mirror of
https://github.com/MatomoCamp/recording-subtitles.git
synced 2024-09-19 16:03:52 +02:00
Merge pull request #1 from valerio-bozzolan/boz
2022 Security Hardening: improve subtitles
This commit is contained in:
commit
d1b05a5440
1 changed files with 109 additions and 114 deletions
|
@ -32,7 +32,7 @@ And some I'm here from the Italian Linux Society that is an association in Italy
|
||||||
|
|
||||||
9
|
9
|
||||||
00:00:47,840 --> 00:00:52,080
|
00:00:47,840 --> 00:00:52,080
|
||||||
association talking about free software and open-source software.
|
association talking about free software and Open Source software.
|
||||||
|
|
||||||
10
|
10
|
||||||
00:00:52,080 --> 00:00:59,520
|
00:00:52,080 --> 00:00:59,520
|
||||||
|
@ -48,7 +48,7 @@ And I will talk later on the reasons.
|
||||||
|
|
||||||
13
|
13
|
||||||
00:01:05,320 --> 00:01:12,120
|
00:01:05,320 --> 00:01:12,120
|
||||||
And I'm also an ET consultant for Wikimedia Switzerland and a volunteer sysadmin for the
|
And I'm also an IT consultant for Wikimedia Switzerland and a volunteer sysadmin for the
|
||||||
|
|
||||||
14
|
14
|
||||||
00:01:12,120 --> 00:01:15,280
|
00:01:12,120 --> 00:01:15,280
|
||||||
|
@ -68,7 +68,7 @@ I'm just a volunteer spreading Matomo everywhere because I like this tool, I lik
|
||||||
|
|
||||||
18
|
18
|
||||||
00:01:34,960 --> 00:01:43,680
|
00:01:34,960 --> 00:01:43,680
|
||||||
it fixes, and I like the ownership, and I like its free software and open-source software.
|
it fixes, and I like the ownership, and I like its Free software and Open Source software.
|
||||||
|
|
||||||
19
|
19
|
||||||
00:01:43,680 --> 00:01:52,080
|
00:01:43,680 --> 00:01:52,080
|
||||||
|
@ -80,7 +80,7 @@ said this interesting news that Google Analytics is now banned in the whole nati
|
||||||
|
|
||||||
21
|
21
|
||||||
00:01:59,040 --> 00:02:06,080
|
00:01:59,040 --> 00:02:06,080
|
||||||
And this is really interesting because it really means what they say that it's not something
|
And this is really interesting because it really means what they said, that it's not something
|
||||||
|
|
||||||
22
|
22
|
||||||
00:02:06,080 --> 00:02:09,560
|
00:02:06,080 --> 00:02:09,560
|
||||||
|
@ -92,7 +92,7 @@ It's like public administrations, like schools, or et cetera, it's about also pr
|
||||||
|
|
||||||
24
|
24
|
||||||
00:02:19,360 --> 00:02:28,400
|
00:02:19,360 --> 00:02:28,400
|
||||||
And in fact, the whole story was about that even the EP address is considered an personal
|
And in fact, the whole story was about that even the IP address is considered an personal
|
||||||
|
|
||||||
25
|
25
|
||||||
00:02:28,400 --> 00:02:29,400
|
00:02:28,400 --> 00:02:29,400
|
||||||
|
@ -104,11 +104,11 @@ And so if you have a website with Google Analytics and the user visits the websi
|
||||||
|
|
||||||
27
|
27
|
||||||
00:02:36,000 --> 00:02:42,680
|
00:02:36,000 --> 00:02:42,680
|
||||||
the EP of your visitors to Google Analytics because you have embedded this tool, it's
|
the IP of your visitors to Google Analytics because you have embedded this tool, it's
|
||||||
|
|
||||||
28
|
28
|
||||||
00:02:42,680 --> 00:02:50,680
|
00:02:42,680 --> 00:02:50,680
|
||||||
not a very good idea because Google is capable of enriching this data and connect the EP
|
not a very good idea because Google is capable of enriching this data and connect the IP
|
||||||
|
|
||||||
29
|
29
|
||||||
00:02:50,680 --> 00:02:54,280
|
00:02:50,680 --> 00:02:54,280
|
||||||
|
@ -152,7 +152,7 @@ This is just to talk about something I have seen with my eyes in the last months
|
||||||
|
|
||||||
39
|
39
|
||||||
00:03:45,720 --> 00:03:51,360
|
00:03:45,720 --> 00:03:51,360
|
||||||
Yeah, good job, Google Analytics.
|
Yeah, good job, Google Analytics (*ironic*)
|
||||||
|
|
||||||
40
|
40
|
||||||
00:03:51,360 --> 00:03:56,760
|
00:03:51,360 --> 00:03:56,760
|
||||||
|
@ -160,7 +160,7 @@ And so let's talk about security.
|
||||||
|
|
||||||
41
|
41
|
||||||
00:03:56,760 --> 00:04:07,180
|
00:03:56,760 --> 00:04:07,180
|
||||||
There are two ways, one moment, in this period, everyone in Italy is avoiding to embed anything.
|
There are two ways... OK one moment... in this period, everyone in Italy is avoiding to embed anything.
|
||||||
|
|
||||||
42
|
42
|
||||||
00:04:07,180 --> 00:04:13,040
|
00:04:07,180 --> 00:04:13,040
|
||||||
|
@ -176,7 +176,7 @@ I don't know if you know the LibreJS project, but it's something that says that
|
||||||
|
|
||||||
45
|
45
|
||||||
00:04:22,720 --> 00:04:28,160
|
00:04:22,720 --> 00:04:28,160
|
||||||
JavaScript alliance on your website should be open and Libre software.
|
JavaScript line on your website should be open and Libre software.
|
||||||
|
|
||||||
46
|
46
|
||||||
00:04:28,160 --> 00:04:36,120
|
00:04:28,160 --> 00:04:36,120
|
||||||
|
@ -196,15 +196,15 @@ We deploy Matomo on our servers.
|
||||||
|
|
||||||
50
|
50
|
||||||
00:04:52,240 --> 00:04:55,360
|
00:04:52,240 --> 00:04:55,360
|
||||||
We deploy Matomo on our Raspberry PIs.
|
We deploy Matomo on our Raspberry PI(s).
|
||||||
|
|
||||||
51
|
51
|
||||||
00:04:55,360 --> 00:05:04,240
|
00:04:55,360 --> 00:05:04,240
|
||||||
We deploy Matomo using Docker, using cheap hosting services, using, I don't know, we
|
We deploy Matomo using Docker, using cheap hosting services, using, I don't know,
|
||||||
|
|
||||||
52
|
52
|
||||||
00:05:04,240 --> 00:05:06,960
|
00:05:04,240 --> 00:05:06,960
|
||||||
host Matomo in a lot of ways.
|
we host Matomo in a lot of ways.
|
||||||
|
|
||||||
53
|
53
|
||||||
00:05:06,960 --> 00:05:12,760
|
00:05:06,960 --> 00:05:12,760
|
||||||
|
@ -212,19 +212,19 @@ And it's very hard for some people, also for beginners, but also for intermediat
|
||||||
|
|
||||||
54
|
54
|
||||||
00:05:12,760 --> 00:05:19,580
|
00:05:12,760 --> 00:05:19,580
|
||||||
to understand that there are only two ways to make a system safe.
|
to understand that there are mainly two ways to make a system safe.
|
||||||
|
|
||||||
55
|
55
|
||||||
00:05:19,580 --> 00:05:26,440
|
00:05:19,580 --> 00:05:26,440
|
||||||
And the first way is the Kirchhoff principle that is really, really, really OK for open
|
And the first way is the Kirchhoff principle that is really, really, really OK for
|
||||||
|
|
||||||
56
|
56
|
||||||
00:05:26,440 --> 00:05:33,320
|
00:05:26,440 --> 00:05:33,320
|
||||||
source software because if you have an open source software, you have to think about it.
|
open source software because, if you have an open source software, you have to think about it,
|
||||||
|
|
||||||
57
|
57
|
||||||
00:05:33,320 --> 00:05:40,680
|
00:05:33,320 --> 00:05:40,680
|
||||||
Everyone in the world knows how your system is designed and you have to keep your password
|
because everyone in the world knows how your system is designed and you have to keep your password
|
||||||
|
|
||||||
58
|
58
|
||||||
00:05:40,680 --> 00:05:47,280
|
00:05:40,680 --> 00:05:47,280
|
||||||
|
@ -256,7 +256,7 @@ a lot of mitigation to reduce the attack surface.
|
||||||
|
|
||||||
65
|
65
|
||||||
00:06:25,760 --> 00:06:31,280
|
00:06:25,760 --> 00:06:31,280
|
||||||
Because when you have a big environment like a media wiki, like a WordPress, like a Matomo,
|
Because when you have a big environment like a MediaWiki, like a WordPress, like a Matomo,
|
||||||
|
|
||||||
66
|
66
|
||||||
00:06:31,280 --> 00:06:37,120
|
00:06:31,280 --> 00:06:37,120
|
||||||
|
@ -268,7 +268,7 @@ And I'm not saying that I don't trust Matomo, I'm just saying that it's a very b
|
||||||
|
|
||||||
68
|
68
|
||||||
00:06:42,280 --> 00:06:44,840
|
00:06:42,280 --> 00:06:44,840
|
||||||
and that shit happens.
|
and that shit happens!
|
||||||
|
|
||||||
69
|
69
|
||||||
00:06:44,840 --> 00:06:50,280
|
00:06:44,840 --> 00:06:50,280
|
||||||
|
@ -276,11 +276,11 @@ And so maybe a contributor has done something wrong in the very early phases.
|
||||||
|
|
||||||
70
|
70
|
||||||
00:06:50,280 --> 00:06:57,300
|
00:06:50,280 --> 00:06:57,300
|
||||||
Maybe what I mean is that there are a lot of possibilities that one line in this number
|
Maybe, what I mean is that there are a lot of possibilities that one line in this number
|
||||||
|
|
||||||
71
|
71
|
||||||
00:06:57,300 --> 00:07:03,240
|
00:06:57,300 --> 00:07:03,240
|
||||||
of PHP lines or one line in this number of JavaScript lines, that there are a lot of
|
of PHP lines or one line in this number of JavaScript lines, and there are a lot of
|
||||||
|
|
||||||
72
|
72
|
||||||
00:07:03,240 --> 00:07:08,700
|
00:07:03,240 --> 00:07:08,700
|
||||||
|
@ -304,7 +304,7 @@ An interesting part of Matomo is that the plugin directory involves maybe the ma
|
||||||
|
|
||||||
77
|
77
|
||||||
00:07:30,720 --> 00:07:40,160
|
00:07:30,720 --> 00:07:40,160
|
||||||
of the line of codes, maybe because Matomo is very well decentralized in terms of its
|
of the lines of code, maybe because Matomo is very well decentralized in terms of its
|
||||||
|
|
||||||
78
|
78
|
||||||
00:07:40,160 --> 00:07:41,160
|
00:07:40,160 --> 00:07:41,160
|
||||||
|
@ -324,7 +324,7 @@ And so the first thing that we can suggest to reduce the attack surface of your
|
||||||
|
|
||||||
82
|
82
|
||||||
00:07:54,560 --> 00:07:56,880
|
00:07:54,560 --> 00:07:56,880
|
||||||
is just a reply to this question.
|
is just a reply to this question:
|
||||||
|
|
||||||
83
|
83
|
||||||
00:07:56,880 --> 00:08:00,800
|
00:07:56,880 --> 00:08:00,800
|
||||||
|
@ -348,11 +348,11 @@ it just from the screenshot.
|
||||||
|
|
||||||
88
|
88
|
||||||
00:08:25,400 --> 00:08:34,600
|
00:08:25,400 --> 00:08:34,600
|
||||||
Maybe, I don't know if I can highlight the DBStats plugin that allows to do reports for
|
Maybe, I don't know if I can highlight the DBStats plugin that allows to do reports
|
||||||
|
|
||||||
89
|
89
|
||||||
00:08:34,600 --> 00:08:36,100
|
00:08:34,600 --> 00:08:36,100
|
||||||
super users.
|
for super users.
|
||||||
|
|
||||||
90
|
90
|
||||||
00:08:36,100 --> 00:08:40,720
|
00:08:36,100 --> 00:08:40,720
|
||||||
|
@ -368,7 +368,7 @@ So I am not saying to disable this plugin, to disable a plugin, by the way, you
|
||||||
|
|
||||||
93
|
93
|
||||||
00:08:49,320 --> 00:08:54,320
|
00:08:49,320 --> 00:08:54,320
|
||||||
on the link on the left and to activate the other link.
|
on the link on the left, and to activate you use the other link.
|
||||||
|
|
||||||
94
|
94
|
||||||
00:08:54,320 --> 00:09:02,160
|
00:08:54,320 --> 00:09:02,160
|
||||||
|
@ -396,7 +396,7 @@ You can, whenever you want, enable it again.
|
||||||
|
|
||||||
100
|
100
|
||||||
00:09:25,600 --> 00:09:32,280
|
00:09:25,600 --> 00:09:32,280
|
||||||
And so also the marketplace, the marketplace is maybe a very big plugin and we have connections
|
And so also the marketplace, the marketplace is maybe a very big plugin and with connections
|
||||||
|
|
||||||
101
|
101
|
||||||
00:09:32,280 --> 00:09:33,400
|
00:09:32,280 --> 00:09:33,400
|
||||||
|
@ -408,7 +408,7 @@ And so there are a lot of code that needs sanitization, that needs filters, et c
|
||||||
|
|
||||||
103
|
103
|
||||||
00:09:41,120 --> 00:09:48,360
|
00:09:41,120 --> 00:09:48,360
|
||||||
And so I suggest when you install something from the marketplace, to disable the marketplace,
|
And so I suggest, when you install something from the marketplace, to disable the marketplace,
|
||||||
|
|
||||||
104
|
104
|
||||||
00:09:48,360 --> 00:09:49,360
|
00:09:48,360 --> 00:09:49,360
|
||||||
|
@ -464,7 +464,7 @@ I mean, sometimes it's not a very, very, very good idea to enforce this kind of
|
||||||
|
|
||||||
117
|
117
|
||||||
00:11:04,160 --> 00:11:12,480
|
00:11:04,160 --> 00:11:12,480
|
||||||
Using tools like multi-factor authentication in whatever tool may be counterproductive,
|
Enforcing this kind of tools like multi-factor authentication in whatever tool may be counterproductive,
|
||||||
|
|
||||||
118
|
118
|
||||||
00:11:12,480 --> 00:11:19,600
|
00:11:12,480 --> 00:11:19,600
|
||||||
|
@ -472,11 +472,11 @@ maybe problematic because maybe not all your users are trained to handle the two
|
||||||
|
|
||||||
119
|
119
|
||||||
00:11:19,600 --> 00:11:22,920
|
00:11:19,600 --> 00:11:22,920
|
||||||
authentication side effects.
|
authentication side-effects.
|
||||||
|
|
||||||
120
|
120
|
||||||
00:11:22,920 --> 00:11:27,960
|
00:11:22,920 --> 00:11:27,960
|
||||||
For example, they need to have a mobile phone and their mobile phone, they have an application
|
For example, they need to have a mobile phone and on their mobile phone, they have an application
|
||||||
|
|
||||||
121
|
121
|
||||||
00:11:27,960 --> 00:11:33,040
|
00:11:27,960 --> 00:11:33,040
|
||||||
|
@ -516,7 +516,7 @@ Maybe don't try to enforce the tool to every user in the world.
|
||||||
|
|
||||||
130
|
130
|
||||||
00:12:17,240 --> 00:12:24,640
|
00:12:17,240 --> 00:12:24,640
|
||||||
Just try to have rigid password politics, very strong password, et cetera, and, again,
|
Just try to have rigid password politics, very strong passwords, et cetera, and, again,
|
||||||
|
|
||||||
131
|
131
|
||||||
00:12:24,640 --> 00:12:25,640
|
00:12:24,640 --> 00:12:25,640
|
||||||
|
@ -528,11 +528,11 @@ By the way, if you want to try the best, I think that for me it's the best, the
|
||||||
|
|
||||||
133
|
133
|
||||||
00:12:33,560 --> 00:12:41,200
|
00:12:33,560 --> 00:12:41,200
|
||||||
one-time password application that I use with my Matome installation, I think I have a very
|
one-time password application that I use with my Matomo installation, I think I have a very
|
||||||
|
|
||||||
134
|
134
|
||||||
00:12:41,200 --> 00:12:45,000
|
00:12:41,200 --> 00:12:45,000
|
||||||
old Matome installation, but I think that it still works.
|
old Matomo installation, but I think that it still works.
|
||||||
|
|
||||||
135
|
135
|
||||||
00:12:45,000 --> 00:12:48,000
|
00:12:45,000 --> 00:12:48,000
|
||||||
|
@ -540,11 +540,11 @@ Just contact me if it's not.
|
||||||
|
|
||||||
136
|
136
|
||||||
00:12:48,000 --> 00:12:51,160
|
00:12:48,000 --> 00:12:51,160
|
||||||
The free OTP is an application from FDroid.
|
The FreeOTP+ is an application from F-Droid.
|
||||||
|
|
||||||
137
|
137
|
||||||
00:12:51,160 --> 00:12:57,280
|
00:12:51,160 --> 00:12:57,280
|
||||||
You know, FDroid, it's a repository for Android smartphone that only contains free software,
|
You know, F-Droid, it's a repository for Android smartphones that only contains Free software,
|
||||||
|
|
||||||
138
|
138
|
||||||
00:12:57,280 --> 00:12:59,640
|
00:12:57,280 --> 00:12:59,640
|
||||||
|
@ -556,7 +556,7 @@ It's open source, and this application is easy to use, and so I recommend this s
|
||||||
|
|
||||||
140
|
140
|
||||||
00:13:06,440 --> 00:13:14,040
|
00:13:06,440 --> 00:13:14,040
|
||||||
And if you have a lot of users and if you're enforcing them to use free OTP, I recommend
|
And if you have a lot of users and if you're enforcing them to use FreeOTP+, I recommend
|
||||||
|
|
||||||
141
|
141
|
||||||
00:13:14,040 --> 00:13:23,400
|
00:13:14,040 --> 00:13:23,400
|
||||||
|
@ -564,11 +564,11 @@ in doing it only if they have an Android and if they have not customized a lot t
|
||||||
|
|
||||||
142
|
142
|
||||||
00:13:23,400 --> 00:13:31,640
|
00:13:23,400 --> 00:13:31,640
|
||||||
if they have maybe disabled the Play Store or this kind of stuff.
|
(and better) if they have maybe disabled the Play Store or this kind of stuff.
|
||||||
|
|
||||||
143
|
143
|
||||||
00:13:31,640 --> 00:13:36,720
|
00:13:31,640 --> 00:13:36,720
|
||||||
So a lot of people ask, what if my Matome is compromised?
|
So a lot of people ask, what if my Matomo is compromised?
|
||||||
|
|
||||||
144
|
144
|
||||||
00:13:36,720 --> 00:13:38,480
|
00:13:36,720 --> 00:13:38,480
|
||||||
|
@ -580,7 +580,7 @@ This is a very terrible question, but I can think a very simple way you can miti
|
||||||
|
|
||||||
146
|
146
|
||||||
00:13:46,960 --> 00:13:54,400
|
00:13:46,960 --> 00:13:54,400
|
||||||
risk after your Matome was compromised is to enable this option to anonymize as much
|
risk before* your Matomo is compromised is to enable this option to anonymize as much
|
||||||
|
|
||||||
147
|
147
|
||||||
00:13:54,400 --> 00:14:02,240
|
00:13:54,400 --> 00:14:02,240
|
||||||
|
@ -588,11 +588,11 @@ as possible all the IP addresses of your users, because when you activate this o
|
||||||
|
|
||||||
148
|
148
|
||||||
00:14:02,240 --> 00:14:09,600
|
00:14:02,240 --> 00:14:09,600
|
||||||
know that Matome does not save this information in the database, and this is awesome.
|
know that Matomo does not save this information in the database, and this is awesome.
|
||||||
|
|
||||||
149
|
149
|
||||||
00:14:09,600 --> 00:14:15,240
|
00:14:09,600 --> 00:14:15,240
|
||||||
Matome does not save this information, and so if your database is hacked, it does not
|
Matomo does not save this information, and so if your database is hacked, it does not
|
||||||
|
|
||||||
150
|
150
|
||||||
00:14:15,240 --> 00:14:22,800
|
00:14:15,240 --> 00:14:22,800
|
||||||
|
@ -604,7 +604,7 @@ So this may seem stupid, but this is not stupid.
|
||||||
|
|
||||||
152
|
152
|
||||||
00:14:29,080 --> 00:14:38,080
|
00:14:29,080 --> 00:14:38,080
|
||||||
So we are here to understand when we are downloading Matome on our server, we want to understand
|
So we are here to understand when we are downloading Matomo on our server, we want to understand
|
||||||
|
|
||||||
153
|
153
|
||||||
00:14:38,080 --> 00:14:46,160
|
00:14:38,080 --> 00:14:46,160
|
||||||
|
@ -616,11 +616,11 @@ so I recommend in don't trusting this talk, but just reading the amazing officia
|
||||||
|
|
||||||
155
|
155
|
||||||
00:14:55,520 --> 00:14:56,520
|
00:14:55,520 --> 00:14:56,520
|
||||||
of Matome.
|
of Matomo.
|
||||||
|
|
||||||
156
|
156
|
||||||
00:14:56,520 --> 00:15:04,400
|
00:14:56,520 --> 00:15:04,400
|
||||||
I think that one hour in reading the Matome documentation can save your company, so please
|
I think that one hour in reading the Matomo documentation can save your company, so please
|
||||||
|
|
||||||
157
|
157
|
||||||
00:15:04,400 --> 00:15:06,040
|
00:15:04,400 --> 00:15:06,040
|
||||||
|
@ -628,7 +628,7 @@ read the documentation.
|
||||||
|
|
||||||
158
|
158
|
||||||
00:15:06,040 --> 00:15:14,920
|
00:15:06,040 --> 00:15:14,920
|
||||||
But well, in short, we know that when we download Matome, whatever version, we know to understand
|
But well, in short, we know that when we download Matomo, whatever version, we know to understand
|
||||||
|
|
||||||
159
|
159
|
||||||
00:15:14,920 --> 00:15:25,040
|
00:15:14,920 --> 00:15:25,040
|
||||||
|
@ -644,19 +644,19 @@ This is a very important question for a system administrator.
|
||||||
|
|
||||||
162
|
162
|
||||||
00:15:32,400 --> 00:15:38,160
|
00:15:32,400 --> 00:15:38,160
|
||||||
But before talking about permissions, we need to understand how we are using Matome.
|
But before talking about permissions, we need to understand how we are using Matomo.
|
||||||
|
|
||||||
163
|
163
|
||||||
00:15:38,160 --> 00:15:48,640
|
00:15:38,160 --> 00:15:48,640
|
||||||
A lot of people are adopting Matome through this method, the PHP FPM method, and a lot
|
A lot of people are adopting Matomo through this method, the PHP-FPM method, and a lot
|
||||||
|
|
||||||
164
|
164
|
||||||
00:15:48,640 --> 00:15:57,160
|
00:15:48,640 --> 00:15:57,160
|
||||||
of people without knowing about it is adopting Matome with this component, the mode PHP mode.
|
of people without knowing about it is adopting Matomo with this component, the mod_PHP mode.
|
||||||
|
|
||||||
165
|
165
|
||||||
00:15:57,160 --> 00:16:04,480
|
00:15:57,160 --> 00:16:04,480
|
||||||
So we have two methods, we have two very different methods to adopt Matome.
|
So we have two methods, we have two very different methods to adopt Matomo.
|
||||||
|
|
||||||
166
|
166
|
||||||
00:16:04,480 --> 00:16:12,480
|
00:16:04,480 --> 00:16:12,480
|
||||||
|
@ -668,7 +668,7 @@ I have done an interview about it, a survey, and they are very widely known.
|
||||||
|
|
||||||
168
|
168
|
||||||
00:16:19,400 --> 00:16:27,320
|
00:16:19,400 --> 00:16:27,320
|
||||||
A word about the PHP FPM method, how to understand that you are using this method.
|
A word about the PHP-FPM method, how to understand that you are using this method.
|
||||||
|
|
||||||
169
|
169
|
||||||
00:16:27,320 --> 00:16:34,600
|
00:16:27,320 --> 00:16:34,600
|
||||||
|
@ -676,7 +676,7 @@ You can see that you are using this method if when you do one request to your we
|
||||||
|
|
||||||
170
|
170
|
||||||
00:16:34,600 --> 00:16:41,120
|
00:16:34,600 --> 00:16:41,120
|
||||||
these ports that are not Matome, but something else, and your Matome is under another web
|
these ports that are not Matomo, but something else, and your Matomo is under another web
|
||||||
|
|
||||||
171
|
171
|
||||||
00:16:41,120 --> 00:16:46,040
|
00:16:41,120 --> 00:16:46,040
|
||||||
|
@ -684,7 +684,7 @@ server running on your machine, but on a different port.
|
||||||
|
|
||||||
172
|
172
|
||||||
00:16:46,040 --> 00:16:51,200
|
00:16:46,040 --> 00:16:51,200
|
||||||
Probably if you have this situation, you are under the PHP FPM configuration.
|
Probably if you have this situation, you are under the PHP-FPM configuration.
|
||||||
|
|
||||||
173
|
173
|
||||||
00:16:51,200 --> 00:17:01,040
|
00:16:51,200 --> 00:17:01,040
|
||||||
|
@ -692,11 +692,11 @@ Instead, if you have just a web server and nothing else, probably you are under
|
||||||
|
|
||||||
174
|
174
|
||||||
00:17:01,040 --> 00:17:03,680
|
00:17:01,040 --> 00:17:03,680
|
||||||
configuration, the mode PHP.
|
configuration, the mod_PHP.
|
||||||
|
|
||||||
175
|
175
|
||||||
00:17:03,680 --> 00:17:13,620
|
00:17:03,680 --> 00:17:13,620
|
||||||
The mode PHP version is an interesting and historically very, very widely adopted configuration
|
The mod_PHP version is an interesting and historically very, very widely adopted configuration
|
||||||
|
|
||||||
176
|
176
|
||||||
00:17:13,620 --> 00:17:18,360
|
00:17:13,620 --> 00:17:18,360
|
||||||
|
@ -704,7 +704,7 @@ because it's very, very simple to install on your Linux server.
|
||||||
|
|
||||||
177
|
177
|
||||||
00:17:18,360 --> 00:17:26,100
|
00:17:18,360 --> 00:17:26,100
|
||||||
You just run IPT install, Apache, PHP, and everything works.
|
You just run "apt install apache2 php" and everything works.
|
||||||
|
|
||||||
178
|
178
|
||||||
00:17:26,100 --> 00:17:34,840
|
00:17:26,100 --> 00:17:34,840
|
||||||
|
@ -712,7 +712,7 @@ So we have a very big process under your Unix machine, under your Linux.
|
||||||
|
|
||||||
179
|
179
|
||||||
00:17:34,840 --> 00:17:38,840
|
00:17:34,840 --> 00:17:38,840
|
||||||
Usually the Unix user is www.data.
|
Usually the Unix user is www-data.
|
||||||
|
|
||||||
180
|
180
|
||||||
00:17:38,840 --> 00:17:48,280
|
00:17:38,840 --> 00:17:48,280
|
||||||
|
@ -744,7 +744,7 @@ website you have in your single server.
|
||||||
|
|
||||||
187
|
187
|
||||||
00:18:16,600 --> 00:18:25,000
|
00:18:16,600 --> 00:18:25,000
|
||||||
So maybe you have one, two, three applications, two domains, server by the same server, and
|
So maybe you have one, two, three applications, two domains, served by the same server, and
|
||||||
|
|
||||||
188
|
188
|
||||||
00:18:25,000 --> 00:18:31,600
|
00:18:25,000 --> 00:18:31,600
|
||||||
|
@ -796,11 +796,11 @@ What is this?
|
||||||
|
|
||||||
200
|
200
|
||||||
00:19:30,680 --> 00:19:33,000
|
00:19:30,680 --> 00:19:33,000
|
||||||
They open-paste this directive.
|
They open_basedir this directive.
|
||||||
|
|
||||||
201
|
201
|
||||||
00:19:33,000 --> 00:19:46,600
|
00:19:33,000 --> 00:19:46,600
|
||||||
If you have PHP running on a domain server, you can say, okay, if you visit example.org,
|
If you have PHP running on a domain, served on your server, you can say, okay, if you visit example.org,
|
||||||
|
|
||||||
202
|
202
|
||||||
00:19:46,600 --> 00:19:49,120
|
00:19:46,600 --> 00:19:49,120
|
||||||
|
@ -816,7 +816,7 @@ And the process cannot go in the other places.
|
||||||
|
|
||||||
205
|
205
|
||||||
00:19:59,480 --> 00:20:11,240
|
00:19:59,480 --> 00:20:11,240
|
||||||
And this is possible thanks to this directive that can be set in PHP on each virtual host.
|
And this is possible thanks to this directive that can be set in PHP on each VirtualHost.
|
||||||
|
|
||||||
206
|
206
|
||||||
00:20:11,240 --> 00:20:17,480
|
00:20:11,240 --> 00:20:17,480
|
||||||
|
@ -824,15 +824,15 @@ But the problem is that this directive is that if you use it, for example, if yo
|
||||||
|
|
||||||
207
|
207
|
||||||
00:20:17,480 --> 00:20:27,480
|
00:20:17,480 --> 00:20:27,480
|
||||||
okay, I declare open-based here is bar, home, Matomo, a place on your system, then you have
|
okay, I declare open_basedir here is bar, home, Matomo, a place on your system, then you have
|
||||||
|
|
||||||
208
|
208
|
||||||
00:20:27,480 --> 00:20:32,840
|
00:20:27,480 --> 00:20:32,840
|
||||||
another web server, another virtual host, and you say another value.
|
another web server, another VirtualHost, and you say another value.
|
||||||
|
|
||||||
209
|
209
|
||||||
00:20:32,840 --> 00:20:39,800
|
00:20:32,840 --> 00:20:39,800
|
||||||
So you can set a different value for each virtual host to try to isolate the process.
|
So you can set a different value for each VirtualHost to try to isolate the process.
|
||||||
|
|
||||||
210
|
210
|
||||||
00:20:39,800 --> 00:20:44,680
|
00:20:39,800 --> 00:20:44,680
|
||||||
|
@ -848,7 +848,7 @@ This is a very frequent configuration.
|
||||||
|
|
||||||
213
|
213
|
||||||
00:20:50,900 --> 00:20:59,360
|
00:20:50,900 --> 00:20:59,360
|
||||||
So you have a server name, and so all the people from this domain go to this place.
|
So you have a ServerName, and so all the people from this domain go to this place.
|
||||||
|
|
||||||
214
|
214
|
||||||
00:20:59,360 --> 00:21:05,480
|
00:20:59,360 --> 00:21:05,480
|
||||||
|
@ -864,7 +864,7 @@ And this is not really, really safe, because if you read the documentation, it's
|
||||||
|
|
||||||
217
|
217
|
||||||
00:21:15,840 --> 00:21:19,360
|
00:21:15,840 --> 00:21:19,360
|
||||||
very clear that open-based here, it's not a security measure.
|
very clear that open_basedir here, it's not a security measure.
|
||||||
|
|
||||||
218
|
218
|
||||||
00:21:19,360 --> 00:21:21,280
|
00:21:19,360 --> 00:21:21,280
|
||||||
|
@ -872,7 +872,7 @@ It's an extra safety.
|
||||||
|
|
||||||
219
|
219
|
||||||
00:21:21,280 --> 00:21:29,320
|
00:21:21,280 --> 00:21:29,320
|
||||||
I don't know what an extra safety is, but the universe is adopting this as a security
|
I don't know what an "extra safety" is, but the universe is adopting this as a security
|
||||||
|
|
||||||
220
|
220
|
||||||
00:21:29,320 --> 00:21:32,400
|
00:21:29,320 --> 00:21:32,400
|
||||||
|
@ -888,15 +888,15 @@ And so let's talk about the PHP, the FPM method.
|
||||||
|
|
||||||
223
|
223
|
||||||
00:21:44,560 --> 00:21:54,480
|
00:21:44,560 --> 00:21:54,480
|
||||||
This is a very, very frequent alternative to the mod PHP, so this is the old configuration.
|
This is a very, very frequent alternative to the mod_PHP (so this is the old configuration)
|
||||||
|
|
||||||
224
|
224
|
||||||
00:21:54,480 --> 00:21:56,920
|
00:21:54,480 --> 00:21:56,920
|
||||||
This is the new configuration.
|
(This is the new configuration)
|
||||||
|
|
||||||
225
|
225
|
||||||
00:21:56,920 --> 00:22:05,640
|
00:21:56,920 --> 00:22:05,640
|
||||||
I invented to have isolated processes that work alongside a front-end web server.
|
(PHP-FPM) was invented to have isolated processes that work alongside a front-end web server.
|
||||||
|
|
||||||
226
|
226
|
||||||
00:22:05,640 --> 00:22:11,360
|
00:22:05,640 --> 00:22:11,360
|
||||||
|
@ -944,7 +944,7 @@ So you have a front-end web server also because it simplifies let's encrypt rene
|
||||||
|
|
||||||
237
|
237
|
||||||
00:23:15,520 --> 00:23:24,400
|
00:23:15,520 --> 00:23:24,400
|
||||||
know, or it allows you to have a lot of websites in your server and mix it by the Apache web
|
know, or it allows you to have a lot of websites in your server and mixed by the Apache web
|
||||||
|
|
||||||
238
|
238
|
||||||
00:23:24,400 --> 00:23:25,560
|
00:23:24,400 --> 00:23:25,560
|
||||||
|
@ -996,7 +996,7 @@ What I'm saying, if you visit example.org, maybe example.org, your request goes
|
||||||
|
|
||||||
250
|
250
|
||||||
00:24:05,120 --> 00:24:11,260
|
00:24:05,120 --> 00:24:11,260
|
||||||
to the correct PHP, FPM web server.
|
to the correct PHP-FPM web server.
|
||||||
|
|
||||||
251
|
251
|
||||||
00:24:11,260 --> 00:24:18,800
|
00:24:11,260 --> 00:24:18,800
|
||||||
|
@ -1064,7 +1064,7 @@ have another Unix user that must have access to this file system for the dynamic
|
||||||
|
|
||||||
267
|
267
|
||||||
00:25:46,340 --> 00:25:54,960
|
00:25:46,340 --> 00:25:54,960
|
||||||
So PHP files are executed by this user, and static file are provided by the www data user.
|
So PHP files are executed by this user, and static file are provided by the www-data user.
|
||||||
|
|
||||||
268
|
268
|
||||||
00:25:54,960 --> 00:25:57,000
|
00:25:54,960 --> 00:25:57,000
|
||||||
|
@ -1080,7 +1080,7 @@ Maybe you have the front-end web server Apache configured in this way to say tha
|
||||||
|
|
||||||
271
|
271
|
||||||
00:26:08,360 --> 00:26:12,120
|
00:26:08,360 --> 00:26:12,120
|
||||||
a document root somewhere.
|
a DocumentRoot somewhere.
|
||||||
|
|
||||||
272
|
272
|
||||||
00:26:12,120 --> 00:26:19,320
|
00:26:12,120 --> 00:26:19,320
|
||||||
|
@ -1088,11 +1088,11 @@ And then I have not put it there, but you can imagine that in the next slides, w
|
||||||
|
|
||||||
273
|
273
|
||||||
00:26:19,320 --> 00:26:26,240
|
00:26:19,320 --> 00:26:26,240
|
||||||
the proxy, proxying all the requests on the underlying web server.
|
the proxy, proxying all the requests to the underlying web server.
|
||||||
|
|
||||||
274
|
274
|
||||||
00:26:26,240 --> 00:26:34,960
|
00:26:26,240 --> 00:26:34,960
|
||||||
And this is the most important part of our talk, how to have a PHP FPM safe, secure,
|
And this is the most important part of our talk, how to have a PHP-FPM safe, secure,
|
||||||
|
|
||||||
275
|
275
|
||||||
00:26:34,960 --> 00:26:35,960
|
00:26:34,960 --> 00:26:35,960
|
||||||
|
@ -1108,7 +1108,7 @@ that user can access critical places in that file system of your application.
|
||||||
|
|
||||||
278
|
278
|
||||||
00:26:50,760 --> 00:27:00,000
|
00:26:50,760 --> 00:27:00,000
|
||||||
So you can declare a PHP directive to say that the uploaded files must be in place,
|
So you can declare a PHP directive to say that the uploaded files must be in this place,
|
||||||
|
|
||||||
279
|
279
|
||||||
00:27:00,000 --> 00:27:07,760
|
00:27:00,000 --> 00:27:07,760
|
||||||
|
@ -1128,7 +1128,7 @@ not?
|
||||||
|
|
||||||
283
|
283
|
||||||
00:27:19,760 --> 00:27:24,760
|
00:27:19,760 --> 00:27:24,760
|
||||||
This is a good strategy to use open base there in a right way.
|
This is a good strategy to use open_basedir there in a right way.
|
||||||
|
|
||||||
284
|
284
|
||||||
00:27:24,760 --> 00:27:33,600
|
00:27:24,760 --> 00:27:33,600
|
||||||
|
@ -1152,7 +1152,7 @@ So for example, on your file system, you have your Matomo installed in this posi
|
||||||
|
|
||||||
289
|
289
|
||||||
00:27:54,720 --> 00:27:59,760
|
00:27:54,720 --> 00:27:59,760
|
||||||
in this position, and you have the temporary directive that is this one.
|
in this position, and you have the temporary directive (that is this one).
|
||||||
|
|
||||||
290
|
290
|
||||||
00:27:59,760 --> 00:28:10,200
|
00:27:59,760 --> 00:28:10,200
|
||||||
|
@ -1164,19 +1164,19 @@ it's the one assigned to the same process, and look about this permission field.
|
||||||
|
|
||||||
292
|
292
|
||||||
00:28:19,400 --> 00:28:27,280
|
00:28:19,400 --> 00:28:27,280
|
||||||
If you know how to read this field, it means that let's clear everything.
