 So, this talk is about Freedom Box Free Libre Personal Server built within Debian. A little bit about myself, my name is James Valeroy. I've been working on the Freedom Box project since 2013, about four years now. And I've also been a Debian maintainer since May of this year. Is the volume good? Okay, so I'll give a very brief introduction to the project, mostly for people who might not have heard about it before. And I'll mostly talk about the current status of the project. I'm going to give some technical details and talk about how you can help the project. At the end, we'll have some time for questions. So, first, what is Freedom Box? Well, it's a Debian project, also a Debian pure blend. This means that all of the software used in Freedom Box is packaged within Debian. And the purpose is to make it easy to run a personal server, especially replacing third-party services that would otherwise be collecting all your data. So we want people to run these Freedom Box in their home as their own personal server and hosting their own web apps and other network applications. And really the goal of the project is zero administration, because you shouldn't have to be a Debian expert or a system administrator to use a Freedom Box. It shouldn't require any special technical skill. So just an idea of what it looks like. This is a screenshot of Plinth, our web interface, and showing some of the apps that you can install. And so I'll talk about the current status of the project. We had our first stable release in Debian Stretch this year, meaning the core packages for Freedom Box are all in Debian Stretch. And we build live images based on using Debian Stretch for a number of different devices and virtual machines, including lots of different ARM-based single-board computers and x86 architectures as well. And besides the live images, you can turn any Debian system into a Freedom Box. There's instructions on the Wiki and how to do that right now. You have to install a package and then run a setup script. In the near future, we want to automate that step, so you just have to install a package. So talk about some of the features that are in the current release in Stable. Infanotet is the server for Gaby, the collaborative text editor. ickywiki allows you to easily create a wiki or blog. For XMPP, we have eJabberD for the server side. And we also have a XMPP web client. There's a SIP server, Repro. Mumble is a voice chat server as well. Radical is a CalDAV, CardDAV server for Calendar and Address Book. We also have Less Encrypt integration, which means you can easily acquire an official certificate for a domain that points to your Freedom Box. And then Provoxy is a web proxy that also will do some ad blocking. Open VPN, you can run the server side on the Freedom Box and then connect to it using a client on your laptop or a mobile client. Tor, we have a couple different features like you can download packages over Tor for a little bit extra privacy. You can also set up a hidden service, which will give you a .onion address, which you can access through the Tor browser. And you also have the option of running as a relay or bridge relay to help support the Tor network. Quasl as an IRC client basically keeps you connected to IRC networks. The Freedom Box will stay connected and you can access it from different devices. And then there's also a BitTorrent web interfaces. And there's other features. This is just a sample. Some of the upcoming features that are being worked on either in testing or in an upcoming release. Sync Thing is a final synchronization tool. It's mostly peer-to-peer, but the Freedom Box can act as an additional peer that's always up and running. So you always have access to your files. Matrix is a newer communication protocol, a federated communications protocol. It's become quite popular recently. And there's a home server package called Matrix Synapse. And you'll be able to install and run that on Freedom Box. Tahoe Lafts is another server where you can upload files and it does things like encrypting the files and splitting them up into different pieces that are sent to other servers. And then Diaspora, the federated social network, is currently in contrib, but I believe it will move back to Debbie and Maine in the near future. And then SSO, this basically allows you to log into one of the web apps on the Freedom Box without having to type in your password again. You just log into Plinth once and then it sets a cookie that will authenticate you to any other web apps. And just to talk about some of the supported hardware, we have live images available for a number of different single board computers, the Ola Nexino boards, which I have one up here, the QB truck and QB board, Beaglebone Black, PC Do We Know. There's also images for Raspberry Pi too. It does currently use non-free firmware, but there's free firmware replacement being developed now. It's just not quite at a state where we can use it for our purposes. And then besides that, there's images for x86 architectures and virtual machines. But besides all that, if you don't have one of the devices on this list, but you have a device that can run Debbie in, of course it can also be a Freedom Box. Okay, now I'll just give a quick demo. That's quite large. So this is the front page of Plinth where it shows all the apps that you have installed and are currently enabled. And basically, you can click on some of these services and it'll show you some information and you can go to configure it. And then for apps, like web apps, you can click and it'll just take you to the application. Then up here you have the list of apps, all the ones that are available to install. And typically click on one of those and it'll give you some status of the service and some basic configuration as well. And then there's a help button which has the manual and about page, the configuration tab, some basic system configuration options in here. Like if you wanted to get a lesson and crypt certificate, you could do that through this page. Or if you wanted to set up the network, there's basically a front end to network manager where you can configure a network through here and a number of other options. But I'll talk more about those later. I just want to talk about some of the core packages that we use in the FreedomBox. FreedomBox setup is the main package that depends on everything else basically. So it depends on Plinth, the web interface, Apache 2, and some other useful tools. And it also contains the setup scripts which mostly just are to enable certain Apache modules that we use or that we expect. And it also includes first boot scripts. These will, if you use a live image and you boot up the device, it'll check like the current network topology to configure the network connections and also generate keys for like SSH and SSL if they're needed. So Plinth, the web interface, is a Python application using the Django framework. It has a very modular design, essentially one module per application. And a Plinth module is really just a Django app with some extra fields. And what a module might do is just install the packages using apt, do some configuration. Typically we try to use devconf or agius for the configuration. And also provide basic service status and configuration forms. And then Freedom Maker is our live image building tool. It uses VMD bootstrap, but it has a customized script to set it up as a freedom box. And also some hardware specific setup like to make sure that UBoot gets put in the right place of the disk image. And just want to talk about some of the other packages that we rely on throughout Debian. So yeah, agius, the configuration tool. Avahi is the MDNS server. This allows you, if you have a freedom box running on your local network, you can typically type it, open a web browser and just type in like freedombox.local and it'll take you right to the box. Assuming the client also supports MDNS. Serpa is the package that handles Let's Encrypt. Edgekeeper will take the contents of slash ETC and check it into a Git repository. Easy IP update is used for the dynamic DNS module. We have Firewall D, which is really just a front end to IP tables. Network manager, NTP to set the date and time on the box. Snapper, if you use the butterfs file system, you can use snapper to create snapshots of the full file system and also roll back to a previous one. Open LDAP is used to store all the user information. We're planning to add a lot more fine-grained control like which applications a certain user can access. PageKite is another way to get around like a NAT or Firewall, but it only supports certain protocols like HTTP or SSH. Tor, I talked about already, and unintended upgrades basically will check every day to see if there's any new package updates available and try to install them. So just talk about some ways you can help as far as packaging. Since we only use software in Debian, you might notice a lot of web apps are not packaged already, so if you see a web app that you like, please consider packaging it. We also have a page on the wiki called Leaving the Cloud. This is categorized with each section refers to a third-party service, and there's a list of alternatives, free software that might be packaged to provide an alternative to that service. And then as far as package setup, consider things that would make it easier for an end user to host a service. So even things like including a system D service file. So to start the service, and then if you have a database, consider doing the database setup with the package configuration. So there's a package called dbconfig common, which can handle that. And really anything else that might make it easier to host a package. A web server configuration snippet, for example. And we also have a Freedombox packaging team, which is mainly maintaining the core packages that I mentioned. And then beyond that, people interested in Freedombox will also try to help out send patches to other packages that we use. They're typically maintained outside of this team and other teams. Some other ways you can help the project. The reproducible builds effort. This link has basically the entire package set of Freedombox and showing which ones are reproducible and which ones are not. And it should have also the bugs where you can try to send patches to help with that. And then security hardening. I don't know too much about this topic, but I guess in system D service files, there are certain things you can add to limit the privileges of the service. So just consider doing that for different services. And then also app armor is currently being discussed as a default for WN. So contributing profiles to packages would also help. Other ways to help hardware support. Like I said, if Debian can run on a device, then it can also be a Freedombox. So if you can get Debian running on more devices, that would certainly help us. Documentation, the end user manual is on the wiki. So you can contribute to that. And then for translations, we use this web late service for translating plinth. But then also the manual needs translations too, and that's done on the wiki. Okay, just want to talk about a couple... Is this okay? All right. Okay, so one kind of big issue I want to talk about deals with configuration of packages. Often we want to do some configuration to set up a package for use on Freedombox. The problem is if the configuration we want to modify is a cont file installed by a d-package. And then when you try to upgrade the package, of course you got a prompt asking you which one do you want to keep, the old one or the new one. So this makes unattended upgrades impossible because it doesn't know which version to keep. And of course our users are not technical, they don't have any technical skills, so they don't know which version to keep either. Or they don't know how to merge together to get what they want. So I guess one way that I've seen to work around this is instead of shipping a cont file, you generate the configuration in the post-ins of the package. And then there's different ways to do this. Some people use UCF, which can do like a three-way merge of the old configuration and the new configuration. But ultimately we really need the maintainer to handle upgrading the configuration to support the new version of the package. And then also DebConf is very useful for us because it's very easy for us to do configuration that way. And it also limits the kinds of changes that you might expect in the configuration file. So the maintainer knows what to expect. So they can handle the upgrade that way. So maybe some of you have other ideas on this topic that you can suggest. Some other things I just wanted to mention. Backup and restore is a big topic for us, a big issue. I guess there's two different sides. There's the full system backup and then backing up of individual application data. And you really need both because if a user wants to migrate from one hardware device to another, they want to just take their application data with them. I don't have any great solutions here, but it would be nice if there was a standard Debian way to tell a package, produce a backup of your data, or here's a backup that I want you to restore. Promoting blends. Just the idea is that once you've installed Debian, how do you find out about the blends that are available? So that's just something to think about. And at one time, I guess there was an effort to list all the blends in the Debian installer, but I guess there were also some problems with that approach. So maybe think about other ways to approach that problem. And I mentioned the live image builds which are currently not using Debian infrastructure. So what would it take to actually do live image builds using the Debian infrastructure? And then also the plinth upstream development currently is on GitHub, just mostly for historical reasons, that's kind of where that project started. But we would actually like to move it off of GitHub to another place. I know there is discussion within Debian of either replacing alias or upgrading it to something new and more user friendly. So we would definitely be interested in using that for plinth as well. And then here are some links. We have a landing page at freedombox.org, Wiki on the Debian Wiki, mailing list, and IRC channel. And I can also mention, if you go to freedombox.org, let me show that real quick. It has a link to download all the current images, live images here. And it also has some links at the bottom to the Wiki page or the manual. So you can navigate around that. So that's pretty much all I had to talk about. So are there any questions? One in the back? The question is that I have a NAS box with four disk enclosures. However, your support page does not list any devices that can support two or more disks. Do you have any plans for supporting radar or stimulus setup? Yeah, so the question was about a NAS box that had multiple disk drives. Does it run Debian or can it run Debian? I mean, I would just try installing Debian on it and then install Freedombox and see if it works. RAID setup. We don't have any specific support for that. So it would just be whatever is supported in the normal Debian install. Yes. I'd like to repeat some questions from the IRC. First, are there any plans to use Node.js? Node.js, the programming language? Yeah, the server. If there was a web application that used Node.js, it could certainly be supported. The main topic would be someone would have to package the web application. The second question, are there when and where will it be possible to buy Freedombox? I'm not personally involved in trying to sell Freedomboxes right now. I know the Freedombox foundation had talked about putting together like a development kit and so I make that available for sale. As far as I know, it's still really in the planning phase. On the other slide, you have propagate blends. What are you doing about this? I tried it before your talk, but I think it was not so interesting. Which one? You wanted to propagate the blends idea on one of your slides. Future plans? No, it was later. You have said one item was propagate blends. I didn't understand that. You wanted to propagate blends. Promote. Debian blends. Ah, blends. Okay, sorry. Yes, that was here. How do you do this? It's not really just a topic for me, but really for all of Debian I think and all of Debian blends especially. I don't have any specific approach to it. It was really just an idea to throw out there. Hello. Thanks for the presentation. I have a question. So it's supposed to be like a server, right? It's supposed to be small. So I have a question, for example, why there would be a need then for a network manager or an NTP if they can be easily replaced with the existing stuff that comes with Debian, like with SystemD, TimeSync, ResolveD, NetworkD. Yeah, and if you also support Raspberry Pi 3. Okay. I mean, if you have an approach to replace network manager with something else or NTP with something else, we can certainly look at that suggestion. I haven't found them to be typically too much blow. I mean, compared to other things, like the applications take up a lot more space, I think, than these services. And the other question was about Raspberry Pi 3. I'm working on building a live image to support that. So while the mic is running, let me ask, you said you have a lot of unpacked web applications. I don't know anything about web applications, but she seems to be pretty clever, and she's doing this or working with this Sandstorm project or company. Do you know anything about Sandstorm or intend to explore it? I've certainly been following the Sandstorm project as well, but the main difference I see is Sandstorm uses things that are outside of Debian, not just things inside Debian. Right? Okay, so, you know, would it make sense to support Sandstorm within a Freedom Box install to have a Sandstorm container or whatever it is? I think that would be kind of outside the scope of Freedom Box itself, but if someone wanted to create a derivative project that included Sandstorm, they could certainly do that. Okay. Sorry, regarding this, still, regarding the replacement, that's why I was asking the stuff, which I mentioned, the system, the network, the resolve, the time swing, they come with Debian, they come with SystemD, so you don't need network manager and NTP whatsoever, like at all. So you just need to enable stuff which already is there in Debian, and everything will be working. You will be getting the network time, you will be getting the network. Of course, there is no kind of hook or like switching or like network interfaces or stuff, but since it's supposed to be a server, it's supposed to have only one interface. Hi, I'm B-Dale. You're making a couple of interesting assumptions. One of them is, you're starting off saying, gee, isn't Freedom Box just supposed to be a server? The problem is, well, yes, it's a server, but there's a lot of different ways it might be used. There are some people who are primarily interested, for example, in having something that sits in their house and provides a set of services, and in that case, the network configuration is probably quite simple and reasonably static. But there are other people that are very interested in taking these and dropping them in places where some social action is happening. And at that point, all of a sudden, the device might be as much of a network client in need to have VPN configurations and things like that. So there's an element of generality that comes with things like Network Manager that aren't necessarily there with some of the underlying replacements. NTP is an example of something I think you could have a long conversation about, because as the former maintainer of the NTP stuff in Debian, I learned that there are many different people very differently about how NTP should be configured and where it should fit in the network start-up sequence and all of that. The other thing I wanted to mention, though, is that I don't have... I can eat it more? Wow. Okay, fine. Yeah, so the thing I was trying to suggest is you have to be careful about being too specific in what you think Freedom Box is supposed to be in terms of where it fits in the network, there are very different ideas about how they want to use this and where it might fall in the network config and so forth. A very reasonable configuration, for example, is to use it primarily as a way to have a pre-voxy instance between your random clients that don't understand how to do privacy-enhancing things and the rest of the net. And so you have to be careful when you say things like, gee, can't this be made simpler. The other thing I wanted to point out is that the work on Freedom Box predates a sense of system D. So going, gee, why aren't you just using all these things? Feel free to dive in and help them update, change, and improve. I'm sure they'd love to help. Thanks. Fair enough. I didn't see the other use case, so that's why. But thanks for bringing this up. Just to continue on as far as Freedom Box being used in different contexts, actually in these rural villages in India, they're setting up Freedom Boxes to serve Wi-Fi to the entire village and then also host, like, music streaming sites on the box. I was hoping to show a picture of that, but I didn't get one in time. A few other questions from the IOC? If I put Freedom Box on my QB truck, can it continue to be my miss TV backend? That is, can you mix arbitrary Debian packages with Freedom Box? It depends. Like in some cases, for example, if you had a different web server besides Apache and you tried to install Apache on top of that, there might be some conflicts there. If you have some technical skills, you're acting as the administrator, you're setting up the box, then certainly I'm sure you could find a way to make them work side by side. But that really depends on specifically your configuration and what you're doing with the box. So, not officially supported, but if you know what you're doing, basically? Yes. Okay. I guess the one who asked that question knows what he's doing. And another question, not a question, but a comment. A solution for the backup issue. Have model developers make their own backup and restore scripts? You said module developers? Model, application, whatever the... Application. Yeah, application. I assume the best person to do that is actually the package maintainer of the application that we're talking about. Maybe some people have other opinions on that. Hi, thanks for bringing this presentation to us today. I'm not sure. I had my eyes elsewhere in the room perhaps at the moment, but I think I missed if there's still own cloud or next cloud support. Was it dropped and why? Or is it there and I missed it? Yeah, own cloud was dropped from Debian entirely. Right. Naturally, we dropped it as well from Freedombox. Okay. Certainly can't install it. Okay. Yes. So is Sync thing going to replace the file sharing services that own cloud or next cloud would have supported? Yeah, I think it's a decent replacement for that part, the file sharing and synchronization part. Okay. Thanks. Yes. What happened to Charlie, the bookmark application? That was also dropped from Debian. So it's not installable, of course, and stable. I'm actually working on packaging it in Debian again, but really just going through some of the dependencies right now that need to be packaged. And also if someone knows a good alternative to Charlie for providing the same kind of bookmarking service, that would be good to look at as well. Do you still support first revision of Raspberry Pi? Because I can see like the stable version image on your download site for the 0.9. I can see like image, but... You're talking about the original Raspberry Pi? Yeah, first revision, yeah. I had an issue building the image recently. That's the only reason that we haven't built it up there. But I will say that one certainly does not use like Debian packaged kernel. So yeah, you might just want to consider that. Go ahead. So the own cloud question was actually quite a good example. What impacts, or how blends in Debian are actually related to the actual packages? Because if we all are or become a fan of Freedombox and then we have a feature in stable and then that stable becomes old stable and suddenly the features, some of the features are gone, that's related to actually packages not being maintained for some reason or another. So, especially with own cloud, the issue was that on cloud upstream refused to provide security patches for old version of on cloud. So, but if we actually want to support a blend like Freedombox, we as package maintainers have to keep our packages in shape if it's used in your blend and then all is fine. Also, if we decide to drop a package, we should consider, and talking sort of to myself and to people in the room here, that we actually become a bit more aware of where is my package actually used. So, and if you're talking about blends to actually make a consumer product out of Freedombox, then this goes, you know, steps and steps further. So, yeah, it's just blends are important in Debian. I think behind you there's another question. Anything else? If not, we can wrap up here and I'll be around if anyone else wants to come up and ask a question. All right, thanks everyone.