notes → fridayhttp://computer.howstuffworks.com/internet/basics/question5493.htm
nice series explaining crypto by Diffie Hellman that Pieter suggested
Guest login: guest / guest
Please ask An Mertens for a personalized login or e-mail at constantvzw.org
10:23 Workshop Tunnels, dig into communication
Wendy van Wynsberghe, Pieter Heremans, Denis Devos
sunny day, blue sky, who is waking up the PZi students?
10:24 Wendy introduces
Will talk about communication but also about hiding. Talking to each other through encrypted channels.Configuring VPN.
'we'll go under'
What started all this hiding? Verification. Verifying you're really dealing with the person you want to communicate with. First step is a message of authentification using Jitsi. Reading the code you receive out loud.
AIM avoid invisible scrambling.
~ teenagers invent their own words / ROT13
Centralized versus decentrailized services.
We're going to connect to someone to Baris Fidaner who is in Istanbul through V
people use these techniques in countries where there is censorship/no free speech
Turkish government deided to block YouTube. Out of frustration a lot of ppl started making tunnels.
Isik is at a university in Istanbul, part of mouvement against state controlled internet
[hey Donna :-)]
[come in! it's fine]
First freenode as communication, then underground
Jitsi uses lots of protocols, xmpp
[we go offline, network does not do the job, we loose info --- sad, because nice to write together]
Workshop Tunnels, dig into communication
10:30 Wendy explains how Jitsi works and what it can do... An example: Wendy wants to talk to Femke, who is at a location where all communications go through Pieter, who wants to block, or spy on, their exchanges. How is this communication blocked? Through the blocking of IP's. A proxy is a server that is functioning as a relay station, passing communication through so that blocked IP's are not visible.
10:36 Anne laforet arrive!
Q: What is a tunnel? A: A tunnel is a point-to-point connection through the use of dedicated connections, encryption or a combination of the two.
[10:40 full house, guillaume cooking, smell of soup arriving through glitch under door, also small sounds of kitchen tools while wendy reads]
Q: what is a port? A: On a computer there are different processes. The Operating System (OS) needs to know to which process to send the data. Through assigning portnumbers the OS will be able to tell by which process the data needs to be processed.
port: port tells which way to go to reach destinies
lots of processes running at same time [compare to enveloppes stamped with certain port going to specific destinations]
ex. smtp thunderbird uses port 25
ex. webserver listens to port 80
point-to-point : be precise on how to communicate
[10:42: doorbell! 2 people come in]
Q: Who wants to be the webserver?
Example of a port block work-around: Wendy and Denis give an example of a port block work-around. Denis' Etherpad uses port 8000 but this was blocked at Namur university. If you want to use Etherpad when you're on a network that blocks a certain port, you need to change or add a port on the webserver that is running Etherpad, so that packets from for instance port 80 are also processed by Etherpad.
ex. universite namur: they blocked port 8000
serveur Etherpad etait 8000, comme c'est bloque chez eux, il a transfere vers port 80
10:47 Pieter is a proxy
proxy: relay station of web, not for chat...
'we'll go under'
proxy = http
tunnel = speaking into pieter's mouth ~ ssh
In the case of Virtual Private Networks (VPN), the tunnel is a wrapper, with packages inside. Tunnels might look suspect but ISPs cannot decrypt the communication.
with VPN : all envelopes are stamped with pieter's name, specific port number they agreed on
pieter will open package, on inside envelope wendy will have put femke's name
encryption to protect who can open what layer
Pieter sees all trafic going on: sees it is locked, may be suspicious
Also possible technique for tunnels are ssh or open vpn or thinc vpn or ipsec
IPSec is a protocol suite for securing IP communications by authenticating and encrypting each IP packet of a communication session.
Tor switches constantly between different Tor proxy's re-encrypting data, nobody can track where data comes from. Tor originated from a US military (Navy) funded development, in order to obfuscate diplomatic communications.
--> is opposite thing Royal Mail of UK does sending package to Dubai!
--> very nice correpondence with Bitnik-experiment and how parcel went back and forth between central london and stanset airport
Tor Exit nodes: you can choose to be a Tor-node. When you are a node, you accept connections from other Tor-nodes, you'll unpack and repack data, and send it on to the next node. All these exchanges stay within the Tor-network. Then the data needs to leave the network. You can also choose to be an end-node, that makes data exit. Your IP will be linked to the data (Pieter: you need to be willing to attach your IP to this data that is sent to this smelly stinky server). Denis mentions Domain Public used to be a Tor end-node, but it received legal notice that it was under investigation. It could have been forced to log IP adresses and could have gotten a fine.
Tor does the same things
tunnel vs darknet
instead of talking to 1 specific person it would constantly change speakesperson, make multiple hubs before reaching final destination, decrypting and encrypting, nobody would know where it comes from/where it goes
Question from the audience : is TOR a darknet or a tunnel ?
many different for boxes lnking before linking the final destination, always changing random links through the network so nobody would know anymore where it comes from and where it goes to.
TOR is being monitored, so they keep rewriting, relaying etc.
government TOR proxy
TOR originated 6 or 7 years ago from a USA military lab. still being sponsored by them.
to initially conceal heavy diplomatic traffic etc.
is TOR secure and anonymous ? yes and no.
It is not really anonymous ? it is traceable.
Still you can never know who was the originator of any channel.
Tor Numbers show that banned sites receive a lot of visits.
TOR uses tunnels to reach the other nodes so it’s the same mechanism as jitsi.
Denis: domaine public, his site, became a Tor end-node for a month but received legal notice (requête d'un judge d'instruction) that he was under investigation (car adresse utilisée pour domaines avec des images pédo-pornographiques). dp était intéressé d'être un nœud final pour proposer un accès anonyme et sécurisé à internet. "on a envoyé une lettre très polie pour expliquer ce qu'est tor et pourquoi ils ont voulu agir ainsi on n'a pas eu d'ennuis ensuite". ils auraient pu avoir des amendes ou des peines de prison ou des saisies pour ne pas avoir loggé les adresses IP par exemple. il faudrait avoir plein d'avocats. si les serveurs qui hébergent les nœuds tor sont dans des legislations moins contraignantes, ça peut ne pas être un problème. They could have been forced to log IP adresses and could have gotten a fine.
Tor exit nodes are much more exposed while the inside nodes more invisible than the exit ones.
TOR NETWORK MAP
Tor gets funding from US navy
government is interested for diplomatic traffic
Q: Why would domain public be interested in being an exit node? Denis: We were interested in offering anonymous and secure access to the Internet. It is not really anonymous, it is traceable, but its a lot harder to pinpoint the origin. Tor is used by political activists in China for instance, because China blocks so much communication. It is not just used for pornography and weapon trade.
Tor uses tunnels to communicate to other nodes.
Basically you need a team of lawyers behind you to be able to run an exit-node, and a lot of time and money. Big universities for instance would not have a problem.
An: people raising hand and say: i'm a tor node, my public name is xx
you accept connections from other tor nodes, you unpack and repackage them and send them out to someone else in network
in the end Wendy wants to reach service/website that dos not run tor
--> Denis: I'm tor node and ready to go out with my name --- denis's name will be stamped on all packages
--> after 1 month they received legal letters from 'juge d'instruction' because of pedo-porn traffic, vandalism, hacking into webservers
you need solid organisation clear that you're exit node, this is not your traffic
offering anonymous and secure traffic
--> it is not anonymous, still tracable
wendy lance tor
we decided not to have tor in the workshop, it's off-topic
[hey people! tor was not on the program, on purpose]
chinese government blocks --> it is used a lot
Domaine public sent a nice letter to which theyreceived no reaction. ('lettre polie', pas de reaction)
-- refus de cooperation, amende... If they hgad refused to collaborate they would have had a fine
Last question on tor: what services do you need extra to be exit node for tor? money, lawyers team protecting your rights, resistance capacity, etc.
tor uses encrypted tunnels to reach nodes, same mechanism
not possible for audio/video
INTRANET created in many countries for censorship.
TUNNELS against censorship
PROXY is http and tunnel is a relay station
VPN virtual private network becomes a « tunnel »
A VPN extends a private netwrok accross a public network, such as the Internet.
PORT which process to get a parcel where it need s to go.
PORTs are like docks for info parcels they pass by them
You can change the port number
envelopes within envelopes is the tunnel, second, hidden address with multiple layers so as to get info through without the server knowing.
[11:10: what we originally would want to do]
To get started with the first practical part of the workshop we're going to work with Jitsi:
Jitsi runs a little server that constantly listens to the ports. You need someone's ip address to make phone or video calls. if you know the ip-address and you're in the same network, it listens and you can phone each other.
All ip-addresses have to be in the same range.
Local network addresses are not routable so you cannot be reached by someone outside of the local network.
'what makes the internet the internet?'
mechanism of routing, pass in different directions depending on range of numbers in public ip-address
provider gives 1 public ip-address, but people have various computers at home
internal ip addresses are not routable, router does not know what to do with it
Network Address Translation: tell router if something comes in on public network (right leg), pass it onto wendy (left leg)
'you would contact my left leg'
Before lunch everyone who wants to try, gets jitsi installed and finds out their IP address.
It'll be a one-on-one communication where each person gives their IP to another and sets up Jitsi to start a chat. People start wearing their IP on papertape stuck to their shirt.
ip address have to be in the same range - with us all connected to the same router, it's the case
inside a router you have one leg in the local network and one leg at the provider.
After installing Jitsi from http://jitsi.org people try to connect to each other.
get ip address with command-line tools : ifconfig
After starting Jitsi you need to add a SIP account, you simply create a username and password. Then you sit with someone and add them as a contact by adding their username. SIP figures out their ip. It is only working for a few.
12:15 Trying pinging eachother first...
$ ping 192.168.42.107
12:20 Pieter uses Wireshark (https://www.wireshark.org/), capturing packets going over wlan to show what is going over the network when using Jitsi. You can see time, source and destination addresses, protocol, length, ... You can investigate data packets. UDP is very careless. XMPP is the protocol Jitsi is using for chat.
When you inspect a package, you can see the second part is read by the router, to see where to send the package, the rest it just sends on. Jitsi puts for instance XMPP/Jabber inside this wrapper/enveloppe.
Calling Istanbul... same situation as here, with a router communicating between the public and private network. The Jitsi application has set up a service to do session initiation. Here Jitsi could find us all because we were all on the same network. But to reach istanbul it is different, Fidaner has no public IP address, only a local one with the router in between. So Jitsi set up this service relaying Jabber messages. Fidaner has an account there, and so does Wendy, in the middle is this machine relaying messages, so the problem is bypassed. Bulgarian servers are doing the relaying. So you are relying on Jitsi for this and there is still a third party in the middle, but the data is encrypted so communication is safe in that sense.
when the call gets initiated, Wendy receives a code she has to verify with Fidaner. She is not receiving sound/video, he is only receiving video for some reason, so they cannot verify. This verification code is part of the encryption, you should both have the same key in your display and read the key to eachother to know you've established a connection (and with the right person).
using zrtp : encrypted audio/video with "secret key" that both need to accept - one-on-one captcha. point-to-point. no man in the middle. the packets are sent directly to the public ip of the person we're talking to (not through jitsi servers in bulgaria)
Trying out another time with 2 local machines and it's working perfectly. Sound & video & feedback. Lasse connected with a Jabber account in Austria. Luisa and her friend managed to use jitsi with xmpp
12:56 Fidaner waited for 3 hours in Istanbul to connect to us, so now we're writing something for him on the whiteboard, since audio is not working, Femke and Maaike do a live video performance introducing themselves with drawings and gestures via webcam getting text back from Fidaner over the chat.
Wendy apologizes for getting stuck in configuration.
Fidaner: "We are always stuck in configuration, there is nothing else to get stuck in".
14:26 Anne, An and me have wired connections now so we're giving etherpad another go.
Workshop: Boxes – Doosjes – Boitesby Wendy Van Wynsberghe, Pieter Heeremans, Denis Devos
Wendy is introducing the workshop, showing pizza box servers. We'll look at 2 different kinds of servers.
This workshop looks into several existing projects out there to facilitate self-hosting.
pizza box server somewhere on data centers
it was a hub and now it's a switch
two versions of "boxes' boxe
- raspberry pi (not open hardware) lots of advantages
- olimex (open hardware) -
>> now we go hands-on::
self-serving table (_1) &&& boxes HW table (_2)
cloned git rep https://github.com/YunoHost/install_script
and started installing
_1_ differences between self-hosting and hosting for yourself
1st problem of self-hosting is that the IP address of the hosting is changing & hence the registrer server has to be informed >>> BUT they provide automatic service of these actualizations.
2nd is that you're responsible for your data and hence if your server crashes, you won't be able to send data >> this means backups, cooling, and those kinds of SW and HW responsibilities.
3rd router configuration.... And its subproblems:
a_ Port opening. Languages/protocols run on standars ports (like http, for example). By default the router would block the incoming connections, so nobody will be able to speak to you from outer servers. Actually you have to tell your router that you want to allow connections from whichever servers. / To open the port you have to connect on your router interface (address usually is 192.168.1.1) and on this interface // or even more easy: UPNP will open it automatically.
b_ Most open the 25 port ( the mail port) by default. So: the 25 block.
c_ You must be aware of what is your private IP address (192.168.XX) > it is behind the router.
Once you've solved a_, b_ and c_, then you're able to host yourself ;)
( Refered similar project: http://superglue.hotglue.me/ )
It filed becuase of networked cable was disconnected during installation
however http://lulz.nohost.me/ is a working example
14:26 First up: Freedom box. Based on the idea to bring some things back into your home like hosting your own services, encryption, etc. https://freedomboxfoundation.org/ They are taking their time to try and make it really secure because it is nice to do self-hosting, but it comes with a huge responsibility. You will have to ensure the security and privacy of your data and the data of those using your services. Freedombox is an initiative of Eben Moglen. Freedom box has not released their software yet, only a developer version which focusses on infrastructure and architecture, not a finished product yet.
freedombox - taken over by debian. taking your responsability in your house
wendy : i talked to people who worked on it, and there was no common ground/goal (what to do, etc)
with the other little systems, you put it back in your home. server back at home. quiet. not a lot of power.
ArkOS https://arkos.lo "your data, your rules." Self-hosting. Instead of relying on services through third parties like Facebook, Gmail, etc. be self-reliant, bringing things back to your home, building your own infrastructure. "A project to help users self-host their websites, email, files and more. Decentralize your web and reclaim your privacy rights while keeping the conveniences you need."
ArkOS is a lightweight Linux-based operating system that runs on a Raspberry Pi. You can run things like databases, ownCloud, wordpress, etc.
denis : bcp de projets qui ont eu lieu ces dernières années, abandonnées, plein de bugs
arkos est le + abouti, avec le moins de bug
l'installation est très facile, image qu'on télécharge et met sur carte sd
constarkos : pi avec arkos qui pend près du vidéoproj : 192.168.1.7:8000 admin/admin guest/guest
on peut rajouter de nombreux services, par ex gérer des instances de transmission, on ajoute des torrents sur l'interface utilisateur, possibilité de mettre en place des partages samba, ajouter des utilisateurs, installer des bases de données (mariadb : free fork on mysql). par défaut, wordpress and owncloud
on peut configurer le routeur pour qu'il soit visible à l'extérieur
pareil pour transmission, on peut rajouter des torrents de l'extérieur
gestionnaire de fichiers proposé
on voit les process qui sont visibles
2 utilisateurs pour l'instant
série d'applications qu'on peut installer dessus : serveur de mail
keep a tiny thing with you as pet, full use of internet and having people to come and enjoy your data
question of security
--> the biggest problem of server
[kettle sings, water is boiling]
What would you put on a pocket server?
What would you like to share? music, books, code --- friendship protocol vs acquaintancies protocol
--> you can connect it to your house or to the world
--> you can add torrents from outside if you configure
'configure' : con (together) - figurare (shape) --> shape after a pattern
--> shape in order to be together?
--> Isik: 'we can only get stuck in configurations'
'guest' - 'guest'
when do you get a name in a configuration?
who is in power to use this?
it depends on your connection
14:49 Q: what is the difference between QNAP NAS ("Quality Network Appliance Provider" www.qnap.com) and ArkOS? A: QNAP is proprietary, expensive and closed source.
denis : systèmes de stockage différents. qnap = professionnel. + cher, + de consommation d'énergie
14:50 Q: Where can I put my box to be able to stream video etc? My home connection is too slow... How to replace hyper efficient high bandwidth services with home server based services? A: You can at least use it locally as storage, you can stream music and video, so you avoid dealing with slow upload speeds of home connections.
denis : plusieurs types d'usage : pour faire du développement, du stockage
Q : mon questionnement est très pragmatique : remplacer les éléments efficaces mais propriétaires dans lesquels je n'ai pas confiance par du libre
denis : réseau local plus rapide par ex
in case you have a fixed place like this, you don't need network connection --> but then it really serves as external hard disk, not server
our machines are slower to upload, because they're installed as clients
this can run on battery, you can hide them, versatility, people jumped on it [a lot of new code for it]
[we're impatient for tomorrow, we want to know how to use different platforms]
denis branche un serveur de mails.
wendy : there's a raspberry pi hosting in the netherlands
rijks : you either buy yourself the pi + buy the pi directly configurated. no physical access
wendy : with the constant server, we've got no access to the pizza box to plug it on/off
rijks : it exists powerconnectors to which you can login
Q : with embedded device, we feel our machines are clients only, and not serveurs, which is easy to do
with the pi, etc, it has versatility, you can move it around, a lot of people jump on it and made code for it, systems, etc
denis : est-ce que c'est jouable d'installer un serveur mail sur 1 Raspberry Pi ? avec l'idée d'avoir à la fois os + serveur sur une carte sd
on a dû utiliser un nom de domaine dyndns : jonctions.ip.biz
un script récupère chaque heure l'adresse ip (dans la plupart des abonnements, c'est mis à jour toutes les 24h env) et met à jour l'adresse ip du nom de domaine dynamique
pieter : qu'est-ce qui se passe quand on envoie un email à qq'un ? quand j'écris un email, il est envoyé à un serveur smtp, they look up "jonctions.biz", et renvoie à telle ip, the email provider go looking at the dns (which is more/less decentralized), and then connect the name to the serveur. the ip address will change, but dyndns will handle it.
An: another description:
when you send email to someone:
I write email to firstname.lastname@example.org
you send it to smtp-server (selfhosted, provider, gmail)
they look up example.com -- which machine wll know this address?
they go to worldwide telephone book 'dns': links example.com to public ip-address for example.com (mixed record)
your ip-address is always changing, when you're travelling -- din-dns: checking every hour what ip-address is linked to example.com
try to send email for 72 hours
afterwards: send message back to source: error
--> so, they try to ring your bell during 3 days
denis : un serveur email par défaut est fait pour qu'un email soit envoyé pendant 72h, donc il faut que le serveur soit branché au moins une fois toutes les 72h
ça va fonctionner sur les fournisseurs d'accès, sauf ceux qui bloquent ceux qui utilisent le port 25 (belgacom le bloque par ex)
pas de moyens de configurer le port 25.
wendy : on peut l'ouvrir, non ?
15:00 Q: what happens if your box is not connected to the internet? A: For 72 hours mails will keep on being sent to your address, after that they are bounced.
Belgacom blocks port 25 to fight off a lot of spam and virusses. Which caused a problem when Denis tried to install YunoHost. He contacted the developers and Kload (Alexis Gavoty) got in touch with him. Kload happened to live in Brussels and is joining the workshop to showcase the project.
Denis was in trouble, mentione dit on chat
--> a human arrived
---> yunohost comes in the room and now he IS physically in the room
his name? not mentioned
encounter on the internet, happened to be physically in Brussels
Belgium: everyone has dynamic ip
'we': 6 people, 4 developers, France/canada
[coughing, straightening backs]
great project, a lot of people joined in summer 2012
YunoHost is a server operating system aiming to make self-hosting accessible to everyone. All DNS setup is automatic, it provides dynDNS service. This is the main difference between ArkOS and YunoHost. This is super important here in Belgium because everyone has dynamic IP's and name and IP link need to be updated all the time. http://yunohost.org/
Yunohost is a fully-automated personal server distribution. It provides by default a preconfigured mailserver, instant messaging, and webserver, with a web-application portal to simply access and add services through your web browser.
yunohost : a small team, mostly developpers in france and canada and contributors. started last year (summer 2012) because a friend of mine had a great server configuration and i wanted to have it too. idea to share a configuration. it has transformed into another project because a lot of people joined the project. soon a new release (beta 2 version soon).
by default provide a jitsi, a backup system, protection against spam
jitsy, back-up, mailserver, sharing files, protection against spam
AMAVIS is an undefined creature living on the server and reproducing in a light way
single certificate = important story ---> for next edition
[feels like sysadmin course in 1 day]
'promise of easyness' but it quickly reaches the point where it is not easy anymore
run your own server is a lot of work -- try to make it easy
- make it work: admin vs users
--> interface to create new users,...
w : do you see it as returning the hosting to the home ?
g : make the installation at home the easiest possible. it can be installed anywhere you want. the goal is self hosting, or at a friend's house with a better connection. federated way to see self-hosting.
looking at the interface : lulz.nohost.me/ynhadmin - very minimal : users/domains/applications
"* To receive, read and send your emails, with Roundcube instead of Gmail.
* To chat, interact and share with your friends, with Jappix instead of Facebook.
* To store your files, and share it with Owncloud instead of Dropbox
* And much more to come :)"
You can manage your server via your webbrowser, it has a very minimalist interface.
Q: Is there a solution for CalDAV? A: You can use OwnCloud for that.
q : you have a solution for contact & calendar synchronisation ?
radical and owncloud (but not recommanded, radical is better)
Q: This promise of ease, can you live up to it? Wendy: it is never easy, even if it looks easy... we have to stop talking and start trying now to see how that works out. Kload: It's not easy but we can try to make it more accessible. Someone mentions there are two roles in self hosting, the admin role and the user role. The admin has to face the problems of installing and maintaining the homeserver, the users don't. Christoph mentions browser tools for managing your server. Kload: you do have to admnistrate your box, you have root, but we're trying to make it as smooth and easy as possible.
