Hacking Portugal and making it a global player in Software development

okay when ya oversaw I'm pinned down with scooped up Furcal super two years before possess that english purdue nahuseresh Premiere Pro cutting up as a single is emo pisum in that word english yashka voice let our English and Seth Wescott harmful to you a decision pretty master Isaac e to the consider a key elma my visa alternativa but optically particles year petaluma Malinga the the switch question winter to his ang ii pretend some so much sorry judge Cooper last letter so II and for the large amount of content i'm going to toe at you and the final thing is I I found myself today professionally in a very nice position because I have a big

mandate and I work for different companies but I've not unemployed on those companies so i can say exactly what I believe and that's exactly what I'm saying here this is a very team presentation because I have no agenda I'm literally presenting what I generally believe is the best solution for the problem and you see because some of these ideas sound very radical but given 2016 right and i'll leave in london right so i do have personal experience with 2016 I don't think we could say that you know anything is not possible and unprecedented change is something that it's really on the cards these days so let's stop with this right so by the way there's actually there's a

much bigger version of this online it's creative commons everything is there you can reach you there so on github you know it's kind of all available so there's actually a couple more more crazy ideas there which i didn't have time to put in so feel free to join me so so let's start with this right so what the view here is that I think we want to make Portugal a global player in software development right that's basically key we we want a situation where as technology becomes more important to our society we really want to make sure that we take it seriously and that Portugal becomes a big player in in that world right and I've you

application security as a very powerful in a blur of that situation an application you sits in a very very interesting way because application security tends to be there sometimes the only ones that really ask how things work what happens what the attack surface what really is going on the applications and everything is related so when you start with the application you go all the way either way to the microchip right because everything is related to what's going on on that particular website and these days everything is connected to the internet so in a way everything is connected to some kind of to do with application security and code right so I'm gonna provide a lot of parts a lot

of ideas a lot of stuff to actually make this and you know to make this first-class citizen so the first and this is probably the key core idea that I try to come up with all sorts of ways to represent a good path and I found this one because i think it's it fits all the political government you know companies educational things together so i think we need to make the portuguese network hostile to e secure code right so we're in a situation where we are allergic to basically the situation where somebody can just publish and put a secure code into a network right and I by my network I mean Portugal right and and you can actually do the same thing

for company so I company can decide to do the same thing this presentation is focus on the country but you know Microsoft could decide to do the same thing you know a lot of companies do a bit of this but it's nice when it's a global agenda also because Portugal has sovereignty over our network right although with part of European Union know better stuff there's lines this borders that we can actually control and it's time to bring the digital world into that so my view is that everything I'm saying here is fair game in Portugal and this might not like it fine but we can define our own rules right and so and this is to support by collaborative

columns of those comments comments there's a little slick and and and if you don't know that term it's a really great concept I'll spend a little bit but it's a very interesting way of working together in in a kind of way that makes a lot of sense so you need strong enforcement in a regulation you market pressure to make this work so the way you want to do is you want to attack vulnerable code so on this situation where vulnerable apps and appliances as soon as they plug to our network they should be hacked within minutes right some of the best security teams in a planet they hack internally you develop application in a company and if your app

is not to a certain level of security at some level resilience it will be attacked not by the attackers bye bye aunty and that's what you want right you want a situation where basically is hacked by the good guys oops sorry they hacked by the good guys which are basically trying to help it to fix it or by disabled it right and this is something that when I presented at the last conference here and I said let's hack portugal's to a shock now five years later with the ideas of the bug bounty and all that stuff DC starts to common sense right so we the mandate from government at least make it has to be important because you

have to have some kind of mandates for the kind of stuff and you also need to have a situation where you know in some way the manufactures give us this mandate because they publish insecure stuff though the way I look at it if you manufacture your publishing secure code so you are giving us permission to compromise it and to fix in to attack it right and and you can't need some insurance on this because we will brick some devices right so you can't support this a little bit buy some insurance now covered this is actually a very key important point right we have to make sure that the next generation of internet users including my kids right

and is that they don't have fear of the internet right so we have a situation where I don't want them to feel the internet I don't want them to fear to govern their actions because we do that with terrorism and you can see what created it right you have a complete irrational conversation about the real problems so we don't want the same thing to happen in security right we I don't want the first experience with these guys to be a hacked all a light bulb a website email accounts a car the door asking for some ransomware to be paid this is already not science fiction by the way right and he's only going to get

worse we don't want this world because this world will create a much bigger problems than we have now right so before I continue I think is a better important to give a good disclaimer of what i mean by hackers and by hacking right and basically the hackers are the good guys right the hacking created the internet it's basically a hack is to solve problems right this is what we were doing in the University of all car right we learn the internet by hacking to the Internet I blow up my mom's phone system because I was trying to plug the modems 280 was in two thousand four hundred bucks Lord electic was right but that's how you learn you improvise you

