AU Government To Build "Unhackable" Netbooks 501
bennyboy64 writes "In what may be one of the largest roll-outs yet of Microsoft's new Windows 7 Operating System, Australia's Federal Government decided to give 240,000 Lenovo IdeaPad S10e netbooks to Year 9-12 students. Officials are calling them 'unhackable.' iTnews reports that the laptops come armed with an enterprise version of the Windows 7 OS, Microsoft Office, the Adobe CS4 creative suite, Apple iTunes, and content geared specifically to students. New South Wales Department of Education CIO Stephen Wilson said that schools were 'the most hostile environment you can roll computers into.' While the netbooks are loaded with many hundreds of dollars worth of software, 2GB of RAM, and a 6-hour battery, the cost to the NSW Department of Education is under $435 (US) a unit. Wilson praised Windows' new OS: 'There was no way we could do any of this on XP,' he said. 'Windows 7 nailed it for us.' At the physical layer, each netbook is password-protected and embedded with tracking software that is embedded at the BIOS level of the machine. If a netbook were to be stolen or sold, the Department of Education is able to remotely disable the device over the network. Each netbook is also fitted with a passive RFID chip which will enable the netbooks to be identified 'even if they were dropped in a bathtub.' The Department of Education also uses the AppLocker functionality within Windows 7 to dictate which applications can be installed."
Someone is gonna open it. (Score:2, Informative)
Your setup is flawed from the start.
Same Govt. (Score:5, Informative)
Ignorance and arrogance seem to always walk hand in hand.
Re:Too late (Score:5, Informative)
yeah, nuking the bios from a cd is ridiculously easy. It's actually a feature that people can do so. Hirens boot CD [hiren.info] comes with very simple methods for that.
I bet someone will just make an app that unlocks the laptop and wipes the firmware for them so that the laptops can have actual use.
Re:Someone is gonna open it. (Score:3, Informative)
Here though they have physical access to the device. You don't need to be an experienced black hat to take a hard drive, mount it in another machine, and modify /etc/shadow. Or possibly simply boot from a USB drive to do the same, in which case it really is script kiddie territory.
Haha.. no (Score:5, Informative)
I work for one of the departments involved, hence the anonymous post.
This is typical government posturing, and has nothing little to do with the what's actually going on.
From what I've seen, the RFID chips are redundant, they're using the machine's BIOS UUID to track machines through software, I don't think they even record the embedded RFID codes at all, as that requires a physical reader device, and they're not handing them out to schools. Normally, RFID tags aren't used for anti-theft, but for inventory tracking.
The BIOS tracking is pretty standard and off-the-shelf, it's not designed to stop professionals, but it will catch stupid thieves. Software protection is not huge, but most 'problems' will be met with an F12 network boot and a fresh system image, so the harm students can do will be limited and easily reversible. Students get limited space to save their work, and that is backed up centrally, so they shouldn't lose any data. On top of that, most questionable sites are blocked by the internet proxies, so that cuts out lots of potential sources of harmful stuff.
Really, the true protection the laptop gets is that every student receives one for free, but a replacement laptop has to be paid for out of their parent's pockets. Students will learn to be careful with them or face punishment from their parents.
There's lots of other silliness going on though, especially as it's my tax dollars going to waste.
For example, the enterprise agreement for the Adobe CS4 suite was a big deal. They spent millions purchasing the software before anyone had actually tried running any of it on an actual laptop. Only after the government had signed the contracts did they bother, only to find out that the screens were too small. All of the Adobe dialog boxes were designed for a vertical height larger than the physical screen resolution, so the OK/Cancel buttons are cut off. The workaround was to install a driver that supports a larger virtual desktop and pans the screen around. It's hideous. This is what happens when you let politicians make technical purchasing decisions.
Similarly, the laptops are rather anemic, which is expected for a netbook, but a lot of the software and content they want to publish is very video-centric. Apparently some types of video, like Flash content and h264, don't always play well, and high-res content is a slide show.
Re:Haha.. no (Score:1, Informative)
In all honesty, those netbook screens are tiny. GNOME preference windows on Ubuntu suffer from the same problems you describe in Adobe. Having spent that much money, I wonder if it was too difficult to ask Adobe for a patch.
Note: Ubuntu 9.10 features preference windows that fit your screen. 9.04 involves tabbing and hoping for the best.
Re:MS must have given a great (Score:2, Informative)
Reading between the lines when talking with the IT head of TAFE in my region of NSW basically told the same story. (We were trying to reach an arangement for Tafe to use some facilities we had for outreach courses).
