[IAEP] Security and long life issues (Was Re: XO-2)

info at olpc-peru.info info at olpc-peru.info
Fri May 23 22:17:27 CEST 2008 

Richard et al,
(I am passing this to the education list... because it is a mix of tech 
issues with issues related to the general policy about the XOs / and OLPC).

I agree with the level of security that you are talking about.  And I 
understand what are your concerns (some of them are valid for Peru, some 
of them are valid for big cities, some of them are valid for very small 
cities).  But reading your message something came to my mind...  (oh my 
God.. here we go!)

As far as I understand the XOs will be given to the kids as property (I 
hope so... if not then we are "feeding" the dominance status quo of the 
government / top social class / bureaucrat power / etc.. ... then that 
kind of happening would be part of the problem and not part of the 
solution).

IF the XO is property of the child, and IF the XO has a security 
protection method (that is related / linked) to a validation on a school 
server (or any other protection method that requires that the kid get 
connected with this or that server)... then ... I ask myself...

a) Are we creating a slavery chain ? The kid (who will become used to 
work with his laptop... example: he will get the cost of the potato in 
the wholesale market in Lima and then he will advise his father at what 
price he needs to sell in this or that time of the year...)... then when 
he gets 16 years old (according to what is normal in the Andes 
mountains) he gets married with young lady of the nearest town... so he 
will start a new family in different location... he will live in other 
town... so... he needs to do what ?

a.1) Travel without his laptop.
a.2) Give the laptop to other small kid.
a.3) Get a bride on his own town!!! (smile) (well... the kid has the 
opportunity to "try" some brides... it is call "servinacuy"... if you 
don't like the bride (after living with her some months, you return her 
to her parents and you have other opportunities to "test" another 
bride... don't ask me how many... I don't know! This custome comes from 
the Inca's time and is used in the remote villages in the Andes, it is 
part of a party... by the way, ladies, don't get upset: the bride can 
refuse the boy after living with him for some months... so the "trial" 
period is good for both... that is all what I know... I am not an expert 
on the issue (my bad luck!).
a.4) Forget the all powerful "door to the universe of knowledge" 
(XO+Internet) and start a new life
a.5) Don't get married... bachelor life... (smile)
a.6) Hack the security issues and get and independent XO laptop then he 
can travel all around the Andes and get WiFi connection wherever he is 
located (I hope that other XOServers will recognize it as "a brother 
from other town" and allow him to access the net... I hope so... is this 
a dream? Sorry if I am putting more tasks on the shoulders of the 
developer teams or if I am saying something that sounds weird...)
a.7) Go to a repair center and get his laptop fixed to get ridd of any 
security issue.
a.8) Return the XO to the school (no, please... don't tell me this is 
the chosen procedure... all your efforts will fail like a... ok... you 
say whatever you want... I will be prepared... God help us on this one, 
please).

What about if the kid comes to a bigger city for getting better 
education? and... if the kid get a way to go to a university? (I would 
bet that is the only laptop that most of the kids will get in the next 
30 years... or maybe in his whole life...)... if the kid's family move 
from one small village city to another one... what will happen with 
"his" XO and, better question, what will happen with his "relationship" 
with the XO ? (am I nuts? is possible to get a "relationship" with a 
machine? I don't know... let's ask... Hal... are you there?)

Ok... I can imagine another possibilities... but you got the idea... 
what is the intended route that the XO will follow in the life of this 
kid? Are we teaching them how to surf and then, in a few years we will 
ask them to surf without a board? ok... if that is the panorama it is 
better to know it now.

Are we creating the new "slaves of the XO"? or this is a gadget that 
they can forget in some years?

I am sure that many people (inside OLPC) has talk about this before and 
I suspect that the answer is not an easy one.  Letting the decision to 
the governments*  is not a valid answer because, in one way or another 
ALL the governments are part of the domination pyramid that we (we?) are 
trying to subvert with knowledge, wisdom, opportunities and good will.

Best regards,

Javier Rodriguez
Lima, Peru

* I am speaking about the "governments" as a establishment, a layer, a 
level of public administration... not about the people that works for 
this or that government... many of us can work for a "government" and 
become part of a structure that is very tight.  Some people can go 
beyond the structure and some not. 



Richard A. Smith wrote:
> Carl-Daniel Hailfinger wrote:
>
>   
>> As I stated before on this list, bypassing P_THEFT is very easy. You
>> don't even have to desolder the complete flash chip, one pin is
>> sufficient. All of this is doable for less than $1 per laptop if you
>> have access to cheap labor. $1 per laptop is _not_ expensive enough to
>> be infeasible. I am very willing to publish a video tutorial of the
>> procedure if you think I can't do that. The only downside would be that
>> everybody then knows how to bypass P_THEFT.
>>     
>
> If you want to tell me your procedure in private I'll be happy to review 
>   it for you.  IMHO we actually do need people to challenge what we have 
> done.  Tis' the only real way to know.
>
> I'm guessing the single pin you are referring the the flash write 
> protect pin? If so then I'll note thats actually not where the strongest 
> part of the link is.  Very early on we also disable the ability to talk 
> to the io ports on the EC that make writing to the SPI flash possible. 
> Once they are disabled you can't talk to the EC anymore to re-enable 
> them. You have to reset the EC. So far we have not found a method that 
> circumvents that.  Fire away.
>
> Please give us the chance to fix it first if you do find something.  :)
>
>   
>>> Contrary to your claim, initial
>>> activation security is being heavily deployed and does seem to be
>>> successful.
>>>    
>>>       
>> A statement of security is a nice theft deterrent. This may change once
>> the bad guys realize circumvention is very doable.
>>     
>
> There's an upper bound on the usefulness of theft deterrent by 
> software/hardware means.  If you intend to steal the laptops in bulk the 
>   there's actually much more value in black marketing the parts rather 
> than the entire laptop as a laptop.  If you found a good markets for the 
> display and the battery you could just throw the CPU board away or 
> desolder and resell WLAN module and the 1G nand flash chips.  So there's 
> really not much point in making the security stronger than that threshold.
>
> Right now to bypass the theft deterrent requires disassembly and we 
> think thats sufficient.  Sure, in mass it will be cheap but the people 
> who have the resources to setup shops to do it in mass are the same 
> people who will do it regardless of how fancy were are.
>
> Trying to reach that level of theft deterrent is a losing battle and 
> just not needed.  All it would really do is frustrate the repair centers.
>
>

More information about the Its.an.education.project mailing list