 Gweithio gweithio, wrth gwrs. Welcome to Stage B, this is the 1040s talk by Katie Mo, and it's on APIs for Cyborgs. Just a couple of notices before we start, if you've got a few spare hours today and could help volunteer at something, anything, it would be greatly appreciated. We're really short of volunteers, so please do that if you've got the time. Also we've had a wallet handed in, if you've lost a wallet, please go to the volunteer tent and they may have it there. Other than that, over to you, Katie. I have the mic, thank you. Hi everyone, my name is Katie Mo and this talk is called APIs for Cyborgs. This is my first ever conference talk and this is the third time I've delivered it. But it's the first I've delivered it in a campsite location where we have Tilders. So I really want you to do a bit of audience participation maybe and install a little app on here. It's going to allow you to communicate with some of the hardware that I'm using in my talk. So if any of you has a badge, then all you need to do is press menu and then go to the app library, then install the Cyborgs app. And if you have any difficulty with that, then just yell at some point. I'll come back to that later during the talk. So just a preliminary note, there's also a little bit of an interactive component to this talk if you can make an HTTP post request. So you may want to have postman or curl ready if that's your kind of thing. And if it's not, I promise you will also be entertained. So I call this talk APIs for Cyborgs because I consider myself a Cyborg. And that's because I have a glass coated NFC transponder implanted in my left hand. We can't zoom into it, but I'm going to show you a little diagram later. In a few months, I'm going to attempt to insert magnets into my fingertips with a scalpel. But for the moment, I'm going to show you the safer work procedure, which will allow me to get the chip itself, which is about 12 millimeters long and 2 millimeters wide into my hand on the right here. So I'm going to just give you a little low down of the procedure. It comes in this sterilized injection assembly, 10 gauge syringe. And the actual implantation procedure involves the syringe being prepped, et cetera. And so it's quite a delicate operation, so I chose to represent it like this. So I'm going to spare you the details. But I mean, one of the most common questions I get asked after why is how. So that's the how. But as for why, I mean, I'm not unique. The biohacking community is growing. Some of you in the audience may also be biohackers or grinders. Do we have any other people who consider themselves DIY cyborgs or non-DIY cyborgs? Yeah? Yeah? Well, I mean, if my demo is compatible with your hardware, then that's cool. And if not, then we can hack together. But DIY cyborgs aren't the only type of cyborgs. You might consider yourself a cyborg if you've got a pacemaker or an IUD or a contraceptive implant or even a bionic limb, of course. But I mean, prosthetics have been around for millennia, but wireless networking hasn't. So through the internet, cyborgs are starting to realise their potential and become self-aware. So what is a cyborg? I'm going to give you a two-part definition. I'm going to give you the first part now. Here's the first part. A cyborg is someone who has augmented their body's capabilities through permanent non-human hardware. So as long as we have an idea of what a machine is relative to a human, we have an idea of what a cyborg is. It's a human fuse with a machine or a kind of machine and mensch. So, I mean, it wasn't a big decision in my life to become a cyborg, and I think it says more about the present than it does about me, because I think that's just where we are. So, on to the meat of the talk. This talk is kind of my preliminary research into the idea of an API for the human body, what that would mean, how that would operate, maybe a little PC of how it would work. So, I mean, you're probably all used to the idea that everything has an API these days. I've actually, I've got a prototype from a company called Mystery Vibe, who make a toy, which is called the Mystery Vibe. It's got six independent motors, and it can be controlled with a REST API over Bluetooth Low Energy. So, I was considering making that into a robot for the robot wars earlier, but I'm going to hack on it and do something else instead. So, the thought that got me started on this particular talk was, if there were an API for the human body, what would that look like? So, I've got to step back a bit and tell you a bit about NFC, because this is a talk aimed at people who don't know what NFC is, and I want to give you a high-level overview of what the technology we're actually using is. So, it's pretty simple. So, near-field communication technology allows you to do radio communication at a particular frequency. It's got a range typically of one centimetre to four centimetres, and you can get passive tags that draw power from the field. So, for example, the tag in my hand is passive, and it will only get power when it's in contact or within range of an antenna, which actually has that field. So, the tag doesn't draw any power when it's not being communicated with. There are hard-coded unique IDs and what's called NDEF records, which is the data format for what's stored inside the NFC chip. Each chip has a unique ID, as I say. So, I guess there are a couple of concerns here. Firstly, is it secure? Can someone duplicate my chip? Secondly, is it too secure? Do I really want to be walking around with something in my body which uniquely identifies me to anyone with a big enough antenna, which I can't change? So, I'm going to touch on both of those later, but I just want to remark on the protocol's actual... ..the way it deals with a security problem is, I can quote from the spec. I believe it says, we recommend security be implemented after an application layer, not at the NFC layer. So, that's kind of what they think about that. So, yeah, a couple of applications of NFC. I'm just going to quickly skim through this. I believe all of you have seen an oyster card or contactless payment card of some sort. You can use that. That's what NFC is, the technology behind that. Identity and access tokens for the office, for example. Smart phone automation, so you can tap your phone. Actually, I have a little NFC tag in my house, and when I come home, I tap it, and it sends a message to my girlfriend telling her I'm home. So, it's like that if you've got an Android phone. Unfortunately, in iOS phones, it's kind of locked down. And you can bootstrap other protocols. So, for example, if you've got two devices that you want to pair, you can tap them to establish an NFC channel of communication, and then they can use that to exchange credentials or some sort of address for another protocol that they could build on top of. So, the technology I'm using, which I would like to hold up for you here, is the Adafruit PN532 board. I just got this from Adafruit, and it's a breakout board, which you can zoom in on it. Great. I've attached it to my computer with an FDTI cable, so that's allowing me to do serial communication with a USB plug, which is nice. So, I think it's time to go into the live demo. I'm afraid I haven't yet tried this with the current setup with the badges. This will be the first time I've actually tried this. So, yeah. Enjoy the live demo. Okay. Is it possible to have this up on the screen? I'll need to mirror it. Okay, cool. Sorry. There's no screen up on there. I ran the shortcut. So, what we should be able to do. Okay. So, what I want you to imagine that's up on that screen if we're going to do it this way. Would you mind trying to mirror that on here? So, what I'm hopefully going to get up on the screen, sorry about that, is that we should be able to read and write data to the tag on my hand. That's the point of this talk. So, what I want you to do is if you've got the Cyborg app on your badge, then open the app and think of a little message to write. So, the message can be anything you like. Try to break it if you like. It'll probably break because it's an app that I wrote yesterday. Great. So, this is definitely not the right code. Okay. Yeah, the null message does break it. Sorry about that. Great. So, well, I'm first going to show you something really simple, hopefully, which is going to be reading from the chip in my hand to prove that this is not a fake. I will be using this other N-tag 216. The N-tag 216 is the type of NFC chip implanted in my hand, but I've got another dummy one here, which I can read by juggling these. Okay. So, the PN532 is ready. I'm going to read the card. Bang. I hope you saw some sort of... Are they seeing that? Yeah, you've got some JSON. Yeah, cool. The payload of a load of bytes and emfcamp.org, which is the URI record that I put as the first end-deaf record on this tag. Now, conversely, if we try to read the one in my hand, you will see once I've run it that it... Oh, it outputs the value of the previous time I did this talk when it was called JavaScript for Cyborg. I've got a bit of a latency in that, so hopefully now we'll be able to write to the tag. Okay, so this is like the whole point of the talk. This is the core of the talk. The idea is that I'm getting data off the internet. I'm going to get data from an API I set up which you're posting to with your app, and it posts it to a postbox somewhere on the internet, and I can get a message from that postbox and I can put it into the hand. That's kind of the core flow that I want to think about as a concept. So I'm going to have a go running this. Okay, so let's see. Okay, it looks like we've written some data to the tag. So now when I run the read one again, we'll find... Oh, it didn't write. Cool, okay. Okay, so someone is delighted to write everything is awesome to my hand. That's great. My hand now contains that data. Since my hand can contain 888 bytes of data, it can probably contain that a few more times, but I decided not to challenge that on the app that we made. So... Sorry? Yeah, sure. Yeah. Okay, I'm going to go back to the talk now because that was the live demo portion. Thanks to everyone who participated using the app. So... One moment. I need to be able to play this. Is that not working? Okay, well, I don't have my speaker notes, but it doesn't really matter. Okay, so the next part of this talk was supposed to be kind of a throwaway joke, but it's going to be really, really laboured now because it's going to be on my screen for ages. So I'm just going to put this up here while I keep talking. So naturally, as soon as I had implanted this uniquely identifying chip into my hand, I decided to go about connecting to the internet as you saw in that demo. So there's also another little performance art piece which I can't talk about on stage, but I would love to talk to you about later if you're interested. So I chose to use JavaScript for the demo because it's fun and it's massively popular and you don't have to wait for it to compile. It's super simple. So I made this super simple stack because it's just like basic JavaScript shit. Just like... I mean, I made some of these up, but... I mean, the point is that if you can run it in JS, then it probably is going to work and you can probably connect it to the internet. The second demo I made, which I was going to show you guys but I probably won't have time now, right, is a bit of two-factor authentication. So I decided to make a two-factor authentication flow that could only work if you were me, which is the best kind of two-factor authentication because it's not about something you know and something you have. It's about something you know and something you have physically inside your hand. So basically the idea is that you make a request to this endpoint that says verify. I will scan my tag and it will just receive the replies saying whether the author has succeeded. So I don't think I have time for this, but I made a web sequence diagram because you probably haven't seen enough of these already. So I mean... Sorry, this is nothing worse than other people's web sequence diagrams, really. Okay. So I'm going to conclude, hopefully, with some thoughts and further lines of research and what I think all of this means. So... You may have noticed a couple of slides back that the two-factor authentication flow currently only works for me and anyone else with their own NFC chip whose ID I hardcode into my system. So this is a limitation of my architecture, obviously, but it also raises a wider point about the internet of things. Consumer IoT devices are often shipped with proprietary protocols and designed with narrow use cases in mind. Nest recently retired as Revlov device, which relied on proprietary software and hardware to communicate with a Nest cloud. Without disable, Revlov is now a useless $300 black box. So how do we ensure that this does not happen and we are able to be in control of our own internet connected or otherwise devices? I don't have the answer to this, but I think we're going to have to grapple with this in an increasingly physical way. Why do I want to become assimilated into the internet of things? Why do I want to expose part of my own body in a globally addressable space? What if there's a showdown for people's bodies? Is that something I want? While that would certainly be interesting, it's something that I think feeds into the second part of the definition of a cyborg. I mentioned earlier that my definition has two parts. I think the second part is this. A cyborg is someone who has augmented their body's capabilities through non-human hardware, but naturally the control flows the other way as well. Implanting this technology in my body has changed my behaviour. It's changed how I feel about NFC antennas in public. It's changed how I feel about transferring data through my phone. Holding my phone in my hand has made me super aware of how data can be flowing through the NFC channels without just knowing. So I'd like to conclude by saying that I went to a exhibition at the Tate Modern the other day and I met this artist. She's called Chloe Spicer and she likes to say her project is to try to become a book. She wants to embody knowledge. To do this she takes the unconventional approach of eating books, of wearing books, of exploring the potential of embodied knowledge as it relates to books. This is obviously super relevant to me because while I can remember information it's not exactly persistently stored in my brain. So what I would argue is that this is what embodied data is about. Information whereas it may be encoded in my DNA isn't accessible to me. And as I put it into a medium which I can understand and then am able to access it through some sort of some sort of protocol that people agree on. And I think I've had a time. So thank you very much. Sort of overran a bit.