Insights For Success

Strategy, Innovation, Leadership and Security

google

Exciting new multi-monitor feature coming to Chromebooks

GeneralEdward Kiledjian

Every professional understands the power of a dual screen setup. The additional real estate enables a more fluid and productive work process.

I use a tone of platforms (mainframe & mini to Mac, Windows and Linux) and I find that ChromeOS handles multi-screen setups with ease and grace. Every time I have hooked an external display to a "good" Chromebook (something that costs $500 or more), it has worked flawlessly immediately without having to fiddle or fine tune.

I have successfully connected 2 external monitors to my Pixelbook at work using a Lenovo USB hub but this isn't something most people will have access to and therefore the 3 monitor option normally isn't used.

We know the sultan of search, El Goog, is working on an elegant solution to solve this 2 external monitor issue using a technology called display daisy chaining. This is something that is known in the industry but not currently supported on ChromeOS. The idea is to connect one USBC monitor to your Chromebook and then connect the second USBC monitor to the first one (as long as the monitor supports it).

This means you can connect (eventually) one cable to your device and everything just works. Technically this daisy chaining will be able to go beyond 2 external monitors to a larger number (as long as your device hardware can push the required number of pixels).

This is a request we have regularly seen in the Chromium forums

How do we know it is coming? We know it is coming because we can see a commit for Multi-Stream Transport Support or something called Hatch.

The commit enables a chip to support the Multi-Stream flow and there is a good chance this won’t be enabled on existing older Chromebooks. We know that generically Multi-Stream required DisplayPort 1.2 and a handful of Chromebooks already have it so… There is hope for existing customers. We will just have to wait and see.

Many of you know I love my Pixelbook and may be wondering… “Does the Pixelbook support displayport?”

The answer is that the Pixelbook does support Displayport. The USBC ports on the Pixelbook are of type 3.1 Gen1 and support PowerDelivery (PD), DisplayPort (DP) and HDMI.

We don’t know which version of ChromeOS this will be enabled in yet. That’s all for this article dear readers. Stay tuned for more cool tech news as I find them.

Google to protect users from IDN Homograph Attacks

GeneralEdward Kiledjian

What geeks call an International Domain Name Homograph Attack, the general public calls typo-squatting. This is when threat actors buy domain names that are close to popular ones hoping to trick users, examples:

  • gma1l.com instead of gmail.com

  • paypa1.com instead of paypal


To help protect users from these tricksters, Google is launching Navigation suggestions for lookalike URLs. Think of this as an AI powered auto-correct for URLs. This feature is in active experimentation in Canary 70 and should enter the mainstream version in the coming months. A google engineer even spoke about it at the Usenix conference.

If you are one of the courageous experimenters running Canary, you can enable this feature now using this flag:

chrome://flags/#enable-lookalike-url-navigation-suggestions

Google One finally available to all US customers

GeneralEdward Kiledjian

I first wrote about Google One in May 2018, when it was still shrouded in secrecy.  The new storage program with improved storage capacities was an invitation-only program until today (for US residents anyway).

Per the original (Google Drive) model, storage is shared across all of the Google properties you use (GMAIL, Photos stored in full resolution, Drive, etc.)

  • 100 GB for $1.99
  • 200 GB for $2.99 (New)
  • 2 TB for $9.99 (2TB for the price of 1TB on the old plan)
  • 10 TB for $99.99
  • 20 TB for $199.99
  • 30 TB for $299.99

If you use the Google Family sharing program (not available to Google Apps accounts, unfortunately), you can share your Google One storage with up to 5 family members. In addition to storage, Google is offering Google Play credit to Google One subscribers and promises to add even more benefits (24x7 support is now also included).

Many still see the Google One page as invitation only but expect this to change shortly. Rolling this new program out to its millions of customers is likely being undertaken in stages.

As a Canadian, I anxiously await any indication about when it will open for us.

Google Chrome's Spectre Mitigation is consuming 10% more RAM

GeneralEdward Kiledjian

Google Chrome has always been a resource hog, but you may have noticed it's been consuming just a little bit more RAM lately (on your desktop).

This new more demanding Chrome is because of the Google's Spectre mitigation efforts.
The Google Chrome security team has enabled site isolation as a default (in Chrome v67 for desktops). Justin Schuh, head of Google Chrome Security, explained that site isolation separates each website process thereby preventing a malicious tab from stealing data from another.

When Site Isolation is enabled, each renderer process contains documents from at most one site. This means all navigations to cross-site documents cause a tab to switch processes. It also means all cross-site iframes are put into a different process than their parent frame, using “out-of-process iframes.”

Don't expect to see this update on the Android version anytime soon, the resource consumption requirements are too high (for now).

Chrome is obviously my browser of choice but I have been concerned at the amount of resources it requires and this move (although right from a security perspective) further pushes Chrome in the wrong direction. 

Additional reading:

Chromebooks are great and here are some myths you might believe

GeneralEdward Kiledjian

Anytime I pull out a Chromebook in a professional setting, colleagues and friends are dumbfounded how a tech geek like me would "settle" for a browser only thin client. People are downright shocked when I pull out my $1200 Pixelbook. 

Why would I buy a "browser only" device when I could use a Windows or Mac device that can run the Chrome browser but do so much more?

Chromebooks can't run apps

If you are reading this article, there is a good chance you are not a millennial that grew up with iPads and smartphones. For you, a personal computing device (Windows, Mac or Linux) needs to run native apps. I'm here to shock you but Chromebooks (ChromeOS) devices do and do it without requiring dual-booting.

Chromebooks run Android apps. Most modern Chromebooks can easily install and run most Google Play store Android apps. The list of Android app capable devices is extensive and growing daily (list).

The most common Microsoft Office apps for Android (Word, Excel and Powerpoint) run surprisingly well on Chromebooks. 

Chromebooks will run Linux apps. VentureBeat first reported this and it was later confirmed during Google IO 2018. Goole's Chromebooks will be able to run native Linux applications using the built-in container technology (without dual-booting or emulation). 

Chromebooks will run Windows apps. CrossOver has a Chromebook app that will allow users to run Windows-only apps (like Quicken and Microsoft Office) on a Chromebook without needing to install Windows. 

Truth is that most users, will not need any of these functionalities most of the time. With a little updating of your work structures, you will likely be able to work on a Chromebook 98% of the time without needing to run Windows or Linux apps, but it's nice to know you can.

As an example, I switched to Polarr for my photo editing and it does everything I need. It is affordable, cross-platform and worth like a charm on Chromebooks. If you are looking for a very good password manager, you can use the Steve Gibson approved LastPass

Chromebooks are slow

You get what you pay for. When you compare dollar for dollar a Chromebook will always be fast, more reliable and more secure than Windows, Mac or Linux. The comparison most people late is a $1000 Macbook to a $250 Chromebook. That simply isn't a fair comparison. Chromebooks have become the defacto educational devices because they are very functional even at the low end of the scale. 

When comparing machines with comparable pricing, the Chromebook will always be faster.

I bought a $350 Acer C720P in 2013 (5+ years old) and it :

  • is still fast when running Chrome
  • receives regular updates from Google
  • is always kept secure by Google

I have 3+-year-old ($600-1000) Dell, HP and Lenovo Windows machines that have become slow and painful to use. 

My Pixelbook goes from powered off (not sleep but totally off) to ready to log in, in 5 seconds. 

Chromebooks are useless without an internet connection

I am convinced much of what you do (on your PC, smartphone or tablet) is internet based. As an experiment, try turning off WIFI (or cellular connectivity) for 1 day and see how dependent you really are. 

When the CR-48 came out (first Chromebook test unit from Google), it was nothing more than an internet connected thin client. This hasn't been true for a long time though. 

Google's most popular services (Gmail, Calendar, Google Drive, Google Docs, Google Sheets, etc) are all offline enabled. The Google Chrome Web Store even has a page dedicated to offline apps.

Add to these the millions of Android apps and you can do just about anything offline these days. The Chromebook actually has an advantage over competing platforms here (Windows or Mac). As an example, on a traditional laptop, I can't download Netflix content for offline consumption whereas I can with the Android Netflix app running on a Chromebook. Since Chromebooks are power efficient, this becomes an excellent offline and disconnected media consumption platform (aka planes).

Chromebooks barely run Android apps

For better or worse, Google makes many of its experiments public. It is true that Google has made multiple attempts to bring Android to Chromebooks (ChromeOS) and that most have failed. If you tried running Android apps on a Chromebook even a year ago, you may have thought it was a slow and painful experience but not anymore. It still isn't perfect but for those unique occasional needs, the current setup more than satisfies that functionality itch. 

I have tested Android apps on a Google Pixelbook, Acer Chromebook Flip C302 and a Samsung Chromebook Pro and the apps worked great on all of them. 

Chromebooks have no local storage

Not sure how this started but all Chromebooks have local storage. My Pixelbook comes with 250GB of lightning-fast SSD storage (similar storage capacity to my  MacBook Pro Retina). For content that is only occasionally accessed, you can store it in the Google Drive cloud and access it as you would a local file. The Chromebook "file explorer" integrated Google Drive for easy access. 

Chromebooks can't print

Chromebooks support both local and network-based printers. For most users, you will plug in your local printer via USB and it will automagically work (if it is a recent printer). When shopping for a new device, why not opt for one that is Google Cloud Print ready? All major manufacturers support Google Cloud Print, including but not limited to : Brother, Canon, Dell, Epson, HP, Kyocera, Lexmark, Sharp, Toshiba, Xerox and more.

Chromebooks don't have any antivirus protection

This comment comes from Windows users that have been trained to install antivirus products on all of their devices. 

Remember that ChromeOS (the operating system powering Chromebooks) was designed to be secure from the start. As an example, it uses techniques like process isolation to keep you safe. Most manufacturers say that Chromebooks do not need antivirus products because : 

  • ChromeOS is updated every 6 weeks
  • ChromeOS is designed with an application and process sandboxing framwork
  • All data on a Chromebook is encrypted by default

Sample support page from Toshiba

So let's extend the question and talk about Chromebook (ChromeOS) security. Why do most security professionals choose Chromebooks as their personal device of choice? Why do security professionals bring Chromebooks to the world's most tech hostile conferences (blackhat, defcon, shmoocon, etc)?

The answer is that Chromebooks are more secure than any other traditional computing platform (including MacOS). How?

  • Automatic updates - Google pushes a ChromeOS update every 6 weeks that all devices receive immediately (regardless of where you bought your Chromebook from and the manufacturer of the Chromebook). These updates add functionality but more importantly they fix security issues.
  • Sandboxing - Each web-page and application on a Chromebook is isolated from every other web-page and application using a technique called Sandboxing. If you visit a malicious web-page, the malware cannot infect other tabs or the computer itself. 
  • Verified Boot - If magically threat actors manage to exploit a vulnerability and "jump" out of the sandbox to infect the boot process (to ensure they infect the device every time it restarts, The verified boot process will detect this and it will automatically repair itself. Every time a Chromebook boots, it checks itself and if it detects that the boot process has been tampered with, it fixes itself without any user intervention. 
  • Data Encryption - Using tamper-resistant encryption (a local TPM chip), all local data is encrypted with a user key which means it cannot be accessed by other users or by threat actors if stolen.
  • Recovery Mode - If anything does go wrong with your Chromebook, you can use a special keyboard combination (differs by manufacturer to enter a special recovery mode that brings back a fresh, clean version of ChromeOS in minutes and with no user intervention. All your data and settings are stored in the cloud so as soon as you log in, your personalizations and settings will all automagically come back.

Conclusion


This article could have easily been 5 times longer, but I believe I captured the most important concepts. If you haven't tried a Chromebook in a while, I encourage you to take a look. Remember that no single device meets everyone's needs, and a Chromebook is no different. I believe Chromebooks are THE alternative for most general computing users and even some individual edge cases (like us crazy security people). 

Remeber that you get what you pay for. Don't expect a $200 Chromebook to perform like $1200 MacBook. Compare a $1200 Google Pixelbook to a $1200 MacBook, and now you have a fair comparison.