Browse Source

Moving to https

stockholm
Bob Mottram 4 years ago
parent
commit
5a2cfcec2a
24 changed files with 1843 additions and 1108 deletions
  1. + 1
    - 1
      doc/EN/code.org
  2. + 1
    - 44
      doc/EN/faq.org
  3. + 3
    - 3
      doc/EN/index.org
  4. + 2
    - 2
      doc/EN/installation.org
  5. + 2
    - 2
      doc/EN/mesh.org
  6. + 1
    - 1
      doc/EN/support.org
  7. + 10
    - 10
      doc/EN/usage.org
  8. + 2
    - 2
      doc/EN/usage_email.org
  9. + 10
    - 10
      img/logo.svg
  10. + 117
    - 33
      website/EN/backups.html
  11. + 92
    - 8
      website/EN/code.html
  12. + 135
    - 51
      website/EN/controlpanel.html
  13. + 200
    - 159
      website/EN/faq.html
  14. + 94
    - 10
      website/EN/index.html
  15. + 150
    - 66
      website/EN/installation.html
  16. + 144
    - 60
      website/EN/mesh.html
  17. + 114
    - 30
      website/EN/mirrors.html
  18. + 118
    - 34
      website/EN/mobile.html
  19. + 91
    - 7
      website/EN/related.html
  20. + 119
    - 35
      website/EN/support.html
  21. + 0
    - 272
      website/EN/test.html
  22. + 176
    - 175
      website/EN/usage.html
  23. + 170
    - 86
      website/EN/usage_email.html
  24. + 91
    - 7
      website/EN/variants.html

+ 1
- 1
doc/EN/code.org

@ -16,7 +16,7 @@
</center>
#+END_EXPORT
Freedombone is really just a couple of [[http://www.gnu.org/software/bash][bash]] scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the [[https://www.gnu.org/licenses/agpl.html][GNU Affero General Public License version 3]] (or later).
Freedombone is really just a couple of [[https://www.gnu.org/software/bash][bash]] scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the [[https://www.gnu.org/licenses/agpl.html][GNU Affero General Public License version 3]] (or later).
You can find the source code for this project [[https://github.com/bashrc/freedombone][on Github]].

+ 1
- 44
doc/EN/faq.org

@ -46,7 +46,7 @@
* I don't have a static IP address. Can I still install this system?
Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.
The lack of a static IP address can be worked around by using a dynamic DNS service. Freedombone uses [[http://troglobit.com/inadyn.html][inadyn]] , which supports a variety of dynamic DNS providers.
The lack of a static IP address can be worked around by using a dynamic DNS service. Freedombone uses [[https://troglobit.com/inadyn.html][inadyn]] , which supports a variety of dynamic DNS providers.
* Why not support building images for Raspberry Pi?
The FreedomBox project supports Raspberry Pi builds, and the image build system for Freedombone is based on the same system. However, although the Raspberry Pi can run a version of Debian it requires a closed proprietary blob in order to boot the hardware. Who knows what that blob might contain or what exploits it could facilitate. From an adversarial point of view if you were trying to deliver "bulk equipment interference" then it doesn't get any better than piggybacking on something which has control of the boot process, and hence all subsequently run processes.
@ -160,49 +160,6 @@ And see some error related to checking for changes in the IP address then you ca
https://check.torproject.org/
https://www.whatsmydns.net/whats-my-ip-address.html
https://www.privateinternetaccess.com/pages/whats-my-ip/
http://checkip.two-dns.de
http://ip.dnsexit.com
http://ifconfig.me/ip
http://ipecho.net/plain
http://checkip.dyndns.org/plain
http://ipogre.com/linux.php
http://whatismyipaddress.com/
http://ip.my-proxy.com/
http://websiteipaddress.com/WhatIsMyIp
http://getmyipaddress.org/
http://www.my-ip-address.net/
http://myexternalip.com/raw
http://www.canyouseeme.org/
http://www.trackip.net/
http://icanhazip.com/
http://www.iplocation.net/
http://www.howtofindmyipaddress.com/
http://www.ipchicken.com/
http://whatsmyip.net/
http://www.ip-adress.com/
http://checkmyip.com/
http://www.tracemyip.org/
http://checkmyip.net/
http://www.lawrencegoetz.com/programs/ipinfo/
http://www.findmyip.co/
http://ip-lookup.net/
http://www.dslreports.com/whois
http://www.mon-ip.com/en/my-ip/
http://www.myip.ru
http://ipgoat.com/
http://www.myipnumber.com/my-ip-address.asp
http://www.whatsmyipaddress.net/
http://formyip.com/
http://www.displaymyip.com/
http://www.bobborst.com/tools/whatsmyip/
http://www.geoiptool.com/
http://checkip.dyndns.com/
http://myexternalip.com/
http://www.ip-adress.eu/
http://www.infosniper.net/
http://wtfismyip.com/
http://ipinfo.io/
http://httpbin.org/ip
#+end_src
* How do I change my encryption settings?

+ 3
- 3
doc/EN/index.org

@ -49,7 +49,7 @@ With the right technology the internet can be a space for free expression, explo
</center>
#+END_EXPORT
This is personal or family scale computing, which can then federate to global proportions. We need [[http://www.alainet.org/en/articulo/168669][community controlled]] information systems and to achieve that they must be inexpensive and simple to install and maintain. This is the opposite of the current dominant paradigm of [[https://www.youtube.com/watch?v=XZmGGAbHqa0][titanic server warehouses]] owned by a tiny number of individuals and it's what is sometimes refered to as [[http://mediagoblin.org/news/userops.html]["userops"]] - i.e. a user being able to do what traditionally only a professional systems administrator would be able to.
This is personal or family scale computing, which can then federate to global proportions. We need community controlled information systems and to achieve that they must be inexpensive and simple to install and maintain. This is the opposite of the current dominant paradigm of [[https://www.youtube.com/watch?v=XZmGGAbHqa0][titanic server warehouses]] owned by a tiny number of individuals and it's what is sometimes refered to as [[https://mediagoblin.org/news/userops.html]["userops"]] - i.e. a user being able to do what traditionally only a professional systems administrator would be able to.
With a system installed in your home you also have greater legal protection against unwarranted or "bulk warrant" searches. In general as soon as you put your information onto systems which you don't own then you no longer have the same property rights over it, together with "/no reasonable expectation of privacy/" otherwise known as the third party doctrine. We all know that's a nonsense, and so maybe we should do something about it.
@ -73,8 +73,8 @@ You can bypass all of these dilemmas and take back ownership of your internet co
Freedombone is an example of the internet as it was supposed to be: a network of peers, rather than a small number of gigantic server farms with everyone connecting to them. Even if they're well run, centralised server farms become a conspicuous target for /all kinds of nefariousness/ and in any future wars they're bound to be amongst the first facilities to receive the "/shock and awe/" treatment. Also consider just what is being "farmed". If a robust information society is desirable then excessive centralisation of control over information should be avoided.
An emphasis of the Freedombone project is the protection of private communications from indiscriminate mass surveillance, otherwise known as "/bulk intercept/" or "/warrantless wiretapping/". With only a few exceptions data entering and leaving the system is encrypted using settings recommended by [[https://bettercrypto.org][bettercrypto.org]]. Stored emails are encrypted such that only someone knowing your GPG password can read them and a GPG key is created automatically if you don't already have one. The system is firewalled with only the necessary ports being opened. Exclusively [[http://en.wikipedia.org/wiki/Free_software][free software]] is used so that all of it can potentially be security audited and proprietary repositories are disabled by default. There are still numerous security problems with the internet in general and software always contains bugs, but a best attempt has been made to ensure that the Freedombone is at least more secure than average.
An emphasis of the Freedombone project is the protection of private communications from indiscriminate mass surveillance, otherwise known as "/bulk intercept/" or "/warrantless wiretapping/". With only a few exceptions data entering and leaving the system is encrypted using settings recommended by [[https://bettercrypto.org][bettercrypto.org]] . Stored emails are encrypted such that only someone knowing your GPG password can read them and a GPG key is created automatically if you don't already have one. The system is firewalled with only the necessary ports being opened. Exclusively [[https://en.wikipedia.org/wiki/Free_software][free software]] is used so that all of it can potentially be security audited and proprietary repositories are disabled by default. There are still numerous security problems with the internet in general and software always contains bugs, but a best attempt has been made to ensure that the Freedombone is at least more secure than average.
#+BEGIN_CENTER
This site can also be accessed via a Tor browser at [[http://4fvfozz6g3zmvf76.onion][http://4fvfozz6g3zmvf76.onion]]
This site can also be accessed via a Tor browser at 4fvfozz6g3zmvf76.onion
#+END_CENTER

+ 2
- 2
doc/EN/installation.org

@ -105,8 +105,8 @@ freedombone menuconfig
** On a single board computer (SBC)
Currently the following boards are supported:
* [[http://beagleboard.org/BLACK][Beaglebone Black]]
* [[http://linux-sunxi.org/Cubietech_Cubieboard2][Cubieboard 2]]
* [[https://beagleboard.org/BLACK][Beaglebone Black]]
* [[https://linux-sunxi.org/Cubietech_Cubieboard2][Cubieboard 2]]
* [[https://linux-sunxi.org/Cubietruck][Cubietruck (Cubieboard 3)]]
* [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME/open-source-hardware][olinuxino Lime]]
* [[https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware][olinuxino Lime2]]

+ 2
- 2
doc/EN/mesh.org

@ -150,7 +150,7 @@ If for any reason things don't seem to be updating you can force an update by is
zeronetavahi
#+END_SRC
** Chat
If you have a Tox client installed on your system then you can use that to communicate with other mesh peers. A limitation is that if peers change you may need to quit the application and restart it in order to receive the updated list of DHTnodes. The [[https://github.com/Tox/toxic][Toxic]] client is installed by default, but you may also want to install [[https://github.com/tux3/qTox][qTox]] or [[http://utox.org][uTox]] for a more conventional-looking user experience.
If you have a Tox client installed on your system then you can use that to communicate with other mesh peers. A limitation is that if peers change you may need to quit the application and restart it in order to receive the updated list of DHTnodes. The [[https://github.com/Tox/toxic][Toxic]] client is installed by default, but you may also want to install [[https://github.com/tux3/qTox][qTox]] for a more conventional-looking user experience.
You can obtain Tox IDs for users on the network via the initial web page.
@ -193,7 +193,7 @@ sudo batman stop
After a few seconds your usual internet wifi connection should be re-established.
* Further reading
For much more extensive details about deploying wireless networks there is an excellent book called [[http://wndw.net][Wireless Networking in the Developing World]] which is worth reading. It's not necessarily exclusively about mesh networks, but may be useful in terms of advice about antennas, reflections, extending wifi range and so on.
For much more extensive details about deploying wireless networks there is an excellent book called [[https://wndw.net][Wireless Networking in the Developing World]] which is worth reading. It's not necessarily exclusively about mesh networks, but may be useful in terms of advice about antennas, reflections, extending wifi range and so on.
#+BEGIN_EXPORT html
<center>

+ 1
- 1
doc/EN/support.org

@ -43,7 +43,7 @@ If you find this project useful then you may wish to consider donating to [[./re
Testing of the install on different hardware. Also pentesting on test installations to find vulnerabilities.
** Web design and artwork
A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the [[http://www.mediagoblin.org/][Mediagoblin]] project, and attractive graphics can help to get people initially interested.
A better design for this website would be nice to have. Photos, icons or other artwork are all welcome. I've always liked the cartoon artwork of the [[https://www.mediagoblin.org/][Mediagoblin]] project, and attractive graphics can help to get people initially interested.
** More education and promotion
#+BEGIN_CENTER

+ 10
- 10
doc/EN/usage.org

@ -39,7 +39,7 @@ ssh username@domainname -p 2222
emacs ~/README
#+END_SRC
You should transfer any passwords to a password manager such as [[http://www.keepassx.org/][KeepassX]] and then delete them from the README file. To save the file after removing passwords use *CTRL-x CTRL-s*.
You should transfer any passwords to a password manager such as [[https://www.keepassx.org/][KeepassX]] and then delete them from the README file. To save the file after removing passwords use *CTRL-x CTRL-s*.
To exit you can either just close the terminal or use *CTRL-x CTRL-c* followed by the *exit* command.
* Improving ssh security
@ -98,7 +98,7 @@ ssh username@address.onion -p 2222
Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating.
* Syncing to the Cloud
[[https://syncthing.net][Syncthing]] provides a similar capability to proprietary systems such as [[http://www.drop-dropbox.com/][Dropbox]], and also is well suited for use with low power single board computers. You can have one or more directories which are synchronized across your various laptops/desktops/devices, and this makes it hard for you to ever lose important files. The manner in which the synchronization is done is pretty secure, such that it would be difficult for passive adversaries (mass surveillance, "/men in the middle/", etc) to know what files you're sharing. Of course, you don't necessarily need to be running a server in order to use Syncthing, but if you do have a server which is always running then there's always at least one place to synchronize your files to or from.
[[https://syncthing.net][Syncthing]] provides a similar capability to proprietary systems such as Dropbox, and also is well suited for use with low power single board computers. You can have one or more directories which are synchronized across your various laptops/desktops/devices, and this makes it hard for you to ever lose important files. The manner in which the synchronization is done is pretty secure, such that it would be difficult for passive adversaries (mass surveillance, "/men in the middle/", etc) to know what files you're sharing. Of course, you don't necessarily need to be running a server in order to use Syncthing, but if you do have a server which is always running then there's always at least one place to synchronize your files to or from.
Freedombone provides Syncthing shared directories for each user on the system, plus a single shared directory for all users. The expected most common scenario here is that of a family in which members may not want to share /all of their files/ with each other, but might want to share some in a common pool (eg. birthday photos). You can also easily share between different servers.
@ -199,8 +199,8 @@ echo "(add-to-list 'load-path \"~/elisp/gnu-social-mode\")" >> ~/.emacs
echo "(require 'gnu-social-mode)" >> ~/.emacs
echo "(setq gnu-social-server-textlimit 2000" >> ~/.emacs
echo " gnu-social-server \"yourgnusocialdomain\"" >> ~/.emacs
echo " gnu-social-username \"yourusername\"" >> ~/.emacs
echo " gnu-social-password \"gnusocialpassword\")" >> ~/.emacs
echo " gnu-social-username \"yourusername\"" >> ~/.emacs
echo " gnu-social-password \"gnusocialpassword\")" >> ~/.emacs
#+end_src
And as a quick reference the main keys are:
@ -298,7 +298,7 @@ net_proxy_user = HexChat
# /set irc_hide_version ON
# /set identd OFF <-- NOT working on all HexChat-based IRC software.
# But still highly suggested to include & use it.
# Probable not needed on UNIX, source: http://xchat.org/faq/#q21
# Probable not needed on UNIX, source: https://xchat.org/faq/#q21
dcc_auto_chat = 0
dcc_auto_resume = 0
dcc_auto_send = 0
@ -450,7 +450,7 @@ If you wish to make backups of the OMEMO keys then they can be found within:
If you wish to use OpenPGP to encrypt your messages then go to *Edit/Accounts*, select your account and then the *Personal Information* tab. You can then choose your GPG key. When initiating a chat you can select the *Advanced* button and then select *Toggle OpenPGP Encryption*. OpenPGP is not as secure as OMEMO, but does allow you to use XMPP in a similar style to email in that the recipient of the message does not necessarily need to be online at the same time that you send it.
*** Using with Profanity
The [[http://profanity.im][Profanity]] shell based user interface and is perhaps the simplest way to use XMPP from a laptop. It's also a good way to ensure that your OTR keys are the same even when logging in from different laptops or devices, and it also means that if those devices later become compomised then there are no locally stored OTR keys to be found.
The [[https://profanity.im][Profanity]] shell based user interface and is perhaps the simplest way to use XMPP from a laptop. It's also a good way to ensure that your OTR keys are the same even when logging in from different laptops or devices, and it also means that if those devices later become compomised then there are no locally stored OTR keys to be found.
#+BEGIN_SRC bash
ssh username@domain -p 2222
@ -498,7 +498,7 @@ and quote that. If they quote theirs back you can check it with:
/otr theirfp
#+END_SRC
If the fingerprints match then you can be pretty confident that unless you have been socially engineered via the question and answer you probably are talking to who you think you are, and that it will be difficult for mass surveillance systems to know the content of the conversation. For more details see [[http://www.profanity.im/otr.html][this guide]].
If the fingerprints match then you can be pretty confident that unless you have been socially engineered via the question and answer you probably are talking to who you think you are, and that it will be difficult for mass surveillance systems to know the content of the conversation. For more details see [[https://www.profanity.im/otr.html][this guide]]
When accessed via the user control panel the client is automatically routed through Tor and so if you are also using OTR then this provides protection for both message content and metadata.
*** Using with Jitsi
@ -625,7 +625,7 @@ Select /Administrator controls/ then select the *About* screen.
The RSS reader is accessible only via an onion address. This provides a reasonable degree of reading privacy, making it difficult for passive adversaries such as governments, corporations or criminals to create lists of sites which you are subscribed to.
To set up the system open http://rss_reader_onion_address/ and log in with username *admin* and the password obtained either at the beginning of the install or from the README file in your home directory. You can then select the *Actions* menu and begin adding your feeds.
To set up the system open http://rss_reader_onion_address and log in with username *admin* and the password obtained either at the beginning of the install or from the README file in your home directory. You can then select the *Actions* menu and begin adding your feeds.
** On mobile
To access the RSS reader from a mobile device you can install a Tor compatible browser such as OrFox. It will try to automatically change to the mobile version of the user interface. Remember to add the site to the NoScript whitelist, and you may also need to turn HTTPS Everywhere off.
@ -640,8 +640,8 @@ Add the following to your configuration, changing the address and password as ap
#+begin_src emacs-lisp :tangle no
(setq avandu-tt-rss-api-url "http://rss_reader_onion_address/api/"
avandu-user "admin"
avandu-password "mypassword")
avandu-user "admin"
avandu-password "mypassword")
#+end_src
If you don't already have Emacs set up to route through Tor then also add the following:

+ 2
- 2
doc/EN/usage_email.org

@ -37,7 +37,7 @@ So if you want to use your own email address hosted on your own system you do ne
* A technical note about email transport security
Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are [[https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks][possible attacks against STARTTLS]] in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
From http://motherboard.vice.com/read/email-encryption-is-broken:
From https://motherboard.vice.com/read/email-encryption-is-broken:
#+BEGIN_QUOTE
The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor
@ -54,7 +54,7 @@ quit
exit
#+END_SRC
Having a password on your GPG key will prevent someone from reading your email /even if your server gets lost or stolen/ or if someone else has physical access to it. Make the password something long and unlikely to be guessable or vulnerable to a brute force [[http://en.wikipedia.org/wiki/Dictionary_attack][dictionary attack]].
Having a password on your GPG key will prevent someone from reading your email /even if your server gets lost or stolen/ or if someone else has physical access to it. Make the password something long and unlikely to be guessable or vulnerable to a brute force [[https://en.wikipedia.org/wiki/Dictionary_attack][dictionary attack]].
* Publishing your GPG public key
If you havn't already then you should publish your GPG public key so that others can find it.

+ 10
- 10
img/logo.svg

@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<!-- Created with Inkscape (https://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:dc="https://purl.org/dc/elements/1.1/"
xmlns:cc="https://creativecommons.org/ns#"
xmlns:rdf="https://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="https://www.w3.org/2000/svg"
xmlns="https://www.w3.org/2000/svg"
xmlns:xlink="https://www.w3.org/1999/xlink"
xmlns:sodipodi="https://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="https://www.inkscape.org/namespaces/inkscape"
id="svg3039"
version="1.1"
inkscape:version="0.48.4 r9939"
@ -23,7 +23,7 @@
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
rdf:resource="https://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>

+ 117
- 33
website/EN/backups.html

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-04-06 Wed 18:52 -->
<!-- 2016-08-08 Mon 17:16 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -56,13 +56,96 @@
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
pre.src-sh:before { content: 'sh'; }
pre.src-bash:before { content: 'sh'; }
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-R:before { content: 'R'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-java:before { content: 'Java'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
@ -95,6 +178,7 @@
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="solarized-light.css" />
@ -171,31 +255,31 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#orgheadline1">Backup keys</a></td>
<td class="org-left"><a href="#org4907e41">Backup keys</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline2">Backup to USB</a></td>
<td class="org-left"><a href="#orgf34d4c2">Backup to USB</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline3">Restore from USB</a></td>
<td class="org-left"><a href="#org462e852">Restore from USB</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline4">Distributed/remote backups</a></td>
<td class="org-left"><a href="#orgd061e2e">Distributed/remote backups</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline5">Restore from a friend</a></td>
<td class="org-left"><a href="#org7e9b4a7">Restore from a friend</a></td>
</tr>
</tbody>
</table>
</div>
<div id="outline-container-orgheadline1" class="outline-2">
<h2 id="orgheadline1">Backup keys</h2>
<div class="outline-text-2" id="text-orgheadline1">
<div id="outline-container-org4907e41" class="outline-2">
<h2 id="org4907e41">Backup keys</h2>
<div class="outline-text-2" id="text-org4907e41">
<p>
As part of the Freedombone installation the GPG key used to encrypt backups will have been added to the <i>.gnupg</i> keyring in your home directory. Ensure that you have a copy of all your keys by plugging in a LUKS encrypted USB drive and then running the commands:
</p>
@ -219,9 +303,9 @@ A pro-tip for the best possible security is to create multiple USB drives contai
</p>
</div>
</div>
<div id="outline-container-orgheadline2" class="outline-2">
<h2 id="orgheadline2">Backup to USB</h2>
<div class="outline-text-2" id="text-orgheadline2">
<div id="outline-container-orgf34d4c2" class="outline-2">
<h2 id="orgf34d4c2">Backup to USB</h2>
<div class="outline-text-2" id="text-orgf34d4c2">
<p>
First and foremost - <b>encrypt your USB drives</b>! Even if you think you have "<i>nothing to hide</i>" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the <i>Disk Utility</i> application. Some instructions <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be found here</a>.
</p>
@ -253,9 +337,9 @@ When the backup ends remove the USB drive and keep it somewhere safe. Even if it
</p>
</div>
</div>
<div id="outline-container-orgheadline3" class="outline-2">
<h2 id="orgheadline3">Restore from USB</h2>
<div class="outline-text-2" id="text-orgheadline3">
<div id="outline-container-org462e852" class="outline-2">
<h2 id="org462e852">Restore from USB</h2>
<div class="outline-text-2" id="text-org462e852">
<p>
Log into the system and become the root user:
</p>
@ -279,9 +363,9 @@ Enter the LUKS password for the USB drive. When the restore is complete you can
</p>
</div>
</div>
<div id="outline-container-orgheadline4" class="outline-2">
<h2 id="orgheadline4">Distributed/remote backups</h2>
<div class="outline-text-2" id="text-orgheadline4">
<div id="outline-container-orgd061e2e" class="outline-2">
<h2 id="orgd061e2e">Distributed/remote backups</h2>
<div class="outline-text-2" id="text-orgd061e2e">
<p>
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
</p>
@ -305,12 +389,12 @@ You can then enter the usernames, domains and ssh logins for one or more remote
</p>
</div>
</div>
<div id="outline-container-orgheadline5" class="outline-2">
<h2 id="orgheadline5">Restore from a friend</h2>
<div class="outline-text-2" id="text-orgheadline5">
</div><div id="outline-container-orgheadline6" class="outline-3">
<h3 id="orgheadline6">With a completely new Freedombone installation</h3>
<div class="outline-text-3" id="text-orgheadline6">
<div id="outline-container-org7e9b4a7" class="outline-2">
<h2 id="org7e9b4a7">Restore from a friend</h2>
<div class="outline-text-2" id="text-org7e9b4a7">
</div><div id="outline-container-org50e5958" class="outline-3">
<h3 id="org50e5958">With a completely new Freedombone installation</h3>
<div class="outline-text-3" id="text-org50e5958">
<p>
This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored on a USB thumb drive.
</p>
@ -338,9 +422,9 @@ Finally select Restore from remote backup and enter the domain name of th
</p>
</div>
</div>
<div id="outline-container-orgheadline7" class="outline-3">
<h3 id="orgheadline7">On an existing Freedombone installation</h3>
<div class="outline-text-3" id="text-orgheadline7">
<div id="outline-container-org76d9030" class="outline-3">
<h3 id="org76d9030">On an existing Freedombone installation</h3>
<div class="outline-text-3" id="text-org76d9030">
<p>
This is for more common situations in which maybe some data became corrupted and you want to restore it.
</p>

+ 92
- 8
website/EN/code.html

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-02-27 Sat 22:06 -->
<!-- 2016-08-08 Mon 17:19 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -56,13 +56,96 @@
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
pre.src-sh:before { content: 'sh'; }
pre.src-bash:before { content: 'sh'; }
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-R:before { content: 'R'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-java:before { content: 'Java'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
@ -95,6 +178,7 @@
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="solarized-light.css" />
@ -163,7 +247,7 @@ for the JavaScript code in this tag.
</center>
<p>
Freedombone is really just a couple of <a href="http://www.gnu.org/software/bash">bash</a> scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the <a href="https://www.gnu.org/licenses/agpl.html">GNU Affero General Public License version 3</a> (or later).
Freedombone is really just a couple of <a href="https://www.gnu.org/software/bash">bash</a> scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the <a href="https://www.gnu.org/licenses/agpl.html">GNU Affero General Public License version 3</a> (or later).
</p>
<p>

+ 135
- 51
website/EN/controlpanel.html

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-04-10 Sun 22:14 -->
<!-- 2016-08-08 Mon 17:19 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -56,13 +56,96 @@
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
pre.src-sh:before { content: 'sh'; }
pre.src-bash:before { content: 'sh'; }
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-R:before { content: 'R'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-java:before { content: 'Java'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
@ -95,6 +178,7 @@
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="solarized-light.css" />
@ -170,54 +254,54 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#orgheadline1">Main menu</a></td>
<td class="org-left"><a href="#org5b9a404">Main menu</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline2">User control panel</a></td>
<td class="org-left"><a href="#orge6a192d">User control panel</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline3">About screen</a></td>
<td class="org-left"><a href="#org36307fe">About screen</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline4">Email filtering rules</a></td>
<td class="org-left"><a href="#org802b84b">Email filtering rules</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline5">Hubzilla menu</a></td>
<td class="org-left"><a href="#org8311261">Hubzilla menu</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline6">IRC menu</a></td>
<td class="org-left"><a href="#orge818a90">IRC menu</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline7">Media menu</a></td>
<td class="org-left"><a href="#org38dc9e7">Media menu</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline8">Repository mirrors</a></td>
<td class="org-left"><a href="#org69caf17">Repository mirrors</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline9">Backup and restore menu</a></td>
<td class="org-left"><a href="#org9d94b93">Backup and restore menu</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline10">Security menu</a></td>
<td class="org-left"><a href="#orgf5b1503">Security menu</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgheadline11">User management menu</a></td>
<td class="org-left"><a href="#orge4d717e">User management menu</a></td>
</tr>
</tbody>
</table>
<div id="outline-container-orgheadline1" class="outline-2">
<h2 id="orgheadline1">Main menu</h2>
<div class="outline-text-2" id="text-orgheadline1">
<div id="outline-container-org5b9a404" class="outline-2">
<h2 id="org5b9a404">Main menu</h2>
<div class="outline-text-2" id="text-org5b9a404">
<p>
You can access the main menu by logging into the system.
</p>
@ -250,9 +334,9 @@ To select anythng on the control panel use the up and down cursor keys an
</div>
</div>
<div id="outline-container-orgheadline2" class="outline-2">
<h2 id="orgheadline2">User control panel</h2>
<div class="outline-text-2" id="text-orgheadline2">
<div id="outline-container-orge6a192d" class="outline-2">
<h2 id="orge6a192d">User control panel</h2>
<div class="outline-text-2" id="text-orge6a192d">
<p>
When a user initially logs in they will see a version of the control panel with restricted options aimed at the kinds of things which someone who isn't the administrator might wish to do. An expected scenario is that you might have a few friends or family members on the system, and this is who this menu is intended for.
</p>
@ -274,9 +358,9 @@ It's also possible for the user to define email filtering rules, add a ssh publi
</p>
</div>
</div>
<div id="outline-container-orgheadline3" class="outline-2">
<h2 id="orgheadline3">About screen</h2>
<div class="outline-text-2" id="text-orgheadline3">
<div id="outline-container-org36307fe" class="outline-2">
<h2 id="org36307fe">About screen</h2>
<div class="outline-text-2" id="text-org36307fe">
<p>
To find out your current domain names select the About screen from the main menu. This is especially useful for finding your onion addresses. For improved security by compartmentalisation, and also simpler implementation, each application has its own onion address.
</p>
@ -299,9 +383,9 @@ The Local Mirrors contains mirrored copies of the git repositories used by the s
</div>
</div>
<div id="outline-container-orgheadline4" class="outline-2">
<h2 id="orgheadline4">Email filtering rules</h2>
<div class="outline-text-2" id="text-orgheadline4">
<div id="outline-container-org802b84b" class="outline-2">
<h2 id="org802b84b">Email filtering rules</h2>
<div class="outline-text-2" id="text-org802b84b">
<p>
You can add users to mailing lists, or block particular email addresses or subject lines in this menu.
</p>
@ -316,9 +400,9 @@ You can add users to mailing lists, or block particular email addresses or subje
</div>
</div>
<div id="outline-container-orgheadline5" class="outline-2">
<h2 id="orgheadline5">Hubzilla menu</h2>
<div class="outline-text-2" id="text-orgheadline5">
<div id="outline-container-org8311261" class="outline-2">
<h2 id="org8311261">Hubzilla menu</h2>
<div class="outline-text-2" id="text-org8311261">
<p>
This allows you to set the global directory location and obtain an SSL/TLS certificate if necessary.
</p>
@ -333,9 +417,9 @@ This allows you to set the global directory location and obtain an SSL/TLS certi
</div>
</div>
<div id="outline-container-orgheadline6" class="outline-2">
<h2 id="orgheadline6">IRC menu</h2>
<div class="outline-text-2" id="text-orgheadline6">
<div id="outline-container-orge818a90" class="outline-2">
<h2 id="orge818a90">IRC menu</h2>
<div class="outline-text-2" id="text-orge818a90">
<p>
You can view the current IRC password or change it from here. Currently the IRC server does not work equally well on clrearnet and via Tor, so there is an option to switch from one to the other. Initially the IRC server will be running on clearnet (i.e. no onion routing).
</p>
@ -350,9 +434,9 @@ You can view the current IRC password or change it from here. Currently the IRC
</div>
</div>
<div id="outline-container-orgheadline7" class="outline-2">
<h2 id="orgheadline7">Media menu</h2>
<div class="outline-text-2" id="text-orgheadline7">
<div id="outline-container-org38dc9e7" class="outline-2">
<h2 id="org38dc9e7">Media menu</h2>
<div class="outline-text-2" id="text-org38dc9e7">
<p>
It's possible to add playable media to a USB drive and plug it into the system, then make it accessible to other devices such as tablets or phones on your local network via DLNA.
</p>
@ -367,9 +451,9 @@ It's possible to add playable media to a USB drive and plug it into the system,
</div>
</div>
<div id="outline-container-orgheadline8" class="outline-2">
<h2 id="orgheadline8">Repository mirrors</h2>
<div class="outline-text-2" id="text-orgheadline8">
<div id="outline-container-org69caf17" class="outline-2">
<h2 id="org69caf17">Repository mirrors</h2>
<div class="outline-text-2" id="text-org69caf17">
<p>
If you don't want to use the default repositories, or don't have access to them, then you can obtain them from another Freedombone server (the details can be found on the other server on the <b>About</b> screen of the control panel).
</p>
@ -384,9 +468,9 @@ If you don't want to use the default repositories, or don't have access to them,
</div>
</div>
<div id="outline-container-orgheadline9" class="outline-2">
<h2 id="orgheadline9">Backup and restore menu</h2>
<div class="outline-text-2" id="text-orgheadline9">
<div id="outline-container-org9d94b93" class="outline-2">
<h2 id="org9d94b93">Backup and restore menu</h2>
<div class="outline-text-2" id="text-org9d94b93">
<p>
You can create backups or restore from backup here. It's also possible to create keydrives which store the backup key.
</p>
@ -401,9 +485,9 @@ You can create backups or restore from backup here. It's also possible to create
</div>
</div>
<div id="outline-container-orgheadline10" class="outline-2">
<h2 id="orgheadline10">Security menu</h2>
<div class="outline-text-2" id="text-orgheadline10">
<div id="outline-container-orgf5b1503" class="outline-2">
<h2 id="orgf5b1503">Security menu</h2>
<div class="outline-text-2" id="text-orgf5b1503">
<p>
If you need to generate SSL/TLS certificates or change cypher details due to changing recommendations then you can do that here. If you are changing cypher details be extra careful not to make mistakes/typos, which could reduce the security of your system.
</p>
@ -418,9 +502,9 @@ If you need to generate SSL/TLS certificates or change cypher details due to cha
</div>
</div>
<div id="outline-container-orgheadline11" class="outline-2">
<h2 id="orgheadline11">User management menu</h2>
<div class="outline-text-2" id="text-orgheadline11">
<div id="outline-container-orge4d717e" class="outline-2">
<h2 id="orge4d717e">User management menu</h2>
<div class="outline-text-2" id="text-orge4d717e">
<p>
Users can be added or removed here.
</p>

+ 200
- 159
website/EN/faq.html

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-06-23 Thu 17:53 -->
<!-- 2016-08-08 Mon 17:19 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -56,13 +56,96 @@
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
pre.src-sh:before { content: 'sh'; }
pre.src-bash:before { content: 'sh'; }
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-R:before { content: 'R'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-java:before { content: 'Java'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
@ -95,6 +178,7 @@
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="solarized-light.css" />
@ -171,19 +255,19 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#org615222a">I don't have a static IP address. Can I still install this system?</a></td>
<td class="org-left"><a href="#orgb7c1e53">I don't have a static IP address. Can I still install this system?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orge65ac24">Why not support building images for Raspberry Pi?</a></td>
<td class="org-left"><a href="#org3d1a6d8">Why not support building images for Raspberry Pi?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org618bb31">Why use Github?</a></td>
<td class="org-left"><a href="#org65dd2d0">Why use Github?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgb2070b7">Keys and emails should not be stored on servers. Why do you do that?</a></td>
<td class="org-left"><a href="#orgc71a5ba">Keys and emails should not be stored on servers. Why do you do that?</a></td>
</tr>
<tr>
@ -191,95 +275,95 @@ for the JavaScript code in this tag.
</tr>
<tr>
<td class="org-left"><a href="#orgfe54735">Why can't I access my .onion site with a Tor browser?</a></td>
<td class="org-left"><a href="#org61177cd">Why can't I access my .onion site with a Tor browser?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orge1d4bf5">What is the best hardware to run this system on?</a></td>
<td class="org-left"><a href="#org9deac95">What is the best hardware to run this system on?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org7830fc4">Can I add more users to the system?</a></td>
<td class="org-left"><a href="#orge432828">Can I add more users to the system?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgaca4b9">Why not use Signal for mobile chat?</a></td>
<td class="org-left"><a href="#orge80f248">Why not use Signal for mobile chat?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgdfe48b6">What is the most secure chat app to use on mobile?</a></td>
<td class="org-left"><a href="#orga13aa35">What is the most secure chat app to use on mobile?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orga7590b">How do I remove a user from the system?</a></td>
<td class="org-left"><a href="#orgec94b45">How do I remove a user from the system?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgf7c3373">How do I reset the tripwire?</a></td>
<td class="org-left"><a href="#org2de3b9e">How do I reset the tripwire?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org1671e7a">Is metadata protected?</a></td>
<td class="org-left"><a href="#org73d8767">Is metadata protected?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org4bfc42">How do I create email processing rules?</a></td>
<td class="org-left"><a href="#orge102a24">How do I create email processing rules?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org8da60a9">Why isn't dynamic DNS working?</a></td>
<td class="org-left"><a href="#org712b605">Why isn't dynamic DNS working?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org80b899c">How do I change my encryption settings?</a></td>
<td class="org-left"><a href="#org3822e27">How do I change my encryption settings?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgd372087">How do I get a domain name?</a></td>
<td class="org-left"><a href="#orgea6d6d2">How do I get a domain name?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org5152d4a">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
<td class="org-left"><a href="#org3b6d8b4">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org851167c">How do I renew a Let's Encrypt certificate?</a></td>
<td class="org-left"><a href="#orgabe05bb">How do I renew a Let's Encrypt certificate?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org5f627df">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
<td class="org-left"><a href="#org4e0c7bc">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgb35c769">Why use self-signed certificates?</a></td>
<td class="org-left"><a href="#org84e7119">Why use self-signed certificates?</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgaa66ed6">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
<td class="org-left"><a href="#org3376bf8">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
</tr>
<tr>
<td class="org-left"><a href="#orgdcf88db">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
<td class="org-left"><a href="#org2a57f9c">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
</tr>
</tbody>
</table>
</div>
<div id="outline-container-org615222a" class="outline-2">
<h2 id="org615222a">I don't have a static IP address. Can I still install this system?</h2>
<div class="outline-text-2" id="text-org615222a">
<div id="outline-container-orgb7c1e53" class="outline-2">
<h2 id="orgb7c1e53">I don't have a static IP address. Can I still install this system?</h2>
<div class="outline-text-2" id="text-orgb7c1e53">
<p>
Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.
</p>
<p>
The lack of a static IP address can be worked around by using a dynamic DNS service. Freedombone uses <a href="http://troglobit.com/inadyn.html">inadyn</a> , which supports a variety of dynamic DNS providers.
The lack of a static IP address can be worked around by using a dynamic DNS service. Freedombone uses <a href="https://troglobit.com/inadyn.html">inadyn</a> , which supports a variety of dynamic DNS providers.
</p>
</div>
</div>
<div id="outline-container-orge65ac24" class="outline-2">
<h2 id="orge65ac24">Why not support building images for Raspberry Pi?</h2>
<div class="outline-text-2" id="text-orge65ac24">
<div id="outline-container-org3d1a6d8" class="outline-2">
<h2 id="org3d1a6d8">Why not support building images for Raspberry Pi?</h2>
<div class="outline-text-2" id="text-org3d1a6d8">
<p>
The FreedomBox project supports Raspberry Pi builds, and the image build system for Freedombone is based on the same system. However, although the Raspberry Pi can run a version of Debian it requires a closed proprietary blob in order to boot the hardware. Who knows what that blob might contain or what exploits it could facilitate. From an adversarial point of view if you were trying to deliver "bulk equipment interference" then it doesn't get any better than piggybacking on something which has control of the boot process, and hence all subsequently run processes.
</p>
@ -289,9 +373,9 @@ So although the Raspberry Pi is cheap and hugely popular it's not supported by t
</p>
</div>
</div>
<div id="outline-container-org618bb31" class="outline-2">
<h2 id="org618bb31">Why use Github?</h2>
<div class="outline-text-2" id="text-org618bb31">
<div id="outline-container-org65dd2d0" class="outline-2">
<h2 id="org65dd2d0">Why use Github?</h2>
<div class="outline-text-2" id="text-org65dd2d0">
<p>
Github is paradoxically a centralized, closed and proprietary system which happens to mostly host free and open source projects. Up until now it has been relatively benign, but at some point in the name of "growth" it will likely start becoming more evil, or just become like SourceForge - which was also once much loved by FOSS developers, but turned into a den of malvertizing.
</p>
@ -309,9 +393,9 @@ Currently many of the repositories used for applications which are not yet packa
</p>
</div>
</div>
<div id="outline-container-orgb2070b7" class="outline-2">
<h2 id="orgb2070b7">Keys and emails should not be stored on servers. Why do you do that?</h2>
<div class="outline-text-2" id="text-orgb2070b7">
<div id="outline-container-orgc71a5ba" class="outline-2">
<h2 id="orgc71a5ba">Keys and emails should not be stored on servers. Why do you do that?</h2>
<div class="outline-text-2" id="text-orgc71a5ba">
<p>
Ordinarily this is good advice. However, the threat model for a device in your home is different from the one for a generic server in a massive warehouse. Compare and contrast:
</p>
@ -369,17 +453,17 @@ In the home environment a box with a good firewall and no GUI components install
</div>
</div>
<div id="outline-container-orgfe54735" class="outline-2">
<h2 id="orgfe54735">Why can't I access my .onion site with a Tor browser?</h2>
<div class="outline-text-2" id="text-orgfe54735">
<div id="outline-container-org61177cd" class="outline-2">
<h2 id="org61177cd">Why can't I access my .onion site with a Tor browser?</h2>
<div class="outline-text-2" id="text-org61177cd">
<p>
Probably you need to add the site to the NoScript whitelist. Typically click/press on the noscript icon (or select from the menu on mobile) then select <i>whitelist</i> and add the site URL. You may also need to disable HTTPS Everywhere when using onion addresses, which don't use https.
</p>
</div>
</div>
<div id="outline-container-orge1d4bf5" class="outline-2">
<h2 id="orge1d4bf5">What is the best hardware to run this system on?</h2>
<div class="outline-text-2" id="text-orge1d4bf5">
<div id="outline-container-org9deac95" class="outline-2">
<h2 id="org9deac95">What is the best hardware to run this system on?</h2>
<div class="outline-text-2" id="text-org9deac95">
<p>
It was originally designed to run on the Beaglebone Black, but that should be regarded as the most minimal system, because it's single core and has by today's standards a small amount of memory. Obviously the more powerful the hardware is the faster things like web pages (blog, social networking, etc) will be served but the more electricity such a system will require if you're running it 24/7. A good compromise between performance and energy consumption is something like an old netbook. The battery of an old netbook or laptop even gives you <a href="https://en.wikipedia.org/wiki/Uninterruptible_power_supply">UPS capability</a> to keep the system going during brief power outages or cable re-arrangements, and that means using full disk encryption on the server also becomes more practical.
</p>
@ -389,9 +473,9 @@ It was originally designed to run on the Beaglebone Black, but that should be re
</p>
</div>
</div>
<div id="outline-container-org7830fc4" class="outline-2">
<h2 id="org7830fc4">Can I add more users to the system?</h2>
<div class="outline-text-2" id="text-org7830fc4">
<div id="outline-container-orge432828" class="outline-2">
<h2 id="orge432828">Can I add more users to the system?</h2>
<div class="outline-text-2" id="text-orge432828">
<p>
Yes. Freedombone can support a small number of users, for a "<i>friends and family</i>" type of home installation. This gives them access to an email account, XMPP, SIP phone and the blog (depending on whether the variant which you installed includes those).
</p>
@ -415,9 +499,9 @@ Another point is that Freedombone installations are not intended to support many
</p>
</div>
</div>
<div id="outline-container-orgaca4b9" class="outline-2">
<h2 id="orgaca4b9">Why not use Signal for mobile chat?</h2>
<div class="outline-text-2" id="text-orgaca4b9">
<div id="outline-container-orge80f248" class="outline-2">
<h2 id="orge80f248">Why not use Signal for mobile chat?</h2>
<div class="outline-text-2" id="text-orge80f248">
<p>
Celebrities recommend Signal. It's Free Software so it must be good, right?
</p>
@ -438,9 +522,9 @@ To give credit where it's due Signal is good, but it could be a lot better. The
</p>
</div>
</div>
<div id="outline-container-orgdfe48b6" class="outline-2">
<h2 id="orgdfe48b6">What is the most secure chat app to use on mobile?</h2>
<div class="outline-text-2" id="text-orgdfe48b6">
<div id="outline-container-orga13aa35" class="outline-2">
<h2 id="orga13aa35">What is the most secure chat app to use on mobile?</h2>
<div class="outline-text-2" id="text-orga13aa35">
<p>
On mobile there are various options. The apps which are likely to be most secure are ones which have end-to-end encryption enabled by default and which can also be onion routed via Orbot. End-to-end encryption secures the content of the message and onion routing obscures the metadata, making it hard for a passive adversary to know who is communicating with who.
</p>
@ -450,13 +534,13 @@ The current safest way to chat is to use Con
</p>
<p>
There are many <a href="#orgaca4b9">other fashionable chat apps</a> with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.
There are many <a href="#orge80f248">other fashionable chat apps</a> with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.
</p>
</div>
</div>
<div id="outline-container-orga7590b" class="outline-2">
<h2 id="orga7590b">How do I remove a user from the system?</h2>
<div class="outline-text-2" id="text-orga7590b">
<div id="outline-container-orgec94b45" class="outline-2">
<h2 id="orgec94b45">How do I remove a user from the system?</h2>
<div class="outline-text-2" id="text-orgec94b45">
<p>
To remove a user:
</p>
@ -472,9 +556,9 @@ Select Administrator controls then Manage Users and then Delete
</p>
</div>
</div>
<div id="outline-container-orgf7c3373" class="outline-2">
<h2 id="orgf7c3373">How do I reset the tripwire?</h2>
<div class="outline-text-2" id="text-orgf7c3373">
<div id="outline-container-org2de3b9e" class="outline-2">
<h2 id="org2de3b9e">How do I reset the tripwire?</h2>
<div class="outline-text-2" id="text-org2de3b9e">
<p>
The tripwire will be automatically reset once per week. If you want to reset it earlier then do the following:
</p>
@ -490,9 +574,9 @@ Select Administrator controls then "reset tripwire" using cursors and spa
</p>
</div>
</div>
<div id="outline-container-org1671e7a" class="outline-2">
<h2 id="org1671e7a">Is metadata protected?</h2>
<div class="outline-text-2" id="text-org1671e7a">
<div id="outline-container-org73d8767" class="outline-2">
<h2 id="org73d8767">Is metadata protected?</h2>
<div class="outline-text-2" id="text-org73d8767">
<blockquote>
<p>
"<i>We kill people based on metadata</i>"
@ -508,9 +592,9 @@ Even when using Freedombone metadata analysis by third parties is still possible
</p>
</div>
</div>
<div id="outline-container-org4bfc42" class="outline-2">
<h2 id="org4bfc42">How do I create email processing rules?</h2>
<div class="outline-text-2" id="text-org4bfc42">
<div id="outline-container-orge102a24" class="outline-2">
<h2 id="orge102a24">How do I create email processing rules?</h2>
<div class="outline-text-2" id="text-orge102a24">
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
@ -567,9 +651,9 @@ Spamassassin is also available and within Mutt you can use the S (shift+s) key t
</p>
</div>
</div>
<div id="outline-container-org8da60a9" class="outline-2">
<h2 id="org8da60a9">Why isn't dynamic DNS working?</h2>
<div class="outline-text-2" id="text-org8da60a9">
<div id="outline-container-org712b605" class="outline-2">
<h2 id="org712b605">Why isn't dynamic DNS working?</h2>
<div class="outline-text-2" id="text-org712b605">
<p>
If you run the command:
</p>
@ -589,57 +673,14 @@ And see some error related to checking for changes in the IP address then you ca
<pre class="src src-text">https://check.torproject.org/
https://www.whatsmydns.net/whats-my-ip-address.html
https://www.privateinternetaccess.com/pages/whats-my-ip/
http://checkip.two-dns.de
http://ip.dnsexit.com
http://ifconfig.me/ip
http://ipecho.net/plain
http://checkip.dyndns.org/plain
http://ipogre.com/linux.php
http://whatismyipaddress.com/
http://ip.my-proxy.com/
http://websiteipaddress.com/WhatIsMyIp
http://getmyipaddress.org/
http://www.my-ip-address.net/
http://myexternalip.com/raw
http://www.canyouseeme.org/
http://www.trackip.net/
http://icanhazip.com/
http://www.iplocation.net/
http://www.howtofindmyipaddress.com/
http://www.ipchicken.com/
http://whatsmyip.net/
http://www.ip-adress.com/
http://checkmyip.com/
http://www.tracemyip.org/
http://checkmyip.net/
http://www.lawrencegoetz.com/programs/ipinfo/
http://www.findmyip.co/
http://ip-lookup.net/
http://www.dslreports.com/whois
http://www.mon-ip.com/en/my-ip/
http://www.myip.ru
http://ipgoat.com/
http://www.myipnumber.com/my-ip-address.asp
http://www.whatsmyipaddress.net/
http://formyip.com/
http://www.displaymyip.com/
http://www.bobborst.com/tools/whatsmyip/
http://www.geoiptool.com/
http://checkip.dyndns.com/
http://myexternalip.com/
http://www.ip-adress.eu/
http://www.infosniper.net/
http://wtfismyip.com/
http://ipinfo.io/
http://httpbin.org/ip
</pre>
</div>
</div>
</div>
<div id="outline-container-org80b899c" class="outline-2">
<h2 id="org80b899c">How do I change my encryption settings?</h2>
<div class="outline-text-2" id="text-org80b899c">
<div id="outline-container-org3822e27" class="outline-2">
<h2 id="org3822e27">How do I change my encryption settings?</h2>
<div class="outline-text-2" id="text-org3822e27">
<p>
Suppose that some new encryption vulnerability has been announced and that you need to change your encryption settings. Maybe an algorithm thought to be secure is now no longer so and you need to remove it. You can change your settings by doing the following: