Threats and Mitigation appeared on the OLPC wiki a couple weeks ago. It closes with very brief calls for capability security and agoric computing, unsurpsingly, considering the source.
But I wanted to point out the article’s proposal for mitigating social engineering:
The best place to defeat the hoax is in the mind of the intended victim. How? With educational tools shipped on the OLPC itself. Suppose the computer had a training course that taught each student-owner how to run the hoax himself.
This strikes a chord with me because I already think “we” (artists, bloggers, programmers, preachers, friends — see friends don’t let friends click spam) should promote not engaging spammers and scammers and because I’m annoyed by the practice of computer vendors (HP/Compaq anyway) pre-loading consumer Windows machines with scads of “special offer” programs that are annoyances at best and would fairly be considered malware if they didn’t come preinstalled.
Instead of bombarding a new user with vendor-approved spam the first time a computer is turned on an enlightened consumer PC vendor (I include OLPC here) would show a brief safe computing video. Support costs may even be reduced through such a move.
On the technical side OLPC posted a summary of their Bitfrost security platform. While much is left to the imagination at this point (there’s an annoying lack of references or even buzzwords in the specification), it sounds like OLPC programs could get a whole lot less authority than those on any mass platform so far.