"A PirateBox is a portable electronic device, often consisting of a router and a device for storing information, creating a wireless network that allows users who are connected to share files anonymously and locally. By definition, this device is disconnected from the Internet." (Wikipedia)
15:26 Wendy openWRT, GPL software, beacon of hackability, on piratebox small wireless accesspoint. When you connect to it and open your browser, no matter what you type as url, you are rerouted to a page on the box. You can see files that are left there for download, share files and chat. It's more practical than a usb dead drop, where you have to actually plug your laptop, it's clunky.
OpenWRT is firmware that can run on routers and makes it possible to escape the vendor specific interface to the hardware (often blocking a lot of functionality). https://openwrt.org/
Piratebox 2011 (wireless usb deaddrop) with open access wireless point
network device you can hack
software under gpl
we have one for VJ14, it is called the 'Amazing Service Robot', 20 to 50 meters range, anyone can upload and dowload stuff (did this happen??)
wendy : pieter can i say that openwrt is a system that works on a lot of networking device ? i feel like a sales person. it has software you can hack. usb deaddrops in 2009
pieter : then the idea was taken to another level, with the piratebox. you don't know who's accessing it.
it's a little access point that pops up in your list of access points
once you connect to it, you go through a browser.
femke : we'll talk about bibliotheca tomorrow
pieter : a piratebox there with elements : amazing service robot.
wendy : i broke the box, it looks easy to do but it's not
perimeters of the piratebox : outside 50 meters, inside like 20 meters or so
it doesn't keep logs
p : it could keep logs
w : configured to have the chat every time you connect. people have used openwrt for mesh for a long time. mesh is a way to connect locally. we take for granted that there is an access point. set up a system to reach people which will not be reached directly, building a network out of these nodes.
local brussels initiave : build a local network independantly (the aim is not to get connected to the internet)
15:38 Let's start trying things out. You can choose, either self-hosting or piratebox try-out. You can either install from scratch, or modify existing installs, try Forban, which if installed on a piratebox, will take over all content from any reachable piratebox in it's surroundings. Forban is a p2p application for link-local and local area networks. Forban works independently from the Internet and uses only the local area capabilities to announce, discover, search or share files. Forban relies on HTTP and it is "opportunistic". http://www.foo.be/forban/
16:03 The group splits up into two tables, a piratebox table and a self-hosting table.
Installing YunoHost on a Beagleboard-xm with Kload. The graphical installer only works on x86 processors so for the Beagleboard we'll have to do it manually.
Step 1: Use git to fetch the install script. The board has Debian installed, check if git is installed, if not, install. Clone the install script.
How to in French: https://github.com/YunoHost/install_script
$ cd /tmp
$ git clone https://github.com/YunoHost/install_script.git
$ cd install_script/
$ chmod o+x install_yunohost
$ ./autoinstall_yunohostv2 test
16:19 It can take quite some time to install...
Alternative to hosting at home: Virtual Private Server, you rent serverspace and install it there, saves a lot of trouble and it is very fast.
Problems you might encounter at home:
1. home |_|--|_| Belgacom -- CLOUD = dynamic DNS problems
2. You are responsible for the hardware. If your server crashes you have to fix it and make sure there are back-ups, hardware maintainance. Not only the hands-on maintainance, you also have to buy the hardware. RaspberryPi is $40 but wont suffice if you are running a lot of services.
* Port opening: different protocols run on standard ports. There are 36000 ports. By default the router blocks every port for incoming traffic. Nobody will be able to connect. You have to unblock certain ports, for mail port 25 for instance. You have to connect to your routers interface, usually via your browser, you go to for instance 192.168.1.1 or other address, there you can open ports. uPNP is a protocol that allows a private server to communicate to your router. This is available to you via YunoHost.
* 25... is blocked to avoid spam and virusses, some ISP's don't allow opening it up. There are solutions for that but it is far from ideal.
* Private IP address: you need to tell the router to which local/private ip address (which you have to fix so your router doesn't keep giving different addresses to your box) to forward incoming traffic for your server.
DNS configuration is really complicated. If you just use it locally it's no problem, but if you want to run a mailserver for instance and you don't use the automatic option of YunoHost. You can get a nohost.me domain and the dynDNS configuration will be automatic.
16:46 the beaglebox is starting to set up...
In France some ISP's give static IP's but not in Belgium, the US, or Germany... It's easier for the ISP to do dynamic IP's, plus most ISP's don't want their customers to host, and on top of that, it's commercially attractive to make fixed IP's a non-standard service. Companies that do want to host will have to pay a lot more money to obtain a static IP.
Another problem that you might encounter if you're trying to serve webpages is that port 80 is often also blocked.
Some people are looking a little discouraged. It requires quite some skills to actually run a home server. Funky alternative: Superglue is a box running a webserver and the hotglue environment to create and serve your own site without any sysadmin skills. http://superglue.it/
17:28 The Beagleboard accidentally got unplugged, the ip changed and now we're trying to get back in touch with it. Then we move on to the next steps in setting up the server...
17:31 Hello hello Beagleboard?
The install party ends, slightly disapointing because we didn't manage to finish the install and see Yunohost in action on the board, but Kload explains that the project is still under development but already can offer a lot of simplifications if you install it as a VPS on a remote server, where you don't face all the issues of the home server and can benefit from the easy installation and configuration of the apps provided by YunoHost.
The project also wants to send a signal to ISP's that there is a real demand for self hosting by making it more accessible for people. When there is a growing group of people self hosting and requesting static IP's and port unblocking there might be a response from the ISP's to make the situation more like in for instance France where certain ISP's do allow for more freedom of their customers.
