On 30.05.2008 08:34, Albert Cahalan wrote:
> On Fri, May 30, 2008 at 1:15 AM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
>
>> On Thu, May 29, 2008 at 8:45 PM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
>>
>>> On Thu, May 29, 2008 at 5:07 PM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
>>>
On 30.05.2008, at 19:38, C. Scott Ananian wrote:
> In any case, the best response is clear: continue to work on the Linux
> software stack and ensure that it is simply better than the Windows
> alternative. I've heard a lot of sturm und drang, but am saddened
> that I haven't seen much help from
On 5/30/08, Albert Cahalan <[EMAIL PROTECTED]> wrote:
> I can't imagine that a contract would mention it.
It does. The Windows-only trials are "phase I", and the dual-boot
"phase II" is explicitly spelled out, with transition criteria to move
to phase II related to the completion of OFW2. We ra
On 5/30/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Thu, 29 May 2008, C. Scott Ananian wrote:
> > And to elaborate: the idea is that untrusted code should not be
> > running as the 'olpc' user: 'olpc' is a trusted account. Activities
> > run/should be running as their own unique UUIDs, w
On 29/05/08 23:45 -0400, Albert Cahalan wrote:
> > Also, I think you completely misunderstand the market. The ability to
> > use Open FirmWare instead of a proprietary BIOS will be of intense
> > interest to all PC vendors. I expect OFW to sweep through most of the
> > market in no more than two or
On 30.05.2008, at 07:33, [EMAIL PROTECTED] wrote:
> On Thu, 29 May 2008, C. Scott Ananian wrote:
>
>> On Thu, May 29, 2008 at 6:03 PM, Michael Stone <[EMAIL PROTECTED]>
>> wrote:
>>> On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
On Thu, May 29, 2008 at 02:58:07PM -0600, Ja
On Fri, May 30, 2008 at 11:04:57AM +0200, Morgan Collett wrote:
> [+cc: Mako]
>
> Selective quoting:
>
> On Fri, May 30, 2008 at 7:15 AM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
> > You're on crack, Albert.
> ...
> > Albert, I'm not talking to you any more until you start making
> sense.
As a
[+cc: Mako]
Selective quoting:
On Fri, May 30, 2008 at 7:15 AM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
> You're on crack, Albert.
...
> Albert, I'm not talking to you any more until you start making sense.
Not to pick on you personally Edward, this just triggered something:
I've long thought
On Fri, May 30, 2008 at 1:15 AM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
> On Thu, May 29, 2008 at 8:45 PM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
>> On Thu, May 29, 2008 at 5:07 PM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
>>> On Thu, May 29, 2008 at 10:48 AM, Albert Cahalan <[EMAIL PROTECTE
On Thu, 29 May 2008, C. Scott Ananian wrote:
> On Thu, May 29, 2008 at 6:03 PM, Michael Stone <[EMAIL PROTECTED]> wrote:
>> On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
>>> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote:
>>> In recent builds, any process runn
On Thu, May 29, 2008 at 8:45 PM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
> On Thu, May 29, 2008 at 5:07 PM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
>> On Thu, May 29, 2008 at 10:48 AM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
>
>>> I do believe that, practically speaking, all of this is moot.
Microsoft either will or won't use the NAND for its own purposes. However a
third option beyond the "dual boot" or "engulf and devour" choices so far
described, for a deployment that is more school-centric and less oriented
toward laptop autonomy than the OLPC vision, would be to use network file
On Thu, May 29, 2008 at 7:31 PM, Bobby Powers <[EMAIL PROTECTED]> wrote:
> On Fri, May 30, 2008 at 12:39 AM, C. Scott Ananian <[EMAIL PROTECTED]> wrote:
>> * Windows runs from an SD card, but there is not much space left on
>> that SD card to store user files. User files are stored in NAND at
>>
On Thu, May 29, 2008 at 5:07 PM, Edward Cherlin <[EMAIL PROTECTED]> wrote:
> On Thu, May 29, 2008 at 10:48 AM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
>> I do believe that, practically speaking, all of this is moot.
>> Windows uses both SD card storage and the NAND flash storage.
>>
>> (NAND sto
On Thu, May 29, 2008 at 5:05 PM, Arne Babenhauserheide <[EMAIL PROTECTED]>
wrote:
> Am Freitag 30 Mai 2008 01:44:29 schrieb Edward Cherlin:
>
>> > I don't often write here, but at the moment I don't see why BitFrost
>> > should be used in the first case (except, because we _can_).
>>
>> Because of
Am Freitag 30 Mai 2008 01:44:29 schrieb Edward Cherlin:
> > I don't often write here, but at the moment I don't see why BitFrost
> > should be used in the first case (except, because we _can_).
>
> Because of governments that will not buy unprotected laptops for
> schoolchildren.
But they buy the
On Thu, May 29, 2008 at 2:25 PM, Arne Babenhauserheide <[EMAIL PROTECTED]>
wrote:
> Am Donnerstag 29 Mai 2008 23:07:23 schrieb Edward Cherlin:
>> The question was, how to protect Linux from Windows, in particular
>> from malware allowed in by Windows. (Or possibly from malware designed
>> into Win
On Fri, May 30, 2008 at 12:39 AM, C. Scott Ananian <[EMAIL PROTECTED]>
wrote:
> On Thu, May 29, 2008 at 6:03 PM, Michael Stone <[EMAIL PROTECTED]> wrote:
> > On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
> >> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote:
> >
Am Donnerstag 29 Mai 2008 23:58:04 schrieben Sie:
> Yes, you did (where have you been hiding =) ). Windows will come
> preinstalled on XO's at the client's request. And in developing countries
> the paying clients (ministries of eductaion, etc.) receive technical advice
> and counsel mostly from Mi
On Thu, May 29, 2008 at 6:03 PM, Michael Stone <[EMAIL PROTECTED]> wrote:
> On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
>> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote:
>> In recent builds, any process running as user OLPC can execute code as
>> uid 0 via t
On Thu, May 29, 2008 at 05:53:49PM -0400, Michael Stone wrote:
> On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote:
> In recent builds, any process running as user OLPC can execute code as
> uid 0 via the setuid-0 user-olpc-executable /usr/bin/sudo.
