[Sugar-devel] Clocks on XOs

Hal Murray hmurray at megapathdsl.net
Tue Jul 6 15:56:57 EDT 2010


dsd at laptop.org said:

> On 6 July 2010 10:10, Bernie Innocenti <bernie at codewiz.org> wrote:
>> Laptops with anti-theft enabled can get the time from the OATS server
>> when it's off by more than 24 hours. Unlocked laptops don't have a way
>> to synchronize the time at all.

>> All we need to fix it is a trivial shell script. Why not do it?

> I think it's fine that individual deployments can do it. But it shouldn't be
> done globally because it weakens the security system.

Am I missing something?  How does that (significantly) weaken security?  The 
user can become root and set the clock by hand.

Are any deployments shipping with root access disabled?


> A globally acceptable solution could be to decrease the safety guard on the
> olpc-update-query check so that it corrects the time if it is (e.g.) more
> than 1 hour out. 

Is there any reason not to always set the time when doing an anti-theft 
check?  A 1 or 2 second window might avoid some thrashing.

I'm assuming that the normal case for implementing anti-theft is that the 
local school server has good time and proxies for the master OATS server back 
at the country's main office of education or similar.

----------

I agree with Bernie's suggestion that unlocked laptops should do something to 
keep the clock accurate.  Running ntpdate[1] when NetworkManager sets up a 
connection seems like a reasonable approach.

We might want to limit that to at most every N hours, but then you have to 
remember when you last set the time.

Do WiFi connections have a flaky mode where they bounce around a lot?  If so, 
trying too hard to set the time will just make things worse.  So make that 
something like don't set the time more often than every 10 hours and don't 
even try to contact the ntp servers more often than every 1/2 hour.


1] ntpdate is deprecated by the ntp project, but if I use that term everybody 
will know what I mean.



-- 
These are my opinions, not necessarily my employer's.  I hate spam.






More information about the Devel mailing list