Security and the $100 Laptop 144
gondaba writes "The One Laptop Per Child project is actively recruiting hackers to help crack the security model of the $100 laptop to avoid the obvious risks associated with what will effectively be the largest computing monoculture in history. From the article: 'The key design goal, Krstic explained, is to avoid irreversible damage to the machines. The laptops will force applications to run in a "walled garden" that isolates files from certain sensitive locations like the kernel. "If we discover vulnerabilities, the security model must hold up enough that even a machine that is unpatched won't be easily exploitable. This gives us a bit of diversity to avoid the monoculture trap," he added.'"
Why hack a machine that will have no data on it? (Score:2, Interesting)
Pull my cracker (Score:2, Funny)
Re:Pull my cracker (Score:4, Insightful)
Re:Why hack a machine that will have no data on it (Score:3, Insightful)
Re:Why hack a machine that will have no data on it (Score:4, Insightful)
Re:Why hack a machine that will have no data on it (Score:4, Insightful)
No data, but quite a processing network (Score:5, Insightful)
On the other hand, there are going to be a *lot* of these machines. So I suppose they might make a tempting target "just because" or simply for bulk processing.
Re: (Score:1)
Re: (Score:2)
(Slightly OT) I wonder if it will be possible to cluster these machines. Might be an interesting way to give groups of older students more processing power (perhaps for a class project).
Application versus system level clustering (Score:2)
But in terms of taking any application, and clustering it automatically -- somehow taking the resources of several computers and abstracting them and presenting them to a regular application, all transparently -- that seems decidedly nontrivial. Does the Linux kernel support that sort of thing?
I wouldn't think there's any reason why apps that need extra capacity couldn't be designed to paral
Re: (Score:2)
Re: (Score:2)
After all, who woulda thunk some nigerian in a cafe could score $100000 off an american in america?
If nothing else, some libyan kid sick of homework could infect and bring down the whole network to avoid study, similar to kids pulling the fire alarm in schools.
Re: (Score:2)
Clearly, you don't work for the Libyan thought police.
Re:Why hack a machine that will have no data on it (Score:2)
They would do it just because they could. That's all the incentive some people need.
Re:Why hack a machine that will have no data on it (Score:2)
How about the Libyan children hacking into each other's laptops?
Re: (Score:2)
This being a slightly better answer than the one above deserves a response: I thought that was what we were trying to teach them by giving them laptops in the first place!
Re:Why hack a machine that will have no data on it (Score:2)
Re: (Score:2)
Onepage 'Printable' (Score:1, Informative)
Even bigger story in there... (Score:3, Funny)
Good Lord! The chairs are a'gonna fly in Redmond once this gets out!
(props for the security testing, though :) )
laptop/desktop... yeah, I know. (Score:1)
Re: (Score:2)
sure they can. Just not on the laptop.
Though certainly a hundred million low-end Linux machines in use might change a lot in the marketplace, both as a source and a market for new software.
Re: (Score:1)
Re: (Score:2)
The people involved don't mostly have no money. They certainly will tend to have very little money by Western standards, but then (especially if its not retail boxes), software often has a very low marginal cost to deliver, so there may still be value in reaching such a market.
Re: (Score:2)
Suddenly, Western civilization is flattened by a limitless swarm of Lisp-powered shopping carts.
Not even OPEC will survive OLPC.
Fear.
Re: (Score:2)
Re: (Score:2)
Exactly. I compare this to the Soviet Russia where they didn't have the supercomputing power of the USA, but with a pencil and advanced mathematics used their brain power to develop the principles of stealth, and a few other fringe technologies.
With 100 million laptops out there, chances are someone with one of these laptops is going to develop somethi
Could actually be a problem (Score:5, Interesting)
Re: (Score:2)
OTOH, Most OLPC units will likely be going to developing nations, which means that as far as US and EU jurisdiction is concerned, MSFT may still have to behave itself (well, relatively so).
They may also be cozy in the knowledge that in the money end of the market (or, the parts of the market where the majority of money can be made), they'll likely remain and retain dominance for awhile longer.
