<i>Preroll 36C3 Music </i>

Herald: Good evening and welcome to day
two of the Congress. Our next speaker,

Paul Gardner-Stephen is fighting for a
free, secure and resilient communications.

He's known as the leader of the cerebral
projects, building cell phone mesh

networks and also as the creator of the
mega 65 computer, that you can see right

here. <i>Some Applause</i> And. So he's going
to tell us about his next project right

now and also explore some issues that we
face about, building networks and keeping

them secure and resilient. So please
welcome Paul Gardner-Stephen "Creating

Resilient and Sustainable mobile networks".
A round of applause.

<i>applause</i>

Paul Gardner-Stephen: OK. Thanks for coming
along, everyone. Tonight is getting a

little bit late in the night , Sidney, for
me it is past my normal bedtime, so

apologies if I yawn. It's not that I'm
bored or disengaged. It's just I flew in

from Australia yesterday and still haven't
really had enough sleep. But we should be

fine. So cool. So what we can see here we
have the mega 65 prototype and we have a

prototype of the megaphone and I'll talk
about those two in a minute. So the entire

presentation is actually going to be
delivered with the technology that we're

creating. So a bit of a dog food eating
session for this kind of thing is a bit of

proof by example that we can actually do
useful things with 8-bit systems because a

whole pile of advantages when it comes to
the security and digital sovereignty with

that. So we'll switch the screen to the
screen. Super excellent. So we can have a

look and make sure I've got the correct
disk in there. Yes, we do. We will drop to

see 64 mode. And we'll load the wrong one.
For sure, we don't have to wait the long

time if I press and hold down the caps
lock key. The CPU runs at the full speed

instead of normal speed. And so now it
will light up. Its Commodore 64 software,

right. So of course it has to be cracked.
Even if I had to supply the originals to

the cracking crew because in 2019. So
we'll let that go for the year. The

graphic change a little bit as we go along
and let the grease roll out there. So all

of this has been created in FPGA. So we
have complete sovereignty in that sense

over the architecture so that we can
really start trying to, you know, to make

systems that we have full control over
from that full hardware layer and that are

simple enough that we don't need to have a
huge, massive team of people to actually

work on these things. A lot of what we are
talking about here has been created in

maybe three or four person years over the
last few years. So it is quite possible to

do a lot with these systems without
needing to have the huge resources of a

multinational company or something, which
is kind of key. Okay, so we'll do. Mega.

Oh. 36C3. Okay. I'll press a five for
presentation mode, which really just hides

the cursor. And then I can use my clicker.
So we have to switch, the camera here for

a moment <i>applause</i> we switch the
camera. So it's a genuine homemade

Commodore 64 compatible joystick. And it
makes the most satisfying click noise when

we use it. So if we switch back to the
slides, that will be great. But they are

super, cool. So I am indeed going to be
talking about creating resilient and

sustainable mobile phones and hopefully
that link when we already have the the

artifact there of the megaphone prototype,
that will become clearer as we go through.

So really, the last talk, was it kind of
interesting talking about this whole a

different angle, this whole thing, that
communications has actually become really

weaponized over the last decade or two in
particular that, you know, we're seeing

that, you know, where it used to be
natural disasters, that are the main

problem, that now there is this whole
problem of manmade disaster, which is a

major problem for us. And so we see
Internet shut communication shutdowns. We

have surveillance happening in different
places where it really ought not be

happening. You know, this state level
actors that are very well resourced, able

to find zero day exploits. And the attack
surface, as we know in modern

communications devices is simply huge. And
so this is this is very asymmetric in the

power equation between, you know, the
forces that seek to oppress people and,

you know, the vulnerable people at the
coalface who are just trying to get on

with their lives and believe good decent
lives and need communications to help

protect themselves and enable that to
happen. And that we're seeing that the

value of communications is so well
understood by these pressing forces that

it really has become quite a you know,
it's quite high up their list of things to

do. You know, you don't send the army in
first to quiet people down. You cut off

their Internet as the first thing. So this
is part of the backdrop of what we see.

And so what I would say is that the
digital summer has actually finished.

We're now in the digital autumn. We can
see in that, you know, with the with farms

and trees and things that, you know,
there's still plenty of fruit to see in

the early autumn. Right? And there's lots
on the ground. It feels like this time of

plenty will continue. And, you know, we
can all eat as we need that there is

enough more or less to go around. But the
risk that we have is from this parable of

the grasshopper and the yet. Who here
knows the parable of the grasshopper and

the ant? Hands right up. Is it really hard
for me to see up here? Okay. We'll stop

and say who doesn't know? Okay, cool. So I
thought actually it was originally a

German kind of problem. This is the story
of where the grashoper, you know, the

grasshopper is kind of lounging around and
enjoying the summer. While ant aren't busy

carrying all the seeds back into the nest.
And the ant's telling the grasshopper,

hey, you need to get some food and stuff
and put away for the winter so that you

can actually survive the winter. And the
grasshopper is basically in denial about

