Chrome OS Could Be Getting Containers for Running Linux VMs (zdnet.com) 57
Chromebook users may soon have a simpler way to run their favorite Linux distribution and applications on Google's Chrome OS hardware. From a report: As spotted by Chrome Unboxed, there's a newly merged commit in Chromium Gerrit describing a "new device policy to allow Linux VMs on Chrome OS." A related entry suggests support could come with Chrome OS version 66, which is due out in stable release around April 24, meaning Google might announce it at its annual IO developer conference, which starts on May 8. Developers can already use a tool called Crouton to install and run Linux on Chrome OS, but there is a security trade-off because Chrome OS needs to be switched to developer mode to use it. There's also a Crouton extension called Xiwi to enable using an OS in a browser window on Chrome OS. However, it too requires developer mode to be enabled. A recent commit suggests Chrome developers are working on a project called Crostini that may solve the developer mode problem by allowing Linux VMs to run inside a container.
Re: (Score:1)
Re:Hardware gay sex with msmash's jelly dildos (Score:2, Informative)
And better yet, containers and VMs are two ENTIRELY DIFFERENT CONCEPTS.
Docker: LXI Containers
VirtualBox: Hardware Virtualization
These are NOT INTERCHANGEABLE. They may be used as substitutes for each other or in conjunction with each other, but the connotations here are WRONG. Obviously, the "editors" here are too busy blaming things on Russia and Pai to bother checking articles and summaries. Now that I have gone back and reread the summary, I noticed that msmash wrote this which means tha
Comment removed (Score:5, Interesting)
Re: (Score:1)
Re: (Score:2)
I would be surprised if this was virtualization for containers. Think more of lxc, docker, etc.
Re: (Score:2)
Linux VMs to run inside a container
That commit in the article has absolutely NOTHING to do with containers. There is almost no reason to run a VM inside of a container. Sometimes you run a container in a VM.
Re: (Score:3)
This setup has been my daily driver work desktop for years (ie: Run mandated windows SOE desktop, perform vagrant style spin ups of whatever the hell we are fighting then push the images to environment du jour).
With CPU support, sure. Doesn't take much (Score:2)
Modern CPUs that do virtualization on the die mean you don't need massive horsepower to do virtualization. You probably want text-mode Linux rather than a GUI in your VM unless you have extra RAM to spare, though.
You also don't need virtualization for containers.
Re: (Score:2)
I have virtualbox installed on my hacked celes (Samsung chromebook 3). It is nothing to write home to mommy about, but it can run another OS fairly well, all things considered.
To be fair though, the Celes has a celeron CPU, instead of the more "atom like" cpus in most other intel chromebooks.
If you want one that is better suited to virtualization/daily driving, you want this guy (especially if you want to upgrade the internal storage to something more reliable than eMMC/microSD)
https://www.amazon.com/dp/B01 [amazon.com]
Containers, not full-blown emulation. (Score:2)
In addition of testimony of other users about running Virtual Box and using VT-x CPUs extensions,
keep in mind that TFS mentions *containers*.
i.e.: sort of super-chroots that uses in-kernel features (Cgroups) to partition more than just file system directories, but every other ressources too like CPU scheduling, etc. (unlike vanilla chroot. So they are a bit more secure)
Everything runs under the same kernel (so a bit less secure than full-blown emulators like qemu, virtualbox, etc.) there's no emulation at a
Re: (Score:2)
Re: (Score:2)
People who don't think of themselves as so important that anyone else would find anything they might do interesting enough to bother to snoop on.
In practice, the biggest potential security issue are passwords, and on ChromeOS, those are kept locally on the device, and never uploaded to Google.
For most people, everything else that might get uploaded isn't going to be interesting enough for anybody else to care
Everybody is worth spying on (Score:2)
Everyone is worth spying on. If you have $10 in your bank account, you're worth a few seconds of a robot's time to try to rip off. As Geddy Lee explained: "Ten bucks is ten bucks."
Re: (Score:2)
As I said, since passwords are never uploaded, there's not going to be any way for a robot to try and rip that money off.
Also, chromebooks don't upload your bank balance because the chromebook doesn't actually know it. An app designed by your bank to check your bank accounts certainly could, but your bank isn't going to be interested in sending that information to google either.
Re: (Score:2)
I don't know infosec from hookers and blow, but I can tell you that a Chromebook in the hands of your children (or older parents, for that matter) is pretty darned sweet. Kids try very hard to fuck things up - even Android tablets are not immune. But the most involved thing I've ever had to do on one of the Chromebooks is to uninstall a naughty extension. They are limited, but I really don't care if Google watches my kids do their homework or monitors how many variations of the Tide Pod Challenge they watch
Re: (Score:2)
You're part of the problem.
Well, yes, because you are defining something that has no effect on you to be a "problem". It might be, but it's not your problem.
In a few generations they will know exactly how to tweak people to get them to do things they wouldn't normally do.
They already do that. Advertising would be the most obvious example. But if you think the big corporations have more control over us now compared to when they controlled the 3 major TV networks and the one or two local newspapers, well let's just say we disagree.
I'd rather do the reverse. (Score:4, Informative)
I'd rather flash the firmware [reddit.com] and then install Cloud Ready [neverware.com], Windows, and GalliumOS [galliumos.org]. Or at least I would if I cared that much about CrOS. My C720 practically always runs Windows 10, booting into GalliumOS only when I need to unfuck something Windows won't let me unfuck.
Re:I'd rather do the reverse. (Score:5, Interesting)
Just link straight to MrChromebox.tech, since he has the needful to do the firmware portion in the bag right there for nearly all chromebooks in the wild.
https://mrchromebox.tech/#devi... [mrchromebox.tech]
https://mrchromebox.tech/#fwsc... [mrchromebox.tech]
All you need to do is remove the write protect screw/jumper, turn on dev mode, then run his script. Booya, bob's your uncle. His firmware has added bonus features, in that it reprograms the chromebook's embedded microcontroller so that the keyboard emulates a PS2 interface, allowing more OSes to run without as much hassle, as well as poking the sound hardware to better approximate an HD Audio Bus device.
Personally, I run GalliumOS as the primary on my Samsung chromebook 3 (celes). I have one of the older ones that only has 2gb of RAM, and I desperately need zram for it to be useful. With how weaksauce it is anyway, nearly any game that 'could' run on it, will also work in WINE, so I dont really need windows.
Re: (Score:2)
I ran GalliumOS + WINE when I had a GNAWTY. I was also the tester for the initial attempts to run Windows on Bay Trail. Actually, we succeeded, but performance was so incredibly horrible that it was unusable. I ended up selling that off, and buying the (4GB) C720 for only $21 more than I got for the CB3-111. Then I dropped another $80 for a fast 250GB M.2 SSD.
Windows support for the Bay Trail Chromebooks has matured a great deal in the past year and a half, enough that it runs about as well as could be expe
Re: (Score:2)
Re: (Score:2)
I think technically you're supposed to pay Oracle $1 each time you say, read or write the word 'container'.
Container. Container. Container.
I've got some S&P tracker ETFs so I guess that means I own some ORCL shares indirectly.
doesn't make sense (Score:3)
You don't run "Linux VMs inside a container", you run processes or Linux distributions inside containers.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Android apps are surprisingly good on ChromeOS now.
Dude, do you own a Chromebook?
I have a samsung chromebook 3 and IMHO APK's on chromebook suck, at least on the graphic support, and that's the only thing you'd care about running an android application. It feels like running an android VM.
Re: (Score:2)
Re: (Score:2)
Touchscreen Chromebooks have been running android apps for about a year or so. ChromeOS has a full strength, desktop grade browser which is a much better experience than any mobile browser. Android apps are surprisingly good on ChromeOS now.
You know else runs Android apps surprisingly good? ANDROID.
Re: (Score:2)
So, they're making Chrome OS move toward Android. Anyone surprised?
I'm only surprised that Google can't make Chrome for Android worth half a shit, which is the only reason ChromeOS even exists. It remains grossly inferior to the real Chrome.
Code check: How does this work? (Score:2)
I know nothing about ChromeOS code. So clearly I shouldn't be surprised that I'm struggling to make since of this commit. But the size of this change seems small enough that I might expect to at least be able to make the two ends meet (the part storing and managing the new policy key and the part that reads that key and acts upon it).
https://chromium-review.google... [googlesource.com]
But I can't. All I see are things related to storing and managing the key. I don't understand how this newly created "thing" has any effect
Re: (Score:2)
Containers are not VMs (Score:2)
Come on!
Finally a "feature" that I will use! (Score:1)