Here's the deal, it's called the Buddy Pledge. You give us your support for 12 months and we give you access to the most eclectic music as well as the best in thought-provoking news, talk and community affairs. Sound good? See it in your heart to pledge a minimum of $10 per month. Each payment will automatically be deducted from your credit or bank statement so there's no reminders needed. Just join us for a one-year membership and go online at www.givetowbai.org. That's give numeral two WBAI.org and be part of our vibrant community, WBAI New York. And you're listening to radio station WBAI New York. It's 7.02 it looks like and that means it's time for Off the Hook, which is not playing now. Reggie, what did you do this time? The theme's not playing. No, the theme's not playing, is it? I can't hear the theme. Is it this button over here? He does that every time. Shaving, now I can't make a cough. We couldn't get much worse. But if they could, they would. Bundle it up for the best, expect the worst. I hope that's understood. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. Bundle it up. We're joined tonight by Rob T. Firefly. Good evening. No, no, hold on. Another button was pressed. Try that again. Good evening. There you go. Kyle? Hello, hackers. Now, did we figure out how to get Bernie S.? We should have him on the other computer slider over there. The other computer slider. This one here. Bernie, are you there? I heard breathing. There he is. Greetings from Philadelphia. Although you sound very distorted and like your audio is clipping. He's going to be on Skype and critique us. The way we sound? Well, he's sounding very good. Why did you give him that? Why did you give him that? Bernie, you sound like you're under order, Bernie. You sound like there's all kinds of things going on there. I'm sorry. I'm on Skype. You wanted to do it by Skype? No, I didn't want to do it by Skype. We're doing it by Skype because we don't have any phone lines here at this radio station due to overwhelming incompetence that I cannot even begin to describe. We only have an hour. I miss your vocoders, Bernie. You sound too clear. All right. Well, Bernie, it's good to have you on Skype. You do seem a little delayed, though. Is there a delay on Skype? Generally, yeah. Let's find out how big the delay is. Bernie, you want to play it? Definitely. You see, this is going to be the satellite effect like late night TV. Bernie, let's stop talking over each other and play a game. Do you want to play a game? Go ahead. All right. We're going to count down. Usually I do this from three, but I think in this case I'll do it from five only because it might take that long. We're going to try and say the number one at the same time, and that way we'll know how long the delay is. Do you understand the rules? I do. Okay. Here we go. Five, four, three, two, one. One. That is the Skype delay. My God. How does anybody deal with that? We can't have a conversation like this. If we're going to be having that kind of a delay, the person should be on another planet or something. What? Go ahead, Bernie. How much latency is there? How much latency is there? It's like a half a second or a second. Maybe a second and a half. It was more than that. It was like two seconds, I think. Okay. All right. Two seconds. All right. Well, let's not complain the whole show. Go ahead, Bernie. I understand there were some Skype credits added to WBI's account. You may have better results calling myself. They have a faster Skype? Is that what you're saying? A Skype that goes faster than light speed? What he's suggesting is that we use Skype to call his phone number rather than his Skype account. So there's less distance between his Skype and the phone system? Because we haven't spent enough time trying to figure out how to get the show started? Since it's VoIP either way, I don't think that will affect the delay much. It might be a small difference. He might have a point. You know, for the sake of experimentation, if anybody here is willing to take this on as a project. Well, I will head over to the other console over there and see if I can make that happen for us. You make it sound like we have two consoles. We only have this one. Never mind. Okay. So here we are. I've been away for a few weeks. Kyle, you've been away for a few weeks too. Oh, yeah. This is actually a new show for, I don't know. Gosh, it's been almost a month. So it feels new. I almost didn't know where the radio station was. Yeah, that's right. We took a wrong turn and wound up in a different part of Brooklyn. But we found it. We found the radio station. Here it is. Same place. And we were away, actually, for a couple of weeks. Actually, we were only away for a couple of days. Well, we took a short trip and visited Sao Paulo. Yeah. And explored pretty much everything we could see and do. And there are a lot of really unique things about that country. It's one of the BRIC countries. So Brazil, Russia, India, China. Yeah. Not made out of BRIC. No, no, no, no. But of those types of economic zones. And there's a lot of growth, a lot of interesting culture. And it was an amazing quick trip for us. Yeah. We were speaking at a conference. We only had a couple of days down there. I was working the whole damn time too on the conference. But it's fine because you can work on planes. You can work on trains. You can work in rooms. You can even work while you're giving a talk. I managed to do that. The change of scenery was really, I think, helpful. It gives you a little bit of perspective on your own work. And it's always fun to visit a new place. Yes, absolutely. And hopefully after the conference is over, we'll have time to do that. Because we have been living nothing but hope in the last few months. And that sounds nice. But, you know, hope is Hackers on Planet Earth. It's our biannual conference once every two years. It's a lot of work. It's also a lot of joy. We do enjoy it. But, wow, is it a lot of work. We are in the super anticipatory stage of planning and preparation. This is where everybody gets really excited because it's about to be here. And we're anticipating all kinds of things that we didn't anticipate before. Hope is taking place July 22nd through 24th at the Hotel Pennsylvania in New York City. And if you did not yet plan on making your way over here, if you're doing something boring like going to a Republican convention or a Democratic convention, well, you can still do that. If you go to the Republican convention and you don't get your head beaten in there, you can come to New York right afterwards on your way to Philadelphia to finish the job. We're the weekend right between the two conventions. So that will be a lot of fun. So, what, Bernie is back on a different kind of Skype now? Let's see. All right, Bernie. Yes. He sounds awesome. Hello, I'm on Skype out or maybe Skype in. You called me or Rob called me via Skype but using my phone number instead of my Skype account. Yes, but now you sound crappy. Oh, no. This is the Bernie we all know and love. Yes, the crappy-sounding Bernie you all know and love. He got that pretty quickly, though. Let's do the countdown again and see what the difference is. Okay. Here we go. Five, four, three, two, one. One. Much quicker. Much faster. All right, you know what? For the sake of conversation, let's keep this one. Yeah, I like this. Okay. Hey, we have special guests tonight. We don't want to bore them with our problems here at the radio station. We have two speakers at the upcoming Hope Conference. You may have remembered. I just talked about it a moment ago. Well, let's start with Night Owl. You're taking part in a bunch of talks. I believe they're all having to do with, dare I say, lockpicking? Yes, that's correct. And I'm actually just realizing in the last few days just how many talks I'm actually participating in. I am presenting, along with two of my colleagues, some original research regarding the compromise of the TSA-approved lock system. Those are the luggage keys, right? Yes, those are the luggage locks. Well, we're going to ask you to go into detail on that, but tell us about the other talks. In addition to that, there is a panel by Radio Statler on its history. That's one of my few non-lock-related activities there. Radio Statler being the radio station that is run at the conference. Yes, that's correct. It doesn't actually broadcast on a frequency because no commercial radio station, including this frequency here, will allow us to broadcast 24 hours a day over the weekend. But if you have a frequency, let us know, and we'll be happy to do that. Absolutely. I know we did very briefly last hope, that is at Hope X. We did actually get simulcast. Which was it, the last hope or Hope X? Hope X. You're confusing me. I know. It confuses me, too. But there we actually did get simulcast for a few of our programming blocks by a couple of local low-power radio stations, I believe. Pirates? That's great. Community, I believe. Oh, okay. It is technically feasible, too. Certainly the capability of interfacing and setting something up like that. And, you know, people anywhere in the world can also broadcast Radio Statler and the Hope conference proceedings because it's all pretty much online. That's right. Radio.hope.net will let you stream. And if you happen to have the capability to broadcast anywhere, that will get you where you want to go. Okay, so how did you second talk? TSA, Radio Statler, what else? Yes. There's also the Locksport Roadshow, which is a sort of audience show and tell. You bring up crazy, unusual locks that you might happen to have in your possession, and you present it to a panel of knowledgeable lock pickers. You have the option of specifying just describe and explain some of the history of that design. Or if you really want to throw people for a loop, you can actually allow them to attempt to pick it live on stage. Wow. That sounds like a lot of fun. You probably will come up with some real treasures that people bring in. People can just bring in locks that they have lying around the house. Yeah. And you guys will, if they allow you to pick them, I don't know why they wouldn't allow you to do that, but mostly describe. Have you ever been stumped as far as a particular lock? I have been. People come to tool meetings all the time with all manner of strange and unusual things, and sometimes it's, oh, yeah, I can give you a whole 30-minute rundown on the history and unique properties of this lock. And sometimes it's like, wow, that is super crazy. I've never seen anything remotely like this. Well, you might actually have that experience at home because I know there's another lock talk that you guys aren't a part of about Chinese locks. Yes. Actually, I happen to know the person who's speaking there. His name, he goes by Urban Hawk. Great guy, and he is doing a whole talk about interesting Chinese locks that you don't usually see in the American or European market. He's only 16, too. Yes, very young. He knows a lot about these locks, and that's something that hasn't been presented to audiences in this country before to that extent, I believe. Certainly I'm not aware of anyone who's ever done anything as extensive as what he is planning to bring to Hope. Cool. Is that all? No, no, there's more. How many talks can you possibly do? You'd be amazed, apparently. I'm amazed. There is also lockpicking on screen, which will be a bunch of lockpickers showing clips of lockpicking as portrayed on the silver and the small screen and discussing, well, sort of the cringe-inducing factors, much like any computer hacker watching the way it's portrayed. Things they miss, maybe things they exaggerate or they embellish that maybe aren't technically possible. At a minimum, yeah. There are some incredibly cringe-inducing things. Can you give us a hint as to one of those? One of the most common things is someone takes, let's see, one of the Mission Impossible movies, one of the more recent ones, in which a character tears a piece of wall trim, a bit of wood off the wall, and somehow manages to use that to pick the lock just by sort of jamming it in and wiggling it about. Wow. I had no idea it was that easy. That's pretty terrible. Night Owl, I have a question. Is this going to be like MST3K, but with scenes from movies and TV shows showing lockpicking? Now that you've mentioned it, we are going to try to incorporate some of that. We will definitely be bringing clips, and we will be mocking them as best we can. Well, is there a particular title that really earns a lot of denigration, or is there a title, conversely, that gets it right? There are a few titles that really, if I started to try to list off the ones that do it really badly, we would be here for the rest of the day, if not longer. CSI Cyber, just say that. Oh, yes. I don't know if they do lockpicking, but if they did, they get it wrong. I'm pretty sure they worked it in at some point. But there's a spy show on USA Network a number of years ago called Burn Notice that frequently did a pretty good job of it. There are a few other films whose titles unfortunately escaped me, which did a fairly good job. There's a title called Thief, the James Caan film, I believe it was, about a master cat burglar and safecracker that is generally considered to be a fairly good example. And you probably have examples that span the decades of both good and bad. Absolutely. There was some very early Donald Sutherland in there, I believe. Wow. Awesome. Anything else, or is that pretty much your speaking engagement commitment? Well, those are all the ones that I am more directly related in. But for anyone that attended Hope X and recalls the elevator talk done by Deviant Olof and Howard Payne. Not when they were stuck in the elevator and they were telling a lot of people how things worked. Right. That took a while, but that's not what we're talking about here. There was an actual lecture about elevators. Yes. This year they are doing sort of a sequel that they've titled This Key is Your Key, This Key is My Key, in which they will be discussing locks that are key to like, sometimes for convenience and sometimes because it is a very large system where the keys need to be standardized. Elevator keys, for instance, are a very good example of that. But that same type of situation where a single key will get you into that lock all across a city or all across a country or even sometimes all across a continent is actually common in a lot of other industries. Vending machines frequently have them. Paper towel dispensers. Heavy equipment. Very frequently. Big backhoes and that kind of stuff. There's very few keys, I think. There's a variety of locks, but very few. So if you have a key to one bulldozer, you pretty much have a key to all of them. Yeah, they're very similar, yeah. Certainly, generally anyone manufactured within about a decade by the same company. If I knew this when I was a kid, wow, my life would have turned out totally differently. Amazing. Well, that's a lot of material. And, you know, you're mentioning Devi Nolam, who is one of the main people at TOOL, the open organization of lockpickers. I was reading his bio that's now up on our HOPE website. He got involved in lockpicking through HOPE. I had no idea. I just assumed he was always involved in lockpicking. He was always a master of this kind of thing. No, it was at one of the conferences where he met the people at the lockpicking village and was inspired. So imagine, imagine what could happen at this next conference, what people might be awoken to. Absolutely. I mean, that's the whole thing. That's the whole thing. The U.S. branch of TOOL was founded at a HOPE conference when Deviant and— I didn't know that either. Yeah, it was founded. That was when they made the decision to create the organization. I'm so busy working on the conference, I have no idea of the significance of it, so I miss all of that. These are all things you're responsible for, Emanuel. You're responsible for organizations existing. You're responsible for, like, relationships happening, marriages, births. This honestly is something that we don't really appreciate and realize until HOPE occurs, and we're standing there, realizing this amazing thing that we've worked on has so much, as far as inspiration and motivation behind it. And then we're meeting thousands of people in the course of a few hours, and it all just blurs, and until the next time when we dimly remember it. Okay, well, we're going to get back to some of these talks in a little bit. I want to bring in John Huntington now as well, who's also giving what I think is a fascinating talk at the conference. He has given talks before, but this one in particular has to do with something that we're all kind of enamored of, and that's show networks. You want to tell us what show networks are? Oh, sure. So on most live shows today, from anything from a relatively small show to a concert, you know, the circus, whatever, almost all the control for that now is sent over standard Ethernet, standard switches, Cat5 cable, fiber optic, all that kind of stuff. And we've kind of followed the industrial control people in that world, and we use this in kind of an unusual way that most IT people aren't pulling their cables out of the mud after the circus or something like that. So we've kind of adapted these things, and we build very, you know, fast, not fast by sort of IT standards, but close off networks that are very sort of for dedicated purposes. So in the talk, I'm going to talk generally how that stuff goes. I actually wrote a book on that, which I gave away here as a promotion once a couple years ago. And also talk about the network we make every year for the Gravesend Inn, which is a haunted attraction we do at City Tech in downtown Brooklyn. And that entire, all the control, video, audio distribution is all on a managed Ethernet network. What is it that you think makes hackers drawn to the kind of thing you do? Well, I think it's interesting that even that we're sort of, you know, in minor ways sort of system integration hacking, but we're taking these things that were designed for office environments and putting them in on a live show environment. And that's one of the, I think it was the first talk I gave, which is four hopes ago now. It's hard to believe. It was actually called Hacking for an Audience, and we talked about sort of our whole culture in live show technology is, because it's a small business, you know, I often say that our entire market revenue is like less than GE or something, like all live shows are less than one company. So it's still a small market. We don't have a lot of like basic research. So we steal and adapt and use things from other industries, you know, all across the field from anything. And we do everything, carpentry, control systems, costumes, you know, all that stuff. So it's always sort of adapting things made for other worlds into our weird purposes. You could be building stages for us and all kinds of networks at the conference. I just thought of that now. Wow. Well, we actually, a bunch of my students work on the AV for us. That is very true. Yes. And they save our asses every time they do that because it's a lot of work. It requires a lot of attention to detail. And it was thanks to you guys that we were able to stream the last conference and archive it and get the camera work just right. Everybody pitches in. It's a tall order, but it's evolving as well. There's always like a new challenge or something we sort of best every time. But it always comes out really fantastic. And it's, I think, because of these technologies and the innovative and creative ways of using them in unintended ways that makes a show really spectacular. I definitely think hope is up there. Yes. I hope so. Anyway. Any other thoughts on the presentation? What are you going to be showing people? No. Actually, I'll give away a copy of my book, which I always do that. And I haven't actually written it yet, so I haven't thought it all the way through. But, yeah, I think that'll be the basic idea. Again, mostly I want to mention that one thing that we often do, we build these small networks that when I went to some training for a network manufacturer, I asked them what their definition of a small network was. And they said less than 100 routers. And most of our shows have zero routers on them. They're not connected to anything on purpose. So we often think about all the security issues and everything. Often in low-tech ways, physical security, just securing things. Like if somebody comes in, the graves in and plugs their laptop in, one of our people is going to say, hey, what are you doing? Which is obviously very important for a security practice. So I'll touch a little bit on that kind of stuff as well. Yeah. I'd be curious to know what kinds of vulnerabilities exist in people who don't do it right. What could happen? For instance, I'm thinking like Donald Trump, for instance. He's been known to give some live shows. And I'd be very interested. Maybe I shouldn't be talking about this on the air, but maybe I should be. Ways of disrupting those. Ways of intercepting them, perhaps. And he even bad-mouthed one of the sound engineers from the lectern on one of his rallies earlier. Oh, well, that's it then. It's on. I mean, if you do something like that, all bets are off. And he's also known for not paying the sound companies. Really? Yeah. Tell us more. Tell us more. Well, I don't know the exact details, but my friends who own sound companies in New York have said that they won't deal with him. So he has a reputation for that. And if you complain too much, they just get the lawyers out. Wow. Well, you specialize in haunted attractions, and I suspect he himself may be one. Yeah, that's right. If we had time, we might add a Donald Trump attraction. Wow. That would be scary for the kids. Bernie, you had something? Yeah. Hi, John. This is Bernie in Philly. Hey, how are you? Pretty good, man. Are you aware of any live shows that have been successfully hacked live? Oh, I don't know. Maybe 15 years ago, Sister Sledge was performing here in Philadelphia at Penn's Landing by the river. And I brought along a frequency counter and a scanner and a frequency agile two-way radio and discovered the wireless mic frequencies they were using. And one of the singers, I decided to transmit and sing along a bit. And it came out of a PA system. And I only did it for a few seconds. Sister Sledge? Really, Bernie? You mess with Sister Sledge? Sure. I'm not the only person who's ever done that. Well, you're the only person who admitted to it on the radio. That's right. Wow. I just like the thought that Bernie's a backup vocalist somehow. That's right. For Sister Sledge. That's pretty awesome. For Sister Sledge's attorneys who now will be contacting us, othat2600.com is our email address. We'll forward you Bernie's details. But, yeah, I think we're – I unfortunately don't know any firsthand experiences of that. Usually we're more terrified of equipment failure than sort of active attacks. But it's certainly possible. It seems like you have a lot of harsh environments and the buildup being very quick. That is reminiscent of a lot of what we do with Hope, a very quick production cycle building up and tearing down. And I think an aspect of the work you do is actually very – it comes a lot from the hacker perspective of if you can secure that, you can secure something else. You can secure something similar or apply some of the same principles in what you do to other work and learn from it and expand and basically be an all-around better computer security person. It's all related. It's all related. And if you're good at one particular job, you'll be good at other kinds as well. Yeah, we do spend a lot of time in general because of the old, you know, the show must go on adage. We're always figuring out a way that – we're just assuming everything is going to break, go wrong at some point. So we always are figuring out what do we do if you do that. I think – I can't remember the French term for it, but I know Cirque du Soleil has like their default mode when the power goes out. They just send the jugglers out and they have a French term for that. Je ne sais quoi. That's – yes. Right? The spectacle. That gets me out of everything over there. That's great. Well, John, looking forward to that talk and it will be fascinating. I'm just looking forward to the whole experience because it kind of reminds me of a lot of the things, as Kyle was saying, that we do as well. And our AV team is amazing what they're able to put together and pull off in the course of just a few short days. So I'm already in awe of what they're going to do and what we're all going to do together. We have over 100 speakers – actually 150 speakers. More speakers, I think, Bernie, than we've ever had before. Wow. A new record. I believe so. And a lot of talks – you know, there's a lot of workshops too. We're just getting around to posting details about workshops. Those are taking place on the sixth floor of the hotel and throughout other parts of the hotel as well. Most of the talks are taking place on the 18th floor. All kinds of other activities are taking place on the first and second floors. But some of these workshops are really pretty amazing. I read you some titles. We don't have time to go through them all, unfortunately, and they will be up on the net pretty soon. Getting Started with Encrypted Communications – Ways to Encrypt Your Email, Chat, but Not Sure How to Get Started. This workshop will show you how. There's all kinds – as we mentioned, lockpicking workshops are happening. There's a workshop on Let's Encrypt by EFF, the certification authority that they have started up in the last year. 3D Meddling with Fusion 360 – How to Fight an Internet Shutdown. A couple of workshops on the Freedom of Information Act. And, Bernie, I believe there's amateur radio license exams again. Yes, Sunday morning. There will actually be a workshop, like a cram session, on how to study for the amateur radio or ham radio exam, which will be administered Sunday morning. We've had everyone from people that have never had any experience with ham radio pass that. At HOPEx, we had one of the building engineers at the HOPE conference, a Polish gentleman. I forget his name, but I talked him into taking the course. He was an electrical engineer, never heard of ham radio, and he passed. He was thrilled. We have a friend on our side. There's also going to be a crypto party at the 11th HOPE, isn't there? What is a crypto party? Well, a crypto party is a party where everybody gets together and meets people face-to-face who you know, or other people can say, I know who this person is. It's verified people. And you can exchange encryption keys in person instead of doing it online, which could be subject to impersonation, man-in-the-middle thing. So it's person-to-person in real life. You can decide if you trust someone right there on the spot. Yes. Or there will probably be people there that can vet people for you. Like, I know that this is this person who says they, I know this person is who they say they are. And if you trust that person who says that to you, then you can trust them. Yeah, but what if they've taken the face of another? I'm sorry? What if they've taken the face? Don't you watch Game of Thrones? If they took the face of another, then you don't know it's really them. See, I don't know about that. Maybe they'll be wearing this. Yeah, you need to study this. What if you don't know who you are? There you go. That's my problem a lot of the time. If you don't know who you are, then you may find yourself at HOPE. But not only will there be a crypto party, but there will be a talk on crypto parties, an intro to the concept. That's right. And following that talk, there will be the crypto party workshop. So after you learn about what a crypto party actually is and the details and why it's important, you can get nice and enthused and then go to the workshop, which will be the crypto party, and learn more about what it's all about. The point is there are so many things you could wind up doing, so many different things you can visit at the conference that you will never be bored unless you choose to be bored. And there's always going to be something happening. We have four different tracks of speakers. We've got workshops going, and we've got all the activities on the second floor. And plus, you know, you're in the middle of New York City, too, right across the street from Penn Station. It's always entertaining. So all the details are at hope.net. We're going to post more as the days go by. Yeah. And there are other workshops that have to do with talks. So after you've seen the talk, you can go join enthusiasts in the workshop area and do the thing. We have a talk, Spy Hard with a Vengeance, that's about anti-surveillance technology. And following that, there is a workshop, Anti-Surveillance and Privacy Policy, with an extended Q&A and, you know, some more stuff to do. There's, oh, I love the name of this one, Violent Python. What's that all about? Is that about angry snakes? No. Oh, okay. If we're bringing snakes into the hotel, you have to tell me first because I'm not saying you can't. It's even better than angry snakes. You just have to tell me. It's how to make custom hacking tools in Python, even if you've never programmed before. You'll create tools and hack into test systems. So that's really cool. Okay. I'm excited about that. Arduino for total newbies. Arduino is a wonderful subject to get involved in, a great intro to so much to do with hardware and software. There will be a great workshop on that. Did you remember Mitch Altman's soldering workshop? Mitch Altman. Somehow it goes around the clock. Yeah. Mitch Altman himself goes around the clock. And I don't know how he does it. I don't know how he's done it at so many hopes. But he is the guy to learn to solder from. I was soldering for years, and then I took his course, and I was suddenly much, much better at soldering because he's just such a great teacher and has so much to share because he's Mitch Altman. Rob now always carries a soldering iron. Yeah. It's in my pocket right now. It's odd. It makes for some tense situations with the police. But it's something that you should be proud of. If you learn how to solder, and you will, I hope, if you step into that particular area, it's something you'll carry with you for the rest of your life. Yes, indeed. Anything else? Well, it's not over yet. We're still making modifications and tweaking things, and we still would like people to be involved. I don't know if there's room for more vendors. I know we've gotten a lot of vendors, but you can email vendors at hope.net and ask. I'm not sure if there are any more slots available. I do know we need volunteers. More volunteers are always welcome, so volunteers at hope.net. That's actually a really good way to get involved and to meet people. So if you have extra time, if there's a day when there really aren't that many talks that you're really hellbent on seeing in person, check out the volunteer and info desk people. They will totally put you to work, and you'll make some friends. And just so you know, don't consider it a job. It's basically fun. It's what we all do, and it's the best way, as Kyle said, to experience the conference. You'll work for as much as you can, and if you want to see a talk, you'll see that talk. And come back when you're free and help out with something, one thing or another. Meet a lot of people. Learn a lot of things. Learn some skills. You've had some networking people I know that have cut their teeth at networking at Hope. Yeah, we have a lot of recurring volunteers coming back. People that volunteered for the first time and they wanted to come back and participate and help make our network more exceptional or outstanding than it was the first time when they got involved. And this year we have an 11 gigabit network, I understand. Yeah, we're going to take the network to 11, I think. Taking it to 11. That's awesome. And talking of volunteering, if you are in the area and able to come down on Thursday before the conference, we'll be setting up things, and that's a time when we could really use volunteers. And so if you can show up then, you will be pointed in a direction and sent somewhere where you can be of great help to us. Also, after the conference, immediately following, if you can help us break things down. Yeah, we're there pretty much the whole week beforehand and most of the week afterwards. So by all means, stick around. Don't get that plane ticket home on Sunday. Stick around for a day or two. There's plenty to do, plenty to see. We'll also have our refreshments, the signature Club Mate drink will be at the conference. That will be there. Okay. And we'll also be bringing the hammocks back and Segways, which are really popular on the mezzanine level. Hammocks. So basically, you want to describe what the hammocks are all about? Well, I mean, we talked about volunteering. If you work maybe a couple shifts and you're, say, ready to kind of take a nap or something, or you're up late and you want to work on your computer around other people in the second floor, you could maybe pull up a hammock. And we have these portable hammocks. And this is also something that we actually need help putting together, assembling all of the hammocks. But they're really fun because you can basically just lounge around and be a part of everybody stirring around and looking at the vending and other exhibits. Interesting etymology to that. As many things have been, this was inspired by European conferences, the outdoor conferences, where you actually would be sitting on a hammock outside. We thought, hey, you know, we're not outside, we're inside, but why not have the hammock anyway? And I know Rup and the folks over in the Netherlands helped us organize that the first time. And it was a big hit. Hammocks just hanging out in this massive area inside the hotel. And it's one of our traditions. Another tradition, actually, that came from overseas, we were talking about the lockpicking village. That actually came from overseas as well because the hacker camps, both in Germany and in the Netherlands, would have a series of villages. Every village would be something unique. The Italian embassy was a village. Lockpickers had their own village. And it was just basically a bunch of tents where people would build structures and have audiences with various people. And you'd come around and you'd learn. And we thought, yeah, we're inside, but why not still have the village concept? And I didn't really realize this. Did we start that whole thing with a lockpicking village? Was that at HOPE or was that something that came about independently? I'm not really sure. So lockpick villages had existed at some of the European camps previously run by TOOL. But as far as I know, HOPE was the first time any event in the United States had something remotely similar to that. Because now they're at all the conferences. There's a lockpicking village at Maker Faire. There is. I absolutely love that about our whole hacker community is that there's just this great atmosphere of finding cool things that happen at other events, other scenes. And adding them to what we do, adapting them in various ways, adding what's uniquely our own. And just this whole concept of sharing and just improving upon what we do. And that's the sort of thing that leads to, I think, every HOPE that I've been to, certainly, and I've been going since 2000, has been better than the previous one. And this one looks like the best one yet. You've been going since 2000? I've been going since 2000. What was it called in 2000? It was called HOPE 2K or H2K. No, it was not. H2K. That's right. I'm sorry. I just come down hard on people who change the name a little bit. Don't call it HOPE 11. It's not called HOPE 11. It's the 11th HOPE. I apologize. Stop hitting me. Plenty of time to study now, a couple of weeks. Now, let's get back to the TSA because you piqued my interest there. This whole key thing that they have that was compromised, what's the story? So, basically, what happens is there are two companies, TravelSentry and SafeSkies, that come up with standards and design master keys. TravelSentry licenses these designs to basically anyone who wants to manufacture these locks. So, it can be everyone from the big names, Master Lock or Sergeant Greenleaf, although they thankfully have not stooped that low, to some no-name white goods manufacturer. And as long as the lock functions with that master key, it is considered TSA-approved, and they can slap the logo on it. So, the thing is that the TSA is not terribly good at keeping things actually secret. Frequently, they need a bit of a PR bump, so they'll let a travel journalist come back behind the scenes and write up a piece, and they love showing off all their cool toys. And normally, you know, just seeing the outside of an x-ray machine or something like that isn't going to tell you a lot about how it works. But if someone holds out a handful of keys and gives you a nice, clear shot of it, that can tell someone who knows much about locks a lot about that lock, and it gives them the ability to make their own copies fairly easily. So, okay, you know, I've heard about this. I've heard about the New York Post or somebody printing a picture of a key, like, for instance, the master key to the transit system or something like that, and that's all it takes. If someone has an image of that key, they can use a MakerBot or something to make their own key. Is it really that simple? Pretty much, yeah. It's really just about that simple. Actually, a few years ago at, I believe it was Hope No. 9, there was, in fact, a panel presented by some of the European tool members specifically on copying keys from photos. So if, say, you know, by just random thought here, if Donald Trump, say, were to be walking down the street and there's a picture of him holding his keys, and we were able to get a good copy of that picture, we'd be able to make his keys? Absolutely. Theoretically. Generally in under about 15 minutes with someone who's skilled. Well, it's no hurry, you know, let's take our time and get it right. Well. We only have one shot at this. No, sure, sure. But, wow. So, okay, what do you recommend then? People not show keys anywhere. Absolutely, no. Because you could be showing your keys and someone could be taking a picture and you don't know it. Right. People have even done machine vision research where they show a pair of keys left out on a picnic table across the street and about 20 floors down. And they are able to take a picture, clean it up a little bit on their computer, and they were able to successfully copy those keys from that picture. So to break the issue down a little bit more clearly, the TSA master keys, which we mentioned, those have basically been duplicated successfully. Have all of them or just most of them? All of the keys that meet the travel century standards have. Right. Safe skies was the one exception. And our plan is that we will actually be releasing that key at Hope. And so once one of these keys is released, it's available for anybody to 3D print or copy or whatnot. So if you have basically one of these locks that's TSA approved with that little logo on it, basically the world at large has a copy of the key to your luggage. Pretty much, yes. So basically we're giving this key to ISIS. All right. That's what we're going to be accused of. What can ISIS do with this key once we give it to them? They still have to get into TSA's back room to access all the luggage, but can they just have a fun time opening up things at random in various other places? Well, I mean, the baggage screeners and TSA agents already have plenty of fun doing that. There's plenty of documented occasions when they have had huge theft rings in airports. I've often wondered about the imaging of keys going through an X-ray scanner. I mean, how hard would it be to get a good picture of, say, my car keys or my bag if you're, say, an authoritarian government and you wanted to collect everybody's keys and associate it with a passenger? Absolutely. I mean, with digital X-ray machines, what would be stopping you from capturing a silhouette? In an X-ray machine, it's going to remove everything that isn't metal, and you'd probably get a very nice picture. In that scenario, unless there was some sort of X-ray opaque material surrounding the keys. Right, right. Or a bunch of them in such a way that it's hard to make out which one's which. Yeah. I mean, if you confuse the image enough, in theory, it won't. Or how about this? How about you have something, a little attachment to your key that looks like more of a key but is actually a dummy part of the key so that anyone taking a picture of it will get the wrong information. And then when you use the key, you just take the key top off the key and then use the key as it's supposed to be used. It's never off unless you're using it. There actually have been a number of keying systems like that where you could actually disassemble the key and then reassemble it into different configurations. Wow. It sucks when you're trying to get into the house and it's raining, but it's more secure. Absolutely. So now, okay, so what do you advise people? Because it sounds like keys just aren't doing it anymore. If you could just take a picture of one and that's it. There are certain types of keys that are much more difficult to copy from images. Ah, okay. High security keys like Medeco are more difficult because they don't rely on cutting the key in only one dimension. They're going long ways and kind of depth on the inside of the key. It's the exact angle of the cut for Medeco, specifically. But there are also what are called dimple keys. If you're familiar with multi-lock, for instance. How hard is this key to duplicate? Let's see. Don't tell people too many specifics about that. This appears to be a Medeco, sorry, a multi-lock interactive key. The biggest hurdle to copying this key is the fact that the blank is rather difficult to acquire. And it does have some moving elements, which does complicate it. Now, a very skilled penetration tester or locksmith would likely be able to copy this and compromise whatever lock this happens to go to. We went to one locksmith and this was a quote. He said, no man can copy that key. Very dramatic. But I kind of doubted that that was actually that true. That is not 100% accurate, but it is not too far from the truth. Yeah, not around lower Manhattan. It's not possible to buy it from any corner stores. I know that. Just Emmanuel, should you be letting him take quite so many photos of your keys? Please give my keys back now. Just a moment. I'm almost done. Why did I do that for? Yes, Bernie. I just want to mention, about 20-some years ago when I was doing my free tour of federal prison systems by the U.S. government, I noticed that the really large warded padlock keys that federal correctional officers were carrying around in their belt, these keys are like five or six inches long. Big, gigantic, warded padlock keys, had a hinged cover, like a sheet metal sleeve that covered up all the key cuts. And I'm like, I asked somebody about that there who was kind of clever. Not one of the guards, but one of the prisoners who were usually more clever. Like, what's with these keys with the things? They said, well, the reason they did that, their prisoners did that, is that a few years ago prior to that, someone was able to take a piece of plexiglass and from memory, just observing a key that a federal correctional officer was carrying around on their belt, was able to make a functional duplicate out of a piece of plexiglass. So now they carry around keys, or at least from 20 years ago, they were carrying around keys that when they were hanging downward from the belt, you couldn't see the key cuts. There was like a sleeve that hinged over it. I just thought that was an interesting means of security. Absolutely. And in fact, that basic concept, I believe, was first instituted in England during the Victorian period, where essentially the same vulnerability existed. Prisoners observing the keys hanging from the guard's belt and figuring out how to make their own copies from whatever materials they happened to have lying around. Wow. This practice of covertly making duplicate keys from looking at them from afar has been around for more than a century. I'd guess it's been around for maybe slightly less time than keys themselves have been around. More or less. More or less. There's actually a fairly well-known, these days probably not as well-known, classic Western film, one of the many, many films using the title The Great Train Robbery, which involves a group of people stealing the keys to the cash box for the big heist that they're going to pull off, taking a mold of it in wax and making their own key very, very carefully. I'm still getting over that you're going to release a TSA key at Hope. That's going to be pretty awesome. That's going to get the media in there like nothing. But let me just ask, as far as electronic keys, are they perhaps more secure now? Because you can't really take a picture of those unless you capture somebody's, what they press on the keypad. So key systems that use some sort of electronic element where there is little to no mechanical element are certainly safer against me walking down the street and having to glance at your key ring hanging out of your pocket. But there are other vulnerabilities that would allow someone to snoop on the way that your key operates and copy it. Yeah, and also predictability too in ways that you might choose a password or a number combination or the amount of number combinations that you can use in the first place. For instance, simplex locks, very easy to break into those. Very much so. And they are still marketed as secure when they are not. It takes five minutes to get into any of those. It really is a problem, and it is one of the primary missions of Tool to try to spread an understanding of these vulnerabilities so that the consumer and the general public can make an educated decision about exactly what they are using to secure their property. Well, that leads into what I wanted to ask about public perception. When you say that you're part of a lockpicking organization, do most people that don't know what that is view you with suspicion? Less so recently, as we have become slightly better known, but we still get asked every time we appear, why are you teaching my kids to become criminals? Wow. That is the perpetual question. I've heard that question many times. That's a parent's job. They get really offended about that. Yeah. It's more you're teaching their kids to think. Exactly. And kids want to know, and kids are great at this too. Not for criminal purposes, but just being able to figure things out and trying things over and over again until it works. Exactly. And it's so good for them to succeed, to actually get somewhere and know that it matters. Absolutely. I have very fond memories of sitting at the lockpicking area at Hope and struggling with a lock that was difficult for me, but while some maybe 11, 12-year-old girl sitting next to me was breezing through it and the more difficult ones. Rather than make me all that jealous, it was just very heartening because that's the sort of thing that should be going on. And as anyone in physical security, computer security, any kind of security will tell you, knowing how something is bypassed or broken or defeated isn't just for the criminals. It's for the people who maybe don't want to become victims of same. Exactly. Understanding how something works is really what gives you the ability to choose what's right for you, to make an educated decision, and to make something better. If you don't understand how it works, you can't tinker with it and you can't try to improve it. I think you've just described a major chunk of the hacker spirit and what we're all about here. John, I know you work with students a lot. Do you think this resonates with them for the most part? Oh, absolutely. I can't remember the name of the conference, but the one that was four years ago, I sent over a student. I actually had an extra ticket and I sent him out. It's this kid who grew up in Far Rockaway, one of my students. I just sent him over to the conference to kind of work and help out. He said it changes his life just going to the conference. That was hope number nine. Okay. I just figured it out. I hear that a lot. It changes your life. Absolutely. It's an eye-opening experience. As far as students who aren't necessarily into it already, do you feel you have to battle a lot of misconceptions? Yeah. It's interesting, too. I think things that I've learned, I've been a subscriber to 2600 since the 80s sometime. I think that really informed my thinking a lot. Even in class, sometimes I'll talk about just general security issues or the idea that you're the product for Facebook or Google or whatever. I bring that up in class. It's kind of amazing because people are shocked at first and then they're like, you can see the light bulb go off. I think the hacker spirit, I think, is really amazing. I think just showing up at Hope certainly changed my life in that way just to be around it. The first time you go, it's so amazing. I can't recommend it enough. The other thing that I think we all hear a lot is that people say they could never understand all of this. The fact of the matter is none of us can understand all of it and everybody understands a little bit of it. You understand whatever it is you're meant to understand. You teach us. That goes for everybody. People who think they don't know anything about computers or phones know a lot more than they think they do. They really do. They offer insight into things that we might not have thought of. The quicker you can humble yourself to that realization, I think the more you're going to be open to learning yourself and realizing your own contributions and what you have to offer. A lot of people would love to know about the skills that you have. I just said we. There's this big collective group of people. It's not. It's a bunch of individuals. I'm an individual as the next person, and together you form a part of that we as well. The hacker community is really amazing in that it's inclusive and so diverse and always open to asking more questions and experimenting. It drives people in authority crazy because they never know what we're going to do next, but it really is a very healthy environment, I think, to be a part of. I really would say it's life-changing that way once you see it because even the lock-picking stuff I remember as a kid I had a book on locks. I'm not really great at it, but it's so fascinating just to learn how it works. Every year I mess around with it a little bit. I've learned so much from all that stuff. That's what happens. That's what's going to happen at Hope. We have over 150 scheduled instances of people deciding here's something I have to contribute, here's something I have to share, and the range of things is just incredible. That's not even taking into account the unscheduled track where if you don't have a scheduled talk, you can show up, just claim a block of time on the unscheduled track and present on anything, anything at all that strikes you that you want to stand up in front of a room full of people at Hope and speak about. In many ways, that unscheduled track is kind of like the pilots that get pitched to networks. Sometimes those talks are really, really popular, and they turn out being in the main track, the next Hope. Consider that as an experiment, something that you might want to give a try to, and you can schedule it at the conference. Absolutely. I know of a couple of instances of that happening where somebody maybe wasn't sure that they could speak at an event, had never maybe spoken publicly before, or wasn't sure about the subject matter. They tried it out at the unscheduled track. It ended up kicking ass, and they did it on a scheduled track the next time around. You may have heard a slight pause before. That was the pause where I'd usually say I'd like to go to the phones now and take some phone calls. Because we don't have any phones at the moment, we can't do that, unfortunately. What we can do is give out our email address, and people can write to us, othat2600.com, with your comments and questions and feedback of all sorts for what we're talking about tonight, what the show is all about, where's your damn premium, things like that. Various questions I know that people have on their minds. But there are so many things concerning the upcoming conference that we're focusing on. Again, if you want to be involved, we're still accepting volunteers, volunteers at hope.net. There's some openings for sponsors, I know, if you're interested in really contributing a lot to what we do. Sponsors at hope.net. Please. Time is running out. It's literally only a couple of days left. Yeah, we really need some help with that. We have a printed program, and it's got a deadline, and we have to get involved with that as well. Leaving anything out? The network team is getting their act together. Yeah, we're all set on a lot of fronts. It would just be very helpful if we had a couple more people that maybe wanted a little visibility, just to have a logo or some kind of representation. Please contact us, and I will get a hold of you. Yeah, maybe there's equipment that you might have access to or services that would be very useful to us. This 11-gig network, which is really pretty awesome, and there's all kinds of other things. Bernie, anything you can remember? What? About the network? About just the conference in general. Oh, there are thousands of facets to this amazing conference, but there's a lot of projects going on throughout the conference. You don't have to go to a particular talk or workshop. Along the Mezzanine area, there will be dozens of projects, people working on interesting things, and you can just sit in and work on it with them. I think this will be the first hacker conference on the East Coast where there will be an amateur radio repeater. People should bring their two-way UHF radios for the 70-centimeter band, and we'll have a big conference channel, basically, on a 70-centimeter repeater that we're going to put up on the roof. This is all part of this hugely diverse and unique culture and community that we have, and we are really excited. It is what you make it, so bring your A-game and make it something. Absolutely. Rob, you have something to say to the folks? 2,600 meetings all over the place this Friday. No, already? Already. First Friday of the month. Wow. The first Friday of the month is the first of the month this month. All right. OTH at 2600.com. We'll see you next week. Have a good night. What you need. There is no future. No future. No future. For you. I don't know why the Honorable Member for Liverpool was shouting. It's almost certainly balls. This is what he said. I am the antichrist. I am an anarchist. I know what I want. I know how to get it. I want to destroy the pacify because I want to be anarchy. God save the Queen. We mean it, man. There is no future. In England's dreams. God save the Queen. God save the Queen. There is no future. For you. My name is David Cameron. I'm a member of the Conservative Party. And we know we have the right ones. You are causing me a lot of problems. Where are they? I'd actually like to start by saying... Darling, you've got to let me know. Should I stay or should I go? Did you say that you are mine? I'll be here till the end of time. So you've got to let me know. Should I stay or should I go? It's always cheese, cheese, cheese. You're happy when I'm on my knees. You're happy when I'm on my knees. You're happy when I'm on my knees. One day is fine, the next is lack. So if you want me on your back. Well, come on and let me know. Should I stay or should I go? Should I stay or should I go? Should I stay or should I go? If I go, there will be trouble. If I stay, it will be double. Ah, so come on and let me know. This incision's bugging me. If you don't want me, set me free. Exactly who I'm supposed to be. Don't know which clothes even fit me. Darling, you've got to let me know. Should I stay or should I go? Look, it's not a multiple choice quiz question. Sorry, I couldn't resist that one. Now it's true, we've changed our image. But what happens? Expectations rise. And in politics, it's always about the next challenge. Right? Don't lose heart from that. Take heart from it. Today's technology is profoundly empowering. This Google generation has moved beyond the idea of 9 to 5. Download music, talk to their friends online. People today want power in their own hands. We can't let that happen. Straight. So it's up to you. Take my advice. Don't take it as your choice. The first rule of politics. There are no rules. You make your own life. In fact, in fact nothing. In the years to come, wherever I am, whatever I do, I'm with you. Wishing you well. I'm wanting you to win. You're the future now. So make the most of it. Right?