Insights For Success

Strategy, Innovation, Leadership and Security

General

How to install Firefox on a Chromebook

GeneralEdward KiledjianComment
red-panda-505146.jpg

There are many reasons why you may want to install Firefox on a Chromebook (could be for security, privacy or just as a technical challenge). You could install the Android app but that isn’t a full featured browser. Here are the instructions on how to install it in the Linux container.

Go to Settings

Screenshot 2019-09-16 at 1.40.24 PM.png

Search for Linux and Turn it On.

Screenshot 2019-09-16 at 1.41.30 PM.png

You will get the installation window. Continue and let it complete.

Prepare Linux

You will then be presented with the terminal window, run an update then an upgrade.

Screenshot 2019-09-16 at 1.48.14 PM.png
sudo apt update
Screenshot 2019-09-16 at 1.48.40 PM.png
sudo apt upgrade

Install Firefox on ChromeOS

Now we are ready to install Firefox.

Got to the terminal and enter sudo apt install firefox-esr

Screenshot 2019-09-16 at 1.53.08 PM.png

Now you can start Firefox by entering the firefox-esr command to invoke the app.

Screenshot 2019-09-16 at 1.54.59 PM.png

If you want to invoke Firefox-Esr but also need your terminal to work (at the same time), use the command firefox-esr &

It's time to evaluate your company

GeneralEdward KiledjianComment
periodic-week-4420676.jpg

As we pass to the second half of the year, many companies start their annual merit review cycle. It is an opportunity for your leaders to evaluate the corpus of your work and determine how much value you delivered to the company (thus deserving a salary adjustment).

What employees often forget is that they too should use this period as an opportunity to determine if they are doing the right job, in the right company & at the right compensation level.

Read my blog entry The “You” Brand

The 4 power questions

  1. Do you like what you are doing?

  2. Do you like who you are doing it with and where you are doing it?

  3. Does your company offer a path your desired future job?

  4. Are you fairly compensated

As we walk through each of these questions, it is important to remember that there is no "perfect" life partner and there is no "perfect" company. What we are trying to determine is: "Is this company the right one for your at this moment in time".

It is important to evaluate the questions in the order I have presented them.

Do you like what you are doing?

Ask yourself if you (honestly) are excited about the work you are doing. When Friday comes along, do you turn off “work mode” until Monday morning? If you do then you have a job, not a career. It means you are not passionate about your chosen profession and it may be time to figure out “what you want to be when you grow up”.

Do you like who you are doing it with and where you are doing it?

Many leaders would probably break this question down into 2 separate ones (one for people and one for the company) but I believe they work better together.

You may like your job but do you like the people you are doing it with? There is no perfect environment but overall, do you enjoy collaborating and working with most of your co-workers? Are you surrounded by like-minded people who challenge you and respect you? Do the people you work with care as much about you, as you do for them?

In the same vein, do you like working for your company? Do you share the vision, mission and core values of your company? A 2017 MetLife survey found employees (9/10) would rather work for a company that shared their values than one that offered higher pay. The survey also found that employees were willing to take a 21% pay cut to work for that better-aligned company (jumped to 34% for millennials).

This is also the category I include work-life alignment in. Does the ratio of work-life balance the company expects to, align with what you are looking for?

Obviously, every employee’s requirements are different but the importance of this alignment is undeniable.

If you love your job (question 1) and you love who you work with (where), then work doesn’t feel like work. You can enjoy going to work and living your best life.

Does your company offer a path your desired future job?

Not everyone is looking for career advancement but most of you probably are. Does your company offer a supportive, nurturing environment where you can learn and grow? Are executives willing to take a chance with less experienced employees, allowing them to develop? Are executives willing to coach and guide employees to develop their skills in preparation for future promotion? Last, but not least, does the company promote from within or do they hire most leaders from the outside?

Are you fairly compensated

The question about compensation was purposefully left until the end. Every other question we have examined will feed into this one.

The old 1980's corporate mantra was :

"Employees work just enough not to get fired. Employers pay just enough so employees don't quit".

As stupid as this mantra sounds today, some older leaders still espouse this as a "nugget of wisdom" (do the companies values align with yours?).

