1
00:00:00,000 --> 00:00:19,760
Preroll 36C3 Music
2
00:00:19,760 --> 00:00:28,410
Herald: Good evening and welcome to day
two of the Congress. Our next speaker,
3
00:00:28,410 --> 00:00:37,270
Paul Gardner-Stephen is fighting for a
free, secure and resilient communications.
4
00:00:37,270 --> 00:00:43,320
He's known as the leader of the cerebral
projects, building cell phone mesh
5
00:00:43,320 --> 00:00:49,720
networks and also as the creator of the
mega 65 computer, that you can see right
6
00:00:49,720 --> 00:01:01,110
here. Some Applause And. So he's going
to tell us about his next project right
7
00:01:01,110 --> 00:01:07,780
now and also explore some issues that we
face about, building networks and keeping
8
00:01:07,780 --> 00:01:13,970
them secure and resilient. So please
welcome Paul Gardner-Stephen "Creating
9
00:01:13,970 --> 00:01:18,240
Resilient and Sustainable mobile networks".
A round of applause.
10
00:01:18,240 --> 00:01:21,360
applause
11
00:01:21,360 --> 00:01:24,360
Paul Gardner-Stephen: OK. Thanks for coming
along, everyone. Tonight is getting a
12
00:01:24,360 --> 00:01:28,560
little bit late in the night , Sidney, for
me it is past my normal bedtime, so
13
00:01:28,560 --> 00:01:32,550
apologies if I yawn. It's not that I'm
bored or disengaged. It's just I flew in
14
00:01:32,550 --> 00:01:37,600
from Australia yesterday and still haven't
really had enough sleep. But we should be
15
00:01:37,600 --> 00:01:46,450
fine. So cool. So what we can see here we
have the mega 65 prototype and we have a
16
00:01:46,450 --> 00:01:52,400
prototype of the megaphone and I'll talk
about those two in a minute. So the entire
17
00:01:52,400 --> 00:01:56,729
presentation is actually going to be
delivered with the technology that we're
18
00:01:56,729 --> 00:02:00,810
creating. So a bit of a dog food eating
session for this kind of thing is a bit of
19
00:02:00,810 --> 00:02:05,940
proof by example that we can actually do
useful things with 8-bit systems because a
20
00:02:05,940 --> 00:02:09,220
whole pile of advantages when it comes to
the security and digital sovereignty with
21
00:02:09,220 --> 00:02:15,510
that. So we'll switch the screen to the
screen. Super excellent. So we can have a
22
00:02:15,510 --> 00:02:20,140
look and make sure I've got the correct
disk in there. Yes, we do. We will drop to
23
00:02:20,140 --> 00:02:37,819
see 64 mode. And we'll load the wrong one.
For sure, we don't have to wait the long
24
00:02:37,819 --> 00:02:42,569
time if I press and hold down the caps
lock key. The CPU runs at the full speed
25
00:02:42,569 --> 00:02:51,320
instead of normal speed. And so now it
will light up. Its Commodore 64 software,
26
00:02:51,320 --> 00:02:56,540
right. So of course it has to be cracked.
Even if I had to supply the originals to
27
00:02:56,540 --> 00:03:02,069
the cracking crew because in 2019. So
we'll let that go for the year. The
28
00:03:02,069 --> 00:03:07,700
graphic change a little bit as we go along
and let the grease roll out there. So all
29
00:03:07,700 --> 00:03:13,019
of this has been created in FPGA. So we
have complete sovereignty in that sense
30
00:03:13,019 --> 00:03:16,590
over the architecture so that we can
really start trying to, you know, to make
31
00:03:16,590 --> 00:03:22,099
systems that we have full control over
from that full hardware layer and that are
32
00:03:22,099 --> 00:03:26,550
simple enough that we don't need to have a
huge, massive team of people to actually
33
00:03:26,550 --> 00:03:29,970
work on these things. A lot of what we are
talking about here has been created in
34
00:03:29,970 --> 00:03:37,250
maybe three or four person years over the
last few years. So it is quite possible to
35
00:03:37,250 --> 00:03:41,030
do a lot with these systems without
needing to have the huge resources of a
36
00:03:41,030 --> 00:03:51,119
multinational company or something, which
is kind of key. Okay, so we'll do. Mega.
37
00:03:51,119 --> 00:04:02,760
Oh. 36C3. Okay. I'll press a five for
presentation mode, which really just hides
38
00:04:02,760 --> 00:04:09,159
the cursor. And then I can use my clicker.
So we have to switch, the camera here for
39
00:04:09,159 --> 00:04:15,849
a moment applause we switch the
camera. So it's a genuine homemade
40
00:04:15,849 --> 00:04:20,180
Commodore 64 compatible joystick. And it
makes the most satisfying click noise when
41
00:04:20,180 --> 00:04:29,930
we use it. So if we switch back to the
slides, that will be great. But they are
42
00:04:29,930 --> 00:04:36,330
super, cool. So I am indeed going to be
talking about creating resilient and
43
00:04:36,330 --> 00:04:38,630
sustainable mobile phones and hopefully
that link when we already have the the
44
00:04:38,630 --> 00:04:46,120
artifact there of the megaphone prototype,
that will become clearer as we go through.
45
00:04:46,120 --> 00:04:51,000
So really, the last talk, was it kind of
interesting talking about this whole a
46
00:04:51,000 --> 00:04:54,340
different angle, this whole thing, that
communications has actually become really
47
00:04:54,340 --> 00:05:00,360
weaponized over the last decade or two in
particular that, you know, we're seeing
48
00:05:00,360 --> 00:05:03,180
that, you know, where it used to be
natural disasters, that are the main
49
00:05:03,180 --> 00:05:06,840
problem, that now there is this whole
problem of manmade disaster, which is a
50
00:05:06,840 --> 00:05:11,840
major problem for us. And so we see
Internet shut communication shutdowns. We
51
00:05:11,840 --> 00:05:15,810
have surveillance happening in different
places where it really ought not be
52
00:05:15,810 --> 00:05:19,900
happening. You know, this state level
actors that are very well resourced, able
53
00:05:19,900 --> 00:05:23,690
to find zero day exploits. And the attack
surface, as we know in modern
54
00:05:23,690 --> 00:05:30,520
communications devices is simply huge. And
so this is this is very asymmetric in the
55
00:05:30,520 --> 00:05:34,949
power equation between, you know, the
forces that seek to oppress people and,
56
00:05:34,949 --> 00:05:38,490
you know, the vulnerable people at the
coalface who are just trying to get on
57
00:05:38,490 --> 00:05:42,720
with their lives and believe good decent
lives and need communications to help
58
00:05:42,720 --> 00:05:46,960
protect themselves and enable that to
happen. And that we're seeing that the
59
00:05:46,960 --> 00:05:53,000
value of communications is so well
understood by these pressing forces that
60
00:05:53,000 --> 00:05:56,260
it really has become quite a you know,
it's quite high up their list of things to
61
00:05:56,260 --> 00:05:59,680
do. You know, you don't send the army in
first to quiet people down. You cut off
62
00:05:59,680 --> 00:06:06,580
their Internet as the first thing. So this
is part of the backdrop of what we see.
63
00:06:06,580 --> 00:06:11,780
And so what I would say is that the
digital summer has actually finished.
64
00:06:11,780 --> 00:06:18,050
We're now in the digital autumn. We can
see in that, you know, with the with farms
65
00:06:18,050 --> 00:06:20,639
and trees and things that, you know,
there's still plenty of fruit to see in
66
00:06:20,639 --> 00:06:25,680
the early autumn. Right? And there's lots
on the ground. It feels like this time of
67
00:06:25,680 --> 00:06:30,919
plenty will continue. And, you know, we
can all eat as we need that there is
68
00:06:30,919 --> 00:06:36,490
enough more or less to go around. But the
risk that we have is from this parable of
69
00:06:36,490 --> 00:06:39,850
the grasshopper and the yet. Who here
knows the parable of the grasshopper and
70
00:06:39,850 --> 00:06:43,350
the ant? Hands right up. Is it really hard
for me to see up here? Okay. We'll stop
71
00:06:43,350 --> 00:06:49,330
and say who doesn't know? Okay, cool. So I
thought actually it was originally a
72
00:06:49,330 --> 00:06:52,740
German kind of problem. This is the story
of where the grashoper, you know, the
73
00:06:52,740 --> 00:06:56,569
grasshopper is kind of lounging around and
enjoying the summer. While ant aren't busy
74
00:06:56,569 --> 00:07:00,530
carrying all the seeds back into the nest.
