Talk:Bitfrost

From OLPC
Revision as of 15:14, 18 June 2007 by 61.142.246.123 (talk)
Jump to: navigation, search

Correlating Bitfrost and Threats

A new page, Correlating Bitfrost and Threats, has been added that correlates the Bitfrost spec with the Threats and Mitigation page, which was published prior to publication of the spec.

Typos

  1. I can't edit the page, but the "No permanent data loss" box has a typo: in the event that
    Fixed

He / She / S/He

Discussion has been moved to Gender and OLPC.

Unix permissions

The author describes some version of typical Unix permissions and security model behind it and then complains that with this model "we can't stop viruses and malware" and that "anyone can send a user an executable program, and for many years the users' instinctive reaction was to open the attachment and run the program." The reality is quite different really. I use Unix systems since 15 years. My machines were never eaten by a virus and I never have run a program directly from an attachment. The only problem with e-mail viruses is that they add to spam but it is very easy to filter viruses anyway.

If you start your design of new security model with such false assumptions your results may be still right at the end - or may be not.

I'm not the author, but I think the new security model is a pretty good idea. Sure, you or I may not have gotten viruses, but nearly every inexperienced computer user I know has gotten one. You are lucky that you know not to open attachments and that Unix is not a high target for virus writers -- because there are not many Unix machines, and most of their owners know better than to open attachments or run strange programs. But the OLPC changes this: it will bring online a huge population of inexperienced computer users. It will be a magnet for botnets and mischief-makers. It deserves a well-thought-out security system.
The benefit of the Unix permission system is that a user can only screw up their own files, not the files of other users or the operating system itself. As beneficial as this is, it is hardly a consolation to the user who has just lost all their files because they ran a program a "friend" sent them. Your solution is to advise the user never to run programs from other people, but this approach simply does not work, as we have seen with Windows. And, besides, one of the goals of OLPC is to allow its users to make new programs and share them with each other.
It sounds like the Bitfrost approach is to create a file system sandbox for each application so that it can't interfere with other applications. This seems entirely reasonable to me. After all, it's what Java, .NET, and Flash do to allow the user to run unsafe applets. Python, the main OLPC development system, doesn't have this kind of sandbox (yet), so it's a good thing if the underlying operating system can provide it.
Retrieved from "http://wiki.laptop.org/mediawiki/index.php?title=Talk:Bitfrost&oldid=44273"