Long-term? Once/If said developing nations get along far enough t
Re: (Score:2)
A monopoly is defined based on a per country basis not a global basis. AT&T was a monopoly only in the US, Standard Oil was a monopoly only in the US.
LetterRip
Re: (Score:2)
100 million machines in developing countries running a non-MS OS won't, in and of themselves, change anything about whether or not Microsoft has a monopoly on some market in interstate commerce in the US. Likewise, I'd image they won't directly affect whether it has a monopoly under the terms relevant in EU law, either.
OTOH, it make Microsoft safer from anti-trust actions in Th
Re: (Score:2)
That's it. I'm moving to a psychiatric ward.
Re: (Score:3, Insightful)
If you mean competitors among OSes (ie Apple and Red Hat), then no, it's not.
But their competitors in other fields - antivirus (McAffee, Symantec, Norton), accounting (Quicken), PDF and presentation tools (Adobe) - greatly benefit from the limitations placed on Windows by antitrust settlements. Since Microsoft can't use their OS monopoly to further other monopolies, they have to compete on a much more level playing field with others to sell their software. So to th
Re: (Score:2)
Only because Microsoft actually is a monopoly in certain existing fields (primarily, the desktop OS market.)
Re: (Score:2)
What OS I use on my cell phone doesn't change the fact that Microsoft has a monopoly on desktop PCs.
These laptops are PDAs by any measure, and are only competing with WinCE (not Windows) where Microsoft doesn't have a monopoly.
Re: (Score:2)
Can't really claim MS is a monopoly anymore if there's 100 million systems running a non-MS OS.
Why not? Monopolies are defined by markets, not products. Mac OS X, for example, is not in the same market as Windows because Apple does not sell it to computer manufacturers, like Sony or Dell who are the main customers for Microsoft. The fact that the largest "competitor" is a nonprofit scheme that bypasses the traditional markets and is produced collaboratively by those who would normally buy such a computer
Re: (Score:3, Funny)
Sure, but they're going about it all wrong. Everyone knows that the way you ensure secure computers is to make a proprietary OS and don't tell anyone where your buffer overflows are.
Anyone that thinks this is going to work..... (Score:2)
How exactly is a $100 PC going to improve the lives of third-worlder? Most third
Re: (Score:2)
While I agree that there are lots of things that $100US can be spent on, consider:
Re: (Score:2)
One Flashlight Per Child (Score:2)
I sure hope that the OLPC people did research into their target market and didn't just begin with the assumption that "every child wants/needs/could use a laptop," be
TFA (Score:1)
That's quite a big IF. Out of the millions of plans ever executed, how many are done perfectly? I hope they're not basing everything with the hope that it will go perfectly.
Re: (Score:3, Funny)
Biggest Monoculture (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Does it come on a frisbee? Are there problems from attacks on the MCP?
Re: (Score:3, Informative)
Sure, there are more installs of Windows XP, but they aren't all running on the exact same hardware. Same goes for SymbianOS.
Also, these laptop don't assume that someone is attached to a high-speed network where they can download patches every few weeks. If someone hacks your phone, or a vulnerability in Windows is found, they push a patch out - OLPC wants these to be secure from day 1. (Or at least as secure as possible.)
Re: (Score:2)
The disconnectedness from a "high speed network" also protects these OLPCs from infection as much as from patches, so that's probably a breakeven.
But I didn't argue whether the OLPC monoculture is less vulnerable than the Symbian monoculture. Just
Re: (Score:2)
And the ability of billions of people to eat is often centered on using their mobile phones for work and family organization. That might seem a luxury to starving children, but it is reality for many who aren't st
Hack the proprietary binary only WiFi firmware! (Score:2, Insightful)
closed components.
MOD PARENT INSIGHTFUL (Score:2)
Re: (Score:2, Informative)
Re: (Score:2)
If they use a single FPGA that isn't open sourced or a the processor uses microcode it has closed source firmware... Which means all of them.
Re: (Score:2)
Let all of us in on this (Score:1)
Re: (Score:2)
virtualize the applications (Score:4, Interesting)
Re: (Score:2, Insightful)
Boot the OS from a read only partition (Score:1)
Transporter_ii
Re: (Score:2)
Run each application in it's own virtual machine. Xen has a low enough overhead and is clean code.
I think the CPU and RAM requirements for running more than one or two programs at once would really add up on such a meager system. A jail that basically uses an ACL to separate the program, ala FreeBSD or SE Linux would have a similar amount of benefit, using fewer resources.
Re: (Score:1)
Re:virtualize the applications (Score:5, Insightful)
As far as I'm concerned, running applications should already be separated from one another. This leaves interaction through the file system and IPC (inter-process communication).
Virtual machines take away the interaction through the filesystem, as well as local IPC. The latter doesn't actually necessarily make the system more secure, as it makes it more difficult to tell if IPC is safe (on the virtual network) or open to attacks (on the real network). At any rate, IPC will be less efficient, because you lose shared memory IPC.
By taking away common filesystem access and complicating IPC, applications become less usable. How do you get the file Alice sent you by email to your word processor? How do you copy-paste from one application to another? How do you do process management, when the process management tools are made for a single machine, but you have everything runnig under virtual machines?
Once you work around these restrictions, what will you be left with? Are you going to re-introduce common filesystem access and create a drag-and-drop interface that works accross virtual machines? When you've done so, won't you have a system that has pretty much the same capabilities as one that isn't based on loads of virtual machines, except that your system is much more complex? Won't that complexity introduce new bugs and vulnerabilities? Will the system not be too slow to be usable?
Re: (Score:3, Insightful)
How are virtual machines going to help here? What protection do virtual machines grant that the operating itself doesn't grant?
Most operating systems, including most Linux systems do not have strict access controls on an application level. Using a VM is one way to use existing tools to add much of that functionality to an OS not designed for it. I actually think VMs are going to be used more for this purpose in the future, since it also mitigates some of the cross-platform issues.
The problem can also be
Re: (Score:2)
Coming up next... (Score:3, Funny)
DEAREST SIR MY NAME IS BARRISTER MUMBAGWE SMYTHE AND I WRITE TO YOU IN GRAVE NEED FOR ASSIST. RECENTLY MY GOVERNMENT UNCLE DIED AND LEFT ME MANY MILLION LAPTOP WHICH MUST BE EXITED FROM COUNTRY.
I predict more dead third world children! Oh yes. Still, it makes a nice change from diamonds/oil/etc....instead there shall be many a colourful laptop for sale on eBay, due to demand created by Linux fetishists.
If only they had used OS X - then there would be no desire for such hideous laptops by those OS fans. Sniffle.
$230 laptop (Score:2)
Re: (Score:2, Informative)
Jobs offered OS X for free, it was turned down because the developers wanted an open source OS.
Server based applications (Score:1)
Sure, the ingenious kid will swap out the hard drive or hack root/registry/whatever, but that's pretty much expected. If they're worried about hardware hacking, just include those recalled Sony batteries and put in a secret hea
Re: (Score:2)
Why not just do what corporate America does and lock the machines down administratively and then make all of the applications web based?
Because a lot of them won't have Web access a significant portion of the time.
Why Hack the Laptop Directly (Score:1)
Does anyone else see the potential to change the routing table of the ISP, to a private network that updates the "completely secure bios" to something else?
Hack from the outside in...
Onion Protection (Score:2)
Novell's AppArmor (Score:2)
Re: (Score:1)
Re: (Score:3, Informative)
Here's a link to the Novell Forge: http://forge.novell.com/modules/xfmod/project/?ap
SELinux is out there too, but quite a bit more difficult to configure, even as a distro. AppArmor can be added to any system you have easily enough.
-m
Re: (Score:2)
Simple - Add a User (Score:2)
Very simple to figure out how to hack these machines. Put Joe User on the system and in five minutes, I guarantee you the home page will be set to a pr0n site and the next thing you know, all his bases are belong to us.
Hubrus Computing (Score:1, Funny)
Just imagine... (Score:2, Funny)
Wrong Approach? (Score:2)
Isn't the consensus among the security community that such ideas are mostly theater, and it's much more effective to actually employ hackers to _create_ the security?
Re: (Score:2)
Re: (Score:2)
SELinux (Score:2)
Virutal machines will not work, the system is too underpowered for it.
Your overconfidence is your weakness (Score:4, Funny)
Also, it whitens your teeth while you sleep, and autodials Alyson Hannigan whenever she's feeling lonely and horny. All for $100!
Step in the Wrong Direction? (Score:1)
Re: (Score:3, Informative)
Giving people tools so they can help themselves is the best thing you can do. This, like all comuters, is just a tool.
Making someone dependent on hand outs is not the solution.
Re: (Score:2)
Re:Step in the Wrong Direction? (Score:4, Insightful)
I don't mean to be a Johnny-Come-Lately, but isn't there other ways to improve a civilization/country/etc without computers?
Sure there are. But just because there are other ways does not make this method any less beneficial.
Why is that when Linux is mentioned, it's like being touched by the Hand of God (or Allah for that matter) ?
Most things we can give or subsidize the cost of for developing nations have negative consequences. Giving them food, destroys the local market and kills their agricultural sector. Giving them GM crops that grow faster and better makes them dependent upon the companies who own the patent on that crop and who can later demand fees for its use. Giving them cheap Windows based PCs, may help in the short term, but it makes them dependent upon IP from an abusive foreign monopoly in the long term.
Linux is a win-win situation because by nature it ships with all the blueprints and tools needed with the only strings being used to stop it from being exploited in ways that hurt the end user. It gives them access to technology and information and provides a secure foundation for them to build upon without undercutting any local development. Rather, it encourages local development.
Imagine if instead of shipping food to African nations at below the market value, we shipped them a complete chain of tools and machinery needed to build from the ground up the entire industrial foundation for agricultural equipment and fertilizers. Basically, we gave them the whole setup of factories and education and patents we have. Then they would not be dependent upon us and could grow their own food the same way we do.
To do that would be prohibitively expensive for agriculture, but for software development, Linux is that complete chain, with no strings attached. That is why it is so well regarded by those interested in helping developing nations.
Easy fix.... (Score:2)
I don't get it (Score:1)
Dr. Nitpick to the rescue (Score:2)
Okay, this is a really silly statement to make. It's like how Microsoft likes to say how Vista will be the most secure operating system it's ever released.
YOU CAN'T MAKE STATEMENTS LIKE THIS AHEAD OF TIME! You have no idea what will happen in the future. As Steve Gibson likes to point out, Microsoft said (prior to launch) that XP would be the most secure version of Windows ever released - and look how THAT went.
For all we know, the
Recruiting Hackers (Score:3, Insightful)
So let's see:
1) l33t h4xx04z finds a nifty security hole.
2) l33t h4xx04z determines that he could use this hole to create 100 million zombies.
3) Decision - a) report the hole so that it can be fixed OR b) start working on exploit to create 100 million marketable zombies
4) PROFIT.
Re: (Score:2)
2)149 report it.
3)no profit
Re: (Score:2)
Re: (Score:2)
Oh. Those guys. Well, best of luck.
5enD ME 4 C0uplE... (Score:2, Funny)
N0, i 4I'n7 N0 d4mN scRIP7 KI77Y EI7HEr - I'M 4 L337 h4x0r
8I9 D09
COTDC Member #78215
W0Rd 70 j00R M0m
Re: (Score:3, Informative)
It is cheap by leaving out stuff like a hard drive, and instead has 512 MB of flash (though I think some models might have 1GB). It will lack a CD drive. It will have a very slow 366 Mhz AMD Geode processor, so that it can run without fans and wont use much
Re: (Score:2)
Perhaps because these DE do not have as good assistive technology and i18n/l10n as Gnome.
I know of no assitive technology (except very basic things) in XFCE at least. Gnome also ha
Re: (Score:2)
There's some discussion of this [laptop.org] on the wiki.
They aren't limited to poor nations. They are being sold at cost, not below cost. Richer countries might be disappointed by the inab