About This Course
Tunnel and Fortress is a live, coached and intensive training series empowering participants to become capable, creative, confident and diligent system administrators in the deployment and maintenance of secured, community-facing, self-hosted and sovereign server infrastructure.
The training is in two sections, Tunnel and Fortress. The completion of each results in a fully functional server on the public Internet under the full control of the participant, ready to be used in service to their community.
Alternatives to a 'BigTech' stack are deployed, including high reputation webmail, high performance collaborative document editing and a powerful cloud service - all capable of hosting hundreds of accounts. Alongside, a fast and tightly secured Virtual Private Network is deployed, for which hundreds of configs can be generated and given to friends, family and colleagues to secure their Internet traffic and enforcing privacy along the route.
At the close of the training, students will be able to deploy powerful and sophisticated servers, employing best-practice, battle-tested information and operational security strategies and techniques. Alongside, they will learn skills, tips and tricks coveted by senior sysadmins at the highest level of their craft.
Skills learned are as applicable to 'on-premises' self-hosting deployment contexts as they are on rack servers at datacenters. As such the training equally serves as a collection of valuable life skills ready to be taken into employment.
Please note that to join this course you must first join a Signal group. See the bottom of this page for details.
What students say
These two trainings are worth every second or cent. I'm doing a lot of the covered topics for years now but this moved some of the parts to a complete new level and opened up some new perspectives on things. A clear recommendation. My work and the projects at Collective Zero will benefit from this.
- Thomas Hutmacher (Collective Zero)
I recently went through the Tunnel and Fortress training and it's been a game changer for my sysadmin skills.
I had a bit of experience setting up servers and messing around long enough until they "worked". Once there though I feared touching anything for fear of breaking it, and did break many things. The Fortress architecture is not only best in class for security it is also modular so I now have room to experiment and even fail in ways that I understand or at least contain.
I am now considering offering digital services to other people which was out of the question before. Would really recommend this training if you want to do sysadmin right. Julian is a great teacher, super generous with his time and knowledge ⭐⭐⭐⭐⭐
- David Benque (Project Leader, Cryptpad)
We learned to do some genuinely cool stuff with Julian as our guide through the many important but subtle details. If, like me, you ever stared at a mountain of self-hosting guides on the internet and didn’t know where to start or what advice was worth trusting, this course is for you.
- Josh Daymude
Video introduction
A video introducing the course can be viewed here.
Section 1: Tunnel
In this section participants will be guided in the deployment of a server in Iceland, atop which a powerful and fast Virtual Private Network will be setup and secured. A script will be written, to be used as a tool for the automatic generation of VPN client configs which can be distributed to friends and family as easy to use QR codes, to secure them in their day-to-day use of the Internet.
Topics and skills covered include:
- jurisdictional and geographic consderations of a server deployment
- securely connecting to a server
- the UNIX command line
- basic permissions and privilege separation
- basics of network topologies and packet routing
- server package management
- server architecture and filesystem layout
- logging and monitoring
- disk encryption
- firewalling basics
- VPN (deployment, topologies and tuning)
- common mistakes and oversights
- UNIX shell scripting
Course prerequisites
No prior skills are needed. However, this is a technical course. It suits those with an attention to detail, good note taking skills and an enthusiasm for problem solving.
Each student will need a laptop, ideally GNU/Linux or OS X, though Windows with the Putty program can be used. Participants will also need to set aside EUR 10.99/month to cover monthly datacenter hosting costs of their VPN server, for as long as they would like to maintain it.
Please note that this is an inclusive training series, welcoming of people of all genders, orientations and heritage. Bigotry of any sort will not be tolerated.
Course cost
Tunnel has a one-time cost of EUR 500.
Please note that the reduced price for the prior Tunnel (Beta) edition was to reflect that the course material was still in refinement. This new edition has improvements and additional material that will enhance learning.
Course time plan
Tunnel is an evenly-paced 4x 4hr course, on consecutive days, not including tuition and after-class guidance, for which 2 full days are allocated. This includes after-training 1:1 calls as needed. Together, Tunnel comprises a 6 day course offering.
| Tunnel start |
Sept 27 |
| Live training session 1 |
Sept 27, 5pm-9pm UTC |
| Live training session 2 |
Sept 29, 5pm-9pm UTC |
| Live training session 3 |
Oct 1, 5pm-9pm UTC |
| Live training session 4 |
Oct 3, 5pm-9pm UTC |
| Tuition |
Oct 4 (as arranged) |
| Tuition |
Oct 5 (as arranged) |
| Tunnel close |
Oct 5 |
Each session is recorded and published within 5hrs of completion. This allows for those that missed a session to catchup on the gap-day following, with 1:1 tuition as needed.
Course membership limit
This course will be limited to 15 participants, to ensure that a high quality of tuition can be given, both in and after class. A group minimum of 5 is needed for the course to commence.
Course language
This will be given in English. The instructor has basic understanding of German, French and some Spanish.
Accessibility
At this initial stage no allowances have been made for people that are deaf or blind. It is hoped that future wholly recorded (non-live) sessions will be made available with accessibility in mind.
Section 2: Fortress
Fortress builds upon the learnings in Tunnel, significantly extending participant capabilities, understanding, and tooling in the deployment, securing, monitoring and development of server infrastructure.
Here, we deploy a server from the ground up on 'bare metal', starting with partition layout and selecting a disk redundancy strategy. Atop this base we will install and secure a broadly-used GNU/Linux server operating system. We will then deploy a hypervisor and a local network to host and network powerful virtual machines running at near-native speeds, each of which will hold a free and open-source service for our community to use. These alternatives to 'Big Tech' platforms will include a high-reputation webmail solution, a cloud service and collaborative document editing.
Each virtual machine will be 'proxied' through the host to the public Internet, and will be carefully isolated (jailed) to mitigate for a variety of advanced attack vectors. All will sit behind a powerful dual-tier firewall that we will deploy and tune by hand. Seizure resistant, this server will also hold all its data on a strongly encrypted partition - a brick in the hands of an adversary.
Using the VPN deployed in Tunnel, the sysadmin will securely and privately connect to this server to administer it. Alongside, community members can use the VPN to connect to the services provided by the server.
Following the live training, 2 full weeks of tuition hours will be allocated for participants to be supported in the deployment of optional additional services, including but not limited to: a forum, websites, blogs, a Mastodon instance, password vault, and code repository. All can be stylised and themed to match the needs of the community.
Topics and skills covered include:
- partitioning server storage
- storage redundancy and failure tolerance
- advanced UNIX command line
- intrusion prevention and detection
- data integrity and verification
- advanced DNS
- server resource monitoring and management
- server process management
- advanced permissions and privilege separation
- deploying and working with databases
- securing the transport layer
- high-reputation mail transport
- high-performance virtualisation atop a hypervisor
- dual stack networking (IPv4/IPv6)
- advanced firewalling
- service isolation
- server hardening
- log management
- advanced text file manipulation
- webserver tuning and hardening
- reverse proxies
- traffic shaping
- information and operations security for server and sysadmin: core concepts and best practices
- password and key hygiene, storage and management
- automated off-site encrypted backups
- server documentation
- common mistakes and oversights
- sysadmin self-care and time-management
- managing emergencies
- server rescue and salvage
- selecting and training your backup sysadmin
Course prerequisites
Participants should have completed Tunnel or already be at an equivalent level (Junior sysadmin).
Each participant will need a laptop, ideally GNU/Linux or OS X, though Windows with the Putty program can be used. Participants will also need to set aside between EUR35-50/month (depending on size of server selected) to cover monthly datacenter hosting costs of their dedicated server, for as long as they would like to maintain it. Participants are strongly encouraged to buy and dedicate a 1TB+ external harddisk (ideally SSD) for the purposes of encrypted backups).
Please note that this is an inclusive training series, welcoming of people of all genders, orientations and heritage. Bigotry of any sort will not be tolerated.
Course membership limit
This course will be limited to maximum of 12 participants, to ensure that a high quality of tuition can be given, both in and after class. A group minimum of 5 will be required for the course to launch.
Course cost
Fortress has a one-time cost of EUR 1200.
Course time plan
Fortress is a three week guided server deployment and sysadmin training event, for graduates of the Tunnel training. Like Tunnel, Fortress employs a training strategy built around hands-on applied learning where we build, configure and secure server infrastructure from the ground up.
To ease time-zone and work/life challenges, 7x 4hr live training sessions will be spread across the three weeks, each of which are recorded such that participants that cannot make a 4hr training session can catch up in their own time ready for the next. Atop this, 1:1 tution will be provided as needed, all of which will convene together on a dedicated and self-hosted chat platform where support is provided throughout, and where notes and documentation are shared.
The calendar for Fortress is to be confirmed. It will take place in October and into November.
Accessibility
At this initial stage no allowances have been made for those that are deaf or blind. It is hoped that future wholly recorded (non-live) sessions will be made available with accessibility in mind.
Instructor
Julian Oliver
Julian Oliver is a Critical Engineer, educator, infrastructure activist and electronic artist with over 2 decades of experience in server administration. Thousands of activists rising in defense of people and planet worldwide use secure server infrastructure Julian has deployed, some of which are active in very hostile operating conditions. He has given numerous workshops and master classes in data forensics, creative hacking, system administration, computer networking, counter-surveillance, software art, object-oriented programming, radio, disaster-resilient communications, UNIX/Linux and more.
Julian is co-director of Nīkau, a global platform, information and operations security consultancy in service to NGOs, impact-driven organisations and grassroots movements. His work and ideas have been presented at numerous universities, events and festivals worldwide, including Ars Electronica, the Vienna Biennale, the Frankfurter Kunstverein, the Japan Media Arts Festival, The Chaos Communication Congress, Tate Modern, Princeton University, and the ZKM in Karlsruhe.
Julian has also received several awards, most notably the distinguished Golden Nica at Prix Ars Electronica 2011. He is the co-author of the Critical Engineering Manifesto and member of the Critical Engineering Working Group.
Probable Questions
When do the courses start?
In the month of September.
Will the servers I deploy be mine?
Yes, they will be yours, under your control.
Will I have to continue paying for the servers?
Yes, you will pay the datacenter every month for the server hardware, electricity and bandwidth you rent from them.
Why are you charging for the courses?
Hundreds of hours go into preparing these courses. The time taken to teach them, coaching every participant and guide them to a successful outcome also takes much time and energy. The knowledge and skills shared have been accumulated over 25 years, and are themselves of immense value, sufficient to empower the participant with skills they can also take into well-paid employment.
I'm worried about missing a class. Will the live training be recorded?
Yes, each session will be recorded.
Will be using Zoom or something else?
We'll be using a self-hosted deployment of BigBlueButton, an education-focused video-conferencing solution.
How do I join this course?
Please join this Signal group. It is from here that registrations will be taken for Tunnel, with graduates opting to take Fortress. Optional QR code to join the group:
