Slashdot Mirror
Security and the $100 Laptop
gondaba writes "The One Laptop Per Child project is actively recruiting hackers to help crack the security model of the $100 laptop to avoid the obvious risks associated with what will effectively be the largest computing monoculture in history. From the article: 'The key design goal, Krstic explained, is to avoid irreversible damage to the machines. The laptops will force applications to run in a "walled garden" that isolates files from certain sensitive locations like the kernel. "If we discover vulnerabilities, the security model must hold up enough that even a machine that is unpatched won't be easily exploitable. This gives us a bit of diversity to avoid the monoculture trap," he added.'"
Well, other than to build a zombie network I guess- but I can't imagine anybody being interested in some Libyan child's schoolwork.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Oh come on, what perverted cracker wouldn't enjoy flashing "All your base are belong to us" across every child's laptop in Africa?
http://www.eweek.com/print_article2/0,1217,a=19121 0,00.asp
Good Lord! The chairs are a'gonna fly in Redmond once this gets out!
(props for the security testing, though :) )
Quo usque tandem abutere, Nimbus, patientia nostra?
other Libyan children.
The Kruger Dunning explains most post on
The first line of the article is "If the plan is perfectly executed".
That's quite a big IF. Out of the millions of plans ever executed, how many are done perfectly? I hope they're not basing everything with the hope that it will go perfectly.
Quo usque tandem abutere, Nimbus, patientia nostra?
The many millions of SymbianOS mobile "phones" is the largest computing monoculture in the world. Much more essential for the world's daily operation than these cool kids' PCs, and tied directly to the wallets, by the minute, of most people with any money.
--
make install -not war
Theo start your hex-editor and show them that it is no good idea to include
closed components.
If they're going to find and fix exploits with the OS on these machines, then I hope they share this with the rest of the open source community, considering that these machines are running Linux.
/* No Comment */
Plenty of people do malicious things for fun. There doesn't always have to be a pecuniary motive.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
You think the majority of worms and viruses that crack Microsoft Windows systems today are after the data contained in said system? You giv the answer yourself, its a readymade zombie network saleable to the highest bidder.
OCPC is a massive waste of resource, you can tell because it smells Utopian while disconnected from reality.
Not for MS but for MS's competitors. Can't really claim MS is a monopoly anymore if there's 100 million systems running a non-MS OS. That means that they are free to do as they please, for the most part, when it comes to locking people out of their OS. Most anti-competitiveness statues only affect monopolies. Companies that face competition are generally allowed to be as anti-competitive as they like.
That's true. The fact that the machines don't have appreciably large hard drives, heavy processing power, and won't have constant high-bandwith internet connections might do a lot for them.
On the other hand, there are going to be a *lot* of these machines. So I suppose they might make a tempting target "just because" or simply for bulk processing.
You're reading Slashdot. Of course you like Linux and pc hardware
Run each application in it's own virtual machine. Xen has a low enough overhead and is clean code. Browser compromised - reload from know good source.
After they solve this dimension of the security issue, they can deal with a slightly more important one - securing the laptops against theft.
DEAREST SIR MY NAME IS BARRISTER MUMBAGWE SMYTHE AND I WRITE TO YOU IN GRAVE NEED FOR ASSIST. RECENTLY MY GOVERNMENT UNCLE DIED AND LEFT ME MANY MILLION LAPTOP WHICH MUST BE EXITED FROM COUNTRY.
I predict more dead third world children! Oh yes. Still, it makes a nice change from diamonds/oil/etc....instead there shall be many a colourful laptop for sale on eBay, due to demand created by Linux fetishists.
If only they had used OS X - then there would be no desire for such hideous laptops by those OS fans. Sniffle.
Why not just do what corporate America does and lock the machines down administratively and then make all of the applications web based? Google just paired documents and spreadsheets in a browser. Keep nothing on the machine except a browser and gimp for those aspiring designers :)
:)
Sure, the ingenious kid will swap out the hard drive or hack root/registry/whatever, but that's pretty much expected. If they're worried about hardware hacking, just include those recalled Sony batteries and put in a secret heat sink that stops working if they open the box
Why not just ship an assembler and let the children figure it all out for themselves :P
I'm not joking either.
It has "a completely secure BIOS solution that allows fully automatic upgrades without user intervention"...
Does anyone else see the potential to change the routing table of the ISP, to a private network that updates the "completely secure bios" to something else?
Hack from the outside in...
Create like a god, command like a king, work like a slave. -Guy Kawasaki
Sounds like that need Novell's AppAmor software. It is an application-level firewall. You could take firefox and make a firewall around it so it can't do anything that you don't want it to (remote code execution, blah blah). Interestingly as well, you can wrap up apache with it to prevent web server hacks and whatnot. Not sure if you can put it around the kernel to prevent rootkits from installing, but if you cover your points of entrance (browser, e-mail, file sharing, etc) you should be pretty well covered.
Even comes with the base SLED/SLES10 and I believe will be in openSUSE and other distros soon.
More here: http://www.novell.com/linux/security/apparmor/
Too bad they chose RedHat for those laptops--they wouldn't be worrying about this!
-m
http://www.invisik.com
I know its ethicly dubious... but how many people here, if they saw a dirt-cheap ultra-low-power laptop on ebay, wouldn't pay $80-120 for it? Subsidised low-power parts, just begging to be modded into some form of linux appliance. Its possible ebay will put a ban on selling these, but there will be other suppliers.
If I had one... A real-time network status monitor to sit on my shelf, displaying all the statistics I want to keep track of. It would only take a few watts.
I think I might have heard some talk months ago of putting a thing in the BIOS that prevents the laptop working if it doesn't connect to the mesh network every few weeks, and so usless outside of its intended region. But... well, network-tied phones come to mind there, or games consoles.
Very simple to figure out how to hack these machines. Put Joe User on the system and in five minutes, I guarantee you the home page will be set to a pr0n site and the next thing you know, all his bases are belong to us.
The Kai's Semi-Updated Website Thingy
You could also boot the OS from a read only partition, like it was booting off of a live CD, and have a read/write partition for data and temp files. If something happened, an option at bootup could be for a clean bootup, bypassing any changes made to the OS that were stored in the second partition. Of course, patching and upgrading on a read only system would get a little tricky...but you guys should be able to come up with some solution to that.
Transporter_ii
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
I agree that security is important. That part makes sense. But the line about " the largest computing monoculture in history". Wow. Drink that coolaid! Leave it to the boys at MIT.
100 million laptops discovering goatse at the same time...
``I can't imagine anybody being interested in some Libyan child's schoolwork.''
Clearly, you don't work for the Libyan thought police.
Please correct me if I got my facts wrong.
``The One Laptop Per Child project is actively recruiting hackers to help crack the security model of the $100 laptop''
Isn't the consensus among the security community that such ideas are mostly theater, and it's much more effective to actually employ hackers to _create_ the security?
Please correct me if I got my facts wrong.
Because OS X costs more than the laptop itself!
That was my first thought. If you want the system to be secure, step #1 is to ensure that there is no proprietary binary-only firmware that you can't check for bugs and that people can't fix and redistribute themselves.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
They should use SELinux extensions. Have targeted policies for the web browser and email client at a minimum.
Virutal machines will not work, the system is too underpowered for it.
You digitally sign the update and the client machine checks the signature against an authority. So it adds an extra check - they'd have to compromise the update server and an authority too. Nothings foolproof and it just hs to be cracked once for total failure (as the crack can be easily disseminated over fast mediums such as the Internet). But two (or three, etc.) independent layers of security is pretty good protection.
Shh.
Also, it whitens your teeth while you sleep, and autodials Alyson Hannigan whenever she's feeling lonely and horny. All for $100!
If you were blocking sigs, you wouldn't have to read this.
I don't mean to be a Johnny-Come-Lately, but isn't there other ways to improve a civilization/country/etc without computers? Why is that when Linux is mentioned, it's like being touched by the Hand of God (or Allah for that matter) ?
Just key thread the crank.
