"Walter Bender": Re: devkeys, prettyboot, and G1G1

Bobby Powers bobbypowers at gmail.com
Thu Oct 2 00:07:51 EDT 2008

On Wed, Oct 1, 2008 at 10:35 PM, Edward Cherlin <echerlin at gmail.com> wrote:
> I don't mind if the G1G1 donors have the option to participate in
> testing secured laptops, but I utterly reject the notion that we can
> jerk customer/donors around like this without their permission in
> advance. They _will_ complain publicly.

While it is a SMALL hassle, I don't understand how it is jerking
customers around before they've even bought a machine.  As long as the
policy (whatever it turns out to be) is clearly stated on the
wiki/amazon site, by purchasing a laptop they are consenting to this.

With that said, I would probably lean towards preferring unsecured
machines (with pretty boot enabled, of course).


> Engineering and marketing should never have the authority to trump
> customer service or product quality.
> On Wed, Oct 1, 2008 at 7:15 PM, John Gilmore <gnu at toad.com> wrote:
>> Mitch and I have come up with a way to ship G1G1 laptops so that they
>> will pretty-boot, but still come from the factory without any need
>> for developer keys (in the Forth "disable-security" setting).
>> This requires a small edit to /boot/olpc.fth in the OS build,
>> to load the XO child image, freeze the screen, and put the
>> first "progress dot" down just before jumping to Linux.  It's
>> detailed here:
>>  http://dev.laptop.org/ticket/7896
>> I know the support crew would be much happier if G1G1 laptops were
>> shipped able to run test builds and patched software, if users could
>> interact with Forth to diagnose their hardware, if they could run
>> unsigned Forth code from USB collector keys, etc.
>> Unfortunately, an IRC discussion with Scott today revealed that the
>> engineering team has decided that we *must* ship G1G1 laptops with a
>> requirement for development keys.  The reason: because too many kids
>> in the third world will be getting lockdown laptops, and we want the
>> G1G1 recipients to be guinea pigs to debug the laptops, to be sure the
>> laptops work even when locked down (and that they unlock properly when
>> the kid requests a jailbreak key).
>> I see this is utterly backwards.  The countries that want DRM on their
>> laptops should be paying the price in support problems and
>> infrastructure.  Not the donors who sponsor a G1G1 laptop, and not the
>> free software community who donate to help push this project along.
>> As believers in freedom, we shouldn't be defaulting EVERY laptop to
>> being locked by its manufacturer.  Yet that's the argument: because
>> some of them are locked, all of them must be locked.  Or perhaps it's
>> slightly more nuanced: A country that orders thousands can order them
>> without DRM, but G1G1 users can't.  That sounds reasonable, but I've
>> interacted with several country teams (Nepal and South Pacific), who
>> had come away from OLPC with the impression that it would be
>> incredibly dangerous to turn off the "security" of the laptops.  In
>> Nepal's case I was unable to disabuse them of this odd notion.  So no
>> country asks for freedom in their laptop shipments, and no G1G1 is
>> shipped with freedom, and thus every OLPC laptop is jailed, like every
>> iPhone.
>>        John
>> Date: Wed, 1 Oct 2008 08:34:09 -0400
>> From: "Walter Bender" <walter.bender at gmail.com>
>> To: "John Gilmore" <gnu at toad.com>
>> Subject: Re: devkeys, prettyboot, and G1G1
>> Cc: "Mitch Bradley" <wmb at laptop.org>
>> If Mitch is comfortable with his fix, I cannot see any reason not to
>> ship developer keys with G1G1 machines--it would save everyone
>> headaches, especially on support; but of course I cannot speak for
>> OLPC these days.
>> -walter
>> On Tue, Sep 30, 2008 at 7:26 PM, John Gilmore <gnu at toad.com> wrote:
>>>> I recall discussing this last time but  don't recall the reasons not
>>>> to do it this way. We did ship them all pre-activated.
>>> I questioned people after the fateful meeting, and it seemed to me
>>> that the problem was that Nicholas wanted pretty-boot, and Mitch was
>>> unwilling to try to disentangle pretty-boot from secure-boot.  Secure-boot
>>> was already a tangle of ugly Forth code, and he was sure that adding
>>> more complexity there would result in security holes or bugs.
>>> Since then, he has figured out the one-line circumvention that's
>>> documented in bug #7896.  The circumvention is in the OS (since OFW
>>> keeps no state).
>>>        John
>> --
>> Walter Bender
>> Sugar Labs
>> http://www.sugarlabs.org
>> [gnu: I also cc'd this to support-gang, but that required sending it
>> from a different email address, due to how I am subscribed there.]
>> _______________________________________________
>> Devel mailing list
>> Devel at lists.laptop.org
>> http://lists.laptop.org/listinfo/devel
> --
> Don't panic.--HHGTTG, Douglas Adams
> fivethirtyeight.com, 3bluedudes.com Obama still moving ahead in EC!
> http://www.obamapedia.org/ Join us!
> http://wiki.sugarlabs.org/go/User:Mokurai For the children
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel

More information about the Devel mailing list