John Gilmore gnu at toad.com
Fri Aug 1 16:07:04 EDT 2008

> Why does it matter that you cannot adjust the screen brightness from
> the console using the special keys? You can adjust it from Sugar
> without root access. The idea was to understand what limits we'd face
> using the console for root access instead of a special terminal
> activity. What are the Sugar/X Window actions that require root
> access?

"It doesn't matter if you have to abandon Sugar to do system
administration or to recover from a problem?"  Walter, I'm shocked; I
would've expected you to be arguing on the other side: "Sugar should
be the preferred environment."  That we shouldn't be kicking people
out of Sugar, particularly when their system is fragile and in need of
diagnosis, repair, or upgrade.  We should keep them in the environment
they know and understand, where the Frame works, the controls work,
the tabs work the same way, the keyboard keys all do the same things.

It was hard for the Support Gang to explain to people how to become
root so they could diagnose or fix something they reported as a
problem (like a full filesystem, a USB key that didn't work, ...).
OLPC was also changing the way you become root (su versus sudo) in
different software releases, based on Fedora changes.  We hashed all
this out in January, and the Terminal got a new "#" button at the top,
which injects the right command to make you root.  There's no such
button in the console.  If we push people back to the console, the
support load increases.  It's easier to get them to run the Terminal
applic...uh, activity, and press the root button, and type this
command.  Also, in Terminal, cut and paste works to send us back
diagnostic results via Browse.

The owners of free software based machines also need the ability to
inspect and revise the free software in those machines -- or it isn't
free as in freedom.  Legally, OLPC can push that ability out to the
very corners of the system (e.g. "You can't do that in Sugar.").  But
morally and philosophically, we ought to be pulling it right into the
heart of the system ("Of course you can, and it's so easy; here, let
me show you!").

Let's not lose sight of what's going on here.  The whole reason we are
having this discussion at all is because of OLPC's "security" model
(Bitfrost).  If the security model doesn't permit integrated,
interactive root access that lets people diagnose, repair,
investigate, and alter their systems, there's something wrong with the
security model -- not something wrong with root access.


More information about the Devel mailing list