Root-locked Linux for the masses
The future: managed desktops?
Eddie Bleasdale, open source evangelist and the man behind NetProject, has a new plan. Secure, managed desktop computing: Linux for the non-techies.
At the heart of the Trusted Computing Project is a £200 black box, about the size of those funny little Mac boxes, running a root-locked Ubuntu distribution. The user pays an annual fee of £50 for secure support from a proper Linux geek.
"The TCP is for those who recognise there has to be a radical change in the way computing is provided to the public," Bleasdale says in a press notice. "A growing number of people are not using the internet for electronic services because of concerns about viruses and trojans infecting their computers."
All of the software on the box has to meet open source standards, which means Skype (for instance) won't be on the approved list. Bleasdale admits there was some heated debate about the delisting of Skype, but is adamant that since he cannot vouch for Skype's security, it had to go. If he allowed it to be installed on the boxes, he couldn't call the project Trusted Computing any longer. For those who must VoIP, he recommends OS-friendly Ekiga.
The box itself is based on the technology that underpins the one laptop per child project, which makes it very low power: the box runs off roughly 5W. "You plug it in, leave it on overnight, and when you come back it is barely warm," he told us.
He says the set-up will suit those concerned about internet security, but also small businesses and schools who would like to run Linux, yet don't have the expertise to do it themselves.
"Users require no security or administration skills, and the actions of the users cannot compromise the integrity of the computer, and software is updated remotely." ®
"If rather than trying to make a fool-proof computer he was making a system that will manage all your VoIP calls and record your TV channels for you while letting you browse you emails and the internet through your TV I'd say he'd be onto a winner."
that's what koolu themselves are promoting (their little boxes for). the best available combinations at the moment are with voxbone and mythtv.
"When normal people get to choose between a locked black box where they can't use their favourite programs and between an unsecured open windows box"
you can always get it "unlocked" - i.e. ask for the root password. you just can't claim it's "trusted" any more.
"They'd only have to offer the source to those who asked for a copy."
of course. everything has to be free software - otherwise it can't be trusted. they just can't have the digital signing private keys and, if they ask for the root password, they're unlikely to be a "normal" customer (i.e. they're probably geeks) and they are likely to know what they're doing... and don't really _need_ a "trusted computing" platform from eddie's group in the first place!
"However, I'm certainly not willing to pay a yearly fee to have someone else admin my Linux box."
good for you. you're in the top .... err.... fractional percentage of people in the world.
"The only other place the source is an issue is if they're worried about competition in the same market segment."
...not really. the principle is more important - demonstrating that it's actually possible...
"However, the hardware, marketing, and the remote admin team are what differentiates the service. They can give competitors the software source and all without changing their business model."
... precisely. and our competitors aren't going to have the same digital signature private keys, are they! so those people who build up the best team, the best reputation as being "trustworthy" precisely as you correctly surmise.
you know how the free software business model works: it's all about being honest, about not doing "lock-in", and leading the way. in other words, it's back to the principle of guilds and craftsmen providing valuable service, instead of wage-slaving and ownership providing service you have to go to because there's nothing else.
so it's entirely essential that the whole process be open and absolutely impeachable, and actively encourages and invites competition. eddie's group actively seeks to be the one that breaks the ice - gets things going - and intends to remain the innovative market leader in the trusted arena.
Sounds good to me..
If some people want a locked-down, secure box managed by someone who knows what they are doing then why not, if it's done carefully and properly?
A lot of my resolutely non-techie customers are happy to have Unix/Linux and even Windoze servers that are managed by us and not only 'just work' but keep on 'just working'.
They can configure the useful top-layer stuff however they like but have no access to the complex, breakable bits.
They love it this way because they can get on with their lives and jobs and let us worry about the complicated technical stuff.
Many of them are now even moving to thin clients connecting to their managed servers via RDP or VNC so they don't have to worry about managing them either.
How many Joe-public types moan that they cannot tweak the kernel code of their mobile phone or set-top box or swap their car's clutch for another on a weekly basis? Not many.
Give them the illusion of control and most are happy for the real technical gubbins underneath to be looked after by the experts and 'just work'. Let's face it most 'average consumers' would be quite happy to drive a car with a welded-shut bonnet so long as they had a choice of black or pink floor-mats.
The only real problem I can see is that Linux is crap for games so a two box solution (one TCP box for serious stuff and a games/media box for recreation) would be necessary.
They'd only have to offer the source to those who asked for a copy. Even if they sent a CD or DVD with all the source on it with the box, the customers of this kind of service don't know how to run a compiler, so forget about them modifying it themselves. There's no root password requirement AFAIK.
Yes, it'd be easy for you, for me, or for thousands of others to take that source and make the box do something different. However, I'm certainly not willing to pay a yearly fee to have someone else admin my Linux box.
The only other place the source is an issue is if they're worried about competition in the same market segment. However, the hardware, marketing, and the remote admin team are what differentiates the service. They can give competitors the software source and all without changing their business model.
I have my doubts about the success of the business model, but the source shouldn't be an issue. Keep in mind they're not selling a product, but a service that happens to require some hardware and software. The service is the whole point.