the fact that, you know, the season will
change. And then, of course, the season

changes. It snows and gets cold. And then
the grasshopper kind of goes knocking on

the door of the antholl, not the lake,
kind of really have doors, but that's

fine. It's like, oh, I'm starving and cold
out here. And and ant is kind of like,

well, I've told you so kind of thing. And
I think actually in the end, it kind of

lets it into we that want to scare
children too much with their stories. And

so this is actually the challenge that we
have that we, I love every time I come to

these events or the creativity that we
see. You know, we're enjoying the digital

summer and all of the things that is
letting us create and, you know, the great

open source software and tools and
everything that's going on, it's

absolutely fantastic. And we want that to
be to continue indefinitely. But we know

that, as we said, that, you know, the you
know, the chilling winds are beginning to

to come that tell us that unless we
actually do something about it, that this

isn't actually going to continue
indefinitely. And just a statement that I

really want to make here is this last
point that I've got. The freedoms of the

second half of the 20th century, post-
World War 2. If you look at history, they

are an aberration. To my knowledge, never
before and I fear perhaps never again will

we have that degree of personal liberty,
focus on, you know, individual freedom and

agency and everything that was in this
post-World War era and is now starting to

unwind and starting to unwind back to the
normal totally asymmetric, you know. Well,

to say sharing of power is the wrong word.
It's the greedy collection of power and

depravation of the mass population from
having any thing resembling a fair share

of what's going on. And so we have to act
if we want for the, you know, the digital

summer to continue or at worst for the
digital winter to be as short and shallow

as we can have it, so that the you know,
we can come back to a new digital summer.

Because once we hit the digital winter, it
will actually be too late. Because if we

push this analogy, you know that the
digital winter is the time when there is

no food on the train or it isn't any
longer possible or at least practical to

create new technologies to enable us to,
you know, to feed our digital needs. And

we can't plant any new crop, so to speak,
until the digital spring comes again after

that. And so the opportunity, like with
the grasshopper is now before the winter

comes to say, right, what do we need to
have in our store of technology, the store

of protocols, all of these different
things, so that when the digital winter

comes, we don't starve. And fortunately,
you know, we can actually change the

length of the digital winter. We can
empower people so that, you know, the

bitter cold of the digital winter is
moderated and the spring can come as soon

as it can. And the trouble that we have
with this, we actually don't know when the

digital winter will come exactly. We see
these challenges around in the way that

different governments and non-state actors
as well, you know, working you in

propaganda and all all of these things
that are becoming sadly more intense and

acute around us. We don't know when that
tipping point will happen. But given the

complexity of supply chains and things
that are necessary in this, I think Bunny

was talking about that earlier today, 
that this is actually quite easy for it to

actually quite quickly flip into the
digital winter mode. And then as with the

real winter, at the very beginning of
winter, there might still be enough to

eat, but it gets harder and harder very
rapidly. And, you know, if the winter gets

too deep, then it's just not going to be
possible to continue with these things.

And so we've tried to think about what's
needed to actually overcome this. What do

we need focusing on mobile communications
as a key piece of that? And there's a

reason for that in that it's the way that
we can communicate, organize, you know,

collectively protect communities against
the threats that come in. If we look at

things like that great Haiti earthquake
just back in 2010, the breakdown of

communications and law and order meant
that they were quite horrible things going

on. We don't know about three days,
actually, of the earthquake there. So

there were militias that were basically
robbing medical teams, trying to transport

people between different hospitals. And
there were much nastier things with, you

know, gangs of people going around 
from village to village, basically doing

whatever they want to, whoever they want.
It was really not cool. And so we want to

avoid that kind of problem that comes, when
people are not able to to collectively

work together effectively as a community.
And so the GPO four freedoms that we know

from software, they're a great starting
point. But I think actually we've seen

enough things like with TiVoization and
all these sorts of other challenges, that

this is not sufficient, when it comes to
hardware. And there's actually some even

more complicated things. You start talking
about mobile phone kind of hardware, as to

how we can do that, which I'll talk about
in a moment. But these are a starting

point of what I've come up with as things
that I see as being necessary. There's

ample room for improvement. And in fact,
with any of what we're trying to do in

this space, we need folks to come along
and help us. We can't do it alone. We need

to work together so that we can help
one another when the digital winter comes.

So the first freedom is simply the freedom
from energy infrastructure. We know

critical infrastructure is disturbingly
vulnerable, that the security of it is

quite bad. But also you have these like
large centralized places that produce the

energy that we need. And, you know, we see
power cut offs in Venezuela and all of

these sorts of 
things, regardless

of who's actually doing it, whether
it's sabotage or whether

it was purposeful from the
government, I don't know. It actually

doesn't matter. The fact is, it happens.
But also, of course, a natural disaster.

Power goes out. Fortunately, this is
actually one of the easiest things to

solve. We just need to include some kind
of alternative energy supply into the kind

of devices that we're creating. So that
could be solar panel on the back. Or you

could have the you know, the Faraday, you
know, you shake it like a martini kind of

thing to generate power or both, whatever
you feel like. Or if you can find a good

supply of NASA radio, I hope then with
generators, that would also be fantastic.

And we'll keep you warm through the winter
as well. But, you know, if anyone has a

supply of those, let me know. I'd love to
hear. So then the second freedom is

actually quite similar to the first. It's
the realization that we need energy to

communicate in communications, to organize
ourselves and be effective. And again, the

communications infrastructure is in many
ways that she even more fragile than the

energy production. Infrastructure is much
easier to guard a couple of power stations

in a country than it is to guard every
phone tower and all of the interconnecting

links and all these sorts of things
between them. As we said, communications

depravation is already being weaponized
against the vulnerable around us. Again,

fortunate there's been a whole pile of
work in the space of the previous work

I've done with the serval mesh and 
freifunk. And a whole bunch of groups

working on a whole bunch of different
things in this kind of space for peer to

peer secure, authenticated communications.
So, yes, there's work to be done, but this

is an area where there's actually already
like the energy one. There's been quite a

lot of work done that makes that quite
feasible to work on. So then we start

going into some of the the harder ones, we
need to make sure that we are not

dependent on, you know, the major vendors
of our devices, when it comes to the

security of our devices. So this starts
with simple things like that the GPL

provides. So, you know, full source code
has to be available. But more than that,

we actually have to make sure that we can
actually exercise those rights in

practice. So it needs to be simple enough
that we can actually, you know, go right.

Okay. There's a security vulnerability in
such and such like you now. Yes. You were

talking about earlier today with some of
the bluetooth things. And then to actually

be out to patch it yourself, it's quite
obvious that this is not the case for

whether it's firmware or whether it's the
regular operating system on modern mobile

phones. So who here is actually built
Android from source themselves? Excellent.

Expected to see a few folks here. Who has
tried and gave up in disgust. Right. More

hands? Yes. I myself was all like, you
know, I work on the civil project and we

do a whole pile of things and basically
just know after spending a number of hours

on, it just went like, you know, this is
actually this is a lot of work for

something that ought to be straightforward
if we want to be out to make rapid

progress. And so we want to have systems
that are simple enough, we can patch. But

in fact, there's another really key
advantage, the simplicity that I'll

probably come over a few times in this
talk, and that is that simplicity reduces

the attack surface. If we are in an
asymmetric power environment, where there

are whether they are state or non-state
actors seeking to deprive vulnerable

people of communications, they're going to
have potentially the ability to put whole

teams looking for vulnerabilities in
software. In contrast, we might be lucky

to have someone who's going to try and
madly find when things are being exploited

and to patch them. So we need to have ways
around this kind of thing. And to my mind,

reducing the attack surface is the only
way that we can actually have any real

hope of, you know, being at a keep up in
that arms race of security. So Freedom #4

is related to this previous one. Is
actually saying not only do we want to be

at a patch, where she wants to be at a
change, enhance doing these things. And

again, it comes back to the same basic
need that the software is actually able to

be compiled. And the hardware designs are
simple enough that we can actually, you

know, to work on these things so that we
get not merely in theory have permission

to innovate, but that it is in practice
feasible to do so. And again, the simpler

the system, the the the more probable it
is that we can actually succeed in this

kind of space. And then again, there's a
lot of these are quite interrelated,

that's part of why I 
say it would actually be

great to get feedback
on how we might

restructure these to make the boundaries
really clear

between these freedoms
that we need.

So we need the freedom to
maintain the devices for the long run. So

who here has or has had a fair phone, for
example? I love the fair phone by the way.

A number of us. I've had one as well. And,
you know, if you talk to the people at

Faith, I think they have a team of a bunch
of people just trying to maintain Android

on the faire phone 2, for example. And
also now on the faire phone 3 as it comes

out. And this is actually really hard
work. But again, the complexity and the

barriers that are there, make it really
difficult to be able to just keep the

thing running with the same hardware
little and each time you want to target

new hardware with new capabilities. This
is just going to be, you know, as a

community, we can probably do one or two
devices if we kind of all collected our

effort. But to actually do it for, you
know, devices that meet individual needs

or, you know, appropriate for a particular
area might have, as we say, a different

energy source. So I might want to try
putting, you know, some thermal electric

thing or whatever that at the moment to do
that with mobile phone hardware is just

prohibitive in the complexity and the, you
know, the resourcing and effort that it

would require. So we need to find
solutions around this. And then again,

related to that, overall, we have this
problem of scale dependency. I think this

is one of the really key things at the
moment to make a mobile phone. You need to

have a big enough market and you'd have a
big enough enterprise and enough capital

and all of the rest of it to actually be
had to go through the very expensive

process of designing the thing, getting
injection molding, tooling and all of that

kind of thing made. That, you know, to do
that for a modern phone. I suspect it's a

few million euros to do it reasonably
well. And if you did it on the cheap and

skinny is probably still maybe something
like a million euros to achieve. So we

have to somehow break this down, to make
it feasible to do. And as I said earlier,

simplicity is a key theme to my mind, and
it is the only way I think that we can

actually do it. So we've already talked
about the challenges of distributing an

Android ROM, let alone modifying it to do
new things in any kind of sophisticated

way. And even if you do, the hardware is
actually too complicated. And there's a

whole pile of trust issues around the
complicated hardware. If you can't

understand something, by definition, it's
a black box. And if it's a black box, by

definition, you can't trust it. Because
you don't know what's inside. So, you

know, we we have this point again, the
digital winter. You don't want any black

boxes or if you do, you want them very
carefully monitored and managed. And so

the system has to be not simple enough to
make once. It is simple enough that we can

actually remake it again and again and
again, as we have need. It's a bit like

the difference between a chainsaw or an
ax, right? If you want to be in a remote

area and have to be self-sufficient. Much
better to depend on ax to chop your wood,

because if you need two, you can make a
new handle for your ax. And you know, with

a bit more effort, you could do some very
simple metallurgy and, you know, metal

smelting with iron ore. If you happen to
be lucky enough to have an area or copper

or whatever, it's going to be a much
easier proposition than having to do that

and then somehow make a fine machine
tooling and making you chain parts and

motor parts and all of this kind of thing.
So it has to be if it is going to be

resilient and survivable, it has to be
simple enough that you actually can build

it with relatively simple tools going
forward. Electronics is going to be a big

challenge in this area because, you know,
you need to be PCV fabrication, you need

to get components and things. But we have
to try and reduce the barriers as much as

we can, so that at least, for example,
component scavenging, for example, might

be an option. Or devices that will be
available, because they're still needed by

other industries that have more protection
as we head into a digital winter

environment that we can take and repurpose
that kind of hardware. So that this kind

of leads into this tension then of saying,
okay, if we make something which is simple

enough, we know we as a community, we only
have limited resources available to us, to

make this kind of resilient device. Do we
make one or do we all kind of like run off

and make different kind of things? And I
think the you know, this is a tension. I'm

not going to claim that. I know the
absolute best setting for this. I think we

need to have, as I say, kind of multiple
germ lines so that if one system gets

chronically critically broken or proves to
be ineffective and that, you know, there

are others kind of in the wing that can
kind of fill that niche in the

environment. But we don't have so many,
that if you don't get anywhere. And so

this is a bit tricky. My gut feeling is,
you know, making a an initial device that

can kind of demonstrate some of these kind
of positive properties. And then so other

people will look at and go like, well,
that's really great. That's got us

forward. But, you know, that was a really
stupid design. I think this is a way

better way to do it in the way, that we
have that freedom in the open source

community to do, is probably a pretty good
way to do things. And I would say, we're

not yet at the end point of that proof of
concept, but we're trying to move things

forward to that and that point. So, come
actual to the the megaphone that we're

trying to create. And so in terms of what
we've actually set out to do for the goals

and kind of the methodology, we want
something, which is simple, secure, self-

sufficient and survivable. A lot of the
work that I do is, for example, with, you

know, NGOs. We've worked with folks
from Red Cross. We work with folks from

the UN World Food Program, who part of
the interestingly, are the distributors of

communications in the UN cluster system
for disasters. Because they kind of like

hand out blankets and they hand out rice
and things. Someone basically say to them,

well, you should also be handing out the
communications. And so that's just kind of

how it's fell. And so, you know, in an
easy way I do smartphony kind of things

like would be great to have some
navigation, it would be great to have in a

disaster context, the ability to fill in
forms on the screen with a touch screen

and the rest of it and have the uplink
through. So if you think, you know, an

Ebola outbreak in Africa, for example, to
be out a collect, you know that case

information to track down the you know,
the case zeros and. Kind of thing, you

need communications that can work. Often
these outbreaks happen in places where law

and order and civil society is not really
working. Because if it was, then they

wouldn't have had the outbreak there, it
would have been managed more effectively.

And so you need this kind of,
you know, dependable device that can work

independent of everything else that's
going on. And that might have to do

software updates, for example, over a
really expensive narrowband satellite link

that might be, you know, tens of bytes per
second or less. So that was kind of some

of the, you know, the motivation around
this to create it. And it separately have

been working on the Mega 65 project for a
couple of years at that point. And it just

kind of dawned on me that actually this
simple 8 bit architecture is

powerful enough to actually be useful to
do some things. Math kind of, you know,

well, you're doing this. You know, the fun
proof of, you know, proof by example,

really, of delivering the slides with this
machine to show. that you can do useful

things if you write the code carefully 
and carefully written code is more likely

to be verifiable and secure. And it's
probably I don't think you can get any

simpler than an eight bit system and still
be useful like I don't think we want to be

trying to use an Intel 4004 derived
4 Bit CPU to do things. Boeing's if

someone can find a way to do something
with a system that's that simple and they

can still do everything we need and it
makes it even easier to verify. Fantastic.

My gut feeling is it would actually be
worse on every point, because the amount

of work that you would have to do to do
each useful thing, you end up with code

which is actually larger in size. That I
think, my feeling is that the 8 Bit

architecture is about that sweet point.
And so anyway, so as a result of the

Mega 65 work, it's based directly on that. So
the the phone actually is a Mega 65

importable form and will show that in a
little bit. And so we're getting towards

that kind of proof of concept stage. So we
had the first phone calls back in Linuxconf.

So if you kind of dig back through this,
the the video of that talk where with a

much earlier prototype, we actually had
people calling the machine, which is quite

fun. And I took a little bit later as well
about the some of the audio part kind of

issues around that. So let's look at those
six freedoms again now, and what we're

trying to do with the megaphone. So energy
independence. The first thing is we've got

a filthy, great big battery. I hate it
when phones go flat. And when you're in a

disaster zone or these kind of vulnerable
situations, you really don't want it going

flat at the wrong time. So we've put a 32
watt our lithium ion phosphate battery

that should have 2000 full charge cycles
in there. The device is about the size of

an intended switch in terms of surface
area. So putting high performance solar

cells like you would put on the solar
racing car or on your roof, we can

probably get about seven watts with that.
And if you do the kind of math that's, you

know, four or so hours of charge time, but
we know in reality that the, you know, the

solar environment will often be much worse
than that. It might be only 10 percent of

what it to be 1 percent of that if you're
talking about these kinds of latitudes

under cloudy conditions. And so you really
want to have the big battery and as big a

solar panel as you can and you want the
power consumption to be as low as

possible. So we've got CPO data to
candlelight little teeny tiny FPGAs,

that are managing the whole power
environment and wake up the main FPGA only

when something important needs to happen.
So we believe with 32 watt hours, we

should be out to get about a thousand
hours standby with a 4G off the shelf

cellular modem. And that's, you know,
assuming the solar panel was actually, you

know, like, you know, in a black box, even
the light here, if we had the solar, the

seven watt solar panel would have a sunny
side up and we would be able to maintain

charge indefinitely on the device, because
we only need to have about 8 Milli

Watts coming in. So we're talking about
one one thousandth of the capacity of the

solar panel. OK. So if a communications
for independence, we really want as many

possible ways to communicate as we can and
the naughty little things that we can't

trust, in particular the cellular modem,
we want to have a sandbox and quarantined

so that it can't spread its naughty plague
of whatever vulnerabilities it has in

there. Again, there are black box. We
can't trust them. They're too hard for us

to implement. So this is kind of a
decision that we've taken. We'd much

rather have a fully open 4G modem and if 
someone makes one fantastic,

will incorporate 
it straight in.

Right. because the 
systemis designed to be

easy to change. 
But in the meantime,

we have to kind of deal with
what there is. The great thing is that

these m.2 cellular modems are used
in vending machines, in cars, in all sorts

of things. So they're just the common
eyes. Again, if he had to scavenge them in

the future. This would be quite feasible
and also means, we can upgrade. So we have

two of these slots, so we could actually
have a dual 5G Commodore 64 so that, you

know, because he wants to 
light weight extra time

when you're downloading 
your games, right?

And 40 kilobytes can take a
long time to download. I've only got one

5G link, right? We have two of them so we
can do it in parallel. Because he was to

more than about, you know, four
milliseconds to download new software and

again, limited communications availability
in these kind of oppressive environments.

This is actually key. You might only have
short communications window. So while it

is a little bit tongue in cheek, it's not
entirely. And of course, with several

mesh, we've been doing, you know, UHF?
packet radio. So we've put in try band

Laura compatible radios in there. Not
Laura when we're doing it fully. We're

just sending out radio packets and
listening in with the modules. We've also

got ESP 1, 266 Wi-Fi and some Bluetooth in
there. So that's some other potential

options. Acoustic networking. So we've 
got 4 microphones that are directly

connected to our FPGA so we can do crazy
signal processing on that. And we've got a

nice loud speaker that should work up into
the ultrasonic range so we could even have

quite decent communications over, you
know, 10 or so meters in the acoustic

band. And there's a crazy bunch. And I've
forgotten the name of the research group

that do air gap jumping. And they've done
some quite crazy things with acoustics

with the live your headphones plugged into
your computer on your desk in a headphone

jack. You can software reconfigure that
and make that that's a speaker and

microphone. There's anyone that's
interested in a hall after. And we can

have a look and try and find the link for
you. We've also got infrared LED. And so

the idea with all of these kind of things
and whatever else you can kind of do, is

that it should be really hard for an
adversary to actually jam all of these

things at the same time. You know, you
might be able to do broadband RF jamming,

but that's not going to stop the acoustics
or the LED. And even if you can kind of

make a lot of noise, it's gonna be really
hard to block the LED, if people are kind

of holding the devices near one another to
do delay tolerant transfer. And of course,

any other crazy things that people come up
with. Again, a simple system design that

you can extend it easily yourself. OK.
Security independence. So the operating

system runs in a little bit CPU, which is
basically a slightly enhanced version of

the Commodore 64 CPU. It has a a bit
hypervisor, which is 16 kilobytes inside

hardware limitation, because we don't want
it getting bigger. If it gets 16K then

you have to throw some other things out
and right. What does it actually really

need to do so, that you still have a
system which is actually much more

verifiable. And this kind of small
software, it should be quite possible on

this machine to run a simple C compiler,
for example, to we had to compile the

software that is actually running the
core operating system, so we can have

that whole complete offgrid operation. 
We've really talked a little bit about having

the untrusted components fully sandboxed. 
So for example, cellular modems only have

a 80 command serial interface to the rest
of the system. And so this is going to

make it much harder for
an adversary to work

out how with a fully
compromised cellular

modem, you can compromise the
rest of the system by giving presumably

bogus responses to 80 command requests.
And because we know that's where the

vulnerable point is, we can put a lot of
effort in our software to really

interrogate the command response to the
coming back and no look for any QIT

command responses within a semicolon, drop
tables and all the rest of it in there. It

should be pretty straightforward to pick
up. So we also have an integrated hardware

in sufferance inspectors, so that you can
real time verify. It is a little bit fun.

So I can hit mega tab and we call it
matrix mode for good reason. So the system

is still running in the background. So the
slides are still there. So I can go back

to the previous slow, I begin to say, it
was a joystick actually when I'm in there.

Yes, they you go. Or file a bug for that, 
but we can, if I go back into it, we can

look at all of memory in real time. So if
you are truly paranoid and you are about

to, for example, do some encrypted email
on your, you know, digitally sovereign

device. You could actually go into this,
stop the CPU and then inspect every byte

of memory and compare it to your physical
printout of the, you know, 30 or 40

kilobytes of your software. Or you might
every time he might do, you know, half a

kilobyte or something, right?! And verify
it so that progressively over time, you've

actually verified that the system is
always byte identical. At that point in

time to what it should be doing. And
again, the simplicity, we only have one

program running at a time. So, you know,
you know exactly what the system is doing.

And we can tasks which we got a built in
phrase constantly if I press the restore

key. Anyone who's used a Commodore 64 and
with an action replay will probably

recognize the inspired format. And so
that's our program. They're running with

hardware, thumbnail, generation of colors,
a bit wrong. We need to fix that. But, you

know, we've got other software that we've
had running on it. And so if we wanted to,

you know, break up the presentation with a
quick game of Gyruss, for example. We can

do that. I need to switch the joystick.
What I can do that in here as well. Jay.

<i>silence</i>

<i>retro music</i>

You know, if we wanted to, we can do that.
And then we can go back and, you know,

pretend that we weren't doing anything
naughty at all. And of course, I forgot to

save what I was doing first, right. So I
have to load the program again. So that's

my bad. That's right. Because reboot time
is about two seconds.

<i>typing commands</i>

So the worst part now is that we actually
we haven't got a command to jumped through

the slides and so it actually takes a
little bit of time to render each slide as

we go through. So that that's my
punishment for not saving first.

But see what we might do. We'll skip that for the
moment. And I'm kind of at the right point

anyway to talk about it, which is the
audio powers and a mobile phone. This is a

really important area to protect. So, so
important, that is the only diagram that

I've put an entire presentation. So at the
top we have a normal mobile phone. So

basically what we see is that the
untrustable cellular modem is not merely

on trustable. It's like an evil squid that
has tentacles at reach into every part of

your mobile phone that you really don't
want it getting into. So it has the direct

connection to your microphone and speaker.
The normal CPU in your mobile phone

usually has to say pretty please, oh
untrustable, completely untrustworthy

cellular modem. May I please have
something which you're going to tell me is

the audio that's coming in through the
microphone? Whether or not it's actually

the audio or not, there's a whole separate
thing. It might be doing all manner of

crazy things first, because you can't tell
because it's a big fat black box in the

way. And then just to make sure that the
you know, it can fully compromise, what

you're doing often is on the same memory
bus. And so, you know, you might go, oh,

I'm being all secret squirrel from the
cellular modem and asking you anything.

And it's just quietly lifting the covers
and looking at what you got under there

going like, oh, no, no, that bites wrong.
You really want that value in that bite.

And likewise, the RAM and the storage. So,
you know, the cellular modem can totally

compromise your bootloader and all of that
kind of stuff along the way. Let's just

say that that's not really a very
survivable model or a very resilient model

or a very secure model for a phone. So
we have instead is that we've

basically put the fully untranslatable 
thing completely out in its own little tiny

shed. We've got the tin can and string
between us and it with a very controlled

interface and the microphone and speaker,
thank you very much, are directly

connected to our FPGA. So we can do
encryption at the microphone and

decryption at the speaker. The storage is
secure, so we could even have massive one

time pad. So we could actually do sig
sally style provably secure communications

over distance. If you can set up the key
material beforehand for one time pad. So

it's a radically different approach to
what we see with devices out there at the

moment. So we'll just get the the last few
slides up in. Oh, no, for CONAN. Whoops. So

even simple software can have bugs. This
is why we need many eyes. Think of a load.

This one first. Yep. And now I can load
the other one because it just hadn't

loaded the fonts in. Yeah. Cool. It's
coming. Yeah. You could even use the

joystick to move read and the text if you
want to. Okay, so if we think then about

this whole, you know, like what are we
actually trying to achieve around this and

what are some of the things that we need
in the, in the. The Commodore derived 8 bit

platform to us has a whole pile of
advantages as the basis for doing this.

Now, we could have done it with a
completely different platform. You'll like

some would think like RISC-V, for example,
is a nice open platform. Could be an idea.

Might it be that the RISC-V CPU was
actually still too complicated to actually

verify and trust yourself is my kind of
view, but I'm really happy that other

people might disagree with me. Again,
multiple germ lines, totally different

ways of doing things, and at least one of
them keeps working at any point in time

would be really, really good. You're kind
of combination things as well. So one of

the things that we're looking at is
having, for example, a Raspberry Pi

running the PI port of Android that
somebody else maintains. I don't have to

do it. And then having the 8 bit layer
actually visualizing all of the IO around

that, including access to the SD card
storage, including access to the screen.

And as that, she also makes it possible
for us to work to make custom mobile

devices for people living with disability.
And actually some of the Android again is

easy to maintain because we don't even
have to recompile it. We can just get the

standard version and then make it think
it's got a normal touchscreen when in

actual fact it might have some completely
different input method going on. So

there's a bunch of advantages. I've run
out of the official time that have a lot

of so I quickly go through and it will go
into the questions. So the platform is

really well documented. So there's another
whole pile of tools and everything

programing languages. So this is pretty
straightforward to go through. We've

already talked about capability
maintenance again. So that is actually

another key point: Making the hardware big
actually is a massive advantage because

then we can do normal PCP fabrication. We
don't have to be any BGA parts placement,

which is a real pain to do in your home
oven, it is possible, but you don't want

to have to work to learn how to do it in
digital winter. And yet it's largely this

kind of similar size to existing kind of
devices out there. There's a bunch of

advantages with that. There's a whole pile
of different things that we really would

like some folks to help us with to try and
get this finished and out there for people

to try out and to, you know, we had a
mature it and make it work. So it doesn't

matter whether you have a programmable
8 bit computer I've ever done any FPGA work or

PCB work or whatever. You know, there's
lots of space for people to join in what

is quite, we think is actually both an
important and actually a really fun and

enjoyable project to work on. And so
really just want to finish. But she said

that I think it is a thinking about this
talk and preparing for it. I think

actually, it is a call to action. You
know, the digital autumn has begun.

Digital winter is on its way. We don't
know when it's going to come. And it might

come a lot quicker, than we would really
like it to come, you know? Myself and the

people who are already working on the
project, we can't do everything alone.

We're doing what we can. We going to try
to organize another event in early April

up in Berlin. But there's no need to wait
for that to get involved. You know, we'll

be around at the vintage computer area. If
anyone wants to come and have a look or

ask anything about how you might get
involved or just play around with the

platform, it's quite fun to use. Oups. And
yeah, we'll leave it at that point. So any

questions would be really welcome.

<i>applause</i>

Herald: That was incredible. You have the
best present and set up that I've ever

seen.
PGS: <i>Laughing</i> Thank you.

Herald: That joistick is amazing. 
<i>Applause</i>

PGS: The joystick is also open source
hardware. I can give you the plans to make

one of those you sell from from parts.
It's the spare joystick part through

arcade games basically.
Herald: Yes, please. OK. We're

taking questions. I remind you, we have
six microphones in the audience. We also

have the amazing signal angel that's going
to relay questions from the Internet. And

we're going to take one right now.
Signal-angel: Okay. So you already talked

about some events, but maybe can you bit
more elaborate on how you're planning to

involve the community?
PGS: Okay. So how we gonna involve the

community? Basically, anyway, the
community would like to be involved. The

moment in terms of with the phone as
myself and kind of the work at a

university and we have kind of a couple of
part time students working on things. So

the bus number is disturbingly near one at
the moment. So there's ample scope to

help. We've got a few other people who are
helping with the Mega 65 project itself.

And so there is obviously this crossover
in that. But what would be really great

would be to find, for example, a couple of
people who are willing to work on

software, primarily coding and C. You
don't even have to know any 65 to

assembler to begin with, to do things
like, you know, finishing off the dialer

software and things that we demonstrated
back in January and get it all working, so

we can actually walk around with a pair of
large plastic bricks by our heads, talking

on the phones that we've actually created.
That would be a really great way to work,

to get some initial forward movement. And
then things like case design, there's a

whole bunch of stuff that, you know, we'd
welcome involvement on.

Herald: Thank you. Do we have more from
the Signal Angels? Yes, we do.

