Slashdot Mirror
AU Government To Build "Unhackable" Netbooks
bennyboy64 writes "In what may be one of the largest roll-outs yet of Microsoft's new Windows 7 Operating System, Australia's Federal Government decided to give 240,000 Lenovo IdeaPad S10e netbooks to Year 9-12 students. Officials are calling them 'unhackable.' iTnews reports that the laptops come armed with an enterprise version of the Windows 7 OS, Microsoft Office, the Adobe CS4 creative suite, Apple iTunes, and content geared specifically to students. New South Wales Department of Education CIO Stephen Wilson said that schools were 'the most hostile environment you can roll computers into.' While the netbooks are loaded with many hundreds of dollars worth of software, 2GB of RAM, and a 6-hour battery, the cost to the NSW Department of Education is under $435 (US) a unit. Wilson praised Windows' new OS: 'There was no way we could do any of this on XP,' he said. 'Windows 7 nailed it for us.' At the physical layer, each netbook is password-protected and embedded with tracking software that is embedded at the BIOS level of the machine. If a netbook were to be stolen or sold, the Department of Education is able to remotely disable the device over the network. Each netbook is also fitted with a passive RFID chip which will enable the netbooks to be identified 'even if they were dropped in a bathtub.' The Department of Education also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed."
This needs a "goodluckwiththat" tag...
3... 2... 1...
100 worthless USD for cracking it open in less than 30 days
Your setup is flawed from the start.
Anything can be found funny, from a certain point of view.
...when Slashdot news beginning with "Australian Government" won't necessarily end with a rephrasing of "shows off its technological naivety".
This is the same govt. that put a guy in jail on child pornography charges for having a Simpson's parody porno on his computer.
Ignorance and arrogance seem to always walk hand in hand.
Lunch or deal. Some state politician and/or bureaucrat must be getting a nice thanks later in life.
The PR reads like pure MS marketing slop with a cute upgrade hint.
Domestic spying is now "Benign Information Gathering"
And thus, the FAIL. How does this prevent anyone from RUNNING other applications, i.e. via the classic "download the exe with IE but tell it to run instead of save" trick, or from a non "installed" Firefox, etc from a USB drive?
I want to delete my account but Slashdot doesn't allow it.
I just spoke to a friend in Australia.. its been pwned already using the nuke the bios and boot from a livecd method.
They even disabled the RFID.
I dont understand why this would be considered unhackable. Exploits have already been released for windowed 7.
Troll is not a replacement for I disagree.
This looks like a pretty well thought out plan. The fact that the entire application suite will be getting automatic upgrades is great; this is something that Linux users have enjoyed for many years. The "unhackable" claim is PR fluf, sure, but making such a claim should inspire their budding engineers to explore the edges of their new boxes. Since the boxes are tagged with RFID, I certainly hope no student keeps them after graduation (not that they're likely to -- 4 years is a long time to keep a netbook.)
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
From the summary:
Each netbook is also fitted with a passive RFID chip which will enable the netbooks to be identified 'even if they were dropped in a bathtub.'
What's the relation between RFID and water immersion? RFID will allow knowing where the netbook is and can pass along some information, but it is not by itself the RFID chip that will tell you you took swim with your netbook! No?
Animoog.org
Whenever you tell the internet communities of the world that something is "unhackable", you're basically saying go ahead and prove us wrong. When the communities say I told you so, I wanna see Bill Gates cry.
"Chance favors only the prepared mind." -Archimedes
S10 uses the Atom CPU. Wouldn't it be slow as shit to run Windows 7 on that?
"Tracking software embedded at the BIOS level"? Last I checked, those "tracking schemes" just force-fed Windows some driver/app at the BIOS level. Install any other OS and it becomes useless (not to mention that BIOSes these days aren't even hard to hack). As for the RFID, I don't see how disassembling it and taking it out is rocket science. Nevermind that the students themselves are going to be owning any kind of app installation protection in the blink of an eye.
Sorry, using software to secure a platform against its physical holder has never worked for long, but even just trying to do it on an insecure platform like an x86 PC is beyond useless. None of this is has even a remote chance of working without the heaviest-handed TPM-on-CPU-die functionality and signing of each and every piece of software, but that has no chance of working because no one would want such a platform, it would be painful and expensive to develop, and it could never exist given the buggy and insecure nature of PC software in general.
Video game consoles with strong hardware security and tightly controlled software environments with little interoperability requirements get cracked all the time to run homebrew and/or pirate games, what makes these people think their little netbook won't be?
For what it's worth, Linux vs. Windows here makes little difference. The entire scheme is doomed to fail from the start due to the nature of a PC solution like this. Sounds like Microsoft just sold these guys a bunch of nonexistent security.
Adobe CS4 on netbooks with 2GB RAM?
goodluckwiththat :/
Setting aside the fact that I don't think giving students laptops is the most efficient use of resources (smaller class sizes, more funding for teachers, arts and science programs etc would be better)... I can't help but wonder if this will be as unhackable as $84 million porn filter released a couple years ago.
Can't be done, there is no way to have a Windows install that is less then 90% bugs patched with 10 bull shit. The features this is taking about like BIOS level tracking and RFID have nothing to do with Windows and let alone the fact that all you need to do is run a live cd of Linux and hack the file system. It was a good idea, I guess, I guess if you don't think about it and just put this together really fast.
lost, stolen or sold. There is always collateral damage in this type of program.
What is important is will the remaining be a worthwhile educational investment?
These days nothing is unhackable in the world of computers. Anything can be done eventually.
The best way to get a high-school student to do something is to tell them they CAN'T. "You can't hack this machine!" It's like telling them that the car to which you just gave them keys is "uncrashable." Give 'em five seconds!
What is it with governments and hubris? If they had just shipped all these laptops without any mention of "unhackableness", you know what would have happened?
1: 240,000 kids would have gotten reasonably secure systems with useful software on them
2: People would have noticed how secure and safe the systems were, and appreciated the low rate of problems they experienced
3: Eventually, some smart students would have figured out how to bypass all the security so they can play world of warcraft or something, but nobody would have cared and it wouldn't have gotten any press
Instead, some asshat announces to the world "Bow to our unhackable laptops! We are awesome! HAHAHA!", and now thousands of hackers and security researchers out there have made it their personal crusade to find a way to totally decimate all the security on the box. You're right... It's gonna take about 1 month for an exploit for these things to make it to the front page on slashdot. Fucking idiots.
Footnote:
Yes, I'm aware that security through obscurity is no security at all, but that's not the issue here. The issue is that instead of nobody caring or trying to break the reasonable security they've implemented, now they've got thousands of people working on it. THAT does matter.
anyone that have been reading Cory Doctorow`s little brother, will see strong parallels to the school computers handed out to the students and how they manged to get around the spyware in them. Wonder what other bright ideers from that book they are going to implementate.
AppLocker WILL make it more difficult to run unauthorised apps, even if they're distributed/run via USB. It won't block things entirely but just like every security measure, it will make things more difficult, and that's all you should be able to expect. Give Microsoft some credit - I'd love to get a hold of one of these netbooks.
Our evil plan to control the students has become reality. Muahahhahaa!
FLR
While the netbooks are loaded with many hundreds of dollars worth of software, 2GB of RAM, and a 6-hour battery, the cost to the NSW Department of Education is under $435 (US) a unit.
The netbooks have hundreds of dollars of software loaded and still only cost $435 a unit. So the cost of the unit is being subsidized and the department is hailing this as some big leap forward in cost of ownership? And some of the big changes are related to the BIOS.
Already, the department has noted the loss or damage of just six netbooks out of the 20,000 rolled out since August - and have tracked one teacher using their device on a field trip in New Zealand.
Yeah, really cool that the school can track and potentially monitor everyone using one of these devices, even if the machine is not physically turned on via the RFID tags. Now there's a big win.
DET also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed on the device.
Even better. Add McAfee filtering to control content and MSFT's own antivirus technology...add up what all that would cost in a real world enterprise. Just the software costs alone would dwarf the cost of the device.
I look at the cost of the device, the software and all the centralized control and think, "Or just install Linux and get 95% of that functionality right out of gate." And the 5% you don't get is the spying and monitoring part. What lesson is the school teaching here?
This is certainly a win for someone, but I'm not sure it's the students and teachers.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Why would anyone issue a challenge like that over netbooks for students? Unhackable? Bullshit! Some hacker out there is going to take that as a challenge and hack into the thing in, I'm guessing, less than a week. And some poor student is going to have his netbook hacked because some nimrod decided to talk smack about how awesome-sauce these netbooks are and described it a "unhackable." Unreal...
Personally, I look at this as pretty brave, but the measures in place will likely deter the average student from mucking around with them, and those who have the skills to circumvent them easily are probably less likely to mess them up anyway. Lenovo has a good rep for a solid build quality too -- a much better choice for year 9 - 12 than some "rugged" but stripped down kids toy. Probably the most bold thing here is CS4 on a atom with 2GB ram.
Just to clarify - New South Wales state government is not the Australian federal government.
Even in the community of nations, someone has to have the least competent government on earth.
their is no way it cant be hack.... there are many bright brains in the world and they cant read them all.... their is one joke i knew hack the automated Poll machine in the Philippines and Sen. Cayetano will give you 100million pesos philippine money... she had big trust on the machine she didn't even know hackers are analyzing it now... http://www.techandgizmo.com/
I wonder if the BIOS will allow disabling USB boot. Or if the admins who sold the AU government the bill of goods will think to disable it.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I work for one of the departments involved, hence the anonymous post.
This is typical government posturing, and has nothing little to do with the what's actually going on.
From what I've seen, the RFID chips are redundant, they're using the machine's BIOS UUID to track machines through software, I don't think they even record the embedded RFID codes at all, as that requires a physical reader device, and they're not handing them out to schools. Normally, RFID tags aren't used for anti-theft, but for inventory tracking.
The BIOS tracking is pretty standard and off-the-shelf, it's not designed to stop professionals, but it will catch stupid thieves. Software protection is not huge, but most 'problems' will be met with an F12 network boot and a fresh system image, so the harm students can do will be limited and easily reversible. Students get limited space to save their work, and that is backed up centrally, so they shouldn't lose any data. On top of that, most questionable sites are blocked by the internet proxies, so that cuts out lots of potential sources of harmful stuff.
Really, the true protection the laptop gets is that every student receives one for free, but a replacement laptop has to be paid for out of their parent's pockets. Students will learn to be careful with them or face punishment from their parents.
There's lots of other silliness going on though, especially as it's my tax dollars going to waste.
For example, the enterprise agreement for the Adobe CS4 suite was a big deal. They spent millions purchasing the software before anyone had actually tried running any of it on an actual laptop. Only after the government had signed the contracts did they bother, only to find out that the screens were too small. All of the Adobe dialog boxes were designed for a vertical height larger than the physical screen resolution, so the OK/Cancel buttons are cut off. The workaround was to install a driver that supports a larger virtual desktop and pans the screen around. It's hideous. This is what happens when you let politicians make technical purchasing decisions.
Similarly, the laptops are rather anemic, which is expected for a netbook, but a lot of the software and content they want to publish is very video-centric. Apparently some types of video, like Flash content and h264, don't always play well, and high-res content is a slide show.
Shoot, throw in some Amiga, Be, FORTH, and other interesting OSses, too. And some prototyping hardware with nothing but monitor ROMs on it.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
If I recall, China's People's Liberation Army is part-owner of Lenovo.
Exactly why do the Aussies thing there won't be back doors built into the hardware or BIOS?
Is something under $105 million! Imagine what they could have done with $105 million applied to other aspects of education. Then there is the maintenance and support costs.
I sure hope this is worth it. It's a rather expensive experiment with an OS that isn't even released yet and they are deploying them into what they acknowledge as one of the most hostile environments imaginable. Bold. Very bold. Furthermore, is it actually good for education for each student to have access to a computer at all times? I've always thought the results were mixed, and my experience with computers in the classroom is that they are helpful half the time, and a horrible distraction the rest.
And unhackable? Tee hee. I'm sure no one will figure out how to boot an entirely different OS and run whatever they like. (Haw!)
Okay, I'll play the straight man and ask, "MSWindows? Worhtwhile?"
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
etch-a-sketch!
And don't discount the importance of it, either. All security, no matter what type it is or how it is implemented, is basically designed to slow down anybody who might try to break it. Indeed, security through obscurity itself does this, but the actual slowdown it provides is minimal, and it adds an extra cost: it is difficult to tell when somebody out there has successfully broken your security. By opening up, you can get a bunch of people working on your security to strengthen it, to help offset the few people who might be interested in breaking it.
Anyway, why would you go to such great lengths to slow down any individuals who might see a profit in cracking your systems, then go and piss off a bunch of 1337 haxxorz all over the world and get thousands of them working on the problem in parallel? Kinda defeats the purpose of using strong security in the first place, doesn't it?
Stuff like that makes me wonder about what they haven't said. For instance, if it's that locked down it wouldn't surprise me if it incorporates a keylogger of some kind, and other ways of monitoring usage. While I can see how they might choose to justify something like that (such as to make sure kids aren't doing something they shouldn't during lessons), it's a monstrous breach of privacy.
"Tracking software embedded at the BIOS level"? Last I checked, those "tracking schemes" just force-fed Windows some driver/app at the BIOS level.
That is the 'consumer level' sort of protection. There is another level that is available to 'special customers', but i do agree that you wont see it on some cheapo school laptop.
---- Booth was a patriot ----
Since these are Lenovos, and the Chinese government has a record of spying via technology, internally and externally, could this be a testbed for embedding the tracking/monitoring technology, hence subsidized to get such a large-scale real-world "beta" up and running?
I wonder if the "call-home" monitoring includes the IP addresses of those computers that were relaying the snooping of the Dalai Lama's organizationl PC's.
Paranoid? Me? You bet! Oh, wait, it is not paranoia when they really are out to get you ...
This is so cool. An unhackable netbook sounds awesome. Just like how we had an unsinkable ship, the Titanic.
You know how tabloids have big headlines about murders, etc. though there are thousands of families who have had just an ordinary day? Nobody cares about the family who just had an ordinary day. It's the same with government.
Each day tens of thousands of officials are working in nearly every country (most countries are large enough for that). And despite the right wing propaganda that all people who work for the government are lazy and just slacking off... Millions of officials all around the world are working hard and doing pretty good job. That includes officials who work with technology. But why would there be news about that?
"IT department of the Ministry of Foreign Affairs of Sweden implemented pretty decent policy about using work laptops at home"?
"Ministry of Agriculture of Estonia has had no major information leaks ever!"?
"The IT system that manages payrolls of people working for the sewer department of New York has not had a single spectacular failure!"?
It's analogous to the Streisand Effect. And when the machines get hacked, the id10t who declared them "unsinkable" will experience Titanic Syndrome.
http://alternatives.rzero.com/
... give the impression that Austalia's governors are stupid fucks.
Film at 11...
Kinda makes me feel all warm and cozy inside watching Micro$oft exploit those cave men.
"Stephen Wilson said that schools were 'the most hostile environment you can roll computers into.' While the netbooks are loaded with many hundreds of dollars worth of software, 2GB of RAM, and a 6-hour battery, the cost to the NSW Department of Education is under $435 (US) a unit. Wilson praised Windows' new OS: 'There was no way we could do any of this on XP,' he said. 'Windows 7 nailed it for us.' At the physical layer, each netbook is password-protected and embedded with tracking software that is embedded at the BIOS level of the machine"
As usual with these 'the first ever whatever on Windows' type stories they fail to mention that such functionality has been around previously on other systems. Does anyone really believe that Windows is unhackable. All such features do is hinder the usability of the units. And such 'security' doesn't belong in the OS but embedded into the underlying hardware. Or else on a PCMCIA Card.
WTF?
Oh, cool -- I found the official NSW laptop program website. Among other things, the specs are a 1.6GHz Atom and a 10.2 inch 1024x576 display with Intel GMA 950. One thing is for sure -- they're going to be playing flash games on this one, not 3D :-)
Adobe CS4 on a netbook? Wow. That must be amusing. Windows 7 must be a magical OS to turn a mere netbook into a decent machine for that, especially with all the background monitoring software on the go. I picture these machines running like molasses, and I bet the "6 hours battery life" is off the spec sheet and nothing near the real world performance.
They've apparently deployed 20000 of these units already. There must be someone with first-hand experience out there. Do these machines live up to the hype, both in terms of security, performance, and educational value?
If you want a system to have any hope of being "Unhackable", that means it won't be connected to a network and physical access will not be allowed.
Basically, you have a system with a remote monitor, keyboard and mouse via serial/ps2 ports. The computer itself is in a different location, locked.
As soon as physical security is breached, you no longer have an "unhackable" system.
Ignorance is too much not to share with the world, huh?
that thing is very under powered for that and they they want windows 7 on top of that?
i will flash the bios and wipe win7 off and have Linux running on it in less than an hour.
Politics is Treachery, Religion is Brainwashing
Well yes, it's a well-known fact among computer scientists (and apparently not by politicians) that the following inequality is a physical property of the universe:
physical access >> root access
What I was referring to was the potentially useful but soon to be pummeled security the laptop could have offered to students who didn't lose or wipe their laptops. Too bad too.
Can't wait to get my hands on one of there. The "how to hack it" step by step web site will be up soon after. Again the morons in office have no clue. maybe us morons should run and change it.
"One that sees"
Unsinkable!
Damping absorbs vibrations. Dampening is caused by moisture.
How much work will IT have to do for each itunes update? how about all the ipod updaters?
also will they be unlocked should the student finish his or her studies at the school. So the student can install what software they want.
or are they left with system with The update service switches off once a student finishes Year 12 and that has a lock of lockdown carp still on with no way to get rid of it or any way to update any software left on it?