And the ant's telling the grasshopper,
75
00:07:00,530 --> 00:07:03,370
hey, you need to get some food and stuff
and put away for the winter so that you
76
00:07:03,370 --> 00:07:07,610
can actually survive the winter. And the
grasshopper is basically in denial about
77
00:07:07,610 --> 00:07:11,650
the fact that, you know, the season will
change. And then, of course, the season
78
00:07:11,650 --> 00:07:14,630
changes. It snows and gets cold. And then
the grasshopper kind of goes knocking on
79
00:07:14,630 --> 00:07:17,680
the door of the antholl, not the lake,
kind of really have doors, but that's
80
00:07:17,680 --> 00:07:21,870
fine. It's like, oh, I'm starving and cold
out here. And and ant is kind of like,
81
00:07:21,870 --> 00:07:23,940
well, I've told you so kind of thing. And
I think actually in the end, it kind of
82
00:07:23,940 --> 00:07:28,271
lets it into we that want to scare
children too much with their stories. And
83
00:07:28,271 --> 00:07:34,090
so this is actually the challenge that we
have that we, I love every time I come to
84
00:07:34,090 --> 00:07:38,730
these events or the creativity that we
see. You know, we're enjoying the digital
85
00:07:38,730 --> 00:07:41,870
summer and all of the things that is
letting us create and, you know, the great
86
00:07:41,870 --> 00:07:45,400
open source software and tools and
everything that's going on, it's
87
00:07:45,400 --> 00:07:50,630
absolutely fantastic. And we want that to
be to continue indefinitely. But we know
88
00:07:50,630 --> 00:07:55,199
that, as we said, that, you know, the you
know, the chilling winds are beginning to
89
00:07:55,199 --> 00:08:00,630
to come that tell us that unless we
actually do something about it, that this
90
00:08:00,630 --> 00:08:05,710
isn't actually going to continue
indefinitely. And just a statement that I
91
00:08:05,710 --> 00:08:09,400
really want to make here is this last
point that I've got. The freedoms of the
92
00:08:09,400 --> 00:08:14,460
second half of the 20th century, post-
World War 2. If you look at history, they
93
00:08:14,460 --> 00:08:22,890
are an aberration. To my knowledge, never
before and I fear perhaps never again will
94
00:08:22,890 --> 00:08:27,810
we have that degree of personal liberty,
focus on, you know, individual freedom and
95
00:08:27,810 --> 00:08:32,130
agency and everything that was in this
post-World War era and is now starting to
96
00:08:32,130 --> 00:08:38,900
unwind and starting to unwind back to the
normal totally asymmetric, you know. Well,
97
00:08:38,900 --> 00:08:43,500
to say sharing of power is the wrong word.
It's the greedy collection of power and
98
00:08:43,500 --> 00:08:49,200
depravation of the mass population from
having any thing resembling a fair share
99
00:08:49,200 --> 00:08:54,650
of what's going on. And so we have to act
if we want for the, you know, the digital
100
00:08:54,650 --> 00:08:59,200
summer to continue or at worst for the
digital winter to be as short and shallow
101
00:08:59,200 --> 00:09:06,790
as we can have it, so that the you know,
we can come back to a new digital summer.
102
00:09:06,790 --> 00:09:13,160
Because once we hit the digital winter, it
will actually be too late. Because if we
103
00:09:13,160 --> 00:09:16,020
push this analogy, you know that the
digital winter is the time when there is
104
00:09:16,020 --> 00:09:22,060
no food on the train or it isn't any
longer possible or at least practical to
105
00:09:22,060 --> 00:09:27,860
create new technologies to enable us to,
you know, to feed our digital needs. And
106
00:09:27,860 --> 00:09:31,930
we can't plant any new crop, so to speak,
until the digital spring comes again after
107
00:09:31,930 --> 00:09:36,910
that. And so the opportunity, like with
the grasshopper is now before the winter
108
00:09:36,910 --> 00:09:42,879
comes to say, right, what do we need to
have in our store of technology, the store
109
00:09:42,879 --> 00:09:46,290
of protocols, all of these different
things, so that when the digital winter
110
00:09:46,290 --> 00:09:51,580
comes, we don't starve. And fortunately,
you know, we can actually change the
111
00:09:51,580 --> 00:09:57,160
length of the digital winter. We can
empower people so that, you know, the
112
00:09:57,160 --> 00:10:02,590
bitter cold of the digital winter is
moderated and the spring can come as soon
113
00:10:02,590 --> 00:10:08,540
as it can. And the trouble that we have
with this, we actually don't know when the
114
00:10:08,540 --> 00:10:13,279
digital winter will come exactly. We see
these challenges around in the way that
115
00:10:13,279 --> 00:10:18,740
different governments and non-state actors
as well, you know, working you in
116
00:10:18,740 --> 00:10:23,950
propaganda and all all of these things
that are becoming sadly more intense and
117
00:10:23,950 --> 00:10:28,890
acute around us. We don't know when that
tipping point will happen. But given the
118
00:10:28,890 --> 00:10:32,240
complexity of supply chains and things
that are necessary in this, I think Bunny
119
00:10:32,240 --> 00:10:37,410
was talking about that earlier today,
that this is actually quite easy for it to
120
00:10:37,410 --> 00:10:43,260
actually quite quickly flip into the
digital winter mode. And then as with the
121
00:10:43,260 --> 00:10:45,750
real winter, at the very beginning of
winter, there might still be enough to
122
00:10:45,750 --> 00:10:50,110
eat, but it gets harder and harder very
rapidly. And, you know, if the winter gets
123
00:10:50,110 --> 00:10:55,250
too deep, then it's just not going to be
possible to continue with these things.
124
00:10:55,250 --> 00:11:00,931
And so we've tried to think about what's
needed to actually overcome this. What do
125
00:11:00,931 --> 00:11:04,661
we need focusing on mobile communications
as a key piece of that? And there's a
126
00:11:04,661 --> 00:11:10,170
reason for that in that it's the way that
we can communicate, organize, you know,
127
00:11:10,170 --> 00:11:14,680
collectively protect communities against
the threats that come in. If we look at
128
00:11:14,680 --> 00:11:19,080
things like that great Haiti earthquake
just back in 2010, the breakdown of
129
00:11:19,080 --> 00:11:23,029
communications and law and order meant
that they were quite horrible things going
130
00:11:23,029 --> 00:11:28,459
on. We don't know about three days,
actually, of the earthquake there. So
131
00:11:28,459 --> 00:11:32,970
there were militias that were basically
robbing medical teams, trying to transport
132
00:11:32,970 --> 00:11:37,120
people between different hospitals. And
there were much nastier things with, you
133
00:11:37,120 --> 00:11:40,160
know, gangs of people going around
from village to village, basically doing
134
00:11:40,160 --> 00:11:45,300
whatever they want to, whoever they want.
It was really not cool. And so we want to
135
00:11:45,300 --> 00:11:51,529
avoid that kind of problem that comes, when
people are not able to to collectively
136
00:11:51,529 --> 00:11:57,180
work together effectively as a community.
And so the GPO four freedoms that we know
137
00:11:57,180 --> 00:12:00,970
from software, they're a great starting
point. But I think actually we've seen
138
00:12:00,970 --> 00:12:05,140
enough things like with TiVoization and
all these sorts of other challenges, that
139
00:12:05,140 --> 00:12:10,410
this is not sufficient, when it comes to
hardware. And there's actually some even
140
00:12:10,410 --> 00:12:14,830
more complicated things. You start talking
about mobile phone kind of hardware, as to
141
00:12:14,830 --> 00:12:20,180
how we can do that, which I'll talk about
in a moment. But these are a starting
142
00:12:20,180 --> 00:12:23,940
point of what I've come up with as things
that I see as being necessary. There's
143
00:12:23,940 --> 00:12:27,880
ample room for improvement. And in fact,
with any of what we're trying to do in
144
00:12:27,880 --> 00:12:32,829
this space, we need folks to come along
and help us. We can't do it alone. We need
145
00:12:32,829 --> 00:12:39,180
to work together so that we can help
one another when the digital winter comes.
146
00:12:39,180 --> 00:12:44,899
So the first freedom is simply the freedom
from energy infrastructure. We know
147
00:12:44,899 --> 00:12:48,320
critical infrastructure is disturbingly
vulnerable, that the security of it is
148
00:12:48,320 --> 00:12:52,170
quite bad. But also you have these like
large centralized places that produce the
149
00:12:52,170 --> 00:12:56,700
energy that we need. And, you know, we see
power cut offs in Venezuela and all of
150
00:12:56,700 --> 00:12:58,389
these sorts of
things, regardless
151
00:12:58,389 --> 00:12:59,389
of who's actually doing it, whether
it's sabotage or whether
152
00:12:59,389 --> 00:13:02,320
it was purposeful from the
government, I don't know. It actually
153
00:13:02,320 --> 00:13:06,339
doesn't matter. The fact is, it happens.
But also, of course, a natural disaster.
154
00:13:06,339 --> 00:13:10,310
Power goes out. Fortunately, this is
actually one of the easiest things to
155
00:13:10,310 --> 00:13:15,430
solve. We just need to include some kind
of alternative energy supply into the kind
156
00:13:15,430 --> 00:13:18,890
of devices that we're creating. So that
could be solar panel on the back. Or you
157
00:13:18,890 --> 00:13:23,000
could have the you know, the Faraday, you
know, you shake it like a martini kind of
158
00:13:23,000 --> 00:13:27,089
thing to generate power or both, whatever
you feel like. Or if you can find a good
159
00:13:27,089 --> 00:13:31,470
supply of NASA radio, I hope then with
generators, that would also be fantastic.
160
00:13:31,470 --> 00:13:35,490
And we'll keep you warm through the winter
as well. But, you know, if anyone has a
161
00:13:35,490 --> 00:13:40,630
supply of those, let me know. I'd love to
hear. So then the second freedom is
162
00:13:40,630 --> 00:13:43,760
actually quite similar to the first. It's
the realization that we need energy to
163
00:13:43,760 --> 00:13:49,300
communicate in communications, to organize
ourselves and be effective. And again, the
164
00:13:49,300 --> 00:13:53,660
communications infrastructure is in many
ways that she even more fragile than the
165
00:13:53,660 --> 00:13:58,430
energy production. Infrastructure is much
easier to guard a couple of power stations
166
00:13:58,430 --> 00:14:01,880
in a country than it is to guard every
phone tower and all of the interconnecting
167
00:14:01,880 --> 00:14:06,050
links and all these sorts of things
between them. As we said, communications
168
00:14:06,050 --> 00:14:11,779
depravation is already being weaponized
against the vulnerable around us. Again,
169
00:14:11,779 --> 00:14:13,889
fortunate there's been a whole pile of
work in the space of the previous work
170
00:14:13,889 --> 00:14:19,730
I've done with the serval mesh and
freifunk. And a whole bunch of groups
171
00:14:19,730 --> 00:14:23,529
working on a whole bunch of different
things in this kind of space for peer to
172
00:14:23,529 --> 00:14:28,620
peer secure, authenticated communications.
So, yes, there's work to be done, but this
173
00:14:28,620 --> 00:14:32,240
is an area where there's actually already
like the energy one. There's been quite a
174
00:14:32,240 --> 00:14:39,730
lot of work done that makes that quite
feasible to work on. So then we start
175
00:14:39,730 --> 00:14:43,600
going into some of the the harder ones, we
need to make sure that we are not
176
00:14:43,600 --> 00:14:50,380
dependent on, you know, the major vendors
of our devices, when it comes to the
177
00:14:50,380 --> 00:14:53,800
security of our devices. So this starts
with simple things like that the GPL
178
00:14:53,800 --> 00:14:58,680
provides. So, you know, full source code
has to be available. But more than that,
179
00:14:58,680 --> 00:15:04,520
we actually have to make sure that we can
actually exercise those rights in
180
00:15:04,520 --> 00:15:09,350
practice. So it needs to be simple enough
that we can actually, you know, go right.
181
00:15:09,350 --> 00:15:13,310
Okay. There's a security vulnerability in
such and such like you now. Yes. You were
182
00:15:13,310 --> 00:15:16,820
talking about earlier today with some of
the bluetooth things. And then to actually
183
00:15:16,820 --> 00:15:21,790
be out to patch it yourself, it's quite
obvious that this is not the case for
184
00:15:21,790 --> 00:15:26,130
whether it's firmware or whether it's the
regular operating system on modern mobile
185
00:15:26,130 --> 00:15:30,970
phones. So who here is actually built
Android from source themselves? Excellent.
186
00:15:30,970 --> 00:15:36,950
Expected to see a few folks here. Who has
tried and gave up in disgust. Right. More
187
00:15:36,950 --> 00:15:41,529
hands? Yes. I myself was all like, you
know, I work on the civil project and we
188
00:15:41,529 --> 00:15:45,100
do a whole pile of things and basically
just know after spending a number of hours
189
00:15:45,100 --> 00:15:48,310
on, it just went like, you know, this is
actually this is a lot of work for
190
00:15:48,310 --> 00:15:52,669
something that ought to be straightforward
if we want to be out to make rapid
191
00:15:52,669 --> 00:15:58,290
progress. And so we want to have systems
that are simple enough, we can patch. But
192
00:15:58,290 --> 00:16:01,290
in fact, there's another really key
advantage, the simplicity that I'll
193
00:16:01,290 --> 00:16:05,920
probably come over a few times in this
talk, and that is that simplicity reduces
194
00:16:05,920 --> 00:16:10,821
the attack surface. If we are in an
asymmetric power environment, where there
195
00:16:10,821 --> 00:16:15,500
are whether they are state or non-state
actors seeking to deprive vulnerable
196
00:16:15,500 --> 00:16:19,820
people of communications, they're going to
have potentially the ability to put whole
197
00:16:19,820 --> 00:16:24,280
teams looking for vulnerabilities in
software. In contrast, we might be lucky
198
00:16:24,280 --> 00:16:28,130
to have someone who's going to try and
madly find when things are being exploited
199
00:16:28,130 --> 00:16:35,410
and to patch them. So we need to have ways
around this kind of thing. And to my mind,
200
00:16:35,410 --> 00:16:38,460
reducing the attack surface is the only
way that we can actually have any real
201
00:16:38,460 --> 00:16:47,880
hope of, you know, being at a keep up in
that arms race of security. So Freedom #4
202
00:16:47,880 --> 00:16:50,940
is related to this previous one. Is
actually saying not only do we want to be
203
00:16:50,940 --> 00:16:54,350
at a patch, where she wants to be at a
change, enhance doing these things. And
204
00:16:54,350 --> 00:16:58,649
again, it comes back to the same basic
need that the software is actually able to
205
00:16:58,649 --> 00:17:03,020
be compiled. And the hardware designs are
simple enough that we can actually, you
206
00:17:03,020 --> 00:17:10,659
know, to work on these things so that we
get not merely in theory have permission
207
00:17:10,659 --> 00:17:17,089
to innovate, but that it is in practice
feasible to do so. And again, the simpler
208
00:17:17,089 --> 00:17:21,169
the system, the the the more probable it
is that we can actually succeed in this
209
00:17:21,169 --> 00:17:28,830
kind of space. And then again, there's a
lot of these are quite interrelated,
210
00:17:28,830 --> 00:17:30,112
that's part of why I
say it would actually be
211
00:17:30,112 --> 00:17:32,120
great to get feedback
on how we might
212
00:17:32,120 --> 00:17:34,870
restructure these to make the boundaries
really clear
213
00:17:34,870 --> 00:17:37,508
between these freedoms
that we need.
214
00:17:37,508 --> 00:17:41,789
So we need the freedom to
maintain the devices for the long run. So
215
00:17:41,789 --> 00:17:47,710
who here has or has had a fair phone, for
example? I love the fair phone by the way.
216
00:17:47,710 --> 00:17:53,750
A number of us. I've had one as well. And,
you know, if you talk to the people at
217
00:17:53,750 --> 00:17:58,620
Faith, I think they have a team of a bunch
of people just trying to maintain Android
218
00:17:58,620 --> 00:18:02,520
on the faire phone 2, for example. And
also now on the faire phone 3 as it comes
219
00:18:02,520 --> 00:18:07,380
out. And this is actually really hard
work. But again, the complexity and the
220
00:18:07,380 --> 00:18:11,660
barriers that are there, make it really
difficult to be able to just keep the
221
00:18:11,660 --> 00:18:14,980
thing running with the same hardware
little and each time you want to target
222
00:18:14,980 --> 00:18:19,710
new hardware with new capabilities. This
is just going to be, you know, as a
223
00:18:19,710 --> 00:18:23,090
community, we can probably do one or two
devices if we kind of all collected our
224
00:18:23,090 --> 00:18:27,790
effort. But to actually do it for, you
know, devices that meet individual needs
225
00:18:27,790 --> 00:18:31,169
or, you know, appropriate for a particular
area might have, as we say, a different
226
00:18:31,169 --> 00:18:34,980
energy source. So I might want to try
putting, you know, some thermal electric
227
00:18:34,980 --> 00:18:39,809
thing or whatever that at the moment to do
that with mobile phone hardware is just
228
00:18:39,809 --> 00:18:44,309
prohibitive in the complexity and the, you
know, the resourcing and effort that it
229
00:18:44,309 --> 00:18:51,130
would require. So we need to find
solutions around this. And then again,
230
00:18:51,130 --> 00:18:55,470
related to that, overall, we have this
problem of scale dependency. I think this
231
00:18:55,470 --> 00:18:59,950
is one of the really key things at the
moment to make a mobile phone. You need to
232
00:18:59,950 --> 00:19:03,539
have a big enough market and you'd have a
big enough enterprise and enough capital
233
00:19:03,539 --> 00:19:07,340
and all of the rest of it to actually be
had to go through the very expensive
234
00:19:07,340 --> 00:19:13,270
process of designing the thing, getting
injection molding, tooling and all of that
235
00:19:13,270 --> 00:19:18,580
kind of thing made. That, you know, to do
that for a modern phone. I suspect it's a
236
00:19:18,580 --> 00:19:23,809
few million euros to do it reasonably
well. And if you did it on the cheap and
237
00:19:23,809 --> 00:19:30,270
skinny is probably still maybe something
like a million euros to achieve. So we
238
00:19:30,270 --> 00:19:39,100
have to somehow break this down, to make
it feasible to do. And as I said earlier,
239
00:19:39,100 --> 00:19:43,530
simplicity is a key theme to my mind, and
it is the only way I think that we can
240
00:19:43,530 --> 00:19:46,490
actually do it. So we've already talked
about the challenges of distributing an
241
00:19:46,490 --> 00:19:51,010
Android ROM, let alone modifying it to do
new things in any kind of sophisticated
242
00:19:51,010 --> 00:19:54,870
way. And even if you do, the hardware is
actually too complicated. And there's a
243
00:19:54,870 --> 00:19:58,490
whole pile of trust issues around the
complicated hardware. If you can't
244
00:19:58,490 --> 00:20:02,130
understand something, by definition, it's
a black box. And if it's a black box, by
245
00:20:02,130 --> 00:20:06,510
definition, you can't trust it. Because
you don't know what's inside. So, you
246
00:20:06,510 --> 00:20:10,520
know, we we have this point again, the
digital winter. You don't want any black
247
00:20:10,520 --> 00:20:15,970
boxes or if you do, you want them very
carefully monitored and managed. And so
248
00:20:15,970 --> 00:20:19,799
the system has to be not simple enough to
make once. It is simple enough that we can
249
00:20:19,799 --> 00:20:24,660
actually remake it again and again and
again, as we have need. It's a bit like
250
00:20:24,660 --> 00:20:27,390
the difference between a chainsaw or an
ax, right? If you want to be in a remote
251
00:20:27,390 --> 00:20:32,490
area and have to be self-sufficient. Much
better to depend on ax to chop your wood,
252
00:20:32,490 --> 00:20:36,100
because if you need two, you can make a
new handle for your ax. And you know, with
253
00:20:36,100 --> 00:20:39,951
a bit more effort, you could do some very
simple metallurgy and, you know, metal
254
00:20:39,951 --> 00:20:43,919
smelting with iron ore. If you happen to
be lucky enough to have an area or copper
255
00:20:43,919 --> 00:20:47,770
or whatever, it's going to be a much
easier proposition than having to do that
256
00:20:47,770 --> 00:20:50,780
and then somehow make a fine machine
tooling and making you chain parts and
257
00:20:50,780 --> 00:20:55,620
motor parts and all of this kind of thing.
