begun going down a very different path. Millennials came up with social media. They know how to use it both to coordinate their actions and to have a far broader impact.

So far, there isn’t a broad effort to organize, but ad hoc efforts have been making an impressive impact on the policies of the firms they have targeted, giving the impression that if these groups were to organize fully and seek government protection, they’d likely have more power than any traditional union has had in years.

Social media is a huge force multiplier, and it can undermine targeted executives, result in broad boycotts, and even trigger government intervention.

Cisco’s Defense

One of the companies I watch closely is Cisco, and it has been at the forefront of
creating programs that improve the world. Most of the activist efforts I’ve noted have been aimed at forcing firms to be more socially responsible.

Cisco’s programs have attacked homelessness, addressed severe problems in South Africa, and implemented aggressive plans to mitigate natural disasters around the world. Currently Cisco ranks No. 8 on a list of
best places to work in the world. (It is interesting to note that Facebook, Google, Twitter and other newer firms that once seemed to be the most desirable didn’t even make the cut).

If a firm is aggressively socially responsible, the need for its own employees to force the company to change should fall below critical mass, making the formation of a union — formally or informally — less likely. Why go through the risk of pissing off your company if the firm already seems to be acting more responsibly than most?

This behavior has the dual benefit of attracting millennials who want to participate in this socially responsible behavior. Cisco isn’t alone in this. There’s also Dell, with its aggressive programs to advance women, and HP, with its programs to improve the lot of children in emerging and war-torn regions.

It isn’t just tech firms that are getting a clue. For instance, SodaStream has funded a huge effort to collect plastics contaminating the ocean.

I’m sure most firms eventually will find it far easier to ensure good behavior and prevent the rise of social media-powered unions than to face them in real time. Once started and in place, these unions wouldn’t be mitigated by financial restrictions or even common sense, and the result could be devastating for some firms. Activist employees could force an overcorrection, or do damage to revenue streams that could require decades to recover.

In other words, the best defense may be a social responsibility offense.

Summing Up

Thanks largely to a massive shortage of qualified workers across several industries, coupled with the impact of an incoming social media-aware workforce, a new power has been rising. That power currently appears loosely coordinated, but it is strong enough to impact unusually influential CEOs like Zuckerberg and Bezos.

If these groups formally organize and seek government protection as unions, it could flip the power balance in the impacted companies from executives to employees, with their impact broadening from social responsibility to more traditional wage and benefit efforts. (The massive compensation imbalance between line workers and, particularly, CEOs would be a natural target for employee activism.)

As Cisco has demonstrated, a strong defense — with aggressive social responsibility and making the company a great place to work — may be the best path to ensure the firm isn’t crippled by this power change. I expect most firms won’t see this coming, and that the end result will be dire — but it is totally avoidable.

Rob Enderle's Product of the Week

One of the best examples I have that the human race isn’t particularly sharp is the industry’s shift from BlackBerry (a secure platform based on productivity) to Apple, (a relatively unsecure platform based on entertainment). Not to mention that we traded the ability to blind type on a BlackBerry (so your eyes could remain on where you were walking or driving) for a screen phone design that requires the user’s full attention — which has contributed to an impressive number of deaths and accidents.

A lot of us have poor impulse control, and a lot of us may die because our screen phone pinged us at the wrong time and we couldn’t resist shifting our attention to it.

BlackBerry Key2 is the latest BlackBerry phone, and while those of us who still use BlackBerry phones are an ever more exclusive group, I also think the implication is that we are smarter than our screen phone-focused counterparts.

BlackBerry Key2

BlackBerry Key2

This is because the security capability and productivity features in this phone exceed all others, making it an asset that’s likely to increase your earning potential, instead of a tool that might one day kill you.

Sadly, the device no longer has the near week of battery life old BlackBerry phones boasted, having given way to a far sleeker and more contemporary design. Both the keyboard and its performance are up sharply from the KeyONE phone that preceded it. The screen quality and design of the phone has improved as well, along with the dual lens camera.

If you want a phone that is tool than a toy, that is less likely to get you into an accident and is far more secure, the BlackBerry Key2 stands out as my favorite smartphone, and it is my product of the week.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Rob Enderle has been an ECT News Network columnist since 2003. His areas of interest include AI, autonomous driving, drones, personal technology, emerging technology, regulation, litigation, M&E, and technology in politics. He has an MBA in human resources, marketing and computer science. He is also a certified management accountant. Enderle currently is president and principal analyst of the Enderle Group, a consultancy that serves the technology industry. He formerly served as a senior research fellow at Giga Information Group and Forrester.
Email Rob.

Source link

Should You Run Linux Apps on Your Chromebook? | Best of ECT News

By Jack M. Germain

Jan 19, 2019 5:00 AM PT

This story was originally published on Oct. 25, 2018, and is brought to you today as part of our Best of ECT News series.

Linux apps now can run in a Chromebook’s Chrome OS environment. However, the process can be tricky, and it depends on your hardware’s design and Google’s whims.

It is somewhat similar to running Android apps on your Chromebook, but the Linux connection is far less forgiving. If it works in your Chromebook’s flavor, though, the computer becomes much more useful with more flexible options.

Still, running Linux apps on a Chromebook will not replace the Chrome OS. The apps run in an isolated virtual machine without a Linux desktop.

If you are not familiar with any Linux distribution, your only learning curve involves getting familiar with a new set of computing tools. That experience can pique interest in a full Linux setup on a non-Chromebook device.

Why tool around with adding Linux apps to the Chromebook world? One reason is that now you can. That response may only suit Linux geeks and software devs looking to consolidate their work platform, though.

Want a better reason? For typical Chromebook users, Linux apps bring a warehouse of software not otherwise available to Chromebooks. Similarly, the Google Play Store brought a collection of apps to the Chromebook that had been beyond the limitations of the Chrome Web Store for Android phone and tablet users. The Debian Linux repository expands the software library even more on the Chromebook.

All Chromebooks Are Not Alike

I have used a series of Chromebooks to supplement my Linux computers over the years. When Android apps moved to the Chromebook, I bought a current model that supported the Play Store. Unfortunately, that Asus C302CA wimped out as a Linux apps machine. See more below on why that Chromebook and others fail the Linux apps migration.

I replaced that Asus Chromebook with a newer model rated to run Linux apps, the Asus C213SA. It came preconfigured to run both Android and Linux apps. The Play Store was already enabled and installed. The Linux Beta feature was installed but not activated. Completing that setup took a few steps and about 15 minutes.

As I will run down shortly, these two relatively recent Chromebooks have a world of differences under the hood. They both run the same qualifying Chrome OS version. They have different classes of Intel processors. Google engineers blessed one but not the other with the ability to run the new Linux apps technology.

The process of running Linux apps on a Chromebook requires loading the essential Linux packages to run a terminal window in a sandbox environment within the browser User Interface. You then use APT commands to get and install desired Linux applications.

The original concept for the Chromebook was to tap into the Google Chrome browser to handle everyday computing chores that most users did in a browser on a full-size computer anyway. You know — tasks that involve Web surfing, emails, basic banking, reading and writing online.

The software tools were built in, so massive onboard storage was not needed. The always-connected Chromebook was tethered to your Google Drive account.
Chromebooks ran the Chrome browser as a desktop interface. Google’s software infrastructure was built around Google Docks and Chrome apps from the Web Store.

Then came integration of Android Apps running within the Chromebook environment. That let you run Android apps in a Chrome browser tab or in a separate window. The latter option gives the illusion of being a separate app window, as on an Android phone or tablet.

Not all Chromebooks can run Android apps, though. The older the model, the less likely it has Android support. Now that same concept is integrating Linux applications within the Chromebook environment. Linux apps run as a standalone program in a special Linux container on top of the Chrome OS.

Expanding Functionality

You have two options in managing Linux software on a Chromebook. One is to use the APT command line statements within a terminal window to get and install/uninstall each Linux application. The other strategy is to use APT to install access to the Debian software repository and use a graphical package manager tool to install and remove Linux applications.

This process forces the Chromebook to do something it was not designed to handle. It must store the Linux infrastructure and each installed application locally. That added storage impact will do one of two things: It will force devs to cram more storage capacity into the lightly resourced Chromebooks; or it will force users to limit the extent of software downloading.

Either way, the ability to run Linux apps on a qualified Chromebook expands the computer’s functionality. In my case, it lets me use Linux productivity tools on a Chromebook. It lets me use one computer instead of traveling with two.

Running Linux apps on qualified Chromebooks is not Google’s first attempt to piggyback the Linux OS onto Chromebook hardware. Earlier attempts were clunkier and taking advantage of them required some advanced Linux skills.

Chrome OS is a Linux variant. Earlier attempts involved using
Crouton to install the Linux OS on top of the Chrome OS environment. Google employee Dave Schneider developed the Crouton OS. Crouton overlays a Linux desktop on top of the Chrome OS. Crouton runs in a chroot container.

Another method is to replace the Chrome OS with the
GalliumOS, a Chromebook-specific Linux variant. To do this, you must first switch the Chromebook to Developer Mode and enable legacy boot mode.

Like other Linux distros, you download the ISO variant specific to your Chromebook and create a bootable image on a USB drive. You can run a live session from the USB drive and then install the Gallium OS on the Chromebook. GalliumOS is based on Xubuntu, which uses the lightweight Xfce desktop environment.

The Crostini Project

The Crostini Project is the current phase of Google’s plan to meld Linux apps onto the Chrome OS platform. The Crostini technology installs a base level of Linux to run KVM, Linux’s built-in virtual machine (VM).

Then Crostini starts and runs LXC containers. It runs enough of Debian Linux to support a running Linux app in each container.

The Crostini technology lets compatible Chromebooks run a completely integrated Linux session in a VM that lets a Linux app run. This latest solution does not require Crouton and Developer Mode. However, the particular Chromebook getting the Linux Apps installation might need to change modes to either Beta or Developer channels.

With the help of Crostini, the Chrome OS creates an icon launcher in the menu. You launch the Linux apps just like any Chromebook or Android app by clicking on the launch icon. Or you enter the run command in the Linux terminal.

In an ideal computing world, Google would push the necessary Chrome OS updates so all compatible units would set up Linux apps installation the same way. Google is not a perfect computing world, but the Chromebook’s growing flexibility makes up for that imperfection.

Not all Chromebooks are compatible with running Linux apps using Crostini. Instead, there is a minimal setup for newer Chromebooks that come with Linux Beta preinstalled. Other Chromebook models that have the required innards and the Google blessing have a slightly more involved installation and setup process to apply.

ASUS Chromebook Flip C213SA Chrome OS settings panel

The ultimate installation goal is to get the Linux (Beta) entry listed on the Chrome OS settings panel.

Basic Requirements

Installing Linux apps requires your Chromebook to be running Chrome OS 69 or later. To check, do this:

  • Click your profile picture in the lower-right corner.
  • Click the Settings icon.
  • Click the Hamburger icon in the upper-left corner.
  • Click “About Chrome OS.”
  • Click “Check for updates.”

Even with Chrome OS 69 or newer installed, other factors determine your Chromebook’s suitability to run Linux apps. For example, Linux runs on Chromebooks with an operating system based on the Linux 4.4 kernel. Some older Chromebooks running Linux 3.14 will be retrofitted with Crostini support. Others will not.

According to Google’s
documentation notes, any Chromebook outfitted with the Intel Bay Trail Atom processors will not support Linux apps. That seems to be the reason for my Asus C302CA failing the Linux suitability test.

Other bugaboos include 32-bit ARM CPUs. Also a negative factor are firmware issues, limited storage and RAM capacities.

Overall, few current Chromebooks have the basic hardware needed: Crostini, kernel 3.18 based on the Glados baseboard with the Skylake SoC, and an adequate processor. Those basic system requirements could change as Google engineers fine-tune the Crostini technology. Of course, newer Chromebook models no doubt will become available as the Crostini Project moves beyond it current beta phase.

Here is a
list of Chromebooks that are expected to receive upgrades OTA to support Linux Apps eventually.

Even if your Chromebook seems to have all of the required hardware and lets you activate Crostini support, Google specifically must enable one critical piece of technology to let you run Linux. This is the major rub with the process of putting Linux apps on earlier model Chromebooks.

Google also must have enabled the Linux VM for your hardware. Find out if your Chromebook has been blessed by the Google gods after completing the channel change and flag activation: Open Chrome OS’ built-in shell, crosh; then run this shell command —

vmc start termina

If you get a message saying that vmc is not available, your quest to put Linux apps on that particular Chromebook is over.

You can skip the crosh test if you do not see “Linux (Beta)” listed on the Chrome OS Settings panel (chrome://settings). Linux will not run on your Chromebook, at least not until Google pushes an update to it. If you do see “Linux Beta” listed below the Google Play Store in the settings panel, click on the label to enable the rest of the process.

First Steps

Some models that can run Crostini include newer Intel-powered Chromebooks from Acer, Asus, Dell, HP, Lenovo and Samsung. Check this source for a crowdsourced
list of supported Chromebooks.

If your Chromebook supports Crostini and is new enough, Crostini support already may be installed in the stable channel by default. In that case, change the flag in the Chrome OS [chrome://flags] on the Chrome browser’s address line to enable Crostini.

Otherwise, you will have to apply several steps to get all of the working pieces on the Chromebook. This can include switching your Chromebook from the stable update channel to the developer channel or the Beta channel, depending on the hardware and the make/model. You also will have to download special software using commands entered into a terminal window.

If you have a recent Chromebook model with built-in Linux apps support, you will see “Linux Beta” listed in the left column of the Settings Panel [chrome://settings]. All you have to do is click on the label and follow the prompts to enable the Linux apps functionality.

ASUS Chromebook Flip C213SA  Linux terminal and Geany Linux app

The Linux terminal and Geany Linux app display in the Chrome OS menu along with Chrome and Android apps.

If your Chromebook is not already set with Linux enabled, first, switch it to the developer channel and then enable the Crostini flag. Here is how to do each step.

Do this to change Chromebook modes:

  • Sign in to your Chromebook with the owner account.
  • Click your account photo.
  • Click Settings.
  • At the top left, click Menu.
  • Scroll down and click “About Chrome OS.”
  • Click “Detailed build information.”

Next to “Channel” click the Change channel button and select either Beta or Developer. Then click the Change Channel button. Depending on your Chromebook model, either one could be what your hardware needs. I suggest starting with Developer channel. If that does not install the Linux Beta software, redo the process in the Beta channel.

When the channel change operation is completed, click the “Restart your Chromebook” button.

Caution: You can reverse this process by changing back to the stable channel at any time. Google servers automatically will force a power wash when you restart your Chromebook to return to the stable channel. When you sign into your Chromebook, you will have to do an initial setup just as you did when unboxing it, but Google will restore most if not all of your previous software and settings. Make sure you backed up any documents stored locally, however.

Do this to set the Crostini flag to enabled:

  • Click on the address bar.
  • Type chrome://flags and press Enter.
  • Press Ctrl + F on your keyboard.
  • Scroll down the list to find “Crostini.” Type Crostini in the search bar. Select Enable.
  • Click Restart at the bottom of the screen.

Final Pieces

At this current phase of Beta Linux on Chromebooks, once you get to seeing “Linux Beta” on the Chrome Settings Panel, you must download the final pieces manually to get and run Linux apps. Open the Chrome settings panel, click the Hamburger icon in the upper-left corner, click Linux (Beta) in the menu. Then click “Turn on.”

The Chromebook will download the files it needs. When that process is finished, click the white circle in the lower-left corner to open the app drawer. You will see the Linux Terminal icon. Click it.

Type in the command window and then press the Enter key to get a list of Linux components that need updating:

sudo apt update

Then type in the command window and press the Enter key to upgrade all the components:

sudo apt upgrade

When that’s finished, type y to remove excess files. Press Enter.

Now you are ready to download the Linux apps to make using your Chromebook more productive and more flexible. At least for now, you must open the Linux terminal window and enter APT commands to install or remove your selected Linux apps.

This is a simple process. If you have any uncertainty about the commands, check out this helpful
user guide.

User Experience

This article serves as a guide for the current state of running Linux apps on compatible Chromebooks. It is not my intent to review specific Chromebooks. That said, I have been very pleased with my latest Asus Chromebook.

The only thing lacking in the 11.6-inch Asus C213SA is a backlit keyboard. The Asus C302CA has both a backlit keyboard and a one-inch larger screen. They both have touchscreens that swivel into tablet format and run Android apps. Losing a tiny bit of screen size and a backlit keyboard in exchange for running Linux apps is a satisfying trade-off.

My original plan was to install a few essential tools so I could work with the same productivity apps on the Chromebook that I use on my desktop and laptop gear. I was using Android text editor Caret for much of my note-taking and review article drafts. It lacks a spellchecker and split-screen feature. However, it easily accesses my cloud storage service and has a tabbed structure, making it a close replacement for my Linux IDE and text editor app, Geany.

I installed Geany as the first Linux app test on the Asus C213SA Chromebook. It worked like a charm. Its on-screen appearance and performance on the Chromebook was nearly identical to what I experienced for years on my Linux computers.

ASUS Chromebook Flip C213SA Linux IDE text editor Geany

Proof positive! The Linux IDE text editor Geany shares screen space with the Chrome OS on a compatible Chromebook.

The Linux Beta feature on Chromebooks currently has a Linux files folder that appears in the Chrome OS Files Manager directory. Any document file that you want to access with a Linux app must be located in this Linux files folder. That means downloading or copying files from cloud storage or local Chromebook folders into the Linux files folder.

It is a hassle to do that and then copy the newer files back to their regular location in order to sync them with other Chromebook and Android apps or cloud storage. If you do not have to access documents from Linux apps on the Chromebook, your usage routine will be less complicated than mine.

Bottom Line

The Linux apps’ performance on Chromebook in its current Beta phase seems to be much more reliable and stable than the Android apps integration initially was. Linux apps on Chromebook will get even better as Crostini gets more developed.

Chrome OS 71 brings considerably more improvements, according to various reports. One of those changes will let the Linux virtual machine be visible in Chrome OS’ Task Manager.

Another expected improvement is the ability to shut down the Linux virtual machine easily.

An even better expected improvement is folder-sharing between the Linux VM and Chrome OS. That should resolve the inconvenience of the isolated Linux files folder.

Is it justifiable to get a new “qualified” Chromebook in order to run Linux apps on it? If you are primarily a Linux distro user and have settled for using a Linux-less Chromebook as a companion portable computer, I can only say, “Go for it!”

I do not think you will regret the splurge.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Source link