[OLPC Security] REMOVE
Jason Brown
Jason.Brown at selectamark.co.uk
Fri Feb 9 12:05:56 EST 2007
Please remove my name and stop spamming.
Thank you.
-----Original Message-----
From: security-bounces at laptop.org [mailto:security-bounces at laptop.org] On Behalf Of security-request at laptop.org
Sent: 09 February 2007 17:00
To: security at laptop.org
Subject: Security Digest, Vol 6, Issue 7
Send Security mailing list submissions to
security at laptop.org
To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.laptop.org/mailman/listinfo/security
or, via email, send a message with subject or body 'help' to
security-request at laptop.org
You can reach the person managing the list at
security-owner at laptop.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Security digest..."
Today's Topics:
1. Re: Application bundles and delegation (Ivan Krsti?)
2. Re: Application bundles and delegation (Mark Seaborn)
3. Re: wetware issues - brainstorming (Ivan Krsti?)
4. Re: olpc security - wetware issues (Tim Flavin)
----------------------------------------------------------------------
Message: 1
Date: Fri, 09 Feb 2007 09:15:35 -0500
From: Ivan Krsti? <krstic at solarsail.hcs.harvard.edu>
Subject: Re: [OLPC Security] Application bundles and delegation
To: xuan wu <wuxuan.ecios at gmail.com>
Cc: security at laptop.org
Message-ID: <45CC8207.5050300 at solarsail.hcs.harvard.edu>
Content-Type: text/plain; charset=UTF-8
xuan wu wrote:
> What'll happen if every application actually run as users?
There are severe implementation disadvantages to such an approach, and from a non-implementation point of view, it doesn't at all deal with the need for user documents to be shared. What advantages do you see, as compared to what's presently in the specification?
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
------------------------------
Message: 2
Date: Fri, 09 Feb 2007 14:39:39 +0000
From: Mark Seaborn <mseaborn at cmedresearch.com>
Subject: Re: [OLPC Security] Application bundles and delegation
To: security at laptop.org
Message-ID: <1171031979.5693.13.camel at tonytheprawn>
Content-Type: text/plain; charset=UTF-8
On Thu, 2007-02-08 at 20:02 -0800, Ivan Krstić wrote:
> Ka-Ping Yee wrote:
> > I felt very encouraged upon reading the Bitfrost specification today.
> > Congratulations on what you've accomplished so far. It makes me very
> > glad to see the up-front acknowledgement, in your introduction, of the
> > key problem in security -- the wholesale granting of authority that
> > happens when applications "run as" users. When I saw Simson's name
> > and the O'Reilly book mentioned I was even more excited.
>
> A lot of my ideas about security really clicked together when I first
> read your SID paper many years ago. It's been a big inspiration for my
> work on Bitfrost, so thank you -- shoulders of giants.
Have you seen the other systems that have been influenced by that paper?
CapDesk, Polaris and Plash (the latter being my project) are the ones
that I am aware of.
The CapDesk people have been using the term "powerbox" to refer to a
file chooser that grants an application access to a file, which is what
is described in the P_DOCUMENT section in the Bitfrost spec:
> Instead, when a program wishes to open a user document, it asks the
> system to present the user with a 'file open' dialog. A copy-on-write
> version of the file that the user selects is also mapped into this
> scratch space -- in effect, the file just "appears", along with a
> message informing the program of the file's path within the scratch
> space.
(More specifically, this is a "file powerbox". CapDesk has other kinds
of powerboxes, such as a powerbox for installing an application, and a
"powerbar" for doing copy and paste.)
Can I suggest that you use the term "powerbox" as well? When a concept
has a name it is easier to refer to it, and also easier to see how the
idea spreads.
Cheers,
--
Mark Seaborn
Software Engineer
Cmed Technology Ltd.
Registered in England and Wales No. 3869835
Registered Office and Address for Communication:
Holmwood, Broadlands Business Campus,
Langhurstwood Road, Horsham, RH12 4QP, United Kingdom
E mseaborn at cmedresearch.com
W www.cmedresearch.com
------------------------------
Message: 3
Date: Fri, 09 Feb 2007 09:52:00 -0500
From: Ivan Krsti? <krstic at solarsail.hcs.harvard.edu>
Subject: Re: [OLPC Security] wetware issues - brainstorming
Cc: security at laptop.org
Message-ID: <45CC8A90.6090804 at solarsail.hcs.harvard.edu>
Content-Type: text/plain; charset=UTF-8
alien wrote:
> "Stephen John Smoogen" writes:
>> I think that having a movie of some sort that could be stored on the
>> main server that goes over in the native language about various things
>> would be quite useful in helping people (adult and child) what tool
>> they now have there. This would be the first or last line of defense.
>> (depending on how one sees the universe).
That does sound interesting. I'll poke around a bit.
> Also, since the laptops have to check in to a central system
> periodically (right?), perhaps it might be possible to download
> activity logs to a central server so a teacher can review them, and
> provide a summary for the parent.
What activity logs do you have in mind? If we're talking recording
communication exchanges and web browsing habits, well, I'd have been
(was, am) very reluctant to use any such system as a kid.
--
Ivan Krstić | One Laptop per Child | http://laptop.org | GPG: 0x147C722D
------------------------------
Message: 4
Date: Fri, 9 Feb 2007 11:56:42 -0500
From: "Tim Flavin" <tim.flavin at gmail.com>
Subject: Re: [OLPC Security] olpc security - wetware issues
To: "Antoine van Gelder" <hummingbird at hivemind.net>
Cc: security at laptop.org
Message-ID:
<aa5056670702090856t39b5e8d7g142241eaf586f90d at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 2/9/07, Antoine van Gelder <hummingbird at hivemind.net> wrote:
> The solution to finding a way to communicating a child's activities to
> his/her parents is:
>
> Stop what you're doing and _listen_ when your child tells you about
> what they've been doing!
I agree completely. Whether you live in a mud hut or a mansion, the only
really effective way of protecting your children from pedophiles and other bad
actors is to have open lines of communications between the parents and
children. I think that people who live in mud huts do a better job of
this than
people who live in mansions. The most basic way to do this would be tell the
parents what to look out for when you hand out the laptop.
PS: Ivan and Simson, this looks great. I'll have technical comments
after I digest
it a bit more.
Tim Flavin
------------------------------
_______________________________________________
Security mailing list
Security at laptop.org
http://mailman.laptop.org/mailman/listinfo/security
End of Security Digest, Vol 6, Issue 7
**************************************
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the Security
mailing list