Wise men say, "Forgiveness is divine, but never pay full price for late pizza."
How exactly is a $100 PC going to improve the lives of third-worlder? Most third-worlders don't have $100 in their back pockets. If they did they'd probably put it into something a bit more practical like a well to provide clean water or a hay box cooker or a bicycle. Many/most third-world schools are short very basic things like paper,pencils and erasers, so to think they're going to have internet connections etc is crazy.
Sure, cities have reasonable services, but in some areas I am well aquainted with, absolulutely nobody has a bank account (let alone a credit card), phone (in fact only one in ten or so have ever used a phone), Fedex, etc. If something breaks, there is no support structure to fix it.
If you really want to help these people send something practical. Hook up with a charity that supports a school and send them money for pencils and books, or sends them seeds and vegetable growing starter packs or funds digging village wells or anything remotely practical.
Engineering is the art of compromise.
Can someone insightful please explain timothy's choice of dept for this summary. No idea what he meant.
"...what will effectively be the largest computing monoculture in history..."
Okay, this is a really silly statement to make. It's like how Microsoft likes to say how Vista will be the most secure operating system it's ever released.
YOU CAN'T MAKE STATEMENTS LIKE THIS AHEAD OF TIME! You have no idea what will happen in the future. As Steve Gibson likes to point out, Microsoft said (prior to launch) that XP would be the most secure version of Windows ever released - and look how THAT went.
For all we know, the OLPC program may crash and burn without any statistically significant deployment ever occuring.
#DeleteChrome
Taken in context I would presume that they're referring to hackers in the negative sense. This is not a group that's known for being champions of safe computing.
So let's see:
1) l33t h4xx04z finds a nifty security hole.
2) l33t h4xx04z determines that he could use this hole to create 100 million zombies.
3) Decision - a) report the hole so that it can be fixed OR b) start working on exploit to create 100 million marketable zombies
4) PROFIT.
You never really know how close to the edge you can go until you fall off.
I was modded insightful /. then most people think.
Clearly there are a lot more parents on
The Kruger Dunning explains most post on
This whole artical is about what they plan to do when things DON'T go perfectly.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
Zombie network would truly be a nightmare -- imagine thousands of Libyan children cranking the laptop handles to generate the power for the DDOS attack.
* hides from zombies *
but I can't imagine anybody being interested in some Libyan child's schoolwork.
They would do it just because they could. That's all the incentive some people need.
Can I bum a sig?
At least we know that the DOS attacks will abate at nightfall in Libya....
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
As probably most of you know, windows is _not the most used OS... Tron IS...
m ID=89&threadID=178306&messageID=1831970
http://techrepublic.com.com/5208-6230-0.html?foru
I gave up with the idea of an useful sig...
Um.. They are basing their distro on Fedora so they have SELinux at their disposal.. SELinux is far more powerful than apparmor and it's also in the standard kernel, although less easy to manage (getting better though, see the awesome GUI in FC6).
Recruiting is an activity, yes. How would one passively recruit hackers? You keep using that word ...
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
1f j00 seND mEh 4 k0upLE, 1'LL 7rY H4cK1N' 7HeM.
N0, i 4I'n7 N0 d4mN scRIP7 KI77Y EI7HEr - I'M 4 L337 h4x0r
8I9 D09
COTDC Member #78215
W0Rd 70 j00R M0m
Typical short-sighted moron who didn't took the time to get informed on the project they trying to troll about.
And how the hell was that "informative", btw?
Apple only exists today because Microsoft kept Apple out of bankruptcy in 1997, presumably so Microsoft would not be subjected to the anti-competitiveness statues that apply to monopolies.
How about loading these computers with FreeDOS and shipping them w/o any networking capabilities? I don't think igloos have broadband anyhow. Don't need modems if you don't have a phone line.
Maybe we should ship each computer with a couple of pairs of shoes and some powdered milk.
It will put that flavor of fedora at the top of the distro war desktop charts eventually, surpassing ubuntu, and also garnering a lot more interest in RPM and development for same. Once you start talking a million installs at a whack, and pre-installed to boot, that starts to add up quickly in numbers and mindshare. Granted, it's kids, but they grow up fast and it is common for young folks to start programming now while still in school. Todays schoolkids are tomorrows IT folks in business and government, etc.
Seems like it would depend on the application -- some programs, like dvd::rip, are already designed to be clusterable.
But in terms of taking any application, and clustering it automatically -- somehow taking the resources of several computers and abstracting them and presenting them to a regular application, all transparently -- that seems decidedly nontrivial. Does the Linux kernel support that sort of thing?
I wouldn't think there's any reason why apps that need extra capacity couldn't be designed to parallelize themselves over the mesh network, though. It would have to have a good security model; that seems like a recipe for "instant botnet" if it was always-on.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Seems like, if that's going to be one of the major uses of these laptops -- and in some ways I could see how lighting would be way more useful than a computer, to people living in an environment like that -- maybe we could save a lot of money by making a wind-up luminescent panel, like those quarter-watt green-glow nightlights that you can buy.
I sure hope that the OLPC people did research into their target market and didn't just begin with the assumption that "every child wants/needs/could use a laptop," because that sure seems like a debatable assertion to me.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Given the price point it's rather amusing that they appear to be heading for one of the most robust desktops I've seen in quite some time.
I would really like to see Ballmer and Gates explain that one to their shareholders other than "if we made it good nobody would buy the upgrades"..
but I can't imagine anybody being interested in some Libyan child's schoolwork.
How about the Libyan children hacking into each other's laptops?
Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
I do think they should sell the laptops commercially for $200-$300 though so that people who might want to help the project could purchase one for that price and in doing so pay for 2 free laptops for poor children. I also think that if they ever start mass producing them, they shouldn't be limited to just the poor nations. I think schools in the US might like the idea of being able to check out these to students to help with school work and stuff, especially in inner city areas.
My only question is why is Gnome used as the desktop? Gnome is a great desktop environment, but it seems like these machines, having only 128 MB of ram and no way to do swap partions (it would ruin a flash drive to use it for swap) it seems like fluxbox, XFce, or blackbox might be better. I realize the gnome is modified, but still.
The Gospel according to lolcat
How about the Libyan children hacking into each other's laptops?
This being a slightly better answer than the one above deserves a response: I thought that was what we were trying to teach them by giving them laptops in the first place!
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I think this is the first time I've seen "lose" or a derivative misspelled in a sig...
Well, this will at least lay to rest the arguement about whether Linux and MacOS have fewer exploits than MS Windows, merely _because_ they have fewer users.
(an arguement I've always thought was bollocks)
Now we know how the Matrix got started.
"I've got more toys than Teruhisa Kitahara."
Interesting that they should call the isolated running environment for the programs on this laptop a "walled garden." Our word "paradise" comes from the Greek "paradeisos" which was taken from the Old Persian "pairidaeza" - which means, a walled garden.
We have milions of poor people who need shoes , clothes , food etc. I just watched a program on P.B.S. about a single mom in Kentucky who lives in a school bus with her three kids.Quick someone send some laptops to nigeria! That will fix it. Can't we just start some peanut plantations over there or something ,they will still be better off than if they were living in a grass hut with a laptop to swat flies with , hackers or no hackers.
"Linux is for noobs"-The new MS fud strategy
My only question is why is Gnome used as the desktop? Gnome is a great desktop environment, but it seems like these machines, having only 128 MB of ram and no way to do swap partions (it would ruin a flash drive to use it for swap) it seems like fluxbox, XFce, or blackbox might be better. I realize the gnome is modified, but still
Perhaps because these DE do not have as good assistive technology and i18n/l10n as Gnome.
I know of no assitive technology (except very basic things) in XFCE at least. Gnome also has dedicated Office apps.
And this is useful at the very launch of the desktop (like in GDM for example).
I'm sure there are other reasons.
Are you crazy? The US Gov't is interested in *every* Libyan child's schoolwork. If I was a Libyan child, I'd *demand* a secure laptop.
What's in a Sig?