Here are some updates on our activities.

PeerTube account

You may have already noticed it, but a new icon has appeared in the navigation bar: PeerTube's icon.

We will use it to broadcast the conferences we organize at the 42 school and outside on behalf of the association.

We would like to thank in particular the CHATONS TeDomum for providing us with free storage to host the videos.

Since PeerTube is federated using the ActivityPub protocol, you can "subscribe" to our PeerTube channel using your Mastodon account (or any other Fediverse software).

The Capitole du Libre and the Ubuntu Party

A few members of the 42l team (Neil and Brume) went to the Capitole du Libre to hold a booth as well as two conferences :

• A student CHATONS at the 42 school (Neil and Brume) Slides (CC-BY)
• Round table: CHATONS, where are we now? (Neil, Brume, Fallstar, PoGo and Pouhiou) The videos of those conferences have been uploaded on our PeerTube channel, click on them to watch (in French).

Other members of the 42l team (François, Doc, Fabien, Fabien, March and Benjamin) went to the Ubuntu Party to hold a booth at the same time.

We all had a great time in the heart of these two free communities.

Thanks to our volunteers for making our participation possible!

Changing the world, one ego at a time

We broadcast the conference "Changing the world, one ego at a time" (in French), held by Pouhiou at the French meeting "Pas Sage en Seine" 2019, in the 42 school's auditorium.

The diffusion brought together about twenty people, including people foreign to the libre software community, and we received a large majority of positive feedback.

Matrix Server

We have set up a Matrix instance with the following components:

• The server, Synapse
• The client, Riot
• A TURN/STUN server (coturn)
• An ID server (ma1sd)
• A bridge (matterbridge)

For performance and disk space reasons (among others), this instance will not be open to registrations for people from outside the school.

The instance was set up to meet the needs of the school's student associations and is available at riot.42l.fr.

It is however federated with the Matrix ecosystem, so it is possible to contact students from any other Matrix instance.

Downtime

We endured a breakdown of our VPS on the 28th of November. This led to an interruption of our platform and all our services between 12:25pm and 8:25pm (UTC+1).

This failure was at our hoster's level, Proxgroup. We quickly contacted them and they promptly started to investigate.

However the incident was bad enough to affect the whole node on which our VPS is hosted.

More information on their status' platform.

A second breakdown occurred on the 2nd of December between 12:05pm and 3:46pm (UTC+1) with the same consequences.

Here again this failure seems to come from a network issue on Proxgroup's side. But they didn't give us any explanation when contacted.

This incident reminded us that developing a redundant solution for our services might prevent this kind of situation. However, no data have been lost during the breakdowns.

We apologize for the inconvenience.

What are the December forecasts ?

We will be at the Paris Open Source Summit on the 10th and 11th of December.

We will also hold a "Repas du Libre", a meal at the 42 school to chat with the interested students about free software.

Due to some delays in our voluntary tasks, we won't be able to organise other events at the 42 school. Those tasks include :

• The release of the videos of our November's speakers
• The release of our designs for our derived products such as our tee-shirts
• The reinforcement of our infrastructure and the maintenance of our services
• Planning our January conferences and workshops (starting today)
• The full review of our associative status
• The organisation of the annual General Assembly (which would probably also be an ordinary and extraordinary General Assembly) in January...

We have also some minor planning issues with the school's staff. A meeting with all the school's associations to discuss potential solutions has been held recently and things might improve over time.

We will potentially have to move forward in our school curriculum, one day.

We are still missing some volunteers to help us in our work.

This situation should improve itself with time, meanwhile we must slow down our rythm a little.

See you soon,

N&B

English translation by axpio and Pohl.

We invite Alexis Kauffmann, at the initiative of Framasoft and project manager for free software and educational resources at the French Ministry of Education, at 42.

Description of the conference

GAFAMs now have an omnipresent place in our digital lives, and the health crisis has not helped. Yet we know, scandal after scandal, the exploitation that is made of our data. YouTube, Instagram, Minecraft and even GitHub, poof, swallowed overnight with billions of dollars! Their power questions and worries... and yet: we are a majority to use them.

• Is it desirable to get out of the matrix?
• Is it still possible to get out of the matrix, and how?
• And what about the students of 42 in all this?

An exceptional meeting with Alexis Kauffmann, founder of Framasoft, math and information teacher and today project manager for free software and educational resources at the French Ministry of Education.

The exchange will be organized by Claire, 42l member, and will take place on December 8 at 4pm in the 42 amphitheater (the Holodeck).

Attend the conference as an outsider

You are not a 42 student and would like to attend the conference? This is not a problem, just follow these instructions:

• you must notify us of your attendance (via Mastodon or email for now);
• you must notify at least 12 hours before the event ;
• you must be present in front of the school at least 15 minutes before the event starts.

We can accommodate a maximum of 10 people from the outside.

Please note: we are obliged to ask for your health pass (passe sanitaire) to access the event. This decision is imposed on us by 42.

You can watch the conference on our PeerTube channel.

See you soon,

N&B

We come today with an article full of good news. The last few months, less intensive than usual, have allowed us to make progress on many non-event work in progress.

Two new domain names for emails

Following a discussion at the AG 2020, we have decided to acquire two domain names that can be used for mails. We took this decision because we thought that some people might want to use our mail service without having an email address ending with @42l.fr.

We conducted a survey from February to May 2020 among the association members to find these two domain names (a "serious" name and a "fun" name). This survey resulted in the following two choices :

• courrier.dev, as a serious name;
• kittens.army, as a funny name.

In your member area, on the mail service, you can now choose the domain name you want between @42l.fr, @courrier.dev and @kittens.army !

In the near future, you will even be able to add your personal domain name to use our mail service.

News on the website

Pages redesign

You may have noticed it, but the site is getting a makeover!

Neil is working on improving the website UX and started with the services presentation pages. We hope this new design will be clearer, more pleasant to read, and more up to date.

See the "Our services" section for more information.

Illustrations from Undraw have been used on these pages.

Portraits of the Administration Council members

6 months after the 2020 General Assembly, all the members of the Administration Council have finally been drawn by Brume! You can find this trombinoscope on the page The association.

FAQ

A brand new Frequently Asked Questions page has been drafted. It is meant to be as complete as possible, and is therefore quite consequent. We hope that all your questions will be answered in this FAQ!

It is separated into several topics in order to be as broad as possible while remaining readable. It concerns the association in general, not the services. The services that need it have a small FAQ on their respective pages.

If you have a question that is not answered in the FAQ or if you think we should add something in particular, feel free to contact us!

New t-shirt!

Following the warm welcome of the "Constellations" t-shirt, we present you a new t-shirt design, this time called "Birds".

Birds T-shirt

We ordered this t-shirt in 100 copies, and reordered 60 t-shirts with the old design, "Constellations".

Like the other design, it is a white silkscreen print on black fabric in A3 format from Sol's (Regent model, unisex), Fair Wear certified.

You can see a large open cage decorated with small spirals on a branch. Inside is a perch with a bird looking out. Five birds are flying around the cage in a starry sky.

The following sentence is written under the illustration: "Freedom is not the absence of commitment, but the ability to choose". This is a quote from Paulo Coelho, a Brazilian writer known for his book The Alchemist.

This design was made by Brume using only free software: Krita for drawing, GIMP and Inkscape for image processing and vectorization. As with most 42l resources, you are free to use it as you wish (license CC-BY Brume).

Here is the image in several formats :

• [png, before processing] 13;
• png, two-color;
• png, without black background;
• svg, without black background.

Do not hesitate to contact us if you want the edition file (a Krita file, in .kra format) of the design, not available here for disk space reasons.

Online sale on En Vente Libre !

En Vente Libre (EVL) is an association that allows other free software organizations to share their ideas by selling their products online. You'll find t-shirts, stickers, USB keys and a lot of other goodies from many French open-source/libre associations.

We have signed an agreement with EVL, allowing us to sell various items (mainly our t-shirts), online.

You'll find there :

• The 42l stickers, at 1€;
• The "Constellation" t-shirt, at 17€;
• The "Birds" T-shirt, for 17€.

If you like our t-shirt designs and want to support the association, you can look at our articles on En Vente Libre here.

Legal notice updated

Finally, we have updated the retention period for connection logs to our services in our legal notice: we no longer store these logs for 6 months, but only for 45 days. This reduction in retention time has been made possible by automating the generation of our statistics.

Many thanks to our anonymous models who will recognize themselves :)

Thank you for reading and see you soon !

~N&B

As we announced in our last article, we had to interrupt our events activities because of the ongoing pandemic.

This was an opportunity for us to reduce our work pace, rest a little and continue some tasks for the association that had been put on hold for a long time.

Infrastructure improvements

Looking back, we took the time to look around our infrastructure and conclude this work that we had never been able to complete, or even to completely rework certain components of our arsenal of applications.

Here's what we've been working on in the last few weeks:

• Our rs-short link shortener has been entirely rewritten with a different framework and following better programming practices. The source code is available here.
• We wrote a script to update Docker images in a semi-automatic way. The script adapts easily to any infrastructure and makes it much easier for our servers. The source code is available here.
• We have completed adhvalidator, our internal administration tool that allows us to manage the accounts created on our platform. The source code is available here.
• We have published our statistics platform and put online our scripts used to generate them. The source code is available here.

Each repository comes with its documentation and all repositories are under the MPL-2.0 free license.

What remains to be done

We have started to completely rewrite our web platform in order to publish its source code because unfortunately, it is still extremely complex to deploy a development environment from its current state, it requires several hours of work.

We want to publish an easily deployable and reusable version of our software, and take as much time as needed to be satisfied with our work.

We are also thinking about putting our deployment scripts and Dockerfiles online, little by little. These components involve considerable security parameters, which is why we will - once again - take the time necessary to ensure that we do not jeopardize the security of our services by releasing them.

Meanwhile, at 42

A few weeks ago, the students of 42 were back in school (remotely) for the February swimming pool.

We organized an introduction conference with the student associations for these students.

Event activities at the school will not resume until at least October. We will a priori try to organize some activities by videoconference.

We are already planning a presentation activity on privacy protection tools for the end of May, based on our workshop for the Tech pour toutes.

Nextcloud enhancement in preparation

We are preparing the possibility for legal entities (associations, entreprises...) to join the association, with a special offer with our Nextcloud.

We will first test this offer with the student associations of 42, then we will gradually open our doors to the outside world.

More information in an upcoming article :)

See you soon,

~ N&B

Comme certains peuvent l'avoir vu sur Mastodon ou sur notre site web, nous avons ouvert deux nouveaux services libres (ouverts pour nos utilisateurs non-adhérents).

Ces services n'ont (en premier lieu) pas fait l'objet d'une annonce afin qu'ils soient testés par les utilisateurs sur Mastodon.

Proxy DoH

L'un des services sur lequel nous avons eu le plus de retours et qui semble à ce jour le plus utilisé depuis sa création est le proxy DNS-over-HTTPS.

Il s'installe et s'utilise très simplement avec Firefox et permet à ses utilisateurs de bénéficier d'un Internet de meilleure qualité (en utilisant les résolveurs DNS de la FDN, un fournisseur d'accès à Internet associatif et neutre).

Plus d'informations sur cette page.

Raccourcisseur de liens

Nous avons aussi mis en place un raccourcisseur de liens. Nous utilisons une instance du logiciel libre Lstu, développé par Luc Didry.

Vous pouvez retrouver le service ici.

Des nouvelles ?

Nous avons passé un très bon moment à l'Ubuntu Party en tant que visiteurs et nous avons discuté avec les conférenciers et organisateurs.

Nous avons signé la lettre commune de la Quadrature du Net pour l'intéropérabilité des géants du web que nous vous invitons à lire sur leur site internet.

À bientôt,

~ N&B

Si vous êtes passés nous voir à Pas Sage en Seine, peut-être avez-vous remarqué les quelques grues colorées qui arboraient notre stand.

Nous recherchions un petit atelier ludique, original et identitaire à proposer aux visiteurs sur notre stand. Notre logo étant inspiré d'une grue en origami, nous nous sommes dit qu'il serait intéressant d'en réaliser à nos couleurs. Nous avons pour cela réalisé un patron, avec quelques explications.

À l'occasion de PSES, nous en avions imprimé quelques exemplaires destinés aux visiteurs. Ces derniers pouvaient donc s'amuser, s'ils le souhaitaient, à plier une grue à nos couleurs. Cette activité a globalement plu, les visiteurs se sont pris au jeu et étaient amusés de repartir avec leur petite création. Sur cinquante exemplaires imprimés, il nous en reste moins d'une vingtaine.

Ressources

Voici les ressources utiles à la réalisation de la grue :

Ceci est le patron avec les instructions que nous fournissions sur le stand : pdf, svg.

Vous êtes libres de l'imprimer, et/ou de le partager.

Si besoin, voici le patron sans instructions : pdf, svg.

Et enfin, si jamais vous préférez ne pas avoir les plis apparents : version pdf, svg.

Toutes ces resources ont entièrement réalisées par Brume et sont sous licence CC-BY 4.0

Besoin d'aide ?

Veuillez nous excuser si les explications fournies ne sont pas assez claires. Voici cependant quelques pistes qui pourraient vous aider :

Cette image provient de cette page, a été réalisée par Andrew Hudson et est sous licence CC-BY 3.0.

Si cela ne suffit pas, il existe de nombreux tutoriels sur Internet : le pliage étant le même que celui d'une grue, qui est, rappelons-le, le pliage le plus répandu, vous devriez trouver votre bonheur. Il y a également beaucoup de vidéos sur le sujet (en voici une trouvée sur Peertube !), qui pourraient vous aider.

Bon pliage !

~ N&B

Here we are in March already, it's time to review the latest activities of our association.

How is the event going ?

At the beginning of 2020, we were in the process of organizing a series of conferences on workshops and broadcasts in the amphitheater of our school, at the rate of two to four activities per month.

Unfortunately, this year, it is not possible to do so, because of the health crisis and the measures in force, but we will go into a little more detail.

The first cause of this lack of activities is not due to the health crisis, but to the fact that we (Neil and Brume) were on internship within the framework of our school curriculum, for a duration of about five months, since the end of the last year. As we discussed during the General Assembly, we are facing some issues in the distribution of the association's tasks: a very large majority of the tasks are carried by the shoulders of our small Administration Council, and our Bureau (we're two), which greatly limits our possibilities when we have to be away for a few months.

The second cause is related to the health crisis we are going through: in order to meet its legal obligations regarding the limit of places in the building, 42 has set up a reservation system that obliges all students to reserve slots online to enter the school. As the building can only accommodate 300 students as opposed to nearly 1,000 before, reservations are quite saturated and it is difficult to organize together.

We are also not allowed to reserve certain spaces, such as the amphitheater, where we used to hold our conferences.

Finally, the instability of the situation could cause us to cancel our activities from one week to the next, and given the effort and motivation required to organize them, we wonder if it would not be better to wait until we are back in a more comfortable situation.

And why not by videoconference?

We have started exploring the possibility of videoconferencing activities since December with the intervention of Maxime Guedj, but we have to face the facts: we are reaching much less people than before.

It was already difficult enough to find our audience in person: for most of our conferences, we welcomed between 30 and 60 people, out of the 800 or so students present in the building. In the meantime, that number has dropped to less than 20 people, and we find ourselves mainly with people who are already aware of the issues and ideas we are sharing.

In recent weeks, we have started to promote the Soirées de Conversations autour du Libre de Parinux in 42. We do not write articles dedicated to their activities, but we announce their events in the internal channels of 42.

This way, we take advantage of remote activities : a speaker does not need to organize a conference specifically for 42 students, any conference that fits our ideas can be relayed to 42 even if we do not organize it, no matter where it takes place.

Meanwhile, outside of 42...

We will participate in the Provox webinar, organized by CNAJEP, which will take place on March 20, 2021, on the theme "Social Networks, Civics tech, Big Data: Democratic Revolution or Political Control? ».

This intervention will take the form of an all-audience workshop in collaboration with the association Picasoft, Angie Gaudion from Framasoft and Sarah Durieux, executive director of Change.org.

What's new for your infrastructure?

Decision of the General Assembly

Last January, we held our annual General Assembly, during which we decided that we would announce to Proxgroup that we now have the financial means to cover the costs of our server hosting, which Proxgroup had until then graciously offered us.

Now it's done: we sent them an email and we are waiting for their answer.

A new small server!

We would have liked to host our secondary server at the Rhizome student association, but their datacenter is not yet ready. So we chose FirstHeberg, a French hosting company, to host a backup VPS for 42l which is mainly used to monitor the availability of services on our main server and report any anomalies.

It is therefore not a VPS on which we are going to host our users' data, nor new services.

Monitoring of our services

So we have put a brand new status page on status.42l.fr ! After testing Cachet and many other open-source status page software for a long time, we went to Statping, which can send us a message if one of our services is offline.

This service is still fresh, it still needs some finishing touches to be fully functional for us, but here you are with an overview of our work.

Collabora instance

Since the server still has resources, we decided to set up a Collabora instance so that our members who use our Nextcloud service can edit Office documents collaboratively.

This software consumes a fairly large amount of resources (about 600 MB of RAM with little use).

Vouchers for JDLL 2020

We finally managed to get a refund for the JDLL 2020 bus tickets, cancelled due to the lockdown, from the transport company. We do not know yet if we will organize a trip for the JDLL 2021, but it seems rather unlikely for all the reasons mentioned above (motivation, time, health situation).

However, it is unlikely that we will be able to get the 413 euros of hotel expenses back. We have a voucher to be used before June 2021; we will think of a way to use it.

Progress of the other work of the association

The update of our technical report and the complete rewriting of our website are still pending, we don't know when we will be able to complete these tasks.

What else?

The headmistress of 42, Sophie Viger, officially announced to the students that Ubuntu will be installed on the school's Macs "by October 2021": not as a dual-boot, but as the only operating system, because according to her, "the open-source values correspond more to the values of 42", among other reasons. This system would be installed on all 42 Network campuses worldwide.

Have a nice day and see you soon!

N&B

Après deux mois (encore !) de travail sans relâche, il serait temps de donner quelques nouvelles ; et autant faire en sorte qu'elles soient bonnes.

Voici un compte-rendu de nos activités jusqu'à présent.

Ouverture des adhésions

Ça y est, on peut se le permettre ! Après avoir ouvert un compte en banque et obtenu une assurance, nous pouvons ouvrir nos adhésions et nos dons.

Nous avons fait le choix de HelloAsso (service français), qui utilise LemonWay (français également) pour gérer les paiements.

Nous proposons cependant quelques moyens de paiement alternatifs et respectueux de la vie privée de nos utilisateurs.

Pour plus d'informations sur les adhésions et les dons, c'est par là :)

Le service mail

On a mis en place un service mail ! Il ne sera en revanche accessible que pour nos adhérents, bien que nous espérons ouvrir un maximum de services aux utilisateurs non-adhérents sur le moyen terme.

Pour savoir ce qu'on a utilisé, vous pouvez regarder notre rapport technique.

Pour plus d'informations sur ce service mail, c'est par ici.

Le site web

Le gros du travail : on se disait que le site web commençait à dater (ça fait deux mois 😁), donc on a tout retravaillé pour ajouter l'espace adhérent, connecter une base de données (PostgreSQL) et faire en sorte que le site communique avec le service mail.

Conférence de présentation

Le 10 mai, nous avons tenu une conférence de présentation en interne à 42 (pas de diffusion ni d'enregistrement) pour se présenter aux élèves.

Il s'agit d'un premier contact avec une communauté peu sensibilisée voire quelque peu réticente de prime abord : quand nous avons une conférence d'un GAFAM tous les deux mois à l'école, c'est difficile de faire face.

Malgré tout, en tant qu'association de l'école 42, nous avons généralement la priorité sur la réservation de l'amphithéâtre pour des conférences par rapport aux entreprises. Un constat rassurant et motivant, surtout quand nous savons que les GAFAM ont les moyens financiers d'organiser et de planifier leurs activités à l'école (faire venir des équipes, organiser des buffets, etc.).

Les JDLL

On était aux JDLL cette année ! Pas de conférences ni de stand pour nous, mais de jolies rencontres.

Nous avons pu revoir nos amis de chez Picasoft et rencontrer Elukerio, un CHATON qui fait des merveilles. Sans oublier nos camarades de l'April, Framasoft, Colibre, Haiku...

C'était un très bon moment et nous sommes d'autant plus motivés pour présenter une conférence à notre tour lors d'une prochaine convention :)

Nous avons aussi rencontré Philippe Borrel lors de la diffusion de son film "La bataille du Libre".

Invitation de Philippe Borrel

Cette dernière rencontre nous a permis d'organiser, le 15 mai, une séance de diffusion du film "La bataille du Libre" à l'école 42, ce qui fait l'objet de cet article. Il s'agit de notre première invitation d'un intervenant extérieur :)

La suite des évènements

Passé le mois de mai commenceront les Piscines, les épreuves de 42 où sont évaluées les nouvelles recrues.

Chaque piscine dure un mois et nous en avons quatre (de juin à août), suivies de la rentrée en Novembre.

À cause de ces épreuves, nous ne pourrons pas nous permettre d'organiser beaucoup d'évènements, surtout avec des intervenants extérieurs ; cela dit, ce délai nous laisse le temps d'avancer sur notre cursus (n'oubliez pas, nous sommes des étudiants !) et d'ouvrir quelques services de plus, dans le meilleur des cas !

Nous serons ainsi prêts pour organiser plus d'activités dès Novembre... Et peut-être rejoindrons-nous entre-temps les CHATONS ;)

On vous tiendra au courant !

À bientôt,

N&B

This January 25, 2021, 42l celebrates its two years!

This Thursday, January 21st, we held our annual General Assembly by videoconference, with 15 participants.

This second year, quite chaotic for everyone, was rather well lived by 42l, thanks to your generosity.

We especially thank the company Code Lutin and the association CPP42 for their generous donations which allowed us to stay afloat!

Here is an article to summarize the decisions we took during this GA.

Key elements

• Transcript of the General Assembly (slides)
• Transcript of the Administration Council.
• Financial report for the year 2020.
• Moral report of the year 2020.

General presentation

With this presentation, we have drawn up a moral assessment of the 42l activity in 2020: 42 members, many source codes published, a few events and the beginning of a transition to videoconferencing to adapt to the health crisis. Service maintenance also represents a significant part of the time spent on the infrastructure.

