One Laptop Per Child News

While TG Daily pulled its post of what was apparently an off-the-record invitation to hack the OLPC by Ivan Krstić of OLPC at Toorcon, the Engadget follow-on story reveals the high level of security awareness of the One Laptop Per Child 2B1 Children's Machine's designers.

The One Laptop Per Child development team is very aware that they may be creating the largest computer monoculture in history - upwards of ten million practically identical laptops in the first year alone. Identical 2B1 computers that can instantly transmit code from one computer to another across a mesh network and the Internet.

The OLPC 2B1 development team is worried that hackers could create malicious code like rootkits, Trojans, viruses, and worms, which could spread instantly throughout the entire 2B1 laptop distribution, creating a global army of zombie bots. To counter this treat, they are proactively including computer security systems and reviews in every level of laptop design.

Carl-Daniel Hailfinger developed several technical Denial of Service (DoS) attack scenarios and even detailed who might want to launch a 2B1 Children's Machine DoS attack

Ivan Krstić was key in spearheading a secure 2B1 BIOS update system, and at the Toorcon computer security conference he wanted to have a quiet call for hackers to test his and others' security ideas.

I am overjoyed that the OLPC development team has the foresight and humility to ask the white hat hacker crowd to test the OLPC 2B1 security systems. I don't even want to imagine the actions and demands of a malicious hacker group in control of 10 million zombie bots.

Maybe now Nicholas Negroponte can also accept constructive criticism like the church, the Red Cross, and now his staff have.

Tags: Computer Security Systems | Hacking the OLPC | Ivan Krstić | Toorcon | White Hat Hackers | Zombie Bots |

Actions: | Comment (0) | Digg This | Add to del.ico.us | Send to Reddit

While I occasionally question the One Laptop Per Child project, and believe that constructive criticism is integral to any project, I would never think of physically attacking the 2B1 Children's Machines themselves.

Unfortunately, there are those not as respectful as I. There are people who would, and will, attempt to harm each laptop they can gain access to. One way would be through a massive Denial of Service (DoS) attack.

Carl-Daniel Hailfinger, an OLPC participant, recently spent a whole night writing up the technical ways a DoS attack could happen. He defined four broad methods - power management, network, hardware, and other - which I'll not bore you with here.

After discussing it with the OLPC Security listserv, he followed up with a very interesting profile of who might launch such attacks. Here are the three main threat groups according to Carl-Daniel Hailfinger:

1. The "because we can" group: People who will attack our security model to prove the point that we forgot to consider something. Background of these people is probably academic and/or classic creative hacking.
   Impact scale: Low, single machines or just academic papers about the threat.
2. The "bragging rights" group: People who want to get peer recognition (peers would be script kiddies or crackers or just classmates) and maybe even get mentioned in the news. They won't care about any (permanent) damage or other ill side effects of their attacks, the resources they spend to achieve their goal are disproportionately large.
   Impact scale: High, at least a few thousand affected machines per instance would be defined as success, but if larger target groups are possible, they won't stop at a few thousand machines.
3. Politically motivated attackers: They disagree with the politics of the project (one laptop per child/being based on Linux/"imperialistic tool"/etc.) or the politics of the local distribution entity (no distribution to certain areas/ethnic groups/political opponents/etc.). Attacks are performed to either get media coverage or to "fix" perceived injustice.
   Impact scale: Medium to low. The group of attackers is probably very small (if any), their skills and target count are likely to match group 2.

While I'll not disagree with the three groups Carl-Daniel suggests, I do wonder if the third group might be a greater threat than he imagines.

Looking at the distribution patterns governments have with other resources, be it classrooms or corn, usually the wealthy/politically connected/logistically advantaged receive a disproportionably larger share. Don't expect children's computer allocations to be any different nor the disenfranchised to be any less militant than they are already.

In many nations, the unequal distribution of resources has sparked protests, riots, even rebellions. If the One Laptop Per Child 2B1 distribution is also unequal, the laptop itself may become a symbol of socio-economic disparity, and therefore a desirable target for politically motivated attackers.

Attackers that would outnumber, if not outsmart, the 2B1 recipients, and could create the ultimate denial of service attack - physically removing the laptop from the original recipient.

Tags: 2B1 distribution | Carl-Daniel Hailfinger | Denial of Service attack | DoS Attack | One Laptop Per Child |

Actions: | Comment (0) | Digg This | Add to del.ico.us | Send to Reddit

In the recent BusinessWeek article "A Crusade to Connect Children", journalist Bruce Einhorn was able to garner several choice quotes from Dan Shine, Project Director of AMD's 50x15 Initiative.

Dan also happens to be the key liaison for the One Laptop Per Child project within AMD since it dovetails so nicely with the 50x15 Initiative's goal of getting half the world online by 2015.

Dan fully sports the OLPC apparently, though I have to question his knowledge of the project and developing world computing in general. First off he bashes conventional notebook computers by saying:

"Here in the U.S. we are seeing just last weekend a $399 laptop after rebate, with Windows. So people are saying why don't we just do that," says Shine. "But laptops are problematic. If any part breaks, the whole thing is broken."

Yes, that's very true Dan. And so too with the OLCP laptop computers, they will also break and be damaged, but as of yet there is no spare parts distribution plan or maintenance and support network or even training courses. So while those $399 laptops can be repaired at local computer companies, where with the OLPC computer be fixed? And who will pay for that?

Payment is not something Dan Shine is concerned with. Mr. Einhorn paraphrases Mr. Shine's cost concerns as:

Moreover, [Shine] says, a PC that costs $400 in the U.S. could cost hundreds of dollars more in a developing country once you factor in taxes, transportation, and other costs.

And the One Laptop Per Child starts at $140 million dollars, shipping not included. Not to mention maintenance and support, which isn't developed and may not even be offered.

Most glaringly, Dan Shine, who should know all about computers suitable for the developing world, presents the OLPC laptop as the only possible solution to power-scarce situations when he says:

"Some are based on tech that is a lot older and suck a lot of power," says Shine. "In some places, power will be generated from car batteries, cranks, or solar. It's an ongoing challenge and opportunity to look at these environments and calculate what the solutions are."

Hey, Dan, you may be surprised, but there are several power-sipping solutions on the market, a few even using AMD processors. Have you ever heard of Inveneo?

You should as they are working with 50x15 to install your three digital inclusion programs with NEPAD and the Ugandan government and they already have a solar-powered PC and communications system for rural and remote communities that runs on AMD processors.

Then there is VIA Technologies, AMD's competition, who developed the hot PHD Appliance as part of its PC-1 Initiative.

Note that the PHD Appliance is a fully functional computer, one that could replace any normal desktop, or integrated into a off-the-shelf laptop, and yet can run Windows XP for 26 hours off a car battery.

That would be production level technology, not the still-prototype OLPC CM1.

Tags: 50X15 | AMD | Dan Shine | Inveneo | OLPC | PC-1 Initative | PHD Appliance |

Actions: | Comment (1) | Digg This | Add to del.ico.us | Send to Reddit

Now I don't know how or if Jim Klein is related to OLPC, a Google Search didn't show any direct relationship, but he portends to speak as a member of the OLPC design team on his OLPC Follow Up Post and his answers give me concern. Specifically his maintenance Q&A:

Q - How will these devices be maintained? They will break, everything breaks, and these will be in the worst of environments for electronic devices. I don't think parts distribution is part of the current plan, at least not in anything that I've read.

Tags:

No Spare Parts Distribution Plan?! | Comment (0) | Digg This | Add to del.ico.us | Send to Reddit