 I kind of almost feel like we should dim the lights for this one, but actually can we can we dim the lights? Is that okay person in the back? Is that you do you even care? Yeah, did anyone know how to dim the lights? faders Dude totally flip the faders Just slide them down. Let's see what happens. Oh Yeah There we go now. It's a presentation Have a seat. We're cool This is how the Internet of Things will destroy us all What you are about to witness has absolutely no useful technical information or content You're welcome Do I need a microphone? You owe me to uh, oh There we go. Is that better this guy that guy? Yeah, no worries Yeah, you can do and be up. It's cool. Is that better? Okay, don't know My name is Brian Lunduk right about now. You're probably wondering What my qualifications are to enable me to come to the Internet of Things Summit and talk about why the Internet of Things is going to destroy us all We are going to be talking about Lots of things but not distributed denial of service attacks because those are happening in spades And those are going to happen a lot and it's so disastrous. It's not even worth covering here We're not going to talk about nanny cams and creepy children How many people here work on embedded devices that might get used in creepy children's toys? One two, yeah, you're a little sheepish about it. That's adorable. Yeah, you suck We're not going to talk about any of that We're not going to talk about all of the myriad of problems that this raises the conundrums the moral issues the technical challenges That almost certainly will not be solved We're also not going to talk about the ridiculous amount of data that having a huge number of devices gathering data on you We'll be able to collect and provide to companies governments malicious people all over the world We're not going to talk about any any of that at all We are however going to be quoting the wonderful dr. Ian Malcolm repeatedly Your scientists were so preoccupied with whether or not they could they didn't stop to think if they should Which applies to dinosaurs and Internet of Things devices. I Love dr. Ian Malcolm before we get too far into this we need to kind of set a baseline So we're all working from the same set of data here. This is the average lifespan of a toaster is eight years That's the average number of years that a toaster sits on someone's kitchen counter before it breaks so badly Because it probably broke for four years prior But now it doesn't even toast anymore that they chuck it out right about eight years sometimes less sometimes more a refrigerator is 17 years 17 years keep that in your mind because that is critically important probably not that refrigerator, but some refrigerators last 17 years That's a lot of years This is the current forecast for Internet of Things devices It's all over the place But roughly stated is that it's going to keep ticking up until it hits around 75 billion devices in 2025 We've all been hearing stats along these lines right probably so far people have been trying to say hey This is a great opportunity. There's lots of money to be made if there's 75 billion devices over the next 10 or so years And that's a very good point But that's also a very fictional number when I count in my head I Get to about a million and then I go one million two million many million because after that point I it's all just gibberish It's hogwash so let's visualize that This is the growth Blue is where we're at right now in 2015. This is where we're forecasted to be at in the next 10 years 75 billion Devices billion how does that relate exactly? well This is the number of IT devices that are expected to be existing This is the number of computers that are in use in the world right now That is a smaller bar This is the number of smartphones in the world right now if you stack all of the computers and smartphones on top of each other It doesn't get up to the first line in the spreadsheet chart. I have made nowhere near The first line the number of internet of things devices So eclipses everything else by such an extreme margin. It should make our heads explode This is the population of the world Notice that the population of the world also does not come up to that first bar There will be in the next 10 years enough internet of things devices Thanks to you people that Every man woman and child on the face of goddamn earth Literally every country can have at least ten of them Minimum Here's the population of the United States of America the most consumer loving country in the world We are probably gonna buy most of them Which means most of you are gonna go home and have between 20 and 50 of them in your house Let that sink in for a second light bulbs Your stove your appliances on your countertop nanny cameras your friggin doorbell The number of devices capturing data on you will be obscene and that is not even the purpose of this entire talk I just think it's ridiculous so Every now and then the the question comes up and it gets asked to people like Bill Murray and whatnot Would you rather fight a horse-sized duck or 100 duck-sized horses? I couldn't find a good creative commons license picture of a horse. So I went with rhinoceros So let's think about this for a second. I Mean really just completely clear your mind stop thinking about internet of things devices for a second and imagine this You have these two options available to you one is a gigantic duck. It was beautiful. Is that a mallard? I believe it's a mallard beautiful mallard, right? But terrifying when it's the size of a rhino if that mallard breaks in it right now. It's horrifying However, I'm pretty confident that just the people in the front row if we band together. We can take that duck on, right? scary but handleable or 100 duck-sized rhinoceroses. This is actually exactly 100. This took me forever to do and Libra office had a hard time with it So I had to take a screenshot of it and make it into a picture and then paste it back into Libra office So it wouldn't friggin crash when it got to the slide with 100 rhinoceros pictures on it Libra office people, please fix the rhinoceros bug Now Rhinoceros say about the size of a duck right yay yay big 100 of these bad mammajamas come in here. We're boned. It is over Now imagine this isn't rhinoceroses Imagine it imagine these as multicolored internet-enabled light bulbs. I think that kind of makes its point for it right there Now let's think back up for a second 17 years 17 Years with this refrigerator now. Let's imagine that this is a smart refrigerator with a cool little screen on it It lets you put in your grocery list It's connected to the internet so that it gets updates so that it keeps your food colder I don't know exactly what an IOT fridge would do but that's what it does right it's all connected up Super internet-enabled you buy it and you expect it to last as long as your old refrigerator 17 years 17 years ago from today Just to make sure we're in the right frame of mind Brandon Frazier's classic bedazzled came out in theaters That was a great movie Also in syncs by by by was topping the charts, right? I mean everyone remembers that song because it's amazing and This was the operating system for Microsoft Who's running currently Windows ME RazorHant? Oh Nobody well that's weird That's really real you have one box that could still run Windows ME that that's fair Now Microsoft only supported Windows ME for three years They had an extended paid support system in place where they'd support it for an additional six years Now even with that paid support it was still a pile of crap but six years 17 years is a very big bar now I'm about to make fun of a company called canonical because I do that in presentations Only because they're an easy one to pick on How many people are using Ubuntu in their IOT devices right now or planning on it? None this is the best presentation ever Awesome well then we can all be on the same page with this one all right so the average appliance lifespan Let's say 17 years right for refrigerator now if we're working with a company that's building a platform an entire platform To base that on we want to feel confident that the platform itself is going to last 17 years right? Now many of the companies producing those platforms have not existed as long as you'd expect a refrigerator to last So we don't know if they can deliver that yet No, that's not saying that they can't but as yet they have not actually done that The average length of time for a long-term support release You'll notice and this is for Canonicals Ubuntu that they they make that's their platform is Significantly lower than the appliance lifespan of a refrigerator Again not to pick on canonical here because a lot of companies do this put your finger down Okay, now the Debian project how many people are basing their devices on just Debian like Debian Jesse or something like that smarter people nice Again, we simply have no reason there is literally Zero reason to believe that basing it on a platform that has never run that long ever not one time in human history could run a Refrigerator for that long a device an Internet of Things device a headless predominantly unmonitored Unmoderated unmaintained device running for 17 years again as Long as since Windows ME came out that would be as if Microsoft ship Windows ME We stuck it on refrigerators and stoves and let it run for 17 years Would it would have loose came by now it would be absolutely friggin Disastrous now ME started out crummy right if you start with a system. That's good Maybe it buys you a little extra time, but 17 years 17 years. I I really don't think so So yeah mainstream support for Windows ME ended 2003 it is currently 2017 So support for the refrigerator would have ended how many years ago 14 years ago. Oh Extended support. So if I paid for extra support for my refrigerator that ended what? math eight years ago That's many years ago. That is so long ago and again canonical is not the only one doing this Why is this a problem? What potential conundrum? Does this does this present to us? Can anyone guess I mean if we don't have security patches we now have a vulnerable refrigerator That's just the fact of the matter if someone encounters horrifying bugs We don't have anyone there to fix them and even if we did would anyone care? How many people bought a refrigerator? 17 years ago and that exact model of refrigerator Exact model is still being made supported and sold in stores How many people bought anything 17 years ago one thing anything even a friggin shoe and that Exact item is still being made and sold today. You have one thing. What do you got? Okay, Pink Floyd's dark side of the moon aside Anything that can be shipped on vinyl. I feel like doesn't count in this scenario here That is a really great point now stick the internet on the number two pencil now Imagine you've had that 17 year old refrigerator running Windows and me and You and everyone else in your town has that refrigerator every other device you have is also running Windows and me and again remember in the next ten years you will have at least ten of them in your home running Windows and me and They are all rhinoceroses and they're all pissed off at you That is clearly a problem This is unprecedented. There's never been this many computers running at once And they're all going to be friggin connected and able to talk to each other all of them 75 Billion of them. This has nothing like this has ever existed before Which leads to a slightly different tack for a moment This is the number number of flops needed to simulate the neurons of a human brain. It is one The 19 one with 19 zeros. I have no idea what the exact net word for that is because it is so frigging huge right This is the amount of flops of raspberry pi two produces. It doesn't even fill up the first pixel row It is very small a raspberry pi two is clearly not capable of becoming sentient by Essentially Simulating the neurons of a human brain. You can't do it. We'd like it to do it That would be really cool, but it can't quite do it It would actually take 1.6 billion raspberry pies in order to simulate all of the neurons in a human brain That's a lot of raspberry pies Does anyone know how many raspberry pies have actually shipped so far? My guess is it's less than 1.6 billion That would be rad, but it's nowhere near that So that's the number of raspberry pies needed to simulate The neurons of a human brain This is the number of Internet of Things devices that will be out in the world Let's do a little math based on that so Verbatim if IoT devices get no faster over the next decade no faster at all than a raspberry pie and Again in 10 years come on. They're gonna be a lot faster, and they're gonna cost a dollar. That's just the way it's gonna be The global IoT network, which I am coining right now as the gin by the way It is called the gin. I'm replacing Skynet with gin. We'll be able to simulate the neurons of 45 human brains by the year 2020 2020 guys This is the number of movies where a global network of sentient computers don't kill us all right Now I know this isn't We're not sitting here debating how to make these devices secure. We're not doing that in this session I'm sure there have been plenty of security sessions so far at the IOT summit Let's just take a step back for a second The reality is no matter how secure you make these devices It does not matter. They will be compromised end of story There is no way to secure them completely It is simply not possible because it has never once been done never and We are putting 75 billion of them up there They can now talk to each other to simulate 45 human brains Not just 45 human brains the full neurons firing in 45 simulated human brains that never ever go to sleep And share information with each other Now Think about this for a second here Think about that. Now if we go back here for a second It's okay. This is the number of Flops needed to simulate the neurons in the human brain now There have been a couple of attempts at artificial intelligence and whatnot and the general consensus is That it is a couple of powers less than that if we actually understood how the human brain worked, right? That we'd be able to simulate full consciousness and logic. So it's really more like, you know, not to the Like 17th or 16th power, which is still a huge amount However, it is so many factors fold that if you theoretically got 45 of the best developers here at the embedded Linux conference in IOT summit All together in one room Made them so they would never need to sleep again Could share telepathically all the information in their brains constantly with each other And then let them work out how to create consciousness on their own We now went from 45 human brains to a couple thousand operating around the world and never sleeping and knowing literally everything about you Entirely there's literally nothing. They don't know a little science fictiony sure However, we bring back in dr. Ian Malcolm If the pirates of the caribbean breaks down the pirates don't you don't eat the tourists This does originally mostly apply to dinosaurs However, if you give a global consciousness I know I know it sounds ridiculous if you give that complete access and control To your security system your front door locks all the lighting in your house your oven your lights your toaster Your internet friggin enabled crock pot, which I still don't understand why it exists And you give it access to all of those things in your house. It can destroy you Completely literally not only can it collect data on you and sell it It can murder you in your sleep Because it has access to your gas and such That is horrible and terrified We've been in here talking For 16 minutes right now I'm done This is literally it. I I want us to take a step back here for a second Because just like dr. Ian Malcolm who is a doctor? Said at the very beginning of this presentation We were so focused on figuring out if we can we didn't stop and think if we should I would like people to rewatch this on the internet and think about that for a moment I would also like to give props to the linux foundation for allowing me to come and Tell all of you that what you're doing is going to cause the end of mankind at a summit all about the internet of things that takes balls and props to the linux foundation for doing that now That is where i'm going to leave it. Seriously. That's it If you would like to ask me questions if you would like to have an open q&a about the jinn Which is going to happen I will stay here and I will talk to you for the next 40 minutes. Otherwise, that is it. You may go Unless you want to raise your hand get out That's fine Really long term. What is really long term support? So not enough for a refrigerator That's exactly right Yes To be fair, I didn't have that many slides. So Really, you probably agreed with most of it really probably There we go. We're we're going to get in the right direction now. If I keep this up. We'll eventually be at full agreement What do you disagree with me on my man? Yes Yes Oh for sure. There's there's there's a ton of low power devices out there overall What we really got to be looking at is what is the overall average speed of all Basically iot ish devices over the next decade and the reality is how how many years ago did the first raspberry pi come out? Does anyone know off the top of their head? Four years ago So four years ago How much speed increase has the raspberry pi itself? Which a lot of people are basing their their designs on how how much has that increased in the last four years? Pretty substantially like this since for the raspberry pi two to three. It was pretty huge Do you have an answer to that or it was a totally different question? No, you can do a ton. Yes. So that's just it I didn't even count the gpo on the raspberry pi because I thought about what this man just said He's like most of the devices are are power constrained devices A lot of them don't have powerful gpus. A lot of them don't have those sorts of things raspberry pi Yes, you can offload so many instructions to the gpu that you can do a lot better than what I even had on here Which means those 45 simulated human brains is an underestimation, but my my thought is a general estimate You're right some will totally 75 billion billion Yeah, if we connect 75 billion speaking spells, we are fucked Uh See a couple other people have their hands you sir Did you see how many people died in the sarah connor chronicles? I mean This is a good point Yes, no So your your hypothesis is we will have 75 billion interconnected computers at a minimum Potentially and uh possibly quite sentient But you would prefer that to the humans because the computers might be less likely to kill us right Then I will I will posit this because we have yet to see this come to pass We have yet to see the fleet of all cars on the road being automated We have yet to see what happens when when all these 75 billion devices are online And when it comes to pass I would like to sit down and have coffee with you and let's figure out Did we survive or not? I have my personal doubts I like your optimism though Yes, sir Yes Then this is If you get exactly a big giant botnet and again We kind of skip past that because how many people follow like on twitter the internet of shit and things like that Right most of us right So the reality is if you follow that account and all of the other websites that track this garbage The reality is we're seeing this sort of disastrous stuff happening constantly There are botnets already wreaking havoc on our dns servers on the east coast and such right It's already happening. So we already have a case study a series of case studies In place that showed that those devices will without a doubt be compromised. The question is what happens to them What do they what do they do? What do people program them to do do they program them for machine learning which eventually leads to sentience Do they program them just to be the biggest most annoying botnet in history? Do they program them just to be ransomware? We really don't know probably All of the above that's that's the likely scenarios There's probably going to be a lot of countries a lot of companies and a lot of lone rogue hackers Who just want to do all of their own things? So they're going to be all piggybacking on the same devices and and compromising in different ways And you won't know it happened because the majority of the devices are headless And difficult or impossible to monitor in any real way Yes Actually you you make a very good point the solution is to make sure there are more than 45 bad actors Hijacking all iot devices at all times Therefore making them incapable of processing enough to simulate the neurons of a human brain That is the solution We should be enabling all of the infosec organizations worldwide to hack all of our machines on a constant basis That is possibly the only solution because there's so much money in iot devices Companies are not going to stop paying all of you to build them They're just not going to it's way too much money to give up. Yes, man. Who's asked four questions? Right, so Yeah Yeah That's the reality right now the question is Once a device manages to become ascension Can it then protect itself and its own interests at that point? But that starts to get super sci-fi and a whole different track, which I don't mind going down, but I think it's a little bit off track. Yes Yeah Yeah When we when we sit down a lot of our focus on building software is to destroy humans Whether we're building a video game like chess or checkers the whole point of its ai is to destroy us If we building simple security measures into a server the entire purpose of those security measures Is to make sure that this guy right here can't get in because we're going to screw him over And that's the reality. That's what we as humans have been working on for decades now is how to keep humans a In check and be Out of whatever we don't want them in so we need to keep humans dumb And complacent and compliant We as humans have been building software to ensure that and that's not a bad thing We want to make sure that the guy in the red shirt is not getting in at all of our stuff because he's sketchy I would like to I would like to make a thing right here straight up Let's leave politics outside the room Because either way we're all going to die Yes Exactly You it's a simple one. It's a simple one that you and I could sit down and be like, okay We've got a couple of robots in the factory that are automated Let's add a couple of rules and conditions that will help make it more effective And the reality is you're right. We could produce a very simple ai that is less complicated than a chess game that would kill everybody Very simple. I mean literally you could put one line of code in an automated nuclear arsenal launching systems That is um if kardashians get new show then launch all like and it's it's one line Literally, we just need one line of code that gets checked in and compiled and in the wrong spot and you die You the pissed off four-year-old is a frightening one Now it Yes, yeah, the pissed off a four-year-old is a bad one Okay, so so then So let me let me see if I understand this So if we if we get these ai's mature enough and really they reach a certain level of Development they will simply become preoccupied with all internet porn and therefore not destroy us all So what we need to do is we need to jump past the toddler years So they don't throw a tantrum they just sleep until noon and then do weird things in their room Okay, honestly Maybe again. We haven't hit this point yet, and I'm just really terrified of it like what happens Yes Yes, okay, so take take a security infrastructure like selytics and implement the the three rules of robotics to keep us all safe So they can do no harm to humans, etc, etc Maybe how I don't even know how you do that because Right, but I I don't dislike that idea So all iot devices have to not burn humans with their toast makers things like that Maybe And then of course requires that everyone is using a distribution of linux with selytics And that that distribution continues to be patched for 17 years minimum Right it's once one gets infected it spreads like wildfire How many people here work for a company that produces like appliances like Like devices that you physically hold right now So quite a few of you okay, how long that company i'm assuming has been around for a couple of years Yeah, okay Going back a couple of years just say two or three years Does your company still want to be investing in infrastructure and support for those couple year old devices on an ongoing basis After the devices are pulled from the market does and does It's constant loss right so you're as as an appliance maker you're saying i'm going to sell this toaster Which i probably only had a five dollar margin on after it goes off the store shelves anyway I'm going to support it with a dedicated team of let's say the first three rows right here Dedicated q&a people developers It support specialists people keeping the the repository servers up and running everyone constantly updating patching Keeping them safe and secure. They're not going to pay for it No company is going to pay for it because it's a stupid idea when there's 75 billion new ones being sold You want to sell more new ones stop supporting the old ones and move on to the new and shiny Otherwise you're going to go out of business But if you focus on just selling the new ones you're going to make a Butt ton of money which is the metric unit and you're going to make so much It is going to be ridiculous. And so that's what we'll bring about our doom. Yes bearded man This is a really good point So if the company's go out of business whether it's the company that makes the device or the company that makes the platform itself what happens then again This company has not existed long enough to support a refrigerator It just hasn't and that's not a knock against them because you can't go back in time and found your company like in a delorean You just can't do that. So I don't hold that against them, but it's a fact They simply haven't existed long enough to show that they could be trusted To exist long enough into the future to support a refrigerator Now the most successful companies in like the linux and open source space Let's say like susan red hat, right? They've existed since the early 90s. That's great I don't know that that's long enough to say put him in a car because My first car was from the mid 80s. You know what I'm saying here We expect certain things to last a long time and red hat susan a lot of other companies Haven't existed as long as that now those two companies have lasted long enough to say Make a refrigerator But to make I don't know a station wagon or an entire house I would cause pause. I think wait a minute. Wait a minute. We we don't know that for a fact yet Yeah, any right independent repair people But it's not impossible Okay, so who wait wait wait who? Yes, the tibialization. So how many people are developing devices right now who are working in some way on devices raise your hand Okay, uh, put your hand put your hand back up if those devices are built in a lockdown way where there's no readily apparent way for me to get to a root access on the system and modify the devices as a consumer So most of the people that had your hands up raised your hands again because they they At least aren't making it readily available. How many people just down right lock it down Almost as many hands go up. This is the problem Clearly now we have to think about this for a second and I don't want to sound too crazy conspiracy guy ish But I know my tinfoil hat is showing a little bit Um, the reality is there's so much money in this I don't blame the companies you work for for locking them down Their responsibility is to their shareholders, right? Their responsibility is to the employees and keeping them employed They're going to do whatever is going to earn the most money And what earns the most money is locking things down such that they have full control over the warranty and support of the device Which also gives them the opportunity to Expire the device to end of life the device and have planned obsolescence where you need to go upgrade your toaster To the new device so you can get the new toaster os 5000 so that your bread continues to toast We do lock things down for security reasons. That's true You're you're absolutely right locking things down can in fact improve the security However, can you guarantee that in those scenarios the system cannot be hacked because exactly now Let me give you a little anecdote. I'll put my hands down for a second Anecdote I run a bbs An old style bbs, right? Ridiculous. It's a DOS based bbs. I run it on top of free DOS Which is a gpl version of DOS and it runs telnet accessible 24 7. It's nothing big It's got like 20 lines to telnet into telnet. Is a telnet a secure protocol No, there's no security there. It's just ridiculous. You can hijack that suck of no problem That bbs has been under constant onslaught since two days after I put it up And a bunch of people thought it would be fun to try and hack it They've been running every script they can think of to try and hack it So it tries to do like run root type things in the login prompt the bbs Literally 24 7 for months on end. They have yet to be able to hack it Why because the system is so ridiculously stupid and does so little There's just nothing there to hack It's literally that dumb Now that's running with an old version of DOS an old version of apparently unhackable Hardened esi linux vaulted DOS, right? Who would thought that now? We've got Our iot devices. What operating systems are you guys using on your iot devices? What do us What is true bare metal, baby But you are using some form of linux free bsd net bsd anything like that probably most right probably almost everybody Not all but almost Those systems while my favorite and I love them so much in my heart. Sorry They are infinitely more complex There simply is no way to secure them entirely. It's not possible Like literally like approaching zero. It is it's one of those lines It's those little asymptotic lines where they almost touch but never touch You can't quite secure them You can just get really close if you put a thousand people working on it for literally ever So if there's no way to secure them So if you you can lock it down and make it so no one can update it But all you're doing is saying that once they go out of support No one can then continue to use the device in a secure way because it cannot get patches or cannot get patches easily so locking down the device is astoundingly short-sighted in terms of both security and Well user freedom, but I won't get into the gpl soapbox any other questions Uh, uh, we've got five minutes. Let's say five minutes. Any questions? If not, I can call it And done. All right. Now everyone go out go to everyone who's sitting in the hall and ask them what their plans are 17 years from now when what they're running is A refrigerator. Thank you very much. Go out demand answers