Yeah. Physical security loss means hackable. I read this old cold-boot attack paper in Communications of the ACM months ago, and it was old even then. IIRC, one can use a can of compressed air to chill the ram in a computer, remove it, and read its contents in an alternate machine environment designed to save out the contents of the ram. Then you extract security keys from the saved-out-contents, and do whatever you like. I'm pretty sure the acm paper directly referenced retrieving the keys of the microsoft disc encryption software.
Officials are calling them 'unhackable.'
Don't use words you don't understand, you'll regret it.
Physical access = pwnage. Unless these Aussies have built the hardware components as tamper proof devices from the bottom and up (which of course, they haven't), i'll bet my physical pants that these laptops will be hacked before the retard in TFA can spell 'unhackable'.
From the dark, old days of the Internet when men were men, women were men, and children FBI agents
I believe technology can be an excellent enhancement to the educational experience, but I suspect that this grand deployment of computers will fail because most of the teachers won't have any idea how to use them to enhance education. Sure, their very availability and some innovative teachers will make good use of them, but if you are going to do this on this scale, a district needs a plan. Especially one that makes more sense for netbooks. What is needed is an infrastructure of online resources, lesson plans, and full remote classes that take advantage of the new access created. Technology should free the teacher for more one on one time with students, helping slower kids catch up and entertaining advanced kids with more challenging experiences. I haven't read anything on this subject that they took into consideration having enough power in the schools, cooling (20-30 extra laptops in a room generate a surprising amount of heat), or any level of teacher training.
Video game consoles with strong hardware security and tightly controlled software environments with little interoperability requirements get cracked all the time to run homebrew and/or pirate games
Yes, I love my modded PS3.
Just pop the netbook in the microwave for 30 seconds on high. RFID gone!
how long before someone uses a Adobe Flash hole to bypass the lock down.
The Roku vidio player is an excellent example of security through "meh". It's almost an ideal box for a Boxee or MythTv frontend, but it is pretty much unhackable (cryptographically signed u-boot, kernel, and ramdisk). They've released their sources (but not their crypto key) months ago, yet not one single crack is available for it.
Why? Because (a) they don't make a big deal of the security features to the public, b) it's stupid cheap ($99 USD), and (c) It Just Works.
The combination of all three make 'meh'. Due to (a) there is no implicit challenge to the security community, (b) trumped the TiVo problem of trying to get 'more value for your money' out of an expensive piece of kit, and (c) prevents your Average Joe hacker from wanting to break a working (and useful to him) device.
Good counterexamples are TiVo, Linksys routers, and the Wii.
For TiVo, it was expensive enough that people wanted to get more value for their money, and felt it was time well spent to hack it.
With Linksys routers, It just Doesn't Work caused people to spend a lot of time finding a way to make some perfectly good equipment work at all for them.
The Wii advertised to the community that it was unhackable, which promptly cause all manner of security professionals to take up arms and figure out how to hack it.
Encrypted bootup, a dedicated security SPU, encrypted memory, signing everywhere, a tightly controlled software environment, encrypted buses, a thousnd other things I'm forgetting, and actually being open to some degree ('Other OS' mode, which discourages homebrew users from attempting to crack the core system) are what it took to get that kind of actual resistance against attack. Call me back when these netbooks have equivalent security measures in place.
If you simply open the article and search for "Unhackable", you'll see that the ONLY place it appears is in the headline! The link in the Slashdot submission is "Officials are calling them 'unhackable.'", which is simply false, stated nowhere in the article, and simply a clueless headline which was picked up by a clueless submitter who wanted to point and laugh at Microsoft security, posted by a clueless editor who couldn't be concerned with checking the validity of submissions and no one has even mentioned this yet!
Stop and consider that the government doesnt give a hoot about the security on a technical level, as much as the security of the people who are carrying them?
These things are gonna get stolen from every poorass kid who has to walk home alone. Convincing the people likely to target high-school students for mugging not to, cheaply, thats the objective here.
And yes, Australian governments are really, really stupid.
Wait! Whats a sig?
Since we're obviously using hyperbole, I guess I could say that this netbook has ALL these things as well... the difference is the market penetration of a PC environment vs. a PS3 environment. Now, if it proves that the customized hardware/software suite is as narrowly distributed as the PS3, then this might work. Since they havn't actually released these yet, I'm not sure how we're going to continue to argue hypotheticals without making you sound stupid.
Thousands of these are claimed to have been deployed, and some of the other comments already explain just how easy it is to flash these and get rid of all the "security". Even the worst game console security features lasted longer than this.
But even if that weren't the case, there's a simple reason why these netbooks couldn't possibly have PS3-grade security: because such hardware doesn't exist in the PC world. Unless the Aussie government commissioned a special highly secure CPU from Intel, a special highly secure chipset from Intel, a special highly secure BIOS from some BIOS vendor, and a special highly secure hypervisor to watch over Windows from someone else. Sorry, no PC platform exists so far with security even close to that of the PS3, and it's reasonable to assume that the Australian government hasn't magically pulled one out of nowhere.
It seems to to me that, given the Slashdot summary, GradiusCVK is correct when he said this in his original comment, although he could have shown more elegant manners:
'Instead, some[one] announces to the world "Bow to our unhackable laptops! We are awesome! HAHAHA!", and now thousands of hackers and security researchers out there have made it their personal crusade to find a way to totally decimate all the security on the box.'
However, the problem is with kdawson, the Slashdot editor, not the Australian government or the article to which the Slashdot summary links.
The article says, "[government] seeks to build 'unhackable' netbook network". The meaning is that the Australian government is doing the best it can in building a network.
kdawson, the Slashdot editor says, "... Government To Build "Unhackable" Netbooks".
kdawson made the title sensationalist and misleading. This amazes me: In all these years, Slashdot editors seem to have learned nothing about being editors. kdawson turned a wonderful story into a misleading experience.
Right, well, I actually attend one of the schools who have a deployment of these laptops.
There's a label on the bottom that threatens you that if you steal it the police will find you. There's tamper-proof screws, so normal phillipshead's wont do the job. The BIOS is obviously passworded, and I managed to break the bootloader of Windows 7 by pressing ESC twice. No OS found apparently.
For "secure" laptops, you can right click pretty much anything and run it as an admin. We ran cmd.exe as an admin to create a proper Admin account. Completely bypasses AppLocker. Apparently, according to the laptop admins, the government wont allow printer drivers that aren't already part of Windows 7, so no printing for you.
The laptop maintainers don't even have administrator access. They have to box the laptops up and ship them to a centre to be "fixed", even if it's as simple as reinstalling a driver. Pathetic.
It's only early days, and the nuking of the bios can be done easily, through Wubi or other means, but USB boot is disabled so you'll have to find alternative means. And I know it's likely moot to post so late after the rush, but I had to say it.
Btw, it's CS4 Elements, it's not the true suite. And it includes Dia, the open-source diagram editor, which I found odd. Open source deployments always amuse me.
To finish, Firefox is not included by default and has many issues when installing, as you don't have access to Program Files, so it confuses the installer to no end unless you change where you're installing it to.
These laptops require ethernet access to activate and are mapped to a single username, so good luck using it if you don't have a Department of Education account. The all have filtering software so no porn for you kids, even when at home. Myspace and Facebook are blocked even from home connections. It's a rather horrible crippled setup that I'd wish upon no-one.
Welcome to the future of computing. Homeschool your kids.
Disagree != mod troll.
I see no mention of removing all network connectivity, sealing them in a lead box, and encasing the box in a large block of cement. Until those things happen (or their equivalents), any computer is still "hackable." I believe they really mean that they couldn't think of a way to hack them, which is quite different. I am very eager to see a follow up in 6 months and a year out. I hope things go well, but I am afraid that I am still skeptical of the claims, but I do wish them well.
WTF is up with the Australian government.
In the past decade (or a little more) the people of that country really seem to have lot a lot of their freedoms.....It's amazing how backward and wrongheaded their government's plans have been:
The people lost most of their gun rights.
The government goes apeshit over cartoons and charges a guy with a serious kiddie porn charge over a nude simpsons cartoon modificatiion.
The government will stop at nothing to be able to have wholesale filtering and censorship on the internet for everyone, despite the fact that massess of people took to the streets and protested and pretty much every high profile techie (who wasn't working towards the govt agenda) warned about sll of the problems (technical andd otherwise) inherent in doing this...I mean, come on - the fact that they think they'll be able to pull off an "unhackable" windows netbook technically is almost as ridiculous as the the plan itself is antithetic to a free society.
Who is advising these people? How ridiculous is this? And RFID chips install to boot?
I guess Australia is on it's way back to becoming the world's largest "island" (yes, I know, it's a continent) penal colony.
If this netwbook becomes a reality I can see the slashdot headlines from the day after it's release: "2 high school freshman were arrested in Australia; charged with hacking their unhackable netbook computers.." which I am sure this ignorant govt will make a major crime.
Physical access = Easy to Pwn.
Thousands of these are claimed to have been deployed
Did you RTFA instead of skimming the summary? Maybe you should do that first.
Stephen Wilson and New South Wales were supposed to be pro open source. I guess Microsoft and a bunch of others ridiculously discounted their software again to get them to bite. Stephen Wilson was reputed to be pro Linux. I guess the powers that be got to him. Too bad, so sad. Notice how these netbooks are eerily Orwellian in their surveillance. Also, no computer is unhackable - given a short length of time, we will see the Slashdot posting that these netbooks have been hacked. The only unhackable computer is the one not connected to any outside network.
How long before it's completely cracked? One week? Two weeks?
Sounds like an ideal platform for a netbook-specific distribution of GNU/Linux but a horrendous platform for any version of Microsoft Windows.
Yes, and the title of the SUMMARY? "AU Government To Build "Unhackable" Netbooks ".
To Build. Future.
Yes, they *have* rolled out *some* computers. But the ones that have been deployed are not the same ones we're discussing.
Honestly. I hate arguing with teenage mexicans. When you've learned to read english properly, maybe we can discuss something that you've read.
They're also working on an unsinkable ship, an uncrashable airplane, dry water and a life form that never dies.
Unhackable == can't install whatever software you want.
The whole point is to have people stuck with Windoze and Office.
It has nothing to do with protection from malware, just ensuring
monopolistic revenues.
If only they were equipped with an Itanic.
Sounds like Microsoft just sold these guys a bunch of nonexistent security.
In other words, business as usual?
OK, let's ignore for now, the "Un-Hackable" nonsense. What if I want to learn Physics Modeling using LISP? Sign Language? I have to go buy it? But it's free software! Wait? I have to wait to have some faceless multinational corporation "grant" permission? My homework is due next Thursday, and my teacher says, "no excuses". How about my paper due on Shakespeare's Histories? Bing says, "do you mean Shake Spears? Sorry, no matches" I can get extra credit if I make, and submit a short video on the properties of a Candle Flame; YouTube uploads are now blocked? What Educator said, "It's OK to only learn a tiny subset of knowledge."
And yet the article says NSW seeks to build 'unhackable' netbook network. The netbook network is getting built. By adding more identical netbooks to the pool already out there. Good job on trolling by taking an imprecise Slashdot summary as fact.
Seriously, get out of that bubble of yours and try reading yourself. The model is already fixed, Lenovo S10e. That's a bog-standard netbook with bog-standard components. If you're so certain that NSW is commissioning an ultra-secure, never-seen-before PC platform, please enlighten us all and point us towards the slightest hint (nevermind proof) that that is the case.
Netbook loaded with CS4?? Wow I didn't realize how far that term had been stretched. I thought netbooks were supposed to be low power little internet gadgets.
"Proximity to wonder has blunted our perception and appreciation of it" --Tim Hartnell in 'Exploring ARTIFICIAL INTELLI
From this, we conclude that much of this security depends on Windows 7 itself, and therefore can be bypassed in 5 minutes using a linux liveCD.
BIOS passwords and be reset quite easily and RFID can be faked or removed.
