So...it turns out that flash apps don't currently run in the sandbox on the Cr-48, which would explain why the flash app I was running was able to break out of the sandbox - it wasn't in there! Something that is being fixed (in fact, it should be fixed in the Windows release of Chrome), but I'm still not crazy about the notion that Google has been allowing apps to run outside of the sandbox, even though I can understand that the Chrome OS developers probably thought that cutting corners during the development process would be worth it in order to get more functionality out to the app developers and testers earlier.
This incident did motivate me to get involved with the open source Chromium OS project, so I can better understand the details of the OS. Just bought a Dell Latitude D420 off of eBay that I'm going to make into a dedicated Chromium development and test machine. (I wouldn't dare mess with the Cr-48 - it's become too essential to me and I want to keep testing the betas of the "official" Chrome OS releases.) Can't wait to get that machine here and start digging in to the OS. Chrome OS really is an innovative computing model!
Saturday, March 12, 2011
Tuesday, March 8, 2011
Breach of the sandbox?
I was looking for a better screenshot extension than the Simple Screenshot extension I had been using, so I downloaded the Aviary Screen Capture extension from the Chrome Store. Nice, full featured image capture and editing tool. Then I went to save a screenshot locally, and it brought up the Linux root directory! I've been trying to use the Cr-48 in its "pure form" to see just how much can be done using only cloud computing (and I've been pleasantly surprised at how much I have been able to do), so I've never switched on the developer switch or tried to force a boot into the Linux (although I knew it was there). This is the first time I've seen the underlying OS directories listed on this machine and they were being displayed by a web app that was supposed to be operating inside the Chrome OS sandbox. Looks like that extension has broken the Chrome security model. And, if it can do it, what's preventing another extension from doing the same, but not being so blatant about it? If this extension really has broken the Chrome OS security model, that eliminates one of the primary strengths of the Chrome OS. Part of the reason for giving up the ability to run local apps in Chrome OS is to have a more secure machine. If a Chrome extension can gain root access, might as well dump Chrome OS for Android!
Follow up on video fix
Well, it looks like the video was much improved but there's been something of a regression on the audio side. I have to reboot daily to get the audio to stream again. Works great after the reboot, but I really shouldn't have to do that! (In fairness, I have had the same problem with UNR, so the issue may be in the Linux codecs and not in Chrome.)
Sunday, March 6, 2011
Streaming video
I don't know if it's the last OS update pushed out the other day or opting in to the HTML5 video beta, but streaming video playback has been much improved. Audio streaming continues to be very good, but now the video is also smooth with very little chop or aliasing. The Cr-48 video playback is as good as my Windows desktop and my Linux netbook now. Very nice!
Subscribe to:
Posts (Atom)