A financial balance sheet has been drawn up. 42l recorded a surplus of 839 euros, an amount that exceeds all our expectations this year.

There are however some points of vigilance, exactly the same as last year: the time-consuming aspect of the association, the lack of support (2 people do 90% of the work), some difficulties with the school (but above all, with the confinement!) and finally the need to solidify the structure of the server: backup, redundancy, monitoring.

And finally, in spite of the numerous source codes published this year, the code of our web platform is still not free, because we didn't have the time to take care of it seriously: it is necessary to rewrite many components, it requires a lot of time and energy that we couldn't mobilize this year.

The provisional budget for the year 2021, approved at the General Assembly, amounts to 1800 euros:

• 650 euros for the printing of 100 T-shirts, if it is possible for us to organize stands again by the end of the year ;
• 300 euros for communication costs (goodies, stickers, business cards, flyers...) ;
• 200 euros for travel expenses, to cover the travel expenses of our members and our external speakers;
• 170 euros of fixed operating costs (bank, insurance);
• 400 euros for technical expenses (renewal of our three domain names and all expenses related to the servers and technical infrastructure of the association) ;
• 80 euros for consumables and administrative supplies.

More information can be found in the minutes and slides above.

The General Assembly then debated on the topics on its agenda. Below is a summary of the notable decisions that were taken:

Uses of vouchers - JDLL 2020 trip

We had prepared an organized outing to the JDLL 2020 for 8 students, which had to be cancelled at the last minute because of the lockdown.

Unfortunately, after long email exchanges, the transport and hotel companies only gave us vouchers for a future trip.

So we end up with these vouchers on our backs:

• 210 euros of vouchers for the bus, which will expire on March 31, 2021 ;
• 433 euros of vouchers for the hotel, which will expire on June 31, 2021.

We thought together about how to spend these vouchers in 2021, but the discussion, which was inconclusive, has been put on hold and will be discussed later.

Memberships and service renewals

The amounts for membership in the association remain the same as the previous year.

As the association is not in financial difficulty, access to services is always maintained for those whose membership fee has expired.

Donations to other structures

The Board has suggested the possibility of donating part of the association's assets to other structures that pursue the same objectives of 42l.

It was decided to wait until June before considering this possibility in order to ensure that the association's cash flow could cover the losses related to the health crisis.

Financing of our current server

When we contacted our hosting provider, Proxgroup, a year and a half ago, we presented ourselves as a student association with limited means. Proxgroup agreed to generously offer us free hosting.

We now have the means to cover these hosting costs and would like to inform Proxgroup of this.

42l secondary server with Rhizome

The implementation of the 42l secondary server, initially planned in March but delayed due to the lockdown, is still pending.

It has been decided to acquire an additional VPS server from another hosting provider for the time being, in order to set up in the short term vital services for the current needs of the association, namely a monitoring system, automated backups, an online collaborative office suite and, if possible, redundancy.

Highlighting of external events

Given the health situation which offers new possibilities for videoconference interventions, it was suggested to promote in the school external events, by videoconference, which are not organized by 42l but have similar goals.

Election of the Board of Directors and Officers

The Administration Council is responsible for acting as a link between the Bureau and the members. It advises the Bureau on decisions to be taken. It is not necessarily involved in the regular activities of the association, but it is required to respond within a reasonable time when requested to do so and each member may leave the Council upon simple notification.

Six persons have applied to be members of the Board of Directors : Alex, Brume, Doc, Mina, Neil and N2r. A seventh person is also likely to join the team shortly.

They were elected unanimously.

The election of the Bureau, voted by the members of the Board of Directors, was then held. The Bureau of the previous year was again renewed for the coming year. It is composed of :

• Neil, president;
• Brume, treasurer.

In conclusion

We hope that we will be able to organize more events than last year!

Thank you to all the participants for taking part in the decisions, and thank you to the readers for following us again.

Special thanks to Doc, secretary of the meeting, for writing the minutes of the GA.

See you soon,

~ N&B

We held a debate on employability in the field of free software and its ethical implications with Carl Chenet, following his conference on 19 November at the 42 school.

The debate was restricted to a small circle and brought together 13 people around this theme.

We initially wanted to focus the debate on specific points, but the participants were able to lead the debate without our intervention.

Credits

Brume took care of taking notes and writing the report.

Pohl translated the document in English.

Resources

Here are some useful links for the topic addressed:

• LinuxJobs platform
• Carl Chenet's blog

Report

Introduction by Carl Chenet

Generally speaking, the purpose of a company is to earn money. Everything is concrete, pressing, in case of problems, we make temporary solutions over temporary solutions... The notion of ethics is therefore misunderstood, there is a certain distance between companies and ethics. Thus, to choose which company you want to work for properly, you have to estimate your personal level of ethical tolerance in relation to the company.

Student reaction: In my opinion, a company has to make money, to be lucrative. Not everything that is ethical pays off, it is even often the opposite, so companies are not interested in ethics.

Carl's reaction: With the popularization of social networks, the influence on the Internet, the image we show is extremely important. Therefore every organization tries to be really careful about its image, in order to appeal to the users. Ethics being mostly well regarded, companies often tend towards an ethical image, and therefore ethical actions. Social networks could therefore be a tool to promote ethics.

The word "ethics" is used a lot, but what is its definition? We could take the example of an energy company. It would be ethical if it had ecological cohesion, a certain respect for well-being, the desire not to damage the environment. Ethics is profitable in the long term, but not in the short term, which would not match to the vision of a company that carries out temporary actions over temporary actions.

A student sees wage-labour as a way to earn money, without any other interest, extremely pessimistic.

Another student says they are interested in companies with a foothold in libre software and culture, such as Nextcloud, because these kinds of companies look ethical, which would be appropriate for them.

Proposed alternative definition of ethics: A set of moral and social values. In some companies, there is a real ethical purpose. Unfortunately, there are often "capitalist abuses". This is the case with the GAFAM, for whom personal data is of real profit interest, despite their primary use. A company like Nextcloud, to take the example mentioned above, does not have such a lucrative interest, so it has no direct interest in selling personal data.

Carl gives another example: the case of Google. In this company, employees are treated extremely well. So could we consider it ethical? Yet these employees rebelled [Dragonfly project]. This suggests that the definition of ethics is subjective.

The case of Cambridge Analytica was mentioned: a private company that used public Facebook data to establish statistics on the political opitions of American citizens, and then use them to influence the vote during presidential elections in order to reduce the rate of white ballots and astention, through targeted advertising on Facebook users.

Carl tells us: He was a sysadmin in a company that creates blogs. He received a letter rogatory (a legal act whereby a judge requests information, without the possibility of refusing). He had to give personal information on users, more precisely report and certify the content of blogs. It was against his ethical values, so Carl didn't want to work with these judges. However, he was told that he had to obey his company. So he decided to say no, and quit his job.

This shows that there can be a real confrontation between legal and ethical issues.

Many companies have an ethics charter that is supposed to represent the company's vision on ethics. This can give you a first impression of the company you are contracting with. In Carl's case, the request seemed horrendous and not in line with this ethical charter.

A student asks if such a request is legal. Carl replied that it is. Many students are surprised. Others explain the principle of "Fiche S" (e.g: Registered for suspicion of terrorism in France) to them: users can be carefully monitored as soon as they install Tor, Linux, or post suspicious comments on social networks. As in the United States with subpoenas, it is not allowed to refuse this kind of request for personal information in France.

The debate is centered back on a question: how to avoid that a company's pursuit of profit gets in the way of the free software development process?

It is firstly a question of personal ethics: a person or community developing free software will generally have a certain ethics that will prevent the pursuit of profit (otherwise, the software would not be free).

It is also possible to have a desire to change, to impact society. It is then possible to join a company in order to slightly impact your colleagues, your environment, the world around you...

A student asked whether this would be exclusively valid for small businesses. The answer is no: all large companies use free software. There are many reasons for this: maintenance, price, efficiency... but not ethics: developers sometimes use free software to create proprietary ones.

Example of "Freebox" (a French internet provider's router) on which it was written "for rent" because Free used the Linux kernel with modifications not publicly available. Because of this, the license did not allow the products to be sold, so they were leased.

There are other cases where developers take a free software, change the logo, the name... and make it into a proprietary and expensive product. This demonstrates that licences are not always respected.

This justifies in particular the recent success of licenses such as the MIT license, because they allow to "close" a free code, which the GPL license does not allow. There are other alternative licenses, considered non-free, such as the MPL, which is a "non-violent" license: it prevents violent use of the code. For example, it is prohibited to use a code under this license to perform a murderous program.

A question then arises: If a company can pay people to work on the Linux kernel full-time, therefore on a free software, but with the objective of implement it on drones that will kill people, is that ethical, or not?

Unfortunately, this question does not really have an answer.

Developers do not "just" write programs. Society does not realize the importance of digital technology. This is a huge responsibility on the backs of developers. Each developer can be seen as one of the cogs of a huge machine: each cog taken individually is harmless, or at least believes it is, when in reality, the whole machine can be extremely harmful. This is why there is a great need for awareness and ethics in the computer industry.

A student asks: but what if a developer doesn't know what they are doing? What if it's ignorance? Are they still at fault?

No matter the situation, the "fault" is there. There is virtually no difference of outcome, regardless of whether the person is ignorant or malicious. Example of the screwdriver: the person who invented the screwdriver is not at fault or even responsible for the person who designed a bomb with the screwdriver.

Future developers must therefore be sensitized. It is necessary to be aware of our actions, of what we are capable of doing, to think about the consequences of these actions, of what our code could be used for.

A student warns against achieving technical prowesses at the expense of what will be done with them: they give the example of a friend of theirs who was very happy at the idea of having succeeded in creating facial recognition software for a large company, because they had taken great pleasure in making it.

Society dehumanizes people, infantilizes them. They are not invited to think about what their code will be used for. They are not included at all in the use of their work.

Carl agrees: it is important to measure the impact of your actions, to ask yourself if it is still ethical. Sometimes developers are not even informed of the finished product they are developing for.

Example of Netflix: a great platform for the users. It's practical, simple, there are many choices... However, behind it, there is a significant ecological impact: the quantity of stored videos, the majority of which will only be viewed by a minority of people, requiring a huge number of servers, which leave a significant ecological footprint.

We can rarely predict the future use of what we are currently building. It is therefore important to keep a course. When working as an employee, there is certainly a subordination link, but nevertheless, the developer has a lot of responsibilities.

A student presents another point: lithium, a crucial electronic component, which is becoming a scarce resource, to the point where wars are being started to obtain it. It is therefore questionable whether designing an energy-intensive program, which will require larger computers, is a lack of ethics, since it indirectly "causes" wars. Creating optimized programs could now be required to be considered ethical. Ethics can therefore evolve. To what extent can something be considered an ethical need?

Carl's summary: Ethics is extremely variable and different for everyone. It is everyone's duty, as a human being, to consider the consequences of our actions.

English translation by Pohl.

Bonjour !

La rentrée approchant à grands pas, nous arrivons avec quelques nouvelles.

Deux nouveaux services disponibles !

Afin de bien commencer l'année scolaire, nous vous proposons deux nouveaux services.

Service Git

Vous n'êtes pas sans connaître l'incontournable outil de développement Git. git add, git commit, git push mais pas que...

Mais peut-être en avez-vous marre de Github. Peut-être ne savez-vous pas vers quoi vous tourner. Le service Git vous permettra d'héberger vos codes source en toute sécurité et dans le respect de votre vie privée.

Nous utiliserons notemment ce service pour héberger, progressivement, le code source de notre site (42l.fr) ainsi que de nos fichiers internes.

Ce service est réservé aux adhérents : vous pouvez vous créer un compte depuis votre espace adhérent. Il n'y a cependant pas besoin d'être adhérent pour parcourir les dépôts publics.

Il s'agit d'une instance du logiciel Gitea. Ce logiciel est sous licence MIT et le code source est disponible ici.

Service Nitter

Twitter est l'un des réseaux sociaux les plus utilisés. Malheureusement, leur plateforme nuit aux libertés fondamentales de leurs utilisateurs avec des outils avancés de pistage, de recommendation ciblée et une politique de confidentialité qui laisse vraiment à désirer.

Cependant, nous concevons que la plupart d'entre nous ne peuvent s'en passer et que tout le monde n'est pas sur Mastodon.

Le service Nitter vous permettra de rechercher des comptes, lire des tweets, voir les réponses... Sans passer par Twitter, ni avoir de compte sur leur plateforme (il ne vous permet donc pas d'interagir avec les tweets).

Ce service est ouvert à tout le monde. Il est basé sur le logiciel libre Nitter, developpé par zedeus. Le logiciel est sous licence AGPL 3 et le code source est disponible ici.

Notez que le logiciel est encore en phase de développement et qu'il ne répondra pas tout de suite à toutes vos attentes.

Le serveur Tor

Comme nous vous l'avions expliqué dans l'article Migration chez Proxgroup !, nous avions mis en place un relai Tor sur notre serveur chez OVH, en attendant la fin du contrat.

Ce contrat ayant pris fin le 25 août 2019, le relai Tor est désormais fermé.

En 30 jours de fonctionnement, ce relai a envoyé et reçu environ 5100 GB de trafic.

C'est sans compter la période d'inactivité de 14 jours durant ces 30 jours, le temps que le relai s'initialise.

Traductions en anglais

Le nombre de pages traduites en anglais a drastiquement augmenté ! Nous remercions grandement Fabien, l'un de nos premiers adhérents, pour son travail terriblement efficace.

De plus, en réponse à quelques retours, lorsque vous visitez une page non traduite, vous tomberez dorénavant sur la version française avec un bandeau vous informant que la page n'existe pas dans votre langue.

Agenda

Une icône Agenda est maintenant visible sur la page Accueil. N'hésitez pas à l'utiliser en savoir plus sur nos activités !

Plus d'informations sur l'Agenda dans cet article.

Actions à 42

Chaque mois, nous tenons un stand à 42 pour parler de nos actions, répondre aux questions des étudiants et leur proposer des stickers. Nous avons jusqu'à présent tenu 5 stands d'affilée !

Les stands ont beaucoup de succès, les étudiants sont contents de venir nous poser des questions pour en apprendre plus sur le libre ou notre association.

Les piscines, épreuves de sélection de l'école 42, arrivent à leur fin. La rentrée approche ! Il y aura une rentrée en Octobre et une en Novembre. Nous comptons donc commencer sérieusement nos activités dès Novembre : conférences, débats, diffusion de films...

Notre première conférence sera sur la monnaie libre Ğ1, présentée par plusieurs de ses développeurs et contributeurs. Elle sera suivie d'un débat.

Vous pouvez utiliser l'agenda pour connaître la date des futurs stands et autres activités.

Maintenance des services existants

Suite à une discussion avec FDN, nous avons rajouté un cache sur le service DoH. Il devrait donc être plus rapide et moins soliciter leurs serveurs.

Nous avons relevé (depuis plusieurs mois déjà) une sollicitation croissante du service Liens par des bots. Nous avons utilisé fail2ban afin de réduire le trafic mais ce n'est qu'une protection primaire. Nous allons être amenés dans le futur proche à remanier le service afin de le rentre imperméable aux spams.

Merci de votre lecture, bonne rentrée aux étudiants et à bientôt !

~ N&B

Hello,

We invite you to discover the free currency Ğ1 (pronounced "june") through a conference organized by several developers and active contributors within its ecosystem (Attilax, Vit, Eloïs and/or Paulart).

The conference will last two hours in Amphi, on Wednesday 13 November from 14h30 to 16h30.

External visitors can attend the conference under the following conditions:

• You must notify us of your presence (via Mastodon or by email, waiting for the implementation of event management software);
• You must notify us at least 12 hours in advance;
• You must be present in front of the school at least 15 minutes before the start of the event.
• Have a ID to enter the building (not required by us but by school's security).

We can accommodate a maximum of 10 external people (not including speakers).

The conference will be recorded: you will find it after a few weeks on the studios42 YouTube channel (42 school channel) under a free/libre license.

Ethical talks #1: Cryptocurrencies and their challenges

We organized a debate, following this conference, on cryptocurrency-related issues with the Ğ1 contributors.

Participants are free to exchange thoughts and ideas on the economic, societal and political stakes of cryptocurrency through the following issues:

• What is the difference between a free currency and a non-free currency?
• How to obtain a social consensus among the actors of a cryptocurrency?
• What are the issues and consequences of anonymity on the monetary network?
• Should we free ourselves from financial intermediaries?

Places are limited. It is strongly recommended to attend the conference before the debate in order to be able to understand and follow the discussions.

External visitors cannot attend the debate, but we will provide a summary on the site.

Link to the debate summary

See you soon,

~ N&B

English translation by Fabien.

Hello!

We have invited the Paris based association Parinux the 26th of October for an install party at the 42 school (TDM) for the afternoon.

This is an opportunity for students to discover the various Linux distributions, test them on their terminals and meet the main players of the Libre community in Paris.

A snack have been organized for the participants.

For students, registration is possible through the school intranet.

See you soon!

~ N&B

English translation by Fabien.

Suite à l'assemblée constitutive du 12 janvier 2019, l'association 42l est officiellement déclarée au Journal Officiel des Associations et des Fondations d'Entreprise.

Nous rappellerons son objet, défini entre les membres de l'assemblée constitutive : >Soutenir, en France et à l'étranger, la promotion et la diffusion du numérique, de la culture libre et plus particulièrement du logiciel libre par l'organisation de conférences, d'ateliers, de cours, d'évènements, la publication et la vente de contenus, l'enseignement, la R&D, la production, la création, le conseil, l'étude ou tout vecteur servant cet objet.

Vous pouvez retrouver nos statuts et notre règlement intérieur sur cette page.

Passée cette étape, nous nous sommes consacrés à la création du site web. Nous poursuivrons notre lancée avec les habituelles formalités administratives dont toute association est sujette :

• Création d'un compte bancaire ;
• Obtention d'une assurance.

Nous avons aussi fait l'acquisition d'un serveur VPS auprès d'OVH au nom de l'association afin d'y héberger nos services et notre site web.

Dans l'optique de décentraliser notre infrastructure, nous envisageons un éventuel changement d'hébergeur sur le long terme. Cependant, nous souhaitons toujours privilégier les hébergeurs français afin de rester sous la juridiction française, à moins que nous ayons la possibilité de renforcer la vie privée de nos utilisateurs dans un autre pays pour un coût raisonnable.

~ N&B

Today marks the end of our fourth awareness campaign at 42, from November to June.

To give a quick review of this year, we organized:

• Eight conferences with Neil (including one at 42 Angoulême, 42 Lyon and at the JDLL 2022);
• Three conferences with an external speaker, supervised by Claire;
• An install party;
• A privacy workshop;
• A booth at the JDLL 2022 in Lyon;
• Six meetings of our board of directors, in addition to the annual general assembly (we are prone to reunionitis!...) ;
• And a few aperitifs (we need to decompress a little).

The "Piscines" (the entrance exams) are about to start in 42 Paris, so the association will work in slow motion by organizing only one stand per month. An opportune moment for us to take some summer vacations...

... So? Did you believe it?

Of course it was a joke, we are not going to rest at all this summer because we are going to mobilize all our forces to transform the association!

42l will change its name!

For three months and five meetings of our Board we have been looking for a new name for the association. After 76 proposals and a few votes, we still haven't found the name that suits us and our team is running out of steam, but we'll get through it.

We want to rename the association so that we are no longer associated with the identity of 42, because our student association is going to leave the school! We will soon begin the administrative procedures to relocate our headquarters and rename the association.

We have really enjoyed exercising this counter-influence at 42 Paris, through our awareness activities. That said, we can't stay students for life, and we are struggling to pass the torch: to get involved in the association, it is necessary to understand and reappropriate the ethical and social stakes of the free software movement, and to let oneself be impregnated by the philosophy and the culture it carries. This takes a lot of time to infuse (like an herbal tea?) and very often, the students will have finished their studies before being able to fully grasp these issues and embody them in their turn.

And then, we are attached to our structure, we would have difficulty to "leave the baby" behind, even with people already sensitized (that we sometimes meet at 42!).

This is why we intend to keep the same people at the head of the association and expand our perimeter of activity (by leaving 42) to continue to raise awareness in other establishments: colleges, high schools, media libraries, universities... The possibilities are numerous, and we will decide according to our means.

If Neil has held eight conferences in the last few months, it was mainly to practice, to work on his speech to hold it in other places.

That said, rest assured: doing counter-influence is in our DNA, and we fully understand the challenge of continuing this effort in training institutions like 42, which is why we will maintain as long as possible an "antenna" of the association in 42 Paris to relay speakers there, and keep part of our team on site to organize activities. For that, we will have to find enough motivated volunteers on the spot to maintain this antenna on the long term.

In this same idea of "antenna", we would like to put into practice an accompaniment of student initiatives in different schools that wish to promote free culture at their scale, by putting them in touch with free culture speakers. We would then serve as their contact point. It's an idea that will take some time before it becomes a reality, but we will think about the next steps to make this possible.

For those of you who have an @42l.fr email address, don't worry: we're keeping that domain name, in addition to the new name.

Feel free to give your opinion on this new name in comments on Mastodon and Twitter :)

We're moving!

Life in Paris is difficult, so Neil and Brume will move in the next few months. As the association exists essentially through its leaders, it is possible that it will also move, depending on the possibilities that are offered to us. We may therefore develop some of our activities elsewhere than in Paris.

However, we plan to make occasional trips to Paris to keep in touch with the 42 Paris antenna and continue to organize conferences there.

A salaried team?

We are going to ask for accreditations and subsidies in order to remunerate some of our members. Maybe only one person will be paid at the beginning, part-time, maybe it will be first internships or alternations before considering the Holy Grail called the Minimum Wage, maybe we won't get the funding we would have liked from the beginning... But we will try. We are moving towards the unknown but at least we are moving forward.

In the long run, we hope to stop depending on subsidies and instead rely on the generosity of people like you who are reading this. As an association recognized as being of general interest, we could perhaps count on this possibility which would guarantee us a real independence.

Rewriting the website

Our website is about to undergo a major redesign. Its development is already in progress. This is the biggest project ever done on our tools since the creation of the association.

This web platform will be separated into three distinct modules:

• We will use the static site generator Zola to manage our articles and pages.
• The member area will be redeveloped internally, and will offer a unified authentication system (SSO), notably with our member services.
• The management interface of our mail service will also be redeveloped internally. We will make it easily deployable, so that other people can reuse this service in other structures.

In addition, we will completely rewrite our technical report. A dedicated page is no longer enough, we will have to use specialized software like Read The Docs or BookStack - or maybe just use our Zola generator for these purposes.

We will also have to prepare to rename all our pages, all our tools, to replace 42l with the future name of the association.

The calendar

Here is the ideal schedule, which will probably not be followed to the letter and will be subject to re-evaluation as needed.

• The change of name and headquarters will be decided in an Extraordinary General Assembly. Invitations will be sent out shortly, to set a date around the end of July.
• Our new website will be released during the summer (late August ?), first with the implementation of Zola. The update of the member's area will follow.
• The first applications for domiciliation, accreditation and even grants will be sent out in September 2022.
• The rest will depend on the answers we get to these requests. You will hear from us before then.

See you soon,

~ N&B

Bonjour !

De retour de PSES 2019, nous vous apportons quelques nouvelles.

Pas Sage en Seine

Commençons par un résumé de nos activités en convention. Nous avons tenu un stand au festival du 27 au 30 juin, sous la canicule, aux côtés de nos camarades de Elukerio et Picasoft, avec lesquels nous avons échangé autour de nos infrastructures.

Nous disposions de peu de matériel et de moyens, mais nous avons mis en place une nouvelle activité ludique : plier des origamis en forme de grue, à l'image de notre logo.

Nous avons rédigé un article dédié sur l'origami que nous vous invitons à lire ici.

Nous avons passé un excellent moment au sein de la communauté libriste et remercions chaleureusement les bénévoles et organisateurs du festival pour leur remarquable travail.

Nous noterons toutefois que la majorité des questions qui nous étaient adressées tournaient plus autour de l'école 42 plutôt que sur notre association.

Il a notamment fallu faire face à quelques questions et remarques telles que :

• « Et alors, Tonton Niel, il vous donne combien ? »
• « Mais le staff de l'école ne vous empêche pas de sensibiliser les élèves ? »
• « Bah, de toute façon l'école est gratuite. Quand c'est gratuit, c'est toi le produit... »

Comme nous pouvions nous l'imaginer, nous constatons ainsi un réel enjeu de sensibilisation, autant auprès des élèves de l'école que les libristes ; nous espérons par ailleurs entendre un peu plus de questions sur nous (nos services, notre infrastructure, nos conférences, ...) lors de la prochaine convention ;)

Stands à l'école 42

En parlant de sensibilisation des étudiant.e.s à 42, nous allons poursuivre nos stands mensuels jusqu'à la fin de l'été.

Plusieurs étudiant.e.s nous ont demandé si nous disposions d'une liste des organisations du Libre dont nous exposions nos stickers et dépliants sur notre stand.

Nous avons donc ajouté la page Nos amis (dans "À propos") sur laquelle nous listons les organisations avec lesquelles nous partageons des valeurs, des principes voire des liens d'amitié.

Il s'agit d'une façon pour nous de remercier les associations qui nous ont aidé, ou simplement celles que nous aimons bien, afin que les étudiants de l'école puissent découvrir les acteurs du logiciel libre dans le monde.

Nous ne pourrons pas mettre tout le monde, mais nous allons commencer par toutes les organisations qui nous ont gracieusement fait parvenir des goodies pour notre stand.

CHATONS

Une grande nouvelle depuis hier : le Collectif des Hébergeurs Alternatifs, Transparents, Ouverts, Neutres et Solidaires s'est prononcé sur les candidatures des futurs membres du collectif, y compris sur la nôtre.

Nous avons reçu 18 votes pour et 0 vote contre et sommes donc désormais un CHATONS !

Merci aux membres du collectif d'avoir pris le temps d'examiner notre candidature :)

Pour rappel, la Charte que nous nous sommes engagés de respecter en tant que membre du collectif est consultable ici.

Quoi d'autre ?

Deux nouveaux services sont en préparation pour les semaines à venir.

Nous allons aussi entamer sérieusement les démarches pour publier notre code source.

À bientôt :)

~ N&B

This January 25, 2020, 42l celebrates its anniversary and officially survives its first year.

This Tuesday, January 21st, we held a combined General Meeting (ordinary and extraordinary) at 42. It was the first GM of the association. 15 people attended this meeting, accompanied by some aperitifs.

After this eventful first year, we had a lot of subjects to deal with and decisions to take concerning 42l. Here is a summary as well as explanations of the decisions taken.

Key elements

• Transcript of the General Meeting (slides)
• Transcript of the Administration Council
• 2019 financial report
• 2019 moral report

General presentation

With this slideshow, we have reviewed on the 42l actions over the past year: 45 members in 8 months, 7 services, many events helded, member of the CHATONS collective. The growth of the association, which is still in its infancy, has been lightning. We can therefore be quite satisfied.

A financial report has been written. 42l records a surplus of 284 euros, which is a success considering the difficulties encountered in the early days of the association.

The overall picture is therefore quite positive: financial success, operational services, good public at school 42 and outside...

However, there are a few points of vigilance: the time-consuming aspect of the association, the lack of support (2 people do 90% of the work), some difficulties with the school and finally the need to solidify the server structure: backup, redundancy, monitoring.

Some failures followed: the web platform is still not free, the work is not delegated enough and two conferences at the school had to be cancelled.

For the year 2020, we therefore plan to delegate tasks, improve the structure of our server, rework the UX of our website and keep a constant rhythm for the organized events.

The provisional budget for the year 2020 has been presented and approved (~2000€).

More information can be found in the transcript and the slides above.

The General Meeting then debated on the topics on its agenda. Below is a summary of the noteworthy decisions that were taken:

Membership and renewal of services

During 2019, the contribution is at the price you want, starting from 10€. The General Meeting decides to maintain this amount for 2020. The moral memberships have been added, their membership fee is determined according to the size of the structure wishing to join.

We had initially considered restricting the services of members whose membership expires, as we did not know how the association would evolve.

It turns out that the association is doing well financially and that we still have room for improvement with regard to our technical constraints. The General Meeting has therefore decided to let access to the member-only services after the expiry of their membership, with no time limit, as long as the association is doing well.

This subject will be discussed again at the next General Meetings: the opinion of each member present will be heard and no decision will be taken at this level without a vote. In the worst case, if we can afford it, a delay of several months will be left to each member to give them time to find another CHATONS member who will be able to provide for their needs.

"Unhash" the pseudonyms in the database

For security reasons, the pseudonyms of the members were hashed in our server database. We thought we could significantly improve the confidentiality of data in case of hacking by hashing emails, passwords and pseudonyms.

We now realize that this causes a lot of complications and unnecessary difficulties for not much. Because an account, beyond being an entry in a database, represents a human being behind it, whom we have probably already met and with whom we have exchanged a few words. Especially in the associative environment where we are always immersed in human relationships, it is more difficult to maintain a database containing anonymous entries than pseudonyms representing people we know. Not being able to find out who joined the association is a problem.

For these reasons of maintenance and practice, the General Meeting decided to "unhash" these pseudonyms using our accounting database, stored off-site, which records each membership. This challenge is feasible because it remains on a human scale, with less than 50 entries in our database.

Inclusive writing

As an association of the free, our ethical principles constitute the foundations of our structure.

Being also aware of other subjects such as the fight against harassment or discrimination, gender or the place of women in our society, we proposed to the Meeting the decision to write our articles, pages and other official announcements in inclusive writing, epicene or any other non-discriminatory writing style, as much as possible.

This decision was approved by a majority, despite the 30% abstention rate.

We invite you to read this excellent article from Framasoft which is a quite accurate description of our state of mind.

Memberships in Ğ1

Note: It's pronounced "june".

Last November, contributors to the Ğ1 (Attilax, Paulart, Hugo Trenteseaux and Vit) came to hold a conference on free/libre money at school 42. We then wondered if it would be a good idea to accept memberships in Ğ1. The goal would be to give some visibility to the Ğ1, and to contribute to the economy by making membership possible.

We believe that this will not give us too many constraints (few people are likely to subscribe in Ğ1), from an administrative or financial point of view, so we should be able to afford it at our level. The Ğ1 collected could perhaps allow us to buy material for the association, for example.

The decision was accepted by the General Meeting.

We therefore now accept memberships in Ğ1 at the price you want, starting at 15 DU (currently about 150 Ğ1), for an annual fee. A membership in Ğ1 gives access to the same services and privileges as a membership in euros. It is possible to renew a membership with the currency of your choice.

To subscribe in Ğ1, please fill in the membership form.

You can also make a donation in Ğ1.

Twitter account

The Meeting was asked about the idea of creating a Twitter account in order to continue the awareness work of the association outside of Mastodon and PeerTube, which reaches an already aware public.

The Meeting endorsed the idea on condition that this Twitter account be used solely for awareness-raising purposes.

The association therefore now has a Twitter account, which will serve only as a mirror account of our Mastodon account.

Services

The usefulness of setting up a webmail for the mail service was discussed. This could be useful for nomadic, uninitiated people or associations.

The Meeting approved this proposal, so it was implemented on the Nextcloud service.

Event suggestions

It was proposed by the members to organize more meals (the "Repas du Libre" organized in December was a success). This allows us to create links within the association, and to bring a little financial help while having a good time.

It was also proposed to organise conferences or workshops related to the services offered, to learn how to use them and promote them to students.

Modification of the Statutes

This General Meeting is called a "combined" General Meeting. That is to say that it is both "ordinary": various discussions on the guidelines to be followed, but also "extraordinary": it is necessary to edit the statutes of association. Several changes have therefore been made, including:

• the quorum rules, which did not correspond to the model of the association: many members join to support the association or to use the services, not necessarily with a view to participating actively in the life of the association;
• the memberships of legal entities as well as the memberships in Ğ1 were added;
• a new group of members, "Embassy Delegate" has been added: these would be representatives of the 42l association in other campuses of the 42 Network. We may have the opportunity to discuss this subject in other articles.
• it is now possible, under certain conditions, to add members to the Administration Council without going through a GM.

The modifications were approved by the members present.

Election of the Administration Council and the Bureau

The Administration Council is responsible for acting as a link between the Bureau and the members. It advises the Bureau on the decisions to be taken. It is not necessarily engaged in regular activities within the association, but is required to respond within a reasonable time when requested to do so, and each member may leave the Council upon simple notification.

Five persons have applied for membership of the Administration Council : Allan, Alex, Doc, Mina and Steven.

They were elected unanimously. In addition to the two current Bureau members, this makes seven people in the Council. Two persons have also expressed their willingness to join the Council in the near future.

The election of the Bureau, voted by the members of the Council, was then held. The Bureau of the previous year is renewed for the coming year. It is composed of :

• Neil, president;
• Brume, treasurer.

In conclusion

This General Meeting was a real success! We have a lot of hope for the future of the association. Thank you all for taking part in the decisions, thank you also to the readers who are still following us.

Special thanks to Doc, secretary of the meeting, for writing the transcript of the GM.

~ N&B

English translation by axpio and Neil.

L'association 42l a été fondée au sein d'une école d'informatique connue sous le nom de l'école 42.

Juridiquement déclarée au nom de l'Association 42, elle fut fondée par le franco-milliardaire Xavier Niel en 2013.

En connaissance des tensions d'origine politique ou éthique avec la plupart de nos amis libristes, il convient de faire entendre notre avis personnel sur cette école en tant qu'étudiants libristes en son sein.

Une école qui se veut "disruptive"

L'une des premières idées qui peut vous venir à l'esprit en entendant le nom de l'école reflète sans aucun doute l'image de son fondateur, Xavier Niel, PDG de la société Free qui a récemment lancé sa nouvelle Freebox qui inclut l'intrusif assistant vocal Amazon Alexa, un désastre pour la vie privée de son utilisateur.

On peut aussi rapidement avoir en tête cette photo de l'école avec les rangées de Mac, support incontournable de tout étudiant, qui évoque un certain élitisme que l'on peut aussi ressentir pendant la Piscine, examen d'entrée difficile et mémorable pour quiconque.

On en entend aussi parler comme l'école de la "Startup Nation", celle du pays de l'innovation et de la disruption, celle dont les entreprises s'arrachent les étudiants. Ces derniers relayent d'ailleurs une à trois offres d'emploi par jour en interne (souvent du web, n'abusons pas non plus) proposant des salaires parfois alléchants dans de petites startups françaises ou des multinationales au gros chiffre d'affaires.

Mais surtout, elle révolutionne complètement les méthodes d'apprentissage classiques. Se positionnant comme un cursus scolaire alternatif, elle s'expose aux inévitables critiques des enseignants et des partisans de l'Éducation Nationale.

N'oublions finalement pas que cette école privée est entièrement gratuite pour les étudiants et qu'il n'y a pas de "coût caché", si l'on omet évidemment le prix d'un loyer à Paris, que l'on peut malgré tout mitiger en étant éligible à la bourse étudiante Grande École du Numérique qui, gérée par le CROUS, propose les mêmes échelons d'attribution.

Face à tous ces faits, il est toutefois plus que naturel de se poser des questions sur le rôle de l'école auprès des étudiants.

Une méthode d'enseignement en pair-à-pair

Mettons tout d'abord en lumière le cursus proposé par l'école 42.

Il s'étend sur une durée de trois ans, mais une majorité d'étudiants partent dès la première année en CDI à la fin de leur premier stage.

Sans compter cette majorité, nous devons théoriquement suivre le modèle suivant :

• Une première année au sein de l'école, puis un premier stage de 3 à 6 mois.
• Une deuxième année avec un second stage facultatif à temps partiel.
• Une dernière année avec un stage final d'une durée de 6 mois.

Aussi remarquable que cela puisse paraître, il n'y a pas de professeur dans l'école. Les membres du staff, salariés de l'association 42 (et souvent, anciens élèves), nous encadrent en s'assurant de nos bonnes conditions de travail, s'occupent de la paperasse administrative de l'association, de l'infrastructure informatique, etc.

Nous sommes donc livrés à nous-mêmes à devoir compléter un arbre qui ressemble plus ou moins à ceci :

Chaque cercle sur cet arbre représente un projet. Le but est de compléter le plus de projets possible en suivant les branches. Chaque branche couvre un thème assez large (graphique, algorithme/IA, adminsys, UNIX, kernel, virus, etc.).

Puisque nous sommes libres de choisir les projets qui nous intéressent, chaque personne a un cursus différent. L'école dispose de plus de 140 projets et le nombre ne cesse d'augmenter au fil du temps.

Enfin, le plus important : une grande partie des projets sont conçus par les élèves eux-mêmes. Tout élève qui se sent suffisamment à l'aise dans son domaine peut proposer un sujet à l'équipe pédagogique (membres du staff) qui peut ainsi le valider et l'ajouter à la liste des projets. C'est ainsi qu'un étudiant a conçu la branche Kernel qui vous apprend à créer votre propre noyau. Pas un Linux From Scratch, mais vraiment votre propre création, de zéro.

Par exemple, en branche système, nous avons des projets qui consistent, à réécrire le programme ls, ou une shell complète. L'inspiration est loin de manquer.

Le principe est alors très simple : vous avez un sujet vous obligeant à respecter certaines consignes (le programme doit fonctionner, il doit supporter tel ou tel paramètre, etc.). Vous avez tout le temps que vous voulez pour le faire, parfois à plusieurs selon le projet.

Une fois votre projet terminé, d'autres élèves viennent vous évaluer en suivant un barème d'évaluation. Une fois votre projet évalué par un certain nombre de personnes, il est considéré comme validé et vous fait gagner des points d'expérience qui vous permettent de monter en niveau et de profiter ainsi de nouvelles subtilités.

Et naturellement, en échange d'une évaluation, vous devez évaluer un autre élève. Vous pouvez potentiellement tomber sur un projet que vous n'avez pas encore réalisé et ainsi bénéficier des connaissances que votre évalué vous partagera, tout en respectant le barème d'évaluation afin que cette dernière lui soit utile. À l'inverse, vous pouvez tomber sur un projet que vous avez déjà réalisé et procéder à une évaluation plus pointilleuse de son travail, en échangeant sur les différentes approches et bonnes pratiques que vous avez employées pour faire face à la problématique du sujet.

Par ailleurs, il va sans dire que certains projets sont vraiment difficiles et travailler seul dans son coin devient vite impossible. C'est ainsi que l'école nous incite à demander de l'aide à nos voisins pour progresser, ce que la Piscine (examens d'entrée) nous inculque très vite.

Ce n'est que la version courte du programme et nous omettons tout un tas de subtilités, mais vous pouvez d'ores et déjà vous faire une idée du principe : le pair-à-pair (ou peer-learning comme ils l'appellent) change drastiquement des méthodes d'apprentissage classiques et fonctionne terriblement bien. Par le design même du système, les notions d'entraide et de mise en commun des connaissances de chacun sont acquises naturellement par ses acteurs.

Neil: En BTS Services Informatiques aux Organisations (2018), je me sentais enfermé dans un programme qui ne convenait à personne : le professeur, imbu de sa science qu'il enseigne depuis 20 ans, nous enseignait du Vanilla JavaScript tel qu'il était écrit pendant les années 2000. Le référentiel même de l'Éducation Nationale était déjà obsolète depuis très longtemps et même nos enseignants avaient perdu cette curiosité d'esprit qui les avaient attirés vers ce métier. Même les élèves n'étaient là que pour avoir leur diplôme et s'intégrer dans le marché du travail, pas par passion ou quelconque intérêt pour la matière. À 42, on écrit beaucoup en C mais le cursus est construit par les élèves eux-mêmes, tous emplis d'excitation et de curiosité insatiables envers les nouvelles technologies ; cela me donne l'impression qu'il ne sera jamais obsolète.

Une liberté d'apprentissage

L'école étant ouverte 24/7 et puisque nous n'avons pas de professeurs, le staff de l'école 42 (pour ne pas donner de nom, Nicolas Sadirac, l'ex-directeur général) nous recommande une assiduité de 50 heures par semaine. C'est beaucoup, non ? Rassurez-vous, cette recommandation n'est pas respectée par tout le monde.

En réalité, mis à part les élèves boursiers qui se doivent de respecter leurs 35 heures par semaine pour que le CROUS accepte de subvenir à leurs besoins, personne n'a d'obligation de venir à l'école.

Nous n'avons personne à prévenir si on est fatigués, malades ou juste peu motivés, on ne vient pas et on n'embête personne. Par ailleurs, nous n'avons pas de vacances scolaires. Chacun part en vacances quand il veut ; encore une fois, aucune restriction à ce niveau.

Il y a bien, cela dit, quelques deadlines à respecter pour ne pas se faire considérer comme un touriste (atteindre le niveau 5 avant une certaine date), mais les limites sont tellement larges que n'importe qui pourrait réussir, même en travaillant à rythme très lent ; cela demande juste un peu d'organisation et d'autonomie.

Les profils des étudiants

Il se doit de remarquer que beaucoup d'élèves à l'école 42 ont un profil assez atypique ; cela s'explique par l'internationalisation de l'école (on peut croiser des étudiants de toute nationalité) mais aussi par le fait que l'école 42 est souvent un choix pour tous les étudiants rencontrant des difficultés dans le cursus scolaire classique. L'école est donc souvent là pour rattraper les élèves s'étant aperçus que la fac, la prépa ou le BTS n'étaient pas pour eux.

Mais on rencontre aussi des élèves ayant des difficultés à s'intégrer socialement, des têtes comme l'on en voit rarement... Cette diversité est sans aucun doute très favorable à l'apprentissage.

Bien évidemment, on y retrouve quelques groupes de libristes et inévitablement, des amoureux des GAFAM qui comptent sur 42 pour les propulser dans le monde du travail et devenir un Ingénieur Google Certifié.

42 : l'école des femmes ?

Les difficultés d'intégration de la gente féminine dans le monde de l'informatique ne datent pas d'hier et ce, pour plusieurs raisons incluant souvent des hostilités de la part de l'écrasante majorité masculine dans cet environnement.

Hélas, l'école 42 n'a aucunement échappé à diverses formes de sexisme en son sein ; il s'agit d'ailleurs peut-être de sa facette la plus médiatisée.

Nous pouvons cependant nous réjouir de notre ratio de 15 % de femmes en 2018, un chiffre assez haut en comparaison avec les autres écoles d'informatique (4,6 % pour Epitech, 9 % pour Epita et 15 % pour l'ESIEA en 2015-2016, source).

Depuis Octobre 2018, l'école 42 porte à sa tête non pas un mais une nouvelle directrice, Sophie Viger. Placer une femme à la tête d'une école d'informatique est un message fort pour toutes et tous, d'autant plus que Sophie Viger est très motivée à faire changer les choses. De nombreuses démarches ont été mises en place pour essayer d'atteindre la parité dans l'établissement : l'une des plus notables est la réservation de 50 % des places de check-in (étape obligatoire lors de l'inscription consistant à venir visiter l'école) pour les femmes, d'établir des campagnes promotionelles auprès des femmes à Pôle Emploi ou encore, tout récemment, de privatiser certaines toilettes pour les femmes. Ces démarches commencent à porter leurs fruits : la dernière Piscine (Février 2019) comportait 26 % de femmes.

Bien sûr, auprès des étudiants, les rumeurs fusent : critères de sélection biaisés par le genre, hypothétiques Piscines (épreuve de sélection d'entrée) composées à 100% de femmes, etc. Toujours dans l'optique de combattre les clichés, l'équipe pédagogique n'est pas composée que de grands barbus mais également d'une bonne partie de femmes. Il existe également deux associations luttant contre les inégalités de genres à 42 : #include (anciennement [Code_Her]) et la toute récente 42 Ambassadrices.

Brume: Personnellement, je ne me suis jamais faite embêter à l'école. En tant qu'étudiante, je n'ai jamais eu de problèmes à ce sujet, ou même le moindre sentiment d'insécurité ; le staff contribue aussi à cela en restant à l'écoute au moindre problème. C'est peut-être un peu différent pendant les Piscines. Il y a beaucoup de gens qui jugent sur sur la légitimité de l'entrée des filles dans l'école : il est extrêmement fréquent d'entendre "Mais de toute façon, toi, tu es une fille, donc tu seras forcément prise". Bien qu'imaginer que les filles ont potentiellement plus de chances d'être prises puisse être positif pour leur confiance en elles, je doute du fait que cela soit une bonne chose : une fille qui rentre à l'école devrait être reconnue à sa juste valeur, pour le travail et les efforts qu'elle a fournis en Piscine qui sont, je pense, souvent ignorés "car de toute façon, elle allait forcément être prise".

Lors d'une interview, Sophie Viger présente aussi l'éventualité de séances de coaching pré-Piscine en faveur de la gente féminine.

Nous attendrons impatiemment de pouvoir constater en détail l'impact des actions de notre nouvelle directrice.

Et la CNIL dans tout ça ?

L'association 42 a été épinglée par la CNIL en Novembre 2018 pour des raisons dont la plupart étaient totalement justifiées ; inutile de dire que ça a fait le régal des médias.

En effet, un total de 60 caméras avaient été installées dans l'école lors de sa création, notamment dans les lieux de travail. Il n'y avait pas un lieu sans caméras dans l'école, hormis les toilettes (et encore, il y avait une caméra devant !) : une démarche assez inquiétante en perspective qui se justifiait par la "sécurité" des lieux.

En "contrepartie", la surveillance était "transparente" : les caméras étaient accessibles en local via une adresse web. Tous les élèves y avaient accès (il s'agissait d'une mesure intentionnelle) et tout le monde pouvait voir ce qui se passait dans l'école. Certains avaient même conçu des scripts pour estimer l'occupation des machines à café en regardant la caméra. Je vous laisse imaginer les possibilités avec les caméras devant les toilettes et un module de reconnaissance faciale...

En résumé, les élèves ont très vite perdu la notion de "vidéosurveillance". Pour eux, les caméras étaient devenues un gadget, un outil gracieusement mis à disposition par le staff pour les élèves pour s'amuser et éventuellement se protéger contre les vols. Le conditionnement (peut-être involontaire) des élèves tel qu'il a eu lieu peut soulever de nombreuses inquiétudes et des questions sur leur malléabilité.

Lors de la mise en demeure, le staff n'eut d'autre choix que de retirer les caméras des lieux de vie.

Notre mission

Les conditions d'assiduité à l'école 42 rendent la conciliation de notre parcours scolaire avec notre cursus possible.

Il ne faut pas oublier que le staff de l'école 42 est très ouvert à toute initiative ou implication des élèves dans la vie étudiante : c'est grâce à leur flexibilité que plus d'une dizaine d'associations étudiantes ont pu naître au sein de l'école et organisent régulièrement leurs activités : conférences d'intervenants extérieurs, buffets, ateliers...

Parce que le code fait loi, nous estimons que l'école 42 constitue un environnement stratégique important pour la promotion du logiciel libre. Nous devons faire en sorte que les développeurs de demain aient conscience des enjeux éthiques de leurs actions.

Pour cela, nous devons aussi faire face au lobbyisme d'entrepreneurs influents ou des GAFAM qui organisent aussi régulièrement leurs conférences à l'école dans le cadre, notamment, de leurs recrutements. Il est indispensable que nous réunissions un maximum d'acteurs du logiciel libre au sein de l'école pour réussir nos campagnes de communication.

~ N&B

Photo de l'extérieur de l'école : Copyright Association 42

Photo des clusters de l'école : Copyright Association 42

Schéma du dénommé "Holy Graph" : CC-BY Association 42l

BD étudiants de 42 : CC-BY Association 42l (dessin de Brume)

Photo de Sophie Viger : Copyright presse Madame Figaro

We have just set up our Nextcloud service for our members.

It is now possible to create an account on this instance from the member area.

More information about this service on this page.

What else?

The Repas du Libre

We organized a Repas du Libre at the 42 school for about 20 people. We prepared a vegan curry with the precious and indispensable help of our volunteers.

Thank you for this convivial moment, we'll certainly organize this again! :)

The General Assembly

We will hold a General Assembly on January 21st at 7:00pm at School 42 (or on January 6th, if we have enough people).

We invite you to attend if you have joined the association this year. However, you can still attend without having joined.

For people from outside the school, please contact us so that we can save a place for you.

The moral and financial report will be posted on our website with a summary of the General Assembly.

Our objectives

We still have a long way to go. Here is a part of our to-do list:

• We have conferences to organize for the next few months. Some of them are already ready and an article will come out soon to let you know about them.
• We have to completely rewrite our statutes for the upcoming General Assembly. The current statutes have been written too quickly and are hindering us in our work. We will write an article to summarize all these changes.
• We are completely reworking the look and feel of the website right now, trying to improve the user experience.
• We need to rewrite our technical report and make it much clearer.
• We need to clean up the website code and release it with the help of our volunteers.

Happy Holidays,

N&B

Some news about our latest activities.

Feedbacks on the Parinux Install Party at 42

We organized an Install Party at 42 on October 26th with Parinux.

Everything went wonderfully well even though the day was particularly busy (we were holding a booth at the same time).

We get positive feedback from many students, which motivates us a lot to repeat the event soon.

Our presence at meetings

We will travel a little bit to introduce ourselves to the librists, the public we need most to help us raise awareness to students.

Capitol of the Free Software

We will be present (Neil and Brume) at Capitole du Libre in Toulouse on 16 and 17 November to keep the booth of the association 42l and hold a conference ("A student CHATONS at school 42", on Sunday from 11h30 to 12h30, in french).

In this conference, we will introduce the environment in which our association operates, the challenges we face and what we plan to organize over the next year.

Ubuntu Party

We will hold a booth at the Ubuntu Party, exactly on the same dates as the Capitole du Libre. This is possible thanks to all the volunteers who help us to organize our activities within the association.

You will therefore meet on site several volunteers and actors of the 42l associative life, who will be able to talk to you about the issues we are defending.

Paris Open Source Summit

We will also have a booth among the Free Software associations at Paris Open Source Summit (booth A15, shared with our friends from Picasoft), on 10 and 11 December 2019.

This will be an excellent opportunity to meet and exchange with the other actors of the free software industry.

T-shirts !! Goodies !!

Since awareness and communication go hand in hand, we have decided to have some goodies made in the image of our association. This includes:

• 500 business cards double-sided;
• A promotional canvas (PVC, 1.80m x 1.00 m) with the logo and name of our association;
• 25 tee-shirts "logo" (digital printing) with the logo of our association on the heart, which we reserve for members for 10 euros ;
• 60 tee-shirts "constellation" (A3 silkscreen printing, one color) with a design entirely made by Brume under CC-BY license. We will sell these T-shirts on our stands, for everyone, for 15 euros, as well as on En Vente Libre for the same price.

We will soon put the design of these t-shirts online.

Important information about our infrastructure

We thought until then that we were hosted by Zayo France, which hosts Netrix, which hosts the Proxgroup association (to which we are customers).

Last month, we were asked about the jurisdiction applicable to our infrastructure. Indeed, since Zayo is an American company (and Zayo France is their subsidiary), it was a question of whether we were subject to the American jurisdiction through the Cloud Act and the Patriot Act, which would have endangered the privacy of our users.

We therefore carried out several research studies and in order to clarify the situation, we directly requested information from a member of the Proxgroup association. Here is his answer:

Without being able to confirm with certainty the information concerning the Cloud Act and Zayo France, we can at least deduce this:

We are tenants at Proxgroup association (FR), Proxgroup is a tenant at Netrix SAS (FR) and Netrix is a tenant at Hexatom (FR) which owns the datacenters.

The jurisdiction of our infrastructure is therefore French from start to finish, which removes our doubts about this detail to which we should have paid more attention.

Important information about our DoH Proxy

We are facing increasing natural traffic on our DoH proxy. As this traffic has become increasingly important, we have had to increase our ability to respond to the DoH requests we receive.

To do this, we decided to use other DNS resolvers along with those of FDN based on other members of the FDN Federation.

We now use 6 different resolvers, from French Data Network, Aquilenet, Alsace Réseau Neutre and Lorraine Data Network. All these resolvers are maintained by associative Internet service providers who work for the neutrality of the Internet.

This not only allows us to distribute traffic according to the load, but also to further blur the tracks: the personal data contained in the processed DNS requests is decentralized between resolvers.

Finally, we have increased the minimum TTL to one hour in order to maximize the efficiency of the cache, to the detriment of its updating. We won't go up for more than an hour. If you want to test / experiment on your DNS and use our proxy, remember to temporarily disable it so as not to distort your results.

So, thank you for your support and see you soon!

~ N&B

English translation by Fabien.

What happened behind the scenes

Is 42l becoming a dormant association?

We wouldn't say so; in fact, even if the number of activities has significantly decreased in the last two years (since March 2020), we have still organized a few activities since Guillaume Rozier's talk last May, which you can follow on our agenda:

• on June 11, July 9 and September 17, we had a booth at 42, on the occasion of the entrance tests (the "Piscines" of 42);
• on June 23, we participated in the presentation conference of the associations of 42.
• On September 3, the Administration Council of the association met to discuss many questions concerning the activities of the association, as well as its future. You can find the minutes of this meeting here.
• On September 24, we came to the Camp CHATONS in La Fabrègue, a three-day trip during which we worked on the governance of the CHATONS, the hosting collective of which we are a part.
• We continued our search for hosting solutions for a more robust server; beyond a simple search on the Internet, it was a matter of applying to calls for projects and contacting structures.

In 2019, when we were still organizing two conferences and one workshop per month, Neil, who was the system administrator, developer and secretary for the association, was spending more than 60 hours per week on associative activities, over several consecutive weeks or even months; this was done in parallel with the educational program of 42, whose flexibility allowed this organization of time.

Finally, reducing the frequency of events also allows our small team to breathe a little, and to find a healthy rhythm of life.

Our activities outside 42l

As students, 42 represents for us a place of passage: this is how half of the board of the association left 42 these last two years, to go on with their studies or a job.

Brume has focused on her pedagogical course at 42, determined to continue her training.

Claire, who is now part of our Administration Council and who entirely organized our last conference, was not able to propose other events because the summer period is dedicated to the entrance exams of 42 (the "Piscines"), during which time the school does not allow us to organize events.

Finally, Neil has just finished a six month internship which did not allow him to give much time to 42l, and now wishes to leave 42 to continue towards other horizons, while envisaging however to come back punctually to co-organize 42l's event activities.

Apart from the members of the Administration Council, whom we regularly solicit for decisions concerning the direction of the association, we do not have any other volunteer member today.

What future for 42l ?

After this difficult observation, what kind of future can we expect for our small student association?

Some discussions during the last Administration Council meeting allowed us to prepare our strategy.

Solution 1 : Recruitment, then recovery

The next intake of 42 will take place on November 20, 2021.

We will seize this opportunity to organize a new conference to present the association, and to start a "recruitment campaign" which will perhaps allow us to find people who will want to help us, in particular on the event plan.

If this solution works, the association could be partially or entirely entrusted to the new student "class" and thus continue its activities.

Solution 2: Take 42l out of 42

The first solution being rather idealistic, and because it is difficult to "let go of the baby", we also consider to detach 42l completely from 42 (thus, to rename the association), to keep the same people in the board and to be oriented towards a much wider public than that of 42.

In order to stay in line with our ideas and objectives, and thus continue to raise awareness in environments where the need is greater, we would keep a 42l "antenna" at 42, which would be administered by students of the new promotion, but which would not have to deal with the administration or the maintenance of the services: only with events.

The association, once outside of 42, could continue its outreach activities in other places (media libraries, colleges, universities, ...) depending on opportunities.

For the moment, the Administration Council is unanimously opposed to the idea of dissolving the association, because we still have the energy and the will to ensure a minimal service and to organize punctual activities.

If you wish to try the adventure with us, to give us a little of your time, do not hesitate to contact us.

Our priorities

Despite these difficult times, we will do our best to maintain this level of service, no matter what:

• We will guarantee as much availability of our services as possible. After all, we are our first users, especially when it comes to our Mail and Git services.
• We will keep our software up to date. This is not a detail we intend to neglect; we look for updates for all the software we use at least once a week, and deploy them as soon as they seem stable.
• We will continue to moderate the Links service, which requires 1-2 hours of Neil's time per week, pending modifications to the software to improve its resistance to spam.
• In the event that the reins of the association are handed over to other people, we will make sure that a sufficient level of skills is passed on to them so that they can continue our associative activities as they should.
• We will still hold our annual General Assembly, with the drafting of a financial report and a moral report.

What could be delayed

If we can't devote enough time of our student lives to 42l, all our "creative" works could be delayed again:

• The rewrite of our web platform, which will allow for unified authentication across our member services;
• The rewriting of our technical report that we would like to transform into a real documentation;
• The translation of all our website pages into English and the updating of the website texts;
• Adding new features to the software we have developed ourselves;
• The organization of events, whose frequency could fluctuate according to our availability.

What else ?

Migration from Proxgroup to PulseHeberg

Our host, the association Proxgroup, has closed its doors.

Fortunately, they prepared and organized a transparent migration of their servers to PulseHeberg, a French SAS.

This migration did not result in any service interruption.

We thank Proxgroup for offering us a VPS for a whole year, allowing us to start our hosting activity with peace of mind, and we wish them a good continuation.

Camp CHATONS

From the 24th to the 26th of September, we spent a pleasant stay at the CHATONS camp, with about 50 free actors, members of the collective or fellow travelers.

This cultural trip allowed us to recharge our batteries, to regain motivation and to meet people we haven't seen for a long time, because of the health situation.

We hope to participate again in these events when the opportunity arises :)

Donation from Junior 42 Paris

We have received a generous donation of 495 euros from the Junior entreprise de 42 Paris, a student association led by our comrades from 42, one of the first "moral person" members of 42l. Thank you for your support and your interest in our activities!

It's our turn to give!

We would like to end this article on a positive note: after some discussions at the Administration Council meeting on September 3, 2021, following a proposal made at the January General Assembly, we are going to set aside a part of our budget to contribute financially to other structures or people that we wish to support.

We have set ourselves an amount of 15% to 20% of our annual surplus from the previous year's accounting period, i.e. between 125 and 167 euros this year (for a surplus of 839 euros in 2020). We would like to maintain this initiative in the long term.

This amount is only indicative for us, we will not oblige ourselves to respect it: we allow ourselves to give nothing some years, or to give a little more other years, according to our needs and desires.

These structures or persons will be sought, identified and selected by the Board of Directors, which will proceed to an internal vote. The selection criteria will be at the discretion of the Board.

We will publicly disclose the names of the organizations or individuals and the amount of the donations in our financial and moral reports.

If you feel you need financial help, you can contact us via our contact address on the dedicated page but as mentioned above, remember that we will keep the freedom to support whoever we want, and that we are not Santa Claus either: you just have to look at our financial reports to understand that you would rather apply to calls for projects than to us.

We wish you a very good day, and see you soon :)

N&B

It has been a few months since we became aware of the amount of spam we were receiving on our link shortener, Lstu.

The service opened on 23 May 2019 and remained under the radar for a while.... Until the end of July, when malicious activity began to develop. Links created by bots, redirecting to scamming sites, illegal or pornographic content, have started to invade our database.

Lstu didn't have a captcha, so we were in a lot of trouble; we didn't have a solution to this problem.

We had configured fail2ban to ban an IP after a certain number of links created per day. It was effective, but far from being enough: IPs were numerous.

We started cleaning up on 10 September, where we counted 11 767 URLs, 99.5% of which were created by spammers.

Four days later, we found that 1000 additional malicious links had been created since the last cleanup.

We had no choice but to put the instance in "read-only" mode (block the creation of new links) and think quickly about a solution.

Unsuspected consequences

When we first identified the first traces of suspicious activity, we thought it was okay, that users can do whatever they want with their links, that we need to keep the tool neutral about their activity.

But we have gradually thought about the consequences: given the type of links created, there is no doubt that they have been used for spam purposes, especially by email.

We know that major email providers reads the content of emails to determine whether it is spam or not. If spammers sends emails containing a link to our shortener (s.42l.fr), it will probably affect the reputation of our domain name and IP, which would cause major problems for our email service.

As a precaution, we have checked whether our IP/domain name has been included in known blacklists, but this does not seem to be the case.

Other problems

In addition, Lstu was taking a lot of RAM (between 150 and 220 MB, even at rest), which was not acceptable for a service that is supposed to be minimalist.

We have already reported the problem to Framasky (his developer) but according to him, it could be a leak in the Mojolicious framework, used in its design. Let's not forget that Lstu is written in Perl.

And since we can't read Perl, we couldn't modify the service to suit our needs.

Solution?

We searched among the existing solutions, but nothing suited our needs (no captcha, not enough customization, most of the projects were in PHP, in short, nothing very attractive...:D).

We have therefore developed a software in Rust with the same goal, but very light in functionalities (it was written in one week!)

We use the Rocket web framework. The service runs in 1000 lines of code, with, no JS, no CSS framework, no tracking, only the bare minimum.

Its consumption is ridiculous (between 8 and 12 MB of RAM).

It includes a captcha that should deter a good part of the spammers for a while.

Finally, it is of course open for contribution under the Mozilla Public License 2.0, the source code is available here.

See you soon,

~ N&B

English translation by Fabien.

banner

We had a 42l banner made. It is 2m wide and 80cm high.

(Green outlines are the printing lines)

It is available in the png format. Contact us if you need the PDF format (unavailable here for disk space reasons).

Business cards

Along with the banner, we had 500 business cards printed (these ones are almost all already gone in less than two months!)

(The green outlines correspond to the printing lines)

It is available in the following formats: png (front), png (back),pdf.

Poster

We also printed an explanatory poster. It briefly summarizes the association's actions.

You can find it here, in pdf format.

Last but not least, the t-shirts!

First, a t-shirt with the association's logo, on the heart, was designed. We keep it for association members only, so that it can be worn at booths and other events.

However, we wanted a t-shirt that was suitable for everyone. Not only to people who know and want to represent 42l. Not only to librists either! Here is the design of the t-shirt (silkscreen printed on black t-shirt, A3 portrait):

You can see a starry sky, but not only! This design gathers the logos of several French libre software associations that we value. Of course, we could not include all the existing associations on it, so don't be offended if your association is not there.

So you can see:

• 42l, top left;
• Pas Sage en Seine, top right;
• La Quadrature du Net, below 42l;
• Parinux, to the right of "La Quadrature du Net";
• CHATONS, bottom left above the trees;
• Picasoft, in the lower middle;
• Exodus Privacy, to the right of Picasoft;
• Framasoft, bottom right.

This drawing was made by Brume (as well as the other resources presented here). Like all the other resources, you are free to use it as you see fit.

Here is the image in several formats:

• png, before treatment;
• png, in two-color mode;
• png, without black background;
• svg, without black background;
• Krita drawing file (unavailable for disk space reasons, contact us if you need it).

This t-shirt will be available on En Vente Libre soon.

All right, that's it for now!

Thank you for your reading and see you soon :)

~ Brume

Here we are, November 2020, it's back to school at 42.

While the GAFAM and the French banks multiply their events at school, we are preparing for a new awareness campaign for this new year, doing our best to adapt to the current health situation.

Contribution of Code Lutin

We received a financial contribution of 600 euros from Code Lutin, which we thank from the bottom of our hearts!

Code Lutin is a company of developers that organizes every year a sponsorship to support free software. We submitted our application for their 2020 sponsorship at the beginning of the year, in order to finance our activities.

This contribution will allow us to continue serenely our awareness-raising campaign, through videoconference.

Remote activities

We thank you for so many of you for sharing and responding to our call ! We were looking for a structure that could host a BigBlueButton instance for our activities, as our current server cannot support this load.

After a board meeting, we initially decided to go to IndieHosters, who were kind enough to give us some time and a videoconference meeting.

The software to be used for a conference was discussed: Jitsi or BigBlueButton. We had a preference for BigBlueButton, which we think is more suitable for one-way broadcasting, while our hosts prefer Jitsi, which is technically more robust and sophisticated.

Study of our usage

We have also thought about our uses: if we organize a maximum of three activities per month, the instance of the videoconferencing software will only need to remain in operation for a few hours per month. So we finally opted for a solution more suited to this use: a Bare Metal instance at Scaleway, which is priced by the hour.

Here are the characteristics of this Bare Metal server:

• Offer name : GP-BM1-S
• CPU: 1x Intel Xeon E3 1240v6, 4 cores 8 threads - 3.7 GHz
• RAM: 32 GB
• Internal Memory: 2x250 GB SSD
• Bandwidth: 500 Mbit/s
• Price: 0.159e HT / hour

For 10 hours of videoconferencing per month, if we calculate at this rate, we would not exceed 2 euros per month for high-end equipment.

However, we are obliged to remove the Bare Metal instance at the end of each conference, and therefore have to reinstall BigBlueButton every time we use it, which takes an hour.

This is a compromise that suits us. We have to install the instance ourselves, but fortunately Scaleway provides a ready-made image for installing BigBlueButton with one click.

Technical notes

Here are the only technical manipulations we have to perform:

• Execute this command on the server once the instance is ready: apt -y install htop vim tmux && apt -y purge bbb-demo && apt -y autoremove && bbb-conf --restart && docker exec greenlight-v2 bundle exec rake admin:create["name", "emailaddress", "password", "name"], which executes these tasks:
  • Installation of essential packages for "just in case" administration
  • Removing the demo instance and cleaning up unused packages
  • Restarting the BigBlueButton instance
  • Create an administrator account (replace the values in brackets).
• With the administrator account created, navigate through the Greenlight administration interface to disable registrations and create the room.
• On our production server, in the settings of our Nginx reverse-proxy, redirect the address bbb.42l.fr to the address of the room. The BBB instance is automatically configured to use a sub-domain belonging to Scaleway.

Going forward to a new activity format?

A priori, except that our activities will take place remotely, we will keep the same format. Conferences will still last one to two hours and will be available on our PeerTube channel hosted at TeDomum, a few days after each event.

Most of our activities will be accessible to outsiders: just as it was possible for outsiders to travel to 42 in person to attend the conferences, we will let our speakers decide whether or not outsiders can attend the videoconference.

Upcoming Events

For the moment, we say nothing, but we will publish an article about it very soon!

We will also have to hold a conference to present the association to the new class. This conference will probably be restricted to students.

Note about the second 42l server

We have been talking about it for several months now, about this famous new server that would host our future services. It is right there, under our desk, just waiting to be connected to the network in a rack.

But alas, our future host is a student association in a university (guess who are they!?). As you know, because of the health crisis and government measures, universities have been closed since the end of October. We don't know when they will be able to open again, but this prevents us from making this project a reality.

So for the moment, we will have to continue with this VPS as the only server. But don't worry, we're not in a hurry: we don't need to add services right now.

Thanks for reading, see you soon!

N&B

Bonjour,

Conformément à nos mentions légales, nous ne stockons pas les données de nos visiteurs pendant plus de 6 mois et nous nous autorisons à les consulter uniquement à des fins statistiques ou de maintenance technique.

Le site ayant été mis en ligne vers fin janvier (deux mois avant son ouverture officielle), nous estimons qu'il s'agit donc du moment idéal pour générer quelques statistiques sur notre plateforme.

Nous utilisons le logiciel libre GoAccess pour analyser les journaux hors-ligne après les avoir téléchargés depuis le serveur.

Site web

Nous commencerons par les statistiques sur notre site principal (42l.fr) ; nos journaux sont séparés par services.

Depuis la mise en ligne du site le 28 janvier 2019 jusqu'au 12 juin 2019, nous avons reçu 123 309 requêtes envoyés par 14 597 visiteurs uniques.

Cela représente 3.44 Go de bande passante et 21.78 Mo de logs.

Voici un graphique représentant le nombre de visites (bleu) avec le nombre de visiteurs uniques (rouge). Notez que les deux courbes ne sont pas à la même échelle.

Nombre de visiteurs

Du 28 janvier au 6 mars, le site étant en construction, l'activité est principalement due à des robots.

Voilà à quoi correspondent chacun des pics d'activité sur ce graphique :

• 7 mars : Publication de l'annonce de l'ouverture de notre site web sur Mastodon !
• 10 mai : Ouverture des adhésions et du service mail
• 11 mai : Mise en place du proxy DoH
• 16 mai : Mise en place du raccourcisseur de liens
• 23 mai : Article sur la mise en place des deux services ci-dessus
• 25 mai : On tient un premier stand à l'école 42 !
• 8 juin : Mise en place du service Schémas

Il est très encourageant de remarquer une augmentation progressive de la courbe rouge (visiteurs uniques) sur le long terme.

Navigateurs utilisés

Voici cette fois un graphique en barres présentant les navigateurs utilisés pour parcourir notre site web :

Ces données sont intriguantes : les utilisateurs de Chrome (versions 58, 38 et 47) sont les plus nombreux, mais ceux de Firefox (versions 66.0, 45.0 et 68.0) visitent beaucoup plus de pages (12 % de plus).

Cela voudrait dire que les utilisateurs de Firefox sont plus intéressés par le contenu sur notre site web que ceux de Chrome ?

Systèmes d'exploitation utilisés

Le système d'exploitation le plus utilisé reste Windows (versions 7, 10 et... XP ?!!?!) suivi par GNU/Linux.

Nous avons quand même un public particulièrement Linuxien, il semblerait... :)

Codes HTTP

Nous renvoyons principalement (51 % des visites) des redirections (301), notamment pour rediriger les utilisateurs de 42l.fr à 42l.fr/Accueil, par exemple.

À part ça, 6 % des visites aboutissent sur un code 4xx (erreur client), dont une majorité (3 %) de codes 400, indiquant que le client a mal formé sa requête. Il s'agit de requêtes bizarrement formées par des bots qui cherchent des vulnérabilités sur notre infrastructure.

Enfin, sur ces 6 mois, nous relèverons 0.43 % de codes 5xx (erreur serveur), dont une majorité (0.36%) de codes 503 dûes à un trop grand nombre de requêtes envoyées par un seul client : il s'agit d'une mesure de protection.

Donc on peut dire que ça tourne bien pour le moment :)

Service DoH

Enfin, il nous semblait pertinent de publier des statistiques sur l'un de nos services libres les mieux accueillis : notre proxy DNS-over-HTTPS, que nous appelons "Service DoH".

Ce service permet de transmettre toutes les requêtes DNS de nos utilisateurs vers les résolveurs DNS de FDN, un fournisseur d'accès à Internet associatif neutre.

Donc, pour chaque requête DNS de chaque utilisateur, nous recevons une requête HTTP... Et avec ces fichus sysadmins qui se disent que c'est une bonne idée de définir le TTL de leur enregistrement DNS à 0, les requêtes ne sont pas cachées dans le navigateur de nos utilisateurs... Ce qui génère beaucoup de trafic inutile.

Nous n'enregistrons pas le contenu des requêtes, mais les métadonnées de ces requêtes (principalement le User-Agent) peuvent révéler quelques informations.

En retirant les crawlers, instances Mastodon et autres bots de nos logs, nous avons un total de 1 060 955 requêtes du 11 mai 2019 au 12 juin 2019 par seulement 530 visiteurs uniques, ce qui a généré 169.37 Mo de logs et seulement 130.16 Mo de bande passante (le contenu des requêtes est toujours très léger).

Parmi ces 530 visiteurs uniques, nous avons environ 20 utilisateurs constants pour le moment.

Il est intéressant de remarquer que la quasi-totalité de ces 530 utilisateurs utilisent Firefox. C'est normal : Chrome ne propose pas la fonctionnalité DoH ;)

Enfin, nous répondons un code d'erreur 503 pour 0.17 % des requêtes que nous recevons, essentiellement lorsqu'un visiteur envoie beaucoup trop de requêtes à la seconde, ce qui arrive assez rarement.

Pour respecter la vie privée de nos utilisateurs, nous ne publierons pas plus de statistiques sur ce service.

Remarques

Il est facile de faire fausse route en étudiant les journaux : un serveur web est sollicité en permanence par de nombreux bots à partir du moment où il est connecté à Internet.

Les instances Mastodon ne facilitent vraiment pas l'analyse : lorsqu'un toot est posté avec une adresse vers notre site web, des centaines d'instances nous envoient une requête chacune. C'est un peu comme une attaque par déni de service distribuée... Donc ça fausse nos statistiques et il faut le prendre en compte lors de notre évaluation.

La publication régulière de statistiques s'ancre dans une démarche de transparence et fait aussi partie des critères demandés dans la charte CHATONS.

~ N&B

A new conference is taking place at the 42 school !

Conference: Software development ethics and cooperatives

The 42l association invites you to meet the members of the cooperative Codeurs en Liberté during a one-hour conference in the Holodeck room.

Description of the conference below:

A widely shared analysis in the world of software, and even more so in the world of free software, is that it is difficult to find a job with both satisfying working conditions and meaningful projects.

We do not want to work for banks, the manufacture of weapons, nor contribute to the insecurity of some workers. We want to make free software, open data and contribute to the commons.

We do not want to be surbordinates to a hierarchy for which capital value maximisation is a purpose. We demand to control our working time and to be able to say "no", for the good of society as well as our health.

For many people, the answer lies in becoming self-employed in order to freely choose our projects and our way of working. However this has other drawbacks: lack of social security coverage (no permanent contracts), and sometimes a very lonely job.

At Codeurs en liberté, we have started a cooperative up by twisting the legal frameworks to enable us to be self-employed, within a collective. Therefore we are several self-employed workers, we share the administrative tasks, and we attempt to go further than that by supporting projects that we consider important.

We offer to explain the why and how in a presentation.

The conference will be held in French on Thursday 27 February at 2.00pm for one hour.

Find the recording of the talk on our PeerTube channel.

Attend the conference as a non 42 student

Not a 42 student ? No worries, you can still attend the conference. Please follow these instructions:

• you must notify us of your attendance (via Mastodon or mail);
• you must subscribe or unsubscribe at least 12 hours prior to the conference beginning;
• you must be in front of 42 at least 15 minutes prior to the event start.

A maximum of 10 external visitors can join us.

All are most than welcome !

Mina

Important: Due to an unexpected event, the conference must be shifted by one day. It will take place Thursday, May 6th at 7 p.m.

Hello everyone.

For almost a year, the CovidTracker website has become the reference in monitoring the progression of the pandemic. From open data accessible to all, Guillaume Rozier, a young data-scientist, and his team of volunteers, have been tracking the figures of the epidemic every day through curves and graphs. The platform, which was intended to be confidential, has become a primary source of information not only for the general public, but also for institutions, be they ministries or hospitals. And in less than a year, it has become a real public utility tool, taking precedence over official communication.

Guillaume Rozier is a data scientist, specialized in bio-medical. As early as March 2020, when no one was really aware of the extent of this mysterious "Chinese virus", the Télécom Nancy student looked at the figures of the pandemic, made available online by the American university Johns-Hopkins, and started to tweak some graphs for his relatives. A few tweets and weeks of lockdown later, the CovidTracker platform was born. In January 2021, when the French Health minister Olivier Véran reached him to propose that his ministry transmit to him - as a privilege - the figures of vaccination, Guillaume Rozier was opposed: the data must be accessible to all, not to a few people. A "fight for open data", as he puts it.

Guillaume Rozier will discuss the use of open data as a public good in times of pandemic, its strengths and limitations, and will comment on the technical aspects of CovidTracker.

The conference will take place on Thursday, May 6th at 7:00 pm on bbb.42l.fr.

You can join the conference even if you are not a student at 42 by going to the above address at the date and time indicated.

This conference can be watched on our PeerTube channel.

See you soon,

Claire

This is our first conference of the school year.

Reserved to an elite for a long time, the digital issue is increasingly central to public debate. Edward Snowden, Cambridge Analytica, surveillance capitalism, high tech vs. low tech, social network addiction, 5G... It is no longer a question of knowing how to code, but it is now becoming essential to think the technology.

Maxime Guedj is an author, engineer and entrepreneur. In 2009, he created the Facebook page Je Ne Peux Pas Vivre Sans Musique (I Can't Live Without Music) which gathers 1.7 million fans, then the music dating site TecoutesQuoi and the artistic collective MailTape. He became product manager at Deezer in 2015 and then director of digital strategy for Ebdo magazine in 2018. In February 2020, he published the book Déclic (Les Arènes) which questions the limits of the dominant startup model and explores other ways to (re)build an internet that respects the freedom of citizens. In April, he joins the IndieHosters collective, founding member of CHATONS, and actively contributes to the launch of Liiibre.

Maxime Guedj will tell us about his atypical career and what led him to develop a critical thinking towards the startup model. He will tell us about his meeting with groups working to develop digital communities and will share his thoughts for a future where digital technology becomes a tool to serve citizens.

The conference will take place on Monday 30 November at 3:00 pm on bbb.42l.fr.

You can join the conference even if you are not a 42 student by clicking the above link at the indicated date and time.

At the request of our speaker, this conference will not be uploaded on PeerTube.

See you soon,

N&B

Here are two events to get the year off to a good start.

The association 42l invites you to discover the Exodus Privacy association through a conference and a workshop held by two of its members.

Exodus Privacy is a 1901 law association run by hacktivists.

They're developing a platform (named εxodus) to analyze the respect of privacy by Android applications. This platform provides the public with reports listing, among others, trackers embedded in Android applications.

During this conference, Exodus will present its tools as well as the issues for our privacy that the trackers that have invaded our smartphones represent.

This conference will be hosted by:

• MeTaL_PoU, president of Exodus Privacy and creator of educational content
• pnu_, in charge of the development of εxodus.

The conference will take place on Saturday, January 18th at 14 p.m. and will last one hour.

Find the recording of the talk on our PeerTube channel or Studios 42's YouTube channel.

Slides available here

Attending the conference as an outsider

Aren't you a student at the school? That's no problem, you can still attend. That said, please follow these instructions:

• You must notify us of your presence (via Mastodon or by email for the moment);
• You must give at least 12 hours notice ;
• You must be present in front of the school at least 15 minutes before the start of the event.

We can welcome a maximum of 10 external people.

Workshop: What's hidden in your phone

Is your mobile phone intrusive?

Following its conference, the Exodus team will present the PiRogue, a device based on Kali Linux that facilitates the interception and analysis of network traffic, in order to better understand how Android applications collect and share your personal data.

It will also be an opportunity to discover practices and tools that can improve the protection of your privacy.

Come with your phone to take part in the experience!

For space reasons, the workshop is restricted to 42 school students and will be held January 18th from 3:30 to 4:30 p.m. (Valhalla)

Summary of the workshop

Some notes taken during the workshop by Brume, below :

After a quick round table discussion where students are asked to share their favourite applications, Exodus team introduces us the PiRogue. This is a free/libre tool that emits an open wifi network and intercepts all DNS queries made on this network.

Students connect to the wifi network through their mobile phone and we watch everyone's DNS queries on a screen. There are a lot of queries to Google or Facebook. For the rest of the workshop, we use a test phone with Deliveroo as the only application installed. We perform a dynamic analysis of Deliveroo live.

Thanks to PiRogue, we can intercept all GET and POST requests, deciphered. We can thus see that the screen resolution, the ad ID, the phone brand, the SIM card brand, the Android ID as well as the IP are sent to Facebook as soon as the application is launched.

The workshop ends with a few questions from the students.

See you soon,

N&B

We shared with you in our October article that we have set ourselves the goal of contributing financially to other structures or people we wish to support, each year.

As a reminder, we had set ourselves an amount of 15% to 20% of our annual surplus from the previous year's accounting period, which for this year is an amount between 125€ and 167€.

At the end of this year, after collection and analysis of the structures and people we would like to support, we have chosen to give 140€ divided as follows:

• 70€ for the association Kidideux which ensures the development of the associative software Garradin that we use at 42l to support us in our accounting
• 70€ for the association (and CHATONS) TeDomum which hosts a PeerTube instance on which we publish the videos of the conferences we organize

Thanks to these 2 associations for the services and tools they provide to the community!

And thank you to all the other associations/stuctures and people, close or less close, who participate to make this world better!

We wish a very nice end of year to all of you,

axpio for 42l

Suite à notre rencontre avec Philippe Borrel aux JDLL 2019, nous l'avons invité à l'école 42 pour diffuser la version longue de son dernier film-documentaire "La bataille du Libre".

Le film de 87 minutes a été diffusé dans l'amphithéâtre de l'école et s'est suivi d'un débat avec Philippe Borrel.

Synopsis

Désormais, l'informatique est au coeur de presque toutes les activités humaines. A-t-elle constribué à rendre les être plus autonomes ? Ou a-t-elle rendu les consommateurs passifs d'un marché devenu total ?

Sans que nous en ayons conscience, deux logiques s'affrontent aujourd'hui au coeur de la technologie, depuis que les principes émancipateurs du logiciel libre sont venus s'attaquer dans les années 80 à ceux exclusifs et "privateurs" du droit de la propriété intellectuelle.

Il semblait parfaitement impossible il y a 20 ans que des acteurs non-industriels ou non-étatiques puissent parvenir à produire collectivement un système d'exploitation informatique ou une encyclopédie.

Trailer (sur PeerTube)

Si vous en avez l'occasion, nous vous invitons vivement (si ce n'est pas déjà fait) à regarder ce film qui décrit si bien les causes que nous défendons au sein de l'association.

La diffusion s'est tenue en deux temps :

• 17h00 à 18h30 : Diffusion du film-documentaire “La Bataille du Libre”
• 18h30 à 19h00 : Débat/FAQ avec le réalisateur du film, Philippe Borrel

Pour les élèves de l'école 42, il est possible de s'inscrire à cet évènement sur l'intranet.

~ N&B

We have been working on improving and securing our new services.

An RSS feed!

It took us some time, but here it is: a fully operational RSS feed that will allow you to find all our articles in the aggregator of your choice.

How about Atom? A survey was conducted. We may work on the implementation of an Atom feed one day, though.

The feed is available in English or French.

Improvements on Gitea

Following the request of some members, everyone will now be able to create an account on our Gitea instance without having to subscribe to the association. Though, the right to create a repository will be exclusive to our members. We also defined the dark theme as default after a little survey; theme that we modified to adapt it to our graphic charter.

This modification will allow visitors to contribute to your repository by creating tickets or pull requests.

Changes to the Nitter service

We encountered some technical issues on Nitter due to software bugs. Those bugs persisted for a full week and caused service interruptions. They should be resolved by now.

We remind you that this service is still under development, so please excuse us for the potential bugs you may encounter.

Past events

At each back-to-school event, there is a small associative village at 42 where each student association sets up a booth to present their activities to the students of the new class.

The 42l association was one of these associations. We met and discussed with many new students, including some who are unfamiliar with free software but who were rather interested in the subject.

Fabien, a very active member of the association, presented our services and activities with great enthusiasm to a few curious people: from the mail service to the DoH proxy and the CHATONS, everything was presented before their amazed eyes.

We enjoyed holding this booth and we are still motivated to hold the next ones.

Upcoming events

We will again hold a booth at the beginning of October for the new school year at 42, during the associations introduction conference.

We will soon invite Parinux to an install party at school 42.

In November, the contributors of the Free/Libre Currency Ğ1 will present a two-hour conference for students, followed by an hour and a half debate.

Around the end of November, Carl Chenet (founder of LinuxJobs and the Journal du Hacker) will also hold a one-hour conference on employability in the field of free software, followed by a one-hour debate on the same subject.

We will also be traveling for some Free Software meetings to come.

We will soon publish several articles describing each of these activities.

New members

The association now includes new people who are motivated to organize the association's activities on a voluntary basis, including Benjamin, Fabien and Doc'.

Volunteers help to run the stands, supervise future debates, carry out some of the association's administrative tasks, build more links with students, maintain/develop services or write and translate articles, such as this one.

We thank them warmly for their contribution!

See you soon,

~ N&B

English translation by Fabien.

Bonjour,

Notre offre d'hébergement chez OVH prendra fin le 25 juillet 2019.

Faute de travailler sur tous les plans en même temps, nous n'avons pas pu traiter cette problématique jusqu'à présent. Comme nous l'avions annoncé dans nos premiers messages, nous recherchons activement un hébergeur plus petit et portant les valeurs éthiques que nous défendons.

Nous publions donc cette annonce dans l'espoir qu'une structure manifeste son intérêt et sa bienveillance pour accueillir gracieusement un petit CHATONS à la recherche d'un foyer.

Situation actuelle

Pour rappel, actuellement, nous profitons de l'offre VPS SSD 1 à 3.59 euros TTC par mois avec les caractéristiques suivantes :

• 20 Go de stockage SSD ;
• 2 Go de RAM ;
• 1 cœur virtuel à partir de 2 GHz.

Toute notre infrastructure (le système d'exploitation avec les paquets + les quatre services et leurs données) pèse 3.8 Go sur les 20 Go disponibles avec en moyenne 1 Go de RAM utilisée et 10 % du CPU constants. En bref, on a de quoi faire tenir 2-3 services légers supplémentaires mais pas plus.

(Soyons clairs : sans Docker, économiser autant d'espace disque et de CPU / RAM n'aurait pas été possible. Mais le débat n'est pas là 😁)

Soyons ambitieux ?

Nous recherchons donc une offre similaire qui nous permettrait d'offrir des services un peu plus gourmands en stockage, par exemple :

• Une suite Office collaborative en ligne (et pas celle de Micro$oft ou G00gle !)
• Un service de dépôt de fichiers type Lufi (Framadrop) ou Firefox Send (?)
• Une instance Mastodon (?)
• Du stockage / git pour nos adhérents (?)
• De la place pour échanger des backups chiffrés avec d'autres CHATONS.

Il ne s'agit là que d'idées et ne nous engageons pas à les concrétiser, mais voilà le genre d'applications que nous pourrions installer si nous avions un peu plus de place.

Un peu plus de RAM ne serait pas de refus, nos 2 Go nous limitent un peu.

Notre budget

C'est là où ça coince : nous ne sommes pas prêts de dépenser plus que ce que nous payons actuellement pour notre VPS. Nous sommes trop petits et n'avons pas les moyens, car nos activités ne se limitent pas à l'hébergement de services (voir la liste de nos activités qui nous coûtent).

Nous sommes cependant prêts à contribuer financièrement à l'achat ponctuel de matériel si nécessaire, dans la mesure du raisonnable.

Mais concrètement, financièrement, ça va ?

Pas trop, non ! Nos dépenses sont supérieures à nos revenus.

Dans la mesure où cela ne semble pas trop préoccupant puisque nous venons tout juste de commencer, nous ne pouvons quand même pas nous permettre de dépenser beaucoup et nous incitons toujours les personnes extérieures à l'école 42, qui ne se sentent pas concernées par nos activités, à contribuer financièrement avec un don ou une adhésion.

Merci à nos 12 adhérents et notre donateur qui nous permettent, malgré leur petit nombre, d'exister et d'amortir le trou que creuse l'association dans notre petit budget d'étudiants.

Nous aimerions publier un rapport financier annuel de l'association (Garradin va être bien pratique pour cet usage !) ; cela sera envisageable à l'occasion de la prochaine assemblée générale annuelle qui devrait se tenir autour de Janvier 2020.

Je connais / je représente une structure prête à vous héberger.

Super cool ! Merci de nous contacter via notre page de contact ou Mastodon afin que nous en discutions ensemble.

En quoi ça me concerne, votre histoire d'hébergement ?

Si vous êtes un utilisateur de nos services, attendez-vous à une maintenance planifiée et annoncée d'une durée de 8 à 48 heures (c'est toujours assez imprévisible, mais les volumes et images de Docker devraient nous faciliter la tâche).

Si vous êtes utilisateur de notre service mail, il n'est pas impossible que nous nous fassions blacklist suite à un changement d'IP durant la maintenance. Si cela arrive, nous ferons de notre possible pour nous sortir des blacklists dans les plus brefs délais (il a l'air marrant, ce jeu-là !).

Et si vous ne trouvez pas d'hébergeur dans l'immédiat ?

Pas de souci, nous avons tout notre temps. Si nous n'avons pas de pistes d'ici deux semaines, nous renouvellerons notre abonnement chez OVH pour 3 mois de plus et continuerons nos recherches.

Merci de votre soutien,

~ N&B

Hello,

We are pleased to inform you today that the 42l association is now recognized as a general interest organization!

In August 2019, we have launched a procedure of fiscal rescript: it consists in asking the tax authorities if our activity respects the necessary criteria to benefit from this status.

What advantages does this procedure bring us?

An association of general interest can issue tax receipts to its donors (individuals or legal entities), allowing them to benefit from tax reductions:

• For an individual: Up to 66% of the amount of his donation (within the limit of 20% of his taxable income);
• For a legal entity (organization): Up to 60% of the amount of its donation (up to a maximum of 20,000 euros or 5‰ of its annual revenue).

For example, if a person makes a donation of 50 euros, this donation will only cost 17 euros after tax reduction (20 euros for a company).

This also allows us to apply for fundings from a number of public and private organisations.

Why did we carry out this procedure?

The tax rescript is not compulsory to be recognized as being in the general interest: it is quite possible to qualify your own associative activities as being in the "general interest" and to issue tax receipts, without asking the tax authorities. This request is optional and only serves to confirm this qualification.

However, we have preferred to seek the opinion of the tax authorities to demonstrate that even a small student association without any pretence can obtain this recognition: this leaves the door open to other small players like us, especially among the CHATONS: if your associative activity is similar to ours (popular education, awareness of digital freedom issues, hosting privacy-friendly services) then perhaps your association corresponds to the definition of an association of general interest.

How did we proceed?

On 1 August 2019, we sent a registered letter with acknowledgement of receipt containing the requested form, completed, with our statutes, our internal regulations and our declaration receipt in the Journal Officiel.

We were contacted by mail post on 21 November 2019 by the Direction Générale des Finances Publiques, which asked us for additional documents to complete our file, namely :

• A moral report for the years 2018 and 2019;
• A financial report for the years 2018 and 2019, with our budget;
• Details of the activities carried out since the creation of the association, with references attesting to these activities;
• Any documents attesting to partnerships or subsidies.

Having started our activities in 2019, we expected to write our first moral and financial reports for the year 2019 in early 2020. We have therefore written preliminary reports for the administration, which can now be found here.

Our moral report also included details of the activities carried out since the creation of the association. About partnerships or grants, we had not done any such thing, so we did not transfer any other documents.

We replied in this way by email, then called the telephone number indicated a few days later to be sure that our email had been received, as a precaution.

From then on, we knew that we had to wait a maximum of 6 months for a response... which we finally received in June.

Here's what it looks like (click on the image to access the full PDF) :

General interest and free culture

We hope that our approach will encourage other associations, with whom we share our ideas and values, to ask themselves the question: "Is your activity of public interest?"

There is no need to ask the tax authorities to check whether your association falls into this category: if you think that it meets the criteria, you can issue your tax receipts and give your donors a tax reduction without asking. Your donors could thus triple the amount of their donation for the same cost.

This method is entirely legal; the obligation to ask the administration is a common misconception. However, if the administration contacts you and believes that your organization is not in the public interest, you must stop sending tax receipts immediately. However, this measure is not retroactive, which means that the tax receipts you have already issued will still be valid.

And if you don't need more donations, consider that not all free software associations can meet their financial needs. Imagine that your donors could give to two other associations in addition to your own, for the same cost?

Finally, this recognition is also symbolic and could give you some credibility with your public, who may never have heard of "free culture".

Hoping that this feedback will be useful to you :)

If you wish to support our activities financially with a tax reduction, you can make a donation to the 42l association.

Thank you for your support and see you soon!

Erratum 06/07/2020

We learned an important piece of information from ThomasGandalf (thank you!), which is worth noting, as it is obviously not clearly indicated on the governmental sources we cited.

If you issue tax receipts without asking the administration, but the latter considers your activities as not being in the general interest afterwards, your association will have to pay a fine equal to the tax reduction amount of the donation.

This only applies, however, if it considers that your association does not meet its criteria. So if you issue tax receipts without asking, and then the administration studies your case afterwards and considers that you are in the general interest, nothing will happen.

As we have shown you, even a small student association can meet the required specifications, so this should not scare you if you have similar objectives to ours, but it certainly requires careful consideration.

Finally, if in doubt, you can also start the tax rescript procedure as we have done. The administration will wait for a response, but it has commitment value: it undertakes to bear the responsibility for issuing your tax receipts and cannot fine you if it decides, later, to withdraw your general interest status.

We apologize for the incorrect information we have provided you with.

~N&B

Bonjour,

La semaine dernière, nous publions un article annonçant que notre offre chez OVH se terminait le 25 juillet 2019 et que nous songions à changer d'hébergeur en conséquence.

Le jour même, nous avons reçu des dizaines de commentaires de votre part sur Mastodon nous suggérant de nombreux hébergeurs.

Nous en avons donc contacté quelques-uns parmi vos suggestions et nous nous sommes arrêtés sur l'association Proxgroup, hébergeur associatif suggéré par @ThomasGandalf.

Merci pour vos nombreuses suggestions qui nous ont grandement aidé dans notre recherche :)

Ce 25 juillet 2019, nous avons ainsi migré l'intégralité de notre infrastructure chez Proxgroup.

Résumé de ce long parcours

« Being a sysadmin is easy. As easy as riding a bicycle. Except the bicycle is on fire, you’re on fire and you’re in Hell. » - Luc

24 juillet

Le 24 juillet à 13h15, nous annoncions ce que nous pensions être le début de la maintenance.

Proxgroup venait à peine de remettre le serveur entre nos mains que nous avions déjà commencé nos premières opérations : on nous avait remis un Debian 8 (Jessie), la première étape était de le mettre à jour vers Debian 10 - Stable (Buster) avant de commencer les choses sérieuses.

Première tâche, première mauvaise surprise : après une mise à jour d'une rapidité séduisante sans aucune erreur, nous redémarrons le VPS... Et il ne démarre plus.

On a réessayé plusieurs fois, on tentait de contourner le problème, mais il n'y avait rien à faire : ça marche sur Jessie, sur Stretch, mais sur Buster ça ne fonctionne plus.

On arrête tout et on vient déranger à nouveau le support de Proxgroup pour leur demander pourquoi ça ne marche pas.

On apprend dans leur réponse que Buster n'est pas compatible avec LXC. Pour être exact, la version de systemd utilisée par Buster causerait des problèmes.

Donc on nous propose de changer de VPS (pour passer sur un KVM) et on repart quelques heures plus tard sur un nouveau... Mais cette fois, on n'arrive pas à s'y connecter via SSH, même après plusieurs redémarrages, on galère.

En s'y connectant via VNC, on se rend compte que le VPS semble déconnecté d'Internet (un simple ping ou apt update ne fonctionnait pas) ; il a donc fallu recontacter le support qui a réglé le souci dans la nuit... (mais comme on était fatigués, on est partis dormir).

25 juillet

Comme c'était le jour où notre offre expirait chez OVH, il a fallu la renouveler pour un mois afin d'éviter un downtime de plusieurs heures.

En début d'après-midi, nous annonçons sur Mastodon le début de la vraie maintenance.

Nous avons donc exécuté successivement les opérations suivantes sur le nouveau VPS :

• Mise à jour vers Buster
• Désactivation du compte root, création d'un compte utilisateur
• Rotation des clés SSH (ajout de nos nouvelles clés)
• Configuration des paramètres de sécurité de SSH (restrictions des algorithmes de chiffrement, désactivation de certaines fonctionnalités, SSHFP dans le DNS)
• Installation des paquets listés dans le rapport technique
• Remplacement du DNS par défaut du serveur et de Docker par celui de FDN
• Création des volumes Docker
• Téléchargement des images de base
• Migration des Dockerfiles, recompilation des images
• Génération de nouveaux certificats TLS...

Migration des services

Le plus délicat était de migrer les services, car certains hébergent des données utilisateur ; il était donc nécessaire de les arrêter sur l'ancien serveur, de transférer les données puis de les démarrer sur le nouveau et enfin, de changer le DNS pour que le sous-domaine du service pointe vers le nouveau serveur.

On a donc commencé par les services qui ne nécessitent aucune coupure car ils n'ont pas de données : le proxy DoH et le service Schémas, (draw.io) ; il n'y a donc pas eu de downtime pour ces services et tout s'est très bien passé.

Juste après, nous avons migré le service Liens (Lstu), ce qui nous a nécessité 5 minutes de downtime (très peu de données).

Enfin, il nous restait à migrer le site, la base de données et le service mail ; ces trois services étant interconnectés, il est difficile de les migrer un par un.

On a migré tant bien que mal la BDD et le site avec un petit downtime de 5 minutes, mais nous avons rencontré un problème en migrant le service mail, à deux doigts de la fin de la migration. Au moment du démarrage du conteneur, Docker nous indiquait que le port 25 était déjà utilisé... On a cherché pourquoi pendant un petit moment pour finalement se rendre compte que Exim était installé de base sur l'hôte, et c'est lui qui squattait le port 25. On a fait le ménage et le service a enfin démarré :)

Notre dernière demande auprès du support fut celle de modifier le reverse DNS de notre nouvelle IP afin que nos mails ne se fassent pas blacklist (il n'y avait pas d'option pour cela dans leur interface).

Leçons à retenir

Nous nous sommes retrouvés plusieurs fois dans une situation incertaine dans laquelle nous avons dû faire appel au support.

Quelques détails sur lesquels vous devez être attentifs lorsque vous migrez votre serveur :

• Annoncer la maintenance sur le plus de canaux possibles (nous avons failli sur ce point-là, puisqu'on ne s'est contentés que de Mastodon)
• Essayer d'être un peu plus précis en annonçant la durée de la maintenance (là aussi on a failli, on parlait d'un downtime de plusieurs heures, finalement c'était 10 minutes tout au plus grâce à la magie des conteneurs)
• Bien comprendre les enjeux autour de l'utilisation de la technologie de virtualisation du VPS (KVM, LXC, ...).
• S'assurer qu'il soit possible de modifier le reverse DNS de votre IP si besoin
• Si vous hébergez des mails, assurez-vous que votre hébergeur / offre vous le permet. Si vous pouvez, testez l'IP de votre VPS sur les blacklists connues afin de vous assurer que cette IP n'a pas déjà servie à de mauvaises intentions.

Des informations sur le nouveau serveur ?

Notre VPS chez Proxgroup dispose de 4 coeurs virtuels et 4 Go de RAM (+ 1 Go de swap).

En terme d'espace disque, nous sommes à 40 Go HDD avec possibilité d'agrandir si nécessaire. Le HDD n'est pas trop handicapant par rapport au SSD grâce au RAID 50 dont nous bénéficions, avec 1.7 To de cache SSD :)

Tout cela nous est gratuitement fourni par Proxgroup en échange d'une mention de leur association sur notre page d'accueil et dans la page "Nos amis", ce qui est à nos yeux tout à fait respectable vis-à-vis des moyens mis en place en amont et qui correspond au même esprit d'entraide entre associations que nous entretenons de la même manière avec les CHATONS.

Serveurs, réseau et et transparence

Enfin, nous préciserons que selon Proxgroup, ces serveurs sont hébergés à Nanterre.

L'association Proxgroup est en contrat avec avec Netrix SAS pour disposer d'une partie du datacenter, que Netrix exploite auprès du groupe Zayo. (ERRATUM: Il s'agit en réalité de Hexatom, pas Zayo.)

Proxgroup est aussi devenu membre du LIR auprès du RIPE en 2017.

Nous avons pu disposer de ces informations grâce à la transparence exemplaire dont fait preuve Proxgroup sur leur blog.

Qu'en est-il du serveur précédent ?

Puisque nous avons dû renouveler notre offre chez OVH pour un mois et qu'il n'y a plus rien dessus, nous avons mis en place un relai Tor qui fonctionnera jusqu'à la fin de l'offre, le 25 août 2019.

Ce relai fonctionne dans un conteneur basé sur l'image de jess/tor-relay, légèrement altérée par nos soins.

Remerciements

Nous tenons tout particulièrement à remercier l'association Proxgroup pour son formidable travail, leur réactivité et leur bienveillance :)

À très bientôt,

N&B

Ce vendredi 28 février, Frédéric Urbain de Framasoft s'est rendu à l'école 42 sur invitation de l'Association Sans Nom.

Le petit public de l'amphi fut tout d'abord sensibilisé sur les enjeux de la dégooglisation et des services alternatifs libres, sans oublier l'inévitable définition du logiciel libre aux quatre libertés.

S'ensuit alors la présentation du projet Contributopia et des CHATONS, en rappelant les objectifs et la position de l'association Framasoft sur les projets libres.

La conférence se termina après quelques questions sous les applaudissements de l'audience, se tint alors une discussion avec la régie de l'école 42 et notre conférencier sur l'éventualité d'installer une instance PeerTube au sein de l'école.

Nous avons pu par la suite échanger quelques mots sur divers sujets. Frédéric ne manquant pas de nous demander « où en est donc ce CHATONS à 42 », l'état de l'association 42l fut aussi abordé.

Très bon moment en perspective, rendu possible avec l'Association Sans Nom, association de libre et sécurité à l'école 42.

Les diapositives sont disponibles sous licence CC-BY sur le site de l'ASN

~ N&B

Illustration : CC-BY-SA Framasoft

Following the closing of the 42 school because of the ongoing pandemic, the conférence is reported for an undefined duration.

An article will soon be published about it.

Thanks for your understanding.

The 42l association invites you to meet Tris Acatrinei, founder of the Projet Arcadie, an supervisory body of the parliamentary life.

Humorously defining itself as "Parliament's after-sales service", the Projet Arcadie is a platform that can be used as a fact-checking tool on political personalities, which notably made it possible to discover parliamentarians with cumulative mandates.

The project has been entirely maintained by Tris Acatrinei since its creation, and is now operated entirely thanks to donations.

In a one-hour conference in the Holodeck room, Tris will give a presentation of her activities in the Parliament, an introduction to the issues of the Projet Arcadie and a Q&A session about the Parliament.

The conference should be recorded : it will be available after a few weeks on our PeerTube channel.

Attend the conference as a non 42 student

Not a 42 student ? No worries, you can still attend the conference. Please follow these instructions:

• you must notify us of your attendance (via Mastodon or mail);
• you must subscribe or unsubscribe at least 12 hours prior to the conference beginning;
• you must be in front of 42 at least 15 minutes prior to the event start.

A maximum of 15 external visitors can join us.

All are most than welcome !

Neil

Article translated by Pohl

Bonjour,

Ces dernières semaines, nous avons encaissé des dysfonctionnements techniques d'une certaine ampleur causant plusieurs pannes de nos services.

Panne serveur

27 septembre 2019 à 00h32 : Le serveur sur lequel était hébergé notre VPS s'éteint.

En conséquence, tous nos services et notre site web se retrouvent hors-ligne.

00h40 : Nous prenons conscience de ce problème par chance, faute de manque de monitoring.

Nous tentons d'abord de redémarrer le serveur depuis l'interface de notre hébergeur, Proxgroup. Mais puisque toute la node qui l'héberge est hors-ligne, l'opération échoue.

01h00 : Nous avons publié une annonce de service sur Mastodon.

01h17 : Nous créons un ticket sur l'interface de Proxgroup, au niveau d'urgence "critique". Nous craignons en avoir pour la nuit voire le week-end

01h29 : Comme par miracle, l'un des membres du staff de Proxgroup nous répond 12 minutes après, en ayant constaté le problème et redémarré le serveur.

Notre serveur a donc été redémarré à 01h26, avec tous ses services.

01h40 : Après avoir vérifié plus amplement que tout est bien fonctionnel à nouveau, nous publions une deuxième annonce de service sur Mastodon.

Selon leur page de statut, il s'agirait d'une panne réseau. En tout cas, il s'agit du premier incident de la sorte depuis que nous sommes chez eux et ils ont réagi en un temps record (12 minutes à 1h30 du matin, quand même). Un grand merci à eux !

"Attaque" sur le proxy DoH

Nous avons constaté une montée en charge phénoménale de notre proxy DoH à partir du 24 septembre 2019 à 09h10. Nous recevions peu de requêtes, mais provenant d'un très grand nombre d'IPs. Les requêtes étaient étrangement formées et semblaient utiliser des implémentations obsolètes du DoH ou même des extensions qui ne semblent pas documentées.

Ce "spam" générait une quantité assez importante de trafic et a eu pour conséquence quasiment immédiate de bannir notre proxy des résolveurs de FDN, bloquant l'accès au service pour tous les utilisateurs.

Nous n'avons malheureusement pas mis en place une solution de monitoring et de protection suffisamment efficace pour couvrir ce vecteur d'attaque. Nos ratelimits s'appliquent par IP pour ne pas dégrader la qualité du service pour les autres clients.

Notre serveur a donc continué à se faire spammer durant 24 heures. Le trafic a augmenté de manière exponentielle, mais nos serveurs ont tenu bon. Cependant, aucune de ces requêtes n'a abouti car nous étions bannis par FDN.

Durant ces 24 heures, nous sommes passés de 40-80 IPs uniques par jour utilisant nos services à 20 000 IPs uniques, ainsi que 565 000 requêtes provenant de ces IPs contre environ 60 000 habituellement, soit environ 10 fois notre trafic habituel.

Le 26 septembre 2019 vers minuit, nous nous sommes rendus compte de l'attaque et avons immédiatement stoppé le service.

Il nous a fallu plusieurs heures pour développer des solutions de protection, qui ont consisté à bloquer ces "requêtes malformées".

Screenshot : Requêtes traitées par le service DoH.

Screenshot 2 : Requêtes traitées par le service DoH, en incluant les visiteurs uniques dont l'IP est immédiatement bannie sans donner suite à la requête.

Nous avons demandé conseil à Stéphane Bortzmeyer et FDN pour avoir plus de détails sur la manière dont nous devons gérer la situation.

Entre-temps, nous avons repéré un commit sur le dépôt de la liste des résolveurs de dnscrypt-proxy, un logiciel assez connu qui permet de chiffrer des requêtes DNS.

La date du commit concorde : l'ajout de notre proxy à cette liste est sans aucun doute l'élément déclencheur qui a entraîné cette gargantuesque montée en charge. Cela explique pourquoi autant d'IPs nous ont attaquées en même temps et pourquoi elles n'étaient pas dans les blacklists de spam connues : elles étaient légitimes.

Ce commit a été rédigé par jedisct1, qui est notamment le développeur de doh-proxy et edgedns, logiciels que nous utilisons pour faire tourner nos services, et contient plusieurs erreurs :

• Il mentionne que nous sommes l'association FDN (faux !) ;
• Il mentionne que nous utilisons le DNS public de Google (encore plus faux !!).

Nous l'avons donc contacté pour démentir ces faits et, constatant que notre infrastructure n'allait pas tenir le coup si nous restions sur cette liste, nous avons émis une pull request sur son dépôt pour retirer notre proxy des résolveurs DNSCrypt.

Depuis, nous avons optimisé notre configuration pour résister plus efficacement contre ce flux de requêtes ; la mise à jour de la liste devrait se propager peu à peu et soulager notre service.

Entre-autres, nous avons paramétré notre cache DNS pour qu'il garde en mémoire ses entrées pendant 30 minutes minimum, sans tenir compte des entrées DNS dont le TTL est inférieur à 30 minutes ; cela devrait soulager les résolveurs de FDN pour un temps.

Raccourcisseur de liens

Nous avons dû faire face à une utilisation malveillante de notre service, nous l'avons donc remplacé.

Voir notre article sur rs-short pour plus de détails.

Leçons tirées

• Nous devons installer des solutions de monitoring plus solides afin de voir venir ce genre de catastrophes et agir promptement.
• En gagnant de la visibilité, nous nous exposons à des montées en charge rapides et des attaques plus nombreuses et plus complexes à gérer.
• Il est peu concevable d'héberger un service en libre accès et de partir du principe que "nous serons trop petits pour subir quoi que ce soit".
• Il ne sert à rien de paniquer comme un dingue lorsque les services sont down. Il faut respirer, là, du calme, tout va bien, on va s'en sortir, ce n'est pas grave, allez, on réfléchit ensemble et on y va.

On a encore du progrès à faire. En espérant ne pas décevoir vos attentes. :D

À bientôt,

~ N&B

Après deux mois de travail acharné, nous avons enfin terminé le site web de l'association.

Sous le capot

Il tourne sous le framework web Rocket (écrit en Rust), tout comme nos amis libristes chez Plume.

Nous sommes fiers de déclarer que ce site a été réalisé sans une ligne de Javascript. Aucune garantie que nous puissions continuer dans cette démarche bien longtemps cela dit ; mais tant que c'est possible, on continue :)

Nous avons aussi mis en place l'internationalisation du site, offrant la possibilité à des contributeurs de traduire le site lorsque le code sera publié.

Le code étant encore frais et écrit dans la précipitation, certaines parties sont mal écrites et/ou bâclées. Nous publierons le code du site sous licence libre après avoir pris soin de le retravailler et de s'assurer de sa stabilité ainsi que de sa sécurité*. Cela passera par un éventuel audit de sécurité de la part de nos collègues de l'école 42.

Vous pouvez dès à présent consulter notre Rapport technique qui détaille avec transparence notre outillage et nos procédures ainsi que notre Charte graphique dans laquelle nous créditons les technologies et ressources utilisées.

À venir

Nous prévoyons d'intégrer sur le court terme un espace adhérent où il sera possible de gérer les services que nous mettrons à disposition à nos adhérents. Cela se fera avec l'ouverture de nos adhésions au public.

Nous sommes ouverts à toute suggestion ou critique ; vous pouvez dès à présent nous contacter pour nous en faire part.

Rézosocio

Nous avons décidé de marquer le coup et d'ouvrir un compte Mastodon en même temps que le site web.

Nous y publierons régulièrement nos annonces et d'autres contenus tels que des messages d'information concernant nos services, des appels à conférences, des anecdotes autour de nos péripéties ou encore des photos de CHATONS. Pensez donc à nous suivre si le cœur vous en dit et à nous faire parvenir vos remarques via ce moyen de commication privilégié.

Nous sommes aussi disponibles via nos comptes Mastodon respectifs : Neil et Brume.

À très bientôt.

~ N&B

* Pour les développeurs Rust, nous sommes fiers de déclarer que pour le moment, la première ligne de notre programme est #![forbid(unsafe_code)].

Bonjour !

Quelques nouvelles.

Nouveau service !

Nous venons de mettre en place un nouveau service que nous avons nommé "Schémas".

Il s'agit d'une instance du logiciel draw.io qui vous permet de concevoir des organigrammes, mind maps, modèles relationnels ou ce que vous voulez dans la limite de votre imagination.

Nous vous invitons à découvrir le service sur sa page dédiée.

Stands et stickers

Nous avons récemment tenu un stand à l'occasion d'un hackathon à l'école 42.

Nous avions beaucoup de stickers récupérés lors de conventions, de nombreuses organisations du libre.

Beaucoup d'élèves sont venus nous voir et ont posé des questions sur ce qu'était le libre, les DRM (en voyant les stickers de l'April !), les CHATONS et les services décentralisés ; la majorité ne connaissait pas du tout et certains étaient même particulièrement intéressés.

En tout cas, nous avons été dévalisés de nos stickers. Ils adorent ça et ça fait plaisir de voir les stickers de Nextcloud, l'April ou Framasoft sur leurs ordinateurs !

Nous aimerions d'ailleurs remplir nos stocks afin de tenir un stand à l'école de temps à autres. Nous avons déjà contacté Framasoft, l'April, la FSFE et Nextcloud pour leur demander s'ils souhaitaient nous envoyer d'autres stickers pour que nous puissions les exposer sur notre stand et nous avons obtenu des réponses positives de chacun d'entre eux ! Merci beaucoup !

Si vous connaissez une association du libre, n'hésitez pas à faire passer le mot ! Nous serions ravis de promouvoir d'autres associations à l'école en mettant à disposition leurs stickers et dépliants :)

Pas Sage en Seine 2019

Nous tiendrons le stand CHATONS à l'occasion de l'évènement Pas Sage en Seine 2019.

Cela veut-il dire que nous serons peut-être bientôt membres de ce collectif ? Qui sait... ;)

Modification du logo

Nous avons retiré le logo de l'école 42 du logo de notre association.

Ça fait un moment que ça nous travaillait et une discussion avec les membres du staff de l'école 42 a facilité cette réflexion.

Nous avons imaginé les conséquences que pouvaient causer la présence de ce logo auprès de personnes extérieures ; nous craignons être vus comme une structure juridiquement rattachée à l'école et conçue par le staff de l'école, ce qui n'est pas le cas.

Nos actions n'engagent pas l'école et inversement, et en choisissant d'ajouter leur logo, nous courrions le risque de transmettre le mauvais message.

De plus, le logo de l'école 42 étant sous copyright (bien que nous ayons eu l'autorisation de l'utiliser), notre logo n'était par conséquent pas 100 % libre. Mais maintenant, ce n'est plus le cas, notre logo est désormais sous licence CC-BY comme la majorité du contenu sur ce site :)

Quoi d'autre ?

On travaille encore sur de nouveaux services, mais il faut quand même qu'on avance un peu sur notre cursus scolaire.

À bientôt !

~ N&B

Launched in May 2019, first using the software Lstu written by Luc Didry, this service now uses a home-made software brick, named rs-short. We count it as one of the first services of the association, with our DoH service.

During three years, this service has required a lot of moderation work, much more than other services: more than two hours of volunteer time per month were dedicated to fight against an illegal use of this service.

In this article, we offer you a retrospective analysis of this never-ending fight against phishing.

Usage statistics

View complete usage statistics as of March 2022

We receive traffic from 650 different IPs every day, for just over 1 GB of traffic per month. So we are still very small scale.

Our service is used to create 20 to 40 links per day on average.

Out of these 20 to 40 links created each day, we count between 0 and 3 links on average that distribute illegal content, and that we have to disable promptly. This of course only includes the fraudulent links that we have managed to detect.

During the week of March 28 to April 3, 2022, we counted 204 links created, including 3 fraudulent links. However, sometimes our service experiences waves of fraudulent traffic, and a malicious person may create about 20 fraudulent links in a single day.

In total, at the time of writing this article, 14 150 links have been created with our Links service, including 937 links that we have marked as fraudulent.

What's the point?

For a malicious person who wants to spread malicious content on the Internet, what is the point of using our little link shortener?

Filtering processes

Some spam filters, especially at email hosts, use a Bayesian filter to estimate the probability that an email received is illegitimate.

Other methods can be used to fight spam. Social networks such as Facebook or Twitter perform other forms of automated censorship, but this moderation is generally quite opaque: we do not know under which criteria a message can be considered spam.

We can assume, however, that most of these filters analyze the reputation of posted links, and in particular domain names, and may use various third-party services to accomplish this goal, starting with the Google Safe Browsing database (GSB) which is used by Firefox to block browsing to suspicious links.

Using the reputation of other sites

Here's how this impacts our nasty hooded hacker: when they share a link to a malicious page, their link could be detected and blocked quickly, especially if our hacker is using a newly acquired domain name that will have a low reputation to begin with.

Their solution would then be to use domain names that have been registered since a long time, with a decent reputation. This is precisely what a link shortener allows: the shortener's domain name is used as a gateway, and it is its reputation that will be at stake when the link is distributed and redirected to the malicious page.

What are the consequences?

When a phishing link is created, we need to act quickly: once the link is created, our hacker will spread the link within the hour, sometimes to tens of thousands of email addresses, sometimes through hacked email or social network accounts. This often results in a spike in traffic to our service.

Domain name reputation

The first consequence that this can have is that the URL of the shortcut s.42l.fr/mylink is marked as fraudulent by services like Google Safe Browsing. This may lower the reputation of our domain name, but without any direct impact on other Internet users.

It has already happened that our domain name dedicated to this service (s.42l.fr) has been marked as fraudulent, especially by email filtering services. In these cases, it is more difficult to get out: it affects all the people who use our link shortener. It could also affect the reception rate of our emails sent from our mail server, as it shares the same IP.

What also worries us, and what motivates us to moderate this service very actively, is that the reputation of the parent domain name, 42l.fr, may be impacted over time. This has never happened before, but some reputation analysis services might work in this way and this would impact all our services; likewise if our IP address is reported as suspicious.

Alerts

We have had to deal with Orange Cyberdefense or Netcraft on several occasions. These companies are mandated by big companies like Société Générale, Amazon or Google and send emails to the address abuse@yourdomainname.com (if you have a domain name, make sure you always listen to this address).

When a phishing page targeting one of their customers is used with our link shortener, we receive an email asking us to remove the fraudulent link as soon as possible.

Shutting down our servers

Quickly after the email from these companies on our abuse@ address, we may receive an email from our host shortly after:

Hello,

We received a complaint today on one of your domains.

Please act within 24 hours to remove the content of your site or we will be obliged to suspend your service.

These companies have probably used the contact email provided for this purpose in the WHOIS registry. It is better to react very quickly in these cases.

What kind of illegal content?

We have sorted all the fraudulent pages that were captured in our URL shortener into different categories:

• Messaging scam: a page that asks the victim to log in to check their MMS, listen to their voicemail, join a chat group or check their emails. Generally very targeted at Orange, a French ISP.
• Games scam: offers the victim to download a game crack or cheat tool. Often targets Roblox, sometimes Fortnite or Clash of Clans.
• GAFAM scam: asks the victim to log into their online account at a large hosting company. Most often targets Microsoft, sometimes Google or Netflix.
• Shipping scam: informs the victim that their parcel is late or that they has to pay customs fees, and ask for their bank details.
• Bank scam: asks the victim to log into their bank account to activate a security mechanism such as "Certicode", or to urgently check their bank details. Usually targets the Crédit Agricole, Banque Populaire, Banque Postale or PayPal.
• Porn: offers the victim to chat with a local girl... no need to go into details. We have no rule against pornographic content in our terms of use, but the links that have been blocked seem to us to be used for spam purposes.
• Terrorist or pedopornographic content is of course systematically blocked as soon as we are informed of the existence of such content on our service. Fortunately, for my sanity, they only represent 0.6% of the registered malicious links.

For a large portion of the links in our database, we were unable to guess their category. We based this categorization on the destination link (to take two fictitious examples, webmailorange.weebly.com or sites.google.com/postbank) or sometimes on the name given to the shortcut (consult-mms-sfr...). We did not keep any other traces allowing us to categorize these links afterwards.

Where are the fraudulent pages hosted?

We tried to guess the hosting used for each fraudulent page. In many cases, it is explicit (for example, if the URL starts with sites.google.com or contains wixsite.com or yolasite.com, we know that the site is hosted by Google Sites, Wix or Yola). In other cases, the fraudulent page uses its own domain name and we don't have more information about its hosting.

We tried to sort these hosts into the following categories:

• IP address: the URL entered does not include a domain name, and therefore does not let us guess which host is used.
• S3 bucket: the malicious person has hosted an HTML page or a PNG image on an object storage service.
• CDN: this one is interesting − the malicious person has directly created a link to an official image of a site they want to imitate (e.g. PayPal). They then uses the shortened link in her email, or on another HTML page in an <img> tag. The victim's browser will make the request to the shortened URL, thus engaging the reputation of the shortener's domain name, and this will increment the link shortener's click counter and allow the attacker to know whether the victim has visited its page or not. However, the use of this method seems to be limited.
• Image hoster: the hacker creates an image on which is written the information intended to trap their victim. This method is probably used to prevent the image text from being analyzed by email servers.
• Text host: the page is hosted on a platform such as Pastebin, or other platforms that allow to write content without leaving complete freedom on the page layout and HTML/CSS (e.g. blog platforms...).
• Web host: the page is hosted by a web host, usually free (Google Sites, Yola...) and uses the domain name of this host (sites.google.com, subdomain.yolasite.com). With some hosts like Yola or Wix, it is possible that the page is served under its own subdomain.
• Own domain name : the malicious person seems to have bought their own domain name to host their fraudulent page. We do not know which host the fraudulent website was hosted with. Most of these domain names looks like typosquatting.
• URL shortener: The URL entered points to a URL shortener. It is common to encounter URL shortener chains for phishing links. We do not have information about the hosting of the page behind the shortener.
• Hijacked site: the page appears to be hosted on a website that has been hacked.

What conclusions can be drawn from this analysis?

In a large part of the cases (at least 340 cases out of 702 identified, for a total of 937 malicious links), the malicious pages are located on servers belonging to web giants that offer free web hosting:

• At Google (Sites, Cloud, Forms, Blogspot and even Firebase) in 23% of the cases;
• At Wix in 20% of cases;
• At Yola in 18% of cases.

When we detect a malicious page on their platform, these large companies take more than 24 hours to process our request; phishing campaigns run very quickly and are often viewed by more than 1,000 people within a few hours. These pages remain online for weeks without these platforms noticing.

These web giants, who offer tools that facilitate the dissemination of malicious pages without applying adequate moderation measures to prevent hijacking of their platform, are the main culprits for the dissemination of malicious content on our link shortener by their laxism in the face of the dishonest, even criminal, activities served by their own platforms. It is because of their negligence that we must mobilize more than necessary.

In second place, a large number of deceptive domain names, which resemble those of official sites, are acquired by hackers (example: micrcscft.com). The Internet user, by lack of vigilance, can be fooled.

Finally, many sites administered by people who are not very scrupulous about the security of their infrastructure are hacked and used to host malicious pages.

URL shorteners are not to be outdone: we see the regular use of URL shortener chains to spread malicious links. We have therefore chosen to block the creation of links pointing to a URL shortener and try to list as many of them as possible.

How did we detect these malicious links?

The software we use, rs-short, sends us an alert when a link is visited a certain number of times in a certain time frame (e.g. 30 times in 2 hours). This leads to many false positives, but it also allows us to spot deceptive links very quickly when they are widely distributed.

When we experience a phishing wave, which - fortunately - does not happen every day, we configure our software to list every link created in a log file. This tracking mode, which we activate temporarily, allows us to act before malicious links are distributed, at the significant cost of violating the privacy of our users.

Please note that we only consult links that we consider illegitimate, and that we carry out these operations in strict compliance with our terms of use: commitment 2 - "We do not consult your personal data for any other purpose than the technical maintenance of our services [...]". If you don't like this moderation policy, feel free to switch to another instance.

Finally, we also search in the software database according to the domain name (for example: sites.google.com). Indeed, out of 79 links created on Google Sites, only 20 of them are legitimate. This figure is even worse at Yola: out of 62 links created, not one is legitimate. At Wix, only 22 links are legitimate out of 90. Our hackers have their favorite hosts.

These three methods allowed us to identify more than 99% of the malicious links we listed. The remaining 1% are reports we received on our abuse@ address. We consider that if we receive an e-mail on this box, it is already too late: the link will have already been widely distributed and the reputation of our domain name will have suffered; our hosts may already know about it.

How to block hackers?

There is no magic method to block hackers. IP-based blocking would be irrelevant because they use VPNs, hacked computers, or Tor relays that we wouldn't want to block at all, because we'd be preventing legitimate users from using our services.

Captchas have limited effectiveness. They do block automated attempts to create links, but all links created after the migration of our service to rs-short in April 2020 were likely captured by human beings. It is likely that our hackers are using click work companies, or that the hackers are entering the link directly in person.

Reporting malicious sites to the major platforms (via the abuse@ email address or other appropriate channels) is not very effective in practice, the giants may be overwhelmed with reports or understaffed, but often take several days to respond. The malicious link will have had ample time to circulate in the meantime. In addition, this requires additional work time for which we are not prepared.

We ruled out the possibility of blocking links based on the name given to the shortcut: out of the 937 registered malicious links, exactly 50% of them did not specify a particular link name, which then generates a random link name of 8 characters. For the remaining links, the name is chosen by the malicious person. It may indeed be a name related to the malicious content, although sometimes it is very generic. But even if the link name would be blocked, the hacker only has to change their IP and try again with another link name.

At the moment we use block lists. We block many of the web hosts and domain names commonly used to run phishing campaigns and are considering adding large hosts like Google Sites to this list as well if moderation takes too much effort. We have also blocked the creation of links to many of the URL shorteners (impossible to list them all).

Find out more about developing defense mechanisms on the CHATONS forum.

A collective effort is needed

With the web giants

Even if we don't expect much from big web hosts like Yola, Dynadot and Google, some moderation on their platform would be more than necessary. Another option, which they won't want to hear, is to downsize to allow smaller players to do a human scale moderation job, which will be more effective because these small platforms are not overloaded with traffic.

We have never had an illegal link to Framasite, Ouvaton or BeeHome.

With URL shorteners

Since the launch of this service, we are committed to a zero tolerance policy against illegal content on our URL shortener. But if we act alone, this will only redirect pirates to other existing URL shorteners (and there is no lack of them), especially among the CHATONS.

Fellow librarians, web hosts and webmasters who offer a free URL shortener, don't let your service go unmoderated! Don't allow hackers to take advantage of your domain name's reputation for dishonest purposes. Don't wait to receive an email on your abuse@ box to act.

If you think you won't have time to do such a moderation job, then maybe consider closing down your service or restricting it to trusted people, this could save you from serious trouble with your host or third party companies. There are so many other services to host that will require less moderation.

~ Neil

We held a debate around the stakes of cryptocurrencies, and more specifically around the Free Currency Ğ1, after the conference of their contributors on November 13 at the 42 school.

The debate was limited to a small circle and brought together about 19 people around this theme.

We originially wanted to direct the debate around defined and announced issues, but in the end, the participants were able to lead the debate without our intervention.

Credits

Brume took care of taking notes and writing the report.

Hugo Trentesaux and Elois then made some revisions.

Pohl and Therbret translated the document to English.

Resources

Following their intervention, the contributors provided us with some resources to further explore the subject.

Articles mentioned by Hugo Trentesaux:

• Motivations for free currency: https://blog.trentesaux.fr/monnaie-libre/
• Reformulation of the RTC (relative theory of currency): https://blog.trentesaux.fr/monnaie-democratique/

Various exchange platforms:

• The technical forum
• The public forum

Contact the speakers:

• Hugo Trentesaux: https://trentesaux.fr/
• Attilax: https://forum.monnaie-libre.fr/u/attilax/
• Daniel: https://forum.monnaie-libre.fr/u/nox
• Elois: https://librelois.fr/
• Adrien: https://forum.monnaie-libre.fr/u/paulart

Report

You can find below a summary of the debate.

Q: You mentioned the ecological aspect of Ğ1, but I don't understand what prevents me to use a super powerful machine?

The custom difficulty algorithm uses an exclusion factor to prevent the use of high-performance computers: the more blocks a device finds, the more difficult it is for it to find new ones.

We would like to replace the proof of work by another consensus mechanism, but a decentralized network is necessarily incomplete and inconsistent, so it is very complicated to have an effective consensus mechanism in a truly decentralized network. Many cryptocurrencies solve this problem via falsely decentralized networks with a list of "master nodes". Today, the proof of work is the only consensus mechanism that is economically neutral to have been tried and tested on a truly decentralized network.

There are many questions about consensus mechanisms. These problems are very well studied, we speak of distributed algorithms (see Rachid Guerraoui's course at the Collège de France). The GAFAM - and especially Amazon - are working a lot on the subject (a concrete example: distributed databases). The ideal would be determine randomly which node "has the right" to add the next block, and the best way we have today to do something similar is to prove that we are working. We have adapted it so that a super powerful machine does not have an advantage. This does not encourage the race for power, but you are always free to waste electricity!

Q: How many transactions per block?

There are at most 10% more lines of transactions than in the previous block (the 1st block being limited to 500 lines). This makes it possible to keep a constant, but it can increase over time. We assume that if there were too many users, and therefore too many interactions, it would be possible and even desirable to split Ğ1 into several other currencies. Indeed, the fact that there are too many users causes different problems, such as the stretching of the web of trust.

If users were to be found on all continents, it would be very difficult to be within 5 steps of 80% of the reference group of users. One could imagine that these free currencies would differ by their "c" rate: the constant used to calculate the universal dividend. Currently, this rate is based on many parameters, such as life expectancy. The value of the "c" rate is a political choice in its own right, since it influences the amount of money earned each day by each member.

Q: Do illegal purchases/sales (drugs, sex, weapons...) become legal in Ğ1? What says the law in this case?

The law is unclear on everything related to cryptocurrencies (too recent). Officially, the use of Ğ1 is considered barter. As a result of this, is it legal to barter illegal products? No real answer on this subject, judges must act on a case-by-case basis. Per se, the definition of the word "purchase" does not change, regardless of the currency. For example, I can buy bread in euros, but for the baker, it will be buying euros in bread. It comes to the same... (Or even... buy backhoes in bananas or buy bananas in backhoes).

So, if it is an illegal purchase or sale, it can be considered illegal in Ğ1, as it is in euros. Finally, members of Ğ1 are not encouraged to engage in illegal actions, since they are on a web of trust. If they did, they would lose the trust of their contacts.

Have you ever refused to certify anyone?

It happens when we don't know the individual. We consider that it is necessary to meet physically, ideally several times... On the other hand, once you know and trust them, there is no point in refusing.

Q: How do you become a member?

It is necessary to meet members in order to obtain the five certifications. To do this, use the forum, meet several people before getting certified... It is best to test Ğ1 before becoming a member. Everything is possible: buy, sell... You simply won't be able to earn the universal dividend, to certify people and to write blocks. Trying out the currency is therefore an opportunity to find out if it is suitable for your needs, before actually becoming a member.

Q: Is it possible to buy Ğ1 in euros?

Yes, as long as someone is willing to buy, it is possible, as with any other currency. It can be done both ways. One could also imagine automatic exchange places with other cryptocurrencies.

Q: What happens (technically speaking) when a transaction happens?

It depends on the client used. The client sends a "transaction document" to one or more nodes. These nodes store the transaction in memory and then relay it to all the nodes to which they are connected, thus spreading the transaction throughout the network.

It is then necessary to wait until one of the nodes that received the transaction finds a block for it to be in the blockchain.

Q: Have you tried other alternative currencies?

The answer varies from one speaker to another. Either no or yes, with local currencies. However, many things were not as good as with Ğ1: a local currency has a geographical delimitation, which makes it a kind of captive, limited-use euro. It therefore has no more interest than a meal ticket.

Attilax, for example, had no connection to the economy until he discovered Ğ1. He discovered it by chance. This currency immediately interested him, because it lines up with his ideals as a member of the free software community, it is simple to understand, and finally, it made him understand that "to change the world, it is necessary to change the currency".

Q: How would a capitalist be interested in Ğ1?

On one hand, the liberals are interested in the absence of taxes and the decentralization of Ğ1. It is the current currencies that lead to capitalism, but also to cheating, to the desire to earn more, to greed... When you change currency, you change the rules of the game. Ğ1 has different rules from the current currencies, which totally changes the situation. Instead of being stingy, people are much more generous, and even tend to under-sell their services, for example. Relationships are much more cordial.

The euro will turn people into skinflints or thieves: these are the consequences of debts, loans with interest rates which, if they are not repaid, harm society. So it encourages people to strive to make money, to get rich.... However, the accumulation of money is not ultimately conducive to the economy, since it works through purchasing. If the majority of wealth is held by a small number of people, people can no longer buy goods. The economy does not work if there are no buyers.

In addition, Ğ1 is the only currency that can handle degrowth without problems, since there is no concept of debt. For any other currency, the decline is seen as very negative, even apocalyptic. Thus, free money is not a "problem" for the capitalist. This is a problem for a person who wants to sit on his privileges, who wants to accumulate money. Ğ1 is therefore not anti-capitalist.

Q: What about the GDPR regarding the blockchain?

There is indeed something to discuss: if someone puts a person's personal data in a block, there is no way to delete it. This could therefore cause problems with GDPR. There are possible solutions to this problem: storing a hash of the comment instead of the comment itself. However, this isn't done yet because there is no consensus among the main developers...

Q: How do you renew your certification ?

The web of trust schematizes the social relationships between members. There are two types of certifications: external certifications, which bring a new member into the web (the future member must obtain 5 certifications in less than two months), and internal certifications, which tightens the web: it is a matter of certifying between members. The fact of certifying yourself between members allows you to reduce the distance between people: a person you certify is 1 step away from you. Knowing that it is necessary to be within 5 steps of 80% of the referring members, reducing the distance allows you to certify more external people in the future.

One could imagine that 5 real people certifying a false account, and that false accounts certify each other. It would be a Sybil attack. On a small scale, it is insignificant, and on a large scale, other members will necessarily realize this and can therefore act against this kind of attack. They are therefore unimaginable. In order to become a referent member, you must have issued and received a certain number of certifications. This number is the fifth root of the number of members. Currently, it is 5, but this number is set to increase.

Finally, reading the license of Ğ1 is mandatory. It is therefore necessary to ensure that the people you certify have read it. The person who has certified a person who does not comply with the license will lose the trust of the others, therefore members have no interest in certifying false accounts.

Q: Isn't there an inconsistency between the focus on trust and the wish to implement Tor (gMix project)?

It's not that we want to implement Tor, it's that we can. In addition, it is possible to want to have anonymous interactions; this has no relation to the trust you place in members (the web of trust). It is important to note that Ğ1 is not responsible for the actions of people who use it for illegal or malicious purposes. These members are under the law, like everyone else, as if they were performing the same acts with euros. Ğ1 does not interfere with this.

The debate ended in a very good atmosphere. A snack was then organized, some students were there to discuss with the speakers.

See you soon,

N&B

Article translated by Pohl and Therbret.

Hello,

We have invited Carl Chenet to school 42, founder of LinuxJobs, which has been offering job offers using free software and open source technologies since 2015.

He also created the Journal du Hacker, a technology watch platform (like Hacker News).

Living decently by volunteering to contribute to free projects is often complicated. Some will tell you that you can only contribute to FOSS on your free time.

Carl has demonstrated that this is not a universal truth: he has presented the different possibilities that will be available to you if you want to move towards a professional career in free software.

His conference will focus on the following guidelines:

• The specificities of using Free Software and Open Source (way of working, employee expectations, company expectations, ...) ;
• Labour market players (ESN, independent investment company, job boards, ...) ;
• The three phases of a career (beginner, experienced and senior) ;
• The specificities related to Free Software (ethics, contributions, interactions with communities) ;
• Donations and counter-donations, or why companies must also be active players in the community ;
• The remote revolution (employee in remote, nomadism)

The conference will last one hour in Amphi, on Tuesday, November 19 from 16:00 to 17:00.

Attend the conference as an external person

Aren't you a student at school? This is not a problem, you can still attend. However, please follow the following instructions:

• You must notify us of your presence (via Mastodon or by email for the moment);
• You must notify at least 12 hours in advance;
• You must be present in front of the school at least 15 minutes before the start of the event;
• Have a ID to enter the building (it's not for us, it may be required by the school).

We can accommodate a maximum of 10 external people (not including speakers).

The conference call will be recorded: you can find it after a few weeks on YouTube channel studios42 (the school channel) under a free license.

Ethical talks #2 : Employability and free software

We will organize a debate on the theme of employability in the field of free software.

We invite you to argue on the subject with Carl, who will be taking part in the debate.

In particular, we will be able to address the following issues:

• What considerations should companies expect to meet the specific needs of the libre community ?
• Are open source software compatible with a company's business model?
• Can we expect a company to respect the ethical commitments of the libre community ? If so, which ones?

Places are limited. It is strongly recommended to attend the conference before the debate in order to be able to understand and follow the discussions.

External visitors cannot attend the debate, but we will provide a summary on the site.

Link to the debate summary

See you soon,

~ N&B

Hello!

We had the pleasure to invite the Parinux association the 26th of October for an install party at the 42 school (Valhalla) for the afternoon.

This is an opportunity for students to discover the various Linux distributions, test them on their terminals and meet the main players of the Libre community in Paris.

A snack have been organized for the participants.

For students, registration is possible through the school intranet but isn't necessary.

For organisation and space reasons, this event is unfortunately unavailable for external people, except the Parinux team.

See you soon!

~ N&B

English translation by Fabien.

At the beginning of this year, 42l celebrates its third anniversary.

On Saturday, January 29, 42l held its annual General Assembly in a mixed format, at the 42 school and in a Jitsi room for participants in remote. We counted a total of nine participants.

Key elements

• Transcript of the General Assembly (slides)
• Transcript of the Administration Council (slides)
• Financial report of the year 2021
• Moral report of the year 2021

Financial point

The results of the balance sheet for the year 2021 were presented to the General Assembly.

Last year, 42l spent much less than expected, the budget dedicated to the purchase of goodies and communication tools (stickers...) not having been used. The balance sheet is positive and encouraging for the continuation of the adventure.

For 2022, 42l has established a provisional budget of 2 100 euros. You can read about the distribution of this budget in the slides of the meeting.

What will become of our student association?

This is the question that has been on our minds for the last few months, as the members of the Administration Council are finishing their studies at 42 for the most part, and volunteers who wish to get involved in the organization of events remains hard to find despite the resumption of associative activities.

It was also a time to take stock of the call for contributions that we organized in November 2021.

Should we prepare a takeover of the association by other people? How will 42l evolve?

The participants of the General Assembly were invited to answer the following question: How do you see 42l in 5 years?

Discover the answers in our transcript.

Hosting the association's servers

This issue, which will never be resolved, has also been the focus of discussions in our internal channels in recent weeks.

Until recently, we were thinking of turning to the association's ISP Rhizome, which managed to offer hosting despite the pandemic.

After many experiments and reflections on this subject, we had to reconsider this option. There are several reasons for this decision.

On the one hand, the hardware we wanted to host has disproportionate capacities compared to the use we have of our current resources: 48 GB against 4 GB of RAM, 3 TB of disk space against 40 GB...).

By using the full potential of this machine, we would have become dependent on it and currently, we are not ready to assume the technical maintenance (and in particular the hardware maintenance) that follows.

On the other hand, in order not to become dependent on this hardware, we have tested solutions that would allow us to redundant our infrastructure and to ensure a high availability of our services.

We have tested Kubernetes and its derived solutions, distributed file systems... After several experiments, we concluded that these tools are not at all adapted to the size of our infrastructure: we are on a totally different scale, much too small to think of implementing them.

So we're going to stay with our current host, PulseHeberg (formerly Proxgroup, which has closed), and rent a more powerful VPS to host new services. We will separate storage and request processing on two separate machines, connected with the Wireguard protocol. This migration will be done service by service and will start in the next few days.

Election of the Administration Council and the Bureau

The Administration Council of 42l, which coordinates the actions of the association and defines its guidelines, has been renewed this year.

Our members who joined our Council the previous year have all chosen to volunteer for a new mandate. Two people have joined us: Aldec and htsr. We welcome them among us :)

Out of these ten people who compose our Administration Council, we elected the following Bureau:

• Neil, president ;
• Brume, treasurer ;
• Alex, secretary.

Alex, who has already participated in the writing of 42l newsletters, volunteered to become the first secretary of 42l after three years of existence.

See you soon,

Neil & Alex

It's been a while since we've written an article.

It's time to reflect on the association's activities.

Awareness campaign

Our campaign ends sooner than expected. We had to cancel Tris' conference on Project Arcadie because of the ongoing pandemic. There were also other events scheduled until the end of June, but all of them had to be postponed.

Indeed, if everything still goes as planned, the Piscines will take place from July to September, which could prevent us from organizing any event activities until the start of the new school year next November.

Since the beginning of the school year at 42, we have organized :

• 5 conferences
• 6 workshops
• 2 debates
• 2 broadcasts
• 4 stands
• 1 meal
• 2 conferences in convention
• 3 stands in convention
• 1 General Meeting.

In the space of less than 6 months, we find this balance sheet very satisfactory.

Thank you for your support!

Thanks to our speakers for having contributed to this adventure and for having had confidence in us.

Thanks to our members for being present to support and help us during our activities.

Thanks to the members of our Administration Council for their precious help in the management of the association.

Thanks to the students of the 42 school for listening to our speech.

Thanks to our donors for trusting in us.

Thanks to the staff of the 42 school for giving us great opportunities and doing their best to support us.

Thanks to the staff of the 42 Studios for filming each of our conferences and even editing and publishing some of our videos.

Thanks to all the people who participated in this trip and who have followed us to this day.

Workshop "Reclaim your privacy"

During the event La Tech pour toutes organized by the 42 school from March 6 to 8, we led twice a two-hour workshop with external people.

This workshop is called "Trackers, cookies and personal data: how to regain your privacy"; it was designed to be accessible to all audiences.

It takes place in two parts:

1. Awareness: definitions of terms and use of simple visualization and analysis tools to understand the problem. This includes :
   • A definition of privacy;
   • A definition of a tracker, cookie and other tracking devices, avoiding technical concepts;
   • The use of the Exodus Privacy smartphone application auditing platform;
   • A presentation of Edward Snowden, mass surveillance and Cambridge Analytica;
   • The use of the CookieViz tool developed by the CNIL's digital innovation laboratory.
2. Protection: introduction to "self-defense" tools to protect against Internet tracking. We presented :
   • The browser Mozilla Firefox, an ad blocker (uBlock Origin), the search engine DuckDuckGo, LibreOffice and many free and open-source alternatives to everyday tools;
   • Les CHATONS, the hosting collective to which we belong;
   • Framasoft, its philosophy, ideas and tools;
   • Additional resources to deepen the subject.

This workshop was realized by Mina, Clovis, Axpio, Benjamin, Neil and Brume.

A guide for setting up this workshop is available here. Help yourself :)

(However, the workshop guide is in English. If you want to help us translating it, please tell us!)

The association's server

Our efforts are now focused on improving our services, and in particular on upgrading our infrastructure, which is mandatory if we want to host more services.

We are in contact with the student association Rhizome, an associative Internet service provider member of the FFDN, based in Compiègne, in order to install a rack server in their bay.

We were able to retrieve a 1U Dell PowerEdge R610 server, graciously provided by alefaut for the CHATONS. This is recovery hardware, but it is perfectly suitable for our use.

Here are the features of this server :

• Two X5680 processors (6 cores, 12 threads)
• 48 GB RAM
• 8 x 600 GB SAS disks (10,000 RPM) Find the full specification here.

We will keep you informed of technical advances with this server.

Trip to the JDLL

Since January and until March 11th, the association organized a trip to Lyon within the framework of the JDLL. A conference and a stand were planned, as well as an intervention at 42 Lyon, the Lyon campus of the 42 school.

We were 8 students to take part in this trip.

Unfortunately, this trip had to be cancelled due to the ongoing pandemic.

We will try to organize activities at the festival Pas Sage en Seine if the opportunity arises.

Progress on our web platform

New measures for the publication of the source code of our web platform have borne fruit. A new contributor, Monique, joined us and sent her first commits to the platform. Four other people have also expressed their willingness to help us.

We found that a lot of effort still needs to be done before the platform can be released: the implementation of Monique's work environment took hours, only to deploy a development environment that allows compiling.

We plan to rewrite our platform with the Actix web framework instead of Rocket, which is less and less maintained since we started working with it. But this will require a lot of time and work.

We will keep you informed of any progress.

Student association offer

We are preparing an offer for the student associations of the 42 school. This offer would include a Nextcloud, the setting up of a personalized domain name for the mail service and some other functionalities.

Our goal is to offer an acceptable alternative to the G-Suite** at a price that is within the means of the associations.

Initially, this offer will be reserved for the student associations of the school in order to remain on a human scale and to guarantee a geographical proximity with the people who benefit from our services, within the framework of our activity as CHATONS.

En Vente Libre

We have signed an agreement with En Vente Libre, a structure mainly dedicated to free software associations allowing us to sell goodies (especially tee-shirts).

We have launched the production of 160 new T-shirts: 100 with a new design and 60 with the previous one. We will inform you when these tee-shirts are available on En Vente Libre.

The sale of tee-shirts is now an important part of our revenues. In the long term, it should make it possible to: finance the association's server, pay for our interventions in the name of the association, cover the possible travel expenses of our speakers at the 42 school and, more generally, and pay the operating expenses essential to the association's activity.

Our other work in progress

Here is a non-exhaustive list of our current projects:

• Finding new uses for the association's Matrix server;
• Acquiring two new domain names for our email service;
• Update and clarify the technical report ;
• Continue the development of a command line tool to facilitate the entry of memberships. This tool will be released under free licenses, the same as wassup and rs-short;
• Completely rework the user experience of the site, which is currently unsatisfactory;
• Make available to the public a platform for weekly and monthly statistics;
• Ensure the redundancy of the association's services;
• Improve our monitoring system.

As you can see, despite the suspension of our events, we still have a lot of work! As always, if you wish to contribute in any way, please do not hesitate to let us know :)

See you soon,

N&B

We are happy to announce our two upcoming events!

Conference: Haiku, a free/libre operating system

The 42l association has invited PulkoMandy (Adrien Destugues) to 42 in order to introduce Haiku. Haiku is a libre OS for personal computers. It is not a GNU/Linux distribution, for Haiku uses its own kernel as well as its own graphic interface.

The project's purpose is to provide a system that is simple to use, performs well and is suitable for both beginner and advanced users.

The project has been developed for almost 20 years, and therefore takes up many challenges : maintenance of a rather large code base, obsolescence of the used tools, evolution of the system's hardware, etc.

PulkoMandy will present the project history, the way work is organised with contributors all around the world who are working mostly on their free time on top of a paid job. He will also mention the difficulties encountered, the way the project is being funded and promoted, and the objectives and next steps of development.

The conference will be held at 42 Paris on Tuesday, February 11 at 2pm and will last one hour.

Find the recording of the talk on our PeerTube channel.

Slides available here

Attend the conference as a non 42 student

Not a 42 student ? No worries, you can still attend the conference. Please follow these instructions:

• you must notify us of your attendance (via Mastodon or mail);
• you must subscribe or unsubscribe at least 12 hours prior to the conference beginning;
• you must be in front of 42 at least 15 minutes prior to the event start.

A maximum of 10 external visitors can join us.

The conference should be recorded : if so, it will be uploaded a few weeks after the event on our PeerTube channel under a free licence.

Workshop : Team-working using Git

As a follow up to his conference, PulkoMandy (Adrien Destugues) offers you a 2.5 hours workshop addressing the usage of Git, in the name of the company that employs him, Viveris.

Git is a source code management tool. Developed with the needs of the Linux kernel developers in mind, it is meant to be used by a large amount of users in a decentralised way.

Gerrit is a Git-based code review tool developed for the Android project. It makes it possible to manage a large amount of patches as well as source code review in a collaborative and asynchronous way.

In this workshop you will see, while using Haiku as an example project, how to use Git and Gerrit to submit and review changes in a project source code.

We will address working with multiple branches in Git, the way to submit a change for review in Gerrit and to take into account the comments of the reviewers, as well as the best practices to follow in order to maintain a clean and easy to use Git repository.

In order to take part in the workshop, please bring your own computer and install VirtualBox.

The number of seats available is very limited, therefore the workshop is exclusively open to 42 students. It will be held on Tuesday, February 11, from 3:30pm to 6:00pm (in Valhalla).

Workshop slides available here

See you soon,

Mina

English translation by Steven, Pohl and Mina

Hi everyone,

The 42l association is pleased to welcome Juliette Alibert, lawyer, and Adrien Parrot, doctor and former student of 42, both members of the association InterHop.

In 2018, the French government wants to launch the Health Data Hub project. The goal? To gather French people's data in a single platform in order to conduct studies and help research. But there is a small downside, or rather two: in addition to centralizing in the same place a lot of sensitive data, the hosting of these data will be entrusted to Microsoft.

2018 is also the year when Adrien Parrot, then a medical student and at 42, works in data warehouses of hospitals in Paris. He begins to wonder about what this hypercentralization of data would really mean.

Worried about possible abuses, he founded the association InterHop with health professionals, lawyers and engineers. Why entrusting grandma's radios to digital giants is not so trivial? What are the technical and legal issues that this can pose? What role should we play as citizens and developers?

The association InterHop will come to talk to us about the issues surrounding digital technology and our health data, and how to better protect them from a technical and legal point of view.

The presentation will take place in Holodeck on March 23, 2022 at 2:00 pm at 42 Paris.

Attend the conference as an outsider

You are not a student at the school but would like to attend the conference? This is not a problem, just follow these instructions:

• you must notify us of your attendance (via Mastodon or email for now);
• you must notify at least 12 hours before the event ;
• you must be present in front of the school at least 15 minutes before the event starts.

We can accommodate a maximum of 10 people from the outside.

Please note: we are obliged to ask for your health pass to access the event. This decision is imposed on us by 42.

You will also be able to watch this conference on our PeerTube channel after the event.

See you soon,

Claire

Here we are again after two months under a blazing sun, a summer that did not turn out to be very busy for us. We can even say that it was rather relaxed.

So here is some news from our side.

42l Forms

We're hosting a new service!

This time it is a home-made software (developed by Neil) which uses the Nextcloud Forms application.

This service allows you to create forms without registration, using an administration link. It is based on Nextcloud Forms, our software allows you to bypass the account registration process. We hope it will meet your expectations!

Access the service

The source code of the software is available here. The application is still in beta and may behave unexpectedly, we would appreciate any feedback on our work :)

Publication of our internal scripts

After the publication of many internal tools a few months ago, we have finally published our deployment scripts for our services (Dockerfiles, management scripts, routines...).

Find these scripts on this Gitea repository.

A rewriting of our [technical report](/Technical report) is also planned, but it requires a lot of time and will.

A secondary server for 42l ?

We are preparing to set up an additional server for the association's services in order to have more disk space and RAM to install new services, as our current server is reaching its limits.

This implementation was initially planned for the end of August 2020, but complications linked to the current health crisis have slowed down this process at the level of our future host.

We can't give you a date yet, but the procedures are still in progress and we will do our best to move the situation forward. Thank you for your patience.

Report on our situation

This year, we could not organize our stands this summer because of the health crisis.

The next school year, which will take place in November 2020 at 42, is not prepared on our side. Almost all student associations have stopped their activities.

As the number of places at the school is limited to 120 people during exam periods (the "Piscines") and 320 people from next November, the organization of conferences, workshops and other events is strongly impacted.

Moreover, the majority of our team (including Neil and Brume) are currently on internship for a period of 4 to 6 months, or outside of 42, which strongly limits our possibilities.

The situation being very uncertain, we cannot yet determine when we will resume our events for the moment.

Acknowledgements

We would like to give special thanks to CPP42 (Claquette Pétanque Pinard 42), a student association that organized many convivial refreshment stands at school 42. CPP42 pronounced its dissolution three months ago and decided, upon liquidation of their financial assets, to donate part of their assets to 42l, for an amount of 426 euros. A big thank you for your generosity and good continuation!

Thanks also to Mina for having translated the FAQ page in English.

Thank you for continuing to follow our activities and for supporting us. It means a lot to us!

See you soon,

~ N&B

Hi everyone.

On May 23, 2022, la Quadrature du Net, a French association defending and promoting rights and freedoms on the Internet, will honor us with an intervention at 42, in a conference that will be followed by a question-and-answer session with the participants.

Since 2019, La Quadrature du Net has been fighting against surveillance technologies that are proliferating in our cities, through its decentralized campaign Technopolice.

Algorithmic video surveillance, biometrics: increasingly sophisticated, these devices are also increasingly used and trivialized... even though their effectiveness remains to be proven.

Why should we be concerned about these technologies and consider them as dangerous for our freedoms? How did these technologies manage to impose themselves? What are the interests of the actors who promote them? How are Smart City and Technopolice two sides of the same coin?

To answer these questions, Alouette and nono, members of LQDN, will present the deployment of the technopolice, its consequences on populations and the discriminations it generates, and will give you tracks to be able to refuse to work for the companies that maintain this technopolice.

The presentation will take place at 42 on May 23, 2022 at 4pm.

Attend the conference as an outsider

You are not 42 student but would like to attend the conference? This is not a problem, just follow those instructions:

• you must notify us of your attendance (via Mastodon or email);
• you must notify at least 12 hours before the event ;
• you must be present in front of the school at least 15 minutes before the event starts.

We can accommodate a maximum of 10 people from outside the school.

You will also be able to find this conference on our PeerTube channel after the event.

See you soon,

Claire

Bonjour,

Ce mois d'août, nous avons pris quelques vacances, mais cela ne nous a pas empêché de travailler un peu sur les projets de l'association.

On commence par quelques nouvelles mesures de sécurité.

Sécurité renforcée

Alors ça fait très vigipirate dit comme ça, mais ça n'a rien à voir.

Nous avons retravaillé la manière dont nous gérons les attaques sur notre site web et le service mail.

Précédemment, nous utilisions le service fail2ban incorporé dans l'image Docker docker-mailserver (CF. Rapport technique), qui bannissait les IPs trop agressives automatiquement. Ce système était couplé avec l'application d'une blacklist d'IPs définie par nos soins, qui nous protège des spammeurs qui réussissent à contourner fail2ban.

Notre site web, de son côté, n'était protégé que par les rate limits de nginx ; aucun bannissement d'IP n'avait lieu.

Nous utilisions aussi le "pare-feu dédié OVH" jusqu'à présent, que nous ne pouvons plus nous permettre en raison de notre changement d'hébergeur.

Par conséquent, fail2ban tourne désormais dans son propre conteneur, isolé du réseau virtuel, et a l'accès sur les logs de plusieurs services du système, y compris le service web et le conteneur mail. Nous pouvons personnaliser à volonté les règles de bannissement pour chacun des services, ce que nous ne nous sommes pas gênés de faire.

Nous utilisons désormais aussi le fichier hosts.deny pour bloquer les IPs trop agressives sur l'hôte et dans nos conteneurs.

Nouvelle politique de sécurité pour les mails

Pour des raisons de compatibilité, nous acceptons désormais l'envoi de mails via SMTPS sur le port 465.

Cela dit, nous ne recommandons pas cette approche et suggérons d'utiliser le port 587 en STARTTLS à la place.

Nous avons aussi remarqué que le client mail K-9 (Android) déclenchait des faux positifs ; nous avons ainsi assoupli nos règles de bannissement.

Désormais, son utilisation ne devrait plus vous bannir si vous avez plusieurs comptes chez nous.

Enfin, nous avons configuré SpamAssassin pour qu'il soit moins tolérant envers les spams. Merci de nous signaler tout éventuel faux positif suite à cette nouvelle configuration.

Atelier sécurité avec les CHATONS

Nous avons proposé aux CHATONS de venir à l'école 42 pour que chacun décrive leur infrastructure interne, leur politique de sécurité et détaille particulièrement les composants sensibles de leur système.

Chacun pourra ainsi apporter ses connaissances pour améliorer la sécurité de chaque membre du collectif.

Les passionnés de sécurité qui souhaiteraient apporter leur pierre à l'édifice peuvent s'inscrire sur le framadate après avoir lu le thread correspondant sur le forum CHATONS.

L'atelier est prévu dans le courant d'octobre 2019.

Backups

Afin d'éviter toute perte de données, nous allons multiplier nos backups.

Nous avons proposé aux CHATONS que chaque membre du collectif propose un peu d'espace disque aux autres afin d'y stocker des sauvegardes chiffrées.

Cela permet à chaque membre de disposer de sauvegardes off-site, redondantes à souhait et sans compromettre la confidentialité des données de leurs utilisateurs (données chiffrées sur le serveur de l'hébergé, avant le transfert).

Nous vous tiendrons au courant des décisions prises suite à cette proposition.

L'agenda 42l !

Nous avons mis en place une instance de Nextcloud (uniquement pour un usage administratif pour le moment) afin de vous communiquer les dates importantes de notre campagne de sensibilisation à venir à l'aide de leur module "Calendrier".

C'est par ici : agenda.42l.fr

Il n'est pas très responsive, mais il vous est possible d'intégrer ce calendrier à une application calendrier/agenda existante.

Et vos services, alors ?

Le framadate va finalement tarder un peu (le projet n'est plus maintenu, incompatibilité PHP 7, ...).

Le git est encore en cours d'intégration. Soyez patients !

Bonne fin d'été et à bientôt ;)

~N&B