OLPC security and upgrade

Over the weekend I had the pleasure of attending Shmoocon. I've never attended an event like it, though I plan on attending again next year if humanly possible.  It was a ton of fun and almost as educational as it was entertaining.  Of course, getting up at 4:50 this morning to catch my flight was painful, especially since I was supposed to get up at 4:30.

Of the many discussions I saw over the weekend, one of the most fascinating was a talk on the security of the One Laptop Per Child project.  This is the effort by Nicholas Negroponte to create a sub-$100 laptop to distribute to over 100 million children between 5 and 12 in underprivileged countries.  The project has quite a few very lofty goals, and one of the biggest problems is that many of the goals seem to be mutually exclusive, such as the source code for all software on the laptop being open and viewable while still being secure.  Not an easy goal, especially given that a large portion of the work is being done by volunteers.

Ivan Krstic, OLPC's Director of Security Architecture and creator of Bitfrost, the security software behind OLPC, started the talk by explaining what has been done to secure the laptops while also allowing the children who will eventually own the laptops full control over the systems.  One of the comments that surprised me the most was during the question and answer at the end, when Ivan explained that the end users, the children, will have have the ability to turn off every security feature on the OLPC systems if they so desire.  This shows me that while security is important to the OLPC project, personal choice and freedom to experiment with the system was more important.

Ivan was followed by Jason Scott, who used several historical examples of the unintended consequences of technology to illustrate that while the intent of OLPC is benign, it is often the unthought of uses for any system that can be the most dangerous.  He was followed by Sean Coyne and Scott Roberts of Vulnerable Minds, who detailed a laundry list of possible misuses, from the obvious potential for botnets, to the social impact of bootstrapping societies into to 21st century, to the possibility of MMORPG sweatshops (I'm not making this up).  The possibility of serious damage from a 100 million laptops that are exactly the same is very real and frightening if even a fraction of what these gentlemen suggests come to pass.

The OLPC project has a lot of potential, both for good and for ill.  It's consequences will take take years, possibly decades, to truly understand.  The social change alone will be massive as children learn to use computers and online resources their parents never had an opportunity to see.  I hope that the majority of the changes will be good, but I'm certain some of the children who receive these systems will end up being exploited, despite the best intentions of everyone involved.

On a related note, Ivan announced an update to the OLPC specs, which he says will only affect the price minimally.  Perhaps the most important change to the system was an upgrade to the CPU, which was not only a clock speed increase, but also the addition of cache on the chip.  Ivan stated that this alone allowed Python to run 2-3 times faster than before the upgrade.

OLPC Specifications:

CPU:  AMD Geode LX-700, 433 Mhz, 128 Kb L1, 128 Kb L2
Memory:  256 Mb RAM, 1024 Mb NAND flash
Screen:  1200x900 mono, 692x520 200dpi dual mode, 7.5" screen
Wireless:  802.11s ESS mess, b/g support
3 USB ports, DC in, VGA camera, Mic, SD card slot
Experimental LiFePO4 battery, 1/2 to 1/3 the weight