TimburyDotOrg is owned and operated by Timbury Computer Services. For over ten years, Timbury Computer Services has shown home, small business and corporate clients how to use Linux and Open Source software to maximize efficiency and lower costs.
Updates: The TimburyDotNet web hosting site redesign is complete. Linux-only hosting!More...
Edwin Groothuis created a FreeBSD iPhone app that provides general information about FreeBSD, news, upcoming events, videos from YouTube (BSD conference) and so on. May be useful if you have an iPhone.
But the FreeBSD community is larger than just a…
Since ChromeOS requires Ubuntu to build the new operating system (and is based on it), I can’t ignore it, can I? I may get fancy-schmancy and build it if an image doesn’t come on-line in an hour or two.
About ChromeOS
Security
Open Development
Boot Speed
ChromeOS in Summary
The OS is Chrome, basically
All apps are web-based
There’s no permanent local storage and everything is stored on the Internet
But thumb drives are supported
Local config and cache are encrypted
File browsing is done from within Chrome
Music and videos, too
There’s no printing
The OS is self-repairing at boot, probably limiting the customization
But it’s largely open source so you can customize and compile your own
“They want, wherever feasible, to build on existing components and tools from the open source community without unnecessary re-invention. This clear focus should benefit a wide variety of existing projects and we welcome it.”[1]
D-Bus: The browser uses D-Bus to interact with the rest of the system. Examples of this include the battery meter and network picker.
Connection Manager: Provides a common API for interacting with the network devices, provides a DNS proxy, and manages network services for 3G, wireless, and ethernet.
WPA Supplicant: Used to connect to wireless networks.
Autoupdate: Our autoupdate daemon silently installs new system images.
Power Management: (ACPI on Intel) Handles power management events like closing the lid or pushing the power button.
xscreensaver: Handles screen locking when the machine is idle.
Standard Linux services: NTP, syslog, and cron.
Security Model
Process sandboxing
Mandatory access control implementation that limits resource, process, and kernel interactions
Control group device filtering and resource abuse constraint
Chrooting and process namespacing for reducing resource and cross-process attack surfaces
Media device interposition to reduce direct kernel interface access from Chromium browser and plugin processes
Toolchain hardening to limit exploit reliability and success
NX, ASLR, stack cookies, etc
Kernel hardening and configuration paring
Additional file system restrictions
Read-only root partition
tmpfs-based /tmp
User home directories that can’t have executables, privileged executables, or device nodes
Longer term, additional system enhancements will be pursued, like driver sandboxing
How encryption works
In a nutshell, each user gets an encrypted image file in a hidden directory that is created at her first login. Thereafter, each time she logs in, the encrypted image is unlocked and made available for use. On logout or reboot, the user’s data is locked away again. On some logouts, the encrypted image may be compacted. This step minimizes data loss due to file system fragmentation inside the image.
TimburyDotOrg is owned and operated by Timbury Computer Services. For over ten years, Timbury Computer Services has shown home, small business and corporate clients how to use Linux and Open Source software to maximize efficiency and lower costs.![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=1d223845-3c95-4268-9cb6-2c42de1a8c0c)