|
If you know how to read this field (drwx rwx rwx), it means that (let's clear everything).
|
||||||
|
|
||||||
293
|
293
|
||||||
00:28:27,280 --> 00:28:35,080
|
00:28:27,280 --> 00:28:35,080
|
||||||
What I'm highlighting here is that this Apache Matomo is the user who can read, write, and
|
What I'm highlighting here is that this Apache Matomo is the user who can read (r), write (w), and
|
||||||
|
|
||||||
294
|
294
|
||||||
00:28:35,080 --> 00:28:37,240
|
00:28:35,080 --> 00:28:37,240
|
||||||
execute this in this file.
|
execute (x) this in this file.
|
||||||
|
|
||||||
295
|
295
|
||||||
00:28:37,240 --> 00:28:42,040
|
00:28:37,240 --> 00:28:42,040
|
||||||
So execute in a directory context means that you can access this file.
|
So execute (x) in a directory context means that you can access this file.
|
||||||
|
|
||||||
296
|
296
|
||||||
00:28:42,040 --> 00:28:50,520
|
00:28:42,040 --> 00:28:50,520
|
||||||
|
@ -1200,7 +1200,7 @@ configurations in order to instruct the process to use your custom path names in
|
||||||
|
|
||||||
301
|
301
|
||||||
00:29:17,960 --> 00:29:23,480
|
00:29:17,960 --> 00:29:23,480
|
||||||
TMP, that it's global.
|
/tmp that it's global.
|
||||||
|
|
||||||
302
|
302
|
||||||
00:29:23,480 --> 00:29:28,400
|
00:29:23,480 --> 00:29:28,400
|
||||||
|
@ -1220,7 +1220,7 @@ This is not scaring.
|
||||||
|
|
||||||
306
|
306
|
||||||
00:29:46,920 --> 00:29:53,360
|
00:29:46,920 --> 00:29:53,360
|
||||||
Sometimes we hear, oh my god, the root user should not execute this file.
|
Sometimes we hear «oh my god, the root user should not execute this file».
|
||||||
|
|
||||||
307
|
307
|
||||||
00:29:53,360 --> 00:29:54,360
|
00:29:53,360 --> 00:29:54,360
|
||||||
|
@ -1288,7 +1288,7 @@ There is no need to remove the read access, the last read access.
|
||||||
|
|
||||||
323
|
323
|
||||||
00:31:03,120 --> 00:31:12,960
|
00:31:03,120 --> 00:31:12,960
|
||||||
So it's evaluate, always evaluate the last column that it's the most important one declaring
|
So evaluate, always evaluate the last column that it's the most important one declaring
|
||||||
|
|
||||||
324
|
324
|
||||||
00:31:12,960 --> 00:31:17,680
|
00:31:12,960 --> 00:31:17,680
|
||||||
|
@ -1300,11 +1300,11 @@ And so for example, I have removed the, you see that the temporary directive has
|
||||||
|
|
||||||
326
|
326
|
||||||
00:31:26,400 --> 00:31:33,080
|
00:31:26,400 --> 00:31:33,080
|
||||||
in the, I have not highlighted it correctly, but has nothing in the last permissions.
|
in the (I have not highlighted it correctly) but has nothing in the last permissions.
|
||||||
|
|
||||||
327
|
327
|
||||||
00:31:33,080 --> 00:31:39,520
|
00:31:33,080 --> 00:31:39,520
|
||||||
So the temp directory can only be wrote by the Apache user and to the Apache group.
|
So the /tmp directory can only be wrote by the Apache user and to the Apache group.
|
||||||
|
|
||||||
328
|
328
|
||||||
00:31:39,520 --> 00:31:47,320
|
00:31:39,520 --> 00:31:47,320
|
||||||
|
@ -1324,7 +1324,7 @@ What needed to be hided to everybody but your users.
|
||||||
|
|
||||||
332
|
332
|
||||||
00:32:02,680 --> 00:32:12,080
|
00:32:02,680 --> 00:32:12,080
|
||||||
And so you do the same, but without the other field, without allowing other users to read,
|
And so you do the same, but without the "other" (o) field, without allowing other users to read,
|
||||||
|
|
||||||
333
|
333
|
||||||
00:32:12,080 --> 00:32:15,960
|
00:32:12,080 --> 00:32:15,960
|
||||||
|
@ -1360,11 +1360,11 @@ be public, but the files inside the config directory have to be private.
|
||||||
|
|
||||||
341
|
341
|
||||||
00:32:45,600 --> 00:32:53,320
|
00:32:45,600 --> 00:32:53,320
|
||||||
So inspect your application, read the official documentation, be, use the change modality
|
So inspect your application, read the official documentation, use the change modality (chmod)
|
||||||
|
|
||||||
342
|
342
|
||||||
00:32:53,320 --> 00:32:59,560
|
00:32:53,320 --> 00:32:59,560
|
||||||
for the files and use the change owner for the files wisely.
|
for the files and use the change owner (chown) for the files wisely.
|
||||||
|
|
||||||
343
|
343
|
||||||
00:32:59,560 --> 00:33:05,200
|
00:32:59,560 --> 00:33:05,200
|
||||||
|
@ -1396,7 +1396,7 @@ And this is the same for your Matomo installation.
|
||||||
|
|
||||||
350
|
350
|
||||||
00:33:41,400 --> 00:33:49,560
|
00:33:41,400 --> 00:33:49,560
|
||||||
So you should have a script to harden your installation when you want is freezed.
|
So you should have a script to harden your installation when you want it's freezed.
|
||||||
|
|
||||||
351
|
351
|
||||||
00:33:49,560 --> 00:34:01,160
|
00:33:49,560 --> 00:34:01,160
|
||||||
|
@ -1436,7 +1436,7 @@ And this is not the desired situation.
|
||||||
|
|
||||||
360
|
360
|
||||||
00:34:49,160 --> 00:34:59,040
|
00:34:49,160 --> 00:34:59,040
|
||||||
So it can be a stupid, but trust me, if take care about your applications, Matomo included,
|
So it can be stupid, but trust me, if take care about your applications, Matomo included,
|
||||||
|
|
||||||
361
|
361
|
||||||
00:34:59,040 --> 00:35:12,760
|
00:34:59,040 --> 00:35:12,760
|
||||||
|
@ -1444,7 +1444,7 @@ WordPress included, and if you want to have everything in a good state, I recomm
|
||||||
|
|
||||||
362
|
362
|
||||||
00:35:12,760 --> 00:35:21,440
|
00:35:12,760 --> 00:35:21,440
|
||||||
a kind of hardened production configuration and upgrade the configuration.
|
a kind of hardened production configuration and an upgrade-ready configuration.
|
||||||
|
|
||||||
363
|
363
|
||||||
00:35:21,440 --> 00:35:33,040
|
00:35:21,440 --> 00:35:33,040
|
||||||
|
@ -1504,7 +1504,7 @@ So it's not important to enforce two-factor authentication on your whole organic
|
||||||
|
|
||||||
377
|
377
|
||||||
00:36:49,320 --> 00:36:56,000
|
00:36:49,320 --> 00:36:56,000
|
||||||
because if you don't know how to use it, you will just make bigger mistakes.
|
because if you don't know how to use it, you would just make bigger mistakes.
|
||||||
|
|
||||||
378
|
378
|
||||||
00:36:56,000 --> 00:36:58,960
|
00:36:56,000 --> 00:36:58,960
|
||||||
|
@ -1532,11 +1532,11 @@ on your Wi-Fi area, security issues on your laptop.
|
||||||
|
|
||||||
384
|
384
|
||||||
00:37:27,600 --> 00:37:33,520
|
00:37:27,600 --> 00:37:33,520
|
||||||
Maybe you installed a video game from a random website and now your computer is totally compromised.
|
Maybe you installed a videogame from a random website and now your computer is totally compromised.
|
||||||
|
|
||||||
385
|
385
|
||||||
00:37:33,520 --> 00:37:40,520
|
00:37:33,520 --> 00:37:40,520
|
||||||
So I'm not saying that it's really, really huge, useful to have a very, very hard-ended
|
So I'm not saying that it's really, really hugely useful to have a very, very hardended
|
||||||
|
|
||||||
386
|
386
|
||||||
00:37:40,520 --> 00:37:53,040
|
00:37:40,520 --> 00:37:53,040
|
||||||
|
@ -1544,7 +1544,7 @@ installation if the administrators have not devices with a controlled state.
|
||||||
|
|
||||||
387
|
387
|
||||||
00:37:53,040 --> 00:37:57,760
|
00:37:53,040 --> 00:37:57,760
|
||||||
So try to use as much as possible open-source software.
|
So try to use as much as possible Open Source software.
|
||||||
|
|
||||||
388
|
388
|
||||||
00:37:57,760 --> 00:38:06,200
|
00:37:57,760 --> 00:38:06,200
|
||||||
|
@ -1560,11 +1560,11 @@ And then you can be safe to use stuff like the OTP applications.
|
||||||
|
|
||||||
391
|
391
|
||||||
00:38:18,480 --> 00:38:22,360
|
00:38:18,480 --> 00:38:22,360
|
||||||
And so use as much possible free software.
|
And so use as much possible Free software.
|
||||||
|
|
||||||
392
|
392
|
||||||
00:38:22,360 --> 00:38:33,520
|
00:38:22,360 --> 00:38:33,520
|
||||||
I really have to say, please don't think that you will be not owned because this is the
|
I really have to say, please don't think that you will be not owned, because this is the
|
||||||
|
|
||||||
393
|
393
|
||||||
00:38:33,520 --> 00:38:35,600
|
00:38:33,520 --> 00:38:35,600
|
||||||
|
@ -1580,7 +1580,7 @@ Invest in exploring your tool.
|
||||||
|
|
||||||
396
|
396
|
||||||
00:38:45,960 --> 00:38:57,240
|
00:38:45,960 --> 00:38:57,240
|
||||||
Invest in trying to hack your system, try to use not-privileged users.
|
Invest in trying to overcome, hack your system, try to use not-privileged users.
|
||||||
|
|
||||||
397
|
397
|
||||||
00:38:57,240 --> 00:39:06,640
|
00:38:57,240 --> 00:39:06,640
|
||||||
|
@ -1592,7 +1592,7 @@ escalation trying to inspect your web servers and your applications.
|
||||||
|
|
||||||
399
|
399
|
||||||
00:39:13,760 --> 00:39:23,640
|
00:39:13,760 --> 00:39:23,640
|
||||||
So these are just bad words to remember to try to be the one that can enter in your system
|
So these are just buzzwords to remember to try to be the one that can enter in your system
|
||||||
|
|
||||||
400
|
400
|
||||||
00:39:23,640 --> 00:39:30,680
|
00:39:23,640 --> 00:39:30,680
|
||||||
|
@ -1607,12 +1607,8 @@ This is not good.
|
||||||
So thank you so much.
|
So thank you so much.
|
||||||
|
|
||||||
403
|
403
|
||||||
00:39:33,240 --> 00:39:36,120
|
00:39:33,240 --> 00:39:37
|
||||||
My presentation is under the Creative Commons attribution.
|
My presentation is under the Creative Commons Attribution - ShareAlike.
|
||||||
|
|
||||||
404
|
|
||||||
00:39:36,120 --> 00:39:37,120
|
|
||||||
Share your like.
|
|
||||||
|
|
||||||
405
|
405
|
||||||
00:39:37,120 --> 00:39:41,480
|
00:39:37,120 --> 00:39:41,480
|
||||||
|
@ -1640,15 +1636,15 @@ Thank you so much for everything.
|
||||||
|
|
||||||
411
|
411
|
||||||
00:39:56,560 --> 00:40:06,000
|
00:39:56,560 --> 00:40:06,000
|
||||||
Can I thank again the Matomo organizers because MatomoCamp is realized with 100% open-source
|
Can I thank again the Matomo organizers because MatomoCamp is realized with 100% Open Source
|
||||||
|
|
||||||
412
|
412
|
||||||
00:40:06,000 --> 00:40:07,480
|
00:40:06,000 --> 00:40:07,480
|
||||||
software and deeper software.
|
software and Libre software.
|
||||||
|
|
||||||
413
|
413
|
||||||
00:40:07,480 --> 00:40:14,400
|
00:40:07,480 --> 00:40:14,400
|
||||||
And this is really amazing because, again, Matomo is open-source, MatomoCamp is open-source,
|
And this is really amazing because, again, Matomo is Open Source, MatomoCamp is Open Source,
|
||||||
|
|
||||||
414
|
414
|
||||||
00:40:14,400 --> 00:40:21,360
|
00:40:14,400 --> 00:40:21,360
|
||||||
|
@ -1872,5 +1868,4 @@ Ciao, pane pizza Matomo.
|
||||||
|
|
||||||
469
|
469
|
||||||
00:44:20,640 --> 00:44:40,840
|
00:44:20,640 --> 00:44:40,840
|
||||||
Ciao.
|
Ciao!
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue