[OLPC Security] olpc security - wetware issues

alien alien at MIT.EDU
Fri Feb 9 02:45:04 EST 2007


>It seems to me that you keep thinking of this computer as "unix  
>computer for the masses." That's not what's being built.

I do understand that this is a specialized device designed for a
specific environment that has some serious constraints. (I've recently
spent time with some of the folks working on the device's power
supply, which is a pretty facinating sub-project itself.)

Regardless, if you are distributing these devices to children and
intend for them to access the Internet, you must address the issues of
child exploitation and inappropriate web surfing. These issues may be
difficult to address, but if you care about the safety of these
children and their communities, you must find a way. And people who
care enough to ask deserve a better answer than "it's somebody else's
problem." I would like to know what the plan is. If the plan doesn't
exist, I would be happy to help create one. This is important.

There are both technical and social measures that can lower these
risks, and OLPC has a responsibility to the children and communities
it affects to ensure that appropriate safeguards are in place. Whether
these safeguards are implemented by OLPC or a third party doesn't
matter. However, I do believe that it is OLPC's responsibility to
ensure that the issues are effectively addressed in every case.

>People do not log in or out of these laptops.

Ah, ok. I wasn't sure about that. In any case, as you can probably
tell, the logging issue is simply an example, and tangent to the point
of my message anyway.

Thanks,

Sherri


Simson Garfinkel writes:
>
>On Feb 8, 2007, at 7:03 PM, alien wrote:
>
>>
>> You raise a good point-- the first step would be to decide what would
>> be important to log in this environment. Off the top of my head, you
>> might want to track who has logged in and out, when programs were
>> installed, when updates were applied, perhaps unusual uses of
>> privilege, account creation/deletion or when/by whom shared files were
>> accessed. What do you think?
>
>I think that you don't quite understand what we are building or the  
>target audience.
>
>People do not log in or out of these laptops.
>
>There is no account creation or deletion right now. Eventually there  
>will probably be support for two people using the same laptop, but I  
>haven't seen a spec so far. (Ivan?)
>
>What do you mean, "unusual uses of privilege?"
>
>Yes, it is useful to keep when the programs were installed, but this  
>will probably be on a page that just shows the programs.
>
>It seems to me that you keep thinking of this computer as "unix  
>computer for the masses." That's not what's being built.
>
>
>>
>> Certainly at a minimum, I imagine reviewing who has logged into the
>> system is a good start and a concept that any child should be able to
>> understand.
>
>What do you mean, "logged into the system?"
>
>Put it this way: let's say we were talking about a cell phone, not a  
>computer. How would you show the people who had logged into the cell  
>phone?
>
>
>_______________________________________________
>Security mailing list
>Security at laptop.org
>http://mailman.laptop.org/mailman/listinfo/security


More information about the Security mailing list