Page 2

By Ryan Naraine  |  Posted 2006-10-12 Print this article Print

The issue of automatic updates, he said, remains "tricky" because of the difficulty in making strong assumptions about connectivity. The $100 laptops will feature built-in wireless mesh networking—allowing each laptop to connect to other laptops and work as a wireless mesh router when it is powered down—but the absence of strong connectivity to pull down updates could be awkward. The $100 laptops should teach vendors a lesson. Click here to read Jim Rapozas column.
"The focus of my work is to make sure that dependence on updates is as minimal as possible," Krstić added.
Dave Aitel, an open-source advocate and vulnerability researcher at Immunity, in Miami, said fears of an OLPC monoculture presenting a major security risk may be a bit overblown. "Who wants to [hack] these children anyway? These laptops are not Windows 95, and, in many ways, theyre more advanced than [Microsofts] Vista," Aitel said in an interview. "Its a monoculture of hard targets," Aitel said, noting that the laptops will use a modern implementation of Linux hardened with ASLR (Address Space Layout Randomization) to handle code-scrambling diversity and Exec Shield, a security patch that flags data memory as nonexecutable and program memory as nonwritable. Walter Bender, president of software and content at OLPC, said the foundations long-term goal expressly encourages computing diversity and argued that the "monoculture" tab might be a bit strong. "Were designing this machine as an open platform with the expectation that its going to evolve," Bender said in an interview. "Even though were launching a monoculture, experience has shown that these open platforms evolve and change. Theres no reason to think this wont happen with these machines. "We dont expect that a monoculture in the strict sense, where were controlling everything, will last very long," he added. Bender insists that the overall goal of OLPC is to encourage diversity. "In the short term, were trying to launch something," he said. "Were a nonprofit, educational organization; were not a laptop manufacturer. Were developing an ecosystem that people can expand and bring to kids. Its anything but a monoculture." The OLPC foundation, which traces its roots to Massachusetts Institute of Technology, is sponsored by a roster of big-name companies, including Advanced Micro Devices, eBay, Google, News Corp., Nortel Networks and Red Hat. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel