About This Course
Tunnel and Fortress is a live, coached and intensive training series empowering participants to become capable, creative, confident and diligent system administrators in the deployment and maintenance of secured, community-facing, self-hosted and sovereign server infrastructure. At the close of the training, students will be able to deploy powerful and sophisticated servers, employing best-practice and battlefield-tested information and operations security strategies. Alongside, they will learn skills, tips and tricks coveted by senior sysadmins at the highest level of their craft.
The training is in two sections, Tunnel and Fortress. The completion of each results in a fully functional server on the public Internet under the full control of the participant, ready to be used in service to their community.
Video introduction
A video introducing the course can be viewed here.
Section 1: Tunnel
In this section participants will be guided in the deployment of a server in Iceland, atop which a powerful and fast Virtual Private Network will be setup and secured. A script will be written line by line, to be used as a tool for the automatic generation of VPN client configs which can be distributed to friends and family to secure them in their day-to-day use of the Internet.
Topics and skills covered include:
- jurisdictional and geographic consderations of a server deployment
- securely connecting to a server
- the UNIX command line
- basic permissions and privilege separation
- basics of network topologies and packet routing
- server package management
- server architecture and filesystem layout
- logging and monitoring
- disk encryption
- firewalling basics
- VPN (deployment, topologies and tuning)
- common mistakes and oversights
- UNIX shell scripting
Course prerequisites
No prior skills are needed. However, this is a technical course. It suits those with an attention to detail, good note taking skills, an enthusiasm for problem solving and technical complexity and of course a desire to help their communities.
Each student will need a laptop, ideally OS X or GNU Linux, though Windows with the Putty program can be used. Participants will also need to set aside EUR 10.99/month to cover monthly datacenter hosting costs of their VPN server, for as long as they would like to maintain it.
Please note that this is an inclusive training series, welcoming of people of all genders, orientations and heritage. Bigotry of any sort will not be tolerated.
Course cost
Tunnel has a one-time cost of EUR 550.
Please note that the reduced price for the prior Tunnel (Beta) edition was to reflect that the course material was still in refinement. This new edition has improvements and additional material that will enhance learning.
Course time plan
Tunnel is an evenly-paced 2x 6hr course, on consecutive days, not including tuition and after-class guidance, for which 2 full days are allocated. This includes after-training 1:1 calls as needed. Together, Tunnel comprises a 4 day course offering.
| Tunnel start |
May 10th |
| Live training session 1 |
May 10th, 5pm-11pm UTC |
| Live training session 2 |
May 11th, 5pm-11pm UTC |
| Tunnel close |
May 13th |
Course membership limit
This course will be limited to 15 participants, to ensure that a high quality of tuition can be given, both in and after class. A group minimum of 5 is needed for the course to commence.
Course language
This will be given in English. The instructor has basic understanding of German, French and some Spanish.
Accessibility
At this initial stage no allowances have been made for people that are deaf or blind. It is hoped that future wholly recorded (non-live) sessions will be made available with accessibility in mind.
Section 2: Fortress
Fortress builds upon the learnings in Tunnel, significantly extending participant capabilities, understanding, and tooling in the deployment, securing, monitoring and development of server infrastructure.
Here, we deploy a server from the ground up on 'bare metal', starting with partition layout and selecting a disk redundancy strategy. Atop this base we will install and secure a broadly-used GNU/Linux server operating system and prepare it to host and network powerful virtual machines, each of which will hold a free and open-source service for our community to use - as popular alternatives to 'Big Tech' platforms. These platforms include a high-reputation webmail solution, team chat, cloud and collaborative document editing, alongside a VM dedicated to hosting any number of websites.
Tuition hours will be allocated for participants to be supported in the deployment of optional additional services, including but not limited to: a forum, Mastodon instance, video-conferencing, password vault, and code repository. All can be stylised and themed to match the needs of the community.
Each virtual machine will be 'proxied' through the host to the public Internet, and will be carefully isolated (jailed) to mitigate for a variety of advanced attack vectors. All will sit behind a powerful dual-tier firewall (active and passive firewalling) that we will deploy and tune by hand. Seizure resistant, this server will also hold all its data on a strongly encrypted partition - a brick in the hands of an adversary.
Using the VPN deployed in Tunnel, the sysadmin will securely and privately connect to this server to administer it. Alongside, community members can use the VPN to connect to the services provided by the server.
Please note this is a wholly new course, and as such it is in BETA. This is reflected in a reduced price.
Topics and skills covered include:
- partitioning server storage
- hardware redundancy and failure tolerance
- advanced UNIX command line
- intrusion detection
- data integrity and verification strategies
- advanced DNS
- server resource monitoring and management
- server process management
- advanced permissions and privilege separation
- deploying and working with databases
- securing the transport layer
- high-reputation mail transport
- high-performance virtualisation
- dual stack networking (IPv4/IPv6)
- advanced firewalling
- server hardening
- log management
- advanced text file manipulation
- webserver tuning and hardening
- reverse proxies
- traffic shaping
- information and operations security for server and sysadmin: core concepts and best practices
- password and key hygiene, storage and management
- automated off-site encrypted backups
- server documentation
- common mistakes and oversights
- sysadmin self-care and time-management
- managing emergencies
- server rescue and salvage
- selecting and training your backup sysadmin
Course prerequisites
Participants should have completed Tunnel or already be at an equivalent level (Junior sysadmin).
Each participant will need a laptop, ideally OS X or GNU Linux, though Windows with the Putty program can be used. Participants will also need to set aside between EUR35-50/month (depending on size of server selected) to cover monthly datacenter hosting costs of their dedicated server, for as long as they would like to maintain it. Participants are strongly encouraged to buy and dedicate a 1TB+ external harddisk (ideally SSD) for the purposes of encrypted backups).
Please note that this is an inclusive training series, welcoming of people of all genders, orientations and heritage. Bigotry of any sort will not be tolerated.
Course membership limit
This course will be limited to maximum of 12 participants, to ensure that a high quality of tuition can be given, both in and after class. A group minimum of 5 will be required for the course to launch.
Course cost
Fortress has a one-time cost of EUR 1100.
Course time plan
Fortress is a two week guided server deployment and sysadmin training event, for graduates of the Tunnel training. Like Tunnel, Fortress employs a training strategy built around hands-on applied learning where we build, configure and secure server infrastructure from the ground up.
To ease time-zone and work/life challenges, 4x 6hr live training sessions will be spread across the two weeks, each of which are recorded such that participants that cannot make a 6hr training session can catch up in their own time ready for the next. Atop this, 1:1 tution will be provided as needed, all of which will convene together on a dedicated and self-hosted chat platform where support is provided throughout, and where notes and documentation are shared.
All dates from May 17 will be open for tuition and support, closing on May 31.
The calendar for Fortress is as follows:
| Fortress start |
May 17th |
| Lecture and live training session 1 |
May 17th, 5pm-11pm UTC |
| Live training session 2 |
May 20th, 5pm-11pm UTC |
| Live training session 3 |
May 23rd, 5pm-11pm UTC |
| Live training session 4 |
May 26th, 5pm-11pm UTC |
| Closing call |
May 28th, 5pm-7pm UTC |
| Fortress close |
May 31st |
Accessibility
At this initial stage no allowances have been made for those that are deaf or blind. It is hoped that future wholly recorded (non-live) sessions will be made available with accessibility in mind.
Instructor
Julian Oliver
Julian Oliver is a Critical Engineer, educator, infrastructure activist and electronic artist. His work and ideas have been presented at numerous universities, events and festivals worldwide, including Ars Electronica, the Vienna Biennale, the Frankfurter Kunstverein, the Japan Media Arts Festival, The Chaos Communication Congress, Tate Modern, Princeton University, and the ZKM in Karlsruhe.
Julian has received several awards, most notably the distinguished Golden Nica at Prix Ars Electronica 2011. He is the co-author of the Critical Engineering Manifesto and member of the Critical Engineering Working Group.
Julian has given numerous workshops and master classes in data forensics, creative hacking, system administration, computer networking, counter-surveillance, software art, object-oriented programming, radio, disaster-resilient communications, UNIX/Linux and more.
Julian is co-director of Nīkau, a global platform, information and operations security consultancy in service to NGOs, impact-driven organisations and grassroots movements. Thousands of activists rising in defense of people and planet worldwide use secure server infrastructure Julian has deployed, some of which are active in very hostile operating conditions.
Probable Questions
When do the courses start?
In the month of May.
Will the servers I deploy be mine?
Yes, they will be yours, under your control.
Will I have to continue paying for the servers?
Yes, you will pay the datacenter every month for the server hardware, electricity and bandwidth you rent from them.
Why are you charging for the courses?
Hundreds of hours go into preparing these courses. The time taken to teach them, coaching every participant and guide them to a successful outcome also takes much time and energy. The knowledge and skills shared have been accumulated over 25 years, and are themselves of immense value, sufficient to empower the participant with skills they can also take into well-paid employment.
I'm worried about missing a class. Will the live training be recorded?
Yes, each session will be recorded.
Will be using Zoom or something else?
We'll be using a self-hosted deployment of BigBlueButton, an education-focused video-conferencing solution.
How do I join this course?
Please join this Signal group. It is from here that registrations will be taken for Tunnel, with graduates opting to take Fortress. Optional QR code to join the group:
