Mondriaan Jazz 2019, The Hague

October 13th, 2019

Yesterday I went back to my former home town of The Hague with on my phone a ticket for, what I learned to be the third edition of, the Mondriaan Jazz Festival (or MJAZZ for friends). It’s a cozy little festival, in the large and small hall and cafe of the Paard venue, as well as the lobby and main hall of the Koorenhuis.

It was quiet. Too quiet. This had the advantage that it was easy to move about and queues for food or merch were short. But this festival deserves a larger audience, considering the great line-up of established groups and new talent. Given that it is the third edition, and I only found out this year, maybe their promotional efforts need to be dialed up a notch.

Tin Men and the Telephone

Tin Men and the Telephone

With a program like this, it’s hard to choose where to go. I started out in the Koorenhuis with Tin Men and the Telephone. This improvisation act (a piano-bass-drums trio with a twist) puts music to spoken word. For example, their track KPN takes the automated voice recording from a phone- and internet-providers’ customer service and improvises on the melody of the ladies’ voice.

In the MJAZZ set they mostly drew from their album World Domination Part One: Furie which takes political speeches by the likes of Trump, Erdogan and Farage as the basis of their rhytms and melodies.

I had listened to the album, but attending a concert certainly adds a dimension. Not only can you interact with the band on an app on your smartphone (we got to decide which world leader to improvise to, we also got to create melodies that the band would then use), there’s video as well (cut up to provide the appropriate basis for the music) of the politicians spouting their nonsense.

Very well executed, and full of irony. If you ever get the chance to go to one of their concerts, don’t pass up on it!

Art Ensemble of Chicago

Art Ensemble of Chicago on the main stage
Art Ensemble of Chicago

Next I went to the main hall of the Paard for Art Ensemble of Chicago. This ensemble has been around for a while, playing avant-garde jazz since the late sixties. However, it is only the second time they played in The Netherlands.

With two percussionists, two bass players, a cellist, a trumpet and band leader Roscoe Mitchell on the straight saxophone quite a stage full of musicians.

I expected to hear ‘traditional’ avant-garde jazz, with a large horn section blasting out a melodic tapestry, big-band style, larded with the occasional explosive solo improvisation reminiscient of John Gilmore. What I did hear was something completely different, but equally impressive.

It’s hard to define the performance in terms of genre or style. Mitchell initiated the performance with a prolonged solo on sax, using much overblowing and non-conventional sounds. Slowly but steadily, starting with the cello, more instruments joined in.

The compositions are largely devoid of melody. While this annoyed some people, including one loud and obnoxious old fart in the audience who was quite vocal of his dislike of what he heard, I could very much appreciate the meticulously executed and well-rehearsed soundscape.

Where melody lacked, rhytmic aspects took a front stage, much in the tradition of traditional African music. At times, with my eyes closed, I could imagine myself in the African jungles, surounded by the sounds of nature at night. Not that I have ever been there, but one can dream.

Only at the end did the band fall into a straight swing, as band leader Mitchell called out the musicians. The audience, all of respectable age, managed to applaud at inappropriate moments, thinking ‘Djembeh’ was the name of the artist. Yet when they left the stage, a standing ovation was their reward.

Glad I got to witness this rare opportunity to see the Art Ensemble of Chicago.

Seed Ensemble

Right after, in the main hall, the Seed Ensemble took to the stage. A large group of young musicians from the UK led by alto player and composer Cassie Kinoshi.

It took a while for this band to get going and captivate my musical attention. Maybe they were still getting used to us (it was their first international performance), maybe I had to get used to the music.

This is not a party band, the songs are about heavy subjects such as political injustices (of which the UK has had plenty lately), the struggle of minorities in a society that isn’t all that tolerant and personal challenges in being human.

Where the aforementioned Tin Men and the Telephone take a light-hearted, almost comical and caricaturist approach to such heavy subjects, the Seed Ensemble approaches the subject matter heads on, not beating around the bush.

Especially in the latter half of the concert, the solo’s became more engaging. Especially trombonist Joe Bristow manages to convince. Although, to my taste, the horns were too subdued in volume, almost second to the dominating and at times unrefined wall of bass and drum (although this seems to be a recurring theme with contemporary London-based groups).

I think this ensemble has great potential, and I am curious to see them grow in their role as a performing band. While the second half of the concert managed to grab me, the first half went by without too much spectacle. The audience thinned out as a result of that, but those that persisted got their reward in the second half.

Nick Mazzarella Trio

Nick Mazzarella Trio at the Paard Cafe
Nick Mazzarella Trio

To me, this set in the small and cozy setting of the Paard cafe, was the highlight of the evening. An unassuming trio with Nick Mazzarella on the saxophone, Anton Hatwich on bass and the genial Frank Rosaly on drums, producing an energy that leaves even the most timid person shaking their limbs uncontrollably.

Rosaly becomes one with his drum kit, using every part to create rhytmic vibrations and pulling in additional chimes, metal plates and other objects to further enhance the output. Using the instrument in many unconventional ways. Torturing, for example, a cymbal and bending it to produce sounds akin of a thin metal sheet warping. But it is never for show, all his elaborations blend in to the rolling, energetic and captivating solos.

Bass player Hatwich effortlessly adds to this non-relenting rhytm machine and shines in a solo or two himself. With a rhytm section like this alone it’s hard to go amiss.

Band leader Nick Mazzarella steps in and tops it all of with his excellent control of the saxophone. Grooving repetitions, abstract melodies, carefully played slower pieces. And with modesty to give ample room for the rhytm section to shine (and shine they do). The result is a well-oiled machine firing of perfectly executed pieces that go straight to the jazz lovers heart.

This was the first time they played together as a group in The Netherlands. I can only hope it is not the last time! I promptly picked up a copy of their latest album on vinyl, Counterbalance, which Nick was so kind to sign.

Glass Museum

And that brings us to the end of the evening (for me at least) with a quick dash across the street back to where I started the evening: the Koorenhuis. In the main hall, the duo Glass Museum consisting of Antoine Flipo on keyboards and drummer Martin Grégoire were finishing up their set.

What stuck the most was their last piece, where keyboardist Flipo initiated a bass loop on his synthesizer, to which Grégoire provided a tight four-on-the-flour backing over which Flipo played spacy electronic melodies. The intensity increased gradually to fill the hall with a undeniable groove.

This left me wanting for more, so I hope to run into this duo again sometime to enjoy a full set of this genre defying music.

So

So, that was just a small sampling of what was on offer. I didn’t even mention Yelfris Valdés in the secondary hall, whom I ended up listening to in between Art Ensemble of Chicago and Seed Ensemble while chowing down a plate of Indonesian food so typical of The Hague. Nor did I mention Emma-Jean Thackray’s Walrus, of which I only caught a glimpse because I stayed for longer than planned at Nick Mazzarella’s Trio (I just could not tear myself away from that performance). Let alone Swart, which was programmed coincidental with Art Ensemble of Chicago. I had to miss that completely (but I’m sure there will be another chance in one of the country’s jazz clubs soon).

In the lounge / lobby of Paard there was a small market where I picked up some vinyl from record store 3345. They had a modest four crates of vinyl records, and managed to convince me to drop by their store on the Noordeinde to browse more of their collection. A small stall offered band merchandise from the performing artists.

All in all I did enjoy this festival, not in the least because it wasn’t overcrowded like the bigger festivals. A nice diverse line-up, and it’s always nice to be back in The Hague. See you next year, MJAZZ!

Flattr this

Running a DNS-over-HTTPS endpoint on FreebSD (DoH)

July 10th, 2019

The buzz about DNS-over-HTTPS (DoH) has been going on for a while, but a recent controversy in the UK sparked renewed interest in this proposed standard in me.

The idea is simple: instead of sending out plain text DNS requests to your ISP (who may log them and share them with shady agencies), tunnel all DNS requests over an encrypted HTTPS connection to a trusted server. With emphasis on trusted (I’ll get back to that).

Mozilla Firefox, the browser that promotes technology that protects your online privacy, has announced that they intend to make DoH standard. However, by default Firefox will funnel all your DNS requests to CloudFlare. They claim to have a special agreement with CloudFlare, and CloudFlare will not log your queries (or well, something along those lines anyway, the exact wording may be a bit less, uhm, concise).

This may seem counter-intuitive: from having my DNS queries logged by my local ISP, which is bound by the local EU privacy regulations Firefox wants to ship all my queries to some big North American company that is not bound by our laws. Worse yet, it is bound by American law to spy on us.

So it seems DoH is a net loss. But let’s not throw out the child with the bath-water: the technology behind DoH has some merit. But it requires the DNS queries to be forwarded to a trusted DoH server, which CloudFlare clearly isn’t.

So, I decided to try and set up my own DNS-over-HTTPS server to use in Firefox on my laptops and mobile devices.

Setting the stage: tools

This is a relatively new and volatile standard. In fact, it is not yet ratified but exists as a proposed standard as RFC 8484. This means things may change before becoming a real standard. Things indeed have changed in the past, and this is apparent when trying out the available tooling. Much of it is incompatible with existing public DoH servers or DoH client implementations such as implemented in Firefox.

This makes debugging a bit hard, which can be annoying when you are trying to set up a server yourself while trying to get to grips with the technical details. You often wonder whether you are doing something wrong or whether the tool is broken.

After trying a plethora of obscure and not-quite-functional software, I ended up with Facebook’s (of all people…) set of DoH tools. It’s billed as experimental, but readily available from Python’s package index (pip). I only used 2 of the 4 command-line tools:

  • doh-httpproxy – accepts dns-over-http and forwards the queries to a regular resolver;
  • doh-client – a useful tool to perform DoH queries from the command line, useful for testing.

Overview

The diagram below shows the interaction between the various components:

Sequence diagram

Firefox, when configured to use my DoH server, will send an https request to nginx, which is configured as a reverse proxy. This is so that I don’t have to expose Facebook’s experimental code directly to the outside world. SSL termination also happens by nginx.

The request is then sent to the doh-httpproxy program over plain http (which is ok, since both are on the same host). The query is then forwarded to an existing dns resolver using the regular DNS protocol. I use the resolver of my hosting provider, but of course you could also set up your own recursive resolver and use that instead.

Installation

Disclaimer: this section contains a lot of commands – don’t blindly copy-and-paste, but make sure that you understand what each command does before executing it and that you are ok with the effects of the commands.

So let’s get started. To run my DoH server, I have set up a dedicated FreeBSD jail, so I won’t bother with a virtual env as I normally do when installing Python software on servers. I just install things system-wide inside the jail:

pkg install python36 py36-pip py36-supervisor nginx bash
pip install doh-proxy

That will install python, supervisord (we will need that later to automatically start doh-proxy at boot-time) and nginx.

Nginx

Now let’s set up nginx as a reverse proxy, with an initial self-signed certificate. Start by editing /usr/local/etc/nginx/nginx.conf, and add some lines at the end:

...
    server {
        listen       80;
        server_name  localhost;

        ...

        location /.well-known/acme-challenge {
            root /usr/local/www/acme-challenge;
        }
    }

    include vhost.conf;
 }

Now create /usr/local/etc/nginx/vhost.conf:

    # HTTPS server
    #
    server {
        listen       443 ssl http2;
        server_name  doh.example.com; # replace with your own domain
        server_tokens off;
        ssl_certificate      ssl/doh.crt;
        ssl_certificate_key  ssl/doh.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location /secret {
             proxy_pass http://127.0.0.1:3000;
        }
        location / {
             root   /usr/local/www/doh;
             index  index.html index.htm;
        }
    }

Now, let’s create some directories and generate an initial self-signed SSL certificate (will be replaced later by acme.sh):

mkdir -p /usr/local/www/acme-challenge
mkdir -p /usr/local/www/doh
mkdir -p /usr/local/etc/nginx/ssl
cd /usr/local/etc/nginx/ssl
openssl req -newkey rsa:4096 -nodes \
          -keyout doh.key -x509 -days 365 \
          -out doh.crt

Now we can start nginx:

sysrc nginx_enable="YES"
service nginx start

Letsencrypt

Time to replace the initial self-signed certificate with a letsencrypt certificate provisioned through acme.sh:

curl https://get.acme.sh | sh
bash
acme.sh --issue -d doh.example.com -w /usr/local/www/acme-challenge
acme.sh --install-cert -d doh.example.com \
        --key-file /usr/local/etc/nginx/ssl/doh.key \
        --fullchain-file /usr/local/etc/nginx/ssl/doh.crt \
        --reloadcmd "/usr/local/etc/rc.d/nginx reload"

Supervisord

And finally, create the configuration for supervisord to start doh-httpproxy in /usr/local/etc/supervisord.conf:

[unix_http_server]
file=/var/run/supervisor/supervisor.sock

[supervisord]
logfile=/var/log/supervisord.log
logfile_maxbytes=50MB
logfile_backups=10
loglevel=info
pidfile=/var/run/supervisor/supervisord.pid
nodaemon=false
minfds=1024
minprocs=200

[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///var/run/supervisor/supervisor.sock
history_file=~/.sc_history

[program:doh-httpproxy]
directory=/usr/home/doh
; replace 1.1.1.1 with your preferred upstream resolver
command=/usr/local/bin/doh-httpproxy --upstream-resolver=1.1.1.1 --port 3000 --listen-address 127.0.0.1 --uri /dns-query --trusted
stdout_logfile=/var/log/doh-httpproxy.log
redirect_stderr=true
startsecs=10
stopsignal=QUIT
autostart=true
autorestart=true
user=doh

Note that the –uri argument to doh-httpproxy is redundant, since the default is already /dns-query. I included it to show how you can change the uri if you desire so (see Conclusions below for why that might be a good idea).

Create the doh user and start supervisord:

echo "doh::::::::/bin/csh:" | adduser -f - -w no
sysrc supervisord_enable="YES"
service supervisord start

Command-line DoH queries

And that should have you up and running! To see whether it works, you can run doh-client. For example:

doh-client --domain ns1.sonologic.net --uri /dns-query --qname example.com --qtype a

This should show you the IPv4 address(es) of example.com. If things are failing, you can check some of the log files for trouble:

tail -f /var/log/nginx/error.log
tail -f /var/log/nginx/access.log
supervisorctl tail -f doh-httpproxy

Configuring Firefox

Of course, for this to be actually useful, you need to configure Firefox to use your fresh DoH server. This is described in an article on zdnet. In summary:

  • click the hamburger menu (the three lines in the top-right of the Firefox browser);
  • Choose ‘Preferences’;
  • Type ‘doh’ in the ‘Find in preferences’ searchbox, hit enter;
  • This will show you ‘Network settings’, click the ‘Settings’ button;
  • Scroll down in the dialog, and check ‘Enable DNS over HTTPS’;
  • Check the ‘Custom’ sub-option, and enter your DoH server uri (ie. https://doh.example.com/dns-query).

That’s it. For advanced usage (or on Firefox on Android), you can type ‘about:config’ in your address bar, then search for ‘trr’.

You can configure your DoH uri as ‘network.trr.custom_uri’ and ‘network.trr.uri’ (I guess only custom_uri should be enough, but better safe than sorry and change them both).

Especially take note of ‘network.trr.mode’, this should be a number between 0 and 5 (inclusive), meaning:

  • 0, DoH disabled
  • 1, DoH enabled, but if regular dns queries are faster don’t use DoH
  • 2, DoH enabled, use regular dns queries as a backup if the DoH server is broken
  • 3, DoH enabled, regular dns disabled
  • 5, DoH disabled

So for maximum security, use setting 3. This prevents any regular DNS queries from going out (and will show you an error when the DoH server is down).

This presents an apparent problem though: in order to do DoH, Firefox will need to resolve the domain name of your DoH server. With DNS disabled, this is not possible. To help you out, you can manually enter the IP address of the DoH server in option ‘network.trr.bootstrapAddress’.

Conclusion

Setting up a DoH server is relatively easy, and it does give one that warm fuzzy feeling knowing that your DNS queries are now encrypted and handled by a server under my control instead of whatever infrastructure I happen to be using on the road.

It seems DoH is just a tad bit slower than using my home ISP’s DNS servers, even though DoH is motivated by the claim that DNS servers are often slow. Maybe that is the case in North America, where internet speeds have historically been abysmal overall compared to Europe, but I haven’t found this to be the case in places where I regularly use the internet. I haven’t done any precise measurements though, so consider this to be anecdotal evidence at best.

What’s lacking though, in my humble opinion, is some form of authentication. My DoH server is exposed to the world. Sure, you will need to know the host to be able to use it, but /dns-query seems to be the default for most public DoH servers so it is easy for anyone to scan the internet for open DoH servers. I have chosen a different url path instead of the default /dns-query. It is a bit in the ‘security by obscurity’ league, but at least it prevents any random person from (ab)using my DoH server without having to guess the url path.

Finally, I still am not convinced DoH has a net positive outcome. Not many people will run their own DoH server, so CloudFlare will be able to analyze the DNS traffic of 99.9999% of the Firefox users. This is, in terms of online privacy, quite a step back.

Flattr this

Roeland Celis Quintet

June 18th, 2019

Somewhat by accident I ended up at the last day of the 44th edition of JAZZBOZ, and boy am I glad I did. After digging through some crates at the vinyl market, it was time to head into the ‘Markiezenhof’, dubbed the ‘city palace’ of Bergen op Zoom, for live jazz. The Roeland Celis Quintet, a group of five young but impressive musicians led by guitarist Roeland Celis, gave an impressive performance.

Roeland Celis Quintet in the ‘Hofzaal’ in Bergen op Zoom at the 44th edition of JAZZBOZ

The music spans a large range. At points the quintet comes together to provide an impressive yet rhytmic wall of sound, thrust forward by drummer Gert-Jan Dreessen’s rolling rhytms and firmly underlined by Celis’ dark metal-inspired grooves. At other points, the band quiets down to play vulnerable, sensitive pieces that shows their mastery of their instruments.

Karel Cuelenaere is a gifted pianist, it’s a joy to see him playing. At points though the sound of the piano was overwhelmed by the other instruments, despite a PA set up to amplify Cuelenaere’s playing. Sadly, no audio technician was anywhere near. I think a big oversight of the organisation, this group and its audience deserves better.

What struck me was the rich emotional content of the material. The raw dark sound of Celis’ guitar emphasized by Sylvain Debaisieux’ wild sax, the melodic interplay between Cuelenaere’s piano and Cyrille Obermüller’s bass.

Despite the lack of an audio technician, this was an impressive and intimate concert. I do hope they will record and release a lot of music in the near future. But more than that, I’ll be keeping an eye out for future performances!

In the mean time, there are four tracks available for free listening on soundcloud, as well as at least two videos (here and here) on youtube that are definitely worth listening to.

The Roeland Celis quintet are:

  • Roeland Celis – Guitar & Composition
  • Sylvain Debaisieux – Saxophone
  • Karel Cuelenaere – Piano
  • Cyrille Obermüller – Double Bass
  • Gert-Jan Dreessen – Drums

Flattr this

The sound of joy is enlightenment

May 19th, 2019

It is sad to realize that I could have seen Sun Ra himself playing with his Arkestra but have not, as for a brief moment we both roamed this planet at the same time. At the age of 15 in the nineties, however, I had not yet discovered jazz and was not aware of this already legendary ensemble. Sun Ra himself passed away in the early nineties. However, his Arkestra is still touring and yesterday I had the opportunity to witness their concert in Sexyland in Amsterdam.

