 We've got Run Your Own Instructing Part 2 with McFly and Coat, so run report. Hello, so I think I just can turn this down. I'll just take the other one. I'll take this one. This one down. And this one, I'd like to use this one. Oh, we can just... Okay. Hello and welcome. I'm McFly. This is Tuck Scouter. And this is Rewaner. And we are basically from Miliways. Who of you don't know what Miliways is? We are actually pretty bad. Okay. Miliways is a village of hackers that show users whatever show up on hacker camps. First traces go back to the CCC camp in 1999. We've been on all German, Dutch and American camps since then. This is our first English camp, though. And yeah. In total, this is a group of around 200 people with lots of needs of communication and coordination. And that got to some points. Why? The title of the talk is Run Your Own Facking Infrastructure. And basically the question is why? I'm around for a bit. And at one time, some years ago, I noticed that in the earlier days everybody was running its own mail server and all the other infrastructure. Some of the older ones in here might agree on that or disagree on that. But in the latest times, it's becoming more and more that people use public free web mailers like Gmail or in Germany GameX or Telecom Mail or I think BT. I'm sure offer something for that. Yahoo! And I got kind of annoyed with that. So I gave a rant talk, slightly drunk on the tour camp in America two years ago. Because they were organizing the tour camp at that time on Google groups. The organizers were all just reachable via Gmail and all that which was kind of annoying because we had a talk that we didn't want others to be able to know about this talk before. So can you read that? Those of you who cannot read that should move in a bit closer. Why should I run? I think not everything's on the screen. Why should I run my own stuff? It's so easy to put everything in the cloud. The reason for that might, and this is the number two of the talks, I'm just giving a briefly introduction on that. The problem was also with the web and free mailers and all that stuff we get for free on the market is that governments have access. In the earlier days that meant the American government had access to all those free mailers today that basically means if you put your stuff on something like Gmail, all of the governments will have access. Maybe not the Iranian government, maybe not the Syrian government, but everybody who's kind of partner with the American government will get access to that. But this is also not one of the biggest issues. One of the issues is also that the provider of those data might modify his service. Things that have been free for a while get payment only. Features move behind paywalls nowadays. So you might get used to software and to features you will possibly not be able to access for that. This is very close with the change of terms of conditions. Providers giving themselves the right to do basically everything, what you do over and in them and with the data you store in them. And a lot of you might know providers actually might cancel service. There are hundreds of examples of services that have moved out of production or whatever you call that. In Germany for example, Facebook had a counterpart. Studi for that, Schiller for that, and lots of people went in there and basically it doesn't exist anymore. It doesn't only basically doesn't exist anymore, it got shut off. Also for example, of those of you who bought music via the first Microsoft services, there are copyright server where you validate your music against was shut off a year ago, so all your music is worthless today. Provider might modify data. And this is by this I don't not only mean adding watermarks to pictures that get uploaded to providers. But for example, if you're listening to YouTube in some countries and say things like, fuck you mind five thousand that you talk has automatic beeping service for some words, which kind of is modifying my data. If I would give a talk and say fuck all the time and just beep beep beep, but quite interesting. I was astonished, I didn't believe that really does exist. Provider might steal data, which is rather rare, but the most important thing of that is providers might get hacked. So if you trust your data to a provider, you might find yourself in the situation at some points that some groups have pasted your personal, including your credit card information all over the internet. As has happened, I'm sure we all know lots of examples. I think one of the important points in there is there was a website called hassonybeenhackedthisweek.com and for a pretty long time they just said the same web page, just saying yes all the time. So if you're using the PSN network, for example, I'm pretty sure you know the data has to be your data around on the internet, which is something you'd rather prefer to avoid. The main point behind this is, are you and your providers' interests really aligned? The company you're giving your data, if you're running the cloud, is mainly interested in profit. This actually is this way by law. In Germany the law says you're a corporation if you intend to earn money and if you're a corporation you have to intend to earn money. There is only one service provider whose interests are always aligned with yours, that's ultimately yourself. You always have to remember if it's free, you're the product. You know that from Facebook, right? Running your own infrastructure comes with problems. We wanted to mention that. If you run your own server and install a WordPress and a media wiki and then keep running your own hackerspace for another four or five years without updating your WordPress and a media wiki ever, you will have a bad time. You should remember this, running your own infrastructure that it comes with risk but this is a hacker conference, most of you are staying in hacker spaces so I think you should take up that challenge and update your servers. To help that, by the way, Moonen and Nagyos are offering your plugins to control your server if some software is to be updated. So, the service is actually pretty useful. So what we're going to present now is after the rent why you shouldn't run it anymore is the setup we have found in Familiways that works, that is kind of documented and we swear to work on this in the next weeks but what we present here is I think something that in our opinion groups out there and hackerspaces out there should set up in their own hackerspace because quite frankly not everybody is able to run a server but who of you is not associated with a hackerspace and does not have a hackerspace in the city? So, give me your cities, I'll find you the next hackerspace. For a long time, as I said before, it was really important to run your own shit it basically has been impossible to get on the right and the interesting mailing list with the public webmailer and I think we need to get back to this and what are things that actually are worth running by yourself and your hackerspace? Most hackerspaces have a wiki already, some hackerspaces have a block both of that is I think down to like 50% but things are very useful to run on a hackerspace and things like your mail server, address book, calendar, I'm just summing it up Who of you is in a hackerspace where a hackerspace has their mailing list at Google Groups or any other public webmailer? So yeah, take this as a challenge after that to improve your hackerspace there if you need any help, talk to us. Besides the mailing list, the block, there are things like project software if you have a hackerspace sometimes and those hackerspace actually awesome things happen for smaller things you don't need any project management but I don't know if you do things like you travel to a hacker camp on a strange island somewhere over behind the water it actually helps to have something like project software and we also come to things like cloud storage, wiki pads we'll not mention in this talk but there also is things like service networks especially VPN where there's the KS VPN and other things that are very interesting to run in your own hackerspace All of them are pretty easy Okay, okay, okay Yeah, we are using an LDAP system on our server to authenticate all the users with one account and one password and we have some scripts to generate accounts and to basically allow people to register themselves it's pretty dirty and kind of quick so we'll probably fix it, never but yeah, we have a hidden web interface you can register yourself and we will accept your user account or we may not, it's pretty easy and all our servers authenticate against LDAP so that works The mail is my part and we use postfix with LDAP notification for outgoing emails Dove code for eMap and incoming emails and roundcube as a webmailer Mailman is using for mailing lists on our other server and yes Yes, we have a global rule for anti-spam spam automatically moves into a chunk folder and yeah, basically that's it We also have sieve and yeah which is kind of useful And for Java, so XMPP we are using prosody and we configured so it's client-to-server TLS as mandatory it's just, it's set up in like 10 minutes Yeah, and then we have caldev, cartdev we use oncloud right now only for caldev and cartdev not for data stuff It might be sound running oncloud for just this is might sound very dirty but actually we found out that if you try to authenticate against LDAP most of the solutions we found on the market we ended up with oncloud after like 5 or 6 different things we tried some of them have incredible high CPU usage some of them are incredible slow and some of them actually lose pretty frequently your address book or your calendar So all the solutions we came up is a process of some of them weeks of lots of data because solutions we haven't we haven't been ending up with here with kind of not so awesome as they give you the first impression Open source can suck too It usually does suck And we have cloud file storage which we are using a C file for It's like oncloud but not in PHP and it has clients for basically everything LDAP integration is easy and you can have like picture albums and stuff and it's encrypted It just works The good part in there is the group features That is really one of the most awesome things to have one chat folder that is just synced into the notebook so adding things or getting things out of there becomes very very very easy so easy that people actually use it and this is the problem with most of the stuff the nerds from the kind of knock of the hacker space put up like nobody ever uses it and if you want to build something that is for hackers only you will end up in the situation that most of the people from your hacker space will like it will tell it to others does it exist and that it's awesome, that it's there well simply not using it This is a major problem because it kills your motivation in a hacker space so things need to be easy and things need to be well documented so actually the average user who is not an admin can actually do that and then there is project management which we use to build this stuff and which we use to plan or trip to Britain with the ferry and stuff it's easy to set up and run if you are not using nginx as web server Also you moved the new hacker space No, puppets is for nerds only and therefore forbidden on those servers but the project management tool is something that needs like 10 minutes to set up and you possibly won't use it for a while everybody gets an account in there and then you have to move to a new venue a new location with your hacker space and that most likely is for a lot of hacker space the first time they really realize how useful tools like real project management tools are in a hacker space Sure, small projects can easily be built without such tools but bigger things, it's very very useful at least what we think there We also have a media wiki but I think most spaces game up to that already A ticket master is somebody in the hacker space who is willing to clean up the ticket system It's like cleaning up your hacker space just it's done in 5 minutes and you don't need to stand up and get your hands dirty But there is still stuff to be done we would like to have a WordPress block for every user I think that should mean as as planned okay and streaming servers for audio and video would be kind of nice to have yeah and there's more to be done So yeah, the issue really is that in the last days we got the habit of moving more and more to the cloud I don't think the cloud itself is a bad feature just it should be your own cloud and this can be done with several things it's way easier than you think and the experienced UNIX masters in here might think what is he talking about? this is all just very trivial things to set up but actually I tried to find a hacker space who has gone that far and usually you get mailing lists usually you got a block some of them have a Java service and some rare ones in Germany have projects because Germans like to be over organized but we think it really is worth it and we'd like to motivate you and the other people to change that culture back and move your emails back to people that are closer to you the advantage of hosting your email in your own hacker space and not with Gmail is actually pretty easy one you can't hit the admin of your Google emails with a stick if you have your email with Google but you can do that in a hacker space and that's actually pretty good and useful feature in the way of you have a direct communication way to your administrator you can talk to them directly and modifying and other things new things is way way easier if you're just able to hit him with a stick or alternatively bring him a box of Club Marta or anything like that to motivate him to do things and the point behind this really is we really would like to motivate you to move your stuff back to yourself not for everybody into everything not for everybody not everybody needs to run its own server but in general we think where the hacker space should if you want to get more information about that if you want to discuss that usually at this point when I'm at the talk there's some unique guy standing up and saying yes but why post fix isn't like X seem way better if your opinion in there is mail pile is better please come down to me the ways we'd like to discuss that especially if you have a developer of mail file for all the others well also come down to me the ways and just like Gus this after us I think we have good reasons but if you're an experienced administrator running your stuff for your hacker space and your tons of experience with X seem really use XM and if you're really lazy but not too lazy there's a whole complete Linux distribution with all this stuff inside actually it's called sential and it's just everything in there including open exchange and XMPP it's very easy to set up but you can't really modify it that easy you can modify it because it's the Linux but not really that easy okay we're coming to the end of the talks we want to give you some the chance to give you some questions so we're coming to the thanks section first of you I'd like to express a big thank you and I think it was an applause to the American government for spying us so badly so everybody now understands that you should run your own shit and encrypt your own shit because I think nothing has ever helped that much in enforcing encryption that came out of this known thing so thank you American government you really made this talk and the discussion about this talk way easier but I'd like to express my thanks for all the admins that run shit for me because actually some other people do run stuff for me and I think you should also if you have an admin straight on your hackerspace that does all the stuff for him get him a clip mod, some clip mod or some good things he likes from time to time keeps those people motivated next thanks comes to the Millieways village that basically has created the minimum demand and also therefore has helped for a lot of the risk but in the end we're close to the thought you know and heard that Millieways is basically donation run I would like to support you we nearly collected like 800 pounds yesterday on the whiskey on the last days on the whiskey on the beyond the stuff also some of you might have seen that we have this nice fancy challenge coins which is actually kind of a way for us to raise funds to go over to the ferry because you might have heard from my accent the German and the ferry the food trail and that stuff is like 500 pounds alone if you drive from the Netherlands so we still have some challenge coins left those of you who might be interested in what that is can come to the front and have a look at it I think there are like 30 left so get one that would be our ferry together so any questions for that? we're coming to an end did I talk the blood out of ears? have you considered hello? have you considered using GitLab for hosting your code base? Git is in the name of one of the tools we store code and also it's also in the C file and we would put it we don't care it's open source the stuff we created is at the moment we need to clean up so we're not too ashamed to present it to the real public but it's working and we never intended to keep it back and keep it closed source it should be open source because I think especially the LDAP setup where we wrote the code for that might look it will save you a lot of time if you start with your LDAP setup we're from there and if you have improvements Git is something very useful for that to have a pull request in there so we'll end up with something like Git in the name we also have it on our Git server we'll run more things that I mentioned on the slides maybe not surprisingly more questions any things you would like to see in such a setup because the idea we have is just actually setting it up and documenting it so other people can set it up way easier if both hackerspaces use C file that's actually a very interesting feature that you can do this over the other C files too so you can create groups and you have people from other hackerspaces you also have a C file in that group sorry I should have got to the mic first what do you reckon to diaspora as a means of communication because you can run your own pods and things I like it I have run my own pod like 3 years ago it wasn't the pain in the ass at that time we are at the point where I think it should be worth trying again the problem is people hardly use it to be very really honest I like the idea way more than Facebook obviously because like see the title of my talk but with social network the problem is you need to go where the people are and diaspora is a nice idea and I hope that as Facebook spikes even worse than the American government or not which they actually might everybody moves over to diaspora but I'm not seeing that at the moment but yes diaspora spot is something also very interesting to run there last time I tried it was pretty much pain in the ass are you a developer there no I just started using it a while ago because I don't like Facebook I want to run my own pod at some point but it looks a bit tricky it's kind of pain in the ass to set out we got it working but it it doesn't have as many developers as Facebook has obviously but I like it any more questions VPN we have a VPN solution that's called VPN I gave several talks on that it's a meshed system that I might expand you down at Millieways because that will blow this talk here but yes we do have a VPN solution behind that possible things there are open VPN and as we use HackCast VPN which is VPN from mostly or from a lot of german hacker spaces around the CCC that is intended to connect hacker spaces but we left that out in the talk because that will blow this talk can you connect anonymously that depends on your server setup you can set up your server in a way that it's just a hidden service in TOR this is one of the nice things actually running on infrastructure is you can modify those things if you connect to TOR no if you connect to KS VPN you see that there is a VPN connection and that's it same with open VPN so if you would like to have a look at challenge coins and maybe get one as there are still some come over here we'd really like to appreciate that because this things pays the free beer we're giving out at Millieways