Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security and the $100 Laptop

Posted by ryuzaki0 on from the what-about-the-single-girl dept.

gondaba writes "The One Laptop Per Child project is actively recruiting hackers to help crack the security model of the $100 laptop to avoid the obvious risks associated with what will effectively be the largest computing monoculture in history. From the article: 'The key design goal, Krstic explained, is to avoid irreversible damage to the machines. The laptops will force applications to run in a "walled garden" that isolates files from certain sensitive locations like the kernel. "If we discover vulnerabilities, the security model must hold up enough that even a machine that is unpatched won't be easily exploitable. This gives us a bit of diversity to avoid the monoculture trap," he added.'"

29 of 144 comments (clear)

  1. Pull my cracker by matt+me · · Score: 2, Funny

    Oh come on, what perverted cracker wouldn't enjoy flashing "All your base are belong to us" across every child's laptop in Africa?

    1. Re:Pull my cracker by geekoid · · Score: 3, Insightful

      If I know kids, there revenge on said hacker will be scary.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  2. Even bigger story in there... by Penguinisto · · Score: 2, Funny
    If they pull off 100 million laptops, Microsoft can no longer claim dominance in the desktop...

    Good Lord! The chairs are a'gonna fly in Redmond once this gets out!

    (props for the security testing, though :) )

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
    1. Re:Even bigger story in there... by muellerr1 · · Score: 2, Funny
      (props for the security testing, though :) )

      Sure, but they're going about it all wrong. Everyone knows that the way you ensure secure computers is to make a proprietary OS and don't tell anyone where your buffer overflows are.
      --
      steampunk web design
  3. Re:Why hack a machine that will have no data on it by geekoid · · Score: 2, Insightful

    other Libyan children.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  4. Biggest Monoculture by Doc+Ruby · · Score: 3, Informative

    The many millions of SymbianOS mobile "phones" is the largest computing monoculture in the world. Much more essential for the world's daily operation than these cool kids' PCs, and tied directly to the wallets, by the minute, of most people with any money.

    --

    --
    make install -not war

    1. Re:Biggest Monoculture by Bender0x7D1 · · Score: 2, Informative

      You missed the point that it is identical software AND hardware.

      Sure, there are more installs of Windows XP, but they aren't all running on the exact same hardware. Same goes for SymbianOS.

      Also, these laptop don't assume that someone is attached to a high-speed network where they can download patches every few weeks. If someone hacks your phone, or a vulnerability in Windows is found, they push a patch out - OLPC wants these to be secure from day 1. (Or at least as secure as possible.)

      --
      Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
  5. Hack the proprietary binary only WiFi firmware! by Anonymous Coward · · Score: 2, Insightful

    Theo start your hex-editor and show them that it is no good idea to include
    closed components.

  6. Re:Why hack a machine that will have no data on it by Red+Flayer · · Score: 3, Insightful

    Plenty of people do malicious things for fun. There doesn't always have to be a pecuniary motive.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  7. Re:Why hack a machine that will have no data on it by Richard_at_work · · Score: 3, Insightful

    You think the majority of worms and viruses that crack Microsoft Windows systems today are after the data contained in said system? You giv the answer yourself, its a readymade zombie network saleable to the highest bidder.

  8. Could actually be a problem by Sycraft-fu · · Score: 4, Interesting

    Not for MS but for MS's competitors. Can't really claim MS is a monopoly anymore if there's 100 million systems running a non-MS OS. That means that they are free to do as they please, for the most part, when it comes to locking people out of their OS. Most anti-competitiveness statues only affect monopolies. Companies that face competition are generally allowed to be as anti-competitive as they like.

    1. Re:Could actually be a problem by kthejoker · · Score: 2, Insightful

      That depends on how you define competitors.

      If you mean competitors among OSes (ie Apple and Red Hat), then no, it's not.

      But their competitors in other fields - antivirus (McAffee, Symantec, Norton), accounting (Quicken), PDF and presentation tools (Adobe) - greatly benefit from the limitations placed on Windows by antitrust settlements. Since Microsoft can't use their OS monopoly to further other monopolies, they have to compete on a much more level playing field with others to sell their software. So to those companies, MS's OS monopoly is actually a win-win: They have a dominant platform to build their own software towards, and they don't have to worry about competing with built-in software.

  9. No data, but quite a processing network by Inhibit · · Score: 5, Insightful

    That's true. The fact that the machines don't have appreciably large hard drives, heavy processing power, and won't have constant high-bandwith internet connections might do a lot for them.

    On the other hand, there are going to be a *lot* of these machines. So I suppose they might make a tempting target "just because" or simply for bulk processing.

    --
    You're reading Slashdot. Of course you like Linux and pc hardware
  10. virtualize the applications by xzvf · · Score: 3, Interesting

    Run each application in it's own virtual machine. Xen has a low enough overhead and is clean code. Browser compromised - reload from know good source.

