1 00:00:00,000 --> 00:00:19,760 *Preroll 36C3 Music * 2 00:00:19,760 --> 00:00:28,410 Herald: Good evening and welcome to day two of the Congress. Our next speaker, 3 00:00:28,410 --> 00:00:37,270 Paul Gardner-Stephen is fighting for a free, secure and resilient communications. 4 00:00:37,270 --> 00:00:43,320 He's known as the leader of the cerebral projects, building cell phone mesh 5 00:00:43,320 --> 00:00:49,720 networks and also as the creator of the mega 65 computer, that you can see right 6 00:00:49,720 --> 00:01:01,110 here. *Some Applause* And. So he's going to tell us about his next project right 7 00:01:01,110 --> 00:01:07,780 now and also explore some issues that we face about, building networks and keeping 8 00:01:07,780 --> 00:01:13,970 them secure and resilient. So please welcome Paul Gardner-Stephen "Creating 9 00:01:13,970 --> 00:01:18,240 Resilient and Sustainable mobile networks". A round of applause. 10 00:01:18,240 --> 00:01:21,360 *applause* 11 00:01:21,360 --> 00:01:24,360 Paul Gardner-Stephen: OK. Thanks for coming along, everyone. Tonight is getting a 12 00:01:24,360 --> 00:01:28,560 little bit late in the night , Sidney, for me it is past my normal bedtime, so 13 00:01:28,560 --> 00:01:32,550 apologies if I yawn. It's not that I'm bored or disengaged. It's just I flew in 14 00:01:32,550 --> 00:01:37,600 from Australia yesterday and still haven't really had enough sleep. But we should be 15 00:01:37,600 --> 00:01:46,450 fine. So cool. So what we can see here we have the mega 65 prototype and we have a 16 00:01:46,450 --> 00:01:52,400 prototype of the megaphone and I'll talk about those two in a minute. So the entire 17 00:01:52,400 --> 00:01:56,729 presentation is actually going to be delivered with the technology that we're 18 00:01:56,729 --> 00:02:00,810 creating. So a bit of a dog food eating session for this kind of thing is a bit of 19 00:02:00,810 --> 00:02:05,940 proof by example that we can actually do useful things with 8-bit systems because a 20 00:02:05,940 --> 00:02:09,220 whole pile of advantages when it comes to the security and digital sovereignty with 21 00:02:09,220 --> 00:02:15,510 that. So we'll switch the screen to the screen. Super excellent. So we can have a 22 00:02:15,510 --> 00:02:20,140 look and make sure I've got the correct disk in there. Yes, we do. We will drop to 23 00:02:20,140 --> 00:02:37,819 see 64 mode. And we'll load the wrong one. For sure, we don't have to wait the long 24 00:02:37,819 --> 00:02:42,569 time if I press and hold down the caps lock key. The CPU runs at the full speed 25 00:02:42,569 --> 00:02:51,320 instead of normal speed. And so now it will light up. Its Commodore 64 software, 26 00:02:51,320 --> 00:02:56,540 right. So of course it has to be cracked. Even if I had to supply the originals to 27 00:02:56,540 --> 00:03:02,069 the cracking crew because in 2019. So we'll let that go for the year. The 28 00:03:02,069 --> 00:03:07,700 graphic change a little bit as we go along and let the grease roll out there. So all 29 00:03:07,700 --> 00:03:13,019 of this has been created in FPGA. So we have complete sovereignty in that sense 30 00:03:13,019 --> 00:03:16,590 over the architecture so that we can really start trying to, you know, to make 31 00:03:16,590 --> 00:03:22,099 systems that we have full control over from that full hardware layer and that are 32 00:03:22,099 --> 00:03:26,550 simple enough that we don't need to have a huge, massive team of people to actually 33 00:03:26,550 --> 00:03:29,970 work on these things. A lot of what we are talking about here has been created in 34 00:03:29,970 --> 00:03:37,250 maybe three or four person years over the last few years. So it is quite possible to 35 00:03:37,250 --> 00:03:41,030 do a lot with these systems without needing to have the huge resources of a 36 00:03:41,030 --> 00:03:51,119 multinational company or something, which is kind of key. Okay, so we'll do. Mega. 37 00:03:51,119 --> 00:04:02,760 Oh. 36C3. Okay. I'll press a five for presentation mode, which really just hides 38 00:04:02,760 --> 00:04:09,159 the cursor. And then I can use my clicker. So we have to switch, the camera here for 39 00:04:09,159 --> 00:04:15,849 a moment *applause* we switch the camera. So it's a genuine homemade 40 00:04:15,849 --> 00:04:20,180 Commodore 64 compatible joystick. And it makes the most satisfying click noise when 41 00:04:20,180 --> 00:04:29,930 we use it. So if we switch back to the slides, that will be great. But they are 42 00:04:29,930 --> 00:04:36,330 super, cool. So I am indeed going to be talking about creating resilient and 43 00:04:36,330 --> 00:04:38,630 sustainable mobile phones and hopefully that link when we already have the the 44 00:04:38,630 --> 00:04:46,120 artifact there of the megaphone prototype, that will become clearer as we go through. 45 00:04:46,120 --> 00:04:51,000 So really, the last talk, was it kind of interesting talking about this whole a 46 00:04:51,000 --> 00:04:54,340 different angle, this whole thing, that communications has actually become really 47 00:04:54,340 --> 00:05:00,360 weaponized over the last decade or two in particular that, you know, we're seeing 48 00:05:00,360 --> 00:05:03,180 that, you know, where it used to be natural disasters, that are the main 49 00:05:03,180 --> 00:05:06,840 problem, that now there is this whole problem of manmade disaster, which is a 50 00:05:06,840 --> 00:05:11,840 major problem for us. And so we see Internet shut communication shutdowns. We 51 00:05:11,840 --> 00:05:15,810 have surveillance happening in different places where it really ought not be 52 00:05:15,810 --> 00:05:19,900 happening. You know, this state level actors that are very well resourced, able 53 00:05:19,900 --> 00:05:23,690 to find zero day exploits. And the attack surface, as we know in modern 54 00:05:23,690 --> 00:05:30,520 communications devices is simply huge. And so this is this is very asymmetric in the 55 00:05:30,520 --> 00:05:34,949 power equation between, you know, the forces that seek to oppress people and, 56 00:05:34,949 --> 00:05:38,490 you know, the vulnerable people at the coalface who are just trying to get on 57 00:05:38,490 --> 00:05:42,720 with their lives and believe good decent lives and need communications to help 58 00:05:42,720 --> 00:05:46,960 protect themselves and enable that to happen. And that we're seeing that the 59 00:05:46,960 --> 00:05:53,000 value of communications is so well understood by these pressing forces that 60 00:05:53,000 --> 00:05:56,260 it really has become quite a you know, it's quite high up their list of things to 61 00:05:56,260 --> 00:05:59,680 do. You know, you don't send the army in first to quiet people down. You cut off 62 00:05:59,680 --> 00:06:06,580 their Internet as the first thing. So this is part of the backdrop of what we see. 63 00:06:06,580 --> 00:06:11,780 And so what I would say is that the digital summer has actually finished. 64 00:06:11,780 --> 00:06:18,050 We're now in the digital autumn. We can see in that, you know, with the with farms 65 00:06:18,050 --> 00:06:20,639 and trees and things that, you know, there's still plenty of fruit to see in 66 00:06:20,639 --> 00:06:25,680 the early autumn. Right? And there's lots on the ground. It feels like this time of 67 00:06:25,680 --> 00:06:30,919 plenty will continue. And, you know, we can all eat as we need that there is 68 00:06:30,919 --> 00:06:36,490 enough more or less to go around. But the risk that we have is from this parable of 69 00:06:36,490 --> 00:06:39,850 the grasshopper and the yet. Who here knows the parable of the grasshopper and 70 00:06:39,850 --> 00:06:43,350 the ant? Hands right up. Is it really hard for me to see up here? Okay. We'll stop 71 00:06:43,350 --> 00:06:49,330 and say who doesn't know? Okay, cool. So I thought actually it was originally a 72 00:06:49,330 --> 00:06:52,740 German kind of problem. This is the story of where the grashoper, you know, the 73 00:06:52,740 --> 00:06:56,569 grasshopper is kind of lounging around and enjoying the summer. While ant aren't busy 74 00:06:56,569 --> 00:07:00,530 carrying all the seeds back into the nest. And the ant's telling the grasshopper, 75 00:07:00,530 --> 00:07:03,370 hey, you need to get some food and stuff and put away for the winter so that you 76 00:07:03,370 --> 00:07:07,610 can actually survive the winter. And the grasshopper is basically in denial about 77 00:07:07,610 --> 00:07:11,650 the fact that, you know, the season will change. And then, of course, the season 78 00:07:11,650 --> 00:07:14,630 changes. It snows and gets cold. And then the grasshopper kind of goes knocking on 79 00:07:14,630 --> 00:07:17,680 the door of the antholl, not the lake, kind of really have doors, but that's 80 00:07:17,680 --> 00:07:21,870 fine. It's like, oh, I'm starving and cold out here. And and ant is kind of like, 81 00:07:21,870 --> 00:07:23,940 well, I've told you so kind of thing. And I think actually in the end, it kind of 82 00:07:23,940 --> 00:07:28,271 lets it into we that want to scare children too much with their stories. And 83 00:07:28,271 --> 00:07:34,090 so this is actually the challenge that we have that we, I love every time I come to 84 00:07:34,090 --> 00:07:38,730 these events or the creativity that we see. You know, we're enjoying the digital 85 00:07:38,730 --> 00:07:41,870 summer and all of the things that is letting us create and, you know, the great 86 00:07:41,870 --> 00:07:45,400 open source software and tools and everything that's going on, it's 87 00:07:45,400 --> 00:07:50,630 absolutely fantastic. And we want that to be to continue indefinitely. But we know 88 00:07:50,630 --> 00:07:55,199 that, as we said, that, you know, the you know, the chilling winds are beginning to 89 00:07:55,199 --> 00:08:00,630 to come that tell us that unless we actually do something about it, that this 90 00:08:00,630 --> 00:08:05,710 isn't actually going to continue indefinitely. And just a statement that I 91 00:08:05,710 --> 00:08:09,400 really want to make here is this last point that I've got. The freedoms of the 92 00:08:09,400 --> 00:08:14,460 second half of the 20th century, post- World War 2. If you look at history, they 93 00:08:14,460 --> 00:08:22,890 are an aberration. To my knowledge, never before and I fear perhaps never again will 94 00:08:22,890 --> 00:08:27,810 we have that degree of personal liberty, focus on, you know, individual freedom and 95 00:08:27,810 --> 00:08:32,130 agency and everything that was in this post-World War era and is now starting to 96 00:08:32,130 --> 00:08:38,900 unwind and starting to unwind back to the normal totally asymmetric, you know. Well, 97 00:08:38,900 --> 00:08:43,500 to say sharing of power is the wrong word. It's the greedy collection of power and 98 00:08:43,500 --> 00:08:49,200 depravation of the mass population from having any thing resembling a fair share 99 00:08:49,200 --> 00:08:54,650 of what's going on. And so we have to act if we want for the, you know, the digital 100 00:08:54,650 --> 00:08:59,200 summer to continue or at worst for the digital winter to be as short and shallow 101 00:08:59,200 --> 00:09:06,790 as we can have it, so that the you know, we can come back to a new digital summer. 102 00:09:06,790 --> 00:09:13,160 Because once we hit the digital winter, it will actually be too late. Because if we 103 00:09:13,160 --> 00:09:16,020 push this analogy, you know that the digital winter is the time when there is 104 00:09:16,020 --> 00:09:22,060 no food on the train or it isn't any longer possible or at least practical to 105 00:09:22,060 --> 00:09:27,860 create new technologies to enable us to, you know, to feed our digital needs. And 106 00:09:27,860 --> 00:09:31,930 we can't plant any new crop, so to speak, until the digital spring comes again after 107 00:09:31,930 --> 00:09:36,910 that. And so the opportunity, like with the grasshopper is now before the winter 108 00:09:36,910 --> 00:09:42,879 comes to say, right, what do we need to have in our store of technology, the store 109 00:09:42,879 --> 00:09:46,290 of protocols, all of these different things, so that when the digital winter 110 00:09:46,290 --> 00:09:51,580 comes, we don't starve. And fortunately, you know, we can actually change the 111 00:09:51,580 --> 00:09:57,160 length of the digital winter. We can empower people so that, you know, the 112 00:09:57,160 --> 00:10:02,590 bitter cold of the digital winter is moderated and the spring can come as soon 113 00:10:02,590 --> 00:10:08,540 as it can. And the trouble that we have with this, we actually don't know when the 114 00:10:08,540 --> 00:10:13,279 digital winter will come exactly. We see these challenges around in the way that 115 00:10:13,279 --> 00:10:18,740 different governments and non-state actors as well, you know, working you in 116 00:10:18,740 --> 00:10:23,950 propaganda and all all of these things that are becoming sadly more intense and 117 00:10:23,950 --> 00:10:28,890 acute around us. We don't know when that tipping point will happen. But given the 118 00:10:28,890 --> 00:10:32,240 complexity of supply chains and things that are necessary in this, I think Bunny 119 00:10:32,240 --> 00:10:37,410 was talking about that earlier today, that this is actually quite easy for it to 120 00:10:37,410 --> 00:10:43,260 actually quite quickly flip into the digital winter mode. And then as with the 121 00:10:43,260 --> 00:10:45,750 real winter, at the very beginning of winter, there might still be enough to 122 00:10:45,750 --> 00:10:50,110 eat, but it gets harder and harder very rapidly. And, you know, if the winter gets 123 00:10:50,110 --> 00:10:55,250 too deep, then it's just not going to be possible to continue with these things. 124 00:10:55,250 --> 00:11:00,931 And so we've tried to think about what's needed to actually overcome this. What do 125 00:11:00,931 --> 00:11:04,661 we need focusing on mobile communications as a key piece of that? And there's a 126 00:11:04,661 --> 00:11:10,170 reason for that in that it's the way that we can communicate, organize, you know, 127 00:11:10,170 --> 00:11:14,680 collectively protect communities against the threats that come in. If we look at 128 00:11:14,680 --> 00:11:19,080 things like that great Haiti earthquake just back in 2010, the breakdown of 129 00:11:19,080 --> 00:11:23,029 communications and law and order meant that they were quite horrible things going 130 00:11:23,029 --> 00:11:28,459 on. We don't know about three days, actually, of the earthquake there. So 131 00:11:28,459 --> 00:11:32,970 there were militias that were basically robbing medical teams, trying to transport 132 00:11:32,970 --> 00:11:37,120 people between different hospitals. And there were much nastier things with, you 133 00:11:37,120 --> 00:11:40,160 know, gangs of people going around from village to village, basically doing 134 00:11:40,160 --> 00:11:45,300 whatever they want to, whoever they want. It was really not cool. And so we want to 135 00:11:45,300 --> 00:11:51,529 avoid that kind of problem that comes, when people are not able to to collectively 136 00:11:51,529 --> 00:11:57,180 work together effectively as a community. And so the GPO four freedoms that we know 137 00:11:57,180 --> 00:12:00,970 from software, they're a great starting point. But I think actually we've seen 138 00:12:00,970 --> 00:12:05,140 enough things like with TiVoization and all these sorts of other challenges, that 139 00:12:05,140 --> 00:12:10,410 this is not sufficient, when it comes to hardware. And there's actually some even 140 00:12:10,410 --> 00:12:14,830 more complicated things. You start talking about mobile phone kind of hardware, as to 141 00:12:14,830 --> 00:12:20,180 how we can do that, which I'll talk about in a moment. But these are a starting 142 00:12:20,180 --> 00:12:23,940 point of what I've come up with as things that I see as being necessary. There's 143 00:12:23,940 --> 00:12:27,880 ample room for improvement. And in fact, with any of what we're trying to do in 144 00:12:27,880 --> 00:12:32,829 this space, we need folks to come along and help us. We can't do it alone. We need 145 00:12:32,829 --> 00:12:39,180 to work together so that we can help one another when the digital winter comes. 146 00:12:39,180 --> 00:12:44,899 So the first freedom is simply the freedom from energy infrastructure. We know 147 00:12:44,899 --> 00:12:48,320 critical infrastructure is disturbingly vulnerable, that the security of it is 148 00:12:48,320 --> 00:12:52,170 quite bad. But also you have these like large centralized places that produce the 149 00:12:52,170 --> 00:12:56,700 energy that we need. And, you know, we see power cut offs in Venezuela and all of 150 00:12:56,700 --> 00:12:58,389 these sorts of things, regardless 151 00:12:58,389 --> 00:12:59,389 of who's actually doing it, whether it's sabotage or whether 152 00:12:59,389 --> 00:13:02,320 it was purposeful from the government, I don't know. It actually 153 00:13:02,320 --> 00:13:06,339 doesn't matter. The fact is, it happens. But also, of course, a natural disaster. 154 00:13:06,339 --> 00:13:10,310 Power goes out. Fortunately, this is actually one of the easiest things to 155 00:13:10,310 --> 00:13:15,430 solve. We just need to include some kind of alternative energy supply into the kind 156 00:13:15,430 --> 00:13:18,890 of devices that we're creating. So that could be solar panel on the back. Or you 157 00:13:18,890 --> 00:13:23,000 could have the you know, the Faraday, you know, you shake it like a martini kind of 158 00:13:23,000 --> 00:13:27,089 thing to generate power or both, whatever you feel like. Or if you can find a good 159 00:13:27,089 --> 00:13:31,470 supply of NASA radio, I hope then with generators, that would also be fantastic. 160 00:13:31,470 --> 00:13:35,490 And we'll keep you warm through the winter as well. But, you know, if anyone has a 161 00:13:35,490 --> 00:13:40,630 supply of those, let me know. I'd love to hear. So then the second freedom is 162 00:13:40,630 --> 00:13:43,760 actually quite similar to the first. It's the realization that we need energy to 163 00:13:43,760 --> 00:13:49,300 communicate in communications, to organize ourselves and be effective. And again, the 164 00:13:49,300 --> 00:13:53,660 communications infrastructure is in many ways that she even more fragile than the 165 00:13:53,660 --> 00:13:58,430 energy production. Infrastructure is much easier to guard a couple of power stations 166 00:13:58,430 --> 00:14:01,880 in a country than it is to guard every phone tower and all of the interconnecting 167 00:14:01,880 --> 00:14:06,050 links and all these sorts of things between them. As we said, communications 168 00:14:06,050 --> 00:14:11,779 depravation is already being weaponized against the vulnerable around us. Again, 169 00:14:11,779 --> 00:14:13,889 fortunate there's been a whole pile of work in the space of the previous work 170 00:14:13,889 --> 00:14:19,730 I've done with the serval mesh and freifunk. And a whole bunch of groups 171 00:14:19,730 --> 00:14:23,529 working on a whole bunch of different things in this kind of space for peer to 172 00:14:23,529 --> 00:14:28,620 peer secure, authenticated communications. So, yes, there's work to be done, but this 173 00:14:28,620 --> 00:14:32,240 is an area where there's actually already like the energy one. There's been quite a 174 00:14:32,240 --> 00:14:39,730 lot of work done that makes that quite feasible to work on. So then we start 175 00:14:39,730 --> 00:14:43,600 going into some of the the harder ones, we need to make sure that we are not 176 00:14:43,600 --> 00:14:50,380 dependent on, you know, the major vendors of our devices, when it comes to the 177 00:14:50,380 --> 00:14:53,800 security of our devices. So this starts with simple things like that the GPL 178 00:14:53,800 --> 00:14:58,680 provides. So, you know, full source code has to be available. But more than that, 179 00:14:58,680 --> 00:15:04,520 we actually have to make sure that we can actually exercise those rights in 180 00:15:04,520 --> 00:15:09,350 practice. So it needs to be simple enough that we can actually, you know, go right. 181 00:15:09,350 --> 00:15:13,310 Okay. There's a security vulnerability in such and such like you now. Yes. You were 182 00:15:13,310 --> 00:15:16,820 talking about earlier today with some of the bluetooth things. And then to actually 183 00:15:16,820 --> 00:15:21,790 be out to patch it yourself, it's quite obvious that this is not the case for 184 00:15:21,790 --> 00:15:26,130 whether it's firmware or whether it's the regular operating system on modern mobile 185 00:15:26,130 --> 00:15:30,970 phones. So who here is actually built Android from source themselves? Excellent. 186 00:15:30,970 --> 00:15:36,950 Expected to see a few folks here. Who has tried and gave up in disgust. Right. More 187 00:15:36,950 --> 00:15:41,529 hands? Yes. I myself was all like, you know, I work on the civil project and we 188 00:15:41,529 --> 00:15:45,100 do a whole pile of things and basically just know after spending a number of hours 189 00:15:45,100 --> 00:15:48,310 on, it just went like, you know, this is actually this is a lot of work for 190 00:15:48,310 --> 00:15:52,669 something that ought to be straightforward if we want to be out to make rapid 191 00:15:52,669 --> 00:15:58,290 progress. And so we want to have systems that are simple enough, we can patch. But 192 00:15:58,290 --> 00:16:01,290 in fact, there's another really key advantage, the simplicity that I'll 193 00:16:01,290 --> 00:16:05,920 probably come over a few times in this talk, and that is that simplicity reduces 194 00:16:05,920 --> 00:16:10,821 the attack surface. If we are in an asymmetric power environment, where there 195 00:16:10,821 --> 00:16:15,500 are whether they are state or non-state actors seeking to deprive vulnerable 196 00:16:15,500 --> 00:16:19,820 people of communications, they're going to have potentially the ability to put whole 197 00:16:19,820 --> 00:16:24,280 teams looking for vulnerabilities in software. In contrast, we might be lucky 198 00:16:24,280 --> 00:16:28,130 to have someone who's going to try and madly find when things are being exploited 199 00:16:28,130 --> 00:16:35,410 and to patch them. So we need to have ways around this kind of thing. And to my mind, 200 00:16:35,410 --> 00:16:38,460 reducing the attack surface is the only way that we can actually have any real 201 00:16:38,460 --> 00:16:47,880 hope of, you know, being at a keep up in that arms race of security. So Freedom #4 202 00:16:47,880 --> 00:16:50,940 is related to this previous one. Is actually saying not only do we want to be 203 00:16:50,940 --> 00:16:54,350 at a patch, where she wants to be at a change, enhance doing these things. And 204 00:16:54,350 --> 00:16:58,649 again, it comes back to the same basic need that the software is actually able to 205 00:16:58,649 --> 00:17:03,020 be compiled. And the hardware designs are simple enough that we can actually, you 206 00:17:03,020 --> 00:17:10,659 know, to work on these things so that we get not merely in theory have permission 207 00:17:10,659 --> 00:17:17,089 to innovate, but that it is in practice feasible to do so. And again, the simpler 208 00:17:17,089 --> 00:17:21,169 the system, the the the more probable it is that we can actually succeed in this 209 00:17:21,169 --> 00:17:28,830 kind of space. And then again, there's a lot of these are quite interrelated, 210 00:17:28,830 --> 00:17:30,112 that's part of why I say it would actually be 211 00:17:30,112 --> 00:17:32,120 great to get feedback on how we might 212 00:17:32,120 --> 00:17:34,870 restructure these to make the boundaries really clear 213 00:17:34,870 --> 00:17:37,508 between these freedoms that we need. 214 00:17:37,508 --> 00:17:41,789 So we need the freedom to maintain the devices for the long run. So 215 00:17:41,789 --> 00:17:47,710 who here has or has had a fair phone, for example? I love the fair phone by the way. 216 00:17:47,710 --> 00:17:53,750 A number of us. I've had one as well. And, you know, if you talk to the people at 217 00:17:53,750 --> 00:17:58,620 Faith, I think they have a team of a bunch of people just trying to maintain Android 218 00:17:58,620 --> 00:18:02,520 on the faire phone 2, for example. And also now on the faire phone 3 as it comes 219 00:18:02,520 --> 00:18:07,380 out. And this is actually really hard work. But again, the complexity and the 220 00:18:07,380 --> 00:18:11,660 barriers that are there, make it really difficult to be able to just keep the 221 00:18:11,660 --> 00:18:14,980 thing running with the same hardware little and each time you want to target 222 00:18:14,980 --> 00:18:19,710 new hardware with new capabilities. This is just going to be, you know, as a 223 00:18:19,710 --> 00:18:23,090 community, we can probably do one or two devices if we kind of all collected our 224 00:18:23,090 --> 00:18:27,790 effort. But to actually do it for, you know, devices that meet individual needs 225 00:18:27,790 --> 00:18:31,169 or, you know, appropriate for a particular area might have, as we say, a different 226 00:18:31,169 --> 00:18:34,980 energy source. So I might want to try putting, you know, some thermal electric 227 00:18:34,980 --> 00:18:39,809 thing or whatever that at the moment to do that with mobile phone hardware is just 228 00:18:39,809 --> 00:18:44,309 prohibitive in the complexity and the, you know, the resourcing and effort that it 229 00:18:44,309 --> 00:18:51,130 would require. So we need to find solutions around this. And then again, 230 00:18:51,130 --> 00:18:55,470 related to that, overall, we have this problem of scale dependency. I think this 231 00:18:55,470 --> 00:18:59,950 is one of the really key things at the moment to make a mobile phone. You need to 232 00:18:59,950 --> 00:19:03,539 have a big enough market and you'd have a big enough enterprise and enough capital 233 00:19:03,539 --> 00:19:07,340 and all of the rest of it to actually be had to go through the very expensive 234 00:19:07,340 --> 00:19:13,270 process of designing the thing, getting injection molding, tooling and all of that 235 00:19:13,270 --> 00:19:18,580 kind of thing made. That, you know, to do that for a modern phone. I suspect it's a 236 00:19:18,580 --> 00:19:23,809 few million euros to do it reasonably well. And if you did it on the cheap and 237 00:19:23,809 --> 00:19:30,270 skinny is probably still maybe something like a million euros to achieve. So we 238 00:19:30,270 --> 00:19:39,100 have to somehow break this down, to make it feasible to do. And as I said earlier, 239 00:19:39,100 --> 00:19:43,530 simplicity is a key theme to my mind, and it is the only way I think that we can 240 00:19:43,530 --> 00:19:46,490 actually do it. So we've already talked about the challenges of distributing an 241 00:19:46,490 --> 00:19:51,010 Android ROM, let alone modifying it to do new things in any kind of sophisticated 242 00:19:51,010 --> 00:19:54,870 way. And even if you do, the hardware is actually too complicated. And there's a 243 00:19:54,870 --> 00:19:58,490 whole pile of trust issues around the complicated hardware. If you can't 244 00:19:58,490 --> 00:20:02,130 understand something, by definition, it's a black box. And if it's a black box, by 245 00:20:02,130 --> 00:20:06,510 definition, you can't trust it. Because you don't know what's inside. So, you 246 00:20:06,510 --> 00:20:10,520 know, we we have this point again, the digital winter. You don't want any black 247 00:20:10,520 --> 00:20:15,970 boxes or if you do, you want them very carefully monitored and managed. And so 248 00:20:15,970 --> 00:20:19,799 the system has to be not simple enough to make once. It is simple enough that we can 249 00:20:19,799 --> 00:20:24,660 actually remake it again and again and again, as we have need. It's a bit like 250 00:20:24,660 --> 00:20:27,390 the difference between a chainsaw or an ax, right? If you want to be in a remote 251 00:20:27,390 --> 00:20:32,490 area and have to be self-sufficient. Much better to depend on ax to chop your wood, 252 00:20:32,490 --> 00:20:36,100 because if you need two, you can make a new handle for your ax. And you know, with 253 00:20:36,100 --> 00:20:39,951 a bit more effort, you could do some very simple metallurgy and, you know, metal 254 00:20:39,951 --> 00:20:43,919 smelting with iron ore. If you happen to be lucky enough to have an area or copper 255 00:20:43,919 --> 00:20:47,770 or whatever, it's going to be a much easier proposition than having to do that 256 00:20:47,770 --> 00:20:50,780 and then somehow make a fine machine tooling and making you chain parts and 257 00:20:50,780 --> 00:20:55,620 motor parts and all of this kind of thing. So it has to be if it is going to be 258 00:20:55,620 --> 00:20:59,640 resilient and survivable, it has to be simple enough that you actually can build 259 00:20:59,640 --> 00:21:03,180 it with relatively simple tools going forward. Electronics is going to be a big 260 00:21:03,180 --> 00:21:07,100 challenge in this area because, you know, you need to be PCV fabrication, you need 261 00:21:07,100 --> 00:21:11,059 to get components and things. But we have to try and reduce the barriers as much as 262 00:21:11,059 --> 00:21:14,650 we can, so that at least, for example, component scavenging, for example, might 263 00:21:14,650 --> 00:21:19,200 be an option. Or devices that will be available, because they're still needed by 264 00:21:19,200 --> 00:21:24,100 other industries that have more protection as we head into a digital winter 265 00:21:24,100 --> 00:21:31,450 environment that we can take and repurpose that kind of hardware. So that this kind 266 00:21:31,450 --> 00:21:36,470 of leads into this tension then of saying, okay, if we make something which is simple 267 00:21:36,470 --> 00:21:41,040 enough, we know we as a community, we only have limited resources available to us, to 268 00:21:41,040 --> 00:21:45,120 make this kind of resilient device. Do we make one or do we all kind of like run off 269 00:21:45,120 --> 00:21:52,659 and make different kind of things? And I think the you know, this is a tension. I'm 270 00:21:52,659 --> 00:21:57,370 not going to claim that. I know the absolute best setting for this. I think we 271 00:21:57,370 --> 00:22:02,000 need to have, as I say, kind of multiple germ lines so that if one system gets 272 00:22:02,000 --> 00:22:05,722 chronically critically broken or proves to be ineffective and that, you know, there 273 00:22:05,722 --> 00:22:09,500 are others kind of in the wing that can kind of fill that niche in the 274 00:22:09,500 --> 00:22:14,570 environment. But we don't have so many, that if you don't get anywhere. And so 275 00:22:14,570 --> 00:22:19,000 this is a bit tricky. My gut feeling is, you know, making a an initial device that 276 00:22:19,000 --> 00:22:22,020 can kind of demonstrate some of these kind of positive properties. And then so other 277 00:22:22,020 --> 00:22:23,980 people will look at and go like, well, that's really great. That's got us 278 00:22:23,980 --> 00:22:26,659 forward. But, you know, that was a really stupid design. I think this is a way 279 00:22:26,659 --> 00:22:30,450 better way to do it in the way, that we have that freedom in the open source 280 00:22:30,450 --> 00:22:36,440 community to do, is probably a pretty good way to do things. And I would say, we're 281 00:22:36,440 --> 00:22:41,220 not yet at the end point of that proof of concept, but we're trying to move things 282 00:22:41,220 --> 00:22:47,420 forward to that and that point. So, come actual to the the megaphone that we're 283 00:22:47,420 --> 00:22:53,659 trying to create. And so in terms of what we've actually set out to do for the goals 284 00:22:53,659 --> 00:22:57,521 and kind of the methodology, we want something, which is simple, secure, self- 285 00:22:57,521 --> 00:23:03,329 sufficient and survivable. A lot of the work that I do is, for example, with, you 286 00:23:03,329 --> 00:23:06,460 know, NGOs. We've worked with folks from Red Cross. We work with folks from 287 00:23:06,460 --> 00:23:11,490 the UN World Food Program, who part of the interestingly, are the distributors of 288 00:23:11,490 --> 00:23:15,990 communications in the UN cluster system for disasters. Because they kind of like 289 00:23:15,990 --> 00:23:19,210 hand out blankets and they hand out rice and things. Someone basically say to them, 290 00:23:19,210 --> 00:23:23,440 well, you should also be handing out the communications. And so that's just kind of 291 00:23:23,440 --> 00:23:28,799 how it's fell. And so, you know, in an easy way I do smartphony kind of things 292 00:23:28,799 --> 00:23:32,429 like would be great to have some navigation, it would be great to have in a 293 00:23:32,429 --> 00:23:35,610 disaster context, the ability to fill in forms on the screen with a touch screen 294 00:23:35,610 --> 00:23:40,390 and the rest of it and have the uplink through. So if you think, you know, an 295 00:23:40,390 --> 00:23:45,480 Ebola outbreak in Africa, for example, to be out a collect, you know that case 296 00:23:45,480 --> 00:23:48,690 information to track down the you know, the case zeros and. Kind of thing, you 297 00:23:48,690 --> 00:23:55,020 need communications that can work. Often these outbreaks happen in places where law 298 00:23:55,020 --> 00:23:58,850 and order and civil society is not really working. Because if it was, then they 299 00:23:58,850 --> 00:24:01,581 wouldn't have had the outbreak there, it would have been managed more effectively. 300 00:24:01,581 --> 00:24:07,070 And so you need this kind of, you know, dependable device that can work 301 00:24:07,070 --> 00:24:10,730 independent of everything else that's going on. And that might have to do 302 00:24:10,730 --> 00:24:14,120 software updates, for example, over a really expensive narrowband satellite link 303 00:24:14,120 --> 00:24:19,000 that might be, you know, tens of bytes per second or less. So that was kind of some 304 00:24:19,000 --> 00:24:26,159 of the, you know, the motivation around this to create it. And it separately have 305 00:24:26,159 --> 00:24:32,250 been working on the Mega 65 project for a couple of years at that point. And it just 306 00:24:32,250 --> 00:24:36,150 kind of dawned on me that actually this simple 8 bit architecture is 307 00:24:36,150 --> 00:24:40,610 powerful enough to actually be useful to do some things. Math kind of, you know, 308 00:24:40,610 --> 00:24:44,830 well, you're doing this. You know, the fun proof of, you know, proof by example, 309 00:24:44,830 --> 00:24:49,770 really, of delivering the slides with this machine to show. that you can do useful 310 00:24:49,770 --> 00:24:53,380 things if you write the code carefully and carefully written code is more likely 311 00:24:53,380 --> 00:24:59,700 to be verifiable and secure. And it's probably I don't think you can get any 312 00:24:59,700 --> 00:25:03,440 simpler than an eight bit system and still be useful like I don't think we want to be 313 00:25:03,440 --> 00:25:09,659 trying to use an Intel 4004 derived 4 Bit CPU to do things. Boeing's if 314 00:25:09,659 --> 00:25:13,010 someone can find a way to do something with a system that's that simple and they 315 00:25:13,010 --> 00:25:17,210 can still do everything we need and it makes it even easier to verify. Fantastic. 316 00:25:17,210 --> 00:25:21,169 My gut feeling is it would actually be worse on every point, because the amount 317 00:25:21,169 --> 00:25:24,900 of work that you would have to do to do each useful thing, you end up with code 318 00:25:24,900 --> 00:25:29,799 which is actually larger in size. That I think, my feeling is that the 8 Bit 319 00:25:29,799 --> 00:25:33,133 architecture is about that sweet point. And so anyway, so as a result of the 320 00:25:33,133 --> 00:25:40,256 Mega 65 work, it's based directly on that. So the the phone actually is a Mega 65 321 00:25:40,256 --> 00:25:48,600 importable form and will show that in a little bit. And so we're getting towards 322 00:25:48,600 --> 00:25:52,309 that kind of proof of concept stage. So we had the first phone calls back in Linuxconf. 323 00:25:52,309 --> 00:25:55,741 So if you kind of dig back through this, the the video of that talk where with a 324 00:25:55,741 --> 00:26:00,809 much earlier prototype, we actually had people calling the machine, which is quite 325 00:26:00,809 --> 00:26:06,580 fun. And I took a little bit later as well about the some of the audio part kind of 326 00:26:06,580 --> 00:26:10,570 issues around that. So let's look at those six freedoms again now, and what we're 327 00:26:10,570 --> 00:26:14,809 trying to do with the megaphone. So energy independence. The first thing is we've got 328 00:26:14,809 --> 00:26:18,760 a filthy, great big battery. I hate it when phones go flat. And when you're in a 329 00:26:18,760 --> 00:26:21,670 disaster zone or these kind of vulnerable situations, you really don't want it going 330 00:26:21,670 --> 00:26:26,520 flat at the wrong time. So we've put a 32 watt our lithium ion phosphate battery 331 00:26:26,520 --> 00:26:31,679 that should have 2000 full charge cycles in there. The device is about the size of 332 00:26:31,679 --> 00:26:35,790 an intended switch in terms of surface area. So putting high performance solar 333 00:26:35,790 --> 00:26:39,400 cells like you would put on the solar racing car or on your roof, we can 334 00:26:39,400 --> 00:26:44,220 probably get about seven watts with that. And if you do the kind of math that's, you 335 00:26:44,220 --> 00:26:52,130 know, four or so hours of charge time, but we know in reality that the, you know, the 336 00:26:52,130 --> 00:26:55,830 solar environment will often be much worse than that. It might be only 10 percent of 337 00:26:55,830 --> 00:26:59,620 what it to be 1 percent of that if you're talking about these kinds of latitudes 338 00:26:59,620 --> 00:27:04,210 under cloudy conditions. And so you really want to have the big battery and as big a 339 00:27:04,210 --> 00:27:07,720 solar panel as you can and you want the power consumption to be as low as 340 00:27:07,720 --> 00:27:12,890 possible. So we've got CPO data to candlelight little teeny tiny FPGAs, 341 00:27:12,890 --> 00:27:16,050 that are managing the whole power environment and wake up the main FPGA only 342 00:27:16,050 --> 00:27:20,419 when something important needs to happen. So we believe with 32 watt hours, we 343 00:27:20,419 --> 00:27:25,860 should be out to get about a thousand hours standby with a 4G off the shelf 344 00:27:25,860 --> 00:27:29,990 cellular modem. And that's, you know, assuming the solar panel was actually, you 345 00:27:29,990 --> 00:27:35,330 know, like, you know, in a black box, even the light here, if we had the solar, the 346 00:27:35,330 --> 00:27:40,020 seven watt solar panel would have a sunny side up and we would be able to maintain 347 00:27:40,020 --> 00:27:43,560 charge indefinitely on the device, because we only need to have about 8 Milli 348 00:27:43,560 --> 00:27:49,880 Watts coming in. So we're talking about one one thousandth of the capacity of the 349 00:27:49,880 --> 00:27:56,590 solar panel. OK. So if a communications for independence, we really want as many 350 00:27:56,590 --> 00:28:00,600 possible ways to communicate as we can and the naughty little things that we can't 351 00:28:00,600 --> 00:28:05,480 trust, in particular the cellular modem, we want to have a sandbox and quarantined 352 00:28:05,480 --> 00:28:09,450 so that it can't spread its naughty plague of whatever vulnerabilities it has in 353 00:28:09,450 --> 00:28:13,360 there. Again, there are black box. We can't trust them. They're too hard for us 354 00:28:13,360 --> 00:28:16,960 to implement. So this is kind of a decision that we've taken. We'd much 355 00:28:16,960 --> 00:28:21,200 rather have a fully open 4G modem and if someone makes one fantastic, 356 00:28:21,200 --> 00:28:22,740 will incorporate it straight in. 357 00:28:22,740 --> 00:28:24,870 Right. because the systemis designed to be 358 00:28:24,870 --> 00:28:26,760 easy to change. But in the meantime, 359 00:28:26,760 --> 00:28:29,250 we have to kind of deal with what there is. The great thing is that 360 00:28:29,250 --> 00:28:34,039 these m.2 cellular modems are used in vending machines, in cars, in all sorts 361 00:28:34,039 --> 00:28:37,360 of things. So they're just the common eyes. Again, if he had to scavenge them in 362 00:28:37,360 --> 00:28:41,850 the future. This would be quite feasible and also means, we can upgrade. So we have 363 00:28:41,850 --> 00:28:47,049 two of these slots, so we could actually have a dual 5G Commodore 64 so that, you 364 00:28:47,049 --> 00:28:49,640 know, because he wants to light weight extra time 365 00:28:49,640 --> 00:28:51,050 when you're downloading your games, right? 366 00:28:51,050 --> 00:28:54,000 And 40 kilobytes can take a long time to download. I've only got one 367 00:28:54,000 --> 00:28:58,600 5G link, right? We have two of them so we can do it in parallel. Because he was to 368 00:28:58,600 --> 00:29:02,690 more than about, you know, four milliseconds to download new software and 369 00:29:02,690 --> 00:29:07,970 again, limited communications availability in these kind of oppressive environments. 370 00:29:07,970 --> 00:29:12,190 This is actually key. You might only have short communications window. So while it 371 00:29:12,190 --> 00:29:16,450 is a little bit tongue in cheek, it's not entirely. And of course, with several 372 00:29:16,450 --> 00:29:20,770 mesh, we've been doing, you know, UHF? packet radio. So we've put in try band 373 00:29:20,770 --> 00:29:25,882 Laura compatible radios in there. Not Laura when we're doing it fully. We're 374 00:29:25,882 --> 00:29:29,779 just sending out radio packets and listening in with the modules. We've also 375 00:29:29,779 --> 00:29:34,800 got ESP 1, 266 Wi-Fi and some Bluetooth in there. So that's some other potential 376 00:29:34,800 --> 00:29:38,210 options. Acoustic networking. So we've got 4 microphones that are directly 377 00:29:38,210 --> 00:29:42,140 connected to our FPGA so we can do crazy signal processing on that. And we've got a 378 00:29:42,140 --> 00:29:46,950 nice loud speaker that should work up into the ultrasonic range so we could even have 379 00:29:46,950 --> 00:29:51,370 quite decent communications over, you know, 10 or so meters in the acoustic 380 00:29:51,370 --> 00:29:55,289 band. And there's a crazy bunch. And I've forgotten the name of the research group 381 00:29:55,289 --> 00:30:02,170 that do air gap jumping. And they've done some quite crazy things with acoustics 382 00:30:02,170 --> 00:30:06,200 with the live your headphones plugged into your computer on your desk in a headphone 383 00:30:06,200 --> 00:30:10,059 jack. You can software reconfigure that and make that that's a speaker and 384 00:30:10,059 --> 00:30:14,980 microphone. There's anyone that's interested in a hall after. And we can 385 00:30:14,980 --> 00:30:19,080 have a look and try and find the link for you. We've also got infrared LED. And so 386 00:30:19,080 --> 00:30:24,340 the idea with all of these kind of things and whatever else you can kind of do, is 387 00:30:24,340 --> 00:30:28,870 that it should be really hard for an adversary to actually jam all of these 388 00:30:28,870 --> 00:30:33,830 things at the same time. You know, you might be able to do broadband RF jamming, 389 00:30:33,830 --> 00:30:38,270 but that's not going to stop the acoustics or the LED. And even if you can kind of 390 00:30:38,270 --> 00:30:41,690 make a lot of noise, it's gonna be really hard to block the LED, if people are kind 391 00:30:41,690 --> 00:30:47,750 of holding the devices near one another to do delay tolerant transfer. And of course, 392 00:30:47,750 --> 00:30:51,289 any other crazy things that people come up with. Again, a simple system design that 393 00:30:51,289 --> 00:30:57,679 you can extend it easily yourself. OK. Security independence. So the operating 394 00:30:57,679 --> 00:31:01,380 system runs in a little bit CPU, which is basically a slightly enhanced version of 395 00:31:01,380 --> 00:31:07,409 the Commodore 64 CPU. It has a a bit hypervisor, which is 16 kilobytes inside 396 00:31:07,409 --> 00:31:12,700 hardware limitation, because we don't want it getting bigger. If it gets 16K then 397 00:31:12,700 --> 00:31:15,230 you have to throw some other things out and right. What does it actually really 398 00:31:15,230 --> 00:31:18,720 need to do so, that you still have a system which is actually much more 399 00:31:18,720 --> 00:31:22,940 verifiable. And this kind of small software, it should be quite possible on 400 00:31:22,940 --> 00:31:26,840 this machine to run a simple C compiler, for example, to we had to compile the 401 00:31:26,840 --> 00:31:30,409 software that is actually running the core operating system, so we can have 402 00:31:30,409 --> 00:31:34,720 that whole complete offgrid operation. We've really talked a little bit about having 403 00:31:34,720 --> 00:31:39,780 the untrusted components fully sandboxed. So for example, cellular modems only have 404 00:31:39,780 --> 00:31:45,320 a 80 command serial interface to the rest of the system. And so this is going to 405 00:31:45,320 --> 00:31:47,110 make it much harder for an adversary to work 406 00:31:47,110 --> 00:31:48,570 out how with a fully compromised cellular 407 00:31:48,570 --> 00:31:52,049 modem, you can compromise the rest of the system by giving presumably 408 00:31:52,049 --> 00:31:56,250 bogus responses to 80 command requests. And because we know that's where the 409 00:31:56,250 --> 00:32:00,160 vulnerable point is, we can put a lot of effort in our software to really 410 00:32:00,160 --> 00:32:04,289 interrogate the command response to the coming back and no look for any QIT 411 00:32:04,289 --> 00:32:08,160 command responses within a semicolon, drop tables and all the rest of it in there. It 412 00:32:08,160 --> 00:32:13,220 should be pretty straightforward to pick up. So we also have an integrated hardware 413 00:32:13,220 --> 00:32:17,970 in sufferance inspectors, so that you can real time verify. It is a little bit fun. 414 00:32:17,970 --> 00:32:22,720 So I can hit mega tab and we call it matrix mode for good reason. So the system 415 00:32:22,720 --> 00:32:26,060 is still running in the background. So the slides are still there. So I can go back 416 00:32:26,060 --> 00:32:35,769 to the previous slow, I begin to say, it was a joystick actually when I'm in there. 417 00:32:35,769 --> 00:32:43,300 Yes, they you go. Or file a bug for that, but we can, if I go back into it, we can 418 00:32:43,300 --> 00:32:49,510 look at all of memory in real time. So if you are truly paranoid and you are about 419 00:32:49,510 --> 00:32:53,364 to, for example, do some encrypted email on your, you know, digitally sovereign 420 00:32:53,364 --> 00:32:57,960 device. You could actually go into this, stop the CPU and then inspect every byte 421 00:32:57,960 --> 00:33:02,650 of memory and compare it to your physical printout of the, you know, 30 or 40 422 00:33:02,650 --> 00:33:06,919 kilobytes of your software. Or you might every time he might do, you know, half a 423 00:33:06,919 --> 00:33:10,970 kilobyte or something, right?! And verify it so that progressively over time, you've 424 00:33:10,970 --> 00:33:15,380 actually verified that the system is always byte identical. At that point in 425 00:33:15,380 --> 00:33:18,659 time to what it should be doing. And again, the simplicity, we only have one 426 00:33:18,659 --> 00:33:23,919 program running at a time. So, you know, you know exactly what the system is doing. 427 00:33:23,919 --> 00:33:27,929 And we can tasks which we got a built in phrase constantly if I press the restore 428 00:33:27,929 --> 00:33:32,809 key. Anyone who's used a Commodore 64 and with an action replay will probably 429 00:33:32,809 --> 00:33:36,850 recognize the inspired format. And so that's our program. They're running with 430 00:33:36,850 --> 00:33:39,620 hardware, thumbnail, generation of colors, a bit wrong. We need to fix that. But, you 431 00:33:39,620 --> 00:33:44,779 know, we've got other software that we've had running on it. And so if we wanted to, 432 00:33:44,779 --> 00:33:52,211 you know, break up the presentation with a quick game of Gyruss, for example. We can 433 00:33:52,211 --> 00:33:56,300 do that. I need to switch the joystick. What I can do that in here as well. Jay. 434 00:33:56,300 --> 00:33:58,770 *silence* 435 00:33:58,770 --> 00:34:00,000 *retro music* 436 00:34:00,000 --> 00:34:05,519 You know, if we wanted to, we can do that. And then we can go back and, you know, 437 00:34:05,519 --> 00:34:09,330 pretend that we weren't doing anything naughty at all. And of course, I forgot to 438 00:34:09,330 --> 00:34:12,569 save what I was doing first, right. So I have to load the program again. So that's 439 00:34:12,569 --> 00:34:17,909 my bad. That's right. Because reboot time is about two seconds. 440 00:34:17,909 --> 00:34:36,879 *typing commands* 441 00:34:36,879 --> 00:34:39,960 So the worst part now is that we actually we haven't got a command to jumped through 442 00:34:39,960 --> 00:34:44,129 the slides and so it actually takes a little bit of time to render each slide as 443 00:34:44,129 --> 00:34:50,800 we go through. So that that's my punishment for not saving first. 444 00:34:50,800 --> 00:34:55,669 But see what we might do. We'll skip that for the moment. And I'm kind of at the right point 445 00:34:55,669 --> 00:35:01,480 anyway to talk about it, which is the audio powers and a mobile phone. This is a 446 00:35:01,480 --> 00:35:07,920 really important area to protect. So, so important, that is the only diagram that 447 00:35:07,920 --> 00:35:13,690 I've put an entire presentation. So at the top we have a normal mobile phone. So 448 00:35:13,690 --> 00:35:17,050 basically what we see is that the untrustable cellular modem is not merely 449 00:35:17,050 --> 00:35:21,190 on trustable. It's like an evil squid that has tentacles at reach into every part of 450 00:35:21,190 --> 00:35:25,280 your mobile phone that you really don't want it getting into. So it has the direct 451 00:35:25,280 --> 00:35:29,421 connection to your microphone and speaker. The normal CPU in your mobile phone 452 00:35:29,421 --> 00:35:34,200 usually has to say pretty please, oh untrustable, completely untrustworthy 453 00:35:34,200 --> 00:35:37,760 cellular modem. May I please have something which you're going to tell me is 454 00:35:37,760 --> 00:35:41,510 the audio that's coming in through the microphone? Whether or not it's actually 455 00:35:41,510 --> 00:35:44,160 the audio or not, there's a whole separate thing. It might be doing all manner of 456 00:35:44,160 --> 00:35:46,930 crazy things first, because you can't tell because it's a big fat black box in the 457 00:35:46,930 --> 00:35:51,340 way. And then just to make sure that the you know, it can fully compromise, what 458 00:35:51,340 --> 00:35:54,750 you're doing often is on the same memory bus. And so, you know, you might go, oh, 459 00:35:54,750 --> 00:35:58,270 I'm being all secret squirrel from the cellular modem and asking you anything. 460 00:35:58,270 --> 00:36:01,190 And it's just quietly lifting the covers and looking at what you got under there 461 00:36:01,190 --> 00:36:04,596 going like, oh, no, no, that bites wrong. You really want that value in that bite. 462 00:36:04,596 --> 00:36:08,250 And likewise, the RAM and the storage. So, you know, the cellular modem can totally 463 00:36:08,250 --> 00:36:12,966 compromise your bootloader and all of that kind of stuff along the way. Let's just 464 00:36:12,966 --> 00:36:17,570 say that that's not really a very survivable model or a very resilient model 465 00:36:17,570 --> 00:36:21,430 or a very secure model for a phone. So we have instead is that we've 466 00:36:21,430 --> 00:36:26,540 basically put the fully untranslatable thing completely out in its own little tiny 467 00:36:26,540 --> 00:36:30,250 shed. We've got the tin can and string between us and it with a very controlled 468 00:36:30,250 --> 00:36:33,490 interface and the microphone and speaker, thank you very much, are directly 469 00:36:33,490 --> 00:36:37,930 connected to our FPGA. So we can do encryption at the microphone and 470 00:36:37,930 --> 00:36:42,380 decryption at the speaker. The storage is secure, so we could even have massive one 471 00:36:42,380 --> 00:36:48,370 time pad. So we could actually do sig sally style provably secure communications 472 00:36:48,370 --> 00:36:55,800 over distance. If you can set up the key material beforehand for one time pad. So 473 00:36:55,800 --> 00:37:01,280 it's a radically different approach to what we see with devices out there at the 474 00:37:01,280 --> 00:37:29,050 moment. So we'll just get the the last few slides up in. Oh, no, for CONAN. Whoops. So 475 00:37:29,050 --> 00:37:34,466 even simple software can have bugs. This is why we need many eyes. Think of a load. 476 00:37:34,466 --> 00:37:38,609 This one first. Yep. And now I can load the other one because it just hadn't 477 00:37:38,609 --> 00:37:53,490 loaded the fonts in. Yeah. Cool. It's coming. Yeah. You could even use the 478 00:37:53,490 --> 00:38:03,079 joystick to move read and the text if you want to. Okay, so if we think then about 479 00:38:03,079 --> 00:38:09,450 this whole, you know, like what are we actually trying to achieve around this and 480 00:38:09,450 --> 00:38:14,400 what are some of the things that we need in the, in the. The Commodore derived 8 bit 481 00:38:14,400 --> 00:38:17,670 platform to us has a whole pile of advantages as the basis for doing this. 482 00:38:17,670 --> 00:38:20,119 Now, we could have done it with a completely different platform. You'll like 483 00:38:20,119 --> 00:38:23,980 some would think like RISC-V, for example, is a nice open platform. Could be an idea. 484 00:38:23,980 --> 00:38:27,450 Might it be that the RISC-V CPU was actually still too complicated to actually 485 00:38:27,450 --> 00:38:30,700 verify and trust yourself is my kind of view, but I'm really happy that other 486 00:38:30,700 --> 00:38:33,970 people might disagree with me. Again, multiple germ lines, totally different 487 00:38:33,970 --> 00:38:38,500 ways of doing things, and at least one of them keeps working at any point in time 488 00:38:38,500 --> 00:38:42,950 would be really, really good. You're kind of combination things as well. So one of 489 00:38:42,950 --> 00:38:45,839 the things that we're looking at is having, for example, a Raspberry Pi 490 00:38:45,839 --> 00:38:49,041 running the PI port of Android that somebody else maintains. I don't have to 491 00:38:49,041 --> 00:38:53,890 do it. And then having the 8 bit layer actually visualizing all of the IO around 492 00:38:53,890 --> 00:38:57,750 that, including access to the SD card storage, including access to the screen. 493 00:38:57,750 --> 00:39:00,890 And as that, she also makes it possible for us to work to make custom mobile 494 00:39:00,890 --> 00:39:05,210 devices for people living with disability. And actually some of the Android again is 495 00:39:05,210 --> 00:39:07,970 easy to maintain because we don't even have to recompile it. We can just get the 496 00:39:07,970 --> 00:39:11,260 standard version and then make it think it's got a normal touchscreen when in 497 00:39:11,260 --> 00:39:15,650 actual fact it might have some completely different input method going on. So 498 00:39:15,650 --> 00:39:19,590 there's a bunch of advantages. I've run out of the official time that have a lot 499 00:39:19,590 --> 00:39:24,990 of so I quickly go through and it will go into the questions. So the platform is 500 00:39:24,990 --> 00:39:28,630 really well documented. So there's another whole pile of tools and everything 501 00:39:28,630 --> 00:39:32,950 programing languages. So this is pretty straightforward to go through. We've 502 00:39:32,950 --> 00:39:36,440 already talked about capability maintenance again. So that is actually 503 00:39:36,440 --> 00:39:40,080 another key point: Making the hardware big actually is a massive advantage because 504 00:39:40,080 --> 00:39:44,869 then we can do normal PCP fabrication. We don't have to be any BGA parts placement, 505 00:39:44,869 --> 00:39:47,500 which is a real pain to do in your home oven, it is possible, but you don't want 506 00:39:47,500 --> 00:39:52,550 to have to work to learn how to do it in digital winter. And yet it's largely this 507 00:39:52,550 --> 00:39:57,200 kind of similar size to existing kind of devices out there. There's a bunch of 508 00:39:57,200 --> 00:40:01,520 advantages with that. There's a whole pile of different things that we really would 509 00:40:01,520 --> 00:40:06,240 like some folks to help us with to try and get this finished and out there for people 510 00:40:06,240 --> 00:40:10,970 to try out and to, you know, we had a mature it and make it work. So it doesn't 511 00:40:10,970 --> 00:40:14,430 matter whether you have a programmable 8 bit computer I've ever done any FPGA work or 512 00:40:14,430 --> 00:40:20,900 PCB work or whatever. You know, there's lots of space for people to join in what 513 00:40:20,900 --> 00:40:24,270 is quite, we think is actually both an important and actually a really fun and 514 00:40:24,270 --> 00:40:29,750 enjoyable project to work on. And so really just want to finish. But she said 515 00:40:29,750 --> 00:40:34,420 that I think it is a thinking about this talk and preparing for it. I think 516 00:40:34,420 --> 00:40:38,830 actually, it is a call to action. You know, the digital autumn has begun. 517 00:40:38,830 --> 00:40:42,270 Digital winter is on its way. We don't know when it's going to come. And it might 518 00:40:42,270 --> 00:40:47,140 come a lot quicker, than we would really like it to come, you know? Myself and the 519 00:40:47,140 --> 00:40:49,869 people who are already working on the project, we can't do everything alone. 520 00:40:49,869 --> 00:40:54,760 We're doing what we can. We going to try to organize another event in early April 521 00:40:54,760 --> 00:40:59,680 up in Berlin. But there's no need to wait for that to get involved. You know, we'll 522 00:40:59,680 --> 00:41:04,530 be around at the vintage computer area. If anyone wants to come and have a look or 523 00:41:04,530 --> 00:41:08,240 ask anything about how you might get involved or just play around with the 524 00:41:08,240 --> 00:41:16,300 platform, it's quite fun to use. Oups. And yeah, we'll leave it at that point. So any 525 00:41:16,300 --> 00:41:18,650 questions would be really welcome. 526 00:41:18,650 --> 00:41:24,270 *applause* 527 00:41:24,270 --> 00:41:29,800 Herald: That was incredible. You have the best present and set up that I've ever 528 00:41:29,800 --> 00:41:31,980 seen. PGS: *Laughing* Thank you. 529 00:41:31,980 --> 00:41:35,410 Herald: That joistick is amazing. *Applause* 530 00:41:35,410 --> 00:41:38,200 PGS: The joystick is also open source hardware. I can give you the plans to make 531 00:41:38,200 --> 00:41:41,970 one of those you sell from from parts. It's the spare joystick part through 532 00:41:41,970 --> 00:41:45,910 arcade games basically. Herald: Yes, please. OK. We're 533 00:41:45,910 --> 00:41:51,010 taking questions. I remind you, we have six microphones in the audience. We also 534 00:41:51,010 --> 00:41:56,050 have the amazing signal angel that's going to relay questions from the Internet. And 535 00:41:56,050 --> 00:42:00,230 we're going to take one right now. Signal-angel: Okay. So you already talked 536 00:42:00,230 --> 00:42:06,660 about some events, but maybe can you bit more elaborate on how you're planning to 537 00:42:06,660 --> 00:42:10,410 involve the community? PGS: Okay. So how we gonna involve the 538 00:42:10,410 --> 00:42:14,620 community? Basically, anyway, the community would like to be involved. The 539 00:42:14,620 --> 00:42:17,732 moment in terms of with the phone as myself and kind of the work at a 540 00:42:17,732 --> 00:42:22,829 university and we have kind of a couple of part time students working on things. So 541 00:42:22,829 --> 00:42:27,579 the bus number is disturbingly near one at the moment. So there's ample scope to 542 00:42:27,579 --> 00:42:32,160 help. We've got a few other people who are helping with the Mega 65 project itself. 543 00:42:32,160 --> 00:42:36,440 And so there is obviously this crossover in that. But what would be really great 544 00:42:36,440 --> 00:42:39,100 would be to find, for example, a couple of people who are willing to work on 545 00:42:39,100 --> 00:42:42,960 software, primarily coding and C. You don't even have to know any 65 to 546 00:42:42,960 --> 00:42:46,370 assembler to begin with, to do things like, you know, finishing off the dialer 547 00:42:46,370 --> 00:42:50,090 software and things that we demonstrated back in January and get it all working, so 548 00:42:50,090 --> 00:42:54,070 we can actually walk around with a pair of large plastic bricks by our heads, talking 549 00:42:54,070 --> 00:42:58,410 on the phones that we've actually created. That would be a really great way to work, 550 00:42:58,410 --> 00:43:02,550 to get some initial forward movement. And then things like case design, there's a 551 00:43:02,550 --> 00:43:06,240 whole bunch of stuff that, you know, we'd welcome involvement on. 552 00:43:06,240 --> 00:43:12,329 Herald: Thank you. Do we have more from the Signal Angels? Yes, we do. 553 00:43:12,329 --> 00:43:18,690 Signal-Angel: So, okay, um, there's a question when a prototype will be 554 00:43:18,690 --> 00:43:21,880 available. PGS: Okay. When a prototype would be 555 00:43:21,880 --> 00:43:27,530 available, I'm happy to give out blank PCBs or post them to people. I've 556 00:43:27,530 --> 00:43:30,710 got actually packed them with me. We've got looking at the next prototype is 557 00:43:30,710 --> 00:43:36,780 actually being built at the moment. So, you know, these can be built for about 400 558 00:43:36,780 --> 00:43:41,140 euros at the moment. So you can buy like five of these instead of an iPhone. Right? 559 00:43:41,140 --> 00:43:45,960 So it's already it's it's economically survivable as well in comparison. 560 00:43:45,960 --> 00:43:48,920 Essentially, it's one of the really quite funny things that we kind of making isn't 561 00:43:48,920 --> 00:43:53,810 going like a few person years of effort. And we can already make a mobile phone 562 00:43:53,810 --> 00:43:57,500 case, not a small and ch'mic, but it's got a joystick port. Right. Does your iPhone 563 00:43:57,500 --> 00:44:02,660 have a joystick port? So, you know, it's it's amazing. We've actually been able to 564 00:44:02,660 --> 00:44:07,220 do quite quickly. So, it's the kind of project where we do have people kind of 565 00:44:07,220 --> 00:44:11,420 come in to help us. You know, I think like, you know, by next Congress, we ought 566 00:44:11,420 --> 00:44:15,630 to have people running around with megaphones and being able to communicate 567 00:44:15,630 --> 00:44:19,800 in fun an independent kind of ways. So, yeah. 568 00:44:19,800 --> 00:44:25,700 Herald: Thank you. Microphone one, please. Mic 1: Thanks for a cool talk. And I have 569 00:44:25,700 --> 00:44:29,840 another question because you want to reduce black boxes. But what about 570 00:44:29,840 --> 00:44:34,710 encryption? Because it's really complex. And how do you plan to reduce this black 571 00:44:34,710 --> 00:44:38,329 box? PGS: Ah okay. So an excellent question. So 572 00:44:38,329 --> 00:44:42,670 the best encryption there is, is actually the simplest. It's called one time pad. So 573 00:44:42,670 --> 00:44:46,290 if you can actually meet with people. So again, we're talking about focusing on 574 00:44:46,290 --> 00:44:49,730 supporting local communities in one another. If you get your megaphone on the 575 00:44:49,730 --> 00:44:52,530 other person's megaphone and you come in infrared range, for example, and then you 576 00:44:52,530 --> 00:44:55,510 shake them like martinis to generate some random data and you do that 577 00:44:55,510 --> 00:44:59,280 until you've decided you've got enough one time pad and that one time pad is secure 578 00:44:59,280 --> 00:45:04,540 enough in your device, then actually like xor is pretty easy to debug. Right? 579 00:45:04,540 --> 00:45:07,910 Herald: Thank you. Microphone number three. 580 00:45:07,910 --> 00:45:14,660 Mic 3: So you talked about the form factor right now being Nintendo's switch. 581 00:45:14,660 --> 00:45:17,140 PGS: Yeah. Mic 3:Do you have plans on going smaller 582 00:45:17,140 --> 00:45:19,866 than that? More like a classic mobile phone? 583 00:45:19,866 --> 00:45:22,150 PGS: Yeah, I think it's actually quite possible. So the. 584 00:45:22,150 --> 00:45:26,120 So this is if you like, that the first version is this one. You 585 00:45:26,120 --> 00:45:30,420 can see it's about five centimeters thick. The second one, we think we can get down 586 00:45:30,420 --> 00:45:34,900 to about four centimeters thick, but it's otherwise the same size as PCB. We've got 587 00:45:34,900 --> 00:45:37,480 a student amount is going to try and work on making one that's about the size of 588 00:45:37,480 --> 00:45:42,331 only the screen, still probably about four centimeters thick. And we think that 589 00:45:42,331 --> 00:45:46,191 that's going to be quiet. It's the PCB layout. He's basically been cursing me for 590 00:45:46,191 --> 00:45:49,270 the last three months to try and get all the trucks routing without it needing to 591 00:45:49,270 --> 00:45:55,490 be a 15 layer sponge torte kind of PCB, but that should be quite possible to do it 592 00:45:55,490 --> 00:45:58,410 again. That's the kind of thing. Once you've got a working prototype, then the 593 00:45:58,410 --> 00:46:02,581 people, you're like, okay, we're going to be on the miniaturization team, too. And 594 00:46:02,581 --> 00:46:06,869 part of me try and make something which is even smaller. But, you know, there's 595 00:46:06,869 --> 00:46:09,560 always tradeoffs in these things. Again, the smaller you make it, the less solar 596 00:46:09,560 --> 00:46:12,800 panel you can have on the back. So that's kind of these things. It's only trying to 597 00:46:12,800 --> 00:46:15,920 make it as thin as we can. I think it makes a whole pile of sense. 598 00:46:15,920 --> 00:46:20,329 Herald: Honestly, you can make it smaller, but I don't think you should. Because when 599 00:46:20,329 --> 00:46:24,430 the zombie apocalypse happens, it's a communication to the weapon. 600 00:46:24,430 --> 00:46:29,609 PGS: Yeah. And it's less. Right. It's kind of, you know. Exactly. We can use a full 601 00:46:29,609 --> 00:46:32,550 sized one as well. Right. I've kind of got, you know, quite a nice solid metal 602 00:46:32,550 --> 00:46:38,390 keyboard in there as well. Herald: A question from the Internet, 603 00:46:38,390 --> 00:46:45,750 please show. Signal-Angel: So what do you think about 604 00:46:45,750 --> 00:46:48,630 the open moko phone? PGS: The Openmoko phone? I'll try. 605 00:46:48,630 --> 00:46:53,900 Remember the details about those and the whole again. Everything that's being done 606 00:46:53,900 --> 00:47:00,010 on all of these fronts to make fully open devices with a few black boxes as possible 607 00:47:00,010 --> 00:47:05,530 is fantastic. So as I say, open moko can make an M.2 form factor cellular 608 00:47:05,530 --> 00:47:10,540 modem that we can put in the megaphone. I would be so, so happy. But we can do a 609 00:47:10,540 --> 00:47:13,709 whole pile of stuff, while we are waiting for that to happen? 610 00:47:13,709 --> 00:47:18,900 Herald: Thank you. We actually had a talk yesterday about from one of the people 611 00:47:18,900 --> 00:47:26,069 behind the Openmoko. So you can watch the recording if you want. Next question, 612 00:47:26,069 --> 00:47:29,300 microphone one. Mic 1: Sure. Thank you for the great talk. 613 00:47:29,300 --> 00:47:35,000 I was interested in the Mega 65 itself. Is that available? Can can, is it sold? 614 00:47:35,000 --> 00:47:38,580 PGS: Yes, it's all okay. So the two most common questions, We have about the mega 615 00:47:38,580 --> 00:47:44,670 65 is can I buy one now and how much does it cost? Unfortunately, the answer to both 616 00:47:44,670 --> 00:47:48,540 of those is we don't yet know exactly. It'll be a three digit number in euros for 617 00:47:48,540 --> 00:47:54,750 the price. This is pretty certain. But at the moment, our big challenge is we. This 618 00:47:54,750 --> 00:47:59,819 one is it's a prototype made with the vacuum for molding. So each case cost 619 00:47:59,819 --> 00:48:05,510 upwards of 500 euros for the case. This is not really sustainable. So we know we need 620 00:48:05,510 --> 00:48:11,930 to make injection molding tooling for that. And so the guys from the German part 621 00:48:11,930 --> 00:48:16,620 of the mega 65 team are running a fund raiser, just a little bit careful that 622 00:48:16,620 --> 00:48:21,350 Australian law for fundraising is a bit weird. So I am not doing any fund raising. 623 00:48:21,350 --> 00:48:25,020 Some people here in Germany are doing some fund raising to try and raise the money 624 00:48:25,020 --> 00:48:28,080 for the mall. If you look at mega65.org, you can find out what they're doing in 625 00:48:28,080 --> 00:48:35,950 that space and and have a look at that. Herald: Thank you. Do we have more 626 00:48:35,950 --> 00:48:43,580 Internet questions? Nope. Cool, cool. I think that's it. So thank you again for 627 00:48:43,580 --> 00:48:46,590 the wonderful talk. My pleasure. Thank you. 628 00:48:46,590 --> 00:48:47,930 *Applause* 629 00:48:47,930 --> 00:48:53,052 *Postroll music* 630 00:48:53,052 --> 00:49:14,000 Subtitles created by c3subtitles.de in the year 2020. Join, and help us!