[liberationtech] Chromebooks for Risky Situations?

[Rich Kulawiec]

On Mon, Feb 11, 2013 at 05:54:19PM +0100, Andreas Bader wrote:
> Don't you think that e.g. DSL (Damn Small Linux) has less code than Android?

I don't know.  While I'm somewhat familiar with DSL, I don't use
Android and know very little about it.  I just did a little searching
and see various figures cited for both, but nothing that seems to
be recent/comprehensive/accurate.

I suspect that my reaction to both, though, would be "too many". ;-)

> I mean you can't simplify that by saying "This System is the most
> secure" if you mean "this system is the smallest.".

You're right.  We can't.  But if we accept as a starting premise
that to a first approximation "the number of security holes" is
roughly proportional to "the size of the system" -- and that usually
seems to be true -- then smaller is probably better.

> I think you have to achieve a good compromise between security and
> simplicity.

I don't think so: I think the best way to achieve security IS simplicity.

That's why, for example, I suggest having *no* update mechanism other
than a complete reinstall of everything -- or more likely, a 1-for-1 swap
of the readonly device holding the OS.  If there is no update mechanism,
then it can't be broken.  It can't be used to feed in malware.  It can't
be used to figure out who's running the OS.  It doesn't exist, so all
of the possible things that could go wrong with it don't exist either.
I contend that this is simpler than trying to build one and then solve
all the problems that its existence creates.

---rsk