"Walter Bender": Re: devkeys, prettyboot, and G1G1

John Gilmore gnu at toad.com
Fri Oct 3 03:49:13 EDT 2008 

I'm glad that people are trying to think of ways to improve the lot of
G1G1 users.  The fundamental problem doesn't go away, though, unless
you make it go away.  The plan in November's G1G1, as I understand it,
is to build in unnecessary restrictions on the people you should be
most grateful for the support of.  Another way to say it is that
you're setting precedents for how a supposedly-responsible
donor-supported nonprofit free-as-in-freedom organization can
nevertheless end up being a fully Tivoized DRM shop.  If that's world
you want to live in, you're teaching people just how to do it.  You're
acting just like Canter & Siegel in a world without spam.

John Watlington said:
> How about providing dev. keys for G1G1 laptops with
> no delay ?    Would you consider it an improvement ?

It would absolutely be an improvement, and I'm all for improvements.

How about providing dev. keys for *last year's* G1G1 laptops with no
delay, too?  Those were already shipped in jails -- there's no going
back and changing that decision.  The least you could do is immediate
unlocks when requested.  You have all the data to do so.

At the San Francisco OLPCnews meetup tonight, someone wanted to
upgrade to 8.2.0-767, which I had on my handy USB memory -- but they
had never gotten a devkey.  So we ordered one, it wasn't ready, it
will take a day (or so), and meanwhile the meeting's over and I'm at
home and their laptop went home with them -- so they won't test
767.  They're still running 650.

Michael Stone said:
>                   ... a compromise position that would seem very
> reasonable to me would be to make the software shipped to G1G1 'happy to
> boot or NAND-flash anything' but unwilling to write the SPI flash
> without authorization.

Adding an unrestricted ability to rewrite the filesystem in NAND flash
would be a further improvement over the current situation.  I don't
think that particular improvement would be worth a 3-week slip, tho.
You can get a much bigger improvement with a much smaller slip.

> protecting OLPC from most of the risk presented by making it trivial to
> brick laptops manually (let alone in an automated, networked fashion,
> which I suspect would be doable in your current proposal).

I don't think it significantly alters the risk of a automated
bricking.  For example, today, anyone who wanted to make a network
worm that bricked B2 laptops could just install a signed Q2E12 into
their filesystems; they'd brick on the next reboot.  When C3 laptops
come out, you can probably brick one by merely loading any of the first
ten signed firmware images.  There are enough bugs and security holes
in signed, released software that attackers don't need unrestricted
ability to craft their own software; they can attack your weakest
*signed, certified good* systems instead.

Martin Langhoff said:
>                             _many_ things on G1G1 are not there
> for the G1G1 donors, and would be hard to justify if we looked at them
> as primary targets. So this is not 'backwards', it's our modus
> operandi.

You're right that laptops designed for a more upscale market would
have more RAM, more Flash, better keyboards, ethernet jacks, no DRM at
all, etc.  (Look at the "netbook" market; that's what they've done.)
For G1G1 hardware and software, you're shipping basically what you
designed for your primary market in developing countries.

Your existing hardware and software already provide for laptops that
have no need for developer keys, though.  Quanta customizes the
manufacturing data for every build, e.g. setting the language
preference.  There's no cost to OLPC to have Quanta ship the
manufacturing data with the "disable-security" bits set.  You're
ready, willing, and able to ship such laptops to any country that
orders them that way.  Why shouldn't G1G1 users be testing *that*
configuration?

If G1G1 was aimed at fully debugging the configuration for your
largest deployments, you'd be shipping them with Spanish keyboards and
Spanish-language messages (and with school server install CDs).

Michael:
> P.S. - As others have suggested, please do not assume that any
> individual on this list speaks for everyone else involved; in almost all
> cases, they speak only for themselves (but for their clique with
> whatever measure of authority they happen to hold).

I assume the reason we're having this discussion is because the silent
decider, whoever that is, decided (or defaulted) to jail the upcoming
G1G1 laptops.  If not, they could end it rather quickly by merely
announcing that our concern was merely a problem of communication.

	John

More information about the Devel mailing list