I remember the first time I consciously heard a Sun Ra record. It must be around 15 years ago, an internet radio station (I think it was soma.fm, but it might have been intergalactic.fm) played the out-of-this earth 21 minutes long Atlantis. It transformed me, it lifted me up out of the regular plane of existence. I knew then, this was something special.

It’s rare to come across a musician that has this ability. It has happened on just a few occasions since then, the most recent at the Vijay Iyer sextet’s performance at North Sea Jazz 2018.

But that’s for another post, back to Sun Ra. Hearing Atlantis triggered an obsessive exploration of the immense discography Sun Ra left us. And with each record that showed yet another side of this enormously diverse keyboard player, I wished I could have seen this brilliant group of musicians live.

While that is not possible, Sun Ra and many of his band members have passed away by now, the contemporary Sun Ra Arkestra led by Marshall Allen (himself a brilliant saxophonist and multi-instrumentalist) and consisting of a number of original musicians who played with Sun Ra as well as more recent joiners offers a glimpse of the legend.

Upon arriving at the venue, the unassuming wooden structure on the NDSM wharf in Amsterdam north was appropriately covered in shiny gold-coloured foil to make it look like a spaceship. Part of the band was outside (it was a warm spring evening). Upon realizing it was ten past nine they quickly entered the building to don their similarly glittery garments. I followed them inside.

I wasn’t really sure what to expect. Here was a legendary band that has been active since the forties of the previous century (that’s more than 70 years mind you), touring today to celebrate their band leader Allens’ 95th birthday (this May the 25th). Would there be anything left from the bombastic explosion of alien sound that marked their concerts of the fifties and sixties?

Now, of course, this is not the 30-piece band it was. And yes, there were the occasional mistakes. But the spirit of Sun Ra was unmistakably there. Right from the get go they set into a hypnotic groove, taking me out of my surroundings and into their musical narrative.

Brilliant solo’s, from the almost 95-year old Marshall Allen for example, who demonstrated amazing control over his instrument.

Halfway the performance, vocalist Tara Middleton together with the rest of the band set in the chant “space is the place”, with part of the band leaving the stage and parading through the audience. A gimmick? Perhaps. Does it matter? No. I was transported, powered by their music, to regions of outer space.

I would not have wanted to miss this gig. I truly enjoyed the original compositions by Sun Ra as well as the compositions by Allen. It is amazing that Sun Ra’s legacy continuous in this day and age. And judging by the audience, his music still mesmerizes today. I expected an older audience yet the average age was probably around 20 or 25 and many were dancing to the groove.

I decided to go for a reprise tonight at Tivoli Vredenburg in Utrecht. It’s music like this that makes me feel alive, that inspires me, that makes me think about my existence and why I am on this planet. It is the sound of joy, and it brings enlightenment.

Flattr this

On hackerspaces, Fox-IT and OHM2013

March 30th, 2013

A recent blogpost by PUSCII lamented the lack of moral fiber in Dutch hackerspaces. While well written, I do think their statements are not fair to all the people currently spending their free time to make the Dutch hackerspace community a vibrant and thriving part of society at large. The resulting mass-hysteria on twitter among German hackers gave me an uncomfortable feeling. My thoughts were torn between ‘if intolerance is leading, fuck the hackerscene’ and ‘there are some very good points being raised here’.

Disclaimer

This blogpost attempts to capture some of my more prevalent thoughts. Note that this blogpost reflects my own personal opinions and obversations, and not those of the OHM2013 organisation as a whole, Fox-IT, any of the hackerspaces I mention in this post nor any other organisation, collective, club or assembly I am part of.

Hackerspaces

There is a theme in PUSCII’s blogpost that reverberates with my own thoughts. Hackerspaces come in many forms. I have visited maybe a hundred of hackerspaces in the past years in a handful of countries, and all are different. In fact, the definition of what constitutes a hackerspace is one that leads to a lot of email threads on the hackerspaces list, many blogposts with varied opinions on the subject, extensive IRC chats. No agreement has been reached.

Within The Netherlands, hackerspaces are a relatively new phenomena. Whereas ASCII and PUSCII may be seen as the earliest hackerspaces in our country, they have always had a more revolutionary perspective on the world. Much like many of the German hackerspaces, they are instruments of the revolution. Many hackerspaces in Germany, really CCC club houses, see it as their mission to provide the infrastructure to help in the greater cause. They have, for example, set up media labs to edit videos that educate the public. They organise ideological discussion meetings.

The current hackerspace movement in The Netherlands is a young one. Sparked by HAR2009, regional groups started to form new initiatives. Initially, these Dutch hackerspaces (when looking at the surface) were mostly places ‘playing with LEDs’. Yet, among those who set up and visit those hackerspaces are many who have the vision that hackerspaces (and in fact, hacker-community) are more than just playgrounds for technophiles.

When I started Revelation Space in The Hague, I had a vision of a hackerspace that would be more like the German CCC club houses. Places where people with a critical view of the world and an inquisitive take on developments surrounding technology, the state and the people gather to engage in (hack)tivism and generally make the world a better place. My ambitions were high, and initially Revelation Space was more of a place where people would just play with LED’s.

Recently though, as the space has matured, I see that activities such as I had envisioned originally, are becoming a part of the daily praxis at Revelation Space. For example, a number of members decided to set up a hotline for hackers, to anonymously report security incidents. They fill in a gap, in a bottom-up way, where our government is failing. The law still puts well-meaning and ethical hackers in a tough spot that discourages reporting issues with security of systems containing privacy sensitive information.

Not only are individual hackerspaces constantly evolving, the hackerspace movement as a whole is changing. More and more hackerspaces open their doors in The Netherlands. Among them are also those of a more reactionary nature, where the focus inherently is more on activism than on tinkering (but never exclusively either one of them). As the hackerspace culture in The Netherlands matures, we will likely see a better balance between pure techno-love and tinkering on the one hand and hard-core hacktivism on the other hand.

OHM2013

I feel sorry that there are people who have expressed they will no longer help out at OHM2013 or no longer visit OHM2013 because of a single sponsor. I don’t feel sorry for OHM2013: it will happen with or without them. And it will be awesome. There will be blinking leds, but there will also be many interesting people. Activists, idealists, pragmatists, all on one field. The sheer potential of useful encounters and discussions that move our thoughts beyond what we can get from experience in isolation alone is awe-inspiring.

Contrary to the German CCC, The Netherlands does not have a structure that allows hackers to organise and meet on a regular basis. The hackerspaces have a role in this, but by nature can not attract the thousands that flock together to the four-yearly hacker camps. And that underlines the importance of the events in the series of OHM2013. They have an important role within the Dutch hacker community.

And of course, there are always people who disagree with the choices made by the group of volunteers putting these conferences together. In 2005, a group of revolutionaries was of the opinion that a community event must be free for all, not something one would have to pay for. Sidestepping the morbid reality of having to pay for equipment to set up an in-promptu network for 3000 hackers, having to pay for tents to house 3000 hackers and those who speak to them, having to pay for showers and toilets to keep 3000 hackers from drowning in their own shit and puke, they set up ‘squat the hack’ and decided that contrary to all the other visitors they did not have to pay for that edition of the camp.

Even in 1989, the Galactic Hacker Party was accused by some more extermist squatters in Amsterdam of being a platform for ‘those evil corporate computer people with their capitalistic computer machines’ (mind you, computers were still something of an oddity back then).

In 2009, some people accused the HAR2009 organisation of being corporate sell-outs who only were in it for the money. Despite the fact that I personally, as one of the driving forces behind that edition, nearly went bankrupt because I chose to work on HAR2009 instead of doing paid work.