    1. Re:virtualize the applications by swarsron · · Score: 2, Insightful

      To do this you would need a shitload of RAM. I somehow doubt that that's an option for a machine ~100$

    2. Re:virtualize the applications by RAMMS+EIN · · Score: 4, Insightful

      How are virtual machines going to help here? What protection do virtual machines grant that the operating itself doesn't grant? What undesireable restrictions do virtual machines impose? If you work around these restrictions, will the system be more or less secure than without virtual machines? If you don't work around these restrictions, will the system be usable?

      As far as I'm concerned, running applications should already be separated from one another. This leaves interaction through the file system and IPC (inter-process communication).

      Virtual machines take away the interaction through the filesystem, as well as local IPC. The latter doesn't actually necessarily make the system more secure, as it makes it more difficult to tell if IPC is safe (on the virtual network) or open to attacks (on the real network). At any rate, IPC will be less efficient, because you lose shared memory IPC.

      By taking away common filesystem access and complicating IPC, applications become less usable. How do you get the file Alice sent you by email to your word processor? How do you copy-paste from one application to another? How do you do process management, when the process management tools are made for a single machine, but you have everything runnig under virtual machines?

      Once you work around these restrictions, what will you be left with? Are you going to re-introduce common filesystem access and create a drag-and-drop interface that works accross virtual machines? When you've done so, won't you have a system that has pretty much the same capabilities as one that isn't based on loads of virtual machines, except that your system is much more complex? Won't that complexity introduce new bugs and vulnerabilities? Will the system not be too slow to be usable?

      --
      Please correct me if I got my facts wrong.
    3. Re:virtualize the applications by 99BottlesOfBeerInMyF · · Score: 2, Insightful

      How are virtual machines going to help here? What protection do virtual machines grant that the operating itself doesn't grant?

      Most operating systems, including most Linux systems do not have strict access controls on an application level. Using a VM is one way to use existing tools to add much of that functionality to an OS not designed for it. I actually think VMs are going to be used more for this purpose in the future, since it also mitigates some of the cross-platform issues.

      The problem can also be tackled more elegantly using ACLs or MAC within the OS, such as FreeBSD jails, Solaris containers and the like and given the limited resources on these machines, this is almost certainly the way to go. The real problem is making this user friendly enough and providing the correct default settings to make this type of a system usable to the novice computer user. It is doable, but not something for a HCI novice to tackle. I've actually been hoping Apple would tackle this one in OS X and provide something reasonable for other OS's to copy, but I don't think it is likely anytime soon. The usability and HCI aspect of this feature is critical to its security, but I fear it will be ignored due to the biases of a large portion of the Linux development community.

  11. Coming up next... by Funkcikle · · Score: 3, Funny

    After they solve this dimension of the security issue, they can deal with a slightly more important one - securing the laptops against theft.

    DEAREST SIR MY NAME IS BARRISTER MUMBAGWE SMYTHE AND I WRITE TO YOU IN GRAVE NEED FOR ASSIST. RECENTLY MY GOVERNMENT UNCLE DIED AND LEFT ME MANY MILLION LAPTOP WHICH MUST BE EXITED FROM COUNTRY.

    I predict more dead third world children! Oh yes. Still, it makes a nice change from diamonds/oil/etc....instead there shall be many a colourful laptop for sale on eBay, due to demand created by Linux fetishists.

    If only they had used OS X - then there would be no desire for such hideous laptops by those OS fans. Sniffle.

  12. Re:TFA by Captain+Splendid · · Score: 2, Funny

    Well, this guy seems to have a pretty good track record, maybe they could hire him?

    --
    Linux, you magnificent bastard, I read the fucking manual!
  13. Just imagine... by jo42 · · Score: 2, Funny

    100 million laptops discovering goatse at the same time...

  14. Re:MOD PARENT INSIGHTFUL by EPAstor · · Score: 2, Informative

    This issue is being worked on. As I understand it, the closed wireless firmware is planned to be completely replaced in the next revision of the laptop.

  15. Re:$230 laptop by paintswithcolour · · Score: 2, Informative
    Actually no.

    Jobs offered OS X for free, it was turned down because the developers wanted an open source OS.

  16. Your overconfidence is your weakness by Rogerborg · · Score: 3, Funny
    > "The machine, he said, will feature a completely secure BIOS solution that allows fully automatic upgrades without user intervention and fully protects against phishing and automated worm attacks."

    Also, it whitens your teeth while you sleep, and autodials Alyson Hannigan whenever she's feeling lonely and horny. All for $100!

    --
    If you were blocking sigs, you wouldn't have to read this.
  17. Re:Step in the Wrong Direction? by geekoid · · Score: 2, Informative

    no.