Man defeats "unhackable" computer with $5 hardware store axe.
...since when is stealing, selling, or dropping the laptop into a bathtub considered "hacking" it? When I first read the title I thought, "maybe some custom-hardened BSD variant?", then come to find out it's just Window$ 7?!?!?! What a joke.
The model is already fixed, Lenovo S10e. That's a bog-standard netbook with bog-standard components.
Yeah, last I checked, RFID chips and a remote kill switch are standard on those models.
If anyone needs to leave their bubble, it is you. Now, unless you're bringing new information (not rhetoric) to the table, gtfo.
...rest assured that the department's signing key is stored on a Windows 2008 server with many open ports.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
Good job, you just jumped from "mythical unreleased unhackable PS3-grade-security netbook" to "Lenovo S10e, which comes with RFID and a remote kill switch, both of unspecified robustness".
As I said in my original reply to you, call back when they come with a dedicated security CPU, a tamperproof hypervisor, encrypted memory, encrypted buses, a full chain of trust from on-cpu-die boot ROM and keys to individual software applications, and everything else that the PS3 has that has enabled it to resist attack so far.
RFID doesn't work very well through water so if you drop it in a bathtub it pretty much will stop the RFID. At least until you take it out of the backtub.
Do you changes clothes while making the "chee-chee-cha-cha-choh" transformation sound?
I suppose you might be right. *MIGHT* because the product has not yet been created, as you refuse to acknowledge (although the article clearly states this fact).
Seriously, it's no wonder no one likes mexicans.
Who wants to bet that someone figures out how to use that "remotely disable" feature and disable every single laptop they're giving out within a year?
The recommendation given by the Australians Information and Communications Technology in Education to the government.
I'm not sure if it's different to normal government recommendation but it seems as if this committee has had quite a lot of crack, its full of useless general statements repeating the ideas of the proposal and doesn't mention any actual information.
'nuff said.
...come on fellas, dont let me down. I know you guys can make a mockery of their unhackable netbooks. I have faith in yous.
There is a great and mighty chasm between expectations, and reality. Between high hopes and cold reality. Between the state of things as we wish them to be, and the genuine 'where are we now' of things experienced in real life. Another analogy is the pretty, glossy sales brochure (handed to you prior to money leaving your hands), and the box with shipping labels, tape, and a dent in the corner shipped to you. When these two things are either very close or overlapping, there is nothing unexpected. You got what you paid for, you did your research, studied the state of the product versus the competitors products, expectations and requirements of the product, and estimated points of failure. Contrasting this is a fantasy world, where the box holds magic and wonder (it wasn't packed by Pandora), it glows and lights the room upon arrival, and forever changes your life upon opening. That someone in high office can be so off target with expectations versus reality, leads to two conclusions: 1) Idiot who should not be in charge of his own laundry or 2) Paid off politician who should be investigated, convicted, and sentenced to hard labor for a long time.
"If a netbook were to be stolen or sold, the DET is able to remotely disable the device over the network. Even if the hard drive of the machine was swapped out or the operating system wiped, it would be useless to unauthorised users."
/. groupthink even posits how easy it may be. I think we've seen 'Windows' mentioned and somehow assumed they would inevitibly make obvious mistakes like allowing booting from usb/cd.
It may be hackable yes,
They appear to have some kind of kill switch at the BIOS level, which sounds pretty potent and difficult to circumvent to me. I would presume when the stolen machine connects ot the internet, it calls home, if it's been nuked, it then bricks itself and refuses to boot of anything.
Doesn't mean you couldn't strip the laptops for parts if stolen. That is if you didn't go the trouble of replacing bios chip (if not flashable)
Despite that, they do seem to have to gone to significant lengths to thwart theft more than anything. However whatever IT outfit told them that the product would be 'unhackable' is guilty of telling lies, that kind of statement smacks of marketing department (not engineers) of some company telling it's ignorant client what it wants to hear (yet can't reasonably expect to get) just to get paid.
So it will be hacked, of course and the blame will fall everywhere (ie students) except the marketing people who made the claims.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
I bet there's probably a way to get around that. I have a few Linux LiveCD's around, if I had one of the computers I'd be able to test it. Not like I see the point of using school computers if you can help it. If at all possible, use your own computer!
"... if you had clicked the second link in the article."
That's confusing. I quoted from the second link in the summary. The second link in the article, NSW starts school netbook rollout includes nothing about hackability.
Your excellent argument: However, that second link in the article does support your excellent argument about Slashdot supporting Microsoft advertising: 'According to Gillard, the netbooks came with "$5,500 of the latest Microsoft and Adobe software".'
Someone should send a letter to the Sourceforge, Inc. CEO, Scott Kauffman" and ask if Slashdot editors or anyone else at Sourceforge is allowed to accept money to run articles that are in fact advertisements.
Note that Mr. Kauffman is an advertising executive. That's helpful to my understanding, because, of all the technically-oriented companies with which I have had awareness over a period of decades, Sourceforge seems to me to be the most technically clueless. Everything Sourceforge does seems to me to be slightly below mediocre technically.
Sourceforge CEO Kauffman is said to have been involved with numerous companies, for example, PopTok This article is interesting: It's Alive!: PopTok Combines Emoticons With Movie Quotes. PopTok is an "Israeli company". Perhaps Mr. Kauffman's connections with Israel explain the fact that Slashdot has run several stories about Israeli startups that seem to be more schemes to get investor money than startups with real technical futures.
The Wikipedia article says, "Kauffman then spent time in turn with eCoverage, a direct-to-consumer online insurance company, Coremetrics, and (as President and CEO) MusicNow, an online music service partnered with FullAudio. In 2005, he ran the San Francisco-based digital-magazine service provider Zinio."
What is wonderful is that a government is realizing that making sure that students have laptops is an investment in the future of the country, and that everyone having the same system makes teaching easier.
You seriously need to work on your trolling skills. Actually figuring out someone's nationality before xenophobic trolling helps.
Hint: wrong side of the ocean.
Engineering and Research for "Unhackable" notebook: $240 Million
Distribution of notebooks and administration of program: $200 Million
Having a 9 year old hack your notebook 10 minutes after receiving it: Priceless
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Is the school in some way prohibiting the students from using alternatives? I.e. Linux + Firefox + OpenOffice? I would consider a $500 notebook or a $200-250 netbook to be a small price to pay (that ~2-5 college textbooks) to prevent the "public" education system from enstupiding my children for the rest of their lives.
I imagine that the press would have a field day with a group of parents that got together and threatened to sue the local school board (or pull their kids from school and home school them) over the brainwashing / disabling aspects. The headlines would be too good "Government uses tax money to handicap students"... etc. Or do they not have such feedback opportunities with the local papers or governments in AU (as we do here in Massachusetts)?
That's awfully american to assume that I was trolling, simply because I pointed out you were wrong.
You seriously need to work on your trolling skills. Actually figuring out someone's nationality before xenophobic trolling helps.
Does it matter which side of the ocean? I established that your premise was wrong, and now you're picking on my other arguments ... to prove that you're right? Sorry juan, it doesn't work that way.
The text itself is tremendously controversial.
Win7 + Office + Adobe things + iTunes... quite "unhackable" huh?
Now gather some history of security issues on these softwares.
Please, google on "how to search on the web". Oops, a bit controversial.
As I understand it, only authorized applications will be able to run on these machines. If that is true, that means that they can't be used for programming since students' programs won't be on the whitelist. Am I missing something?
Yikes. It's Trusted Computing again, in a different guise.
DO NOT WANT.
I still think it'd be fairly easy to open it up and reflash the BIOS chip with a programmer.
These machines will be as unhackable as the Titanic was unsinkable.
All the Government are doing is putting out a challenge and ultimately proving that a committee of "IT Experts" will be no match for a determined teenage schoolboy who wants to look at porn.
Specialist Mac support for creative pros, Melbourne
I bet they spent gazillons of dollars to end up something like this:
User: Administrator
Pass: [enter]
fitted with a passive RFID chip which will enable the netbooks to be identified 'even if they were dropped in a bathtub
... its always been a problem following a bathtub/hacking party when we drop our laptops into the Mr Bubble and can't tell whose is whose.
Have gnu, will travel.
I think I would rather break out the old Commodore 64 to do my work on then use one of these super locked down laptops with the tracking and the police warning stickers plastered on them. Fascism in a box, how nice :\
this has weaker cpu and intel GMA POS video and they they want to run cs4 and a shit load of background lock down stuff.
I'm serious. I'm not talking about forcing all high school students to write even a tic-tac-toe in machine language, but having prototyping boards with nothing but monitor ROMs on them available for the truly interested high school student is bound to be a plus. Likewise the rest, Amiga and BeOS, to show people how modern OSses are not all that modern after all, FORTH machines for the exposure to a different way of thinking, etc.
Why call somebody a troll just for admitting to thinking there is something worthwhile outside the mainstream?
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
They're in Australia... They'll NEVER be hacked... until somebody takes one on vacation to somewhere else ;) Those Australians students are all good, law-abiding citizens that would never, ever, even attempt to, say, wipe the BIOS on something they've been issued by their Principle, especially if they've been asked not to. Oh wait, that's in Japan, never mind.
Besides that, the OLPC labtops are going for less than half what these are, and are designed to be taken apart by inquisitive children. By design (literally) the things are theft-proof and I expect Negroponte would cheer it as a success if one of "his" kids managed to get another OS running on it. That's what it's all about. Makes you wonder who's running the Education ministry in Australia.
Perhaps you're a little confused as to the point of this "scheme". It's not a social experiment designed to test security systems against 14-18 year olds. It's to provide them with a laptop, and hopefully avoid some pitfalls. The oppressive security measures are designed to stop kids from loading games or worse onto their computer (they're a work tool after all). It doesn't really matter if some kids manage to hack the machine, it's more to prevent casual stupid or inappropriate behaviour.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
This is clearly not the point of the story, but Adobe CS on a netbook? Seriously? Does anyone think most of the CS applications will be even remotely useful on a tiny-ass netbook screen?
mirrorshades radio -- darkwave, industrial, futurepop, ebm.
We've been exposing kids to heightened levels of UV radiation for years by installing fluorescent lamps. I don't see any hue and cry about excessive UV radiation damaging our childrens' eyes and giving them skin cancer.
We've been exposing kids to chalk dust for years, I don't see any hue and cry about heightened levels of respiratory illness due to chalk dust inhalation.
We've been exposing humans to 50-60Hz EM radiation for decades, with no research into the effects of having that much electricity coursing through your body day and night.
Why should we be getting all concerned about WiFi radiation?
Our leaders came to power by being lower down the list of "politicians to put last on the vote ticket".
The BIOS can be reprogrammed, sure. But what's to stop the "standard" chipset containing instructions that will ensure the backdoor is copied into BIOS every time it's reprogrammed?
Remember the login backdoor that was part of the standard C compiler for a long time?
I cannot imagine what running CS4 on a Netbook would be like, since it's slow even on a relatively fast 2GHz Centrino. But the speed is likely to be less of a problem than the memory, because anyone who has ever had Illustrator, InDesign and Photoshop open all at once can tell you how that bring even very fast modern desktop machines to their knees.
Robber proof - maybe. Hacker prof - doubtful.
Its when you get on to the net that the vulnerabilities really show up. But even without getting onto the net, loading office and Adobe cs and a few more programs will crash the mchine and thats when the cackers and script kiddies get in.
Anyway, the AU govt can probably afford it.
End
The kids don't need to hack the computer to play a game, many according to some Australian newspapers are just using the machine to access Facebook and Twitter and in some schools they are employing the "Great Australian Educational Firewall" to stop this type of thing happening with the added consequence that most students just loose interest in their net-book. Even some teachers are insisting that net-books are switched off since they can be disruptive during lessons. Lets not mention that 10.1" screens can be a little hard on the eyes during extended use and the Opposition is having a field day with this.
Yes this is just "Bread and Circuses" and us Australian taxpayers are paying for this. At least the Government can now go to the people and say "We have given your children net-book computers, they are now part of the Smart Society". Guess who I aren't voting for this next election, not that I did last time.
There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
Theyre designed so that students can't "hack" them - roll their own apps, games or linux distros on it. And they actually have a very good system with a BIOS that overwrites any changes to it with the DET settings, and a call-home when it's connected to the 'net.
Isn't this stupid? Many hackers (the good kind), programmers, and other IT people had access to unrestricted PCs as kids. They learned by tinkering, exploring software, changing software, etc... I'll bet the computers don't come with Linux on them. I'd be surprised if they have a full windows development environment either. What if a kid wants to play with Python, due to the machine's restrictions he/she can't. Kids need freedom to tinker. Especially older ones.
I'll admit you probably don't want them going around looking at XXX stuff. But that responsibility falls on parents to know what their kids are doing. Totally locking down the computer will limit them to doing activities that the person installing the original software thought of.
That's probably about all it'll be good for. If you're a Senior and your prospective job is with someone using an Eclipse / C++ programming environment, hope you have your own home computer to install it on. Otherwise, the computer you get from the schools is most probably capable of e-mail, uSoft Word, uSoft Excel, uSoft Access, and uSoft Powerpoint. Programming? Waaaaay too dangerous to have on the school machine...
http://xkcd.com/538/
Seriously.
Also who the hell would want to hack a grade 9-12 students netbook.
I can see this going something like this:
Bully: "Give me your password or I will punch you in the face!"
Student: "1, 2, 3, 4, 5"
If we can get teachers on board, it has the potential for some benefit. It doesn't matter whether or not children are interested in them; they're supposed to be tool, not a toy. When they become an integrated part of the lessons, that's where the fun starts (but not necessarily for them).
Surely you too can see why it's more than just political posturing to give kids access to software like a word processor, a platform for storing notes and textbooks, and possible future software to be included in curricula, right? I get that it's expensive, but on the other hand, you can't expect to see computers to have an impact on education unless *everyone* has access to one, and that there's some standards between them.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
My house is INFLAMMABLE! Muahahahahaa!
My kingdom for the point to mod this "flamebait"....
use ntfsresize to resize the partition containing windoze.
install linux in remaining space with dual boot
hide dual boot - with doze as the default.
This may not work but represents less that a minute of thought. What could a determined HS student come up with in 4 years?
My house is INFLAMMABLE! Muahahahahaa!
My kingdom for the point to mod this "flamebait"....
(Looks in.) Thank you, O nameless moderator.:)
Those Aussies are amazing. They've found a way to read RFID tags that are inside a Faraday Cage?
Phenomenal! But then I'm from Missouri, they're going to have to show me.
Let's take the network here. The scenario we have right now:
1. The DHCP is assigned when a computer is on and plugged into the network
2. A computer needs to be authorised to connect to the network.
You can still get an IP. You can still see and connect to other machines using TCP/UDP. HOWEVER: the servers on the network all report (in a prominent and timely fashion) all machines that are not on the machine name list.
What happens next is that in a really short timeframe the techos come down and do one of two things: Either take the PC off of the desk (this has happened to me btw) or they check the machine and confirm that it is what and where it should be
3. The routers log machine names, IP, connections, etc.
4. If there is a problem anywhere on the network the techos ask the security guys to check the camera system. Yes, every corridor has a camera facing down it. Back door. Front door. Windows are sealed. You can not get in or out without walking past a camera. Do so and security can't see your face or your pass and you will find someone coming striding up behind you to check.
Getting to the main part:
In order to *use* the network, other than basic TCP/UDP functions, you need to log in. Logon requires that the machine name your userid and password authenticate on the network. Also, the machine needs to be recognised by the server.
Here's what has been tried: Take a machine, clone the hard drive to a new drive, put the hard drive in a new machne, plug that machine into the network. Did it work? Yes. Did it authenticate? Yes. Did the IT guys come running down the hall? Yes. Took them about 30 minutes. From what I understand they had issues at the local router, apparently someone mislabelled the cable in the server room..
They walked in, looked at the machine, said 'it's not something we recognise' and one of them wheeled it away on a trolley. The other two started asking questions and called security.
So, we figured that some part of the computer is being checked as part of the authentication or is being scanned by the network. If the hardware is not known then it gets flagged.
----
So, let's take these laptops.
The administrators could easily set the security to only allow a specific user to log onto the school network from a specific machine with their username and password. Implement a few security rules and checks, eg - OS must be Windows 7, machine name must be XYZ, userid and password must authenticate on the network and be allowed for that machine, hardware ID must machine the machine name.
If they did this then it wouldn't matter what the kids did in terms of replacing the OS. If they wiped the OS then the next time the school REQUIRES them to log onto the school network (eg: Kids: Exam next Wednesday, Exam will be 'online' via the School Intranet, Must Bring Your Laptop) then it won't be too long until the kid either has to own up that they tampered with or wiped the OS - parents then get to pay for the kids mistaken and take their offspring's education into hand or the laptop gets reimaged.
It is was me then I would implement a policy where the laptop is reimaged on a regular basis, and the image can be updated / replaced as required. Create a hidden partition (and I mean HIDDEN - not mounted so that they can see it; not directly accessible if you manage to boot Linux or other tools) and reimage as required.
If reimaging fails, or a laptop reports that a scheduled reimage has consistently failed, or never reports, then disable that laptop from the Edu network until the kid brings it in, connects it to the school network and a tech has to look at it.
----
Alternatively, just install Linux on the !@^$@#^ things and if the kids manage to hack them, WELL we'll just have to put up with a whole generation of linux geeks.
It is of no consequence really, as soon as the powers realised what the kids were up to and blocked facebook twitter et al., the kids hardly use the things. Regards, Royce R. Vines Few things limit our potential as much as knowing answers and setting aside questions.
"The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) H.L. Menc
Its funny because no one seems to have read the title which says "unhackable netbook NETWORK".
I dont see where it says "unhackable netbook".