4 days ago •
As mentionned, I had a show on wednesday : some swiss CEO and technician wanted to see my prototype. This was a very informative moment, we had some great talk about the whole concept.
Now, I know people and corporations are very interested in it. I just had to do a small demonstration, under their own corporate network, to make the prototype speak by itself.
I see swiss people are very interested about the "physical security" features :
- on the actual prototype, SD-card could be removed (or even destroyed) to make the device useless in a few seconds
- the device software could be installed on the SD-card almost on-demand, from an encrypted image file
Although, I know the actual prototype is not enough. It is very nice for the client side, but corporations are also interested in the server side. They want the server side to provide 4x ethernet hub/switch, I'm actually thinking about this feature. I know the BPi-R1 open router could provide everything I need, but it's not released yet. I'm actually trying to get an engineering prototype, but I may have it in a month.
On the other hand, I'm now invited to HP Europe headquarters in Geneva to test it from their corporate network. This is again a great opportunity for some great talks about the concept. This show will take place after the september 28, as I still have a lot of work until the next contest vote...
So, since wednesday, and taking into account the discussions we had here with GeremyCondra, Dan and other people, I'm doing some big changes.
The project is now two devices :
- The first device is the actual prototype device.
People really want the touch interface, so I rebuilt the software from scratch, using notro Raspbian image. I removed every unnecessary parts from it and kept only what is needed for the device to work. There is no more Apache, PHP, MySQL, X desktop, camera, etc... I will post an installed components list for everyone to check. I may have some more to remove.
I'm also trying to move to Moebius OS, as it is a minimal Raspbian. However I would have to rebuild the touch display kernel for it, and time is missing... So while I'm working on it, the actual prototype is still Raspbian based : I need it to work for the shows.
- The second device is the router/server device.
It is still Raspberry Pi-B based, as I don't have the BPi-R1 device to build it yet. I also think it is a good idea to build it around a well known board. It will allow a lot of people to build it at home.
I tried Kali Linux and Moebius, but I think a specialized router distro would be the better choice. So, I'm actually building OpenWRT from scratch for this second device. I think It would also be easier to move to a different board.
However it still needs some kind of physical interface. I don't plan to use a touch display on it (although it would be nice), but I may use some I2C LCD display and a small keypad, as it doesn't require some big librairies.
I would like to know your opinions about these changes. What do you think about them ?
9 days ago •
Given the comments and reactions on the project blog article, I think it's time for a little explaination. I think there was some misunderstanding, maybe because of the name's project.
I don't mean to secure the whole world internet with this box. Many people are way smarter than me on this subject, and they are doing well most of the time. But I also know there is something to do from the end-user perspective.
For the last 15 years, I worked in many structures, always doing some computers repair / cleanup / hardening, etc. I had many (well, thousands, litterally) end users computers to work on, and also many small / moderate / big companies. During these many years, one thing became clear, from the end-user perspective : privacy is too difficult for individuals to really interest in. People computers are full of virus and malwares all the time, because it's just to difficult to not click on the last Facebook link. People use the same weak password everywhere, and continue to do so, just because it's too difficult to remember them all. And I could tell you many other stories. Companies are not different, really.
During these many years, when I work on people computers, often directly at their home, I take this time, while I'm repairing/cleaning their computer, to give them advices, tell them about privacy, what to do to harden it. Some listen, many don't. Sometimes, I could even teach them about some linux, and remove their old Windows XP for some fresh distro.
But, when I leave someone computer, it's meant to be secure, at least for a few hours (and then, they return on clicking on this stupid FB video...). Believe it or not, the last active virus I met on my own computers, was wormblast, many years ago. This one teached me many things.
Now that I own my own (still very new) little one-man company, I could do whatever I want. I don't have people above me to tell me how to do things anymore, when they just want to hide easy processes, because they think computer litterate people could hurt their business. A boss urged me to remove the tools that I often install and configure for customers (you see, a simple noscript plugin) because it would hurt his business. This is a silly practice, and this time is over (for me at least).
I may have not made myself clear enough. I don't meant this box could be use to add privacy to an already crippled endpoint. It's meant to help keep privacy on a already clean endpoint. Cleaning computers is my all day job (well until recently ^^), this part I could assume, and I think I'm known to do it well. But I know many people would be interested in a little standalone box to help them understand all this, while being easy to use. Installing TOR / VPN tunnel / HTTPS everywhere, configuring them well, and using them on the endpoint is not a solution for these people. They want to push a button to activate privacy, basically. If I could teach them how and why to use Keepass for example, this would be a win already. I don't blame them at all, this is not their job. This is mine.
From an other point of view, when customers see my device, they ask me what is it, they are interested in it. This could easily lead me to teach them some privacy concepts, from a fun perspective : "yes, I built it from scratch, and it does this". Wow factor is a great way to teach important stuff to people, nowadays.
Read more »
I agree with both the two guys that are discussing on the project blog article : there are things to change on my concept. There are many components to remove, this box should be almost barebone. The actual prototypes, I built them for me, from start. Because I needed this kind of tool in my everyday work. There's a LCD screen (and camera on the first HaD prototype) because I used my first Raspberry Pi as a learning tool, did many things with it, and had a lot of fun. Look at the very first prototype video, more than one year ago : it's just a very autonomous box, with 2 bicolors leds only (I posted a fun...
11 days ago •
Here is the new prototype. The box found a new home in the PiModules acrylic case.
The PiModules UPiS advanced battery board works very well, and I solved the overheat issue with a custom top plate, leaving enough room for heat to dissipate.
Unfortunately, the UPiS for Raspberry Pi B+ is not out yet, so I had to go back to the original Raspberry Pi B. The new UPiS may be released during this month, so hopefully the next prototype will be ready for the next contest stage.