17:50 the workshop finishes. Off to la Poissonerie!
report for the piratebox table :
3 tp-link_mr3020 routers to install PirateBox on it. different strategies : one by installing directly on the internet (despite the risk ot having issues with IP addresses in the same range) (Gijks + Anne), one by installing it offline through softwares on Pieter's usb keys (Christoph), a third group (with Madeleine, Sarah and Victor, students from Arts décoratifs, a quite huge, public, applied arts school in Paris (ENSad) and Bachir Soussi-Chiadmi who teaches interactie design at the art school in Rennes (EESAB), France) is installing a Piratebox with a osx machine.
tp link are installed with stuff from tplink
1st step : install linux on it : openwrt
possibilities of conflict btw the automatic ip address & the router
http://wiki.openwrt.org/toh/tp-link/tl-mr3020 (name of openwrt release after vodka cocktails)
configuration to match the ip address of the router to the main routers from jonctions to connect to the internet
need a lot of configuration with the ip addresses
possible to connect also to get the packages in a computer and then to the tplink with a usb key
failsafe mode (mode sans échec)
at the end of the workshop, one PirateBox went live. Gijks changed its name using information from
it was named Free Chelsea Manning and he made some lovely html using Marquee.
Apero at la Poissonerie
evening à La Poissonerie
c'est quoi la poissonnerie ? occupation organisée depuis le 1er septembre 2011 de la moitié de la rue. membre de wohningen 123 logements (also a place 123 rue royale). partenariat avec infrabel (sp?) l'entreprise qui s'occupe du rail. ils sont devenus propriétaires de la moitié de la rue, la partie qui est près des rails car les maisons vont être détruites. chaque jeudi, système de table d'hôte. partenariat avec d'autres associations du quartier. par ex, 4 fois par semaine Abdel fait du soutien scolaire pendant 1h30, ce qui est utile dans ce quartier. chaque jeudi, récupération de légumes et de fruits, une partie sert à la table d'hôte, et l'autre partie est redistribuée dans le quartier où il y a de la pauvreté. space often occupied with partenariat like jonctions. 3ème jeudi du mois, scène ouverte. ou projections (comme "le thé ou l'électricité", un documentaire). bientôt un site web (infos sur facebook pour l'instant). pour combien de temps ? probablement un an ou deux, sinon l'aventure sera continuée ailleurs.
19:35 Introduction of the evening by Femke and An. What does it mean, to serve and be served digitally? What does it mean to have space, to have access, to share access? Being here at la Poissonerie is really great. Marie will talk a bit about la Poissonerie. Marie has lived here since September 1 2011, it is a place that is occupied by the inhabitants of the street. Half of the road is actually occupied. They are all members of houses123, partners with infraBel, a company that manages the railway. Little by little they became owner of half of the street because they want to demolish the houses. Every Thursday they organise meetings and have organized partnerships with other associations in the area. Four times a week Abdel helps school children with their schoolwork for instance. This is very usefull because a lot of children are raised bilingual and need extra help with language.
They hope to stay here for 1 or 2 more years, if not they will find another space.
présentation performative de Wendy
elle a préparé un petit plat.
insecte qui fait le tour de la salle
on a commencé avec qq mots de bulgare. jitsi = wires in bulgarian.
voice over ip
talking from numbers to numbers, from ip to ip
the bug is back
on a beaucoup à faire avec les protocoles, l'internet est très protocolaire
on s'est parlé un à un, découvert le numéro ip des machines
& it was encrypted
we wanted to do a virtual private network, or a tunnel, where the ip address goes to a tunnel to a virtual private network to talk to another person
often we want to communicate but it's not allowed by governents
so it's encrypted
we got lost in configuration
that was the morning
as the internet is more and more commercial, services are taking care of us, so what happens if you decide to take your data back home, put your cloud in your house
need to decide whether you (dis)connected from the web
the moment you want to get out of your house with our email, our chat, you get into trouble
providers decide for us what to do for us
expérimentation with boxes
est-ce qu'on dit simplement adieu à internet ?
we go parallel
on peut parler tête à tête ou installer un piratebox
piratebox comme réseau virtuel sans fil sur lequel on peut échanger des fichiers
you can do more with it, send it to the past (ref to a project done : newspaper. si on cherche une url, on est connectés en fait à cette url il y a dix ans dans l'internet archive)
19:47 Wendy starts her "bridge" between rue Gallait to Rue de Progres. We are now sitting in the fridge of the old fish shop. She is on a small stage with a webcam, plates, fluorescent green cardboard cutouts of words. People are sitting around the stage and by the fireplace, there is a bar serving organic, local beers and wines.
A beetle walks onto a dinner plate with a paper cutout of the word Jitsi. Jitsi means cables. Jitsi is a voice over IP tool. We carry our voice over the Internet Protocol. "We're numbers". The beetle slides off the plate when Wendy removes the cutouts. Dramatic twist of events. But the tragic hero finds its way back to the plate, together with a cutout of the word xmpp protocol. We talked to eachother, we found out the ip number of our machines and spoke to eachother via the machines, encrypted! Wendy shakes a cutout with an encryption key on it.
"VPN" Virtual Private Network... we wanted to create one, or a tunnel. Back to the ip addresses where the address goes through a tunnel to communicate to another machine in a secure way. Why? Sometimes a government does not allow for certain communication. Of course it has to be encrypted. We got lost in configuration...
In the afternoon we talked about the commercialisation of the internet, commercial services take care of more and more common tasks, fullfill more and more needs, making us more and more reliant, dependant. What happens if you decide to take the server back home, bring the cloud into your house? How do you do this? You have to decide to either connect or disconnect your server from the web. Everything is fine as long as you stay indoors, but as soon as you leave the house with for instance a webserver or mail or chat the trouble begins...
Ports... the source of many problems for home servers... ISP's determine what you can send and receive. We tried to get things running on a couple of boxes but it was not easy. What if we say "goodbye internet! we go parallel!"? We can simply talk face to face, or install a piratebox.
O: Traffic shaping is also a problem. ISP's analyze traffic and control the speed for different types of traffic. They can use this to optimize the use of their network, but also to discourage the use of certain types of applications.
It's a local wireless network where you can exchange files. You can do much more with it, you can send it to the past! You can create a time machine via the internet archive, showing you the url 10 years ago. You can make automatic file exchanges between boxes.
20:04 FORK WORKERS by Aymeric Mansoux
phd at goldsmiths on cultural studies : cultural impact of using free licenses
involved in floss+art for many years
research to articulate criticism to try to figure out what could be the next evolution
disclaimer : i do not hate free software, there are just things I don't really like...
"Come in, We're open". What is openness? open for what ? Openness has become hyper fashionable. Everything can be granted this magic property. If it is open, it must be good. This popularity didn't happen overnight. The core positive ideas stem from the WWII era and Carl Poppers works the open society. Catch 22 state measures only to ensure freedom of market.
regardless of one's intentions, who wants to be open ? any object can be granted this adj ? if it's open it must be good
it stems from ww2 era and karl popper in the open society
The good versus evil logic of closed proprietary systems versus open and decentralized systems is not an honest one. Stiller is warning us, police state versus contributive economy.
need for society to recognise equalitarian
norbert wiener - cybernetician : evil potential of tech dev Norbert Wiener: technology can be used for the good of mankind.
utopic vision is made obsolete, or even evil
friedrich hayek : reduction of our moral code.
liberal + cybernetics ideas are complementary : improve society by iterative changes, and not from the morals of an ideal state
market as necessary evil
free software movement seen as concrete utopia
openess is a very effective smoke screen
need to look behind the hype of participation, p2p, etc that is coming back to the popperian view of free society
binary logic : good/bad...
bernard stiegler : free software as process of individuation (that is questioning the self) : tech is a double-edged sword. updating derrida's pharmakon : choice btw a police state and a participatory society
wiener in a unpublished text : general agreement : when we have power, we'll use it wrongly. wiener's prophetic warning : in fact, the vision of the good life with tech is to be contextualized in his times. norbert weiner informs us than machine & computation can help us for good
post-scarcity society : "the problem of mankind is how to occupy his freedom" (keynes) : temporary evilness of capitalism.
Real permanent problem of mankind is not of economic nature. The real problem will be how to occupy his freedom. The leisure which science has won for him. We are marching towards a better future. However unjust the capitalist system is now, it's only temporary and all will be well soon. (Keynes)
img : 1 garçon regardant (en jouant) un écran avec qq qui joue sur son ordi à un jeu vidéo
conflict with planners & their evil communist roots
rightful form of social-engineering & laissez-faire spectrum
future good life
so no wonder that floss pleases thoughts for all kinds & also dislikes them
Free and Open Source culture is actually very much in line with neo liberalist thought, but is also used against them.
model where corporations create their own little kind of open source projects (cf android) while before they'd have hired open source projects developers
Schizophrenic identity of open source startups, registering both .org and .com, having grassroots image but also big investors. The two identities are completely codependant.
two different images : owncloud.org / owncloud.com for ex, to cater to all kind of clients
osx - darwin - freebsd
google android benefit from the linux kernel & don't give much back to linux but some people use it for combatting programmed obsolescence...
For instance android benefits a lot from linux development, and doesn't feed much back to it, but does provide an alternative to the planned obsolescense and controlling ways of the mobile phone industry.
osp ref with work on webkit
There is no "one size fits all" approach to Free and Open Source development.
in evil media (fuller/goffey) get away from black vs white to explore the various kinds of grey
focus on cultural context : should i use this stone to make a wall or to crush the skull of the person in front of me ?
achille & the tortoise paradox : infinetely getting closer to the unattainable objet
illustion of different shades of grey : moiré patterns
all the b&w elements : always moments of tension, conflict in the idealistic interfaces
classical heideggerian situation to achieve a particular action
struggles with working wth configuration files
too much has been invested in such communities, the survival mechanism is taking over
max weber's expression "spectacles of ugliness"
follow leaders/benevolent dictators into the rabbit hole
"iron cage" (weber)
abandoning homes & creating new ones from the previous ones
hence the fork : process in which a software can be taken by people to make different things
ex : tense relationship btw the linux dev & the android ones
libertarian eric raymond : nothing takes people away from forking. potentially evil : splitting the communities. forks tend to be accompany by strife & acrimony.
irony : how the idea of fork is close to creative destruction (schumpeter).
the essential fact about capitalism : always destroying, always creating
specter of greyness coming back to us. forking implicit to software potential.
the fork is seen as a form of failure in reaching consensus that should satisfy every inhabitant
fear : forking being a taboo but embedded in the system of licences
private forks contributed greatly to the advantages of floss & public forkings were rare, exhibitionnism made painful.
change : switch from centralized revision control system to decentralized one
help in reverting to previous versions
All different systems of belief together exist and create an area of greyness. "grey slide projected". Should I use this stone to make a wall for my home, or to crush the skull of the person in front of me? Stop thinking in black and white contrast. Readyness to hand Heidegger. Weber iron cages. The fork... in case of conflict, even sometimes meaningless ones, forking is used to be able to keep developing without having to reach consensus with original development team. It sports competing projects that can no longer share code, splitting developer community. it is considered a really really really bad thing to do. It wastes effort and creates conflict. Forking highlights capitalist potential of open source software development. It's inherent in foss development. It was a taboo and at the same time embedded in licenses and practice. Private forks illustrated the adaptability and customisability of foss. It was very rare though, because of the openness you always have to do this publicly and it being taboo... not done. Decentralised version control tries to solve unbalanced power in centrlized systems. Canonical launchpad gamified online development platforms.
lack of balance in the central repo with centralized approach
after some experiments with decentralized version control system : carefree orgy of gamification. karma - launchpad.net/~aymeric no more karma points but a lot where puredyne was active.
