1 00:00:00,000 --> 00:00:18,479 *36c3 preroll music* 2 00:00:18,479 --> 00:00:24,769 Herald: Our next speaker: Basically, he eats up script kiddies for breakfast, I've heard. 3 00:00:24,769 --> 00:00:30,599 He drives the open source train and his currency is uptime. Please welcome 4 00:00:30,599 --> 00:00:36,820 with a very warm applause Julian Oliver and his "Server Infrastructure for the 5 00:00:36,820 --> 00:00:43,180 Global Rebellion" talk. 6 00:00:43,180 --> 00:00:51,350 Julian: So, yep. Great. Very pleased to be here. Amazing environment, indeed, as 7 00:00:51,350 --> 00:00:56,720 usual with the CCC. First of all, I'm not at all a spokesperson for extinction 8 00:00:56,720 --> 00:01:01,570 rebellion. I do not speak for this movement called extinction rebellion. 9 00:01:01,570 --> 00:01:09,170 Whatever I say here tonight is entirely my own opinion. And so not to be taken as any 10 00:01:09,170 --> 00:01:14,670 overarching description of the movement more generally. What you're looking at 11 00:01:14,670 --> 00:01:18,049 here, of course, might simply be associated with this thing called 12 00:01:18,049 --> 00:01:24,700 extinction rebellion. But it is not. It is, in fact, the extinction symbol. And 13 00:01:24,700 --> 00:01:27,700 this is the part where in the first half of my talk, I depress you. But then we'll 14 00:01:27,700 --> 00:01:32,659 go for a nice, big sort of warm finish. The extinction symbol was, in fact, 15 00:01:32,659 --> 00:01:41,319 created in 2011 by a UK artist called ESP. And this entirely relates to, not 16 00:01:41,319 --> 00:01:44,840 extinction rebellion, being long before extinction rebellion, but the fact that we 17 00:01:44,840 --> 00:01:50,399 have entered the sixth mass extinction on this planet that we are on. And this has 18 00:01:50,399 --> 00:01:56,819 became practically scientific consensus in 2015, where it has been fairly surely 19 00:01:56,819 --> 00:02:02,349 asserted and since reasserted that we have in fact entered the largest extinction 20 00:02:02,349 --> 00:02:08,060 event on this planet in 65 million years. Global populations of fish, birds, mammals 21 00:02:08,060 --> 00:02:16,620 down by about 60 % in 42 years and according to the WWF a few years ago. The 22 00:02:16,620 --> 00:02:22,709 UN puts it at about 150 species lost per day. Now, that's a little bit more than 23 00:02:22,709 --> 00:02:27,610 the father of biodiversity, E.O. Wilson, that says it's around about 27,000 a year. 24 00:02:27,610 --> 00:02:32,210 In other words, one species lost every 19 minutes. But what does that really mean? 25 00:02:32,210 --> 00:02:36,690 Well, when we're talking about background extinction rates, we're looking at the at 26 00:02:36,690 --> 00:02:39,940 the background extinction rate for the last 65 million years has been about one 27 00:02:39,940 --> 00:02:46,210 to five species a year. So not 150 a day, but 1 to 5 a year. This is fairly 28 00:02:46,210 --> 00:02:50,390 conclusive of the fact that we have entered the sixth extinction on this 29 00:02:50,390 --> 00:02:55,730 planet. I'm here in Germany, for instance. Just a couple of years ago, there was this 30 00:02:55,730 --> 00:02:59,140 Dutch-German study done that now reflects pretty much the state of the entire 31 00:02:59,140 --> 00:03:06,580 European continent of the 3/4 of all flying insect biomass dropping in about 25 32 00:03:06,580 --> 00:03:12,349 years. So three quarters less flying insects in 25 years and supposedly 33 00:03:12,349 --> 00:03:18,030 dropping it around about 2.5 a year. Now we need insects much more than they need 34 00:03:18,030 --> 00:03:22,950 us. They are the glue layer of our food system. But within the planetary boundary 35 00:03:22,950 --> 00:03:27,430 and biological sense, they are absolutely intrinsic. They also keep much of our 36 00:03:27,430 --> 00:03:32,000 water very fresh. As one biologist put it, we humans will never see the the end of 37 00:03:32,000 --> 00:03:38,430 the insects. We need them that much. Now, climate change has become very much 38 00:03:38,430 --> 00:03:46,599 ascribed to this loss of species. But in fact, it's not climate change that is 39 00:03:46,599 --> 00:03:53,530 responsible for species decline per say. The WWF Living Planet Index attributes 40 00:03:53,530 --> 00:03:58,579 about seven per cent of species declines to warming. In fact, the real reason why 41 00:03:58,579 --> 00:04:02,040 we are losing so many species so quickly is because we're changing their habitats. 42 00:04:02,040 --> 00:04:06,590 We're just removing them entirely, and certainly urbanization is a part of that 43 00:04:06,590 --> 00:04:10,579 and land change as a result of warming, but primarily it's because we've replaced 44 00:04:10,579 --> 00:04:17,389 habitats with with farmland. This is, for instance, in the Amazon basin carving into 45 00:04:17,389 --> 00:04:23,870 the Amazon right there just to lay down some soy livestock, feed crops. And 46 00:04:23,870 --> 00:04:28,080 there's another another another view there. Now, most of that soy, all of that 47 00:04:28,080 --> 00:04:32,889 soy is really exported for livestock feed, mostly to Europe and to China. But getting 48 00:04:32,889 --> 00:04:36,760 onto the warming thing, which is obviously a massive existential threat we do all 49 00:04:36,760 --> 00:04:44,360 face. We can safely say now that the Paris accord has entirely failed. The warming 50 00:04:44,360 --> 00:04:49,070 projections presently we're looking at about 2.8 to 3.2 by the end of the 51 00:04:49,070 --> 00:04:53,450 century, not including self reinforcing feedbacks. In other words, things like 52 00:04:53,450 --> 00:04:57,640 permafrost melts, just releasing tons of methane into the air or the wildfires that 53 00:04:57,640 --> 00:05:01,480 we've been seeing in Australia and over in California that are just sending gigatons 54 00:05:01,480 --> 00:05:07,250 of carbon into the air. So this is still to be seen as relatively optimistic. 55 00:05:07,250 --> 00:05:11,110 If we're looking at current policies and where they will lead us, that's a lot more 56 00:05:11,110 --> 00:05:14,950 than 1.5. I think, first of all, it's important to point out that this is 57 00:05:14,950 --> 00:05:19,270 actually really happening. And even if it's unimaginable and completely 58 00:05:19,270 --> 00:05:24,170 unacceptable that it is happening, we still need to remember that science does 59 00:05:24,170 --> 00:05:29,540 not need human imagination for evidence. It needs instrumentation and lots and lots 60 00:05:29,540 --> 00:05:34,030 of hard work and decades of study. And it confirms that, yes, indeed, it is really 61 00:05:34,030 --> 00:05:39,800 happening. Technology will not save us. This is also increasingly scientific 62 00:05:39,800 --> 00:05:46,740 consensus. Most recently, looking at the idea that we can just simply scrub carbon 63 00:05:46,740 --> 00:05:52,250 out of the air, we can, you know, we can suck it out of the air and these negative 64 00:05:52,250 --> 00:05:57,740 emission technology. That's if you like. They're not even gigatons capable. And 29 65 00:05:57,740 --> 00:06:02,950 European science academies concluded that we can absolutely not rely on any Ts or 66 00:06:02,950 --> 00:06:06,580 negative emissions technologies to pull enough carbon out of the air at anywhere 67 00:06:06,580 --> 00:06:12,360 near the rate that we need it in order to save us. What I mean by save us? Well, 68 00:06:12,360 --> 00:06:16,460 when I was born, it was around about 330 ppm CO2 in the atmosphere 69 00:06:16,460 --> 00:06:22,400 and we're now looking at about 412 of the latest reading. This is the 70 00:06:22,400 --> 00:06:30,830 Keeling Curve. Now 450 ppm is seen as something of a threshold that probably 71 00:06:30,830 --> 00:06:37,260 gets us more or less near 2 degrees of warming from post-industrial levels with a 72 00:06:37,260 --> 00:06:43,090 70 % probability if we keep it under 2 degrees, in other words, 450 ppm. Sorry. 73 00:06:43,090 --> 00:06:47,510 If we keep it under 450 ppm, then we will almost certainly manage to avoid that that 74 00:06:47,510 --> 00:06:51,764 2 degrees threshold for the 70 % probability. Just looking at ocean rise 75 00:06:51,764 --> 00:07:01,030 alone. This is Miami at two degrees, which is arguably just around the corner. This 76 00:07:01,030 --> 00:07:05,000 is Shanghai. I don't know if you've been to Shanghai. Where will all those people 77 00:07:05,000 --> 00:07:09,440 go, you might ask yourself. Bangkok is already underwater at this point. Two 78 00:07:09,440 --> 00:07:13,830 degrees represent something else relatively significant, however, as 79 00:07:13,830 --> 00:07:17,560 evidenced in this fantastic paper, well, fantastic if you read this sort of stuff 80 00:07:17,560 --> 00:07:22,470 and don't want to drink yourself under the table. But trajectories of the Earths 81 00:07:22,470 --> 00:07:28,270 system and the Anthropocene suggests very strongly that it's highly likely, 82 00:07:28,270 --> 00:07:32,760 extremely probable that if we cross the 2 degrees centigrade warming threshold, we 83 00:07:32,760 --> 00:07:42,240 will be on autopilot to 2.5, 3 degrees, 3.5 and 4 degrees. And that's simply an 84 00:07:42,240 --> 00:07:48,310 unstoppable course. No amount of carbon scrubbing can possibly compete with the 85 00:07:48,310 --> 00:07:55,780 self reinforcing feedbacks after that point. We're on a course to a very 86 00:07:55,780 --> 00:07:59,430 different planet. Just to give you a sense of what 4 degrees, for instance, would 87 00:07:59,430 --> 00:08:03,360 mean, should we ever get there, which it looks like we will before the end of the 88 00:08:03,360 --> 00:08:11,180 century if we continue business as usual. The temperature rise from the Ice Age, the 89 00:08:11,180 --> 00:08:17,300 end of the Ice Age back 10,000 years ago to 1850 was 4 degrees of warming. Now, 90 00:08:17,300 --> 00:08:27,070 that's 10,000 years of time for organisms, including us, to evolve and adapt to that 91 00:08:27,070 --> 00:08:34,110 warming. We're looking at the same amount of warming in just 150 years. There's no 92 00:08:34,110 --> 00:08:41,719 time to adapt. This picture I've tweeted a bit, I suppose, but maybe too much. But 93 00:08:41,719 --> 00:08:44,180 this was done for the New Scientist and the visualization of what the earth would 94 00:08:44,180 --> 00:08:47,750 look like, what the world would look like at 4 degrees. Now, Middle and Southern 95 00:08:47,750 --> 00:08:57,570 Europe are obviously entirely gone. North America, Africa, South America and Asia - 96 00:08:57,570 --> 00:09:01,450 they've all gone. I mean, where would those people go? Obviously, they'll head 97 00:09:01,450 --> 00:09:05,330 North. The states will move from a geo strategic perspective, would obviously 98 00:09:05,330 --> 00:09:16,330 move to Canada, China and to Russia. There's been a lot of talk about as to 99 00:09:16,330 --> 00:09:19,700 what that would mean for human populations and human population numbers and of course 100 00:09:19,700 --> 00:09:23,890 you read some wild stuff, how can we possibly know? But this chap who's had his 101 00:09:23,890 --> 00:09:30,020 name on 120 papers or something like this. He's one of the most highly regarded 102 00:09:30,020 --> 00:09:34,670 atmospheric scientists in the world, cited over a thousand times across academic 103 00:09:34,670 --> 00:09:39,590 journals in the domain of atmospheric science, believes it's just a few thousand 104 00:09:39,590 --> 00:09:43,560 people. The carrying capacity of the earth is just a few thousand people seeking 105 00:09:43,560 --> 00:09:51,930 refuge in the Arctic or Antarctica. And of course, all the way to 4 degrees, we have 106 00:09:51,930 --> 00:09:58,270 war, we have resource depletion driving conflicts, we have mass migration and very 107 00:09:58,270 --> 00:10:04,320 unfortunately it is fairly safe to conclude that children alive today will, 108 00:10:04,320 --> 00:10:08,150 even those still again, relatively unimaginable, but based on the best 109 00:10:08,150 --> 00:10:14,340 available information, very probably face mass migration, war and hunger. Should we 110 00:10:14,340 --> 00:10:18,890 not turn things around? This is just simply the way it is. This is where we are 111 00:10:18,890 --> 00:10:24,740 going. But surely governments would never let that happen. You hear that a lot. But 112 00:10:24,740 --> 00:10:29,700 the thing is, they have let that happen and they are continuing to let that 113 00:10:29,700 --> 00:10:44,100 happen. Appropriate response is probably this. This UK pop artist, experimental pop 114 00:10:44,100 --> 00:10:49,470 stuff, said this, write this down on a napkin one day. I really like it. "Hope 115 00:10:49,470 --> 00:10:52,810 without honesty is denial" because people reach for hope at these times. But I also 116 00:10:52,810 --> 00:11:00,510 really like Kate Malveaux, climate scientist. She said that we don't need 117 00:11:00,510 --> 00:11:06,300 hope, we need courage. Courage is the resolve to do well without the assurance 118 00:11:06,300 --> 00:11:12,280 of a happy ending. This is more what we need to be going. Thanks of course, giving 119 00:11:12,280 --> 00:11:16,210 us a bit of a hand here with this. From this moment the spear ends and techniques 120 00:11:16,210 --> 00:11:23,350 begin. And truth is, there's no hope without action. This is really where we 121 00:11:23,350 --> 00:11:28,990 stand and this is not just my opinion. It happens to be an opinion very widely 122 00:11:28,990 --> 00:11:33,380 spread. In fact, the world scientists in their " A second warning to humanity", 123 00:11:33,380 --> 00:11:39,600 very recently wrote that same thing. They said that with a groundswell of organized 124 00:11:39,600 --> 00:11:45,480 grassroots efforts, dogged opposition can be overcome and political leaders 125 00:11:45,480 --> 00:11:53,300 compelled to do the right thing. Now that is 15,364 scientists from 184 countries. 126 00:11:53,300 --> 00:11:58,350 It's the most scientific document in all history. They are urging us in the 127 00:11:58,350 --> 00:12:07,070 absolute and, you know, ineptitude and lack of engagement from governments to 128 00:12:07,070 --> 00:12:12,910 actually rise up and force governments to act. That's what they're telling us to do. 129 00:12:12,910 --> 00:12:17,820 And you can look at this as a bit like, you know, imagine you have a disease, a 130 00:12:17,820 --> 00:12:24,170 very rare disease and that the world's experts, you know, that those those 131 00:12:24,170 --> 00:12:30,210 scientists, 15,364 scientists, contains most of the world's Nobel laureates, 132 00:12:30,210 --> 00:12:37,770 planetary boundary scientists, food system scientists, geologists, biologists. They 133 00:12:37,770 --> 00:12:41,190 say that, you know, so from the perspective of expert opinion, it doesn't 134 00:12:41,190 --> 00:12:46,110 get much better. You can imagine that you have a disease that very few people have, 135 00:12:46,110 --> 00:12:50,880 and the world's expert says to you: "Listen, it's really grim. You are looking 136 00:12:50,880 --> 00:12:58,020 at a at a particularly bleak end, an ugly end, unless, of course, you stop now doing 137 00:12:58,020 --> 00:13:06,230 these things". You can also think that our space habitat has a variety of subsystems, 138 00:13:06,230 --> 00:13:11,560 it is a freshwater subsystem that looks at water purification and filtration, a 139 00:13:11,560 --> 00:13:18,770 thermal regulation subsystem. You could look at food pods. They are being attacked 140 00:13:18,770 --> 00:13:23,110 on our space habitat. If you don't like the word environmental or earth, you think 141 00:13:23,110 --> 00:13:28,060 it's a bit too kind of patchouli dose to a hippie. Then think of it this way, because 142 00:13:28,060 --> 00:13:32,110 that is what's happening. What they're telling us is that it's time to rebel. 143 00:13:32,110 --> 00:13:38,930 It's time to force governments to act because they are not acting. No more 144 00:13:38,930 --> 00:13:44,860 business as usual. What we need is massive swarming, nonviolent, uncontainable civil 145 00:13:44,860 --> 00:13:50,630 disobedience en masse. Civil disobedience, unlike protests were you just get out on 146 00:13:50,630 --> 00:13:56,529 the street on a little key area with a police permit for the protest, holding 147 00:13:56,529 --> 00:14:02,960 little signs, oi oi oi. Civil disobedience actually works. It has 148 00:14:02,960 --> 00:14:07,190 provably worked. South Africa versus apartheid. India versus the British Roche. 149 00:14:07,190 --> 00:14:15,460 U.S. Civil Rights Movement. The Velvet Revolution. It's the way to go. Extinction 150 00:14:15,460 --> 00:14:20,070 rebellion is very much a manifestation of that energy at the idea of actually 151 00:14:20,070 --> 00:14:26,680 channeling civil disobedience to the ends of driving change is very much what it's 152 00:14:26,680 --> 00:14:33,480 about. It's the kernel of the movement. It started in October 31st, where a bunch of 153 00:14:33,480 --> 00:14:38,710 British activists marched onto Parliament Square and declared a rebellion against 154 00:14:38,710 --> 00:14:43,260 the British government for its lack of action on the climate and the ecological 155 00:14:43,260 --> 00:14:49,900 emergency. And then soon afterwards, 6000 or so descended upon London and 156 00:14:49,900 --> 00:14:57,370 effectively shut down the city center by occupying five bridges. Extinction 157 00:14:57,370 --> 00:15:01,250 rebellion is a leaderless... That's very important. I mean, is that the press of 158 00:15:01,250 --> 00:15:05,770 always reaches for a figurehead, but it is very much a leaderless. That's not steered 159 00:15:05,770 --> 00:15:10,020 by the UK , Decentralized International, apolitical network using nonviolent direct 160 00:15:10,020 --> 00:15:14,560 action and civil disobedience to persuade governments to act justly on the climate 161 00:15:14,560 --> 00:15:19,839 ecological emergency. I'm just going to show a couple of videos right now to just 162 00:15:19,839 --> 00:15:26,350 give you a sense of the kind of what civil disobedience in this case actually 163 00:15:26,350 --> 00:15:31,210 comprises. I'll show you a video from France particularly focused on 164 00:15:31,210 --> 00:15:35,810 overconsumption. We're talking about resource depletion here in the CCC this 165 00:15:35,810 --> 00:15:41,230 year, which I think is great. And this was a protest at Block Friday instead of Black 166 00:15:41,230 --> 00:15:47,009 Friday, which is, of course, a mass consumers event. Here we go. 167 00:15:47,009 --> 00:17:19,989 *music plays* 168 00:17:19,989 --> 00:17:24,158 They occupied a shopping mall for seven 169 00:17:24,158 --> 00:17:27,139 hours and a whole bunch of stores across the country, Apple Store, etc., just 170 00:17:27,139 --> 00:17:31,580 fantastic stuff. And you might think 'where's this going?'. Well. And is that 171 00:17:31,580 --> 00:17:34,860 really the only approach, you know, occupy malls and shops, et cetera, et cetera? 172 00:17:34,860 --> 00:17:37,980 I'll show you another video for a very different strategy. This is extension 173 00:17:37,980 --> 00:17:44,070 rebellion, New York City occupying Times Square. And I think this is definitely... 174 00:17:44,070 --> 00:17:48,999 Oh, what is the video called? That's right... Player. 175 00:17:48,999 --> 00:18:00,534 *music plays, drums beating* 176 00:18:00,534 --> 00:18:02,490 Sorry, It's a but cut off, isn't it? 177 00:18:02,490 --> 00:18:05,034 Again? Or wait, whatever. 178 00:18:08,464 --> 00:18:11,539 People in the video shouting repeadeatly: 179 00:18:11,539 --> 00:18:16,079 This is an emergency! This is an emergency! 180 00:18:20,239 --> 00:18:22,339 *music plats, drums beating* 181 00:19:05,789 --> 00:19:10,119 This is an emergency! This is an emergency! 182 00:19:28,389 --> 00:19:34,110 Person in video: Good Morning, New York City! This is Extinction Rebellion 183 00:19:34,110 --> 00:19:38,950 enforcing an international rebellion...*continues unintelligible* 184 00:19:38,950 --> 00:19:42,224 *shouting and drums beating* 185 00:19:42,224 --> 00:19:45,499 [Subtitles appear in video, therefore left out here] 186 00:20:34,229 --> 00:20:38,049 Julian: Well, anyway, you get the idea. 187 00:20:38,049 --> 00:20:42,009 *applause* 188 00:20:42,009 --> 00:20:45,820 So something's wrong with my copy of my with my render buffer there, I can see that. 189 00:20:45,820 --> 00:20:48,639 I don't know, anyway. Three demands. 190 00:20:48,639 --> 00:20:54,239 Typically, some branches have more. There are many branches now. 600 plus branches 191 00:20:54,239 --> 00:20:59,590 all over the world. Some have four demands for us, as in the US. Some of these state 192 00:20:59,590 --> 00:21:03,359 branches have added a fourth demand for climate ecological justice for those most 193 00:21:03,359 --> 00:21:09,419 affected by changes within planetary boundaries. Sorry, changes above and 194 00:21:09,419 --> 00:21:12,749 beyond planetary boundaries. But in general, there's this kernel of sort of 195 00:21:12,749 --> 00:21:16,499 three demands. Tell the truth. Government must tell the truth by declaring a climate 196 00:21:16,499 --> 00:21:19,980 and ecological emergency. Working with other institutions to communicate the 197 00:21:19,980 --> 00:21:24,380 urgency for change. Act now. Government. Government must act now to halt 198 00:21:24,380 --> 00:21:29,080 biodiversity loss and reduce greenhouse gas emissions to net zero by 2025. 2025, 199 00:21:29,080 --> 00:21:33,059 you say. Understand? You might think that is a little bit short, but it's good to 200 00:21:33,059 --> 00:21:38,659 have goals beyond politics. Government must create and be and be led by the 201 00:21:38,659 --> 00:21:45,940 decisions of a citizen assembly on climate ecological justice. And it is working 202 00:21:45,940 --> 00:21:52,840 significantly. In fact, if you go to this climate mobilizationorg map and you will 203 00:21:52,840 --> 00:21:58,649 see that states, municipalities and cities all over the world, tons of them have in 204 00:21:58,649 --> 00:22:03,019 fact declared a climate ecological emergency. What they do after that point 205 00:22:03,019 --> 00:22:09,809 is, of course, the next step. But I can't find a single one of these that is dated 206 00:22:09,809 --> 00:22:14,929 to before April this year. So in just one year, that is a significant political 207 00:22:14,929 --> 00:22:16,929 transformation. *applause* 208 00:22:16,929 --> 00:22:24,799 Yep, yes. And it's certainly not just extinction rebellion. It's Fridays for 209 00:22:24,799 --> 00:22:31,950 future have been just upping the game. They're massively, so, respect! At the COP 210 00:22:31,950 --> 00:22:37,070 25, which was obviously like a massive failure in itself, extinction rebellion 211 00:22:37,070 --> 00:22:41,859 was listed as the most influential organization above the World Bank, 212 00:22:41,859 --> 00:22:49,369 Greenpeace, et cetera, et cetera. So it's a relatively short kind of rise of a voice 213 00:22:49,369 --> 00:22:54,389 for this particular movement. Now, infrastructure for 214 00:22:54,389 --> 00:22:58,100 rebellion. Unfortunately, the movement got off to a reasonably bad start in the UK in 215 00:22:58,100 --> 00:23:00,950 that respect. They went from the perspective of... 216 00:23:00,950 --> 00:23:03,690 What's that? That's a bit odd. *referring to the red blink glitch* 217 00:23:03,690 --> 00:23:07,125 They went from the perspective that we are an above ground movement. We work in 218 00:23:07,125 --> 00:23:14,009 the open. It's not really good for civil disobedience to have that as your mandate or a priority. 219 00:23:14,009 --> 00:23:17,279 And there in the UK, things are, of course, a little bit different. It's 220 00:23:17,279 --> 00:23:20,249 something of a playground there for civil disobedience. The police are generally 221 00:23:20,249 --> 00:23:22,720 quite nice. In fact, one of the chief of police in the UK said 'Well, they're 222 00:23:22,720 --> 00:23:28,789 actually quite nice people, these activists'. This is not something that 223 00:23:28,789 --> 00:23:34,659 exports very well. It doesn't even export over the border. I'll talk about them in a 224 00:23:34,659 --> 00:23:39,950 moment. But they really settled on base camp over in the US. They just went 225 00:23:39,950 --> 00:23:45,109 straight to base camp. Google for sharing like things like contact lists. They 226 00:23:45,109 --> 00:23:51,749 didn't have anyone with technical, shall we say, know how or operational security 227 00:23:51,749 --> 00:23:55,769 intuition or interest to look at it any other way. So they just reach for what's 228 00:23:55,769 --> 00:24:00,489 at hand. The Action Network, too, hosted over in the United States Base camp, I 229 00:24:00,489 --> 00:24:07,320 mean, the extinction rebellion explicitly breaks base camps terms of service. You 230 00:24:07,320 --> 00:24:09,779 may not use the service or any illegal purpose. Well, civil disobedience is 231 00:24:09,779 --> 00:24:18,179 breaking the law. That's what it is. Action Network, which is widely used by, 232 00:24:18,179 --> 00:24:22,249 unfortunately, activist movements all over the world, humans rights spaces as well... 233 00:24:22,249 --> 00:24:26,889 They they really use it a lot. They have just crazy stuff. You understand and agree 234 00:24:26,889 --> 00:24:30,899 that we may disclose your information if required to do so by law or court order a 235 00:24:30,899 --> 00:24:35,739 legal process some point, including to respond to any government or regulatory 236 00:24:35,739 --> 00:24:40,820 request. I mean, this is nuts. Action Network hosted over in the US under a 237 00:24:40,820 --> 00:24:46,100 Trump surveillance apparatus, that massive apparatus that Obama expanded hugely and 238 00:24:46,100 --> 00:24:52,669 just gave to Trump. And I mean, this is an unsafe environment for hosting, you know, 239 00:24:52,669 --> 00:25:02,000 contact lists.On the 3rd of of November last year, my partner said they really 240 00:25:02,000 --> 00:25:07,679 should be an extinction rebellion in France. And and I immediately thought, 241 00:25:07,679 --> 00:25:15,210 well, they will need a server. There in France, you do not want your activists on 242 00:25:15,210 --> 00:25:17,929 Action Network. I mean, you don't want them using Google because, I mean, in 243 00:25:17,929 --> 00:25:23,820 France, this is the situation. Here's France. This is, in fact, Paris and Sally 244 00:25:23,820 --> 00:25:28,359 Bridge in the center of Paris with just cops cruising past and just tear gas and 245 00:25:28,359 --> 00:25:32,830 even taking the sunglasses off and just and just spraying them right in the face. 246 00:25:32,830 --> 00:25:39,529 This is Youth for Climate protesting outside an Amazon logistics center. Very 247 00:25:39,529 --> 00:25:43,970 recently, in fact. Youth for climate, just with with a guy wearing the French stripes 248 00:25:43,970 --> 00:25:47,999 in the background overseeing it. He says, 'Yep, you can do it. The state says it's 249 00:25:47,999 --> 00:25:54,200 OK', and just sprays them. You know, this is France. It's a different environment. 250 00:25:54,200 --> 00:25:58,570 So I just really got them up and running with something really fast. Iceland was 251 00:25:58,570 --> 00:26:02,840 chosen because Icelanders is very well known for its strict data protection laws. 252 00:26:02,840 --> 00:26:09,820 It's well outside of obviously the EU and of course, the five eye states. And I went 253 00:26:09,820 --> 00:26:16,320 the FlokiNET, geothermal direct from source, more direct from grid source. 254 00:26:16,320 --> 00:26:20,909 Discourse for the forum rather than base camp, for instance. Nextcloud for all the 255 00:26:20,909 --> 00:26:24,701 vital stuff replacing Google Drive, etc. hardened opened VPN and a data partition 256 00:26:24,701 --> 00:26:31,509 on AES-XTS on 512, Jitsi-Meet for calls bit and just a very simple MTA. In fact, 257 00:26:31,509 --> 00:26:38,070 it's not really an empty, it's just a just email, XM. XM form. Meanwhile, the 258 00:26:38,070 --> 00:26:41,840 international movement as branches were popping up all over the world, were 259 00:26:41,840 --> 00:26:46,299 descending on slack. Now slack is particularly problematic for a variety of 260 00:26:46,299 --> 00:26:50,480 reasons. But what's there's a reason why they were jumping on slack. They wanted a 261 00:26:50,480 --> 00:26:59,850 place to share their extinction rebellion, broader global needs. I mean, this is just 262 00:26:59,850 --> 00:27:05,700 a few thousand people at that stage. Some people were members of multiple teams. And 263 00:27:05,700 --> 00:27:08,879 importantly, they chose Slack because Slack does it for something that group 264 00:27:08,879 --> 00:27:13,080 chat does not. Many teams, each with channels, public and private, and this is 265 00:27:13,080 --> 00:27:20,669 just the, it is hard to call it, an innovation, but slack itself, is chosen 266 00:27:20,669 --> 00:27:25,559 for that team based structuring configuration over group chat for a very 267 00:27:25,559 --> 00:27:29,919 good reason. It is a direct messaging back end. Many national branches means many 268 00:27:29,919 --> 00:27:34,169 teams. Some people belong to more than one team. But the problem with Slack is that 269 00:27:34,169 --> 00:27:37,259 Slack is a racist infrastructure. It actually has its discriminatory 270 00:27:37,259 --> 00:27:43,490 infrastructure. Slack voluntarily chose to follow Trump's digital trade embargo, 271 00:27:43,490 --> 00:27:49,159 blocking like Crimea, Cuba and Iran. Several other countries just because they 272 00:27:49,159 --> 00:27:54,500 thought maybe I'd know Trump would buy them a Rolex, I'm not sure. But it's it's 273 00:27:54,500 --> 00:28:00,330 nuts that they did that. And then they even defended it, apologizing a little 274 00:28:00,330 --> 00:28:06,619 bit. Sort of not apologizing later. Google Docs. Branches were jumping to Google Docs 275 00:28:06,619 --> 00:28:09,759 to store contact lists. Here's your regional coordinator, your national 276 00:28:09,759 --> 00:28:14,869 coordinator, your actions and logistics teams - terrible stuff! So much so that in 277 00:28:14,869 --> 00:28:21,210 the UK at least a seasoned organization and protecting activists and ensuring that 278 00:28:21,210 --> 00:28:26,570 they have legal rights or at least legal protections when they need them in the UK 279 00:28:26,570 --> 00:28:32,599 decided to pull out of support of extinction rebellion on the basis that 280 00:28:32,599 --> 00:28:36,970 XR UK was storing personal data inadequately and that they were very sure 281 00:28:36,970 --> 00:28:43,869 that in fact the police would have access to that information. Thus, when openness 282 00:28:43,869 --> 00:28:49,190 is enforced, we have a regime of openness doing things out in the open. It excludes. 283 00:28:49,190 --> 00:28:53,070 What about those that might work and governments or government offices or 284 00:28:53,070 --> 00:28:57,710 corporations or just those that are a bit nervous about getting involved in a civil 285 00:28:57,710 --> 00:29:01,970 disobedience movement? They're not sure they want to actually take that big step. 286 00:29:01,970 --> 00:29:07,789 Those are not going to feel very comfortable at all doing it in the open. 287 00:29:07,789 --> 00:29:13,089 A community owned hub and operated hub for Extinction Rebellion was absolutely 288 00:29:13,089 --> 00:29:16,149 needed. And so I set out just building 289 00:29:16,149 --> 00:29:21,410 criterion for this had to be community owned and operated, platform wise, free 290 00:29:21,410 --> 00:29:27,529 and open source software outside of the Five Eye and EU member states. It needed 291 00:29:27,529 --> 00:29:35,909 to walk its talk and enjoy energy direct from source. No CO2 credits, a'la Google 292 00:29:35,909 --> 00:29:43,490 and Amazon. Debian simply because I've been using Debian since the year 2000 only 293 00:29:43,490 --> 00:29:54,879 and and I just love it. *weeps* If I start crying, you know why? It's not because the 294 00:29:54,879 --> 00:29:58,359 planet is dying, it's because I just love Debian so much. But it needs to be 295 00:29:58,359 --> 00:30:02,499 affordable and very well rooted. So, 'mission coherent infrastructure' was what 296 00:30:02,499 --> 00:30:06,649 is really often what I mean by that. Few people are aware that the global data 297 00:30:06,649 --> 00:30:11,119 center industry consumes or at least pushes out, I should say, as much carbon 298 00:30:11,119 --> 00:30:16,599 into the atmosphere as the entire airline industry. This is the same amount as the 299 00:30:16,599 --> 00:30:26,240 UK. The United Kingdom itself actually burns a year. It's a lot. And for 300 00:30:26,240 --> 00:30:32,080 organise.earth, which was the domain name that was chosen...Exactly 366 days ago, in 301 00:30:32,080 --> 00:30:41,070 fact, it was born. I settled on mattermost and I'll explain why in a moment. And I 302 00:30:41,070 --> 00:30:46,940 and I settled on datacenterlight in the Swiss Alps. Datacenterlight, direct from 303 00:30:46,940 --> 00:30:51,179 source hydro alpine catchment hydro... It was a beautiful Irony there, actually sort 304 00:30:51,179 --> 00:30:57,600 of like a bleak poetry that as warming melts the snow on the Alps, it flows down 305 00:30:57,600 --> 00:31:01,369 into these large catchment bays, which then drive lovely big generators that 306 00:31:01,369 --> 00:31:08,370 power the data center. So I just I can't get past that. It's extremely well rooted. 307 00:31:08,370 --> 00:31:13,049 Their VMs are wonderfully fast. I settled on mattermost for these reasons: We had to 308 00:31:13,049 --> 00:31:19,620 get thousands of people off Slack fast. So the U.S. similarity was mission critical. 309 00:31:19,620 --> 00:31:25,299 There are export path from slack directly into mattermost. It has that team check 310 00:31:25,299 --> 00:31:30,279 configuration that people in an activist communities really like now. They've 311 00:31:30,279 --> 00:31:35,429 adopted that wholesale. It's reasonably unified. UI/UX across the endpoint 312 00:31:35,429 --> 00:31:41,369 platforms, whether you're on iOS or Android or desktop. Team invite links. 313 00:31:41,369 --> 00:31:44,909 Teams can actually control invitations to the teams by sending them a link and they 314 00:31:44,909 --> 00:31:49,279 can recycle that link or at least flush it and generate a new one when they need to, 315 00:31:49,279 --> 00:31:55,619 to control flow. This basic team admin controls. Extremely low entry barrier. The 316 00:31:55,619 --> 00:32:00,669 server was entirely funded by one fresh, ahm French - I was going to say Swiss. 317 00:32:00,669 --> 00:32:08,210 Then I said French. So I said fresh. - One French rebel. scales linearly as regards 318 00:32:08,210 --> 00:32:12,820 system overheads. It's just extremely performant. In fact, when we got to about 319 00:32:12,820 --> 00:32:20,649 20.000 people on organise.earth, the server population, matteremost itself was 320 00:32:20,649 --> 00:32:28,350 running at about 30 percent of one core. "Mattermost for chat. Anything sensitive? 321 00:32:28,350 --> 00:32:32,659 Use Signal or Wire." And that's the rule now on organise.earth, which has become 322 00:32:32,659 --> 00:32:36,539 very much the global hub for the movement, with four hundred and seventy-five teams, 323 00:32:36,539 --> 00:32:43,090 mostly national or local branches. It's a really large Mattermost deployment. Why 324 00:32:43,090 --> 00:32:50,639 not Riot and Matrix/Synapse? Well, in December 2018, when I was looking at it, 325 00:32:50,639 --> 00:32:55,529 it was a little bit immature. The UI UX was a bit geeky, but there were also real 326 00:32:55,529 --> 00:33:02,870 problems with with scalability. I just seem to see that it wasn't something I 327 00:33:02,870 --> 00:33:07,679 could really know that hundred thousand people, for instance, down the road could 328 00:33:07,679 --> 00:33:14,119 actually all use on my particular site home server deployment. The device 329 00:33:14,119 --> 00:33:18,479 verification was really freaking people out. I mean, some of the the great 330 00:33:18,479 --> 00:33:24,559 majority of the rebels, in fact, that we are hosting are in fact the kind that 331 00:33:24,559 --> 00:33:31,049 would look for a Google link to log in. There's no markdown. That might seem a 332 00:33:31,049 --> 00:33:33,969 little bit arbitrary, but it's become relatively critical - especially for the 333 00:33:33,969 --> 00:33:38,270 code / development side of things and formatting, making lists. Markdown is 334 00:33:38,270 --> 00:33:43,700 important. It doesn't have that link-based invitation management either. But there's 335 00:33:43,700 --> 00:33:48,139 also this metadata leakage concern - something that the Matrix team are really 336 00:33:48,139 --> 00:33:54,109 looking at. And they've said so. They've said that the metadata leakage, they want 337 00:33:54,109 --> 00:34:01,140 to fix that. They want a more unified experience across the app layer, too, with 338 00:34:01,140 --> 00:34:06,440 Riot. So I'm looking forward to following that in the future. Zero knowledge: I 339 00:34:06,440 --> 00:34:12,910 would love to go that way. But given the fact that that we already have use Signal or 340 00:34:12,910 --> 00:34:17,659 Wire for anything sensitive and use Mattermost for anything else and use your 341 00:34:17,659 --> 00:34:21,429 individual branch servers, which I talk about in a moment, for anything truly 342 00:34:21,429 --> 00:34:26,450 internal to your branch, we've achieved basically the same thing because Riot - 343 00:34:26,450 --> 00:34:32,230 just like with a Nimmo - is not entirely encrypted by default. It's 344 00:34:32,230 --> 00:34:39,369 something that one must actually set up. So we're effectively in the same place. 