 Thanks everybody. Our next speaker is Hari Hersty. He's a subject matter expert and co-founder of Nordic Innovation Labs and one of the foremost election security experts in the world. So let's give it up for Hari. All right. Thank you for having me. First I want to tell the village is extremely busy. We are under one hour 40 minutes from opening the doors, which in reality means less than one hour starting people pouring in. We first had the first two hacks. We are right now seeing an extensive progress in three other things. So I don't think we get to early dinner time before those are complete. It's amazing progress. And one thing which is interesting is that people who haven't been part of the studies have never seen the machines. They don't know what we did. And hence they don't have the same tunnel vision as the people who have been ten years looking in the days. So they have a completely new approach. And if somebody would be educating them, they probably don't try it, but there's nobody telling that. So that's why they make a good success in completely new ways and completely new approaches. What was interesting was that the first hack was a professor from Denmark who was able to take control remotely over Wi-Fi, the wind vote voting machine on operating system level, able to speak directly with a common line to the operating system, able to unrestrictly go where the voter data is, et cetera, et cetera. So it was absolutely totally penetrated. Very interesting, very interesting how quickly it happened from the point of you have never seen the machine to the place when you are, okay, proof of concept IV. Anyway, this talk was kind of having a different, the hacker perspective. I don't know when it happened, but I'm going to give the speech which I wanted to give, which is to tell about what has happened since 2005 today. What are the lessons learned? And it also is a speech which I want to underline that don't make any assumptions, because most likely the assumptions you make are going to be wrong if you are a security researcher. And my statement from 2005 is still true. If I wouldn't have seen this with my own eyes, I don't think somebody would be able to convince me. These things are just a designs which, there was never a prime time of this kind of designs, so they should have never been in the market in the first place. So it's a sad state of affairs. So first of all who I am and why I'm talking about this, I have been starting hacking election machines against actually my intention in 2005 and what happened to me was I was for over a year tried to be convinced that I should take a look into election machines. I said no. I said no again until I decided that I want to get rid of the people who are asking me to vote the hacking machines by setting an impossible set of rules. And then my impossible set of rules were met by Ion Chanso from Tallahassee, Florida. He invited me over, he invited me to take a look into the machines and the rest of the history. We discovered a vulnerability in design. It's not a bug. It's a vulnerability in design which allows you to pre-stack the electric pallet box and gives you a capability of arbitrarily shift the outcome of the election. And the interesting feature of the voting machine is that the actual evidence how much it was shifted is self-destroying evidence in the normal course of the voting machine software. So you don't need to, as a attacker, worry about erasing the forensic evidence. The machine will do that for you. I participated in three government sanctioned studies in the United States. Everrest is, while it's old and should have been long, long time ago replaced by a New York study. It's still the most comprehensive study. It took the California top-to-bottom review, verified all the findings of California top-to-bottom review, and then added some new information. The redacted report is 316 pages. Wonderful bedtime reading. There is a, the report actually describes every vulnerability found. But the redacted version is the actual, some of the vulnerabilities are too dangerous. So the actual cookbook, a recipe, how it works, that is redacted. So you know there's vulnerability. You just, the report doesn't tell in the most dangerous one how to access that vulnerability. And after that I have been doing a studies around the world. We are actually going to have a little bit of, in this presentation, experiences from Estonia, which Estonia has always referred. Why can we do internet voting? Because Estonia can. The truth is Estonia can not either, but they just marketed the way. So we will have a little bit of a look in that. This talk is not about the last presidential election, but in the last presidential election I participated in number of lawsuits in the recount effort, testifying about the vulnerabilities of the machines, etc. So again this closer. I have only interest in security. I have, I'm not American citizen. I cannot vote. So I have no stick in this game. I have, I'm not talking about any specific election. These all vulnerabilities, all the things we are discussing has been used. They have been exploited, exploitable in number of elections. In case of Estonia I think the number is nine elections. In US God knows how many because these machines are used in number of jurisdictions where for example in New Jersey you can have 250 elections a year because of all the local elections. So we don't even know how many elections these have been potentially affecting the United States. So verifiability, transparency, integrity, security, those are my interests, not the politics or discussion about if an adversary number one, two, did anything. So first of all what we are not going to talk about. We are going to have a presentation at four by Matt Place. Matt is going to give you a demonstration with the real machine, the punch card machine which started this mess in 2000 election in Florida. So he will show the actual machine. He will allow probably you to vote and he will tell you the actual story what is, what has