Boxes – Doosjes – Boîtes

Summary

This afternoon we talked about the commercialization of the internet, commercial services take care of more and more common tasks, fulfill more and more needs, making us more and more reliant and dependent. What happens if you decide to take the server back home? How to bring the cloud into your house? How do you do this? You have to decide either to connect or disconnect your server from the web. Everything is fine as long as you stay indoors, but as soon as you leave your home with, for instance a webserver or an email or a chat, trouble begins…

This workshop aimed to look at alternative models of how self-hosting survives and provides different protocols of offline, encrypted or anonymous file sharing systems. Is it possible to stay anonymous and encrypted on Web.2.0? Going through different sets of tools developed to enable us to build an independent and decentralized infrastructure.


PC132979.JPG, Michael Murtaugh, 2013-Dec-13, 20:08:29, 4032×3024px

Glossary

Freedom box
<https://freedomboxfoundation.org> Freedom box is an initiative by Eben Moglen. Freedom box has not released software yet, there is only a developer version, which focuses on infrastructure and architecture.

Project Byzantium
<http://project-byzantium.org> Project Byzantium is a live Linux distribution that delivers easy-to-use, secure, and robust mesh networking capabilities. The goal of Project Byzantium is to develop a communication system by which users can connect to each other and share information in the absence of convenient access to the Internet. This is done by setting up an ad-hoc wireless mesh network that offers services which replace popular websites often used for this purpose, such as Twitter and IRC.

Project Meshnet
<https://projectmeshnet.org> The objective of Project Meshnet is to create a versatile, decentralized network built on secure protocols for routing traffic over private mesh or public Internet working independently from a central supporting infrastructure. Project Meshnet is an effort to replace the existing Internet, a goal born from the /r/darknetplan community. It aims to use a combination of software and hardware to achieve the goal of a censorship-free Internet. The software basis of Project Meshnet is Cjdns, which allows nearby devices to connect to each other without the Internet. Cjdns is being used to build a network similar to the Internet called Hyperboria.

SuperGlue
<http://superglue.it> SuperGlue is a user-friendly platform, which allows you to make your own websites and run them from a mini-server installed in your home. This means that SuperGlue bypasses dependence on unnecessary mid-service providers, which cost money and control your data. SuperGlue allows you to create a highly personalized web and define how you share it with others.

Piratebox
<http://daviddarts.com/piratebox-diy-openwrt> A PirateBox is a portable electronic device often consisting of a router and a device for storing information, creating a wireless network that allows users who are connected to share files anonymously and locally. By definition, this device is disconnected from the Internet.

 
 
 


Yunohost
<http://yunohost.org> Yunohost is a fully-automated personal server distribution based on Debian. By default it provides a preconfigured mailserver, instant messaging, and webserver, with a web-application portal to simply access and add services through your web browser. YunoHost is a server operating system aiming to make self-hosting accessible to everyone. All DNS setup is automatic, it provides dynDNS service. This is the main difference between ArkOS and YunoHost.

Forban
<http://foo.be/forban> Forban is a peer2peer filesharing application for link-local and local area networks. Forban works independently from the Internet and uses only the local area capabilities to announce, discover, search or share files. Forban relies on HTTP and is “opportunistic”. The name took its origin from the old French word forban, which means a kind of pirate). “Forban” can also be a play word in English at a time when government or corporate want to ban access to the Internet.

Notes

Read the live notes here: <http://vj14.constantvzw.org/r/notes::friday>

Wendy introduces the workshop, showing pizza box servers.

We’ll look at two different kinds of servers. This workshop looks into several projects that exist out there to facilitate self-hosting.

Wendy explains the differences between self-hosting and hosting for yourself.

There are three major problems that occur with self-hosting systems. The first problem of self-hosting is that the IP address of the hosting is changing constantly, therefore the register server has to be informed. The Internet providers provide an automatic service for these actualizations. Thesecond problem is that you are responsible for your data and hence, if your server crashes, you won’t be able to send data —this means backups, cooling and those kinds of software and hardware responsibilities. Third the router configuration… And the subproblems which occur there.

guest – “guest”
When do you get a name in a configuration?
Who is in power to use this?
It depends on your connection : )

  1. Port opening. Protocols run on standards ports (e.g. HTTP). By default the router will block the incoming connections, so nobody will be able to speak to you from outer servers. Actually you have to tell your router that you want to allow connections from whichever servers. In order to open the port, you have to connect on your router interface (by default the address of the router is: 192.168.1.1) and on this interface or even more easy: UPNP will open it automatically.
  2. Most open the 25 port (the mail port) by default.
    So: the 25 block.
  3. You must be aware of what is your private IP address (192.168.XX). It is written on the back of your router.

Wendy sums up: Once you’ve solved 1, 2 and 3, then you’re able to host yourself ;-)

Our machines are slower to upload, because they’re installed as Clients.
The servers can actually be small creatures running on battery, you can hide them, versatility, people can jump on them, etc.

14h26 → Wendy introduces the Freedom box, which is based on the idea to bring some things back into your home like hosting your own services, encryption, etc. They are taking their time to try and make it really secure because it is nice to do self-hosting, but it comes with a huge responsibility. You will have to ensure the security and privacy of your data and the data of those who are using your services.

Kettle sings, water is boiling
What would you put on a pocket server?
jitsy, back up, mailserver, sharing files, protection against spam
AMAVIS is an undefined creature living on the server and reproducing in a light way.

Ama-vis → Love-fish → Fish-love


Wendy
Pieter, can I say that openwrt is a system that works on a lot of networking devices? I feel like a sales person. It has software you can hack. USB deaddrops in 2009.

Pieter
Then the idea was taken to another level with the Piratebox. You don’t know who’s accessing it. It’s a little access point (a wireless network) that pops up in your list of Internet connections. Once you connect to it, you go through a browser…

Ports are the source of many problems for home servers… ISPs determine what you can send and receive. We tried to get things running on a couple of boxes but it was not that easy. What if we say “Goodbye Internet! We go parallel!”? We can simply talk face to face, or communicate offline by running a Piratebox.

Traffic shaping is also a problem. ISPs analyze traffic and control the speed for different types of traffic. Internet providers can use this to optimize the use of their network, but also to discourage the use of only certain types of applications.

Audience
What happens if your box is not connected to the Internet?

Wendy
For 72 hours, emails will keep on being sent to your address and after that they are bounced. Belgacom blocks port 25 to fight off a lot of spam and viruses. That caused a problem when Denis tried to install YunoHost. Yunohost is a small team, mostly developers, based in France and Canada, and contributors. It has started last year (summer 2012). The idea is to share a configuration. He contacted the developers and Kload (Alexis Gavoty) got in touch with him. Kload happened to live in Brussels and is joining the workshop to showcase the project.

Coughing, straightening backs.

Cloned git repositories <https://github.com/YunoHost/install_script>
and started installing…

 


Audience
This promise of ease, can you live up to it?

Wendy
It is never easy, even when it looks easy… We have to stop talking and start trying now to see how that works out.

Kload
It’s not easy but we can try to make it more accessible. Someone mentions there are two roles in self-hosting, the admin role and the user role. The admin has to face the problems of installing and maintaining the homeserver, the users don’t.

Audience
There are browser tools for managing your server.

Kload
You have to administrate your box, you have root access, but we’re trying to make it as smooth and as easy as possible.

Feels like sys admin course in one day.
“Promise of easiness” but it quickly reaches the point where it is not easy anymore.

Wendy
Let’s start trying things out! You can choose to try out either self-hosting or Piratebox. You can either install from scratch, or modify existing installs, try Forban, which if installed on a Piratebox, will take over all content from any reachable Piratebox in its surroundings.

16h03 → The group splits up into two tables, a Piratebox table and a self-hosting table. The self-hosting table is led by Kload who demonstrates how to run YunoHost on a Beagleboard-xm. <http://beagleboard.org/>

Step 1: Check if Git is installed, if not, install.
Use Git to clone the install script.
This is a how-to explanation in French: <https://github.com/YunoHost/install_script>.

$ cd /tmp 
$ git clone https://github.com/YunoHost/install_script.git
$ cd install_script/
$ chmod o+x install_yunohost
$ ./autoinstall_yunohostv2 test

The server adventures continue…

16h19 → It can take quite some time to install… assumes Kload.

Alternative to hosting at home: VPS (Virtual Private Server), you rent serverspace and install it there, it saves a lot of trouble and it is very fast. Problems you might encounter at home:

  1. Home — Belgacom ( Internet Provider) — CLOUD = dynamic DNS == problems
  2. You are responsible for the hardware. If your server crashes you have to fix it and make sure there are back‑ups, hardware maintainance. Not only the hands-on maintainance, you also have to buy the hardware. RaspberryPi is $40 but won’t suffice if you are running a lot of services.
  3. Router

Port opening: different protocols run on standard ports. There are about 36.000 different types of ports. By default the router blocks every port for incoming traffic. Nobody will be able to connect. You have to unblock certain ports, for mail port 25 for instance. You have to connect to your router’s interface, usually via your browser. For instance, you go to 192.168.1.1 or another similar address, there you can open ports. uPNP is a protocol that allows a private server to communicate with your router. This is available to you via YunoHost.

Port 25 (the mailing port) is blocked by default. This is in order to avoid spam and viruses. Some ISPs don’t allow opening it up. There are solutions for that but it is far from ideal.

Private IP address: you need to tell the router to which local/private IP address (which you have to fix so that your router doesn’t keep giving different addresses to your box) to forward incoming traffic for your server.

DNS configuration is really complicated. If you just use it locally it’s not a problem, but if you want to run a mailserver for instance and you don’t use the automatic option of YunoHost, you can get a nohost.me domain and the dynDNS configuration will be automatic.

16h46 → The Beaglebox is starting to set up…


In France some ISPs give static IPs but not in Belgium, the US, or Germany… It’s easier for the ISP to do dynamic IPs, plus most ISPs don’t want their customers to host, and on top of that, it’s commercially attractive to make fixed IPs a non-standard service. Companies that do want to host will have to pay a lot more money to obtain a static IP. Another problem that you might encounter if you’re trying to serve webpages is that port 80 is often also blocked.

Some people are looking a little discouraged. It requires quite some skills to actually run a home server. Funky alternative: SuperGlue is a box running a webserver and the HotGlue environment to create and serve your own site without any system admin skills.

17h28 → The Beagleboard accidentally got unplugged, the IP changed and now we’re trying to get back in touch with it. Then we move on to the next steps in setting up the server...

17h31 → Hello, hello Beagleboard???

The install party ends, slightly disappointing because we didn’t manage to finish the install and see Yunohost in action on the board, but Kload explains that the project is still under development but already can offer a lot of simplifications if you install it as a Virtual Private Server (VPS) on a remote server, where you don’t face all the issues of the home server and can benefit from the easy installation and configuration of the apps provided by YunoHost.

The project also wants to send a signal to ISPs that there is a real demand for self-hosting by making it more accessible for people. When there is a growing group of people self-hosting and requesting static IPs and port unblocking there might be a response from the ISPs to make the situation more like in France, for instance, where certain ISPs do allow for more freedom of their customers.

17h50 → The workshop finishes.
Off to La Poissonnerie!