Is security activation critical in Peru ?

info at olpc-peru.info info at olpc-peru.info
Fri Apr 25 01:02:51 EDT 2008 

Dear John and all,

I will share some personal points of view in relationship with the security
issue in Peru.  I have work since 1979 with computers and I have trade and
repair more than 20,000 computers from those early years.  I can say that
I know this field very deep from first hand.

/"On the other hand, I was told at lunch today by members of the Peru
deployment that software activation is a critical and necessary feature."
/
is Software activation critical?
If the XOs are deployed in the poorest towns then there is small possibilities
for theft and robberies.   In those small villages (with 100 families approximately)
all of them know each other: you can not enter or leave the village without
been noticed (or allowed).  Those towns are from 3,500 to 5,000 meters altitude
and there is around 5,000 in Peru.  No young gangs there.

If the XOs are deployed in bigger cities (that is the case for most of the XOs in
Peru from the information that we have got) then there is a theoretical risk.

/"In previous deployments of computers, Peru saw a high theft rate in the
delivery process."
/
Previous deployments... do you mean "the Huascaran project" then we (the
public opinion, the media) doesn't have a clue about this.  That delivery
is an old fact, very hard to track its accuracy (but not impossible).

If you mean "XOs previous deployment" then is the same: we, the public
opinion and the media, and the Congress... we don't know a bit about
that fact.  In this case there would be high responsibilities for many
people involved in the deployment.  And I am 99.99% that the robbery
has not happen without the participation of at least one person that
knows inner things about the deployment (that is common issue, ask
any police in your country where he would search).

If the robbery has happen as part of a bigger robbery then it was
an accident not related to some "bad guys" wanting to get some
XOs, it was a "general" robbery.

/"The activation process allows them to tell potential
thieves and potential purchasers of hot systems that the laptops will be
useless bricks."
/
No way.  It is just another wall to climb.  You know Russians? well... 
we have some Peruvian groups that are as skillful as the Russians are.  I don't say
that with proud, I just letting know what happens here.  There are
Colombians experts that come to Peru to clone every bit of any digital
system that you can imagine: credit cards, bank codes, computer security
systems.  It is, as you know, a matter of time, interest and resources.

/"Here in the US, the cost of disassembling, switching SPI flash chips,  
and reassembling approaches $60 - $70 dollars (I asked several small job
shops for quotes.)"
/
well... some guys here will be more than happy to ask just $10 for doing
the same job (again my words come without any proud on them).

I think that the critical things for Peru are :

a) Guarantee that the XOs will be property of the children.
b) Guarantee that there will be REAL content (not the kind that exist today, with just one author (not very known) with more than 30 dark publications).
c) Guarantee that the XOs will be a COMMUNICATION system with the world (not only a communication tool between a very poor group of children that will "construct" their solutions based on their limited experiences without taking in account what the human race have develop during centuries).

I ask your pardon for these so biased points of view.

With the best regards,

Javier Rodriguez
Lima, Peru






John Watlington wrote:
> On Apr 24, 2008, at 7:52 PM, Carl-Daniel Hailfinger wrote:
>
>   
>> On 24.04.2008 20:32, C. Scott Ananian wrote:
>>     
>>> 11. Bitfrost: initial activation security.
>>> ...
>>> For completeness, I will note that although passive and active kill
>>> theft-deterrence systems have been implemented on Sugar/GNU/Linux,
>>> only initial activation security has been deployed in the field.
>>> Passive and active kill systems entail large support costs which OLPC
>>> has chosen to date not to incur.
>>>
>>>       
>> AFAIK the hardware side of P_THEFT alias theft protection alias
>> activation security/kill functionality has not been implemented,
>> rendering all software efforts moot.
>>     
>
> In my opinion, shared by other engineers at Quanta, the proposed
> "hardware side" of P_THEFT would not have slowed you down much.
> Dremel-ing off the epoxy wouldn't take long.   The effect it WOULD have
> is to add at least a hour (if not 24) of latency to the manufacturing
> process, and to decrease the manufacturing yield, both of which would
> have increased the price.   I discussed this with numerous people at
> Quanta.
>
> On the other hand, I was told at lunch today by members of the Peru
> deployment that software activation is a critical and necessary feature.
> In previous deployments of computers, Peru saw a high theft rate in the
> delivery process.   The activation process allows them to tell potential
> thieves and potential purchasers of hot systems that the laptops will be
> useless bricks.
>
> Have we made it impossible to steal and activate a laptop ?  NO.
> Have we made it much harder ?  Yes.
>
>   
>> Unless the manufacturing details have changed since my last inquiry, I
>> can unlock ~4 XO machines per hour WITHOUT having a developer key. The
>> only thing I need are some really affordable tools. If someone else
>> disassembles the machines for me, I think unlocking 10 machines per  
>> hour
>> is well within the doable range.
>>     
>
> Here in the US, the cost of disassembling, switching SPI flash chips,  
> and
> reassembling approaches $60 - $70 dollars (I asked several small job
> shops for quotes.)
>
>   
>> For the record: I will not take orders for mass-unlocking unless
>> ownership is proven.
>>     
>
> Thanks.
>
> wad
>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080425/81848671/attachment.html>

More information about the Devel mailing list