been here, missed in a week, why this guy became the icon of year 2000 in count with trying to see the pregnant and hanging and pimpled sheds on the ballot. Again, how we got here, 2005 was the default machines had, California Doctor of Review, Ohio. There those are the white independent studies. There's a lot of studies which are not independent which are paid studies or they are, the researchers are not independent. Those are different kind studies, the independent studies are when we have, when the study is made for without any links or connection to the vendors or a stakeholders in that, other than the government or the state or in some cases a lawsuit. Estonia study is important for the perspective of internet voting. It's very interesting to have the number in 2016, 52 different models of voting machines were used in the US elections. The normal statement has been always to say that US election machinery and infrastructure is product by diversity. The argument is because there's so many different kind of machines, there's so many different deployments, that is product, there's no single point of failure. First of all, from Attacker's point of view, it doesn't work that way. Attacker needs to know only for few machines and then you can choose where you attack based on what you know. So the diversity actually is giving you a wider range of surfaces and it gives you an easier way to find where your skills meet your targets. So diversity to a certain extent is good but it is not a, it's a false sense of security to say diversity itself is giving you a security in that sense. The other thing is the diversity itself is also undermined by a thing which is right now coming motor service and it's the service companies and we will have a slides later about service companies. In number of states, a huge amount of jurisdiction is actually programmed and run by very small number of service companies which are not certified, they are not cataloged, they have various of practices in security level. We will have a little bit more discussion about that. Anyway, here we have a little bit of pictures of what has happened to the voting machines in the previous studies, replacing operating system, replacing firmware, doing everything what Attacker would do. So theory of election is simple, this is actually putting a little bit of reference to what David Jefferson and Barbara Simons were talking, we all think this is what elections should look like. We will take a vote and you add it to the candidate and that is what people think election machines are and voting infrastructure, that is far from the truth. That is actually the real election systems, this is only the election part. The site here is a heart in the civic infrastructure, the site on this site is ESNS, those are two major manufacturers of voting machine technology in the United States. This is what the actual architectural overview is. Humongous and complex and this doesn't even touch the other areas, which is the election management part, the voter registration, e-poll books, yada, yada, yada. It is very important to understand that when we looked at what the reports of the recent adversary attacks, they didn't go after the election machines. They went after the backend infrastructure, they went at the backend network, the back office. That was the target. Why attacking the voting machine when you can scratch your belly and send a couple of poisonous word documents and get your access that way to the backend network? So we have been looking this area and this is the voting technology everybody recognizes, but the actual infrastructure is way larger and David Jefferson and Barbara Simons covered that in 10 a.m., so there will be a recording. You can see the recording and get yourself familiarized with that part of the structure. So when we now look at the voting machine and voting depilation system, what do we have learned? First of all, what the systems look like? This is a one major vendor in the United States. This is the complexity of the code. The election management system. Scripts, Kobo, visual basic. What could possibly go wrong with that and how modern it is? But if you look at the numbers of, these are not numbers of code lines, comment lines. This is the actual active comment lines of the source code. These are humongously complex systems and one would argue, and I think it's a right argument, unnecessarily complex. But elections are more complex than people think and especially new legislation like a rank voting is adding complexity because the new laws allow new methods of voting and you have to accommodate that. But just by looking that and looking how much assembler code we have here, how much we have a raw sea, how much we have, I would say, obsolete things like Kobo, you know, this is a humongously expensive system to maintain and when it's expensive system to maintain with that amount of code, bad things will happen. Just to make sure that we understand that they are not alone. This is not a manufacturer yet it's more C++. No Kobo, I think that's a plus. But again, the management system over 100,000 lines of code, the voting terminal boot loader alone 72,000 lines of code and remember these are not including your operating system, they are not including your driver code. There is a millions and millions of lines of dependencies which come into place and especially driver codes which are normally running in the kernel mode. If you don't know what they are you don't know what your system is doing. So this is just to underline what is the third vendor, more C++ but still when you look at the numbers of code, humongous, they don't run in the voting terminal standard operating system, they actually have a home baked operating system. That number of lines is just the application, the operating system itself which doesn't need to be certified under the theory that it's not vote acting. Humongous code, this is just to tell you, if you try to understand these systems by a pure source code audit, you will discover something but that is not enough, you are not going to be ever able to establish a sufficient amount of trust to the system integrated, sufficient amount of trust to the system performance and error-free producing by just looking the source code. You have to go to a fully integrated system end to end where you have the operating system where you have everything coming from drivers, everything and then you test it as a whole. Otherwise you are missing a huge part of the whole infrastructure. Now if we compare that to what we have found here, and this is kind of a scary list of things. First of all, hardwired PIN codes. We are talking about voting terminals where a supervisor PIN code is either hardwired as the only code or there's a secondary code which is hardwired so even if the election supervisor changes their PIN code, there is another code which the election supervisor doesn't know which can be used to log in. Hardwired encryption keys. We have a lot of documentation that this has been across many of the vendors, some of the vendors have get rid of that. Very bad practice and the other practice is file starting with the negative encryption keys. I think that's very good for a key management perspective. If your threat model is that you lose your key, now it's very convenient, the key is always there but it also renders the whole encryption meaningless. It's then purely advertising and decorative. We have a lot of variations of that where the key itself is artificially mangled so that the entropy is lost. We talk about a keys where key strength is 16 or 24 bits, which means that your pocket calculator can crack it in a matter of seconds. Even when you start with strong key, the norm of ways, you make the binary key to be converted to base 64 and then you truncate the base 64, now you're done and your entropy is gone. Again, marketing statement, everything is encrypted, technically means, it's true but when you look the meaning, is the encryption done meaningful way? Not at all. So don't assume when you're told that it's encrypted, that it's encrypted in a meaningful way. Hardware secondary passwords. There's one vendor which their system has a secondary password called idiots. That's a wonderful idea. It's idiots with the 1s and 0s, you know, you mangle, but in any username you can use with the real password of the user or you can just say idiots and you are in. What it means is really scary because now the system locks that that person came in and if something is done wrong, there's now a log entry about the wrong, as a real person would have been, the correct person would have been logged in. So it's a bad practice but also it is telling something about the attitude if you choose hardwired password be idiots. Hardwired Wi-Fi passwords, that's bad but also it doesn't matter because they use the Wi-Fi privacy which is old standard and crackable in two and a half minutes anyway, so why not hardwired them? The real question would be and discussion would be why Wi-Fi? But that's another story. When we look the newer generation of machines, a interesting choice of words has been started to be used because modeming where modems were connected to Y line were in some parts of US and earlier everywhere accepted as a way of transferring unofficial results. Now the wording has been changed to wireless modems and the wireless modems happens to be connecting to Verizon or Sprint network. So it's not any more that way of modem as we think but just to make it more interesting, a couple of recent studies, public documents have been discovered when the vendors have been demonstrating the systems and the demonstration have failed and the vendor has been explaining why it failed by telling the voting machine had wrong IP address and the file will describe configuration script have a typo. It doesn't mean it's internet but it means that it use IP addresses and goes while it over telecoms network so we don't know what it is. This is not the statement saying they are connected directly to internet, it's just saying that we are discovering things which are raising interesting questions and at one point of time somebody independently should take a look and take a look in the system. Interesting fallback scenarios. Voter authorization smart card which you are given in when you go to the e-poll book you get the card which allows you to vote once, you go with that to the voting terminal and you jam it. When it tries to eject you just keep your finger there and there were a number of machines where previously when it panicked it bumped you to vote election supervisor mode with no pin code or nothing. I mean obviously it's a supervisor who has to clear the jam but it is a maybe not well thought through procedure. Another thing which is found in number of manufacturers none of these are actually don't think about that I don't say name name a name of a vendor because there's only a vendor this applies to. It's more that these are seen out in a while in more than one place. Secret functionals activated with the hidden registry keys. In many cases the registry is actually made to be remote registry so inside of the election supervisors closed network you can remotely trigger the keys and now the election software whether it's the central tabulator canvassing software whatever part of the complex backend system new features pop up. Again slightly problematic for my auditor point of view when you're auditing software and the features you are auditing are you don't know all the features because they only become active or in case of one vendor this is the one vendor where it actually dynamically deloads and reloads a DLL so the actual library is not even in the memory until the keys is there. And a lot of weird misconception like CRC considered as a cryptographically safe algorithm. It doesn't make any sense but it is a common term and especially 16 which is not really even giving you a sufficient protection against a non-malicious hardware errors and non-malicious storage errors. These are just a examples and the important thing here is these are not bugs. These are not buffer overflows these are not mistakes by made by the programmer these are not mistakes these are a features which have been designed and programmed on purpose. We have a lot of bugs these are different category because they are not bugs. If we look the same on on side of hardware and firmware we see a old technology which is a RAM, a removable RAM card which actually blocks in the mathematical executable memory. How you can edit a how you can audit ever a system where removable media becomes part of your execution RAM. You don't. Anyway that is a design still in use in the United States and it's it makes it pretty unauditable. Custom operating system I mentioned before that there are benefactors who have in their terminal most of the machines are windows and some of the new ones are Linux but there are still manufacturers who have a completely custom made operating systems or no operating system at all. We had a found a custom operating system where there's a remote control features which means that inside of the election precinct network you can remotely control the voting terminal as if there would be a voter. You can click up and down and you can click the candidate name and you say I vote and that all can be done remotely over the the precinct network. Again not a design feature which thankfully is being fixed by a physical protections. Live open ports which are accessible for voter in booth. The interesting thing about secret ballot is you are in the booth alone and nobody's supposed to look over your shoulder and if you then have a serial port which is connected to the computer inside of the voting terminal live and you can plug something in your convenience of your booth and talk with the computer that's generally speaking bad idea but it's all kinds of ports we are talking serial ports we are talking USB ports we are talking about a potentially mountable device because the smart card stand is another thing which people don't necessarily know that the smart card standard which is commonly used in your prepaid telephone card your credit card that standard actually has an opportunity to have a file system it's not very big file system not a small file system. Now if the smart card reader as a certain ATM manufacturer did is a USB device which is very common in this environment and in Windows you have auto mount and auto execution on now you plug your smart card and it takes their auto run the bad and runs it. In this example line one thing which is recently has become a more known and understood problem in the voter registration system and e-poll books people are using driving license and driving license barcodes as the way to register yourself in and I know this is shocking but I have heard a story that some underage kids might have a false ID's. I know it's shocking but that seems to happen. However that means that you can have a rogue barcode and what has been discovered is first of all a lot of these barcode readers they read more standards than the standard you're done actually you cannot even limit the number of standards they read. Second thing is they are keyboard emulators. Keyboard emulator means that you can emulate operating system commands like command R to have your command line and type in the command line invisibly. Very convenient it also works in a point of sale system in supermarkets. The other thing which it can do is if you don't have a sanitize input which seems to be also thought that obviously we all know what the barcode is so you don't have to sanitize it a sequel inject directly from the barcode. It actually a funny story is not election story but the one guy in Poland figured out that sequel inject is possible in your license plate so he made the license plate which was as wide as a car which was sequel inject and deliberately throw through the red light cameras and speed cameras and he just happened to know what is the name of the number of the table you have to drop so if you ever read XKCD, read a little bobby tables, little bobby tables on license plate is a real thing. The same thing about the registration system e-poll books it's something which is right now thankfully it's this year a lot of the jurisdictions are looking to buy e-poll books this is now flagged. You have to make sure that you are responsible in a way you treat unreliable input which is the driving license because they happen to have false ones. Now internet voting side, the reason I'm talking about Estonia for a while here is because Estonia election, internet voting system is open source so I can actually show a couple of code snippets. When we look at the Norwegian internet voting stop trial which stopped this is a miniscule comparing the size of that code. We had the Washington DC mock election which was hacked by Alex Halderman and East team, way much bigger code. When we look what is Estonia internet voting system which is considered in a common knowledge as the gold standard which it truthfully is not what it looks like. It's 16,000 lines of code and really we don't have to worry about counting the comment lines separately because there's no comments it's actually code which is uncommented completely. Well not completely but very little. So it's 61% python, it's 37% C++ and then shell scripts and various of shell scripts. It is really looking like a code trial. There is no docs, no harness, no test modules, no description of the protocol obviously you can learn the protocol by reading the source code and the documentation itself is interesting because almost all the comments which are here are actually from a borrowed code so when they have cut and pasted a part of code from other source the accidentally the comments kept in. And when you look at the lifted code so the borrowed code there is a undocumented code from GNU which is a open source license requiring you to commit back the changes. It's a in a sense which Joe would be telling and Candace Hawkeye it's a legal virus in a sense. Shouldn't be undocumented that's a violation of terms and the other code is that there's no attribution of source, no version, no authorship, no license so there's a lot of code which is coming from somewhere and there's it's not acknowledge where the code comes from. I would say this is a high school project with a teacher who is very relaxed but it's not much better than that. It's nasty thing to say but it's true. So when they publish the code this is what I want to show. A security feature and the actual code when it was publishing GitHub says to do implement security checks as a verifying core size of the encrypt vote returns okay. No test was ever programmed and this when this code was published it had been used in seven real elections. Now obviously it was slightly embarrassing when this was made publicly known and so they fix it. I'm not making this up. This is actually the next comment to GitHub they removed the comment lines because there was too much information anyway. So again if a voting system is not having the security check obviously it will not tell you that there's a problem so everything will go fine. I don't think this is a proper and prudent way of programming an election system but people make different choices. Again in the real world you wouldn't never ever believe in any system even including your point of cell system a super market or your calculator that a key feature year of the year of the year is missing and just to do. There's a lot of other features there. One thing what I want to underline this is the example is from Estonia because I can show the code. This is not unique. When you go and look the other vendors in America who are serving internationally you see the same thing. You see key features which somebody was too busy ten years ago to code and nobody has had time ever since because it's working and obviously if you add that feature you might start to have problems so this is better. Less complaints. Now Estonia also is interesting example because they do publish a video. This is their government assurance how the system works. They publish everything from the system being set up to election being run, the daily logings in the system while the election is live. Everything is published as a video by the government. There would be a lot of things I can tell about. We actually went Alex Haldeman, Margaret McAlpine, the University of Michigan team three people and two people from Google. We actually flew to Estonia to witness because you are allowed to in person also to see the operations on daily basis. First of all because Estonia system is widely open source in Anna Arbor in University of Michigan, Alex Haldeman, his team built a own Estonia. If you go to Estoniavoting.org you Estoniaevoting.org you actually find a virtual images of the Estonia government systems and you can be your own Estonia. Which means that you can take the binary code given to you as the voting software and you can run it against a virtual Estonia which is your Estonia hence you can try your things safely and you are not playing against a real system. The videos were actually very nice because when Anna Arbor was building a copy of Estonia they didn't know what everything means in Estonia and as a result every name of computer every sticker was copied and when Estonia was about how you knew this. Well we don't know what that word means but we put the sticker because you have the sticker and so that's how it was copied. Anyway this evidence is interesting because this is from the video where they sign cryptographic sign the client software the citizens will be using for casting their votes. So there's this video the video goes on and eventually there comes a signature and hash and now as a voter you can verify your binary to be the real binary by because you can compare to the video and they made a big thing that this computer where they are doing the sign this computer has never been connected to internet. That is a statement they make. So let's take a closer look. So we have a micro torrent, we have the turn of it and poker game. Online poker. So I think the statement this has never been connected to internet maybe they're enthusiastic and they want to install all this software which is not going to use and they wonder why it doesn't use. The statement might be false. I don't know which way. Anyway operational security and I'm using Estonia as a I could use many other jurisdictions in the US. I'm just showing that a lot of times these statements we have as humans we are trust based animals. If somebody tells us sky is blue we probably take it as a face value we don't check if somebody says in a video in official evidence provided by government this connected this computer has never been connected to internet. Very few people actually go and start checking. But the evidence is there that something is well maybe that's offline poker stars online. Who knows. I was talking before about we've come back to US about the small companies which are helping local governments to run election. This is an actual website. This screenshot was taken I think three weeks ago. It's not from yesterday. I don't have any believe that election source has changed it. This is a actual company selling election services. First of all this is a blow up from here. Our election coding services saves you time and effort. If you would be running a national security level service where agency would you buy your coding services from website looking like that. The answer is yes. They do buy. That's why they advertise. This is a not embarrassing example and I don't want to embarrass an election source. They are not worse or particularly bad. But the whole concept is elections are actually that's the different pictures. There's also state money and maintenance services. But these kind of companies are selling their services and they are not certified. If this is a Joe's election services who will ever check who Joe is. Who owns Joe's services. How Joe is employing his people. How Joe is vetting his employees. What