-
Preroll 36C3 Music
-
Herald: Good evening and welcome to day
two of the Congress. Our next speaker,
-
Paul Gardner-Stephen is fighting for a
free, secure and resilient communications.
-
He's known as the leader of the cerebral
projects, building cell phone mesh
-
networks and also as the creator of the
mega 65 computer, that you can see right
-
here. Some Applause And. So he's going
to tell us about his next project right
-
now and also explore some issues that we
face about, building networks and keeping
-
them secure and resilient. So please
welcome Paul Gardner-Stephen "Creating
-
Resilient and Sustainable mobile networks".
A round of applause.
-
applause
-
Paul Gardner-Stephen: OK. Thanks for coming
along, everyone. Tonight is getting a
-
little bit late in the night , Sidney, for
me it is past my normal bedtime, so
-
apologies if I yawn. It's not that I'm
bored or disengaged. It's just I flew in
-
from Australia yesterday and still haven't
really had enough sleep. But we should be
-
fine. So cool. So what we can see here we
have the mega 65 prototype and we have a
-
prototype of the megaphone and I'll talk
about those two in a minute. So the entire
-
presentation is actually going to be
delivered with the technology that we're
-
creating. So a bit of a dog food eating
session for this kind of thing is a bit of
-
proof by example that we can actually do
useful things with 8-bit systems because a
-
whole pile of advantages when it comes to
the security and digital sovereignty with
-
that. So we'll switch the screen to the
screen. Super excellent. So we can have a
-
look and make sure I've got the correct
disk in there. Yes, we do. We will drop to
-
see 64 mode. And we'll load the wrong one.
For sure, we don't have to wait the long
-
time if I press and hold down the caps
lock key. The CPU runs at the full speed
-
instead of normal speed. And so now it
will light up. Its Commodore 64 software,
-
right. So of course it has to be cracked.
Even if I had to supply the originals to
-
the cracking crew because in 2019. So
we'll let that go for the year. The
-
graphic change a little bit as we go along
and let the grease roll out there. So all
-
of this has been created in FPGA. So we
have complete sovereignty in that sense
-
over the architecture so that we can
really start trying to, you know, to make
-
systems that we have full control over
from that full hardware layer and that are
-
simple enough that we don't need to have a
huge, massive team of people to actually
-
work on these things. A lot of what we are
talking about here has been created in
-
maybe three or four person years over the
last few years. So it is quite possible to
-
do a lot with these systems without
needing to have the huge resources of a
-
multinational company or something, which
is kind of key. Okay, so we'll do. Mega.
-
Oh. 36C3. Okay. I'll press a five for
presentation mode, which really just hides
-
the cursor. And then I can use my clicker.
So we have to switch, the camera here for
-
a moment applause we switch the
camera. So it's a genuine homemade
-
Commodore 64 compatible joystick. And it
makes the most satisfying click noise when
-
we use it. So if we switch back to the
slides, that will be great. But they are
-
super, cool. So I am indeed going to be
talking about creating resilient and
-
sustainable mobile phones and hopefully
that link when we already have the the
-
artifact there of the megaphone prototype,
that will become clearer as we go through.
-
So really, the last talk, was it kind of
interesting talking about this whole a
-
different angle, this whole thing, that
communications has actually become really
-
weaponized over the last decade or two in
particular that, you know, we're seeing
-
that, you know, where it used to be
natural disasters, that are the main
-
problem, that now there is this whole
problem of manmade disaster, which is a
-
major problem for us. And so we see
Internet shut communication shutdowns. We
-
have surveillance happening in different
places where it really ought not be
-
happening. You know, this state level
actors that are very well resourced, able
-
to find zero day exploits. And the attack
surface, as we know in modern
-
communications devices is simply huge. And
so this is this is very asymmetric in the
-
power equation between, you know, the
forces that seek to oppress people and,
-
you know, the vulnerable people at the
coalface who are just trying to get on
-
with their lives and believe good decent
lives and need communications to help
-
protect themselves and enable that to
happen. And that we're seeing that the
-
value of communications is so well
understood by these pressing forces that
-
it really has become quite a you know,
it's quite high up their list of things to
-
do. You know, you don't send the army in
first to quiet people down. You cut off
-
their Internet as the first thing. So this
is part of the backdrop of what we see.
-
And so what I would say is that the
digital summer has actually finished.
-
We're now in the digital autumn. We can
see in that, you know, with the with farms
-
and trees and things that, you know,
there's still plenty of fruit to see in
-
the early autumn. Right? And there's lots
on the ground. It feels like this time of
-
plenty will continue. And, you know, we
can all eat as we need that there is
-
enough more or less to go around. But the
risk that we have is from this parable of
-
the grasshopper and the yet. Who here
knows the parable of the grasshopper and
-
the ant? Hands right up. Is it really hard
for me to see up here? Okay. We'll stop
-
and say who doesn't know? Okay, cool. So I
thought actually it was originally a
-
German kind of problem. This is the story
of where the grashoper, you know, the
-
grasshopper is kind of lounging around and
enjoying the summer. While ant aren't busy
-
carrying all the seeds back into the nest.
And the ant's telling the grasshopper,
-
hey, you need to get some food and stuff
and put away for the winter so that you
-
can actually survive the winter. And the
grasshopper is basically in denial about
-
the fact that, you know, the season will
change. And then, of course, the season
-
changes. It snows and gets cold. And then
the grasshopper kind of goes knocking on
-
the door of the antholl, not the lake,
kind of really have doors, but that's
-
fine. It's like, oh, I'm starving and cold
out here. And and ant is kind of like,
-
well, I've told you so kind of thing. And
I think actually in the end, it kind of
-
lets it into we that want to scare
children too much with their stories. And
-
so this is actually the challenge that we
have that we, I love every time I come to
-
these events or the creativity that we
see. You know, we're enjoying the digital
-
summer and all of the things that is
letting us create and, you know, the great
-
open source software and tools and
everything that's going on, it's
-
absolutely fantastic. And we want that to
be to continue indefinitely. But we know
-
that, as we said, that, you know, the you
know, the chilling winds are beginning to
-
to come that tell us that unless we
actually do something about it, that this
-
isn't actually going to continue
indefinitely. And just a statement that I
-
really want to make here is this last
point that I've got. The freedoms of the
-
second half of the 20th century, post-
World War 2. If you look at history, they
-
are an aberration. To my knowledge, never
before and I fear perhaps never again will
-
we have that degree of personal liberty,
focus on, you know, individual freedom and
-
agency and everything that was in this
post-World War era and is now starting to
-
unwind and starting to unwind back to the
normal totally asymmetric, you know. Well,
-
to say sharing of power is the wrong word.
It's the greedy collection of power and
-
depravation of the mass population from
having any thing resembling a fair share
-
of what's going on. And so we have to act
if we want for the, you know, the digital
-
summer to continue or at worst for the
digital winter to be as short and shallow
-
as we can have it, so that the you know,
we can come back to a new digital summer.
-
Because once we hit the digital winter, it
will actually be too late. Because if we
-
push this analogy, you know that the
digital winter is the time when there is
-
no food on the train or it isn't any
longer possible or at least practical to
-
create new technologies to enable us to,
you know, to feed our digital needs. And
-
we can't plant any new crop, so to speak,
until the digital spring comes again after
-
that. And so the opportunity, like with
the grasshopper is now before the winter
-
comes to say, right, what do we need to
have in our store of technology, the store
-
of protocols, all of these different
things, so that when the digital winter
-
comes, we don't starve. And fortunately,
you know, we can actually change the
-
length of the digital winter. We can
empower people so that, you know, the
-
bitter cold of the digital winter is
moderated and the spring can come as soon
-
as it can. And the trouble that we have
with this, we actually don't know when the
-
digital winter will come exactly. We see
these challenges around in the way that
-
different governments and non-state actors
as well, you know, working you in
-
propaganda and all all of these things
that are becoming sadly more intense and
-
acute around us. We don't know when that
tipping point will happen. But given the
-
complexity of supply chains and things
that are necessary in this, I think Bunny
-
was talking about that earlier today,
that this is actually quite easy for it to
-
actually quite quickly flip into the
digital winter mode. And then as with the
-
real winter, at the very beginning of
winter, there might still be enough to
-
eat, but it gets harder and harder very
rapidly. And, you know, if the winter gets
-
too deep, then it's just not going to be
possible to continue with these things.
-
And so we've tried to think about what's
needed to actually overcome this. What do
-
we need focusing on mobile communications
as a key piece of that? And there's a
-
reason for that in that it's the way that
we can communicate, organize, you know,
-
collectively protect communities against
the threats that come in. If we look at
-
things like that great Haiti earthquake
just back in 2010, the breakdown of
-
communications and law and order meant
that they were quite horrible things going
-
on. We don't know about three days,
actually, of the earthquake there. So
-
there were militias that were basically
robbing medical teams, trying to transport
-
people between different hospitals. And
there were much nastier things with, you
-
know, gangs of people going around
from village to village, basically doing
-
whatever they want to, whoever they want.
It was really not cool. And so we want to
-
avoid that kind of problem that comes, when
people are not able to to collectively
-
work together effectively as a community.
And so the GPO four freedoms that we know
-
from software, they're a great starting
point. But I think actually we've seen
-
enough things like with TiVoization and
all these sorts of other challenges, that
-
this is not sufficient, when it comes to
hardware. And there's actually some even
-
more complicated things. You start talking
about mobile phone kind of hardware, as to
-
how we can do that, which I'll talk about
in a moment. But these are a starting
-
point of what I've come up with as things
that I see as being necessary. There's
-
ample room for improvement. And in fact,
with any of what we're trying to do in
-
this space, we need folks to come along
and help us. We can't do it alone. We need
-
to work together so that we can help
one another when the digital winter comes.
-
So the first freedom is simply the freedom
from energy infrastructure. We know
-
critical infrastructure is disturbingly
vulnerable, that the security of it is
-
quite bad. But also you have these like
large centralized places that produce the
-
energy that we need. And, you know, we see
power cut offs in Venezuela and all of
-
these sorts of
things, regardless
-
of who's actually doing it, whether
it's sabotage or whether
-
it was purposeful from the
government, I don't know. It actually
-
doesn't matter. The fact is, it happens.
But also, of course, a natural disaster.
-
Power goes out. Fortunately, this is
actually one of the easiest things to
-
solve. We just need to include some kind
of alternative energy supply into the kind
-
of devices that we're creating. So that
could be solar panel on the back. Or you
-
could have the you know, the Faraday, you
know, you shake it like a martini kind of
-
thing to generate power or both, whatever
you feel like. Or if you can find a good
-
supply of NASA radio, I hope then with
generators, that would also be fantastic.
-
And we'll keep you warm through the winter
as well. But, you know, if anyone has a
-
supply of those, let me know. I'd love to
hear. So then the second freedom is
-
actually quite similar to the first. It's
the realization that we need energy to
-
communicate in communications, to organize
ourselves and be effective. And again, the
-
communications infrastructure is in many
ways that she even more fragile than the
-
energy production. Infrastructure is much
easier to guard a couple of power stations
-
in a country than it is to guard every
phone tower and all of the interconnecting
-
links and all these sorts of things
between them. As we said, communications
-
depravation is already being weaponized
against the vulnerable around us. Again,
-
fortunate there's been a whole pile of
work in the space of the previous work
-
I've done with the serval mesh and
freifunk. And a whole bunch of groups
-
working on a whole bunch of different
things in this kind of space for peer to
-
peer secure, authenticated communications.
So, yes, there's work to be done, but this
-
is an area where there's actually already
like the energy one. There's been quite a
-
lot of work done that makes that quite
feasible to work on. So then we start
-
going into some of the the harder ones, we
need to make sure that we are not
-
dependent on, you know, the major vendors
of our devices, when it comes to the
-
security of our devices. So this starts
with simple things like that the GPL
-
provides. So, you know, full source code
has to be available. But more than that,
-
we actually have to make sure that we can
actually exercise those rights in
-
practice. So it needs to be simple enough
that we can actually, you know, go right.
-
Okay. There's a security vulnerability in
such and such like you now. Yes. You were
-
talking about earlier today with some of
the bluetooth things. And then to actually
-
be out to patch it yourself, it's quite
obvious that this is not the case for
-
whether it's firmware or whether it's the
regular operating system on modern mobile
-
phones. So who here is actually built
Android from source themselves? Excellent.
-
Expected to see a few folks here. Who has
tried and gave up in disgust. Right. More
-
hands? Yes. I myself was all like, you
know, I work on the civil project and we
-
do a whole pile of things and basically
just know after spending a number of hours
-
on, it just went like, you know, this is
actually this is a lot of work for
-
something that ought to be straightforward
if we want to be out to make rapid
-
progress. And so we want to have systems
that are simple enough, we can patch. But
-
in fact, there's another really key
advantage, the simplicity that I'll
-
probably come over a few times in this
talk, and that is that simplicity reduces
-
the attack surface. If we are in an
asymmetric power environment, where there
-
are whether they are state or non-state
actors seeking to deprive vulnerable
-
people of communications, they're going to
have potentially the ability to put whole
-
teams looking for vulnerabilities in
software. In contrast, we might be lucky
-
to have someone who's going to try and
madly find when things are being exploited
-
and to patch them. So we need to have ways
around this kind of thing. And to my mind,
-
reducing the attack surface is the only
way that we can actually have any real
-
hope of, you know, being at a keep up in
that arms race of security. So Freedom #4
-
is related to this previous one. Is
actually saying not only do we want to be
-
at a patch, where she wants to be at a
change, enhance doing these things. And
-
again, it comes back to the same basic
need that the software is actually able to
-
be compiled. And the hardware designs are
simple enough that we can actually, you
-
know, to work on these things so that we
get not merely in theory have permission
-
to innovate, but that it is in practice
feasible to do so. And again, the simpler
-
the system, the the the more probable it
is that we can actually succeed in this
-
kind of space. And then again, there's a
lot of these are quite interrelated,
-
that's part of why I
say it would actually be
-
great to get feedback
on how we might
-
restructure these to make the boundaries
really clear
-
between these freedoms
that we need.
-
So we need the freedom to
maintain the devices for the long run. So
-
who here has or has had a fair phone, for
example? I love the fair phone by the way.
-
A number of us. I've had one as well. And,
you know, if you talk to the people at
-
Faith, I think they have a team of a bunch
of people just trying to maintain Android
-
on the faire phone 2, for example. And
also now on the faire phone 3 as it comes
-
out. And this is actually really hard
work. But again, the complexity and the
-
barriers that are there, make it really
difficult to be able to just keep the
-
thing running with the same hardware
little and each time you want to target
-
new hardware with new capabilities. This
is just going to be, you know, as a
-
community, we can probably do one or two
devices if we kind of all collected our
-
effort. But to actually do it for, you
know, devices that meet individual needs
-
or, you know, appropriate for a particular
area might have, as we say, a different
-
energy source. So I might want to try
putting, you know, some thermal electric
-
thing or whatever that at the moment to do
that with mobile phone hardware is just
-
prohibitive in the complexity and the, you
know, the resourcing and effort that it
-
would require. So we need to find
solutions around this. And then again,
-
related to that, overall, we have this
problem of scale dependency. I think this
-
is one of the really key things at the
moment to make a mobile phone. You need to
-
have a big enough market and you'd have a
big enough enterprise and enough capital
-
and all of the rest of it to actually be
had to go through the very expensive
-
process of designing the thing, getting
injection molding, tooling and all of that
-
kind of thing made. That, you know, to do
that for a modern phone. I suspect it's a
-
few million euros to do it reasonably
well. And if you did it on the cheap and
-
skinny is probably still maybe something
like a million euros to achieve. So we
-
have to somehow break this down, to make
it feasible to do. And as I said earlier,
-
simplicity is a key theme to my mind, and
it is the only way I think that we can
-
actually do it. So we've already talked
about the challenges of distributing an
-
Android ROM, let alone modifying it to do
new things in any kind of sophisticated
-
way. And even if you do, the hardware is
actually too complicated. And there's a
-
whole pile of trust issues around the
complicated hardware. If you can't
-
understand something, by definition, it's
a black box. And if it's a black box, by
-
definition, you can't trust it. Because
you don't know what's inside. So, you
-
know, we we have this point again, the
digital winter. You don't want any black
-
boxes or if you do, you want them very
carefully monitored and managed. And so
-
the system has to be not simple enough to
make once. It is simple enough that we can
-
actually remake it again and again and
again, as we have need. It's a bit like
-
the difference between a chainsaw or an
ax, right? If you want to be in a remote
-
area and have to be self-sufficient. Much
better to depend on ax to chop your wood,
-
because if you need two, you can make a
new handle for your ax. And you know, with
-
a bit more effort, you could do some very
simple metallurgy and, you know, metal
-
smelting with iron ore. If you happen to
be lucky enough to have an area or copper
-
or whatever, it's going to be a much
easier proposition than having to do that
-
and then somehow make a fine machine
tooling and making you chain parts and
-
motor parts and all of this kind of thing.
So it has to be if it is going to be
-
resilient and survivable, it has to be
simple enough that you actually can build
-
it with relatively simple tools going
forward. Electronics is going to be a big
-
challenge in this area because, you know,
you need to be PCV fabrication, you need
-
to get components and things. But we have
to try and reduce the barriers as much as
-
we can, so that at least, for example,
component scavenging, for example, might
-
be an option. Or devices that will be
available, because they're still needed by
-
other industries that have more protection
as we head into a digital winter
-
environment that we can take and repurpose
that kind of hardware. So that this kind
-
of leads into this tension then of saying,
okay, if we make something which is simple
-
enough, we know we as a community, we only
have limited resources available to us, to
-
make this kind of resilient device. Do we
make one or do we all kind of like run off
-
and make different kind of things? And I
think the you know, this is a tension. I'm
-
not going to claim that. I know the
absolute best setting for this. I think we
-
need to have, as I say, kind of multiple
germ lines so that if one system gets
-
chronically critically broken or proves to
be ineffective and that, you know, there
-
are others kind of in the wing that can
kind of fill that niche in the
-
environment. But we don't have so many,
that if you don't get anywhere. And so
-
this is a bit tricky. My gut feeling is,
you know, making a an initial device that
-
can kind of demonstrate some of these kind
of positive properties. And then so other
-
people will look at and go like, well,
that's really great. That's got us
-
forward. But, you know, that was a really
stupid design. I think this is a way
-
better way to do it in the way, that we
have that freedom in the open source
-
community to do, is probably a pretty good
way to do things. And I would say, we're
-
not yet at the end point of that proof of
concept, but we're trying to move things
-
forward to that and that point. So, come
actual to the the megaphone that we're
-
trying to create. And so in terms of what
we've actually set out to do for the goals
-
and kind of the methodology, we want
something, which is simple, secure, self-
-
sufficient and survivable. A lot of the
work that I do is, for example, with, you
-
know, NGOs. We've worked with folks
from Red Cross. We work with folks from
-
the UN World Food Program, who part of
the interestingly, are the distributors of
-
communications in the UN cluster system
for disasters. Because they kind of like
-
hand out blankets and they hand out rice
and things. Someone basically say to them,
-
well, you should also be handing out the
communications. And so that's just kind of
-
how it's fell. And so, you know, in an
easy way I do smartphony kind of things
-
like would be great to have some
navigation, it would be great to have in a
-
disaster context, the ability to fill in
forms on the screen with a touch screen
-
and the rest of it and have the uplink
through. So if you think, you know, an
-
Ebola outbreak in Africa, for example, to
be out a collect, you know that case
-
information to track down the you know,
the case zeros and. Kind of thing, you
-
need communications that can work. Often
these outbreaks happen in places where law
-
and order and civil society is not really
working. Because if it was, then they
-
wouldn't have had the outbreak there, it
would have been managed more effectively.
-
And so you need this kind of,
you know, dependable device that can work
-
independent of everything else that's
going on. And that might have to do
-
software updates, for example, over a
really expensive narrowband satellite link
-
that might be, you know, tens of bytes per
second or less. So that was kind of some
-
of the, you know, the motivation around
this to create it. And it separately have
-
been working on the Mega 65 project for a
couple of years at that point. And it just
-
kind of dawned on me that actually this
simple 8 bit architecture is
-
powerful enough to actually be useful to
do some things. Math kind of, you know,
-
well, you're doing this. You know, the fun
proof of, you know, proof by example,
-
really, of delivering the slides with this
machine to show. that you can do useful
-
things if you write the code carefully
and carefully written code is more likely
-
to be verifiable and secure. And it's
probably I don't think you can get any
-
simpler than an eight bit system and still
be useful like I don't think we want to be
-
trying to use an Intel 4004 derived
4 Bit CPU to do things. Boeing's if
-
someone can find a way to do something
with a system that's that simple and they
-
can still do everything we need and it
makes it even easier to verify. Fantastic.
-
My gut feeling is it would actually be
worse on every point, because the amount
-
of work that you would have to do to do
each useful thing, you end up with code
-
which is actually larger in size. That I
think, my feeling is that the 8 Bit
-
architecture is about that sweet point.
And so anyway, so as a result of the
-
Mega 65 work, it's based directly on that. So
the the phone actually is a Mega 65
-
importable form and will show that in a
little bit. And so we're getting towards
-
that kind of proof of concept stage. So we
had the first phone calls back in Linuxconf.
-
So if you kind of dig back through this,
the the video of that talk where with a
-
much earlier prototype, we actually had
people calling the machine, which is quite
-
fun. And I took a little bit later as well
about the some of the audio part kind of
-
issues around that. So let's look at those
six freedoms again now, and what we're
-
trying to do with the megaphone. So energy
independence. The first thing is we've got
-
a filthy, great big battery. I hate it
when phones go flat. And when you're in a
-
disaster zone or these kind of vulnerable
situations, you really don't want it going
-
flat at the wrong time. So we've put a 32
watt our lithium ion phosphate battery
-
that should have 2000 full charge cycles
in there. The device is about the size of
-
an intended switch in terms of surface
area. So putting high performance solar
-
cells like you would put on the solar
racing car or on your roof, we can
-
probably get about seven watts with that.
And if you do the kind of math that's, you
-
know, four or so hours of charge time, but
we know in reality that the, you know, the
-
solar environment will often be much worse
than that. It might be only 10 percent of
-
what it to be 1 percent of that if you're
talking about these kinds of latitudes
-
under cloudy conditions. And so you really
want to have the big battery and as big a
-
solar panel as you can and you want the
power consumption to be as low as
-
possible. So we've got CPO data to
candlelight little teeny tiny FPGAs,
-
that are managing the whole power
environment and wake up the main FPGA only
-
when something important needs to happen.
So we believe with 32 watt hours, we
-
should be out to get about a thousand
hours standby with a 4G off the shelf
-
cellular modem. And that's, you know,
assuming the solar panel was actually, you
-
know, like, you know, in a black box, even
the light here, if we had the solar, the
-
seven watt solar panel would have a sunny
side up and we would be able to maintain
-
charge indefinitely on the device, because
we only need to have about 8 Milli
-
Watts coming in. So we're talking about
one one thousandth of the capacity of the
-
solar panel. OK. So if a communications
for independence, we really want as many
-
possible ways to communicate as we can and
the naughty little things that we can't
-
trust, in particular the cellular modem,
we want to have a sandbox and quarantined
-
so that it can't spread its naughty plague
of whatever vulnerabilities it has in
-
there. Again, there are black box. We
can't trust them. They're too hard for us
-
to implement. So this is kind of a
decision that we've taken. We'd much
-
rather have a fully open 4G modem and if
someone makes one fantastic,
-
will incorporate
it straight in.
-
Right. because the
systemis designed to be
-
easy to change.
But in the meantime,
-
we have to kind of deal with
what there is. The great thing is that
-
these m.2 cellular modems are used
in vending machines, in cars, in all sorts
-
of things. So they're just the common
eyes. Again, if he had to scavenge them in
-
the future. This would be quite feasible
and also means, we can upgrade. So we have
-
two of these slots, so we could actually
have a dual 5G Commodore 64 so that, you
-
know, because he wants to
light weight extra time
-
when you're downloading
your games, right?
-
And 40 kilobytes can take a
long time to download. I've only got one
-
5G link, right? We have two of them so we
can do it in parallel. Because he was to
-
more than about, you know, four
milliseconds to download new software and
-
again, limited communications availability
in these kind of oppressive environments.
-
This is actually key. You might only have
short communications window. So while it
-
is a little bit tongue in cheek, it's not
entirely. And of course, with several
-
mesh, we've been doing, you know, UHF?
packet radio. So we've put in try band
-
Laura compatible radios in there. Not
Laura when we're doing it fully. We're
-
just sending out radio packets and
listening in with the modules. We've also
-
got ESP 1, 266 Wi-Fi and some Bluetooth in
there. So that's some other potential
-
options. Acoustic networking. So we've
got 4 microphones that are directly
-
connected to our FPGA so we can do crazy
signal processing on that. And we've got a
-
nice loud speaker that should work up into
the ultrasonic range so we could even have
-
quite decent communications over, you
know, 10 or so meters in the acoustic
-
band. And there's a crazy bunch. And I've
forgotten the name of the research group
-
that do air gap jumping. And they've done
some quite crazy things with acoustics
-
with the live your headphones plugged into
your computer on your desk in a headphone
-
jack. You can software reconfigure that
and make that that's a speaker and
-
microphone. There's anyone that's
interested in a hall after. And we can
-
have a look and try and find the link for
you. We've also got infrared LED. And so
-
the idea with all of these kind of things
and whatever else you can kind of do, is
-
that it should be really hard for an
adversary to actually jam all of these
-
things at the same time. You know, you
might be able to do broadband RF jamming,
-
but that's not going to stop the acoustics
or the LED. And even if you can kind of
-
make a lot of noise, it's gonna be really
hard to block the LED, if people are kind
-
of holding the devices near one another to
do delay tolerant transfer. And of course,
-
any other crazy things that people come up
with. Again, a simple system design that
-
you can extend it easily yourself. OK.
Security independence. So the operating
-
system runs in a little bit CPU, which is
basically a slightly enhanced version of
-
the Commodore 64 CPU. It has a a bit
hypervisor, which is 16 kilobytes inside
-
hardware limitation, because we don't want
it getting bigger. If it gets 16K then
-
you have to throw some other things out
and right. What does it actually really
-
need to do so, that you still have a
system which is actually much more
-
verifiable. And this kind of small
software, it should be quite possible on
-
this machine to run a simple C compiler,
for example, to we had to compile the
-
software that is actually running the
core operating system, so we can have
-
that whole complete offgrid operation.
We've really talked a little bit about having
-
the untrusted components fully sandboxed.
So for example, cellular modems only have
-
a 80 command serial interface to the rest
of the system. And so this is going to
-
make it much harder for
an adversary to work
-
out how with a fully
compromised cellular
-
modem, you can compromise the
rest of the system by giving presumably
-
bogus responses to 80 command requests.
And because we know that's where the
-
vulnerable point is, we can put a lot of
effort in our software to really
-
interrogate the command response to the
coming back and no look for any QIT
-
command responses within a semicolon, drop
tables and all the rest of it in there. It
-
should be pretty straightforward to pick
up. So we also have an integrated hardware
-
in sufferance inspectors, so that you can
real time verify. It is a little bit fun.
-
So I can hit mega tab and we call it
matrix mode for good reason. So the system
-
is still running in the background. So the
slides are still there. So I can go back
-
to the previous slow, I begin to say, it
was a joystick actually when I'm in there.
-
Yes, they you go. Or file a bug for that,
but we can, if I go back into it, we can
-
look at all of memory in real time. So if
you are truly paranoid and you are about
-
to, for example, do some encrypted email
on your, you know, digitally sovereign
-
device. You could actually go into this,
stop the CPU and then inspect every byte
-
of memory and compare it to your physical
printout of the, you know, 30 or 40
-
kilobytes of your software. Or you might
every time he might do, you know, half a
-
kilobyte or something, right?! And verify
it so that progressively over time, you've
-
actually verified that the system is
always byte identical. At that point in
-
time to what it should be doing. And
again, the simplicity, we only have one
-
program running at a time. So, you know,
you know exactly what the system is doing.
-
And we can tasks which we got a built in
phrase constantly if I press the restore
-
key. Anyone who's used a Commodore 64 and
with an action replay will probably
-
recognize the inspired format. And so
that's our program. They're running with
-
hardware, thumbnail, generation of colors,
a bit wrong. We need to fix that. But, you
-
know, we've got other software that we've
had running on it. And so if we wanted to,
-
you know, break up the presentation with a
quick game of Gyruss, for example. We can
-
do that. I need to switch the joystick.
What I can do that in here as well. Jay.
-
silence
-
retro music
-
You know, if we wanted to, we can do that.
And then we can go back and, you know,
-
pretend that we weren't doing anything
naughty at all. And of course, I forgot to
-
save what I was doing first, right. So I
have to load the program again. So that's
-
my bad. That's right. Because reboot time
is about two seconds.
-
typing commands
-
So the worst part now is that we actually
we haven't got a command to jumped through
-
the slides and so it actually takes a
little bit of time to render each slide as
-
we go through. So that that's my
punishment for not saving first.
-
But see what we might do. We'll skip that for the
moment. And I'm kind of at the right point
-
anyway to talk about it, which is the
audio powers and a mobile phone. This is a
-
really important area to protect. So, so
important, that is the only diagram that
-
I've put an entire presentation. So at the
top we have a normal mobile phone. So
-
basically what we see is that the
untrustable cellular modem is not merely
-
on trustable. It's like an evil squid that
has tentacles at reach into every part of
-
your mobile phone that you really don't
want it getting into. So it has the direct
-
connection to your microphone and speaker.
The normal CPU in your mobile phone
-
usually has to say pretty please, oh
untrustable, completely untrustworthy
-
cellular modem. May I please have
something which you're going to tell me is
-
the audio that's coming in through the
microphone? Whether or not it's actually
-
the audio or not, there's a whole separate
thing. It might be doing all manner of
-
crazy things first, because you can't tell
because it's a big fat black box in the
-
way. And then just to make sure that the
you know, it can fully compromise, what
-
you're doing often is on the same memory
bus. And so, you know, you might go, oh,
-
I'm being all secret squirrel from the
cellular modem and asking you anything.
-
And it's just quietly lifting the covers
and looking at what you got under there
-
going like, oh, no, no, that bites wrong.
You really want that value in that bite.
-
And likewise, the RAM and the storage. So,
you know, the cellular modem can totally
-
compromise your bootloader and all of that
kind of stuff along the way. Let's just
-
say that that's not really a very
survivable model or a very resilient model
-
or a very secure model for a phone. So
we have instead is that we've
-
basically put the fully untranslatable
thing completely out in its own little tiny
-
shed. We've got the tin can and string
between us and it with a very controlled
-
interface and the microphone and speaker,
thank you very much, are directly
-
connected to our FPGA. So we can do
encryption at the microphone and
-
decryption at the speaker. The storage is
secure, so we could even have massive one
-
time pad. So we could actually do sig
sally style provably secure communications
-
over distance. If you can set up the key
material beforehand for one time pad. So
-
it's a radically different approach to
what we see with devices out there at the
-
moment. So we'll just get the the last few
slides up in. Oh, no, for CONAN. Whoops. So
-
even simple software can have bugs. This
is why we need many eyes. Think of a load.
-
This one first. Yep. And now I can load
the other one because it just hadn't
-
loaded the fonts in. Yeah. Cool. It's
coming. Yeah. You could even use the
-
joystick to move read and the text if you
want to. Okay, so if we think then about
-
this whole, you know, like what are we
actually trying to achieve around this and
-
what are some of the things that we need
in the, in the. The Commodore derived 8 bit
-
platform to us has a whole pile of
advantages as the basis for doing this.
-
Now, we could have done it with a
completely different platform. You'll like
-
some would think like RISC-V, for example,
is a nice open platform. Could be an idea.
-
Might it be that the RISC-V CPU was
actually still too complicated to actually
-
verify and trust yourself is my kind of
view, but I'm really happy that other
-
people might disagree with me. Again,
multiple germ lines, totally different
-
ways of doing things, and at least one of
them keeps working at any point in time
-
would be really, really good. You're kind
of combination things as well. So one of
-
the things that we're looking at is
having, for example, a Raspberry Pi
-
running the PI port of Android that
somebody else maintains. I don't have to
-
do it. And then having the 8 bit layer
actually visualizing all of the IO around
-
that, including access to the SD card
storage, including access to the screen.
-
And as that, she also makes it possible
for us to work to make custom mobile
-
devices for people living with disability.
And actually some of the Android again is
-
easy to maintain because we don't even
have to recompile it. We can just get the
-
standard version and then make it think
it's got a normal touchscreen when in
-
actual fact it might have some completely
different input method going on. So
-
there's a bunch of advantages. I've run
out of the official time that have a lot
-
of so I quickly go through and it will go
into the questions. So the platform is
-
really well documented. So there's another
whole pile of tools and everything
-
programing languages. So this is pretty
straightforward to go through. We've
-
already talked about capability
maintenance again. So that is actually
-
another key point: Making the hardware big
actually is a massive advantage because
-
then we can do normal PCP fabrication. We
don't have to be any BGA parts placement,
-
which is a real pain to do in your home
oven, it is possible, but you don't want
-
to have to work to learn how to do it in
digital winter. And yet it's largely this
-
kind of similar size to existing kind of
devices out there. There's a bunch of
-
advantages with that. There's a whole pile
of different things that we really would
-
like some folks to help us with to try and
get this finished and out there for people
-
to try out and to, you know, we had a
mature it and make it work. So it doesn't
-
matter whether you have a programmable
8 bit computer I've ever done any FPGA work or
-
PCB work or whatever. You know, there's
lots of space for people to join in what
-
is quite, we think is actually both an
important and actually a really fun and
-
enjoyable project to work on. And so
really just want to finish. But she said
-
that I think it is a thinking about this
talk and preparing for it. I think
-
actually, it is a call to action. You
know, the digital autumn has begun.
-
Digital winter is on its way. We don't
know when it's going to come. And it might
-
come a lot quicker, than we would really
like it to come, you know? Myself and the
-
people who are already working on the
project, we can't do everything alone.
-
We're doing what we can. We going to try
to organize another event in early April
-
up in Berlin. But there's no need to wait
for that to get involved. You know, we'll
-
be around at the vintage computer area. If
anyone wants to come and have a look or
-
ask anything about how you might get
involved or just play around with the
-
platform, it's quite fun to use. Oups. And
yeah, we'll leave it at that point. So any
-
questions would be really welcome.
-
applause
-
Herald: That was incredible. You have the
best present and set up that I've ever
-
seen.
PGS: Laughing Thank you.
-
Herald: That joistick is amazing.
Applause
-
PGS: The joystick is also open source
hardware. I can give you the plans to make
-
one of those you sell from from parts.
It's the spare joystick part through
-
arcade games basically.
Herald: Yes, please. OK. We're
-
taking questions. I remind you, we have
six microphones in the audience. We also
-
have the amazing signal angel that's going
to relay questions from the Internet. And
-
we're going to take one right now.
Signal-angel: Okay. So you already talked
-
about some events, but maybe can you bit
more elaborate on how you're planning to
-
involve the community?
PGS: Okay. So how we gonna involve the
-
community? Basically, anyway, the
community would like to be involved. The
-
moment in terms of with the phone as
myself and kind of the work at a
-
university and we have kind of a couple of
part time students working on things. So
-
the bus number is disturbingly near one at
the moment. So there's ample scope to
-
help. We've got a few other people who are
helping with the Mega 65 project itself.
-
And so there is obviously this crossover
in that. But what would be really great
-
would be to find, for example, a couple of
people who are willing to work on
-
software, primarily coding and C. You
don't even have to know any 65 to
-
assembler to begin with, to do things
like, you know, finishing off the dialer
-
software and things that we demonstrated
back in January and get it all working, so
-
we can actually walk around with a pair of
large plastic bricks by our heads, talking
-
on the phones that we've actually created.
That would be a really great way to work,
-
to get some initial forward movement. And
then things like case design, there's a
-
whole bunch of stuff that, you know, we'd
welcome involvement on.
-
Herald: Thank you. Do we have more from
the Signal Angels? Yes, we do.
-
Signal-Angel: So, okay, um, there's a
question when a prototype will be
-
available.
PGS: Okay. When a prototype would be
-
available, I'm happy to give out blank
PCBs or post them to people. I've
-
got actually packed them with me. We've
got looking at the next prototype is
-
actually being built at the moment. So,
you know, these can be built for about 400
-
euros at the moment. So you can buy like
five of these instead of an iPhone. Right?
-
So it's already it's it's economically
survivable as well in comparison.
-
Essentially, it's one of the really quite
funny things that we kind of making isn't
-
going like a few person years of effort.
And we can already make a mobile phone
-
case, not a small and ch'mic, but it's got
a joystick port. Right. Does your iPhone
-
have a joystick port? So, you know, it's
it's amazing. We've actually been able to
-
do quite quickly. So, it's the kind of
project where we do have people kind of
-
come in to help us. You know, I think
like, you know, by next Congress, we ought
-
to have people running around with
megaphones and being able to communicate
-
in fun an independent kind of ways. So,
yeah.
-
Herald: Thank you. Microphone one, please.
Mic 1: Thanks for a cool talk. And I have
-
another question because you want to
reduce black boxes. But what about
-
encryption? Because it's really complex.
And how do you plan to reduce this black
-
box?
PGS: Ah okay. So an excellent question. So
-
the best encryption there is, is actually
the simplest. It's called one time pad. So
-
if you can actually meet with people. So
again, we're talking about focusing on
-
supporting local communities in one
another. If you get your megaphone on the
-
other person's megaphone and you come in
infrared range, for example, and then you
-
shake them like martinis to
generate some random data and you do that
-
until you've decided you've got enough one
time pad and that one time pad is secure
-
enough in your device, then actually like
xor is pretty easy to debug. Right?
-
Herald: Thank you. Microphone number
three.
-
Mic 3: So you talked about the form factor
right now being Nintendo's switch.
-
PGS: Yeah.
Mic 3:Do you have plans on going smaller
-
than that? More like a classic mobile
phone?
-
PGS: Yeah, I think it's actually quite
possible. So the.
-
So this is if you like,
that the first version is this one. You
-
can see it's about five centimeters thick.
The second one, we think we can get down
-
to about four centimeters thick, but it's
otherwise the same size as PCB. We've got
-
a student amount is going to try and work
on making one that's about the size of
-
only the screen, still probably about four
centimeters thick. And we think that
-
that's going to be quiet. It's the PCB
layout. He's basically been cursing me for
-
the last three months to try and get all
the trucks routing without it needing to
-
be a 15 layer sponge torte kind of PCB,
but that should be quite possible to do it
-
again. That's the kind of thing. Once
you've got a working prototype, then the
-
people, you're like, okay, we're going to
be on the miniaturization team, too. And
-
part of me try and make something which is
even smaller. But, you know, there's
-
always tradeoffs in these things. Again,
the smaller you make it, the less solar
-
panel you can have on the back. So that's
kind of these things. It's only trying to
-
make it as thin as we can. I think it
makes a whole pile of sense.
-
Herald: Honestly, you can make it smaller,
but I don't think you should. Because when
-
the zombie apocalypse happens, it's a
communication to the weapon.
-
PGS: Yeah. And it's less. Right. It's kind
of, you know. Exactly. We can use a full
-
sized one as well. Right. I've kind of
got, you know, quite a nice solid metal
-
keyboard in there as well.
Herald: A question from the Internet,
-
please show.
Signal-Angel: So what do you think about
-
the open moko phone?
PGS: The Openmoko phone? I'll try.
-
Remember the details about those and the
whole again. Everything that's being done
-
on all of these fronts to make fully open
devices with a few black boxes as possible
-
is fantastic. So as I say, open moko can
make an M.2 form factor cellular
-
modem that we can put in the megaphone. I
would be so, so happy. But we can do a
-
whole pile of stuff, while we are
waiting for that to happen?
-
Herald: Thank you. We actually had a talk
yesterday about from one of the people
-
behind the Openmoko. So you can watch the
recording if you want. Next question,
-
microphone one.
Mic 1: Sure. Thank you for the great talk.
-
I was interested in the Mega 65 itself. Is
that available? Can can, is it sold?
-
PGS: Yes, it's all okay. So the two most
common questions, We have about the mega
-
65 is can I buy one now and how much does
it cost? Unfortunately, the answer to both
-
of those is we don't yet know exactly.
It'll be a three digit number in euros for
-
the price. This is pretty certain. But at
the moment, our big challenge is we. This
-
one is it's a prototype made with the
vacuum for molding. So each case cost
-
upwards of 500 euros for the case. This is
not really sustainable. So we know we need
-
to make injection molding tooling for
that. And so the guys from the German part
-
of the mega 65 team are running a fund
raiser, just a little bit careful that
-
Australian law for fundraising is a bit
weird. So I am not doing any fund raising.
-
Some people here in Germany are doing some
fund raising to try and raise the money
-
for the mall. If you look at mega65.org,
you can find out what they're doing in
-
that space and and have a look at that.
Herald: Thank you. Do we have more
-
Internet questions? Nope. Cool, cool. I
think that's it. So thank you again for
-
the wonderful talk. My pleasure. Thank
you.
-
Applause
-
Postroll music
-
Subtitles created by c3subtitles.de
in the year 2020. Join, and help us!