And now we have a group of people condemning the entire event based on rumours about a single sponsor. So be it. One cannot please everyone at the same time, yet having this conference is paramount to the further maturing of the Dutch hackerscene. Not only that, it gives the newer generations of hackers a chance to meet the older generations. And to meet the many passionate individuals who fight for their causes and ideals.

So, all in all, if you do decide not to come to OHM2013 because your leaders tell you it is considered bad form to do so, then that is your loss. You will miss out on a unique opportunity to educate others on your ideals and to be exposed to radical new ideas that may broaden your mind.

Fox-IT

About a year ago I was contacted by Walter from Fox-IT. He saw my skills and my ideals and thought they would make a good match with those of Fox-IT. At first I was skeptical, but after the first few talks my opinion turned around.

Some now believe I have become a slave of the dark side. That is ok, for I know it is not the case. Working on ‘the inside’, I can see that among those people making up Fox-IT are also the same idealists that I am. There has always been a lot of debate about, for example, Replay (the so-called ‘wire-tapping’ software which is basically a pimped sort of wireshark without the capturing abilities). Not because of the software, but of the possible business decisions made at the time.

I would invite all the critics, those who click ‘retweet’ on tweets full of allegations, to come to OHM2013 and meet Fox-IT. Talk to the people who work there. You will find out they are not all that different from yourself.

As an example, recently someone brought up the subject of a ‘police trojan’ on the internal nerds mailing list. He had heard something about it, and thought Fox-IT could develop such a tool to aid in catching cyber-criminals. It made me feel warm and fuzzy inside to see the outspoken ‘NO we can not develop such software’ present in all the replies to that thread. My colleagues, like me, are intrinsically against such practices for all the same reasons that the criticasters are.

Heck, talking to Ronald Prins (CEO of the company, and for some the personification of evil on this world) you might even find out his opinions are much more balanced than the impression you might get when you let the media filter his statements for you. Note that I do not feel inclined to defend his opinions here or anywhere, as I myself sometimes vehemently disagree.

I have seen that the consciousness of Fox-IT is a very active and vocal one, and is formed by the moral fiber (to use an overloaded term) of those who work there. Even before the fefe-isation of this discussion, my colleagues expressed doubts and worries about Replay (sold in 2011 and no longer a product of Fox-IT). When the German community went into a dogmatic stance against OHM2013 because of the sponsorship, the discussion within Fox-IT naturally increased as well. I have spent many hours the last few days at my desk, in the hallways and the canteen. I am impressed by the insightful and intelligent remarks and questions.

Yes, Fox-IT develops tools that help the police catch bad guys. If you are radically against any form of authority, that might rub against your fur. I am not a big fan of the police and their more violent nature myself, having spent a fair amount inside police cells. I have walked in demonstrations where the police clubbed down demonstrators without provocation. But I have also been glad the police was around when a pretty fucked-up individual was about to attack me. Those two police officers might very well have prevented that I ended up bleeding to death on platform 12 of Amsterdam Central station.

So there are two sides to every story. And while some of you may think Fox-IT is engaged in activities that don’t jive with your morality, I believe (from observation and discussion) that this is not the case. Ronald Prins has a vocal opinion, but in expressing it he may not always act in accordance with the larger group of people that make up Fox-IT. Personally, when I disagree with his statements I will tell him (and in fact, he consults me and many others within Fox-IT on a regular basis). I do not see Fox-IT engage in activities that I am vehemently opposing: “state-sponsored malware”, making products to listen in on phone calls or internet traffic, prosecute hackers who are on the good side or otherwise participate in far-reaching violations of basic civil rights. If I would see such activities, I would have terminated my employment without further thought.

Conclusion

I am not one to make decisions based on popular opinion. That makes me a loner. I choose to work for Fox-IT, a company perceived by many of my peers to be at the wrong side of the sharp line dividing good and evil. It has led to intolerant and outward hostile reactions from some of them. Still, I am at peace with that decision. Even though people may not understand, I am where I need to be: in peace with myself, my decisions and my ideals. I wish everyone the same.

Flattr this