Signal-Angel: So, okay, um, there's a
question when a prototype will be

available.
PGS: Okay. When a prototype would be

available, I'm happy to give out blank
PCBs or post them to people. I've

got actually packed them with me. We've
got looking at the next prototype is

actually being built at the moment. So,
you know, these can be built for about 400

euros at the moment. So you can buy like
five of these instead of an iPhone. Right?

So it's already it's it's economically
survivable as well in comparison.

Essentially, it's one of the really quite
funny things that we kind of making isn't

going like a few person years of effort.
And we can already make a mobile phone

case, not a small and ch'mic, but it's got
a joystick port. Right. Does your iPhone

have a joystick port? So, you know, it's
it's amazing. We've actually been able to

do quite quickly. So, it's the kind of
project where we do have people kind of

come in to help us. You know, I think
like, you know, by next Congress, we ought

to have people running around with
megaphones and being able to communicate

in fun an independent kind of ways. So,
yeah.

Herald: Thank you. Microphone one, please.
Mic 1: Thanks for a cool talk. And I have

another question because you want to
reduce black boxes. But what about

encryption? Because it's really complex.
And how do you plan to reduce this black

box?
PGS: Ah okay. So an excellent question. So

the best encryption there is, is actually
the simplest. It's called one time pad. So

if you can actually meet with people. So
again, we're talking about focusing on

supporting local communities in one
another. If you get your megaphone on the

other person's megaphone and you come in
infrared range, for example, and then you

shake them like martinis to
generate some random data and you do that

until you've decided you've got enough one
time pad and that one time pad is secure

enough in your device, then actually like
xor is pretty easy to debug. Right?

Herald: Thank you. Microphone number
three.

Mic 3: So you talked about the form factor
right now being Nintendo's switch.

PGS: Yeah.
Mic 3:Do you have plans on going smaller

than that? More like a classic mobile
phone?

PGS: Yeah, I think it's actually quite
possible. So the.

So this is if you like,
that the first version is this one. You

can see it's about five centimeters thick.
The second one, we think we can get down

to about four centimeters thick, but it's
otherwise the same size as PCB. We've got

a student amount is going to try and work
on making one that's about the size of

only the screen, still probably about four
centimeters thick. And we think that

that's going to be quiet. It's the PCB
layout. He's basically been cursing me for

the last three months to try and get all
the trucks routing without it needing to

be a 15 layer sponge torte kind of PCB,
but that should be quite possible to do it

again. That's the kind of thing. Once
you've got a working prototype, then the

people, you're like, okay, we're going to
be on the miniaturization team, too. And

part of me try and make something which is
even smaller. But, you know, there's

always tradeoffs in these things. Again,
the smaller you make it, the less solar

panel you can have on the back. So that's
kind of these things. It's only trying to

make it as thin as we can. I think it
makes a whole pile of sense.

Herald: Honestly, you can make it smaller,
but I don't think you should. Because when

the zombie apocalypse happens, it's a
communication to the weapon.

PGS: Yeah. And it's less. Right. It's kind
of, you know. Exactly. We can use a full

sized one as well. Right. I've kind of
got, you know, quite a nice solid metal

keyboard in there as well.
Herald: A question from the Internet,

please show.
Signal-Angel: So what do you think about

the open moko phone?
PGS: The Openmoko phone? I'll try.

Remember the details about those and the
whole again. Everything that's being done

on all of these fronts to make fully open
devices with a few black boxes as possible

is fantastic. So as I say, open moko can
make an M.2 form factor cellular

modem that we can put in the megaphone. I
would be so, so happy. But we can do a

whole pile of stuff, while we are
waiting for that to happen?

Herald: Thank you. We actually had a talk
yesterday about from one of the people

behind the Openmoko. So you can watch the
recording if you want. Next question,

microphone one.
Mic 1: Sure. Thank you for the great talk.

I was interested in the Mega 65 itself. Is
that available? Can can, is it sold?

PGS: Yes, it's all okay. So the two most
common questions, We have about the mega

65 is can I buy one now and how much does
it cost? Unfortunately, the answer to both

of those is we don't yet know exactly.
It'll be a three digit number in euros for

the price. This is pretty certain. But at
the moment, our big challenge is we. This

one is it's a prototype made with the
vacuum for molding. So each case cost

upwards of 500 euros for the case. This is
not really sustainable. So we know we need

to make injection molding tooling for
that. And so the guys from the German part

of the mega 65 team are running a fund
raiser, just a little bit careful that

Australian law for fundraising is a bit
weird. So I am not doing any fund raising.

Some people here in Germany are doing some
fund raising to try and raise the money

for the mall. If you look at mega65.org,
you can find out what they're doing in

that space and and have a look at that.
Herald: Thank you. Do we have more

Internet questions? Nope. Cool, cool. I
think that's it. So thank you again for

the wonderful talk. My pleasure. Thank
you.

<i>Applause</i>

<i>Postroll music</i>

Subtitles created by c3subtitles.de
in the year 2020. Join, and help us!