    Giving people tools so they can help themselves is the best thing you can do. This, like all comuters, is just a tool.
    Making someone dependent on hand outs is not the solution.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  18. Recruiting Hackers by trongey · · Score: 2, Insightful

    Taken in context I would presume that they're referring to hackers in the negative sense. This is not a group that's known for being champions of safe computing.

    So let's see:
    1) l33t h4xx04z finds a nifty security hole.
    2) l33t h4xx04z determines that he could use this hole to create 100 million zombies.
    3) Decision - a) report the hole so that it can be fixed OR b) start working on exploit to create 100 million marketable zombies
    4) PROFIT.

    --
    You never really know how close to the edge you can go until you fall off.
  19. Re:Step in the Wrong Direction? by 99BottlesOfBeerInMyF · · Score: 3, Insightful

    I don't mean to be a Johnny-Come-Lately, but isn't there other ways to improve a civilization/country/etc without computers?

    Sure there are. But just because there are other ways does not make this method any less beneficial.

    Why is that when Linux is mentioned, it's like being touched by the Hand of God (or Allah for that matter) ?

    Most things we can give or subsidize the cost of for developing nations have negative consequences. Giving them food, destroys the local market and kills their agricultural sector. Giving them GM crops that grow faster and better makes them dependent upon the companies who own the patent on that crop and who can later demand fees for its use. Giving them cheap Windows based PCs, may help in the short term, but it makes them dependent upon IP from an abusive foreign monopoly in the long term.

    Linux is a win-win situation because by nature it ships with all the blueprints and tools needed with the only strings being used to stop it from being exploited in ways that hurt the end user. It gives them access to technology and information and provides a secure foundation for them to build upon without undercutting any local development. Rather, it encourages local development.

    Imagine if instead of shipping food to African nations at below the market value, we shipped them a complete chain of tools and machinery needed to build from the ground up the entire industrial foundation for agricultural equipment and fertilizers. Basically, we gave them the whole setup of factories and education and patents we have. Then they would not be dependent upon us and could grow their own food the same way we do.

    To do that would be prohibitively expensive for agriculture, but for software development, Linux is that complete chain, with no strings attached. That is why it is so well regarded by those interested in helping developing nations.

  20. 5enD ME 4 C0uplE... by Anonymous Coward · · Score: 2, Funny

    1f j00 seND mEh 4 k0upLE, 1'LL 7rY H4cK1N' 7HeM.

    N0, i 4I'n7 N0 d4mN scRIP7 KI77Y EI7HEr - I'M 4 L337 h4x0r

    8I9 D09

    COTDC Member #78215

    W0Rd 70 j00R M0m

  21. Re:please... by Monsuco · · Score: 3, Informative
    When the parts for laptops get cheap enough that someone could manufacture a $100 laptop, *then the market will be flooded with $100 laptops*. There are a dearth of hardware manufacturers out there already competing to make the cheapest laptop they can.
    It is cheap by leaving out stuff like a hard drive, and instead has 512 MB of flash (though I think some models might have 1GB). It will lack a CD drive. It will have a very slow 366 Mhz AMD Geode processor, so that it can run without fans and wont use much power. It has a tiny display, that might work for writting documents, but giving presentations or watching movies would probably not work. It doesn't have a particularly powerful battery, though because it has a small display, no HDD to spin, and a slow processor, it will stay up a long time on one charge. It has 128 MB of RAM. It lacks a PCI slot. It does have an SD slot, a special "mesh networking" wifi card, 3 USB 2.0 ports, an SD slot, speakers, a microphone, and of course, it is very durable because it has been ruggedized and because it has no moving parts. It is perfect for schools were students will probably do little more than type on a word processor (probably something like Abiword), research, maybe art, and simple stuff like that. You or I would probably not want it.

    I do think they should sell the laptops commercially for $200-$300 though so that people who might want to help the project could purchase one for that price and in doing so pay for 2 free laptops for poor children. I also think that if they ever start mass producing them, they shouldn't be limited to just the poor nations. I think schools in the US might like the idea of being able to check out these to students to help with school work and stuff, especially in inner city areas.

    My only question is why is Gnome used as the desktop? Gnome is a great desktop environment, but it seems like these machines, having only 128 MB of ram and no way to do swap partions (it would ruin a flash drive to use it for swap) it seems like fluxbox, XFce, or blackbox might be better. I realize the gnome is modified, but still.

    --
    The Gospel according to lolcat
  22. Re:Novell's AppArmor by invisik · · Score: 2, Informative

    Yes, it is opensourced from Novell.

    Here's a link to the Novell Forge: http://forge.novell.com/modules/xfmod/project/?app armor

    SELinux is out there too, but quite a bit more difficult to configure, even as a distro. AppArmor can be added to any system you have easily enough.

    -m

    --
    http://www.invisik.com