are the different stakeholders in Joe's company. What? Oh microphone. Anyway so this was just an example what kind of companies and what kind of marketing methods actually appeal a real election official election officials to use their services. On the same website when you go to the production side they have the new tag here which is everything you need to secure election like seals. So they sell locks they sell seals. All kind of things. And the one in the corner this this looks very interesting. It's a red and it's it is the the great seal of state of Michigan. This is actually the paper seal they use in election. This is my hand. I used my own credit card. My personal credit card and I ordered them. They were four and a half dollars each. So you don't need to forge a seal. You can just buy them. Election officials always make the correct statement. A physical protection is protecting the machine. When you talk about computer systems the rule of the time is if you can physically access it the game is over. So you have to have physical access. A lot of the security studies have greatly improved the amount of secure physical security around the election machines. Great job done. More job needs to be done. However that's not a problem if you can actually buy the original seals. And you don't need to even forge them. All right. Again this is a machine which is in the hacking village. It's the I've a chronic. It has the security feature. You have a special cartridge. The machine only activates when the cartridge is present. The cartridge has a secret ingredient which no human can get access. It's called magnet. So when you have a magnet the magnet actually activates the system. And the device is using infrared to communicate the ballot style and also to do the tally business also vote accurate application. So instead of using that device you can use poundpile. Again when you look and it's actually very interesting. I have a lot of people who are not election security experts. They think when they specialize device they have never seen before which has a weird shaped slot which you put. They think it's secure because something they have never seen. It's not common. And because it's a magic. There's no connectors. It's smooth aside. There's nothing metallic. Because it's over. People have a false sense of security. It's safe. Reality is a magnet and mobile phone or poundpile. That's how you talk with. Again never make assumption. When you see a machine never make assumption that you know how it works or the people who tell how it works would know how it works. And that's why we have the village. This is just a very quickly top line one line per huge topics. Every single line would have been an hour presentation on its own. But to give you an idea of why it's important that we take a look, fresh look, we analyze, we get the facts straight. And only people who are educated and know the facts can make an intellectual decisions and right choices. One more thing about seals. Yet another seal example. This is a debold acu vote, a precinct based scanner, tamper evidence seal, protecting the memory card so that nobody can tamper with that. But if you take a look side, you see, hey, there's two screws. We have been recommending to put some seals to that screws because they didn't. And if you take them out, you take that out. Now you can get to the memory card without breaking the seal. Seals, I have a number of pictures from Estonia where they have sealed the racks of the servers and the seal didn't go from the door to the rim. So you can just open the door. The seal is not broken. Anyway, that's a brief thing about keeping your mind open and when you analyze the systems, when something is presented to you and you want to make certain that you understand if it's secure or not, you don't need to have any special skills. You need to take a look and use common sense. If somebody says this is a tamper evidence seal, see where the seal is connected. And think like a criminal. Think about this is, I think one of the most important things I have been saying generally about hacking and security. Hacking is not an intellectual challenge. Movies and everybody tells hacker men are wise and cunning and smart. No, that's not the thing. Hackers want to steal your stuff. There's no style points. They look if there's a door. Oh, you have a door. That's great. Do you have a lock? Oh, you have a lock. Great. Let me go around the building to see if you have backdoor and do you have locks in the windows. And it's all about how you achieve your goal as a criminal, not if you have style points because the best crime is a crime which was never discovered. So you don't even get to brag about it. Thank you. So the question is, is the newer version of the software is the box becoming less prevalent? And the answer was that when you go across the US and you see the systems which are used, a lot of times there has been no software upgrade since this discovery. So it's still the same. About the newer systems, most of the newer systems have never been independently verified. So we don't have data one way or another. So the answer to that is the legal question and that was Joe Hall and Candice who should be answering that. The my answer is there's volunteer standards. And since they are volunteer, they are volunteer. I would also point out that the FEC, David, when was FEC regulation? 2002. FEC. 2002. And then the EAC, VSS, 2005, they both have a ban to use assembler language. And those machines had been certified and you see the assembler language there. So the E80s, the independent task authorities have not been, maybe they haven't considered that to be that important, but the systems which have been certified voluntarily but certified still don't necessarily meet the standard set. Anything else? Okay. I'm out of time. Oh, I think I actually went to YouTube live. I think I actually went to YouTube live. I thought one person there was already posting it as live stream. So it should be there. Okay. Thank you.