Posted in Ivan Krstić


Ivan Krstić of OLPC

Ivan Krstić, Chief Security Architect, One Laptop Per Child, presented on OLPC technology at Google Tech Talks on April 12, 2007. He went into amazing detail about the Children's Machine XO structure and purpose.

Due to its length, the transcript of his speech was divided into two parts. Below is Part 1 of Ivan Krstić speech. Please continue to Part 2 for the complete transcript.

[Google Announcer] Ivan Krstić, I don't know if I pronounced his name right [its perfect!], is head chief trouble maker at OLPC. I'm sure he brought one, I have one of that XO, and couple of other people probably have one. Ah, there is one! Lets all play the Mitch game afterwards.

In the meantime one request, since this going to be live on Google video, visitors in the audiences, I think I can see here, Please keep your confidential, your Google confidential questions to yourself or ask them quietly afterwards, while this is being video taped. So, I give you : Ivan Krstić.

[Google man's speech ends]

[Applause]

[Ivan's speech begins]

Thank you!

Hi! So, it's a pleasure to be here, thanks for having me. In terms of the structure of this, I'm going to; there are a lot of things that I'm going to tell you about. And I'm going to try and run through this pretty quickly and then have a sort of ask-me-anything segment at the end. So, wheedle tells me that people who are very technical and few guys are going to have technical questions.

So I've tried to make your thought technical and if it's not technical enough for you, you know by the end by all means you can ask questions are as technical as you possibly like them to be. So, I know a bunch of us are having lunch afterwards, so you are welcome to join us for that as well and you know bug me with more questions. So! I'm going to super briefly tell you, you know, who I am before we get into the technology I want to tell you, What it is that OLPC is trying to do… because we.. because there is so much cool technology that we are working on, there is sort of a real risk that when technical people see the project they just get carried away by the technology and they don't actually bother to think that what it is that we are trying to do and why does any of this matter. T

he project was not started because of the technology. So I'll tell you about how we are doing this laptop and how we're building it and then hopefully, I'll tell you how you are building the laptop and helping us out. So, my position to being the chief trouble maker at OLPC, which is a position I'm proud of. I work on the security; I've been designing the security architecture for OLPC which we'll talk about a little bit later. It's a pretty different take on security than what most of you guys expect and are used to. And my background is with the systems. So when I start talking about the gooey stuff, I get a little fuzzy on it then you can probably find questions that I may not completely be able to answer, if they are about the graphical sort of fuzzy things.

So OLPC came to me sometime in the middle of last year and in the first five minutes of talking to Walter bender who is the president of OLPC, He asked me the following three questions, First, can you make a hundred million laptops secure? Can you rewrite our file system and by the way, can you make it usable by 6-year olds. Now I hear that Google has pretty tough job interviews but as far as job interviews go, I have to say, I haven't heard these sorts of questions before. So, I was hooked but I didn't really know that much about OLPC; I'd hear about it, I'd seen it in the news, but that was sort of the end of my exposure, so I sort of set out to figure out what these guys are actually trying to do. Here is the goal of OLPC, four words… "Change how kids learn"… and you'll notice that the word laptop is conspicuously missing from that goal.

Well, change how kids learn, why bother? Right, most of the people who are here have gone through the normal sort of formal learning process and for the most part, we all turned out ok, some more insane than the others, but in general we're OK. So why… what's broken about it? Why fix it? So here is something strange, and you know normally I have a lot more to say about this, so if you are curious we could talk about it afterwards, but I'm trying to compress this part here. Here is the weirdest thing that I found about formal learning.

By the time your are 3 or 4, you will have learned what I call the fundamental principals, and these are very deep truths which are completely non obvious if you haven't learnt them as a kid. Things like sun goes up and goes back down, if you jump you fall back down, water is wet and fire is hot. I mean, these are deep things that you learn as a kid and then never really think about ever again because they are just sort of second nature but you learn these things by the time you are 3 or 4. And at 5 or 6 you come into school and the learning process that has taught you everything you know up to that point goes out of the window, just like that! There is pretty much a literal fog there where it just stops being actual and changes completely.

How does it change? Well, up until then, until you are 3 or 4, the way you have been learning is that you get curious about something and you don't decide to say that today I'm go out and do some learning; you go through your day and ask hundreds of questions and you ask them to parents, friends and peers and you get answers and you keep integrating it to your vision about how the world works and this happens all day, everywhere, and when you enter school, this completely changes to the point where learning starts to be driven by an authority figure, not by your curiosity, it happens for particular hours, its unidirectional and there is one guy like me basically trying to impart knowledge on you and it happens in a particular place and we know that this can actually work great, it can definitely work very well if you have a great teacher , if you have a lousy teacher it works not so well and if you don't have a teacher at all, it doesn't work at all.

So, This is not a stock photo, this is a picture which we took either in Argentina or in Brazil, I forget, but this is a staggering number, there are 1 billion kids of school age in the developing world. We're talking one sixth of the entire world population. So what do these kids lack? Its hopefully, clearly not ability. I actually have people telling me, asking me things like "how do you know that these kids are capable of learning the same way that we all are?" and that sounds like an outrageous question to me but I've actually gotten asked, so one way I've come up trying to convince people is that kids lack opportunity and not ability is that if you take china and rank people by IQ and you take that the top 25%; That 25% has more people in there than the entire population of north America.

So, clearly it's not a matter of ability, clearly it is a matter of these kids not having opportunity. I think we can agree that, certainly education in the developing world leaves a lot to be desired and at this point the people who found OLPC later said well "how do we fix it? What can we do to make this better?" one way you can try and fix this is to some kind of big top to down rethinking of how schools in general are supposed to work, development of some kind of global curriculum, big operation that if you are very optimistic could take 50 to 100 years. I personally think that it will never happen but if you are super optimistic, maybe in 100 years this could happen. A hundred years Is a long time.

Think where we were in 1907, Google certainly wasn't around. We are way too impatient, we being OLPC, this was the cost and people said, can't we do something now, can't we make this better, right away? So if we were trying to do this, how will we fix this? One thing we'd want to do is, try and get peer learning back into the picture. I mean, it worked until you were 3 or 4, its worked phenomenally, taught you most of everything, and let's do that again. Let's get learning driven by curiosity again. Kids should be able to have some kind of way to get curious and get answers regardless of whether their teacher can provide them or doesn't know or isn't there. It was only at this point in the thinking process that laptops really entered the picture and we said well, you know laptops could be one way that we can try fixing things right now and let schooling in general, schooling mind you being very different than education fix itself over time.

So, I'm going to dive into the technology but because I've cut the education part so short, if any part of this is unconvincing, by all means come and talk to me afterwards… So, after we decide it, fine, we're building a laptop, we're going to do this. How do you build a laptop for kids? How do you build a laptop that kids are supposed carry around with them everywhere they go. They're supposed to use in climates like Libya where there is fine sand and extremely hot temperatures. In places where there is a lot of rain, laptops can get splashed and wet. You don't have to replace parts every three months. You don't want the laptop to break if someone drops them. How do you do that?

So, I'll tell you about the XO-1 laptop that several people are holding. So, there we go. That's the laptop and we can pass them around a little bit later. So, here is what is in those particular laptops, previously we were trying to ship with, it's a little geode low power processor running at watt, 266 mega hertz , no L2 cache, very small amount of L1 cache. We've done a pretty significant hardware update, this is pretty recent news in the last couple of weeks, we've gone up to a 433 megahertz processor with massively more cache which actually speeds up python about 2 to 3 hundred percent in certain cases. Now I'll tell you a little bit later why we are curious about python, why we care about this a lot, but its now actually a pretty reasonable hardware configuration and because we also jumped from .15 micron CPU, that is the GX to a .13 micron LX, we can do all of this and use 20% less power, so this is .8 watt processor.

We doubled the amount of RAM to 256 Megs, we doubled the amount of NAND flash storage to a gigabyte. There is no hard drive there, no moving parts. So our primary storage is a piece of NAND flash that we can wear level in the kernel and make sure it is utilized equally across the board and that's a system students call a stew. When we say ultra-low power consumption we really mean it. Our peak power consumption is 4 to 5 watts; the peak power consumption of your laptop can go up to 40 to 50 watts.

Our standard power consumption, if you are not pegging the CPU is closer to 1 to 2 watts and quite a lot less if you are in any kind of suspend mode. We're trying to do probably the most aggressive work in Linux power management of anyone anywhere ever. We would like to suspend this device in S3 every couple of seconds. If nothing on the screen is changing we want to suspend the entire machine. That's sort of radical, your laptop takes 10 to 15 seconds to suspend and resume, we want to be doing this every couple of seconds, so you know what gives.

The first thing you do is you ditch ACPI and you roll your own power management and the target we have for power management is to suspend and resume at the edge of human perception. We want to be able to suspend in about 100 milli seconds and resume in another 100 milli seconds. How do you do that? Well, you get help from your firmware. We're using something called the open firmware, if anyone of you guys are familiar with sun machines and open boot, the person who developed open boot 20 years ago is our firmware engineer and we're running open firmware on our systems

It's a fourth based piece of firmware and because it plays along with our power management, we can actually get it to be initializing the devices which take a long time to stabilize, in parallel with the kernel initializing the other quicker devices and the kicker is that you cannot suspend your laptop even if you can somehow get it to suspend quickly if you were suspending it a couple of seconds while nothing was happening you would lose an image on the screen. So we put in a little aseg that we engineered which we call the DECON, the display controller, which is basically a hardware frame buffer, its in front of the LCD and we can essentially tell it to freeze frame. The DECON and the LCD set on different power rails than the rest of the machine.

So basically we can suspend the entirety of the machine and keep the display active and show you an image and as soon as you hit a button or move the mouse, in the 10th of a second we can be back up and running and process whatever you need us to process. Our display is a dual mode display, it's a technology that we invented in-house. Its something that does sort of a medium resolution and color mode but if you turn of the backlight and flip it into monochrome mode the effective resolution jumps up to 1200 by 900, with essentially 200dpi. It looks like a book.

Maybe we'll do some demos for you guys a little later, but it is really quite thing to see. And the great thing about the lcd is that with the backlight off its sunlight readable, so here you see two laptops showing the same image on the screen and ours is you know the cute one. We're pushing the frontier on networking, we're doing mesh networking. Mesh networking is another name for adhock, multihop networks and we are implementing, we're one of the first people to implement 802.11s, an which is IEEE draft that is amending, its scheduled to amend in 2011 and provide multi-hop and adhock networks on top of normal 802.1. we have rotating little coax antennae, if you guys see the laptop and see the little bunny ears sticking up, right, the bunny ears are actually much more than making gimmick, if you put up the ears, you get about 3 extra decibels of antennae gain, which is significant.

We have a volunteer in the Australian outback who does some wireless testing for us and so we sent him a bunch of laptops and the way he has come to do the testing recently is, he and his wife each grab a laptop, he sets up his wife's laptop to be streaming music wirelessly to his laptop and then they turn in separate directions and start walking and when he loses the streaming music, when he can no longer hear it, they look at GPS coordinated and look at how far apart they are. Any guess to what the latest numbers are? 2 kilometers.

So this is real, I mean this is not lab testing, this is the actual testing that someone other than us has done. It is still draft for those who are interested in adhock and multihop routing, we can talk a little later, but basically, it's a very simple amendment, it provides a mandatory routing protocol that's based on AODV but you can also be using different protocols for this.

The standard lutsew, as long as you also implement this one, because we're the first ones to be really pushing this, we're discovering all the hairy implementation issues that you run into only once you actually deploy something. On the software side the way the mesh works is that we are using avahi which is the free software mDNS responder, but our use case is sort of pushing the author, brilliant guy by the name of fainéant lunging to have developed something that is not mDNS, its called mesh-DNS and it is a DNS-SD compatible replacement for mDNS that is built especially with the use case of mesh networks in mind, meaning it scales a lot better.

It doesn't run into many of the problems that the normal mDNS runs into when you have multi-hop networks etc. and for people who are totally software people and aren't familiar with adhock networks and multihop networks, here is what essentially our use case looks like. So here is our school server and this laptop that cant hear the school server but it can hear this laptop and this laptop can forward back here and here and finally they can reach the school server go out and do the internet in the sky.

[person asks question.. not audible clearly] the question is what happens, how does this play with the fact that we are trying to suspend our laptops every few seconds, which is an excellent question and after we triumphantly decided that we can get the power management working the way we want to, that was the question we asked… well that's a great idea except that the mesh doesn't work. So what we did is we're using a unique networking chip in the machines. It's a chip that has its own little ARM9 processor onboard, Self contained and it can keep running when the entirety of the rest of the laptop is turned off. It contains routing tables and can do L2 forwarding even with really nothing else in the entire laptop functioning.

We have all the set of standard goodies, we have a bunch of USB ports, we can take power from anything that produces reasonable DC, solar panels, car batteries, pull cords, onboard cranks, pebbles, you name it. We have stereo speakers, a pretty fast vga camera, surprisingly good picture quality, we can take external storage with SD card slots, USB drives, etc. We have a microphone. Our touchpad is pretty weird, if you look at it, you can look at it later, it is actually very wide and the reason for this is that it contains three segments, the middle segment is a normal touchpad like you guys have in your laptops that is capacitive and you can use you finger on it, but you can use all three segments of the touchpad as essentially a resistive tablet so you can grab a pencil or anything blunt, really, and use the entirety of the tablet as a white touchpad as a tablet and try to teach kids how to write. You can imagine this as being incredibly useful.

In addition to all kinds of useful things and interesting uses you could come up with that. In case of batteries we were pushing on the envelop not on how long one charge lasts but how many charges we can get out of the batteries . we don't want to be having to replace the batteries frequently. So we were able to do some pretty significant progress there but then something interesting happened a completely new chemistry appeared out of the blue, this is lithium ferrous phosphide chemistry for the batteries. You can't find them on the market yet.

And it is looking reasonably likely that we might be shipping this chemistry/ I should say, the reason this is particularly interesting is, its safer that nickel hydride which is otherwise the safest battery chemistry you can find, it burns colder and it's caught a lot later. I did a little show at picon and I passed around the normal nickel metal hydride and the lithium ferrous phosphate battery of the same size and people were pretty amazed, its almost the twice the weight in a nickel hydride battery.

We have normal audio that you would expect but, we hacked the microphone port to also act as a sensor input port meaning we can actually read the direct line voltage from the microphone so for a 50 cents or a dollar you can build sensors for things like temperature or humidity or light and hook them up directly into your microphone jack and read the sensor values from the laptop and have a sort of a portable physics lab as you go.

We're running a Linux distribution that's based on a very stripped down, almost unrecognizable fedora core and one thing that became very obvious to us that we need a machine that is based on open source free software only. Why? Because what you want to do here is, build a glass Lego box, you give it to kids so that at first they can play with it and see what's in the inside but then it gets rally interesting because they can take the think apart change whatever the want and put it back together and be able to use the things they've actually changed.

So, one of the things we were sort of, in a brain storming session, thinking about was how great would it be if you had a button on the keyboard and you pressed and you could see the source code of the software that you are running and it just worked, right. So that's what we did. So here is our little gear key, that is view source button and you can actually see the source of almost anything was running. Now the problem was that, after we put the button there, we figured out that we didn't have any idea how to implement this well… [Audience laughs] luckily we suckered Guido into doing it.

We figured that if there is anyone smart enough to do it, the guy that throws pipes and probably is and luckily he didn't protest too much, so we're still looking to him to kelp us out here. We have more issues, you know, drive space on this machine it tight. Its hard to ship the source for everything, recompiles take a long time, Its not clear that we can ship the entire compiler tool chain. One thing that also started becoming clear is that you want some way to have the programs that you actually run to be the source code and the act of running should same as the act of compiling. Man, if you could only program interactively.

The solution is python, everything we can reasonably implement on python on this machine will be implemented in python and I really mean almost everything, we're talking GUI, window manager, presence, communications, system boots, init daemons, security service, platform crypto, filesystem, search, basically almost anything that transforms user space and can be done in python, will be done in python. There are exceptions of course, we're not going to be re-implementing X.org in python as fun as that would sound, the avahi demon is not something we really want to re-implement, the way we do sound, the way our system bus IPC works, these are the things which are going to stay pretty much intact and we are not going to be re-implementing them.

And when I run through the list of the stuff that we want to implement in python, I sort of mentioned file system in quotes and you know, people usually go "hunh?" you're going to write the filesystem in python. The answer is yeah. We're trying to do something pretty different here. We're creating a centralized storage for user documents on the machine, that's essentially a big object store. And if you do this, you get some pretty incredible things that then the operating system can do for your documents, you get version control on all of the user documents that you have on the machine. You get efficient n-way synchronization and you can get delta compression and track all the metadata. Really, its like putting your entire machine under very advanced version control that can do the right thing. and in addition to this you get sort filtering, timeline, of things that are happening on your machine, you can ask the machine, show me everything that I did yesterday, which you cant really easily do on your computer.

But one particularly cool thing is that you get pervasive search. This is something you guys must be excited about. What I mean by pervasive search is that the moment something comes into your machine, its searchable; the moment you visit a webpage, its searchable; the moment you open a file from somewhere, its searchable. So really you get search as a much more powerful way of dealing with information. If you know that search will find anything that's on your machine and you didn't have to have an indexing run or anything then maybe you are going to be using your file manager nearly as often because, hey what's the point?

The way this is working by the way, is we are exposing the objects to a D-BUS service our IPC and as a little web-server that things can connect to and access files, and the cool thing is what happens is that even when you're interfacing with a central object store for all the user documents, the way you actually operate on files is still UNIX semantics, so you still have your open and write and fseek and such syscalls and the two don't really collaborate each other. What I just described, the way is called yellow, we're going to have a tech preview release very soon and we have open problems with it, things that are still being solved, things that I'm working on, things like smart n-way synchronization repositories, its really hard. Dropoff, yes!

Tags: | | | | | | | |

Actions: | Comment (1) | Digg This | Add to del.ico.us | Send to Reddit

Comments

The Open Firmware is Forth based, not "fourth"
http://en.wikipedia.org/wiki/Open_Firmware

Besides, it's DCON ASIC, not "DECON aseg". olpctalks got that correctly before:
http://www.olpctalks.com/jim_gettys/jim_gettys_olpc_fosdem.html

Posted by: chithanh on May 04, 2007