The above is just "fluff" with zero content. They don't even talk about one technical security feature or offer any data to back claims. And yes I means literally "not one" and "none". It is all strictly opinion without even an attempt at justifying the opinion presented.
Wow, that's a lot of security for something that's almost free.
http://wiki.laptop.org/go/OLPC_Bitfrost
A child may request a so-called developer key from OLPC. This key, bound to the child's laptop's (SN, UUID) tuple, allows the child to flash any BIOS she wishes, to accommodate the use case of those children who progress to be very advanced developers and wish to modify their own firmware.
Foreground programs may use all of the machine's CPU power. Background programs, however, may use no more than a fixed amount—currently we're looking to use 10%—unless given a special permission by the user.
The Sugar UI environment on the XO laptops does not support overlapping windows: only maximized application windows are supported. When we talk about foreground and background execution, we are referring to programs that are, or are not, currently displaying windows on the screen.
Weird. I'm no expert when it comes to security but I thought to myself the other day wouldn't having apps in their own little 'space' make them extremely secure?
I must be brainier than I thought.
Mousse said:Woohoo... a security guy with an "If it ain't broke, you haven't played hard enough with it" mentality. I wonder how long developers will take to make their apps Bitfrost-aware? I've got my eye on YOU, Adobe.
I love this quote from the "about me" part of his blog.
"I'm a big believer in open source, which is an ancient African phrase meaning "no, I will not fix your Windows computer for you."
Even with all their success on protecting us from virus's and spyware, they still bring in someone to make it better. Gotta love that in a company. Nice move apple. Now release an updated Macbook already. I'm ready to buy.
Weird. I'm no expert when it comes to security but I thought to myself the other day wouldn't having apps in their own little 'space' make them extremely secure?
I must be brainier than I thought.
Bitfrost, or something like it, is long overdue. The first consumer OS to implement this level of isolation is going to get massive positive publicity. And yes, this would go a long way towards stopping trojans.
Trojan: "Gimme your address book!"
OS: "Address book? What address book?"
Mail.app: "Address book, please."
OS: "Here you go."
It won't stop brute force methods of propagation.
Edit: Wow. Bitfrost can control just about all possible I/O. It could stop trojans and bot nets completely.
He's hired for his security knowledge, not to implement Bitfrost.
As Krstić notes on his personal web site, his expertise and passion lie in making computer security easy for users:Bitfrost is a security specification that "sandboxes" applications into their own virtual operating systems, preventing viruses or other programs from damaging the operating system or accessing files. Given the focus of OLPC on children, Bitfrost is designed to be almost invisible to the end user.Bitfrost is meant to improve upon the 35-year-old UNIX permission system which persists today in Mac OS X, but Bitfrost requires that individual applications be "Bitfrost-aware", meaning that the security specification is unlikely to easily transition to mainstream operating systems. Krstić's work on Bitfrost, however, demonstrates his focus on novel security approaches that are easy to use.
...The one thing I'd love to see: a security manager in OSX. Where you can view every (non-Apple) executable on your machine...
...You could also view every URL every app has tried to access etc.
I guess we know one big change that will be in Mac 10.7...
He's hired for his security knowledge, not to implement Bitfrost.
Let's start this thread off with the correct terms so everyone knows:
Windows is more secure.
OS X is safer.
Users care more about safety, so Apple's on the right side of that equation. But let's keep our comments accurate, otherwise it gets very confusing.
More here:
http://daringfireball.net/linked/2009/05/13/security-safety