Security and long life issues (Was Re: XO-2)
info at olpc-peru.info
info at olpc-peru.info
Fri May 23 16:17:27 EDT 2008
Richard et al,
(I am passing this to the education list... because it is a mix of tech
issues with issues related to the general policy about the XOs / and OLPC).
I agree with the level of security that you are talking about. And I
understand what are your concerns (some of them are valid for Peru, some
of them are valid for big cities, some of them are valid for very small
cities). But reading your message something came to my mind... (oh my
God.. here we go!)
As far as I understand the XOs will be given to the kids as property (I
hope so... if not then we are "feeding" the dominance status quo of the
government / top social class / bureaucrat power / etc.. ... then that
kind of happening would be part of the problem and not part of the
IF the XO is property of the child, and IF the XO has a security
protection method (that is related / linked) to a validation on a school
server (or any other protection method that requires that the kid get
connected with this or that server)... then ... I ask myself...
a) Are we creating a slavery chain ? The kid (who will become used to
work with his laptop... example: he will get the cost of the potato in
the wholesale market in Lima and then he will advise his father at what
price he needs to sell in this or that time of the year...)... then when
he gets 16 years old (according to what is normal in the Andes
mountains) he gets married with young lady of the nearest town... so he
will start a new family in different location... he will live in other
town... so... he needs to do what ?
a.1) Travel without his laptop.
a.2) Give the laptop to other small kid.
a.3) Get a bride on his own town!!! (smile) (well... the kid has the
opportunity to "try" some brides... it is call "servinacuy"... if you
don't like the bride (after living with her some months, you return her
to her parents and you have other opportunities to "test" another
bride... don't ask me how many... I don't know! This custome comes from
the Inca's time and is used in the remote villages in the Andes, it is
part of a party... by the way, ladies, don't get upset: the bride can
refuse the boy after living with him for some months... so the "trial"
period is good for both... that is all what I know... I am not an expert
on the issue (my bad luck!).
a.4) Forget the all powerful "door to the universe of knowledge"
(XO+Internet) and start a new life
a.5) Don't get married... bachelor life... (smile)
a.6) Hack the security issues and get and independent XO laptop then he
can travel all around the Andes and get WiFi connection wherever he is
located (I hope that other XOServers will recognize it as "a brother
from other town" and allow him to access the net... I hope so... is this
a dream? Sorry if I am putting more tasks on the shoulders of the
developer teams or if I am saying something that sounds weird...)
a.7) Go to a repair center and get his laptop fixed to get ridd of any
a.8) Return the XO to the school (no, please... don't tell me this is
the chosen procedure... all your efforts will fail like a... ok... you
say whatever you want... I will be prepared... God help us on this one,
What about if the kid comes to a bigger city for getting better
education? and... if the kid get a way to go to a university? (I would
bet that is the only laptop that most of the kids will get in the next
30 years... or maybe in his whole life...)... if the kid's family move
from one small village city to another one... what will happen with
"his" XO and, better question, what will happen with his "relationship"
with the XO ? (am I nuts? is possible to get a "relationship" with a
machine? I don't know... let's ask... Hal... are you there?)
Ok... I can imagine another possibilities... but you got the idea...
what is the intended route that the XO will follow in the life of this
kid? Are we teaching them how to surf and then, in a few years we will
ask them to surf without a board? ok... if that is the panorama it is
better to know it now.
Are we creating the new "slaves of the XO"? or this is a gadget that
they can forget in some years?
I am sure that many people (inside OLPC) has talk about this before and
I suspect that the answer is not an easy one. Letting the decision to
the governments* is not a valid answer because, in one way or another
ALL the governments are part of the domination pyramid that we (we?) are
trying to subvert with knowledge, wisdom, opportunities and good will.
* I am speaking about the "governments" as a establishment, a layer, a
level of public administration... not about the people that works for
this or that government... many of us can work for a "government" and
become part of a structure that is very tight. Some people can go
beyond the structure and some not.
Richard A. Smith wrote:
> Carl-Daniel Hailfinger wrote:
>> As I stated before on this list, bypassing P_THEFT is very easy. You
>> don't even have to desolder the complete flash chip, one pin is
>> sufficient. All of this is doable for less than $1 per laptop if you
>> have access to cheap labor. $1 per laptop is _not_ expensive enough to
>> be infeasible. I am very willing to publish a video tutorial of the
>> procedure if you think I can't do that. The only downside would be that
>> everybody then knows how to bypass P_THEFT.
> If you want to tell me your procedure in private I'll be happy to review
> it for you. IMHO we actually do need people to challenge what we have
> done. Tis' the only real way to know.
> I'm guessing the single pin you are referring the the flash write
> protect pin? If so then I'll note thats actually not where the strongest
> part of the link is. Very early on we also disable the ability to talk
> to the io ports on the EC that make writing to the SPI flash possible.
> Once they are disabled you can't talk to the EC anymore to re-enable
> them. You have to reset the EC. So far we have not found a method that
> circumvents that. Fire away.
> Please give us the chance to fix it first if you do find something. :)
>>> Contrary to your claim, initial
>>> activation security is being heavily deployed and does seem to be
>> A statement of security is a nice theft deterrent. This may change once
>> the bad guys realize circumvention is very doable.
> There's an upper bound on the usefulness of theft deterrent by
> software/hardware means. If you intend to steal the laptops in bulk the
> there's actually much more value in black marketing the parts rather
> than the entire laptop as a laptop. If you found a good markets for the
> display and the battery you could just throw the CPU board away or
> desolder and resell WLAN module and the 1G nand flash chips. So there's
> really not much point in making the security stronger than that threshold.
> Right now to bypass the theft deterrent requires disassembly and we
> think thats sufficient. Sure, in mass it will be cheap but the people
> who have the resources to setup shops to do it in mass are the same
> people who will do it regardless of how fancy were are.
> Trying to reach that level of theft deterrent is a losing battle and
> just not needed. All it would really do is frustrate the repair centers.
More information about the Devel