So it has to be if it is going to be
258
00:20:55,620 --> 00:20:59,640
resilient and survivable, it has to be
simple enough that you actually can build
259
00:20:59,640 --> 00:21:03,180
it with relatively simple tools going
forward. Electronics is going to be a big
260
00:21:03,180 --> 00:21:07,100
challenge in this area because, you know,
you need to be PCV fabrication, you need
261
00:21:07,100 --> 00:21:11,059
to get components and things. But we have
to try and reduce the barriers as much as
262
00:21:11,059 --> 00:21:14,650
we can, so that at least, for example,
component scavenging, for example, might
263
00:21:14,650 --> 00:21:19,200
be an option. Or devices that will be
available, because they're still needed by
264
00:21:19,200 --> 00:21:24,100
other industries that have more protection
as we head into a digital winter
265
00:21:24,100 --> 00:21:31,450
environment that we can take and repurpose
that kind of hardware. So that this kind
266
00:21:31,450 --> 00:21:36,470
of leads into this tension then of saying,
okay, if we make something which is simple
267
00:21:36,470 --> 00:21:41,040
enough, we know we as a community, we only
have limited resources available to us, to
268
00:21:41,040 --> 00:21:45,120
make this kind of resilient device. Do we
make one or do we all kind of like run off
269
00:21:45,120 --> 00:21:52,659
and make different kind of things? And I
think the you know, this is a tension. I'm
270
00:21:52,659 --> 00:21:57,370
not going to claim that. I know the
absolute best setting for this. I think we
271
00:21:57,370 --> 00:22:02,000
need to have, as I say, kind of multiple
germ lines so that if one system gets
272
00:22:02,000 --> 00:22:05,722
chronically critically broken or proves to
be ineffective and that, you know, there
273
00:22:05,722 --> 00:22:09,500
are others kind of in the wing that can
kind of fill that niche in the
274
00:22:09,500 --> 00:22:14,570
environment. But we don't have so many,
that if you don't get anywhere. And so
275
00:22:14,570 --> 00:22:19,000
this is a bit tricky. My gut feeling is,
you know, making a an initial device that
276
00:22:19,000 --> 00:22:22,020
can kind of demonstrate some of these kind
of positive properties. And then so other
277
00:22:22,020 --> 00:22:23,980
people will look at and go like, well,
that's really great. That's got us
278
00:22:23,980 --> 00:22:26,659
forward. But, you know, that was a really
stupid design. I think this is a way
279
00:22:26,659 --> 00:22:30,450
better way to do it in the way, that we
have that freedom in the open source
280
00:22:30,450 --> 00:22:36,440
community to do, is probably a pretty good
way to do things. And I would say, we're
281
00:22:36,440 --> 00:22:41,220
not yet at the end point of that proof of
concept, but we're trying to move things
282
00:22:41,220 --> 00:22:47,420
forward to that and that point. So, come
actual to the the megaphone that we're
283
00:22:47,420 --> 00:22:53,659
trying to create. And so in terms of what
we've actually set out to do for the goals
284
00:22:53,659 --> 00:22:57,521
and kind of the methodology, we want
something, which is simple, secure, self-
285
00:22:57,521 --> 00:23:03,329
sufficient and survivable. A lot of the
work that I do is, for example, with, you
286
00:23:03,329 --> 00:23:06,460
know, NGOs. We've worked with folks
from Red Cross. We work with folks from
287
00:23:06,460 --> 00:23:11,490
the UN World Food Program, who part of
the interestingly, are the distributors of
288
00:23:11,490 --> 00:23:15,990
communications in the UN cluster system
for disasters. Because they kind of like
289
00:23:15,990 --> 00:23:19,210
hand out blankets and they hand out rice
and things. Someone basically say to them,
290
00:23:19,210 --> 00:23:23,440
well, you should also be handing out the
communications. And so that's just kind of
291
00:23:23,440 --> 00:23:28,799
how it's fell. And so, you know, in an
easy way I do smartphony kind of things
292
00:23:28,799 --> 00:23:32,429
like would be great to have some
navigation, it would be great to have in a
293
00:23:32,429 --> 00:23:35,610
disaster context, the ability to fill in
forms on the screen with a touch screen
294
00:23:35,610 --> 00:23:40,390
and the rest of it and have the uplink
through. So if you think, you know, an
295
00:23:40,390 --> 00:23:45,480
Ebola outbreak in Africa, for example, to
be out a collect, you know that case
296
00:23:45,480 --> 00:23:48,690
information to track down the you know,
the case zeros and. Kind of thing, you
297
00:23:48,690 --> 00:23:55,020
need communications that can work. Often
these outbreaks happen in places where law
298
00:23:55,020 --> 00:23:58,850
and order and civil society is not really
working. Because if it was, then they
299
00:23:58,850 --> 00:24:01,581
wouldn't have had the outbreak there, it
would have been managed more effectively.
300
00:24:01,581 --> 00:24:07,070
And so you need this kind of,
you know, dependable device that can work
301
00:24:07,070 --> 00:24:10,730
independent of everything else that's
going on. And that might have to do
302
00:24:10,730 --> 00:24:14,120
software updates, for example, over a
really expensive narrowband satellite link
303
00:24:14,120 --> 00:24:19,000
that might be, you know, tens of bytes per
second or less. So that was kind of some
304
00:24:19,000 --> 00:24:26,159
of the, you know, the motivation around
this to create it. And it separately have
305
00:24:26,159 --> 00:24:32,250
been working on the Mega 65 project for a
couple of years at that point. And it just
306
00:24:32,250 --> 00:24:36,150
kind of dawned on me that actually this
simple 8 bit architecture is
307
00:24:36,150 --> 00:24:40,610
powerful enough to actually be useful to
do some things. Math kind of, you know,
308
00:24:40,610 --> 00:24:44,830
well, you're doing this. You know, the fun
proof of, you know, proof by example,
309
00:24:44,830 --> 00:24:49,770
really, of delivering the slides with this
machine to show. that you can do useful
310
00:24:49,770 --> 00:24:53,380
things if you write the code carefully
and carefully written code is more likely
311
00:24:53,380 --> 00:24:59,700
to be verifiable and secure. And it's
probably I don't think you can get any
312
00:24:59,700 --> 00:25:03,440
simpler than an eight bit system and still
be useful like I don't think we want to be
313
00:25:03,440 --> 00:25:09,659
trying to use an Intel 4004 derived
4 Bit CPU to do things. Boeing's if
314
00:25:09,659 --> 00:25:13,010
someone can find a way to do something
with a system that's that simple and they
315
00:25:13,010 --> 00:25:17,210
can still do everything we need and it
makes it even easier to verify. Fantastic.
