next »

[Peter Ruhe]

The Windows ecosystem includes parasitic virii and spyware, requiring resource-hungry anti-virus tools as countermeasures. My past experience tells me that anti-virus software will bog down the XO and make it unusable. Without anti-virus software, a WinXP XO in a child's hands will rapidly be corrupted and also rendered unusable.

I don't have enough experience with Linux distros to guess what problems Linux/Sugar XO's will have with virii. Does anyone reading this have any relevant experience to share?

[fyoder]

I don't have enough experience with Linux distros to guess what problems Linux/Sugar XO's will have with virii. Does anyone reading this have any relevant experience to share?

I don't know if a Linux virus has ever been discovered in the wild.  They've been written as exercises, but until Linux becomes more widespread, it isn't really worth the virus writer's while to target a minority OS.  And even if he did, I'm not sure what the attack vector would be.  Email attachments in Linux aren't executable, so the user would have to save, make executable, and run, and if he or she knew enough to do that, they'd know enough not to do that. 

Trojans are more of a concern.  Whenever a linux user, or a user of any system, installs software, they're trusting that they are only getting what they think they're getting, and not some malevolent additional payload. There are ways of checking package integrity, such as md5 sums, but, except where such things are automated, it's easy to be slack about that sort of thing.

Evil hackers trying to root your machine via exploits against security holes in applications is also a concern, though mostly on the server side.  Just because one runs Linux doesn't mean one can turn a blind eye to security concerns. But no one in Linux land is losing sleep over viruses.  Yet.

[teapot]

I don't have enough experience with Linux distros to guess what problems Linux/Sugar XO's will have with virii. Does anyone reading this have any relevant experience to share?

With sufficient amount of cluelessness on developers' part it's possible to write insecure software for any system. For example, many web sites were defaced or in various ways exploited due to atrocious quality of their scripts regardless of the OS (PHP and ASP/ASP.NET lead this by a virtue of being popular among sh**ty developers). This is why I have no problem with insulting other developers who seem to exhibit such cluelessness.

However usually even a successful intrusion is limited to the user's account and happens on a server, not client. I have recently (with "recently" meaning summer 2006) witnessed one incident that involved real host compromise, described in http://abelits.livejournal.com/30872.html ,  http://abelits.livejournal.com/30214.html and http://abelits.livejournal.com/30681.html ), -- that was a result of sysadmin not updating the system plus a user getting his password compromised, plus actual human breaking into the host.

With Linux desktops I have never seen a system, or user's account being compromised, however in a very large deployment of identical laptops I can imagine that some applications would be vulnerable and result in users' accounts being compromised by subverting applications' protocol, malformed files and web page scripting. This may cause some trouble, however as long as the system (as opposed to user's home directory) is intact, malware and intrusions can't make themselves invisible or hard to remove.

It's probably possible to, say, build a botnet on that, however that botnet will likely be shut down in a day because software update processes run as root while those hypothetical bots will run as regular users. It's possible that real host compromises will happen, however judging by how rare they are on servers that actually are available for anyone to talk to, and contain scripts written by least qualified programmers/web designers in the world (as opposed to laptops where user has to at least go to a web page with malicious script), it will be rare, and won't spread. Use of various means that decrease the probability of successful attack even on a vulnerable application makes those things even less likely, though, again, my personal experience is 0 incidents since 1993 when I started using Linux (server that I mentioned wasn't mine, I merely worked on cleaning it up because it is on my network).

To put this in perspective, the model where antivirus is effective at all, has the level of vulnerability and acceptable rate of successful attacks orders of magnitude higher than anything Linux users ever seen. Antivirus has to be installed on a computer to recognize and remove a piece of malware when the particular virus/worm/... is already known, and if it's already there, it has all computer's resources and vulnerabilities at its disposal to prevent antivirus from working, or installing an update with the signature. If system was designed like Linux (or any other Unix-like OS, such as OSX), this would never be of any use because fix for vulnerability would be distributed earlier than all virus signatures that exploit it, and unless host is completely compromised, they all will become ineffective.

To be honest, it boggles my mind, how bad things should be to make it acceptable to run some kind of "cleanup" on a known-compromised host, and end up with a macine that the user can trust. Linux administrators always treat compromised hosts as "hostile" until the point when a new known-clean system is installed on them.

Another important thing to note is how well Linux works with backups. With the exception of database servers, everything can be backed up and restored in the form of regular files, be it user's data, applications, system itself or any kind of configuration. No registry, special files, etc. Linux systems' backup on regular PCs usually has to dance around with bootloader, partition table, etc. however on XO it's all irrelevant because bootloader is OFW, and a saved copy of filesystem is sufficient to restore a bootable system. If, by any chance, system is compromised, it can be relably restored from backup without any special tricks for restoring boot images. On XO such a backup can even be made to boot itself.

So malware is among the last problems that people should worry about on Linux as long as systems are configured in any sane manner.

[davew723]

I have the same functionality with Ubuntu/Xfce on XO.

Really?  Including power management?

No, but even if they have suspend/sleep working (video does not show any of  that) they don't have it running properly, either. XO is intended to go into sleep mode VERY often (invisibly to the user, with screen remaining on and network still running, but this is the very condition that breaks with SD cards)

How do you know that they don't have proper power management running on the XO under Windows?

There is a short reference in the video that suggests this is working.  After the laptop is put into book reader mode and the screen goes greyscale he makes a short comment in relation to the feature your talking about.

Also there are lost of features that he didn't cover that I suspect are also working.  Like the stylus mode, game pad, key mappings, etc.  I guess we will have to wait to see exactly what features are supported before making silly comments about power management wouldn't work because of the SD card.

[teapot]

There is a short reference in the video that suggests this is working.  After the laptop is put into book reader mode and the screen goes greyscale he makes a short comment in relation to the feature your talking about.

There was no power management demonstration. Screen rotation button looks like power button, but nowhere in the video the laptop goes into sleep or suspend mode.

Associating this with turning off backlight may be very misleading because monitor  "power management" on this laptop serves a completely different purpose compared to a regular laptop -- turning backlight off and enabling grayscale mode keeps screen usable in daylight, power saving from it is almost a side effect.

The unusual part of XO power management is the opposite behavior -- very often the laptop undergoes "invisible" suspend when the screen remains brightly lit, but the rest of machine is off, so backlight is the only thing that continues to draw power (being LED-based it's more efficient than a typical backlight). This is actually innovative because it keeps the user from tapping a key (and reactivating everything) just to continue reading the screen when it is blanked on a traditional laptop.

Also there are lost of features that he didn't cover that I suspect are also working.  Like the stylus mode, game pad, key mappings, etc.

Those are input devices, they are supported on Linux, and are trivial to support on any OS.

I guess we will have to wait to see exactly what features are supported before making silly comments about power management wouldn't work because of the SD card.

Actually I have said that MY configuration does not have suspend because it uses SD card. It's very likely that their configuration does not have that problem because it would be very suspicious if their driver had exactly the same bug as current version of its GPLed Linux counterpart.

However the rest of power management is most likely unusable in their configuration, even though it works on Linux when not booted from SD.