algorithmic meritocracy : with dvcs, every node has all the files
forking has become so cheap, merging & collaborating became tedious and consensus is no longer such a loved value
just fork them all
Instead of engagement, approval and consensus there is gamification, fork ... social coding -> github. One click on a button and you fork. Every project has a counter of amount of forks, making it a popular and status object. Github facilitates a lot of development and self organisation, but at the same time completely centralises a decentralised developement system. Nevertheless, github is a popular reference of the free software community. Gitorious is less individualised and puts teams ahead. Github has not released all of its tools. They have followed a similar strategy to apple and google. Open source is the right thing to do. Moral obligation to community to give back blablbla... Why not open source everything? Don't open source anything that represents core business value.
on github : a button to make fork & a counter next to it - popularity context
a decentralized system made into a huge sandbox by a company, github, for all its extra elements
why not fork github ? it's kind of the case with gitorious
github hasn't released all its code - quote from github ceo.don't open source anything that has core commercial values, after paying lip service to floss
a study last month : people put a lot of stuff on github with most of the time no license attached. github becomes the pimps for a whole generation of code exhibitionnists
"fork me on github"
Selective licensing of its vital parts. "Fork me on Github". Everyday more fork workers are joining the fork industry.
dimitri kleiner : p2p communism vs client/server capitalism
matters : woman participation in floss
Tania Modleski "feminism without women"
making the floss ecosphere hostile to women (lib upskirt incident)
porn metaphors in ruby for instance
Libupskirt story... Why did Natascha Porte decide to stop contributing to the foss community? It was actually a fork, not the mess some ppl made about the naming of her library. Most foss projects are isolated efforts with very little impact. Natascha's lib was actually making an impact. Github forked it and started development on it. So she felt both proud and sad because nobody ever contacted her about it. She considers using more obscure programming languages for her next projects, making it harder to quickly fork and appropriate pieces of software.
Natascha posts a diff on her blog. Showing the changes made to the repository. The diff shows the way her name has been moved from a beautiful status to 'contributor'. Her original motivation to write foss is that it may be used for the benefit of mankind, has made way to giving up cause self publishing code and hosting it on your own server is a lot of work and responsibility. The attractive community spirit changed into aversion because of her negative experience where individualistic and non-compromising attitude dominant on platforms such as github.
the author of lib upskirt is a woman, Natacha Porté, and she stopped contributing to floss. http://instinctive.eu
appropriation by github which caused the problem
most forks are made by one or two people, without communities
a dev from github decided to use the project for github : he made changes which were already present in the software. she was proud to have her code on github but she was unhappy to see that she had already do stuff, and that there was no cooperation, like watching an adaptation of a book.
sources have been deleted, so it's not possible to study what was done by natacha or the github dev.
in may, she posted a diff on her blog (btw upskirt & redcarpet, the fork by github dev)
[[O: is there any archiving of github and similar repositories by organizations like internet archive ? a wayback machine for software ?]]
after her comment to criticize the fork of the developer, her name got demoted from "invaluable" to "contributor". erasing the woman from the spotlight.
& ultimately she gave up
a lot of responsability to put something online : organizing ticket
her experience of floss dev : loneliness and not the community that is being sold to users
natacha nerenzikova her new nickname (??)
bullying natacha for her choice of name is too big/asymetrical when compared with the github octocat dressed as marylin monroe for instance
social dynamics are completely forgotten in these technological infrastructures. Bitbucket might be the exception... they promote collaboration through spooning instead of forking.
spooning instead of forking http://bitbucket.org/spooning
img : are you being served ? barré "am i being forked ?
Are you being served? is overshadowed by am I being forked?
constraints are the roots of all evil, esp by a central authority
they muse on equalitarian practices : a goldmine manipulated by few
the crowd are also the workers
github is an emulation of decentralized
captivating into being a node, being freed from capitalist madness, but also blinding as capitalism hasn't left the building
ayn rand : it's all far because only the most successful should be retributed
kaplan : L’Excès-l’usine, 1982
& now a small entertaining video
Github is centralised and sits on top of the biggest pile of source code ever written. It holds in its hands not only the code but also the traces of all social interactions leading to its creation. A goldmine.
Short video with an interview with the CEO of Github.
"the electricity of today's business"
bureau du fondateur de github modelé sur le bureau ovale, avec octocat à la place de l'aigle
"best t-shirts in the valley"
q : eric schrijver : constructive way to put your criticism back into open source ? how can you see for the future practices ? It seems like foss developement is more open now, more accessible. How do you see the future?
a : i'd say good luck ! articulate some criticism of free software so we can understand what goes behind the scenes
easyness & convenience are the most dangerous words, and because of that, people are manipulated into lifestyles,
in the way people are working with free software, it's getting low level (??). back to public domain, anticopyright. i can see how copyleft is not necessary relevant anymore
i don't know about trends
neoliberal denial ? Not trying to sell a new ideology. Simply looking closely at the current situation. Things ARE getting easier, but convenience and easyness are the most dangerous words I've heard in the last 10 years. People are manipulated into life style where it seems like you're being more productive but this is an illusion. I have no answer/alternative. Aknowlegding trend but what comes next, no idea.
q : with the neoliberalism, all is business models, you are reducing it to that only and it can be more. neoliberalism as a recursive mode. the dynamic is recurrent in a lot of environments in which people are experimenting
free software : where you build resistance ? and in context like github, how they erase elements, and indeed practices
Foss is part of a larger and longterm evolution, so of course it is part of neo liberal and capitalist system. You can't ignore the context and history of it, and this is also why there are no immediate solutions.
Q: where is the resistance and how do you build systems around it? (femke) Vulnurable practices cannot really exist in this pressure cooker.