The modern strategy of salary management dictates that companies must pay enough so employees aren't stressed about money and spend their mental energy on doing what they do best.

The real-world equation is more complicated and is a subjective evaluation of fair pay within the company (often difficult to judge because the information is not readily available), and compare to other organizations offerings for similar roles.

It is easy to understand why a company that compensates you properly, probably also values your skills and expertise properly.

Remember the MetLife survey, where employees were willing to work for less if the company's values aligned with their own? This is also true about the other 3 questions we previously discussed.

If you feel that the company's values don't align with yours and/or that the company doesn't offer career advancement and/or you dislike the people you work with, you may decide to stay but may demand a higher premium for the extra "suffering".

Conclusion

Ultimately this is a deeply personal introspection and one you must do honestly (regardless if you are a new graduate or a seasoned executive).

Your company evaluates you annually to decide if you are worth keeping, you should do the same and decide if the company is worth staying at.

The Phoozy spacesuit for your smartphone

GeneralEdward KiledjianComment
A_XP3_CosmicBlack_Hero_2cbc4a57-a1cf-46ba-955f-f050c9dba498_4000x@2x.progressive.jpg

What is a Phoozy?

The Phoozy is a NASA space-suit inspired jacket for your phone that protects it from the searing rays of the sun or the frigid battery killing cold of winter.

Have you ever gone to the beach and noticed your phone refusing to start with a temperature warning message (even though it was "protected" from the sun by a sun-umbrella?) The same happens at the other temperature extreme where the phone refuses to start because the components are too cold and the phone tries to protect itself.

The Phoozy is a well-insulated purpose-built capsule (made out of space material used to protect astronauts). The Chromium Thermal Barrier can reflex up to 90% of the sun's heating rays.

This is an important distinction some online testers didn't remember. These geniuses cooked their phones in the oven or left it in their locked cars, then complained the Phoozy didn't work. The Phoozy is not air conditioning, and work's by reflecting the sun's harmless rays but won't help if the ambient temperature is oven-like (a car under the direct sun can reach 170 degrees within an hour).

During the summer, I tested the Phoozy while at the beach, hiking or the amusement park. I used an old iPhone as my unprotected test "victim" and my Pixel 2 XL as my protected device. My Phoozy protected device never shut down because of heat, while the control iPhone regularly displayed that dreaded temperature warning message and refused to start until I cooled it down.

Water protection

The Phoozy case is buoyant and will float but the top isn't waterproof sealed (it's velcro). The Phoozy shouldn't be your go-to water protection solution. The fact it will float is a nice to have feature just in case.

Compare the Phoozy Apollo and XP3

I bought and tested the newer XP3. The Apollo & XP3 offer the same sun and cold protection, but the XP3 has slightly more padding (which is better for drop protection), it has attachment points (so you can hook it to the outside of a backpack) and an internal stash pocket (to store cards or cash).

The XP3 easily accommodated 5 credit cards and an iPhone XR, Pixel 2/3XL, or Samsung Galaxy S10.

Conclusion

I love my Phoozy and it has found a permanent place in my everyday carry backpack (which is high praise coming from me). Many colleagues and friends have also bought Phoozys and every one of them is extremely satisfied.

The Phoozy performs as advertised and is well made.

The Apollo XL retails for $29 which is a very fair price for the protection being offered. I believe most customers should opt for the newer XP3, but this retails for $49. I still recommend it, but think they should cut $10 from the price.

Watch Netflix safely in the office

GeneralEdward KiledjianComment

A new Chrome extension (called Netflix Hangouts) will make your Netflix stream look like a 4 person video conference by adding 3 additional video boxes onscreen. The Netflix show is housed in the bottom right hand box. You engage the extension by clicking on it and you stop it by clicking on it again (or closing the Netflix tab).

Screenshot 2019-07-08 at 2.53.10 PM.png

This will not trick network based traffic inspection devices. It just makes the screen look more business like. If your company employs network base traffic analysis, you may want to VPN out first.

Operational security tips to safeguard your privacy when crossing a border

GeneralEdward Kiledjian1 Comment
barbed-wire-1899854.jpg

Every week I read about another traveller that is hassled at the border to turn over his laptop, tablet or smartphone and their associated passwords. Knowing that a stranger has gone through your personal “stuff” feels dirty (similar to being robbed).

A question I get asked often by readers, friends and colleagues is “How do I travel through international borders without worrying that my life will be put on show for some stranger with a badge?”. You don’t believe that this can happen; here are some interesting articles:

Operational Security 101

The work of physical security and digital (cyber) security are merging fast and you cannot have one without the other. So what is a traveler to do?

  1. Identify your sensitive data. Before travelling, conduct an extensive analysis of the data you will be crossing the border with. This doesn’t just include intellectual property or employee information but remember that once authorities have access to your email, without you present, they can figure out what social media accounts you have, they can reset your password for any site, they can build a social graph of all your contacts (using your email, instant messages and contacts), etc.

  2. Prepare a lists of vulnerabilities you are subject to? You should consider everything from device theft to authorities riffling through your personal data with no regard for privacy.

  3. Determine your risk level for each vulnerability. As long as you back up your data and your device is encrypted, then your risk after a theft is limited to the cost of replacing your device or scrambling to buy a new one while in transit. You will realize your risk level quickly rises when you consider the exponentially increasing risk of having your device analyzed at the border.

  4. Design your countermeasure plan. For each vulnerability, design a mitigation or risk minimization plan. This is what the rest of the article will talk about.

Countermeasures

Like a broken record, I will now extol the virtues of the Chromebooks and why many security professionals rely solely on these devices when security is essential. I know many of you will email me to explain why Google is evil and shouldn’t be trusted. I respect everyone’s opinion, and if you believe using Google products and services doesn’t meet your security requirements, then, by all means, choose something else.

A Chromebook is designed to be reinitialized anytime and to restore its state very quickly. Log into a device connected to a respectable network, and within minutes, you are back up and running with your apps, extensions, bookmarks and settings. Your data is stored in the cloud, and local device storage is encrypted.

Theft

If some numskull steals your device, you will have to buy a new one but at least your data is safely stored in the cloud, and there is no unencrypted data locally to expose you. I have had my device stolen on a train in Europe (on my way to speak at a conference). At my destination, I bought a Chromebook, used the store's WIFI to restore my device, and I was up and running within 30 minutes.

Border inspection

Border inspection is a different beast because they have the authority to force you to turn over your passwords. In this case, the only protection strategy is trickery.

For people crossing the border with sensitive information, I recommend that you use a Chromebook and sync everything to the cloud. Before travelling, you Powerwash the Chromebook (aka set it back to factory default) and then log into it with a dummy Google account.

This Google account should have some emails, contacts, favourites, files stored on your Google drive, etc. It should look like it is an authentic and genuine account. When your device is inspected, it will have nothing of interest, and you will not endanger your “real” data.

Once you cross the border, find a WIFI network, Powerwash your device and log in with your “real” account.

What about your smartphone

I trust the Chromebook Powerwash process enough to reuse a Chromebook that was inspected by border security but not a smartphone. Smartphones (iPhone or Android) do not have the excellent backup and recovery properties of the Chromebook. In most cases, I travel with a real fully loaded smartphone and will destroy it if it is ever taken from me. I will immediately change all my passwords and implement honeypot style detection tools to see if they attempt to exploit me.

What are these detection techniques I am talking about? Well one example is to use the Free Canary Tokens to generate different honeypots in your work environment.

Screenshot 2019-05-25 at 9.32.34 PM.png

As an example, you create an easy to find (weaponized) Word or PDF file (stored in your Google drive) and phone that sends out a beacon when it is opened. Think of these tools as motion sensors warning you that your digital being is at risk and that you need to take extraordinary measures to protect yourself.

Conclusion

An article about traveller airport border crossing security (OPSEC) can be very long, but I wanted to give you a gentle introduction. If you are a journalist, politician or senior executive at risk, hire a good security consultant to guide you. The most expensive advice is free advice.

If you are a journalist with a reputable organization working on high-risk reporting and need security advice, I am always available to provide free guidance. I believe free and open journalism is a pillar of our modern democracy.