learn you hack right that's what right the press abused the term hacker right and I they should really be talking about things like malicious hackers cyberattacks cyber criminals because that's a much better term so the way I look at is that everything you do today on internet was created and dreamed by hackers in the past right so when I talk about hacking are talking about on this definition of hacking right and the other thing that's great about hackers do they have great values right you have a very strong ethical foundation based on sharing respect friendship trust more non-discrimination human compassion right this is not it will fluffy things right this is not oh this is nice to live in this world when

you're in a hacking community when you're in that community of sharing information this is what you do you know I don't care what color skin you have I don't care you know what you are where you are where you come from your history it doesn't matter what matter is that we share the same passion for the same problem right where we had the summit here in Portugal you had people from competing companies all working together to solve a common problem that's what you want right and that's what the hacking in a way brings in I think we need to bring that community to a country and to etc we want to inspire the next generation with these values

and it's important to have frames of reference the thing that I find sometimes you don't have sometimes in Portugal I said even companies not just Portugal it's sometimes you have professionals that don't have frames of reference they have not seen it working so it's very hard to visualize how you can do something when you never experience those things you have that with dev ops you have now we deploy me with coding you know you have management guys who never experienced a really powerful software development environment or very powerful secure environment that creates even faster code and even better code so you if you don't experience that you really cannot ask for it so we need to provide

alternative narratives to the current main stream of Lies non-expert experts and it's not experts welcome which is one something happy in York a little bit and entertainment which we just saw this week with a kind of you know global elections right this is the new reality that we have right so we need to create our future and you have to remember that the hackers that grow up creating distributing for example to attack the network and as part of example of the peak hacking service which I get into a second are the same ones that will find really powerful solution for Portugal for example why don't we have a distributed Peter Pedro network to combine fires in Portugal

right this is a great use to the use of technology we can create cryptocurrencies we can create all sorts of stuff but he's dad generation that would do it right the same generation I was hacking linux boxes right while we university campus right is the same generation us today solving fundamental problems so we need to make sure that this new generation knows whether raspberry pi is knows what's inside knows how to build one there's a factoring portrait you can build that stuff right this is what we want right you want to be different and just because ninety nine percent of the world doesn't do something doesn't mean you should do it I lost count how many times

people tell me that I'm the only one guy who wants to do this or it's only you Dennis and now it's never going to work and then eventually things change right so so again it's important to do it right and remember that most of the things you value today we're actually illegal any moral sometime in the past so it's very important to remember that when we take some sex a bit weird today a lot of the stuff we take for granted would actually really problematic and controversial in the past so attack in Portugal you know actually I want to spend our time on this because I don't wanna spend time on the problem if you

don't if you don't believe this is a problem then you know it's a different discussion just basically some interesting numbers that managed to get on you guys I last a million point five records on databases dollar companies leaked etc this is quite interesting these guys I these guys here anybody from here this guy's these actually is awesome actually I have to say this is actually brilliant right it's be nice to even go another level and by the way you guys should have crazy funds from the Portuguese government others to do this right so it's one of those cases you probably are it or company this big and you should be that big right because this stuff right is absolutely critical

for what's coming next right if I could actually left parties to see you here okay i mentioned sensing a second so they found these cool attack vectors so these are you can blow up a country right like you know the idea that in our country safe it's totally crazy when you have stuff like this right the amount of damage you can do in a country if you decide to be malicious I can ask you right if you guys will really pissed off at Portugal how much damage could you do yeah but there you go right and it's crazy right is this this used to be funny five years ago it's not funny anymore right especially when government

agents and criminals are really stepping up and and again if you look at the jail political move of the world you know I think it's time for us to control our technology right so they go we know this is like basic stuff he's like hacking you know like it's 2000 right so and remote control see some scattered stuff things with an hour career text protocols you know and then of course the web apps I even worse right but if you guys don't cover that you should really be covering applications you have a mandate to hack everything that moves I'm sure you don't right and I'm sure that anybody tries to lost to last you you guys are screwed because you're not

that big right but if not I says yes can you sue Portugal because they gave me the mandate right that's the different mandate right so and again the latest do s are very interesting right because you have to remove that these denial of service are done against the biggest [ __ ] is in the planet and they are not surviving I'm involving a coming that we got hit by the crossfire right it's not we're not even the target but we just got hit just because we were sharing some of the networks and sharing Akamai and share some of those guys we actually had we lost money because of these things and we're not even targeted and

if this guy's point out to us we had no chance right Oh to deal with this kind of stuff right so we got we have to remember right is that it doesn't take a lot of money to compromise a country or a company this is that shadow day but this is the cost of the zero day this is the worst case scenario to take to compromise a particular company right so to basically with this you know if I had one hundred thousand dollars to invest what would I do I'll buy a bunch of zero days right I'll buy compromised machines inside the Portuguese network i buy botnets to attack Portuguese companies right and basically how much money can I

make out of it if I could make a million pounds out of it it makes business sense because it's all about the money right that's why I need to think about if there is a million dollars to be made in a particular company somebody will be able to put a hundred grand into it to invest right the good news for Eddie's the attackers are making far too much money doing other stuff right but they grow it right but we get there and again what's the return on investment and who actually can survive this stuff and I my view is very little companies right specially important we will to survive this kind of stuff right so we already had actually a

massive market hack because I would argue that Portugal has already been victim to financial manipulations looking from the outside not some people on the financials that I know they were totally playing with Portugal right later I know some guys there their best fund returned investments where the Portuguese dead right in other words hey let's put a lot of money to purchase debt because we know those guys are never going to default and let's push the rates up because we know is going to be safe right you know the system is wrong this is hacking right but the financial markets right and we know and you guys live with the day-to-day consequences of this that was done to us

right so I'm basically they push it hard they make a lot of money that Benny was not going to default and he didn't write began and would continue to struggle right so that's a problem the other thing that is very very important when you look at from the tacky point of view just to end this is if they tell you about the attack right and I know it might be painful when it's a leak or your document whatever but when the attackers actually physically let you know that they did something right they are your best friends and you have to thank them because they will make you better from security point of view because the criminals will not tell you

the criminals business model is based on you not knowing that they there right so the reality is that once you know about the attack you're going to fix it the security team is going to get a much bigger budget right we're gonna be able to protect all these other things that we would love to do but nobody was paying attention now suddenly it's a massive priority right so ultimately every time there's a public attack the outcome is always tends to be net positive unless they are criminals unless they have malicious intent then is a complete different problem I kid that break into your network and dumps everything you should hire him right which is what we doing now when your way

with the bug bounties right on this so again the positive side effects of all that stuff is that you basically get better teams better stuff and that's what happens right so how secure is Portugal right how secures our infrastructure and companies and we are very digital company operations stuff and if you look at operate most of them run on software so portugal is already one of those countries that already runs on software probably has not realized that runs on software i challenge you to find one company in portugal if from the most traditional I don't think that exists in here right the action is not depend on software for their livelihood for their sales for their

management for their purchases for everything and if they do the efficacy is very low right so everything's on software right and the question how security how you know how can they sustain attack how can detect possible attacks and what's the probability of an attack happening in the short term so in a warehouse security right so how sec so the question is we are very safe and I was actually trying to find these word in Portuguese and I couldn't so maybe we can talk some you get in tell me and I couldn't find the difference in Portuguese between safe and secure in England the exists in Portuguese I could find it because it is smooth right in

both of them right so but heat we are we safe today yes we are safe right do I use the internet do I use my card am i comfortable knowing that in principle not going to be hat now by a criminal I'm pretty safe right and I know what the end the belly looks like right so if anybody should be paranoid should be me right but are we secure no we massively secure right because our current secure state right the fact that we are secure right so our Quinn security state depends on a very low number of attackers with view few skills and unsophisticated business models right and this is important to understand and this is Major cameras in the planet

right it's not just Portuguese companies but do I think here we we're going to be caught by the crossfire right so the bottom line is that we know attacked because we are secure we're not attack because there's not enough attackers right but it's important to acknowledge this because there we can start to look at better solutions for that right so the emperor has no new clothes so Portuguese gay men ages are not secured to studio she want the headline there it is right and when we need to accept as a fax for what's coming next to look likes radical right so um there's an also very important there's no silver bullets or is it solutions there's a lot of people

want to sell big lovely buttons and big stuff that doesn't exist right what we have is all the evolution right is about me know we we need to figure out all these paths to go through so the logic is presentation is to make portugal a player versus being a plate we want to be a sea your player on a table we want to control the game we need the finals of the game verse just being upon into whatever the game is being played right and um and if you prepare what's coming next special in terms of upset right and a response to terrorist shows how bad you these can do if when the problems occur you're not ready you don't have a

plan you don't have a turn 30 reality and society is not strong not being funny but the reaction to Sweden to the terrorist attack that happen there versus the reaction to some other countries it's a massive difference so you can see the value right of having a very strong society has thought about these things right think I'm wrong fine protective me wrong where is the evidence where is the cyber security market in Portugal which i believe is very very small right how many treadmills are credit per week how many secure lines of code are right basically I like to what is this phrase a lot the consecutive model is based on magic fairies pixie dust a schools like

quality right is somehow automatically become secure right that's not reality right the good news you have a lot of talent which I want to get it so again you save right and at the moment although we have insecure week right safe which is cool right but it also means we have a bit of time to deal with it step right so i just wanted for trackers so basically we have a couple more years so let's basically now look at the solutions for this thing right so and i also like this is for a point you the best security model and I call this same security model it's not a security model based on having no vulnerabilities

know any securities no a TI dependencies or no zero days that doesn't exist in the real world right the security model is based on the attacker making a mistake because all attackers make mistakes right even guys like the NSA or whoever created the Stuxnet right which is still not officially you know acknowledged they make mistakes they crashed one odd little box that was running on an odd you know antivirus and not unravel the whole thing right and that's your security model now the question is can you detect those do you understand your code you understand your applications you understand how everything works right that's why that is so critical and that's just you coulda model not for portable for any

company right that's what you want to do it right so where's our op SEC industry I don't think we have one really right issues very small all is actually I think the problem because I didn't have a lot of talents right and you could see this because you see every time you see an attack you see an object team right is literally you know it's one to one right so I know you dissing exists right in fact I know a lot about portuguese in UK i clearly exporting object Alan to be okay right actually work in London with a whole bunch of Portuguese guys right I'm not going anywhere i work at the moment because you know i want to get any

trouble right but you know there is a huge glass commuting portugal right there so we want to be proactive about this stuff right and he's actually very mature and again like we do you want to be like the heads of arabica on the crossfire or do you want to be actually proactive and praying industry that will be very powerful but it's very profitable so this is quite school what I'm defending here can actually really really powerful and productive and profitable for Portugal so gives us jobs gives all sorts of stuff and drive industry right and then we help you so here's the first idea right for you we should have the Portuguese hacking service right so this is like we had

this thing called the service obligatory right you guys probably remember some of these things right we need to do the same thing for hacking right need to have these service where 15 25 year olds go and freaking hack the country right everything has moved hack companies code review open-source curve view markets as interested to Portugal contribute to open source projects right this will be a spectacular learning opportunity right this would be a great use of talent of users create a new generation that understands those things right it doesn't cost any money it's just political right it's just a decision is just a direction right but this will gives us a lot of fuel a lot of new

things right I did also I like this because it's almost like if you can even stomach this idea then you know that's fine but this conversation will continue two years from now right because it's not even that radical right but if you'll radical because not a lot of people has done it before but it's easy we have the tradition right and we should do it right so I you know the military right so i buy this thing right I was look at the thing say at the moment we probably say that our cyber Mel defends as good as Portuguese military the problem is the attackers are sophisticated as the best out there so you have to imagine that again

portugal will be attacked by the equivalent of us and china right or france in terms of UK and here's my question why do we need two f-16s right so I went to the porch exam for us to try to figure out the thing and i found that we have a nice f16 fleet of stuff and all these jobs we have 2.1 billion turnover like why does portugal need an offensive force right can you guys tell me right one scenario right that f-16 will actually come into play right like literally give me a war scenario where we have somebody attacking portugal without freaking f-16s right we'll actually you know do any value right so i know i understand have a Civil Air

Force because we have fires border control but f-16s come on and by the way the way you fight these f-16s these days is you hacking to them right that's the way you defend yourself right so if I ven readies book go sleep I highly recommend because it shows how China theoretically took over the US because you know you kind of compromise the whole thing right so if you use ten percent of that budget right we can start a lot of things right and I'm so basically hit by the crossfire talk about this so as they skip out thing is so we should also have this Portugal hackathon link or we should organize hackathons right just like we did for

football is like you know we should bring our PT def sconce you you know PT hacking things to DEFCON it should be a source of pride right the same way that win-win we're on the football which was great right really cool we should be celebrating when our guys go to DEFCON it and become first or second over there right we should be a source of proud to actually have the best and most elite hackers because there is a connection to Portugal right there is a connection to your country and that's what you really want to be so this is the source of pride and then you know and they and it's also great way to learn right so a

great source of talent for example and this is again to be controversial is we should actually teach the convicted criminals how to hack right because there's a lot of people that end up in prison for all sorts of reasons right and brother them you would do the same thing if you had those circumstances right but there's a path today that we lose a lot of talents right to go into these guys you know they already kind of already created right because to be fair when you when you rob something on your criminal you actually get your head a bit different right so we just need to give those guys a little interesting path to use of their skills right so

give them a career strum the way to make money legally right because it's actually legal to do stuff teach them ethics and most criminals are you too bad choices so let's use that a great sort of talent is retired people again we lose them but not losing their experience and on the past there were the wise ones we now ignore them right and remember you'll be old soon so it's been nice if you can do this because by the time we get there we nicely we're respected and ideas were still valued vs. kicked out of society right and the engineers doctors programs teachers etc right so there's a lot of talent there right and remember they grow old not

because you're a jury because you stopped mentally field so the great thing in technology you can put everybody like this working together including the dog right and he doesn't matter right as long as you work together it's good right this is again a great vision for society right so why sports girls so good at football alright i think is a very much in question because we are one of the best in the world right we are literally pushing above your way so why is that right and i think one of the reasons is because everybody plays football because our kids play it all the time they love it so they're in the zone right because way

unit zone is when you learn right you in a way we go to school to learn how to learn we don't want school to freaky remember you know all the historic spots and memorize formulas and the stuff that we need at university right is ridiculously old there's more mats that are more complex and most of the stuff i program right never mind the stuff we had to do a university right so you know that's when you learn right and also is support my school activities there's a social rewards from community there's a support system to find that talent there's massive financial rewards right for that stuff right so that's why we're to do so let's do the same thing for

hacking right everybody can hack outside it was like okay good this everybody can hack the kid should be hacking all the time they will love it because in the zone we support activity chef like these like capture the school flag right like if you can't freaking it on the school network you should be celebrated right because you can change your grade it's great you get another ten percent right just for that that's cool because that's how you learn but you should be rewarded you should be seen as criminals doing that creates a generation of views hacking as bad we should be celebrating those stuff right and social rewards network to find them and of course its

massive reward system these days if you went to secure upset you know we have does a guy you know yes they'll circular we have zero percent unemployment rate right in up sec right no just you can't hire them right we are in fact if you guys are good at sec I have three comes in UK that will hire you today right you just need to know how to program be good upset guy and that's it right you know there is really a massive shorter so let's do the same thing for this so we have a great tradition of innovations right even things out maybe you don't realize things like multi-bank oh right prepaid mobile phones all the kind of stuff all

the way to these great little past we have a great tradition of being innovators right we this is a great success story I don't know how much you guys realize this but this is you know this was one of the case i read about poor in a very positive way this is portugal leading the way why because we had the balls to make a really good decision right to treat drugs as a public health problem not a criminal problem right and you can see it so this means that we are 10 times more clever than company in the world i declare war on world war on drugs right which clear doesn't work right I'm UK he doesn't

have a good track record right so Portugal is a leader right when we are able to make good decisions right so that's what we want to do we want to be a be a leader on application we're on the best in the world right there we are there's the Portugal dudes right there's our eighth in the world right just like football we want to be the best in the world in you know encoding in cyber security application security right that's what we want to be right and to be an attack we both give a brief history of providing this kind of stuff so basically you know the same way that would navigate the seas in the past

right well now you know she believes in the curve right if you compared to our you know forefathers in the 15th century I think we bit more scary when you thought that on the other side there was like you know all sorts of really dangerous and crazy stuff you even don't know if the earth was fall to the other side right so I think you know we are a bit more cozy right in our little problems today right so and that's the thing and also we have a great tradition of innovation and all this kind of stuff right so I think code made in portugal is very important we need to create all the supply change right that exists in

portugal and basically because they that's where you add value right and they create reality so basically they control our lives right so it's key for our economy and its key to action courage what is actually going on here right and we're living on this age of sustainability I know how much you guys following this kind of stuff but we're moving to all the factors are coming locally you know the whole dynamic of work is actually changing uber is a warm-up for the social and financial changes that are happening to our society the question is do we want to lead it or you want to again cross by the crossfire right just for the guys will develop stuff I have to put some

geek stuff on this so let's just do it if this is the kind of what i call secure activity security champions that's the mug right if you don't have a security champion your team get a mug right because that's its better de mug I stackoverflow ego review secure coding standards upset pipelines to release pipelines new threat models / apps feature and layer that's the kind of stuff you guys should be doing and again if you develop today not in any not take in terms of CI automation everything is code ten percent code coverage graphs containers version control a iCloud bah bah bah you already like writing legacy code right you like to slag off the

other project over there because the legacy guess what if you're not doing this you are your legacy in your own world right and and also if you're doing JavaScript for example and you're not using wallaby and you don't have real time code coverage you're really in the dark age and they have a couple of other presentations on that you guys interested I really strong advise you guys to take a look at it right and you can't code TDD until you have those things so I really like this public health analogy right so what this is is we need to choose the paradigm for OPSEC or cyber security that we want and the paradigm is either going to be based on

the military top-down control offensive or the public health defensive and distributed this is very important because this determines which point we good does in fact the US UK and other countries they are totally going the military way right again we could change that and there's a reason for example why you don't let the army involve in your country right because the army which is the military right in lot of ways is designed to defend against her enemies so any of everybody is a an attacker from an army point of view right which is why when the US Army went to defend Katrina was a horror show right because for them the guys on the other side are criminals right or

attackers right the police and civil forces focus on protect individuals that makes a big difference so we have a massive public health problem we should be thinking trading up sex you know specialists in a way we do nurses etc we already have an epidemic right and we need to gain immunity that's really what we want to do right and basically the decision can I skip of years will determine how well prepared doesn't mean that we won't have problems it is at least we are prepared right and that's what we need to think about in secure code is epidemic that's already amongst us privacy is very important is actually human right you will also be innocent

until proven guilty the USA NSA we define the notion of privacy which was really bad they went from this idea that when you know you look at something if you invading somebody's privacy to just it's only so when you when you capture information to when you look at it so what happens is they the reasoning is I can capture everything about any of us but it's only when they look at the data when you do a search or something that you actually become a potential invasion of privacy right which of course is totally crazy right just justifies that stuff so we need to change that right and there's a huge amount of companies that their entire business model depends

on us not having privacy which is a problem because influence a lot of decisions etc and governments are now actually actively making the internet less secure because they want to continue to access that stuff which is that big problem so you know it used to be they don't have to defend against criminals now you have to defend against even governments and other things that actually don't want you to fix problems right so crypto again is private is essential for this because privacy cessful human dignity is in a way cryptography is a public service right and he's critical to protect user data we really need to embrace his much better and do it right and also the

great tradition of not relying on security by obscurity because I think that's very important right so great crypto should be C on a good thing should not be sued right by some entity who says oh please don't make these devices so secure that I cannot break them right which again is wrong right so and whistleblowers very quickly we need disclosure to do this to talk about this stuff the market at the moment is really work right so whistle blows are actually very important right due to these kind of stuff and again if Portugal EU this unlikely we should suit you you know it's time for us to actually push some stuff and these can all comes down to

the way of sovereignty right we need to control stuff that happens in our country for exam which are very very powerful whistleblower laws that a lot of people to disclose what's going on in the software happens in here right because there isn't a important because they will make our market more efficient they will basically have the situation where they will keep the company's honest right and as a great thing that when things a secret like we have now nothing is a secret but so so this is very important for a concept and you need to protect them by law right and you also need to say that you know I like this idea that if you break a law but the

trans community disclose the materials are smaller than will disclose its ok right and yeah people don't like it but the companies didn't like you know stuff in the past that's okay the other on the other hand is when I say that you know we want total privacy for the individual we want no privacy for companies and governments right so and that's the game the game is opening the game is that what we want is to understand what's going on right so they public bodies they should actually be completely open and allowed technology allows this for that to occur right so let's learn from the music industry that I basically saw the users as their the problem is start

to basically sue everybody right so let's learn from those guys right because I didn't work very well and we lost a decade right so open source is actually the key for all this right and I'm a very firm believer open source but not as open source software is great but the model the values the work folder you get with open source right so the way I look at is that most of the ideas here if you don't do this within a very strong open source and creative commons way you will not work you're actually backfires you actually will create a commanding control system right which is kind of where we going now anyway right so open source I provide this Oh ask if

you guys know it's a great organization on the governance sort of stuff and and also get is a great part of this because it gives you some work clothes open source values again we talked about this they empower the staff these are all the stuff you do with open source and it's all positive right it's all great stuff doesn't mean it cuz perfect but it's a great model oppa so is expensive again you have to realize that we need company thats elephant source code what we don't want is to lock in and of course open source code is not free as in beer there's a cost right the difference is you pay a bit differently and you need

to pay for it right because it's a much broader model right we have a mark of melt lemons if you guys know the analogy from the cars in the past right where the crude economic model is really work does rework companies to create security issues so we actually need this so I think open source should be the lingua franca for all these stuff because it actually gives us you know the this workflow where you know we actually communicate using open source right so so this guy now now he comes a nice interesting more radical ideas right we should every code that's written in paper government agents should be released an open-source license there is no reason why sense that we pay as a tax

payers actually released and the proprietary stuff right should all be open source old documents critter gavish be creative commons right company's fortunes come should actually publish that codes and license and the create stuff and actually should pay for open source which actually takes the financial model to understand that right that that will create a massive difference i will create handles or towns of companies just supporting apple sauce in portugal right now this is quite interesting right because we can actually take this other way and i was thinking how do you see this well look you can create a fun right you can create a venture capital fund in portugal that buys the portuguese companies that create software oops and

and basically an open source their code right that's totally possible it's exists right it's not a problem at all right you just do that then they can use that money to actually figure out how to do it right so they rotated cetera but this will this will have a massive bottom-line impact on portuguese economy because you have all these software luton in portuguese that's not freely available without being locked in by the vendors right so so so the government has a big responsibility in this right and and basically and the vision apply this and there's this thing about commons which I don't have time to go into but you guys should really definite spoil it right and basically the role of

the government is basically to to be not commanding control benign force right and the key thing is cody's law right so software is made of codes and celt controls Portugal's so Portugal controls every love the stuff that we use so let's take context take back control right so who controls the world well it's dominated by these guys right finance technology networks can flex your property we are not any players there so what we need to do is need to change the rules of the game right when you a player that is fighting or playing a game that is not in your favor then the best way is not to be better than those guys at that game the best ways to

change the rules of the game right which we can do because we have 70 right so if you move to open source files and activities then we be able to do this kind of stuff so the government's can make a difference because the existing service so you know we should be requesting those guy to do this and basically are two degrees of separation away from people that can actually do these things right I also don't believe on big changes I believe on interactive and exponential ality changes so you start small you build build build build just like we build software now right so again anybody who sells a big expensive solution is telling a scam right it's small changes

start small deploy learn it make changes go back to step 2 repeat right that's how you build society that's how you make changes in fact on the country and and anything so we should have a ministry of code right we should have a ministry in Portugal that cares about software right they they everything is code so basically you know it's manners at high levels within the government we have to have a Portuguese CTO and a sea so we should have things like code for Portugal which is based on Code for America which is a really cool idea grassroots they should manage the Portuguese hacking servers they will commit to only by Commission in these applications that have released their

code open sores they have the schemas and our restricted licenses right that's what we want right we also it on then they manage the bug band stuff which we could have the clean software act right and basically this is basically one like the clean air act that we had in the past that says now we're going to have code quality built in is a requirement right we did we done this for pollution we can do the same thing for code right and and again there's a great face that says it's difficult to get a man to understand something where their salary depends and then understanding it so yes there's a lot of people who don't like

these ideas but you know they'll adapt right so that's not problem right we should have the software testing institute right and this is not stuff that Portugal defer itself we can sell this these are billion-dollar markets that exist today that we should be key players on it right we should have basically measure or visualize the side effects of code we need to focus on quality services right we can adopt testing has a way to leapfrog these things right that's easy to allow us to measure this and allowed to create an insurance world which is where you're going next maybe you have a cipher code right and I know as I has a really really by reputation Portugal is also a

warning sign right because when regulation lose the plot which is what we had in Portugal right you you know we need to learn it right you know as I had a massive loss of common sense right yes they're secure and there's things they've been doing for tradition generations that maybe it's okay to keep doing it like that right but that's what happens when you get too much regulation does understand on the bottom line which is to make empowerment good behavior common sense right that's what we want right so I know we need a Portugal wide bug bounty where everything is hackable right and you get paid for it right and there's bug bounties everywhere the pending has the

bug bounty where is it I just try to find a bug bounty for Portuguese company I couldn't find one I'm probably there is one but they're not really that well known that just shows you right and again you crowdsource a solution and leave it like that insurance it's a massive industry right this is one of the keys to upset because insurance wants data we could be creating that data our Institute of quality institute of software testing they generate data the insurance guys will consume and then as long as we publish all these things the model actually will work quite nicely right and then come easily side to running secure code that's fine then the insurance is a good metrics the

matter right so that's quite good right now do the nuclear bomb here is we can also nationalize code right you know I'm basically you know sir companies critical for Portugal and they don't want to disclose the code guess what if they want operating Portugal we can nationalize it right yes it's the nuclear option but it should be on the table right we cannot have black magic right running in our stuff right everything right our data it has to be everything basically I look at everything that touches Portuguese data and Portuguese networks and Portuguese lives has to be public p reviewable compile of about independent sources right and and signs and basically this is not just websites but I OT devices

network devices microchips for everything right this is what we want to do right and it's important to understand that that's a red line that sometimes we cross for certain companies because the stick that the stakes of the game I got high again European unity is great I'm a strong believer in Europe I love Europe right but Europe needs a reset right at the moment I think again Portugal has a good experience of that right and we should have to beg to Europe to fund these stuff right I want either to sponsor this to be involved because they want to because porch was the best place in the world to do this kind of stuff we want to be positive not

like oh you know just draw me some bones here right because that is a scale right I need not in the power position to negotiate which what you really want right so that's what Europe you should be about collaborative Commons global village right this is the kind of stuff that we really want from to see right so we can even create new currency all right hey you know people come play by the arrows say sucks is bad for so near right there's nothing wrong with not now we don't have the generation but you know give a couple of years with blockchain technology I don't shoot you guys involving that it's really powerful right you can explore all these business

models right this is reality right of course you make your honey percent compatible here and then you know and that could be created by make sure make some hackers right there you go so why does right so you might think why Portugal why do you do this easy Portugal because ironically is actually easy here right like the drug stuff it's easier to do this in smaller country because there's less agendas there's big lobbies you'll be ignored for a while which is great because you can actually make you work right generate momentum we have the power it's right on our hands right so this is not you don't have to ask permission you guys already know

people that can make this happen right and by the way this is what i can say look I would love to live in Portugal I would love to come back to Portugal and fortunately i don't but this is a world I want to live in right but actually you also need to fight for these things right there you go so we need to raise the bar discussion is very dangerous the moment the debate we have now and we have a very strong sense of ethics engineering a bill to solve problems and we learned the hard way was to be the junior player right so there you go where you hit the rock bottom right so

hey the only ways up so you might as well do this race so we have some big questions there's no perfect solutions on this right not all my ideas are perfect right but at least i think they step in right direction right and again i found this thing what's portugal it says we are great at graduating from high school all right that's quite call rides better than quark actually try to be like something like core cousins like that right what per se is not the right but at least right we can do better right it should be craftsmanship software cybersecurity secure coding right that's what you want to see there right we want to be the best at that

stuff right so it's our turn to fight for these things enough our parents for fasting races and pension or my rights all that stuff rock and roll right including that kind of things right it's our turn to do this to balance the power is felt to be we adjust these things and basically if the power is on who controls a network it's time to change that okay so we have and also another little thing is we should export engineers to form them there's a whole bunch of slides are you putting here for education you can see on the website I think that's key we should be creating this whole generations of professionals and then send them to the world because

they bring Portugal with them in their hearts while you don't you can't experience how amazing it was to be in England português win the World Cup so the European Cup right it's amazing you know the parties that they were there they were fantastic right it's really nice nobody really you know little leaves Portugal right so there are ambassadors their clients they connect to Portugal and they're an asset to us right so so again and they'll come back one day and share what they've learned they bring ideas they bring stuff so again this is very key right so our duty to protect the internet the Internet is one of the biggest right assets it gives to

humanity the first generation made it free and open right under the success of the internet is actually a testament to those decisions now at the time for our generation to do the same thing we need to realign the internet or else the internet for our kids is going to be very different it's going to be commanding control it's not going to be open it's not only free and it's going to be a much poorer in the lot of ways society right so so he's the final concept right so what's the future for Portugal I'll be a garden for Europe right are we a small pond on a global force our control the world or I'm going

to work with all other person portuguese-speaking countries and are going to be a powerhouse that aspires and leads the world in technology okay so let's sail the codes right and let's use code to create generation of work ethics that's great new reality so the same way that we want navigated right to see we should now do the same thing for digital code right and that's it thank you

and I think we have five minutes don't know any questions are you ready no see I have the independence see if I was I couldn't say these stuff sorry now look I do a look at is that I think this is one of those things where you see I do that's wrong right see it's wrong to think that you need to be in power to do these things right I think that's very important is that the idea that only if you in a position of power you can actually do things it's very wrong because what happens is the current model and you've seen recently is so screwed that by the time you get to power you lost so many values you lost

so many ideas that you then have the power we don't know what to do with it right and I found these in companies right I found out the best place to be the company is not at the top is that the place where you respect it is that the place where your opinion counts but you have the independence to say this is what I want to do right so I cool any other comments questions I think you should delete the way the way you drive change is you believe on it and you act on it rather the others will do right and and you find that the sphere of your influence is way bigger then you believe

so it's I think those great concept i said it's like waiting for superman right same thing if you wait for somebody else to make a decision all you're doing is delegating a responsibility he's saying oh well i can do because that guy didn't approve it well dag i didn't get it right so that's why it's wrong to do big changes so the way you do big change the society is exponentially if you look at gift as a technology he grew exponentially not because linna's could have done this and he has enough power and said I've developed his best you know thing source control in the world everybody should use it he said hey I use this those

things suck this is great if you guys like it you should use it right and he developed her that work for him so I think it's again is a mistake to think that you need permission to do these things right because remember like one day you will be in this position of power right or you ready to know somebody who that does this so the question is whether you believe it or not right so I'm just showing you some interesting realities right of ideas that we can do and hopefully you know some of you guys will will take this on board and we can do the conversation or listing happens and now come back three years from now and

do a variation of this right and say hey guess what the problem is worse right Hank maybe now you know the subtraction so they give my contribution so I finally feel like I've there with could contribute something to my country hopefully a little bit but good nice step alright cool thanks guys