One Laptop per Child security

James A. Donald jamesd at
Thu Feb 8 22:22:06 EST 2007

Nicolas Williams wrote:
 > The text you quote doesn't answer the question; the
 > rest of the wiki frontpage says little more.  It tends
 > to make me think that if an application wants to do
 > something that I've not enabled it to do ahead of time
 > then it fails.  Failure is incovenient.  So as near as
 > I can tell from the text you quote BitFrost sets its
 > convenience/security parameters differently than other
 > OSes, but there's nothing truly Earth shatteringly new
 > there.

There is a great deal that is earth shatteringly new,
and it is documented - albeit in rather unclear and non
standard format.

The fundamental difference is that each application is
run in its own VM, and so *cannot* exercise full user
powers, whereas with *all* other OSs, if your solitaire
game is a trojan, or (more likely) has flaws that enable
an adversary to get control of it, it can read all your
user documents and mail them to the adversary, check
your interaction with the browser to detect you typing
in passwords to your bank account and share trading
account, get the names of everyone on your address list,
and spam cons and trojans to them in each others names,
use your modem to dial a ten dollar a minute gay S&M sex
line in Outer Mongolia, launch a denial of service
attack against The Gold Casino as part of an extortion
scheme, spray ads onto your screen, make your system a
file share server for other people's child pornography,
and report all your video files to the copyright

          James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list