Re:windows "installs" applications (Score:2, Informative)
NSW site with more details (Score:1, Informative)
Oh, cool -- I found the official NSW laptop program website [nsw.edu.au]. Among other things, the specs are a 1.6GHz Atom and a 10.2 inch 1024x576 display with Intel GMA 950. One thing is for sure -- they're going to be playing flash games on this one, not 3D :-)
Adobe CS4 on a netbook? Wow. That must be amusing. Windows 7 must be a magical OS to turn a mere netbook into a decent machine for that, especially with all the background monitoring software on the go. I picture these machines running like molasses, and I bet the "6 hours battery life" is off the spec sheet and nothing near the real world performance.
They've apparently deployed 20000 of these units already. There must be someone with first-hand experience out there. Do these machines live up to the hype, both in terms of security, performance, and educational value?
Re:Sure... (Score:5, Informative)
Re:Sure... (Score:2, Informative)
The Slashdot editor degraded the story. (Score:5, Informative)
'Instead, some[one] announces to the world "Bow to our unhackable laptops! We are awesome! HAHAHA!", and now thousands of hackers and security researchers out there have made it their personal crusade to find a way to totally decimate all the security on the box.'
However, the problem is with kdawson, the Slashdot editor, not the Australian government or the article to which the Slashdot summary links.
The article says, "[government] seeks to build 'unhackable' netbook network". The meaning is that the Australian government is doing the best it can in building a network.
kdawson, the Slashdot editor says, "... Government To Build "Unhackable" Netbooks".
kdawson made the title sensationalist and misleading. This amazes me: In all these years, Slashdot editors seem to have learned nothing about being editors. kdawson turned a wonderful story into a misleading experience.
I've used one (Score:5, Informative)
There's a label on the bottom that threatens you that if you steal it the police will find you. There's tamper-proof screws, so normal phillipshead's wont do the job. The BIOS is obviously passworded, and I managed to break the bootloader of Windows 7 by pressing ESC twice. No OS found apparently.
For "secure" laptops, you can right click pretty much anything and run it as an admin. We ran cmd.exe as an admin to create a proper Admin account. Completely bypasses AppLocker. Apparently, according to the laptop admins, the government wont allow printer drivers that aren't already part of Windows 7, so no printing for you.
The laptop maintainers don't even have administrator access. They have to box the laptops up and ship them to a centre to be "fixed", even if it's as simple as reinstalling a driver. Pathetic.
It's only early days, and the nuking of the bios can be done easily, through Wubi or other means, but USB boot is disabled so you'll have to find alternative means. And I know it's likely moot to post so late after the rush, but I had to say it.
Btw, it's CS4 Elements, it's not the true suite. And it includes Dia, the open-source diagram editor, which I found odd. Open source deployments always amuse me.
To finish, Firefox is not included by default and has many issues when installing, as you don't have access to Program Files, so it confuses the installer to no end unless you change where you're installing it to.
These laptops require ethernet access to activate and are mapped to a single username, so good luck using it if you don't have a Department of Education account. The all have filtering software so no porn for you kids, even when at home. Myspace and Facebook are blocked even from home connections. It's a rather horrible crippled setup that I'd wish upon no-one.
Welcome to the future of computing. Homeschool your kids.
Re:so let me get this straight (Score:1, Informative)
That's not entirely true about the RFID tags. Rfid tags cannot be used to track or monitor anyone. They are digital barcodes. They simply contain static information that is read for (typically) inventory purposes. They also can only be read in close proximity to the reader itself so one would have to have the physical computer to read the tags. That's not to say that they don't have some method to read the tags built in, but the data stored on the rfid tag itself would be pretty much useless. More than likely a serial number used to identify that physical box to the reader.
Any tracking they did on the teacher was more than likely a "phone home" style app, but definitely not the rfid tag.
Re:The Slashdot editor degraded the story. (Score:4, Informative)
Your obvious derision for kdawson notwithstanding, the "NSW seeks to build 'unhackable' netbook network" headline came from the itnews.com.au site, which you would have discovered for yourself if you had clicked the second link in the article.
Your anti-kdawson rant also misses the real point, which is that this "wonderful story," as you describe it, is nothing more than part of Microsoft's Windows 7 launch campaign. The real story lies in this paragraph:
Wow! That is incredible, and a real coincidence that this is occurring just as Microsoft prepares to roll out Windows 7.
What you should be taking Slashdot to task for is allowing this advertisement - replete with Microsoft marketing phrases like "Total Cost of Ownership (TCO) " and quotes from DET executives gushing that "There was no way we could do any of this on XP" - to run, instead of an insightful analysis of what this little Microsoft publicity stunt was really all about. Of course your TCO will be way down when Microsoft gives you enterprise versions of their software for free.
As someone mentioned above, this is a victory for "trusted computing," and other technologies for enabling corporations to control your hardware. Someone should write an article about that.
Re:Too late (Score:3, Informative)
BTW, isn't the Thinkpad supposed to work underwater?
You're thinking about the Panasonic Toughbook. Weatherproof, waterproof, dustproof, drop-proof. For a while, British Gas / Transco were sending them out with gas engineers -- from what I was told, they used them for work tracking (read: glorified Filofax) and for storing gas equipment service manuals (beats carrying a dozen A4 binders around with you, even if the machine weighs about as much as a concrete block).
From what I've heard, the US and UK Military like them quite a bit, and they tend to get featured in just about every episode of "Eureka" (the Panasonic badge is usually covered, but the Toughbook badge is almost always visible just above the screen catch).
Radiation Myth Busting Time (Score:2, Informative)
We've been exposing kids to heightened levels of UV radiation for years by installing fluorescent lamps. I don't see any hue and cry about excessive UV radiation damaging our childrens' eyes and giving them skin cancer.
We've been exposing kids to chalk dust for years, I don't see any hue and cry about heightened levels of respiratory illness due to chalk dust inhalation.
We've been exposing humans to 50-60Hz EM radiation for decades, with no research into the effects of having that much electricity coursing through your body day and night.
Why should we be getting all concerned about WiFi radiation?
Re:Radiation Myth Busting Time (Score:2, Informative)
Background: Cancer [wikipedia.org] is an uncontrolled growth of cells in the body. There is, and I am oversimplifying here for the sake of explanation, one reason that this occurs: mutation. When cells divide, a lot of very complicated things [wikipedia.org] need to happen. If any of those things go wrong, a mutated cell can appear. Cells are supposed to destroy themselves [wikipedia.org] if they detect that something is wrong, but sometimes the mutation affects this controlled cell death, so they don't. Combine that mutation with one that causes the cell to divide very rapidly, and you have a cancerous cell. You can read more about the specifics of these kinds of mutations in this wikipedia article. [wikipedia.org]
Statistics: Cells have a lot of safeguards in place to protect them against mutation, so the odds are extremely small that any one particular cell will become cancerous. However, there are a lot of cells in your body. Estimates differ, but most seem to be on the order of 10^13 (a multiple of 10 trillion). So while the odds of one particular cell becoming cancerous are not very good, the odds of one of those trillions of cells becoming cancerous are much better. One "hit" (cancer-related mutation) against a cell might not make that cell cancerous; recall from the previous section that the two mutations needed are (1) the inability to self-destruct and (2) a propensity for rapid division. However, once a cell has a "hit" against it, it becomes more likely that such a cell (or its progeny, since they inherit the "hit") will become cancerous later on. This is why some people are predisposed to develop certain kinds of cancer: some of their cells already have one "hit" against them.
Cancer and Longevity: Over time, those odds become more significant for more people. When people lived shorter lives, cancer was not as great a concern, because few people lived long enough to develop a life-threatening form of cancer. With life expectancies increased into the 70s and 80s for many people, the possibility of developing a life-threatening form of cancer has increased commensurately.
Cancer in Men: This brings us to the most common form of cancer in men, prostate cancer [wikipedia.org]. If they live long enough, most men will develop prostate cancer. This is because prostate cancer rates are primarily linked to age. However, and there are more details in the link, most men never even know they have it; you are more likely to die from other causes (including just plain old age) than from prostate cancer. That is why the fact that "in excess of 50 percent of just the male population will develop some form of cancer" exists: most men will develop prostate cancer.
Personal Electronics and Mutation: The concern that radiation emitted by personal electronic devices causes cancer is still a point of much dispute and ongoing investigation. [cnet.com] It is known that radiation damages a cell's DNA, potentially causing cancerous mutations. However, there are a variety of sources of such radiation, as documented on this Idaho State University webpage. [isu.edu] This webpage from the Office of Civilian Radioactive Waste Management [doe.gov] further documents our greater exposure to natural forms of radiation (cosmic rays, etc) than consumer devices.
So if the implication in your statement is that "from somewhere" must include the radiation from personal electronics, that can't be ruled out. But your statement is constructed in such a way as to suggest that the rates of cancer you mention are tied to the forms of radiation under discussion. Tha