"Chilling Effects" paper at USENIX

Mitch Bradley wmb at laptop.org
Wed Apr 9 00:21:23 EDT 2008 

It would have been nice if the criticisms had been delivered directly to 
OLPC, instead of broadcast in a public forum, where enemies of OLPC can 
cite and expand on them as evidence that "OLPC is hopelessly screwed up, 
so you should buy our competing product instead".  If you get my drift.

I believe that the prevailing ethos in the white hat security community 
is to report newly-discovered vulnerabilities first to the company in 
question, thus giving them some amount of time to develop a patch before 
the public announcement.

The authors appear to be academics, however, so they would get little 
credit for having contributed to OLPC security by privately contacting 
OLPC and giving us an opportunity to address their concerns. Publishing 
is the coin of the realm in academic circles.



Jaya Kumar wrote:
> On Tue, Apr 8, 2008 at 8:38 PM, Joshua N Pritikin <jpritikin at pobox.com> wrote:
>   
>> On Tue, Apr 08, 2008 at 10:24:34PM -0400, Benjamin M. Schwartz wrote:
>>  > A paper called "Freezing More Than Bits: Chilling Effects of the OLPC XO
>>  > Security Model" will be presented next Monday at USENIX UPSEC'08 [1].  The
>>  > author has kindly posted the paper at [2], which I discovered after Google
>>  > took me to her weblog [3].
>>
>>  This paper is depressing. Why didn't the authors step up and
>>  contribute instead of criticizing from the citadel?
>>
>>  This paper is dead on arrival.
>>
>>     
>
> I think your reaction is dismissive rather than addressing the
> author's criticism.
>
> Forgive me if I'm wrong, I'm no expert, but it looks to me like the
> paper makes specific technical criticisms and seems quite detailed. I
> think it would be more positive and productive to respond to the
> technical statements made in the paper rather than to be dismissive
> and ignore what looks to some of us like valuable feedback.
>
> Regards,
> jaya
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>

More information about the Devel mailing list