administrative security

[Noah Kantrowitz]

On Jan 11, 2009, at 11:28 PM, Carlos Nazareno wrote:

> On Mon, Jan 12, 2009 at 12:00 PM,  <quozl at laptop.org> wrote:
>> Physical access to the system gives full access, especially once the
>> developer key is obtained, to install applications that their  
>> teachers
>> or government had not considered.  The system considers the user to  
>> be
>> the authorisation authority.
>
> so does that mean that XO OS ships with all the kids having admin  
> accounts?
>
>> If specific applications are not welcome in a deployment, they  
>> should be
>> checked for.
>
> how about after deployment?
>
> like setting user permissions to prevent kids from installing  
> unauthorized apps?

You use the term "authorized" without defining it. What constitutes an  
"authorized" application? OLPC itself has steered clear of this job,  
since it is a political minefield. Governments are certainly an  
option, but this also makes censorship a major concern. The teachers  
at an individual school are probably less likely to engage in mass  
censorship, but also lack a lot of the technical knowledge and time to  
deal with these kinds of issues. The children themselves are probably  
the best place to determine this, but they also (moreso at first) will  
lack much of the technical sophistication to really know what is  
malware and what isn't. Bitfrost was always supposed to provide at  
least some form of a barrier, but I think it hasn't really fulfilled  
its original design in a lot of ways. So we are left with the status  
quo; users have final say, but the default policy for most things is  
"accept".

--Noah

PS: Questions like this are probably better suited to the security list.