Slashdot Log In
Security and the $100 Laptop
Posted by
timothy
on Thu Oct 12, 2006 02:07 PM
from the what-about-the-single-girl dept.
from the what-about-the-single-girl dept.
gondaba writes "The One Laptop Per Child project is actively recruiting hackers to help crack the security model of the $100 laptop to avoid the obvious risks associated with what will effectively be the largest computing monoculture in history. From the article: 'The key design goal, Krstic explained, is to avoid irreversible damage to the machines. The laptops will force applications to run in a "walled garden" that isolates files from certain sensitive locations like the kernel. "If we discover vulnerabilities, the security model must hold up enough that even a machine that is unpatched won't be easily exploitable. This gives us a bit of diversity to avoid the monoculture trap," he added.'"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Why hack a machine that will have no data on it? (Score:2, Interesting)
Pull my cracker (Score:2, Funny)
Re:Pull my cracker (Score:4, Insightful)
Re:Why hack a machine that will have no data on it (Score:3, Insightful)
Re:Why hack a machine that will have no data on it (Score:4, Insightful)
Re:Why hack a machine that will have no data on it (Score:4, Insightful)
No data, but quite a processing network (Score:5, Insightful)
On the other hand, there are going to be a *lot* of these machines. So I suppose they might make a tempting target "just because" or simply for bulk processing.
Even bigger story in there... (Score:3, Funny)
Good Lord! The chairs are a'gonna fly in Redmond once this gets out!
(props for the security testing, though :) )
Could actually be a problem (Score:5, Interesting)
Re: (Score:3, Insightful)
If you mean competitors among OSes (ie Apple and Red Hat), then no, it's not.
But their competitors in other fields - antivirus (McAffee, Symantec, Norton), accounting (Quicken), PDF and presentation tools (Adobe)
Re: (Score:3, Funny)
Sure, but they're going about it all wrong. Everyone knows that the way you ensure secure computers is to make a proprietary OS and don't tell anyone where your buffer overflows are.
Biggest Monoculture (Score:4, Informative)
Re: (Score:3, Informative)
Sure, there are more installs of Windows XP, but they aren't all running on the exact same hardware. Same goes for SymbianOS.
Also, these laptop don't assume that someone is attached to a
Hack the proprietary binary only WiFi firmware! (Score:2, Insightful)
closed components.
virtualize the applications (Score:4, Interesting)
Re:virtualize the applications (Score:5, Insightful)
As far as I'm concerned, running applications should already be separated from one another. This leaves interaction through the file system and IPC (inter-process communication).
Virtual machines take away the interaction through the filesystem, as well as local IPC. The latter doesn't actually necessarily make the system more secure, as it makes it more difficult to tell if IPC is safe (on the virtual network) or open to attacks (on the real network). At any rate, IPC will be less efficient, because you lose shared memory IPC.
By taking away common filesystem access and complicating IPC, applications become less usable. How do you get the file Alice sent you by email to your word processor? How do you copy-paste from one application to another? How do you do process management, when the process management tools are made for a single machine, but you have everything runnig under virtual machines?
Once you work around these restrictions, what will you be left with? Are you going to re-introduce common filesystem access and create a drag-and-drop interface that works accross virtual machines? When you've done so, won't you have a system that has pretty much the same capabilities as one that isn't based on loads of virtual machines, except that your system is much more complex? Won't that complexity introduce new bugs and vulnerabilities? Will the system not be too slow to be usable?
Re: (Score:3, Insightful)
How are virtual machines going to help here? What protection do virtual machines grant that the operating itself doesn't grant?
Most operating systems, including most Linux systems do not have strict access controls on an application level. Using a VM is
Coming up next... (Score:3, Funny)
DEAREST SIR MY NAME IS BARRISTER MUMBAGWE SMYTHE AND I WRITE TO YOU IN GRAVE NEED FOR ASSIST. RECENTLY MY GOVERNMENT UNCLE DIED AND LEFT ME MANY MILLION LAPTOP WHICH MUST BE EXITED FROM COUNTRY.
I predict more dead third world children! Oh yes. Still, it makes a nice change from diamonds/oil/etc....instead there shall be many a colourful laptop for sale on eBay, due to demand created by Linux fetishists.
If only they had used OS X - then there would be no desire for such hideous laptops by those OS fans. Sniffle.
Your overconfidence is your weakness (Score:4, Funny)
Also, it whitens your teeth while you sleep, and autodials Alyson Hannigan whenever she's feeling lonely and horny. All for $100!
Recruiting Hackers (Score:3, Insightful)
So let's see:
1) l33t h4xx04z finds a nifty security hole.
2) l33t h4xx04z determines that he could use this hole to create 100 million zombies.
3) Decision - a) report the hole so that it can be fixed OR b) start working on exploit to create 100 million marketable zombies
4) PROFIT.
Re: (Score:3, Funny)
Re: (Score:3, Informative)
Giving people tools so they can help themselves is the best thing you can do. This, like all comuters, is just a tool.
Making someone dependent on hand outs is not the solution.
Re:Step in the Wrong Direction? (Score:4, Insightful)
I don't mean to be a Johnny-Come-Lately, but isn't there other ways to improve a civilization/country/etc without computers?
Sure there are. But just because there are other ways does not make this method any less beneficial.
Why is that when Linux is mentioned, it's like being touched by the Hand of God (or Allah for that matter) ?
Most things we can give or subsidize the cost of for developing nations have negative consequences. Giving them food, destroys the local market and kills their agricultural sector. Giving them GM crops that grow faster and better makes them dependent upon the companies who own the patent on that crop and who can later demand fees for its use. Giving them cheap Windows based PCs, may help in the short term, but it makes them dependent upon IP from an abusive foreign monopoly in the long term.
Linux is a win-win situation because by nature it ships with all the blueprints and tools needed with the only strings being used to stop it from being exploited in ways that hurt the end user. It gives them access to technology and information and provides a secure foundation for them to build upon without undercutting any local development. Rather, it encourages local development.
Imagine if instead of shipping food to African nations at below the market value, we shipped them a complete chain of tools and machinery needed to build from the ground up the entire industrial foundation for agricultural equipment and fertilizers. Basically, we gave them the whole setup of factories and education and patents we have. Then they would not be dependent upon us and could grow their own food the same way we do.
To do that would be prohibitively expensive for agriculture, but for software development, Linux is that complete chain, with no strings attached. That is why it is so well regarded by those interested in helping developing nations.
Re: (Score:3, Informative)
Re: (Score:3, Informative)
Here's a link to the Novell Forge: http://forge.novell.com/modules/xfmod/project/?app armor [novell.com]
SELinux is out there too, but quite a bit more difficult to configure, even as a distro. AppArmor can be added to any system you