DETAILED PROGRAMME

Political server defense - bridging user & admin communities, etc.

How can we connect geek fronts with other struggles in the wider movement?

Text to be insterted...

URL: http://stamp.poivron.org/DigitalStruggles/ServerDefense

Alternative community-driven internet service providers

While providing internet access for local communities has mostly been a matter of providing a low-cost solution by sharing access and costs in the past decades, it is now again becoming a neccessity, but for different reasons. European data retention laws allow governments to snoop on who connects to whom, and to retrieve this information from your local Internet access provider, which makes it difficult to work around this information being gathered.

This creates a new need for founding local internet access providers. The data retention legislation allows small (less than 1000 users) and non-commercial internet access providers to operate without a need for providing direct 24/7 access to an expensive black box for the snooping activities of the governments. Also, shared accounts and wireless LANs may allow for making it impossible to legally circumvent identification of single internet users. We can also learn from the past and from existing projects here. Reports on how community driven access providing has worked in the past and is working now will be of help in working around issues others have already encountered and overcome.

Reforming local internet access communities is a very important counter measure to the growing surveillance activities of organizations which think you are guilty until proven otherwise.

SeaCCP colocation facility in Seattle

we host about 30 servers in two cabinets, mostly from other autonomous collectives but also some non-profits and linux hobbists. the colocation website is http://seaccp.org. i can talk about how it got started, issues we have faced, advice for starting a colocation project, the advantages/disavantages of commercial facilities, or whatever is of interest.

I am interested in talking about other such infrastructure projects and how we can cooperate.

XarxaSenseFils, wifi ISP from Barcelona

Since the very infrastructure we need to create the network can provide connection to Internet, we offer people and entities the possibility to cancel their contract with their Internet provider and contract the connection with xsf-coop. This way we promote an ethic consume of Internet at the same time we finance the alternative. The Internet quotes and band width allows to finance the infrastructure monthly costs, the purchasing and installation of the main access points, as well as the jobs necessary for the daily running of the service.

Servers, contracts and who signs them

What kind models have been developed to set up servers? Who signs the contract with the internet service provider? Who gives their name: an indivual, an existing or non-existing group? What are the legal advantages and disadvantage? And what can Indymedia learn from the experience of other groups on this issue? What can Indymedia (and its network of supporters) do to support a global infrastructure of 'left servers'?

Gitoyen, or HOWTO be your own network operator

Text to be inserted...

FDN, or HOWTO be your own ADSL provider

Text to be inserted...

Technical server defense - towards a common security policy?

includes: Solidarity Protocols (Txopi) & Servers Global Action Ring (Txopi)

The new threat model

Impact of data retention and counter measures What exactly is the impact of the new data retention legislation? What is going to change for people in europe? What similar law is there in other locations in the world? How have people organized there to minimize the negative impact it causes? What kind of repression becomes possible by this new legislation? How do we need to react to it? What counter emasures are there?

Secure communication, SSL certs, certificate authorities, etc.

A risk assessment will be the first step of analyzing the risks radical tech collectives and activist ISPs have to cope with currently and will have to do so in the intermediate and medium term future. The goal of this workshop should be to create a list of security measures every ISP should take toabide to to provide a long lasting service, which allows both providing and using secure and anonymized online services in a way which will not cause long lasting harm on any of both involved sides (service users and providers), and which involves a realistic amount of financing.

How should servers and dial-in lines be maintained, which security measures should be in place? How can a fail-safe system be designed which will allow us to sleep well even with increasing repression? Is it ok to force users into explicitly using encrypted services even when it means they may not be able to use their most loved toys (as those lack support for this very service)?

(Was: "A security policy for internet service providers")

DNS autonomy

As many of you may now, the Chamber of Commerce of the United States of America holds the final rights to determine the contents of the root zone file. The root zone file defines the available TLSs (Top Level Domains) like .net or .fr. One can easily imagine what enormous power is that.

There is an international process to change that situation. The United Nations held a two part conference entitled World Summit on Information Society (2003 Geneva and 2006 Tunis) which kick-started the transformation of Internet Governance structures. After a field-report on the DNS front we could asses the relevance and significance of the WSIS/IG process to our work and existence in hyperspace.

Introduction to the R*Plan

Decentralised server layout built by Autistici/Inventati.

http://autistici.org/en/who/rplan/index.html http://dev.autistici.org/orangebook/

Introduction to riseup.net

whatever people find interesting, i guess. our main areas are 1) email 2) lists 3) hosting 4) colocation 5) vserver farm 6) software development 7) security patches. all of our notes are online at http://deb.riseup.net. our patches are online at http://dev.riseup.net. the colocation website is http://seaccp.org.

Metche

A configuration monitor to ease collective administration. Metche is both a pratical tool to monitor the changes made to your system and an organisational method for collective administration. How to put into question the "root = 1 übergeek" paradigm?

Indymedia as service to the movement?

Where stands Indymedia in a time where everybody can just set up a blog in 5 minutes? How do we move forward from here? Can an IMC be a service during a big event (like the legal team, the street medics and the kitchens) and something else during the other 360 days of a year?

An activist online security policy

How should activists behave online, what should they do, what not? Which policies should we always keep in mind? Which software should we use, which should we avoid? Can we work out a general security policy which may serve as a daily reference for online activists, a general document which names the dangers and explains how they can be worked around, lightweight enough to bring it to your the internet cafe? (Alster)

I'd like to lead an discussion on general activist internet security, both on personal computers, and when travelling/using internet cafes. I use some tools and was researching a few more programs to prepare for this, but would also love to hear more ideas and practices from other people (especially about WiFi). My view is that this would be a discussion among generally technically minded people. My main goal would to get a comprehensive set of information that we (me and hopefully a few more volunteers) could compile into a pamphlet on internet security for activists that could be distributed at the general PGA gathering. (Loquito)

Block device encryption for the masses

The process of encrypting firmly installed hard drives as well as portable storage devices such as USB HDDs and pen sticks is a neccessary prerequisite to create and maintain a (partially) repression safe working environment. As many activists as possible should be using encrypted partitions and file systems. Unfortunately, this is not yet the case for many activists, because it is not easy to set up encrypted file systems in a usable and secure way. It is, however, possible. With the advent of DMCrypt and LUKS encryption it is much easier to create well-manageable encrypted devices. However, knowledge on how this is actually done is still not very well distributed. The most practical question an activist will ask is probably this: "How can I easily transform my current disk drive / partition / file system into an encrypted one?"

Is there a definitive answer to this? Can a user oriented, user friendly pictured guide be worked out which will allow an activist with mediocre tech skills to apply these changes to her system herself? Can this be translated? How can this be made a lovable tool (GUI allowing management + showing encryption strength, encrypted tux icon...)?

Indymedia CMS 2.0

There's some discussion about stopping to use specific CMSs developed for Indymedia: http://techmeet.sarava.org/English/Notes, http://cats.revolt.org/cats-vii/indymedia/ and some work on plone/zone. Maybe somebody can give an update on it (as well as on the new radar), and some discussion what different (types of) indymedia voluteers consider necessary to have and/or improve - mentioned in mails of bonzai, elijah and alex

Dispatch system

What are the requirements that we as users need of a dispatch system? What are typical situations? I would like to get together with some people how have done dispatch and define a list of criteria and to write up a few case - to give to those people who want to write a dispatch system as a better basis to develop them. This is not a general presentation on what dispatch is but a place for people who write and use such software to work together.

Tagging and tracking, RSS

What are experiences with RSS feeds? Are they used? How can one access postings on the same topic on different Indymedia sites (and maybe also on other sites). As experiences from biotech.indymedia show: rss feeds don't really work here.

Indymedia history project

We can post our own articles about what is happening right now, but who is writing our own history? More and more often some of us are asked to write articles for some book, and there is a book in the making but nearly all of that are written in a traditional form: one or a few authors write for an editor. On the other hand there are some first ideas about an "Indymedia history" site (for the UK by Yossarian, http://tachanka.mine.nu:300) or about wiki pages (by toya). A discussion and maybe some practical work on it.

Anonymisation

Each of these topics should be prepared by one person/group and should at least cover the following aspects: * Overview * Protocol * Usability * Abilities and Limits (functionality, compatibility, laws) * Pros and Cons

The following is an incomplete list of potential topics in this category: * TOR * Freenet * Darknets * Mixminion

In addition, a global overview and comparison and evaluation of these anonymization methods should be prepared. This may also include a longer discussion to work out different perceptions of what is most suited for different needs.

Secure communication with signing

The issues caused by SSL certificates and how to deal with them - To retrieve a valid SSL certificate, you need to register with a valid Certificate Agency. Certificate Agencies (CA) require that you provide information which makes you personally identifyable, both to the organization running the agency as well as to the world through public certificates they create for you. This undermines any attempt to protect the privacy of the server maintainer(s) by means of anonymization.

Self-signed certificates can work around this problem, but they are not trustable, as this system relies on the fact that the validity of the identity of the server maintainer is ensured. Is there an alternative solution which can be easily implemented on both server and client side, or can a compromise for the existing Public Key Infrastructure (PKI) been found?

How do we work together in the real life? Whom do we trust and whom don't we trust and what are the criteria for this? How do we develop such lines of trust? How can this workflow be transferred to the 'online world'?

Would a CA which is run commonly by alternative projects, which uses nicknames instead of real names work? How could be made so that the certificates it generates have some value, i.e. how can it be made so that it is reliable that the person they are made for are actually the ones who run the sites they are used on?

RFID Zapping

Don't try this at home: we will present our recent efforts to raise awareness about RFID related security issues, including a presentation of an RFID zapper tool built out of a common cheopo disposable camera. If there is enough interest, we will do a workshop where everybody can solder their own RFID Zapper. We will bring the necessary stuff, you go to the next souvenir store and buy the camera.

Crabgrass: social networking for the movement

riseup.net is working with a network of activist and tech organizations to develop a social networking tool for the movement. Our primary focus will be on democratic decision making, modeling groups and networks, the "lifecycle" of a decision, security, and ease of use. Instead of social networking which focuses on the atomized individual, we are focusing on helping groups be more effective, democratic, and transparent. You could call it 'social organizing'. It being written in Ruby on Rails.

Translation Tools

Indymedia has used a website to facilitate internal (discussion) and external (articles, video subtitles etc) translations: http://translations.indymedia.org. This has proven to be necessary but at the same time many translators found it confusing and at the moment a new tool is in the making. Not only indymedia needs translations to be able to function as an international network and so this discussion is meant to develop ideas about how written as well as spoken translations can be better facilitated. Please bring examples!

Tools 4 Avtivists

We all probably spend a lot of time answering the always same questions by friends, their friends and the rest of the world how to use different kind of tech solutions to activist problems, such as encryption, use of mailing lists, photo editing etcetcetc. At the same time many good How-Tos and useful yet for many unknown good software exist. I want to see who's interested in collecting the good things that are there and add what is missing in a website easy to find for everyone who all of a sudden needs help and doesn't have a techie friend to ask. A page more like a portal with different sections, each well kept up-to-date by those who deal with the different issues anyway. I'd like to discuss the idea and explore what exactly is needed, and see who's interested in participating one way or another.

Digital Gaps

I'm not prepared to give a lecture with up-to-date information about latest scientific results about why there are so few women in activist tech communities. Or anyone else not white male etc. but it's quite obvious, also for this conference, and I'd like to have the chance to exchange ideas, questions, analysis.. possible ways out of it.

http://www.tldp.org/HOWTO/Encourage-Women-Linux-HOWTO/x302.html

Indymedia IRL

Can we get all people together who are somewhat connected with Indymedia for a "real life chat"? Getting together to connect names and faces, sometime in the beginning of the meeting, informal with some drinks.

GnuPG keysigning party

Bring your pgp key, or make one while you are there.

FOR MORE INFO ON THE PROGRAMME, CONSULT THESE WIKI PAGES: http://stamp.poivron.org/MediaActivism