316
00:25:17,210 --> 00:25:21,169
My gut feeling is it would actually be
worse on every point, because the amount
317
00:25:21,169 --> 00:25:24,900
of work that you would have to do to do
each useful thing, you end up with code
318
00:25:24,900 --> 00:25:29,799
which is actually larger in size. That I
think, my feeling is that the 8 Bit
319
00:25:29,799 --> 00:25:33,133
architecture is about that sweet point.
And so anyway, so as a result of the
320
00:25:33,133 --> 00:25:40,256
Mega 65 work, it's based directly on that. So
the the phone actually is a Mega 65
321
00:25:40,256 --> 00:25:48,600
importable form and will show that in a
little bit. And so we're getting towards
322
00:25:48,600 --> 00:25:52,309
that kind of proof of concept stage. So we
had the first phone calls back in Linuxconf.
323
00:25:52,309 --> 00:25:55,741
So if you kind of dig back through this,
the the video of that talk where with a
324
00:25:55,741 --> 00:26:00,809
much earlier prototype, we actually had
people calling the machine, which is quite
325
00:26:00,809 --> 00:26:06,580
fun. And I took a little bit later as well
about the some of the audio part kind of
326
00:26:06,580 --> 00:26:10,570
issues around that. So let's look at those
six freedoms again now, and what we're
327
00:26:10,570 --> 00:26:14,809
trying to do with the megaphone. So energy
independence. The first thing is we've got
328
00:26:14,809 --> 00:26:18,760
a filthy, great big battery. I hate it
when phones go flat. And when you're in a
329
00:26:18,760 --> 00:26:21,670
disaster zone or these kind of vulnerable
situations, you really don't want it going
330
00:26:21,670 --> 00:26:26,520
flat at the wrong time. So we've put a 32
watt our lithium ion phosphate battery
331
00:26:26,520 --> 00:26:31,679
that should have 2000 full charge cycles
in there. The device is about the size of
332
00:26:31,679 --> 00:26:35,790
an intended switch in terms of surface
area. So putting high performance solar
333
00:26:35,790 --> 00:26:39,400
cells like you would put on the solar
racing car or on your roof, we can
334
00:26:39,400 --> 00:26:44,220
probably get about seven watts with that.
And if you do the kind of math that's, you
335
00:26:44,220 --> 00:26:52,130
know, four or so hours of charge time, but
we know in reality that the, you know, the
336
00:26:52,130 --> 00:26:55,830
solar environment will often be much worse
than that. It might be only 10 percent of
337
00:26:55,830 --> 00:26:59,620
what it to be 1 percent of that if you're
talking about these kinds of latitudes
338
00:26:59,620 --> 00:27:04,210
under cloudy conditions. And so you really
want to have the big battery and as big a
339
00:27:04,210 --> 00:27:07,720
solar panel as you can and you want the
power consumption to be as low as
340
00:27:07,720 --> 00:27:12,890
possible. So we've got CPO data to
candlelight little teeny tiny FPGAs,
341
00:27:12,890 --> 00:27:16,050
that are managing the whole power
environment and wake up the main FPGA only
342
00:27:16,050 --> 00:27:20,419
when something important needs to happen.
So we believe with 32 watt hours, we
343
00:27:20,419 --> 00:27:25,860
should be out to get about a thousand
hours standby with a 4G off the shelf
344
00:27:25,860 --> 00:27:29,990
cellular modem. And that's, you know,
assuming the solar panel was actually, you
345
00:27:29,990 --> 00:27:35,330
know, like, you know, in a black box, even
the light here, if we had the solar, the
346
00:27:35,330 --> 00:27:40,020
seven watt solar panel would have a sunny
side up and we would be able to maintain
347
00:27:40,020 --> 00:27:43,560
charge indefinitely on the device, because
we only need to have about 8 Milli
348
00:27:43,560 --> 00:27:49,880
Watts coming in. So we're talking about
one one thousandth of the capacity of the
349
00:27:49,880 --> 00:27:56,590
solar panel. OK. So if a communications
for independence, we really want as many
350
00:27:56,590 --> 00:28:00,600
possible ways to communicate as we can and
the naughty little things that we can't
351
00:28:00,600 --> 00:28:05,480
trust, in particular the cellular modem,
we want to have a sandbox and quarantined
352
00:28:05,480 --> 00:28:09,450
so that it can't spread its naughty plague
of whatever vulnerabilities it has in
353
00:28:09,450 --> 00:28:13,360
there. Again, there are black box. We
can't trust them. They're too hard for us
354
00:28:13,360 --> 00:28:16,960
to implement. So this is kind of a
decision that we've taken. We'd much
355
00:28:16,960 --> 00:28:21,200
rather have a fully open 4G modem and if
someone makes one fantastic,
356
00:28:21,200 --> 00:28:22,740
will incorporate
it straight in.
357
00:28:22,740 --> 00:28:24,870
Right. because the
systemis designed to be
358
00:28:24,870 --> 00:28:26,760
easy to change.
But in the meantime,
359
00:28:26,760 --> 00:28:29,250
we have to kind of deal with
what there is. The great thing is that
360
00:28:29,250 --> 00:28:34,039
these m.2 cellular modems are used
in vending machines, in cars, in all sorts
361
00:28:34,039 --> 00:28:37,360
of things. So they're just the common
eyes. Again, if he had to scavenge them in
362
00:28:37,360 --> 00:28:41,850
the future. This would be quite feasible
and also means, we can upgrade. So we have
363
00:28:41,850 --> 00:28:47,049
two of these slots, so we could actually
have a dual 5G Commodore 64 so that, you
364
00:28:47,049 --> 00:28:49,640
know, because he wants to
light weight extra time
365
00:28:49,640 --> 00:28:51,050
when you're downloading
your games, right?
366
00:28:51,050 --> 00:28:54,000
And 40 kilobytes can take a
long time to download. I've only got one
367
00:28:54,000 --> 00:28:58,600
5G link, right? We have two of them so we
can do it in parallel. Because he was to
368
00:28:58,600 --> 00:29:02,690
more than about, you know, four
milliseconds to download new software and
369
00:29:02,690 --> 00:29:07,970
again, limited communications availability
in these kind of oppressive environments.
370
00:29:07,970 --> 00:29:12,190
This is actually key. You might only have
short communications window. So while it
371
00:29:12,190 --> 00:29:16,450
is a little bit tongue in cheek, it's not
entirely. And of course, with several
372
00:29:16,450 --> 00:29:20,770
mesh, we've been doing, you know, UHF?
packet radio. So we've put in try band
373
00:29:20,770 --> 00:29:25,882
Laura compatible radios in there. Not
Laura when we're doing it fully. We're
374
00:29:25,882 --> 00:29:29,779
just sending out radio packets and
listening in with the modules. We've also
375
00:29:29,779 --> 00:29:34,800
got ESP 1, 266 Wi-Fi and some Bluetooth in
there. So that's some other potential
376
00:29:34,800 --> 00:29:38,210
options. Acoustic networking. So we've
got 4 microphones that are directly
377
00:29:38,210 --> 00:29:42,140
connected to our FPGA so we can do crazy
signal processing on that. And we've got a
378
00:29:42,140 --> 00:29:46,950
nice loud speaker that should work up into
the ultrasonic range so we could even have
379
00:29:46,950 --> 00:29:51,370
quite decent communications over, you
know, 10 or so meters in the acoustic
380
00:29:51,370 --> 00:29:55,289
band. And there's a crazy bunch. And I've
forgotten the name of the research group
381
00:29:55,289 --> 00:30:02,170
that do air gap jumping. And they've done
some quite crazy things with acoustics
382
00:30:02,170 --> 00:30:06,200
with the live your headphones plugged into
your computer on your desk in a headphone
383
00:30:06,200 --> 00:30:10,059
jack. You can software reconfigure that
and make that that's a speaker and
384
00:30:10,059 --> 00:30:14,980
microphone. There's anyone that's
interested in a hall after. And we can
385
00:30:14,980 --> 00:30:19,080
have a look and try and find the link for
you. We've also got infrared LED. And so
386
00:30:19,080 --> 00:30:24,340
the idea with all of these kind of things
and whatever else you can kind of do, is
387
00:30:24,340 --> 00:30:28,870
that it should be really hard for an
adversary to actually jam all of these
388
00:30:28,870 --> 00:30:33,830
things at the same time. You know, you
might be able to do broadband RF jamming,
389
00:30:33,830 --> 00:30:38,270
but that's not going to stop the acoustics
or the LED. And even if you can kind of
390
00:30:38,270 --> 00:30:41,690
make a lot of noise, it's gonna be really
hard to block the LED, if people are kind
391
00:30:41,690 --> 00:30:47,750
of holding the devices near one another to
do delay tolerant transfer. And of course,
392
00:30:47,750 --> 00:30:51,289
any other crazy things that people come up
with. Again, a simple system design that
393
00:30:51,289 --> 00:30:57,679
you can extend it easily yourself. OK.