345 00:34:39,369 --> 00:34:42,869 Organized.earth has now grown to host a large number of platforms which I have 346 00:34:42,869 --> 00:34:48,440 deployed there. We have, of course, Mattermost. We have NextCloud to us. Only 347 00:34:48,440 --> 00:34:53,950 office is used for collaborative editing that has some missives I talk about in the 348 00:34:53,950 --> 00:34:58,480 moment. Etherpad-Lite is used really heavily. LimeSurvey replaces Google Forms. 349 00:34:58,480 --> 00:35:03,011 Jitsi-Meet doesn't really replace Zoom. But this is something that we're working 350 00:35:03,011 --> 00:35:10,670 on very much. Rainloop with Docevot and PostFix for the for the mailing. And then 351 00:35:10,670 --> 00:35:16,380 we have GitLab. GitLab has been a massive success. We have a few hundred coders now 352 00:35:16,380 --> 00:35:22,869 working flat-out in the GitLab that we have deployed. And it is very interesting 353 00:35:22,869 --> 00:35:26,500 that many of them say that would they would not be able to do what they're doing 354 00:35:26,500 --> 00:35:32,280 on GitHub. Given that GitHub is tied to their work, GitHub is tied to the to their 355 00:35:32,280 --> 00:35:37,260 real life a little bit too much. And they are genuinely worried about a boss or 356 00:35:37,260 --> 00:35:41,760 corporation or company surveilling them when they are maybe, for instance, engaged 357 00:35:41,760 --> 00:35:51,109 in a project that is technically illegal or quasi-legal. Discourse is used, I 358 00:35:51,109 --> 00:35:54,460 guess, less heavily on the main organized.earth server than it is on some 359 00:35:54,460 --> 00:35:58,800 of the branch deployments. The French server, for instance, now has 70,300 360 00:35:58,800 --> 00:36:10,000 members in its Discourse. Yes, 70,300. What a win. Yeah. It's just like a marketplace 361 00:36:10,000 --> 00:36:20,690 of chatter. Signal and Wire replacing WhatsApp and Skype. Mastodon node was 362 00:36:20,690 --> 00:36:24,730 created, which has become quite popular with branches. And we have PeerTube 363 00:36:24,730 --> 00:36:28,390 replacing YouTube. And importantly, we're working very hard to ensure that we have a 364 00:36:28,390 --> 00:36:36,190 gender balance as much as possible within the open space of all these platforms. On 365 00:36:36,190 --> 00:36:40,619 the backend, of course, Debian sobbing. AES XTS for the data 366 00:36:40,619 --> 00:36:47,119 partition. Failed2ban and UFW for the firewalling. (aside) Those of you that are 367 00:36:47,119 --> 00:36:52,510 taking photos of this are feds. I see you taking photos. Take photos. 368 00:36:52,510 --> 00:36:58,289 laughs Snort for the intrusion detection. Prometheus and hardened 369 00:36:58,289 --> 00:37:05,430 OpenVPN. I'm really into Duplicity for backups and Pecona for hot MySQL backups. 370 00:37:05,430 --> 00:37:12,119 It's a real problem when you're trying to backup huge databases that are 14-15 GB or 371 00:37:12,119 --> 00:37:16,860 more: You can't take them down long enough to do a dump with, say, MySQL or something 372 00:37:16,860 --> 00:37:22,660 like this. Percona provides a really interesting solution for hot backups. I 373 00:37:22,660 --> 00:37:27,650 had to work on optimizations with an IDB heavily in order to get the kind of 374 00:37:27,650 --> 00:37:32,349 performance that was squeezing out of Mattermmost in its interaction with MySQL 375 00:37:32,349 --> 00:37:44,279 on the server. Nginx we now support two protocols: v4 and v6. The v6 addition was 376 00:37:44,279 --> 00:37:49,220 certainly very, very bumpy and I wish it wasn't so bumpy, but it was. I thought I 377 00:37:49,220 --> 00:37:56,140 knew or understood physics better than I actually did the day of deployment. 378 00:37:56,140 --> 00:38:02,940 PostFix and Dovecot. And then we have LetsEncrypt. Platform challenges: Jitsi- 379 00:38:02,940 --> 00:38:09,360 Meat does not replace Zoom. Zoom is just simply more performant. I think about 1.7 380 00:38:09,360 --> 00:38:19,491 Mbits/s is the lower-level, minimum bandwidth required for a user in order to 381 00:38:19,491 --> 00:38:23,390 have a quality call but Jitsi-Meet is higher. And so we do get people on 3G, 382 00:38:23,390 --> 00:38:28,740 they just drop out and we sometimes have 40 or 50 people on the call and Jitsi-Meet 383 00:38:28,740 --> 00:38:34,410 is not cutting it, unfortunately. Only office unless you want to pay 6,000 a 384 00:38:34,410 --> 00:38:39,859 year, which of course we won't. You're looking at only 20 simultaneous editors at 385 00:38:39,859 --> 00:38:47,160 the same time. This also needs to, needs to change. Thankfully, NextCloud's text app 386 00:38:47,160 --> 00:38:53,190 seems to offer us a sweet spot there, as far as simultaneous editing. In the 387 00:38:53,190 --> 00:38:57,109 meantime, EtherPad-Light is being used really heavily. There's a lack of epic 388 00:38:57,109 --> 00:39:01,200 controls in MatterMmost, which is precisely why we are forking it. We are 389 00:39:01,200 --> 00:39:05,051 forking Mattermost, which is a massive job, such that team admins can have all of 390 00:39:05,051 --> 00:39:11,700 those hundreds of teams can individually manage their memberships. That having to rely 391 00:39:11,700 --> 00:39:17,700 on me to drop into the into the CLI and use the Mattermost tooling to do things 392 00:39:17,700 --> 00:39:26,450 like following the GDPR, deleting all of the posts of a particular member. And we 393 00:39:26,450 --> 00:39:30,829 have SSO expectations for a mostly non- tech membership. People are so used to the 394 00:39:30,829 --> 00:39:37,390 idea, especially the very that the younger and the older end of the demographic both 395 00:39:37,390 --> 00:39:43,569 expect one unified log-in for all platforms. And this is just a real hassle 396 00:39:43,569 --> 00:39:49,240 and very difficult to manage. But with Mattermost, it acts as a OAuth2 provider 397 00:39:49,240 --> 00:39:53,260 that does offer us some interesting possibilities there. The XR Server 398 00:39:53,260 --> 00:39:58,920 Platform has since evolved to this. It has MailTrain as the mailing list manager and 399 00:39:58,920 --> 00:40:05,609 this is working real well. I'm at MailTrain V2 with a sweet docker compose 400 00:40:05,609 --> 00:40:09,690 deployment. I thoroughly recommend giving that a go to replace your mailchimp 401 00:40:09,690 --> 00:40:16,119 whatever needs. We also have a 'Rebels Manager' as the CRM. So this effectively 402 00:40:16,119 --> 00:40:20,829 replaces Action Network and it leverages MailTrain. There's a very talented 403 00:40:20,829 --> 00:40:26,430 developers in Brussels and Belgium that have put together the Rebels Manager, 404 00:40:26,430 --> 00:40:31,819 which will be deploying across the entire movement. And yeah, it's working out real 405 00:40:31,819 --> 00:40:36,890 nice as far as the deployments. The branch service deployed in the spirit of 406 00:40:36,890 --> 00:40:43,240 decentralization. I have deployed these and there are many, many more to come. And 407 00:40:43,240 --> 00:40:47,039 these are entirely independent from organized.earth, from the main hub. They 408 00:40:47,039 --> 00:40:51,740 are self run self-administered. Admins are trained over ten to twenty five hours and 409 00:40:51,740 --> 00:40:58,500 then the keys are flipped and then they just sail off on their own. 2020 plans: 410 00:40:58,500 --> 00:41:01,819 the Mattermost-fork I mentioned, but importantly, the Wire-Mattermost 411 00:41:01,819 --> 00:41:06,589 integration. What I'd really like to see and what we're talking about with the 412 00:41:06,589 --> 00:41:12,859 Rebel codes is, I guess as we call ourselves, is to have a Wire Add-On or 413 00:41:12,859 --> 00:41:15,789 Plugin for Mattermost such that you can just simply click on a bunch of different 414 00:41:15,789 --> 00:41:20,130 people that you'd like to engage in a into anend-to-end encrypted voice call or chat. 415 00:41:20,130 --> 00:41:27,151 We're excited about that. Enhance team admin controls: Team administrators should 416 00:41:27,151 --> 00:41:31,940 be able to do a lot of the work that that I shouldn't be doing. A Federation feature 417 00:41:31,940 --> 00:41:39,309 which effectively replaces Mattermosts enterprise offering, which is about three 418 00:41:39,309 --> 00:41:43,680 dollars a month or something per seat. It's a crazy amount of money. I mean, in 419 00:41:43,680 --> 00:41:50,190 our populations that would be completely impossible to afford that sort of The 420 00:41:50,190 --> 00:41:54,069 Enterprise Enterprise edition anyway. So we are actually sort of forced to fork 421 00:41:54,069 --> 00:41:57,170 Mattermost, which I'm sure is really gonna piss them off, but we are going to do it. 422 00:41:57,170 --> 00:42:03,470 We've already started. Jitsi-Meet-rework: We want to build an OAuth-wall for Jitsi- 423 00:42:03,470 --> 00:42:09,299 Meet so that we can protect our instances. Simultaneous session recording, not using 424 00:42:09,299 --> 00:42:13,080 Jabari or with the chromium browser on a server, which I can't believe is the 425 00:42:13,080 --> 00:42:18,740 solution that they have chosen. I will never, ever install a browser on a server. 426 00:42:18,740 --> 00:42:28,029 It's just it's just illegal. And it's just it's just wrong. Bandwith optimizations, 427 00:42:28,029 --> 00:42:33,460 we need a lot of work done there. Rebels Manager replaces Action Network. And then 428 00:42:33,460 --> 00:42:37,680 we want to have a member facing services dashboard with that OAuth2-flow and 429 00:42:37,680 --> 00:42:43,039 particularly and very importantly, colocation deployments. Working out of VMs 430 00:42:43,039 --> 00:42:47,819 is all very well but you do have key theft from RAM as a as a plausible possibility 431 00:42:47,819 --> 00:42:52,960 in many instances, so to speak. And so what we would like to aim for is being 432 00:42:52,960 --> 00:43:03,170 able to drop off dedicated boxes with the RAM, epoxied into the slot and good to go, 433 00:43:03,170 --> 00:43:08,599 nice on lockdown. Yes. Swiss VPN for the entire movement, this is something that I 434 00:43:08,599 --> 00:43:12,819 should have done within it within a few weeks. And I also want to obsolete myself 435 00:43:12,819 --> 00:43:17,319 so I can dedicate myself to other movements while maintaining at least a 436 00:43:17,319 --> 00:43:25,410 tech advisory role within Extinction Rebellion. But it is time for techies to 437 00:43:25,410 --> 00:43:34,569 rebel. There is no hope without action. But there is no action without 438 00:43:34,569 --> 00:43:40,549 infrastructure, at least not at the scale that we need it today. We need massive 439 00:43:40,549 --> 00:43:46,680 deployments, distributions. People need places to work and to organize and to do 440 00:43:46,680 --> 00:43:55,369 so safely. SysOps, DevOps, Codes, front and back. All can dedicate an hour, a week 441 00:43:55,369 --> 00:44:04,410 or a couple of hours a day to a cause which is probably best described as the 442 00:44:04,410 --> 00:44:13,260 single biggest challenge that we as a as a species actually face. Live in your time 443 00:44:13,260 --> 00:44:20,400 and dedicate an hour or two a week or a day, if you if you can, to this. Maybe not 444 00:44:20,400 --> 00:44:24,080 Extinction Rebellion, but for Fridays For Future, Sunrise Movement, future movements 445 00:44:24,080 --> 00:44:28,690 to come. If you are interested in getting involved in Extinction Rebellion and 446 00:44:28,690 --> 00:44:33,710 joining the the the very large tech team, then visit rebellion.global, find your 447 00:44:33,710 --> 00:44:41,329 local branch, get invited to Mattermost and then see you there. Another end of the 448 00:44:41,329 --> 00:44:55,700 world is possible. Thanks a lot, guys. 449 00:44:55,700 --> 00:44:56,700 *applause* 450 00:44:56,700 --> 00:44:59,170 Herald: Thank you very much, Julian Oliver - Extinction Rebellion. 451 00:44:59,170 --> 00:45:06,369 *applause* Herald: If you have questions, you know 452 00:45:06,369 --> 00:45:11,800 the procedure. There are microphones from one to number six. And as far as I know, 453 00:45:11,800 --> 00:45:15,430 we already have questions from the Internet. So signal angel, question number 454 00:45:15,430 --> 00:45:18,339 one please. Signal Angel: Hello, someone from the IRC 455 00:45:18,339 --> 00:45:22,140 wants to know, how do you enter the encryption passwords for your data 456 00:45:22,140 --> 00:45:25,710 partitions during automated reboots in the data center? 457 00:45:25,710 --> 00:45:34,830 Julian: This is completely impossible to do for an encrypted root file system, 458 00:45:34,830 --> 00:45:40,970 obviously, one needs to, in fact, look at data partitions that are encrypted. But 459 00:45:40,970 --> 00:45:45,670 the root file system not unfortunately on many the deployments that are not Colo and 460 00:45:45,670 --> 00:45:50,470 those that do not have the flexibility of presence at the point of entering that 461 00:45:50,470 --> 00:45:59,779 password. So from that from that basis, we we go with a an encrypted AES 512 Bit 462 00:45:59,779 --> 00:46:06,110 encrypted data partition and one comes in over the VPN, tunnels in through SSH and 463 00:46:06,110 --> 00:46:13,000 then decrypt and mounts. I realize this is not exactly ideal, but it is all we can do 464 00:46:13,000 --> 00:46:17,150 in the VM space. Herald: And the next question from 465 00:46:17,150 --> 00:46:20,440 microphone number two. Microphone 2: Hello, first of all thank 466 00:46:20,440 --> 00:46:24,880 you so much for all this work you've put into creating this platform for the 467 00:46:24,880 --> 00:46:31,070 movement. My question is, what measures have you taken to protect yourself against 468 00:46:31,070 --> 00:46:36,829 the case where, for example, your home is raided by police and they try to somehow 469 00:46:36,829 --> 00:46:42,869 get into the servers through other means than just impounding them. 470 00:46:42,869 --> 00:46:49,880 Julian: I'm being socially engineered aren't I? n public? No, no, I'm I'm 471 00:46:49,880 --> 00:46:55,100 particularly cautious about that stuff. And all of us, all the sysadmins of which 472 00:46:55,100 --> 00:46:59,160 there are now about 30 across the different branch deployments, we have 473 00:46:59,160 --> 00:47:04,690 very, very strict procedures for this sort of thing, including redundancy across 474 00:47:04,690 --> 00:47:09,589 backups, leaving home check, powering off the laptops. In fact, just like I 475 00:47:09,589 --> 00:47:13,460 installed the entire movement's infrastructure community on infrastructure 476 00:47:13,460 --> 00:47:18,010 on a thinkpad X230 that I bought for one hundred and forty five euros on the German 477 00:47:18,010 --> 00:47:23,579 eBay. And. And I've encouraged all of the SysAdmins to buy the same, precisely 478 00:47:23,579 --> 00:47:27,710 because you have this lovely battery lock on the back. You can just flip it and and 479 00:47:27,710 --> 00:47:32,289 pull out the battery. You know, if you're ever facing police or a stop and search. 480 00:47:32,289 --> 00:47:36,049 And of course, some countries like, you know, maybe India or Brazil, this becomes 481 00:47:36,049 --> 00:47:41,630 really critical. But there is just a routine. I'm leaving home, I'm powering 482 00:47:41,630 --> 00:47:49,069 off my laptop. Just which screen-locker we're using, KeePass, you know, phones 483 00:47:49,069 --> 00:47:58,500 encrypted. The files, The, um, the file system. And we just have to do our very, 484 00:47:58,500 --> 00:48:02,740 very best. There is no such thing as perfect sort of forward security in this 485 00:48:02,740 --> 00:48:07,670 space. But all we can do is employ best practice operational security and also 486 00:48:07,670 --> 00:48:13,470 most importantly, treat sysadmins as high risk first stage targets, and they are 487 00:48:13,470 --> 00:48:18,660 increasingly so from this perspective. Sysadmins are forbidden to go to actions. 488 00:48:18,660 --> 00:48:21,240 They can not be arrested because there's always the possibility of coercion. And we 489 00:48:21,250 --> 00:48:25,950 actually have a whole kind of script with sysadmins when they entering into the fold 490 00:48:25,950 --> 00:48:29,230 to to explain to them, you are aware of the risks, you know, and you need to lean 491 00:48:29,230 --> 00:48:33,069 on your branch to explain to you the the legalities of the of your 492 00:48:33,069 --> 00:48:37,240 operating environment. What are your rights? Can you be coerced to to cough up 493 00:48:37,240 --> 00:48:44,010 a password, you know, to to give the master key to your to your to KeePass, for 494 00:48:44,010 --> 00:48:47,829 instance, like this. You need to know those rights. You need to know your 495 00:48:47,829 --> 00:48:50,619 rights. And if you can't deal with the heat and you don't want to go that 496 00:48:50,619 --> 00:48:53,640 distance, then step down from being sysadmin and give it to someone else who 497 00:48:53,640 --> 00:48:59,349 is willing to go that distance. There are so many factors. And again, we can't 498 00:48:59,349 --> 00:49:05,840 generalize across the entire geo cultural, political jurisdictional space that 499 00:49:05,840 --> 00:49:09,759 Extinction Rebellion works at because it's just so various. Yeah. 500 00:49:09,759 --> 00:49:13,600 Herald: Thank you. And the Internet has another question. 501 00:49:13,600 --> 00:49:18,660 Signal Angel: How do you keep your community of, as you explain mostly non- 502 00:49:18,660 --> 00:49:23,450 technical people on your geeky and decentralised solution as it grows? 503 00:49:23,450 --> 00:49:31,160 Julian: No problem really keeping them. I mean, It's maybe when one of the founders 504 00:49:31,160 --> 00:49:38,200 says something like completely controversial or absurd. This is being 505 00:49:38,200 --> 00:49:42,100 recorded, isn't it? Then then yeah, we have we have lost some number, 506 00:49:42,100 --> 00:49:47,009 understandably, but still the served population just grows day in and day out. 507 00:49:47,009 --> 00:49:50,279 And I am expecting in 2020, at this current rate, we are looking at a at 508 00:49:50,279 --> 00:49:55,970 around 400, 400 to 500 new members a day, on the Mattermost at least. And with 509 00:49:55,970 --> 00:50:02,779 branch server deployments, it'll be three or four month until we've filled all the 510 00:50:02,779 --> 00:50:09,450 national branch requirements. There is no problem for that. Mattermost is seemingly 511 00:50:09,450 --> 00:50:17,430 reasonably enjoyed, not so geeky in that sense. Discourse is also very widely used 512 00:50:17,430 --> 00:50:23,859 within the, I mean Twitter uses Discourse internally, but also publicly. We see many 513 00:50:23,859 --> 00:50:28,990 large corporations and organizations and NGOs using Discourse as a forum solution, 514 00:50:28,990 --> 00:50:33,240 as a discussion forum solution. So it's actually familiar to a lot of a lot of 515 00:50:33,240 --> 00:50:38,869 people anyway. The geeky ness, I would say is probably when we start talking about 516 00:50:38,869 --> 00:50:42,380 the need for a VPN. That's when a lot of people just switch off. So there's a lot 517 00:50:42,380 --> 00:50:46,160 of cultural work, techno cultural work, if you like, that needs to be done there in 518 00:50:46,160 --> 00:50:52,599 order to secure the movement further. Herald: Thank you. Microphone number five, 519 00:50:52,599 --> 00:50:55,599 please. Microphone 5: Hi there. Um, so you talked 520 00:50:55,599 --> 00:50:58,589 all about your communication infrastructure. Can you share anything 521 00:50:58,589 --> 00:51:03,420 about your financial infrastructure? Julian: That's also very varied, too. I 522 00:51:03,420 --> 00:51:07,609 mean, branches have their own funding coming in, but then there are others that 523 00:51:07,609 --> 00:51:13,000 that will receive funding from. Previously it was the UK was managing a lot of that 524 00:51:13,000 --> 00:51:19,150 funding. That's entirely switching now to the international support team, which is a 525 00:51:19,150 --> 00:51:23,089 multinational group, if you like, organization within Extinction Rebellion 526 00:51:23,089 --> 00:51:26,970 that does handle all the finances and donors would come to the movement wanting 527 00:51:26,970 --> 00:51:31,079 to give money. And then that's distributed throughout the movement as needed to meet 528 00:51:31,079 --> 00:51:38,230 the ends of branches. It's still just a year in and it's still quite varied. I 529 00:51:38,230 --> 00:51:44,240 mean, XR Germany, for instance, actually donated to the global movement recently. 530 00:51:44,240 --> 00:51:49,950 So it came back that way. It's I think it's it's always going to be relatively ad 531 00:51:49,950 --> 00:51:56,190 hoc, especially also given the fact that some financial institutions, state craft 532 00:51:56,190 --> 00:52:05,170 are very much on the tail of. I just spoke too much didn't I. But method no. Yep. You 533 00:52:05,170 --> 00:52:09,099 need to be very careful about about where bank accounts are as regards the tax 534 00:52:09,099 --> 00:52:13,359 state. And so I think it's it's gonna be a changing environment for quite some time. 535 00:52:13,359 --> 00:52:16,690 I didn't actually know much about the finances side of things to answer that 536 00:52:16,690 --> 00:52:21,210 wholely, but yeah. Thanks. Herald: Thank you. Microphone number 537 00:52:21,210 --> 00:52:25,640 three, please. Microphone 3: Hi. A lot of people find it 538 00:52:25,640 --> 00:52:30,390 very hard to go from this content to dissent and more people tend to get 539 00:52:30,390 --> 00:52:36,960 involved, involved if we lower the barrier of entry. So, you know, it sounds great 540 00:52:36,960 --> 00:52:43,819 when you say like a couple, couple a few hundred new people a day globally. I 541 00:52:43,819 --> 00:52:48,089 suspect it would be more the low the more you lower the barrier of entry if you have 542 00:52:48,089 --> 00:52:52,599 some sort of a gateway drug. So what are you thinking about making some kind of 543 00:52:52,599 --> 00:52:57,990 system, some some kind of easy invite, sort of a one click, get an invite to 544 00:52:57,990 --> 00:53:00,930 Mattermost thing that would make it easier. 545 00:53:00,930 --> 00:53:06,401 Julian: Well that already exists. The organise.earth is really only the global 546 00:53:06,401 --> 00:53:12,569 hub where branches will, for instance, interrelate, collaborate and interoperate, 547 00:53:12,569 --> 00:53:15,010 if you like. But the branch server deployments themselves, they will handle 548 00:53:15,010 --> 00:53:20,329 their own onboarding, if you like, but there is certainly some streamlining to be 549 00:53:20,329 --> 00:53:24,000 done there. One of the things that comes up a lot is password complexity. We have a 550 00:53:24,000 --> 00:53:28,410 very strict password complexity policy and that really frustrates people that would 551 00:53:28,410 --> 00:53:33,910 like to name, would like to give the password the name of the dog, and the 552 00:53:33,910 --> 00:53:39,500 year, maybe, at best. But you know, we really need to work on on finding a sweet 553 00:53:39,500 --> 00:53:44,150 spot. We don't want to also have people going into arrest, forgetting to power off 554 00:53:44,150 --> 00:53:50,269 their phone after following the encryption operational security guiding that we have. 555 00:53:50,269 --> 00:53:55,960 And then their phone is, you know, face swiped into or something like this or 556 00:53:55,960 --> 00:53:59,990 they're just tricked into swipe-unlocking the phone as happened in the UK and then 557 00:53:59,990 --> 00:54:05,150 they're going to find their way into the platforms with best guess passwords. I 558 00:54:05,150 --> 00:54:07,819 mean, who knows? We need to find a common middle ground, but also educate as to why 559 00:54:07,819 --> 00:54:12,300 it's important that we use these platforms and in these ways and have passwords of 560 00:54:12,300 --> 00:54:16,280 these strengths, etc.. It's an ongoing process. 561 00:54:16,280 --> 00:54:19,759 Herald: I see the Interwebs has a question. 562 00:54:19,759 --> 00:54:23,589 Signal angel: Someone in the IRC wants to know, why did you think it was necessary 563 00:54:23,589 --> 00:54:28,720 to set up new infrastructure instead of using other radical tech infrastructures 564 00:54:28,720 --> 00:54:35,130 like Riseup for example? Julian: Well, Riseup had, yeah, has its 565 00:54:35,130 --> 00:54:39,150 own problems. We really wanted to go have community-run infrastructure such that we 566 00:54:39,150 --> 00:54:44,599 can legally be responsible for that infrastructure, that we can say that it is 567 00:54:44,599 --> 00:54:48,900 here for us and that if there is any, there's any attacks on that 568 00:54:48,900 --> 00:54:51,750 infrastructure, we are in a much better legal position to be able to represent 569 00:54:51,750 --> 00:54:58,940 ourselves from our operational circumstance and jurisdictional 570 00:54:58,940 --> 00:55:04,509 circumstance. It was also very important that it's in Switzerland. Importantly, in 571 00:55:04,509 --> 00:55:10,230 Switzerland, for Swiss data centers, you need to break the law in Switzerland 572 00:55:10,230 --> 00:55:17,220 before there can even be a request for, say, a server seizure. And that needs to 573 00:55:17,220 --> 00:55:20,880 go through the highest courts. This makes Switzerland a very, very nice place to 574 00:55:20,880 --> 00:55:25,319 actually deploy server infrastructure for a civil disobedience movement. Riseup 575 00:55:25,319 --> 00:55:31,100 simply doesn't meet it in that capacity. Herald: Thank you. Microphone number one, 576 00:55:31,100 --> 00:55:34,619 please. Microphone 1: So my question was partially 577 00:55:34,619 --> 00:55:39,150 responded already about the financial infrastructure you have. I know some 578 00:55:39,150 --> 00:55:43,000 associations, but like, you know, they could afford a hundred bucks per year or 579 00:55:43,000 --> 00:55:47,680 something like that, because that's so low and, you know, doing brilliant work. But 580 00:55:47,680 --> 00:55:52,579 so it seems to me that you deployed tens of servers just for the V1. So what are 581 00:55:52,579 --> 00:55:58,420 your initial cost? Could you lighten up that so that I can act back home? How do 582 00:55:58,420 --> 00:56:04,220 you get the money initially? Julian: I installed almost all of that 583 00:56:04,220 --> 00:56:07,749 infrastructure without receiving a single cent from extinction rebellion. And in 584 00:56:07,749 --> 00:56:11,059 fact, I receive very, very little money from extinction rebellion now. And it was 585 00:56:11,059 --> 00:56:17,190 only after burning through all of my savings from November to August, I burned 586 00:56:17,190 --> 00:56:20,990 through all of my savings and ran myself financially into the ground, ended it 587 00:56:20,990 --> 00:56:25,859 entirely on a gratis basis. And only then after that, I have a very small amount of 588 00:56:25,859 --> 00:56:29,800 living expenses paid, which is really tiny, but just enough to cover my costs. 589 00:56:29,800 --> 00:56:34,060 And I can make a lot of money deploying servers if I wish to for dreary NGOs etc. 590 00:56:34,060 --> 00:56:37,690 etc., but I have dedicated myself to do this on the grounds that it needs to be 591 00:56:37,690 --> 00:56:42,850 done and it needed to be done. Yeah. So it was actually free for the movement. 592 00:56:42,850 --> 00:56:56,880 *Applause* Herald: Thank you for that. 593 00:56:56,880 --> 00:56:59,359 Julian: Pleasure. Herald: Microphone number two, please. 594 00:56:59,359 --> 00:57:05,159 Microphone 2: Right. You already mentioned that these server partitions are encrypted 595 00:57:05,159 --> 00:57:12,230 at the data center. So do you have any other OPSEC mechanism in place? For 596 00:57:12,230 --> 00:57:16,249 example, if these data center's raided? Julian: The data center can't actually, at 597 00:57:16,249 --> 00:57:20,450 least without it being a breach of constitutional law in Switzerland, be 598 00:57:20,450 --> 00:57:31,390 raided. But there, are there are some measures put in place for a switch-off in 599 00:57:31,390 --> 00:57:36,589 the event. But I can't talk about that without putting other people on the hot 600 00:57:36,589 --> 00:57:41,470 seat. Yeah, but it is it is all sorted. Yeah. 601 00:57:41,470 --> 00:57:45,660 Herald: *laughing* Thank you. The Internet has another question. 602 00:57:45,660 --> 00:57:49,680 Signal angel: Someone on the IRC wants to know, do you share the recipes for your 603 00:57:49,680 --> 00:57:56,410 DevOps deployments? And specifically were, Signal and Wire difficult to set up? 604 00:57:56,410 --> 00:58:05,720 Julian: Well, Signal is not so difficult to set up, but maybe it is easily confused 605 00:58:05,720 --> 00:58:10,150 with the fact I mentioned the Wire server deployment. I'm in talks with Wire at the 606 00:58:10,150 --> 00:58:14,180 moment. Does that make Wire about a server deployment for the movement such that we 607 00:58:14,180 --> 00:58:21,380 can actually run our own entirely and again, write apps for that for that server 608 00:58:21,380 --> 00:58:30,210 for use in the movement. But I think Wire and Signal, as far as an end user install, 609 00:58:30,210 --> 00:58:34,380 it is extremely easy in getting them up and running. I think Signal has problems 610 00:58:34,380 --> 00:58:40,770 obviously with the phone number discovery aspect. I mean, SIM cards, I don't know, 611 00:58:40,770 --> 00:58:45,599 they're license plate numbers these days. I'm really quite a fan of Wire's non- 612 00:58:45,599 --> 00:58:52,380 dependance on that. But as far as the blueprints are concerned, I really do hope 613 00:58:52,380 --> 00:58:59,260 to write, as part of my self-obsolescence plan is to write a full documentation for 614 00:58:59,260 --> 00:59:04,349 the server installs, for the for the post install ordering and such that I can be 615 00:59:04,349 --> 00:59:07,420 handed over to someone else to do the deployments for me. And I think I have 616 00:59:07,420 --> 00:59:11,500 actually found that person. That person happens to be German and very, very sharp. 617 00:59:11,500 --> 00:59:16,490 So, I look forward to the possibility of publishing that at that point. But for 618 00:59:16,490 --> 00:59:20,340 now, it's just a case of me doing the deployment, and then I sit down with 619 00:59:20,340 --> 00:59:24,970 sysadmins for 10 to 25 hours and walk them through what that server is and how they 620 00:59:24,970 --> 00:59:28,269 can sail that ship. It's how it's done at the moment. 621 00:59:28,269 --> 00:59:31,259 Herald: Thank you. I think this is a call for participation, right? 622 00:59:31,259 --> 00:59:35,180 Julian: It is indeed. Herald: Microphone number two, please. 623 00:59:35,180 --> 00:59:38,480 Microphone 2: Is the Mattermost fork public available? 624 00:59:38,480 --> 00:59:42,710 Julian: It will be, absolutely. I mean, it's just started. It's something that we 625 00:59:42,710 --> 00:59:46,339 just kicked off. So hopefully, by about midyear, I think we might have something 626 00:59:46,339 --> 00:59:52,650 that you could put into staging, maybe not production ready, but we'll see. Yeah, I 627 00:59:52,650 --> 00:59:55,300 think it's gonna be great. And it's gonna be great for the community as a whole. I 628 00:59:55,300 --> 00:59:58,150 mean, outside of extinction rebellion, but just those that would like an alternative 629 00:59:58,150 --> 01:00:02,049 to Slack that doesn't have dumbed down team admin controls and has maybe 630 01:00:02,049 --> 01:00:05,530 federation, if you really want to grow something really, really big. The sweet 631 01:00:05,530 --> 01:00:11,760 spot is a folk Mattermost. I'm convinced. Herald: Thank you. Microphone number 632 01:00:11,760 --> 01:00:15,410 three, please. Microphone 3: Why no digital civil 633 01:00:15,410 --> 01:00:18,700 disobedience? Julian: Ah, yes, I can't talk about that, 634 01:00:18,700 --> 01:00:23,170 but I'm very, very enthusiastic about it and have been engaged in that a little bit 635 01:00:23,170 --> 01:00:29,009 here and there in the past. But yeah, electronic civil disobedience is, is very 636 01:00:29,009 --> 01:00:32,790 close to my heart. And there's lots of it happening in the movement and it will be 637 01:00:32,790 --> 01:00:38,160 in 2020, but I can't talk about that obviously, at all. Yeah. Would love to, 638 01:00:38,160 --> 01:00:42,139 but I can't. Herald: So sad. Microphone number two, 639 01:00:42,139 --> 01:00:45,049 please. Microphone 2: You're running a lot of 640 01:00:45,049 --> 01:00:48,150 services with huge attack surface. What is the worst that could happen should your 641 01:00:48,150 --> 01:00:51,249 infrastructure get compromised? Julian: With, services with what, sorry? 642 01:00:51,249 --> 01:00:54,280 Microphone 2: What is the worst that could happen if your infrastructure is 643 01:00:54,280 --> 01:01:00,460 compromised? Julian: Um, well, the branch servers are 644 01:01:00,460 --> 01:01:06,660 entirely decentralized from the, from the organise.earth hub. Um, I would like to 645 01:01:06,660 --> 01:01:11,340 think that it's highly unlikely that organise.earth is compromised, but if it 646 01:01:11,340 --> 01:01:20,210 were to be compromised and I was not able to instigate a power-off event in process 647 01:01:20,210 --> 01:01:27,010 or prior, then unfortunately it would be, there'll be access to large email, um, 648 01:01:27,010 --> 01:01:35,130 registration information, largely, and our DB is database encrypted at the database 649 01:01:35,130 --> 01:01:40,789 layer, but unfortunately if one has root, if one can privacy escalate to root, then 650 01:01:40,789 --> 01:01:46,250 you would have access, potentially, to a decryption of the database. But there's 651 01:01:46,250 --> 01:01:54,579 little we can really do about that. Um, if we find in 2020, let's say there is 652 01:01:54,579 --> 01:02:00,859 encrypted by default. In other words, zero knowledge with OMEMO or with Riot 653 01:02:00,859 --> 01:02:05,510 abstracted over Matrix and Synapse, well, hopefully Dendrite, written in Go. And it 654 01:02:05,510 --> 01:02:08,859 is really performant and it can run six figure populations, it can support six 655 01:02:08,859 --> 01:02:12,339 figure populations, then we'll absolutely switch to that and I will drive that 656 01:02:12,339 --> 01:02:17,869 change and that time. But in the meantime, just use Mattermost for general team chat. 657 01:02:17,869 --> 01:02:22,440 Everything else goes over Signal or Wire. That's how the movement runs right now. 658 01:02:22,440 --> 01:02:26,079 Yeah. Herald: Thank you. Unfortunately, we run 659 01:02:26,079 --> 01:02:30,970 out of time. Julian, would you be able to answer questions in the, uh, after talk? 660 01:02:30,970 --> 01:02:34,910 Julian: Yes, of course. Yes, absolutely. Herald: So the offer, if you have 661 01:02:34,910 --> 01:02:40,840 questions, come together, come to him and ask you questions. Julian Oliver, thank 662 01:02:40,840 --> 01:02:42,840 you very much. Julian: Thanks, guys. 663 01:02:42,840 --> 01:02:44,380 *Applause* 664 01:02:44,380 --> 01:02:49,381 *postroll music* 665 01:02:49,381 --> 01:03:12,000 Subtitles created by c3subtitles.de in the year 2020. Join, and help us!