Slashdot Mirror
Security and the $100 Laptop
gondaba writes "The One Laptop Per Child project is actively recruiting hackers to help crack the security model of the $100 laptop to avoid the obvious risks associated with what will effectively be the largest computing monoculture in history. From the article: 'The key design goal, Krstic explained, is to avoid irreversible damage to the machines. The laptops will force applications to run in a "walled garden" that isolates files from certain sensitive locations like the kernel. "If we discover vulnerabilities, the security model must hold up enough that even a machine that is unpatched won't be easily exploitable. This gives us a bit of diversity to avoid the monoculture trap," he added.'"
If I know kids, there revenge on said hacker will be scary.
The Kruger Dunning explains most post on
Plenty of people do malicious things for fun. There doesn't always have to be a pecuniary motive.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
You think the majority of worms and viruses that crack Microsoft Windows systems today are after the data contained in said system? You giv the answer yourself, its a readymade zombie network saleable to the highest bidder.
That's true. The fact that the machines don't have appreciably large hard drives, heavy processing power, and won't have constant high-bandwith internet connections might do a lot for them.
On the other hand, there are going to be a *lot* of these machines. So I suppose they might make a tempting target "just because" or simply for bulk processing.
You're reading Slashdot. Of course you like Linux and pc hardware
How are virtual machines going to help here? What protection do virtual machines grant that the operating itself doesn't grant? What undesireable restrictions do virtual machines impose? If you work around these restrictions, will the system be more or less secure than without virtual machines? If you don't work around these restrictions, will the system be usable?
As far as I'm concerned, running applications should already be separated from one another. This leaves interaction through the file system and IPC (inter-process communication).
Virtual machines take away the interaction through the filesystem, as well as local IPC. The latter doesn't actually necessarily make the system more secure, as it makes it more difficult to tell if IPC is safe (on the virtual network) or open to attacks (on the real network). At any rate, IPC will be less efficient, because you lose shared memory IPC.
By taking away common filesystem access and complicating IPC, applications become less usable. How do you get the file Alice sent you by email to your word processor? How do you copy-paste from one application to another? How do you do process management, when the process management tools are made for a single machine, but you have everything runnig under virtual machines?
Once you work around these restrictions, what will you be left with? Are you going to re-introduce common filesystem access and create a drag-and-drop interface that works accross virtual machines? When you've done so, won't you have a system that has pretty much the same capabilities as one that isn't based on loads of virtual machines, except that your system is much more complex? Won't that complexity introduce new bugs and vulnerabilities? Will the system not be too slow to be usable?
Please correct me if I got my facts wrong.
I don't mean to be a Johnny-Come-Lately, but isn't there other ways to improve a civilization/country/etc without computers?
Sure there are. But just because there are other ways does not make this method any less beneficial.
Why is that when Linux is mentioned, it's like being touched by the Hand of God (or Allah for that matter) ?
Most things we can give or subsidize the cost of for developing nations have negative consequences. Giving them food, destroys the local market and kills their agricultural sector. Giving them GM crops that grow faster and better makes them dependent upon the companies who own the patent on that crop and who can later demand fees for its use. Giving them cheap Windows based PCs, may help in the short term, but it makes them dependent upon IP from an abusive foreign monopoly in the long term.
Linux is a win-win situation because by nature it ships with all the blueprints and tools needed with the only strings being used to stop it from being exploited in ways that hurt the end user. It gives them access to technology and information and provides a secure foundation for them to build upon without undercutting any local development. Rather, it encourages local development.
Imagine if instead of shipping food to African nations at below the market value, we shipped them a complete chain of tools and machinery needed to build from the ground up the entire industrial foundation for agricultural equipment and fertilizers. Basically, we gave them the whole setup of factories and education and patents we have. Then they would not be dependent upon us and could grow their own food the same way we do.
To do that would be prohibitively expensive for agriculture, but for software development, Linux is that complete chain, with no strings attached. That is why it is so well regarded by those interested in helping developing nations.