Security independence. So the operating
394
00:30:57,679 --> 00:31:01,380
system runs in a little bit CPU, which is
basically a slightly enhanced version of
395
00:31:01,380 --> 00:31:07,409
the Commodore 64 CPU. It has a a bit
hypervisor, which is 16 kilobytes inside
396
00:31:07,409 --> 00:31:12,700
hardware limitation, because we don't want
it getting bigger. If it gets 16K then
397
00:31:12,700 --> 00:31:15,230
you have to throw some other things out
and right. What does it actually really
398
00:31:15,230 --> 00:31:18,720
need to do so, that you still have a
system which is actually much more
399
00:31:18,720 --> 00:31:22,940
verifiable. And this kind of small
software, it should be quite possible on
400
00:31:22,940 --> 00:31:26,840
this machine to run a simple C compiler,
for example, to we had to compile the
401
00:31:26,840 --> 00:31:30,409
software that is actually running the
core operating system, so we can have
402
00:31:30,409 --> 00:31:34,720
that whole complete offgrid operation.
We've really talked a little bit about having
403
00:31:34,720 --> 00:31:39,780
the untrusted components fully sandboxed.
So for example, cellular modems only have
404
00:31:39,780 --> 00:31:45,320
a 80 command serial interface to the rest
of the system. And so this is going to
405
00:31:45,320 --> 00:31:47,110
make it much harder for
an adversary to work
406
00:31:47,110 --> 00:31:48,570
out how with a fully
compromised cellular
407
00:31:48,570 --> 00:31:52,049
modem, you can compromise the
rest of the system by giving presumably
408
00:31:52,049 --> 00:31:56,250
bogus responses to 80 command requests.
And because we know that's where the
409
00:31:56,250 --> 00:32:00,160
vulnerable point is, we can put a lot of
effort in our software to really
410
00:32:00,160 --> 00:32:04,289
interrogate the command response to the
coming back and no look for any QIT
411
00:32:04,289 --> 00:32:08,160
command responses within a semicolon, drop
tables and all the rest of it in there. It
412
00:32:08,160 --> 00:32:13,220
should be pretty straightforward to pick
up. So we also have an integrated hardware
413
00:32:13,220 --> 00:32:17,970
in sufferance inspectors, so that you can
real time verify. It is a little bit fun.
414
00:32:17,970 --> 00:32:22,720
So I can hit mega tab and we call it
matrix mode for good reason. So the system
415
00:32:22,720 --> 00:32:26,060
is still running in the background. So the
slides are still there. So I can go back
416
00:32:26,060 --> 00:32:35,769
to the previous slow, I begin to say, it
was a joystick actually when I'm in there.
417
00:32:35,769 --> 00:32:43,300
Yes, they you go. Or file a bug for that,
but we can, if I go back into it, we can
418
00:32:43,300 --> 00:32:49,510
look at all of memory in real time. So if
you are truly paranoid and you are about
419
00:32:49,510 --> 00:32:53,364
to, for example, do some encrypted email
on your, you know, digitally sovereign
420
00:32:53,364 --> 00:32:57,960
device. You could actually go into this,
stop the CPU and then inspect every byte
421
00:32:57,960 --> 00:33:02,650
of memory and compare it to your physical
printout of the, you know, 30 or 40
422
00:33:02,650 --> 00:33:06,919
kilobytes of your software. Or you might
every time he might do, you know, half a
423
00:33:06,919 --> 00:33:10,970
kilobyte or something, right?! And verify
it so that progressively over time, you've
424
00:33:10,970 --> 00:33:15,380
actually verified that the system is
always byte identical. At that point in
425
00:33:15,380 --> 00:33:18,659
time to what it should be doing. And
again, the simplicity, we only have one
426
00:33:18,659 --> 00:33:23,919
program running at a time. So, you know,
you know exactly what the system is doing.
427
00:33:23,919 --> 00:33:27,929
And we can tasks which we got a built in
phrase constantly if I press the restore
428
00:33:27,929 --> 00:33:32,809
key. Anyone who's used a Commodore 64 and
with an action replay will probably
429
00:33:32,809 --> 00:33:36,850
recognize the inspired format. And so
that's our program. They're running with
430
00:33:36,850 --> 00:33:39,620
hardware, thumbnail, generation of colors,
a bit wrong. We need to fix that. But, you
431
00:33:39,620 --> 00:33:44,779
know, we've got other software that we've
had running on it. And so if we wanted to,
432
00:33:44,779 --> 00:33:52,211
you know, break up the presentation with a
quick game of Gyruss, for example. We can
433
00:33:52,211 --> 00:33:56,300
do that. I need to switch the joystick.
What I can do that in here as well. Jay.
434
00:33:56,300 --> 00:33:58,770
silence
435
00:33:58,770 --> 00:34:00,000
retro music
436
00:34:00,000 --> 00:34:05,519
You know, if we wanted to, we can do that.
And then we can go back and, you know,
437
00:34:05,519 --> 00:34:09,330
pretend that we weren't doing anything
naughty at all. And of course, I forgot to
438
00:34:09,330 --> 00:34:12,569
save what I was doing first, right. So I
have to load the program again. So that's
439
00:34:12,569 --> 00:34:17,909
my bad. That's right. Because reboot time
is about two seconds.
440
00:34:17,909 --> 00:34:36,879
typing commands
441
00:34:36,879 --> 00:34:39,960
So the worst part now is that we actually
we haven't got a command to jumped through
442
00:34:39,960 --> 00:34:44,129
the slides and so it actually takes a
little bit of time to render each slide as
443
00:34:44,129 --> 00:34:50,800
we go through. So that that's my
punishment for not saving first.
444
00:34:50,800 --> 00:34:55,669
But see what we might do. We'll skip that for the
moment. And I'm kind of at the right point
445
00:34:55,669 --> 00:35:01,480
anyway to talk about it, which is the
audio powers and a mobile phone. This is a
446
00:35:01,480 --> 00:35:07,920
really important area to protect. So, so
important, that is the only diagram that
447
00:35:07,920 --> 00:35:13,690
I've put an entire presentation. So at the
top we have a normal mobile phone. So
448
00:35:13,690 --> 00:35:17,050
basically what we see is that the
untrustable cellular modem is not merely
449
00:35:17,050 --> 00:35:21,190
on trustable. It's like an evil squid that
has tentacles at reach into every part of
450
00:35:21,190 --> 00:35:25,280
your mobile phone that you really don't
want it getting into. So it has the direct
451
00:35:25,280 --> 00:35:29,421
connection to your microphone and speaker.
The normal CPU in your mobile phone
452
00:35:29,421 --> 00:35:34,200
usually has to say pretty please, oh
untrustable, completely untrustworthy
453
00:35:34,200 --> 00:35:37,760
cellular modem. May I please have
something which you're going to tell me is
454
00:35:37,760 --> 00:35:41,510
the audio that's coming in through the
microphone? Whether or not it's actually
455
00:35:41,510 --> 00:35:44,160
the audio or not, there's a whole separate
thing. It might be doing all manner of
456
00:35:44,160 --> 00:35:46,930
crazy things first, because you can't tell
because it's a big fat black box in the
457
00:35:46,930 --> 00:35:51,340
way. And then just to make sure that the
you know, it can fully compromise, what
458
00:35:51,340 --> 00:35:54,750
you're doing often is on the same memory
bus. And so, you know, you might go, oh,
459
00:35:54,750 --> 00:35:58,270
I'm being all secret squirrel from the
cellular modem and asking you anything.
460
00:35:58,270 --> 00:36:01,190
And it's just quietly lifting the covers
and looking at what you got under there
461
00:36:01,190 --> 00:36:04,596
going like, oh, no, no, that bites wrong.
You really want that value in that bite.
462
00:36:04,596 --> 00:36:08,250
And likewise, the RAM and the storage. So,
you know, the cellular modem can totally
463
00:36:08,250 --> 00:36:12,966
compromise your bootloader and all of that
kind of stuff along the way. Let's just
464
00:36:12,966 --> 00:36:17,570
say that that's not really a very
survivable model or a very resilient model
465
00:36:17,570 --> 00:36:21,430
or a very secure model for a phone. So
we have instead is that we've
466
00:36:21,430 --> 00:36:26,540
basically put the fully untranslatable
thing completely out in its own little tiny
467
00:36:26,540 --> 00:36:30,250
shed. We've got the tin can and string
between us and it with a very controlled
468
00:36:30,250 --> 00:36:33,490
interface and the microphone and speaker,
thank you very much, are directly
469
00:36:33,490 --> 00:36:37,930
connected to our FPGA. So we can do
encryption at the microphone and
470
00:36:37,930 --> 00:36:42,380
decryption at the speaker. The storage is
secure, so we could even have massive one
471
00:36:42,380 --> 00:36:48,370
time pad. So we could actually do sig
sally style provably secure communications
472
00:36:48,370 --> 00:36:55,800
over distance. If you can set up the key
material beforehand for one time pad. So
473
00:36:55,800 --> 00:37:01,280
it's a radically different approach to
what we see with devices out there at the
474
00:37:01,280 --> 00:37:29,050
moment. So we'll just get the the last few
slides up in. Oh, no, for CONAN. Whoops. So
475
00:37:29,050 --> 00:37:34,466
even simple software can have bugs. This
is why we need many eyes. Think of a load.
476
00:37:34,466 --> 00:37:38,609
This one first. Yep. And now I can load
the other one because it just hadn't
477
00:37:38,609 --> 00:37:53,490
loaded the fonts in. Yeah. Cool. It's
coming. Yeah. You could even use the
478
00:37:53,490 --> 00:38:03,079
joystick to move read and the text if you
want to. Okay, so if we think then about
479
00:38:03,079 --> 00:38:09,450
this whole, you know, like what are we
actually trying to achieve around this and
480
00:38:09,450 --> 00:38:14,400
what are some of the things that we need
in the, in the. The Commodore derived 8 bit
481
00:38:14,400 --> 00:38:17,670
platform to us has a whole pile of
advantages as the basis for doing this.
482
00:38:17,670 --> 00:38:20,119
Now, we could have done it with a
completely different platform. You'll like
483
00:38:20,119 --> 00:38:23,980
some would think like RISC-V, for example,
is a nice open platform. Could be an idea.
484
00:38:23,980 --> 00:38:27,450
Might it be that the RISC-V CPU was
actually still too complicated to actually
485
00:38:27,450 --> 00:38:30,700
verify and trust yourself is my kind of
view, but I'm really happy that other
486
00:38:30,700 --> 00:38:33,970
people might disagree with me. Again,
multiple germ lines, totally different
487
00:38:33,970 --> 00:38:38,500
ways of doing things, and at least one of
them keeps working at any point in time
488
00:38:38,500 --> 00:38:42,950
would be really, really good. You're kind
of combination things as well. So one of
489
00:38:42,950 --> 00:38:45,839
the things that we're looking at is
having, for example, a Raspberry Pi
490
00:38:45,839 --> 00:38:49,041
running the PI port of Android that
somebody else maintains. I don't have to
491
00:38:49,041 --> 00:38:53,890
do it. And then having the 8 bit layer
actually visualizing all of the IO around
492
00:38:53,890 --> 00:38:57,750
that, including access to the SD card
storage, including access to the screen.
493
00:38:57,750 --> 00:39:00,890
And as that, she also makes it possible
for us to work to make custom mobile
494
00:39:00,890 --> 00:39:05,210
devices for people living with disability.
And actually some of the Android again is
495
00:39:05,210 --> 00:39:07,970
easy to maintain because we don't even
have to recompile it. We can just get the
496
00:39:07,970 --> 00:39:11,260
standard version and then make it think
it's got a normal touchscreen when in
497
00:39:11,260 --> 00:39:15,650
actual fact it might have some completely
different input method going on. So
498
00:39:15,650 --> 00:39:19,590
there's a bunch of advantages. I've run
out of the official time that have a lot
499
00:39:19,590 --> 00:39:24,990
of so I quickly go through and it will go
into the questions. So the platform is
500
00:39:24,990 --> 00:39:28,630
really well documented. So there's another
whole pile of tools and everything
501
00:39:28,630 --> 00:39:32,950
programing languages. So this is pretty
straightforward to go through. We've
502
00:39:32,950 --> 00:39:36,440
already talked about capability
maintenance again. So that is actually
503
00:39:36,440 --> 00:39:40,080
another key point: Making the hardware big
actually is a massive advantage because
504
00:39:40,080 --> 00:39:44,869
then we can do normal PCP fabrication. We
don't have to be any BGA parts placement,
505
00:39:44,869 --> 00:39:47,500
which is a real pain to do in your home
oven, it is possible, but you don't want
506
00:39:47,500 --> 00:39:52,550
to have to work to learn how to do it in
digital winter. And yet it's largely this
507
00:39:52,550 --> 00:39:57,200
kind of similar size to existing kind of
devices out there. There's a bunch of
508
00:39:57,200 --> 00:40:01,520
advantages with that. There's a whole pile
of different things that we really would
509
00:40:01,520 --> 00:40:06,240
like some folks to help us with to try and
get this finished and out there for people
510
00:40:06,240 --> 00:40:10,970
to try out and to, you know, we had a
mature it and make it work. So it doesn't
511
00:40:10,970 --> 00:40:14,430
matter whether you have a programmable
8 bit computer I've ever done any FPGA work or
512
00:40:14,430 --> 00:40:20,900
PCB work or whatever. You know, there's
lots of space for people to join in what
513
00:40:20,900 --> 00:40:24,270
is quite, we think is actually both an
important and actually a really fun and
514
00:40:24,270 --> 00:40:29,750
enjoyable project to work on. And so
really just want to finish. But she said
515
00:40:29,750 --> 00:40:34,420
that I think it is a thinking about this
talk and preparing for it. I think
516
00:40:34,420 --> 00:40:38,830
actually, it is a call to action. You
know, the digital autumn has begun.
517
00:40:38,830 --> 00:40:42,270
Digital winter is on its way. We don't
know when it's going to come. And it might
518
00:40:42,270 --> 00:40:47,140
come a lot quicker, than we would really
like it to come, you know? Myself and the
519
00:40:47,140 --> 00:40:49,869
people who are already working on the
project, we can't do everything alone.
520
00:40:49,869 --> 00:40:54,760
We're doing what we can. We going to try
to organize another event in early April
521
00:40:54,760 --> 00:40:59,680
up in Berlin. But there's no need to wait
for that to get involved. You know, we'll
522
00:40:59,680 --> 00:41:04,530
be around at the vintage computer area. If
anyone wants to come and have a look or
523
00:41:04,530 --> 00:41:08,240
ask anything about how you might get
involved or just play around with the
524
00:41:08,240 --> 00:41:16,300
platform, it's quite fun to use. Oups. And
yeah, we'll leave it at that point. So any
525
00:41:16,300 --> 00:41:18,650
questions would be really welcome.
526
00:41:18,650 --> 00:41:24,270
applause
527
00:41:24,270 --> 00:41:29,800
Herald: That was incredible. You have the
best present and set up that I've ever
528
00:41:29,800 --> 00:41:31,980
seen.
PGS: Laughing Thank you.
529
00:41:31,980 --> 00:41:35,410
Herald: That joistick is amazing.
Applause
530
00:41:35,410 --> 00:41:38,200
PGS: The joystick is also open source
hardware. I can give you the plans to make
531
00:41:38,200 --> 00:41:41,970
one of those you sell from from parts.
It's the spare joystick part through
532
00:41:41,970 --> 00:41:45,910
arcade games basically.
Herald: Yes, please. OK. We're
533
00:41:45,910 --> 00:41:51,010
taking questions. I remind you, we have
six microphones in the audience. We also
534
00:41:51,010 --> 00:41:56,050
have the amazing signal angel that's going
to relay questions from the Internet. And
535
00:41:56,050 --> 00:42:00,230
we're going to take one right now.
Signal-angel: Okay. So you already talked
536
00:42:00,230 --> 00:42:06,660
about some events, but maybe can you bit
more elaborate on how you're planning to
537
00:42:06,660 --> 00:42:10,410
involve the community?
PGS: Okay. So how we gonna involve the
538
00:42:10,410 --> 00:42:14,620
community? Basically, anyway, the
community would like to be involved. The
539
00:42:14,620 --> 00:42:17,732
moment in terms of with the phone as
myself and kind of the work at a
540
00:42:17,732 --> 00:42:22,829
university and we have kind of a couple of
part time students working on things. So
541
00:42:22,829 --> 00:42:27,579
the bus number is disturbingly near one at
the moment. So there's ample scope to
542
00:42:27,579 --> 00:42:32,160
help. We've got a few other people who are
helping with the Mega 65 project itself.
543
00:42:32,160 --> 00:42:36,440
And so there is obviously this crossover
in that. But what would be really great
544
00:42:36,440 --> 00:42:39,100
would be to find, for example, a couple of
people who are willing to work on
545
00:42:39,100 --> 00:42:42,960
software, primarily coding and C. You
don't even have to know any 65 to
546
00:42:42,960 --> 00:42:46,370
assembler to begin with, to do things
like, you know, finishing off the dialer
547
00:42:46,370 --> 00:42:50,090
software and things that we demonstrated
back in January and get it all working, so
548
00:42:50,090 --> 00:42:54,070
we can actually walk around with a pair of
large plastic bricks by our heads, talking
549
00:42:54,070 --> 00:42:58,410
on the phones that we've actually created.
That would be a really great way to work,
550
00:42:58,410 --> 00:43:02,550
to get some initial forward movement. And
then things like case design, there's a
551
00:43:02,550 --> 00:43:06,240
whole bunch of stuff that, you know, we'd
welcome involvement on.
552
00:43:06,240 --> 00:43:12,329
Herald: Thank you. Do we have more from
the Signal Angels? Yes, we do.
553
00:43:12,329 --> 00:43:18,690
Signal-Angel: So, okay, um, there's a
question when a prototype will be
554
00:43:18,690 --> 00:43:21,880
available.
PGS: Okay. When a prototype would be
555
00:43:21,880 --> 00:43:27,530
available, I'm happy to give out blank
PCBs or post them to people. I've
556
00:43:27,530 --> 00:43:30,710
got actually packed them with me. We've
got looking at the next prototype is
557
00:43:30,710 --> 00:43:36,780
actually being built at the moment. So,
you know, these can be built for about 400
558
00:43:36,780 --> 00:43:41,140
euros at the moment. So you can buy like
five of these instead of an iPhone. Right?
559
00:43:41,140 --> 00:43:45,960
So it's already it's it's economically
survivable as well in comparison.
560
00:43:45,960 --> 00:43:48,920
Essentially, it's one of the really quite
funny things that we kind of making isn't
561
00:43:48,920 --> 00:43:53,810
going like a few person years of effort.
And we can already make a mobile phone
562
00:43:53,810 --> 00:43:57,500
case, not a small and ch'mic, but it's got
a joystick port. Right. Does your iPhone
563
00:43:57,500 --> 00:44:02,660
have a joystick port? So, you know, it's
it's amazing. We've actually been able to
564
00:44:02,660 --> 00:44:07,220
do quite quickly. So, it's the kind of
project where we do have people kind of
565
00:44:07,220 --> 00:44:11,420
come in to help us. You know, I think
like, you know, by next Congress, we ought
566
00:44:11,420 --> 00:44:15,630
to have people running around with
megaphones and being able to communicate
567
00:44:15,630 --> 00:44:19,800
in fun an independent kind of ways. So,
yeah.
568
00:44:19,800 --> 00:44:25,700
Herald: Thank you. Microphone one, please.
Mic 1: Thanks for a cool talk. And I have
569
00:44:25,700 --> 00:44:29,840
another question because you want to
reduce black boxes. But what about
570
00:44:29,840 --> 00:44:34,710
encryption? Because it's really complex.
And how do you plan to reduce this black
571
00:44:34,710 --> 00:44:38,329
box?
PGS: Ah okay. So an excellent question. So
572
00:44:38,329 --> 00:44:42,670
the best encryption there is, is actually
the simplest. It's called one time pad. So
573
00:44:42,670 --> 00:44:46,290
if you can actually meet with people. So
again, we're talking about focusing on
574
00:44:46,290 --> 00:44:49,730
supporting local communities in one
another. If you get your megaphone on the
575
00:44:49,730 --> 00:44:52,530
other person's megaphone and you come in
infrared range, for example, and then you
576
00:44:52,530 --> 00:44:55,510
shake them like martinis to
generate some random data and you do that
577
00:44:55,510 --> 00:44:59,280
until you've decided you've got enough one
time pad and that one time pad is secure
578
00:44:59,280 --> 00:45:04,540
enough in your device, then actually like
xor is pretty easy to debug. Right?
579
00:45:04,540 --> 00:45:07,910
Herald: Thank you. Microphone number
three.
580
00:45:07,910 --> 00:45:14,660
Mic 3: So you talked about the form factor
right now being Nintendo's switch.
581
00:45:14,660 --> 00:45:17,140
PGS: Yeah.
Mic 3:Do you have plans on going smaller
582
00:45:17,140 --> 00:45:19,866
than that? More like a classic mobile
phone?
583
00:45:19,866 --> 00:45:22,150
PGS: Yeah, I think it's actually quite
possible. So the.
584
00:45:22,150 --> 00:45:26,120
So this is if you like,
that the first version is this one. You
585
00:45:26,120 --> 00:45:30,420
can see it's about five centimeters thick.
The second one, we think we can get down
586
00:45:30,420 --> 00:45:34,900
to about four centimeters thick, but it's
otherwise the same size as PCB. We've got
587
00:45:34,900 --> 00:45:37,480
a student amount is going to try and work
on making one that's about the size of
588
00:45:37,480 --> 00:45:42,331
only the screen, still probably about four
centimeters thick. And we think that
589
00:45:42,331 --> 00:45:46,191
that's going to be quiet. It's the PCB
layout. He's basically been cursing me for
590
00:45:46,191 --> 00:45:49,270
the last three months to try and get all
the trucks routing without it needing to
591
00:45:49,270 --> 00:45:55,490
be a 15 layer sponge torte kind of PCB,
but that should be quite possible to do it
592
00:45:55,490 --> 00:45:58,410
again. That's the kind of thing. Once
you've got a working prototype, then the
593
00:45:58,410 --> 00:46:02,581
people, you're like, okay, we're going to
be on the miniaturization team, too. And
594
00:46:02,581 --> 00:46:06,869
part of me try and make something which is
even smaller. But, you know, there's
595
00:46:06,869 --> 00:46:09,560
always tradeoffs in these things. Again,
the smaller you make it, the less solar
596
00:46:09,560 --> 00:46:12,800
panel you can have on the back. So that's
kind of these things. It's only trying to
597
00:46:12,800 --> 00:46:15,920
make it as thin as we can. I think it
makes a whole pile of sense.
598
00:46:15,920 --> 00:46:20,329
Herald: Honestly, you can make it smaller,
but I don't think you should. Because when
599
00:46:20,329 --> 00:46:24,430
the zombie apocalypse happens, it's a
communication to the weapon.
600
00:46:24,430 --> 00:46:29,609
PGS: Yeah. And it's less. Right. It's kind
of, you know. Exactly. We can use a full
601
00:46:29,609 --> 00:46:32,550
sized one as well. Right. I've kind of
got, you know, quite a nice solid metal
602
00:46:32,550 --> 00:46:38,390
keyboard in there as well.
Herald: A question from the Internet,
603
00:46:38,390 --> 00:46:45,750
please show.
Signal-Angel: So what do you think about
604
00:46:45,750 --> 00:46:48,630
the open moko phone?
PGS: The Openmoko phone? I'll try.
605
00:46:48,630 --> 00:46:53,900
Remember the details about those and the
whole again. Everything that's being done
606
00:46:53,900 --> 00:47:00,010
on all of these fronts to make fully open
devices with a few black boxes as possible
607
00:47:00,010 --> 00:47:05,530
is fantastic. So as I say, open moko can
make an M.2 form factor cellular
608
00:47:05,530 --> 00:47:10,540
modem that we can put in the megaphone. I
would be so, so happy. But we can do a
609
00:47:10,540 --> 00:47:13,709
whole pile of stuff, while we are
waiting for that to happen?
610
00:47:13,709 --> 00:47:18,900
Herald: Thank you. We actually had a talk
yesterday about from one of the people
611
00:47:18,900 --> 00:47:26,069
behind the Openmoko. So you can watch the
recording if you want. Next question,
612
00:47:26,069 --> 00:47:29,300
microphone one.
Mic 1: Sure. Thank you for the great talk.
613
00:47:29,300 --> 00:47:35,000
I was interested in the Mega 65 itself. Is
that available? Can can, is it sold?
614
00:47:35,000 --> 00:47:38,580
PGS: Yes, it's all okay. So the two most
common questions, We have about the mega
615
00:47:38,580 --> 00:47:44,670
65 is can I buy one now and how much does
it cost? Unfortunately, the answer to both
616
00:47:44,670 --> 00:47:48,540
of those is we don't yet know exactly.
It'll be a three digit number in euros for
617
00:47:48,540 --> 00:47:54,750
the price. This is pretty certain. But at
the moment, our big challenge is we. This
618
00:47:54,750 --> 00:47:59,819
one is it's a prototype made with the
vacuum for molding. So each case cost
619
00:47:59,819 --> 00:48:05,510
upwards of 500 euros for the case. This is
not really sustainable. So we know we need
620
00:48:05,510 --> 00:48:11,930
to make injection molding tooling for
that. And so the guys from the German part
621
00:48:11,930 --> 00:48:16,620
of the mega 65 team are running a fund
raiser, just a little bit careful that
622
00:48:16,620 --> 00:48:21,350
Australian law for fundraising is a bit
weird. So I am not doing any fund raising.
623
00:48:21,350 --> 00:48:25,020
Some people here in Germany are doing some
fund raising to try and raise the money
624
00:48:25,020 --> 00:48:28,080
for the mall. If you look at mega65.org,
you can find out what they're doing in
625
00:48:28,080 --> 00:48:35,950
that space and and have a look at that.
Herald: Thank you. Do we have more
626
00:48:35,950 --> 00:48:43,580
Internet questions? Nope. Cool, cool. I
think that's it. So thank you again for
627
00:48:43,580 --> 00:48:46,590
the wonderful talk. My pleasure. Thank
you.
628
00:48:46,590 --> 00:48:47,930
Applause
629
00:48:47,930 --> 00:48:53,052
Postroll music
630
00:48:53,052 --> 00:49:14,000
Subtitles created by c3subtitles.de
in the year 2020. Join, and help us!