
Apple snags Ex-OLPC security chief - toni
http://blogs.zdnet.com/security/?p=3358
======
jkkramer
Krstić's talk on OLPC was what convinced me to donate to the project a couple
years ago. His leaving and subsequent writings[1] left me feeling suspicious
of OLPC. I'm glad to hear his expertise will be put to good use now and am
looking forward to seeing the fruits of his labor.

[1] <http://radian.org/notebook/sic-transit-gloria-laptopi>

~~~
epe
What a fantastic summary of OLPC's failure. Thank you for the link.

------
ableal
In Ivan Krstić's own words ( <http://radian.org/notebook/2009-05-11> ):

 _I moved to California and joined the local fruit vendor_

(Read the short post, contains MIT and PyCon ;-)

------
stcredzero
The world needs something like Bifrost. If OS X consumer desktops get this,
then this will spur Microsoft and Linux to match it. Trojans will have to get
a lot sneakier and subtler. This will result in Trojans becoming kinder and
gentler, much as biological pathogens become less harsh over time.

(Only kinder and gentler if you are not on the end of their DDOS attack!)

~~~
illumen
Linux does have something like Bifrost - and better stuff. OLPC uses linux.

Newer versions of windows also have a very advanced security model.

OSX is the weakest current OS, and one of the easiest to exploit. There's a
number of ways you can crash and exploit it... it's just too easy.

It's funny that Ivan was blasting apple for having a very weak OS.
<http://radian.org/notebook/nils2own> Not his own work, but someone he has
associated with found the various exploits.

Considering how much damage he did to OLPC by writing bad things about it,
apple would do well to hire him... just to stop the bad publicity. I can't
wait to he quits... it'll be very entertaining.

~~~
limmeau
While it is true that the OLPC is using Linux, many of the features of
Bitfrost <http://radian.org/~krstic/bitfrost_2007.pdf> are not present in
mainstream Linux distributions (e.g. applications being isolated against each
other (yay); theft detection using a central activation server (yay?))

The Bitfrost architecture follows strong requirements regarding the ease of
use of security mechanisms (e.g. no user passwords, no reading required).
Perhaps Apple just tries to get someone smart for the necessary security
improvements who aims for a slightly more pleasant user experience than UAC.

------
wmf
This sounds like good news for Apple; it's too bad for us that we may never
hear from Krstić again.

------
bitwize
Had the pleasure of listening to him deliver a talk on capability security
models at Boston Lisp a few months back. Glad to hear he's finding productive
work, even if it is for the Vain Emperor. :)