A small correction: in recent
On Thu, May 29, 2008 at 11:25:05PM +0200, Arne Babenhauserheide wrote:
> Am Donnerstag 29 Mai 2008 23:07:23 schrieb Edward Cherlin:
> > The question was, how to protect Linux from Windows, in particular
>
> Why protect GNU/Linux from Windows?
>
> If people install Windows on their XOs, then it's
On Thu, May 29, 2008 at 02:58:07PM -0600, Jameson Chema Quinn wrote:
> > if you run everything as user olpc and user olpc can become root without a
> > password, getting olpc is as good as getting root.
>
> An arbitrary process running as user olpc should not be able to get root. My
> impression i
Am Donnerstag 29 Mai 2008 23:07:23 schrieb Edward Cherlin:
> The question was, how to protect Linux from Windows, in particular
> from malware allowed in by Windows. (Or possibly from malware designed
> into Windows, a "marketing" practice not unknown in the past.)
> Protecting Windows-only machine
On Thu, 29 May 2008, Jameson "Chema" Quinn wrote:
>
>> if you run everything as user olpc and user olpc can become root without a
>> password, getting olpc is as good as getting root.
>
>
> An arbitrary process running as user olpc should not be able to get root. My
> impression is that it cannot
On Thu, May 29, 2008 at 10:48 AM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
> Jameson "Chema" Quinn writes:
>
>> Actually, the goals are more limited. Say you have dual-boot;
>> OS 1 has bitfrost, OS 2 does not. Things OS 2 should not do:
>>
>> 1. Read private files from OS 1.
> ...
>> 2. By writin
> if you run everything as user olpc and user olpc can become root without a
> password, getting olpc is as good as getting root.
An arbitrary process running as user olpc should not be able to get root. My
impression is that it cannot, currently; am I wrong?
>
> not to mention the fact that you
On Thu, 29 May 2008, Jameson "Chema" Quinn wrote:
> 2008/5/29 <[EMAIL PROTECTED]>:
>
>> On Thu, 29 May 2008, Jameson "Chema" Quinn wrote:
>>
>> I just had an IRC conversation with Benjamin Schwarz in which we talked
>>> about:
>>>
>>> He said that 3,4, and 5 have been considered more serious than
2008/5/29 <[EMAIL PROTECTED]>:
> On Thu, 29 May 2008, Jameson "Chema" Quinn wrote:
>
> I just had an IRC conversation with Benjamin Schwarz in which we talked
>> about:
>>
>> He said that 3,4, and 5 have been considered more serious than 1 and 2;
>> since they are impossible, there is little poin
On Thu, 29 May 2008, Jameson "Chema" Quinn wrote:
I just had an IRC conversation with Benjamin Schwarz in which we talked
about:
He said that 3,4, and 5 have been considered more serious than 1 and 2;
since they are impossible, there is little point doing 1 and 2. I disagreed.
There is no way
On Thu, May 29, 2008 at 2:08 PM, Morgan Collett
<[EMAIL PROTECTED]> wrote:
> On Thu, May 29, 2008 at 7:48 PM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
>> Jameson "Chema" Quinn writes:
>>> Actually, the goals are more limited. Say you have dual-boot;
>>> OS 1 has bitfrost, OS 2 does not. Things OS
I just had an IRC conversation with Benjamin Schwarz in which we talked
about:
He said that 3,4, and 5 have been considered more serious than 1 and 2;
since they are impossible, there is little point doing 1 and 2. I disagreed.
There is no way with current hardware to write-protect the NAND stora
On Thu, May 29, 2008 at 7:48 PM, Albert Cahalan <[EMAIL PROTECTED]> wrote:
> Jameson "Chema" Quinn writes:
>
>> Actually, the goals are more limited. Say you have dual-boot;
>> OS 1 has bitfrost, OS 2 does not. Things OS 2 should not do:
>>
>> 1. Read private files from OS 1.
> ...
>> 2. By writing
Jameson "Chema" Quinn writes:
> Actually, the goals are more limited. Say you have dual-boot;
> OS 1 has bitfrost, OS 2 does not. Things OS 2 should not do:
>
> 1. Read private files from OS 1.
...
> 2. By writing to OS 1's file system,
I do believe that, practically speaking, all of this is moot
Actually, the goals are more limited. Say you have dual-boot; OS 1 has
bitfrost, OS 2 does not. Things OS 2 should not do:
1. Read private files from OS 1.
1a. Read encryption key from OS 1, thus subverting all security which that
key gives. This, in particular, should be avoided.
1a(i). By readin
On May 28, 2008, at 8:33 PM, Benjamin M. Schwartz wrote:
> What are you trying to prevent?
He doesn't want one OS to be able to screw with files from another in
a dual-boot scenario. I don't think it's a good extension of the
threat model.
--
Ivan Krstić <[EMAIL PROTECTED]> | http://radian.o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What are you trying to prevent?
- --Ben
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkg9+cYACgkQUJT6e6HFtqSEywCghEZc2W4v3996TeIDb5VSPoJf
p2wAnjSKfEx4LEt7lH
Bitfrost protections are meaningless if they only work half of the time. If
you have a dual-boot box, how can one OS keep its protections even if the
other half is considered untrusted code? This is of course even harder
without passwords.
However, it is not impossible, with help from the firmware
38 matches
Mail list logo