technology

24272 readers

322 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

Wakmrow@hexbear.net

SwitchyandWitchy@hexbear.net

Breathing life into some disposed of ChromeBooks (hexbear.net)

submitted 4 months ago by invalidusernamelol@hexbear.net to c/technology@hexbear.net

14 comments fedilink hide all child comments

So I'm helping a local tech non-profit refurbish some old Chromebooks for distribution to halfway houses and immigrants that need computer access for legal stuff. The current need is basically a rock solid platform for getting to websites, reading email, and editing mostly shared Google docs.

Issue is that the hardware is no longer supported by Google.

We've gone ahead and got Coreboot flashed on all 40 devices and have settled on using Fedora-Onyx (Atomic distro with a Budgie UI).

We need to install some flatpaks on each machine and set up a base configuration. Easy enough with rpm-ostree and some manual configuration, but I was wondering if anyone here has had more experience with managing the atomic distros.

Basically I want to have it so the volunteers just need to plug in a USB installer stick and get a fully setup instance. Is there an easy way to take a tree and transfer it to another machine that isn't using something like clonezilla? I'm assuming we could just maintain an image and rebase to thatafter installing, but I'm not fully aware of the easiest way to accomplish that.

you are viewing a single comment's thread
view the rest of the comments

[–] invalidusernamelol@hexbear.net 3 points 4 months ago (1 children)

These will be going to single users as far as I know. They're priced to the org at ~$30 and that money comes from their grant.

These are some of the lowest end Chromebooks I've worked with tbh. The emmc is so incredibly slow that the network speeds are bottlenecked by it lol. The A B updates that ostree does take around 15 minutes to build and use ~80% of the CPU in the background (luckily that's only done once a day at midnight or if they specifically request updates).

LUKS encryption would be easy to enable, but someone would inevitably forget their password and we'd have to break the news that the resume they were working on is lost forever. I'll probably include instructions on how to encrypt specific folders so they can have secure locations that they set up.

If we set up LUKS with a shop password and share it, that also just kinda defeats the purpose. Now they're all using the same password. Could use the device code as a salt, but that's still easy to guess and hard to remember.

Running an rm -rf on the var partition should be moderately quick, and since it's a btrfs filesystem, we could also just totally overwrite the logical volume and reassign it. On non spinning disk storage, overwriting the block headers is more than enough to scuttle access to the data.

[–] hellinkilla@hexbear.net 4 points 4 months ago (1 children)

Yeah that totally makes sense. I've had a hell of a time trying to get encryption working properly and smoothly. In theory it should be OK but once you introduce any kind of complexity there are problems. One complexity being using really shitty hardware, which I'm well acquainted with. And it probably isn't a good idea to implement something that has a lot of new-to-you techniques because you do not want to realize there is a problem that needs to be fixed on every machine after a month.

BTW you should count on the devices failing in mysterious and unrepairable ways. Eventually they all fail and you can't do much about it. Sometimes slowly and sometimes suddenly stop out of nowhere.

I was thinking about the shared password issue and I think it still protects against stuff being found if stolen or lost. I don't think you'd want individual decryption passwords. Impossible to manage.

I wonder if your users will want to use thumb drives or other external storage. On the one hand it would be good to encourage using gnome disks or something to encrypt them, but that is terribly incompatible outside linux. So if you make it difficult to store stuff, people will end up putting all their stuff on a FAT32 doohicky that floats around in their purse or pocket, where it could find its way virtually anywhere. So I think moderation is very sensible to avoid incentivizing workarounds that are way worse.

[–] invalidusernamelol@hexbear.net 2 points 4 months ago (1 children)

Totally agree with you there. The atomic stuff is new to me as well, but after seeing the weird compatibility and stability issues that these things had with a regular install, I figured it was worth the plunge to have the A/B update system. Also means installing a bunch of stuff is harder for the end user unless they know the 3 commands you need to bypass the ostree lol.

I wish people would just natural have a better time understanding technology, but reality is that 90% of the people we distribute computers to barely know how to use a keyboard and many don't speak English. These machines are single purpose devices, and any additional security we add will just make them toss it in the trash.

We do have education sessions where we teach people how to use a browser, how to open Gmail, how to identify a scam, etc. I've been wanting to expand those classes to have some basic Intro to Linux, intro to Python, intro to Bash, etc. type classes that teach people the bare minimum so they can start learning. But that's only gonna work with the kids. Any older person that gets one of these devices needs to have it work as frictionless as possible with a minimal amount of interaction.

[–] hellinkilla@hexbear.net 2 points 4 months ago

I wonder of it would be worthwhile to have a few machines designated by interface language to support non English users. The localization takes up massive space if you get all of it. But maybe like a few Spanish-enabled machines or whatever is most relevant.

I like to share my computer hobby with people too but its a tough sell. it requires a massive investment of time and attention to get comfortable with the basics. Out of reach for most adults. I feel like its a victory if I just get people to look at what's on the screen, like peruse the menus and see what the system is offering to you. Most just click the icon they know they need ignore the rest. I think anything that encourages simple exploration of the available tools is empowering. Once you see what the computer can already do, then you start to think about what it could do.