Comments upon comments ignorant of the realities of the privacy laws governing this domain and the implications on firmware, driver and OS security support. “Just install Linux on it” is a completely unworkable solution. As some have pointed out, the places where this is done have a much thicker IT departments staffed with higher grade professionals to make it work. The thing to be mad here about is the shit support from vendors across the stack. If I had to guess, the worst offenders are probably the SoC vendors who typically ship firmware and driver updates as is the tradition.
That’s exactly the problem. The standard GNU/Linux distro isn’t suitable to allow carrying the responsibility that an innumerable number of users with physical access won’t be able to pwn those machines. Machines that are used by others too. You absolutely can make an OS like that out of Debian or Ubuntu, or what have you. Google has - Chrome OS - but it’ll take a significant development effort. You’d have to basically redo at least some of the work they’ve done. And let’s say you did all of that. Then you end up deploying it on an ARM-based fleet. And there’s a wild vulnerability in the WiFi firmware blob, and the SoC vendor no longer supports it. Every student has root and we’re back to the original problem. 👨🚀🔫
And that’s why instead of getting hardware from a vendor and hoping for the best, you might want to get it in writing that they’ll support their crap till a date. Then you stamp that as the EOL date for that laptop and you present it as part of the spec to whoever might want to buy this laptop. There’s no escaping this problem unless there are no proprietary blobs on the system, which is unlikely for ARM, or you have a solid development team and you’re large enough to have a source sharing contract with the vendor that lets your team fix the vulnerabilities and support the hardware for as long as you like. It’s probably much easier to achieve on x86, which costs more per unit up front.
Yeah, bulk imaging computers is really only limited to how many you can hook up to the network. I used to have to image hundreds of computers a day at times, and really the longest part was walking around and restarting them all so they’d PXE boot. The actual process maybe took 2 hours since all the computers were on 100Mb/s connections.
I converted one of these Chromebooks to Linux as a test project and the results were, not good.
To start, they have a bootloader lock screw under the motherboard, so you have to take the entire laptop apart to load anything but unsupported ChromeOS.
Then you have to use a Google tool, can’t remember the specific one, to swap the bootloader. That might be possible to automate but I didn’t look into it because…
… The hardware sucks. We’re talking like 4GB of storage on a lot of these Chromebooks. The driver support is all over the place, and there are issues everywhere even on “supported” distros.
With the vast amount of junk Chromebooks out there, I’m sure community hospice support will get better, but it’s never going to be an easy bulk conversion because of how common the bootloader locks are.
Comments upon comments ignorant of the realities of the privacy laws governing this domain and the implications on firmware, driver and OS security support. “Just install Linux on it” is a completely unworkable solution. As some have pointed out, the places where this is done have a much thicker IT departments staffed with higher grade professionals to make it work. The thing to be mad here about is the shit support from vendors across the stack. If I had to guess, the worst offenders are probably the SoC vendors who typically ship firmware and driver updates as is the tradition.
deleted by creator
That’s exactly the problem. The standard GNU/Linux distro isn’t suitable to allow carrying the responsibility that an innumerable number of users with physical access won’t be able to pwn those machines. Machines that are used by others too. You absolutely can make an OS like that out of Debian or Ubuntu, or what have you. Google has - Chrome OS - but it’ll take a significant development effort. You’d have to basically redo at least some of the work they’ve done. And let’s say you did all of that. Then you end up deploying it on an ARM-based fleet. And there’s a wild vulnerability in the WiFi firmware blob, and the SoC vendor no longer supports it. Every student has root and we’re back to the original problem. 👨🚀🔫
And that’s why instead of getting hardware from a vendor and hoping for the best, you might want to get it in writing that they’ll support their crap till a date. Then you stamp that as the EOL date for that laptop and you present it as part of the spec to whoever might want to buy this laptop. There’s no escaping this problem unless there are no proprietary blobs on the system, which is unlikely for ARM, or you have a solid development team and you’re large enough to have a source sharing contract with the vendor that lets your team fix the vulnerabilities and support the hardware for as long as you like. It’s probably much easier to achieve on x86, which costs more per unit up front.
Thank you for sharing your experience along with that link.
Yeah, bulk imaging computers is really only limited to how many you can hook up to the network. I used to have to image hundreds of computers a day at times, and really the longest part was walking around and restarting them all so they’d PXE boot. The actual process maybe took 2 hours since all the computers were on 100Mb/s connections.
I converted one of these Chromebooks to Linux as a test project and the results were, not good.
To start, they have a bootloader lock screw under the motherboard, so you have to take the entire laptop apart to load anything but unsupported ChromeOS.
Then you have to use a Google tool, can’t remember the specific one, to swap the bootloader. That might be possible to automate but I didn’t look into it because…
… The hardware sucks. We’re talking like 4GB of storage on a lot of these Chromebooks. The driver support is all over the place, and there are issues everywhere even on “supported” distros.
With the vast amount of junk Chromebooks out there, I’m sure community hospice support will get better, but it’s never going to be an easy bulk conversion because of how common the bootloader locks are.
Because Linus Torvalds stupidly refused to change the Linux license to GPL3.
What difference would the kernel licence make in this context?