Note about IP address

2015-01-21 20:36:12 +00:00 · 2015-01-21 20:36:12 +00:00 · 243a357832
parent 9100554f43
commit 243a357832
2 changed files with 154 additions and 21 deletions
--- a/doc/faq.org
+++ b/doc/faq.org
@ -10,12 +10,13 @@

 #+BEGIN_CENTER
 #+ATTR_HTML: :border -1
-| [[file:index.html][Home]]                                   |
-| [[Why not supply a disk image download?]]  |
-| [[Is metadata protected?]]                 |
-| [[How do I get a domain name?]]            |
-| [[How do I get a "real" SSL certificate?]] |
-| [[Why use self-signed certificates?]]      |
+| [[file:index.html][Home]]                                                                       |
+| [[Why not supply a disk image download?]]                                      |
+| [[Is metadata protected?]]                                                     |
+| [[Why isn't dynamic DNS working?]]                                             |
+| [[How do I get a domain name?]]                                                |
+| [[How do I get a "real" SSL certificate?]]                                     |
+| [[Why use self-signed certificates?]]                                          |
 | [[Why not use the services of $company instead? They took the Seppuku pledge]] |
 #+END_CENTER

@ -23,6 +24,64 @@
 Shipping a Freedombone disk image ready to install on a flash disk would be easy, but disk images are relatively opaque. It would be quite easy to hide something nasty within a disk image and the user might never know. To guard against that possibility installing via the /install-freedombone.sh/ script is a lot more transparent. You can check the code to see exactly what it's doing, and the packages are all downloaded from standard Debian repos (you can even choose which one you trust) or git repos. Doing it this way the system is fully auditable, whereas when shipping a disk image it's harder to be confident that no nefarious extras have been added.
 * Is metadata protected?
 Even when using Freedombone metadata analysis by third parties is still possible. They might have a much harder time knowing what the content is, but they can potentially construct extensive dossiers based upon who communicated with your server when.  Metadata leakage is a general problem with most current web systems and it is hoped that more secure technology will become available in future. But for now if metadata protection is your main concern using Freedombone won't help.
+* Why isn't dynamic DNS working?
+If you run the command:
+
+#+BEGIN_SRC bash
+service inadyn status
+#+END_SRC
+
+And see some error related to checking for changes in the IP address then you can try other external IP services. Edit */etc/inadyn.conf* and change the domain for the *checkip-url* parameter. Possible sites are:
+
+#+BEGIN_SRC bash
+https://check.torproject.org/
+https://www.whatsmydns.net/whats-my-ip-address.html
+https://www.privateinternetaccess.com/pages/whats-my-ip/
+http://checkip.two-dns.de
+http://ip.dnsexit.com
+http://ifconfig.me/ip
+http://ipecho.net/plain
+http://checkip.dyndns.org/plain
+http://ipogre.com/linux.php
+http://whatismyipaddress.com/
+http://ip.my-proxy.com/
+http://websiteipaddress.com/WhatIsMyIp
+http://getmyipaddress.org/
+http://www.my-ip-address.net/
+http://myexternalip.com/raw
+http://www.canyouseeme.org/
+http://www.trackip.net/
+http://icanhazip.com/
+http://www.iplocation.net/
+http://www.howtofindmyipaddress.com/
+http://www.ipchicken.com/
+http://whatsmyip.net/
+http://www.ip-adress.com/
+http://checkmyip.com/
+http://www.tracemyip.org/
+http://checkmyip.net/
+http://www.lawrencegoetz.com/programs/ipinfo/
+http://www.findmyip.co/
+http://ip-lookup.net/
+http://www.dslreports.com/whois
+http://www.mon-ip.com/en/my-ip/
+http://www.myip.ru
+http://ipgoat.com/
+http://www.myipnumber.com/my-ip-address.asp
+http://www.whatsmyipaddress.net/
+http://formyip.com/
+http://www.displaymyip.com/
+http://www.bobborst.com/tools/whatsmyip/
+http://www.geoiptool.com/
+http://checkip.dyndns.com/
+http://myexternalip.com/
+http://www.ip-adress.eu/
+http://www.infosniper.net/
+http://wtfismyip.com/
+http://ipinfo.io/
+http://httpbin.org/ip
+#+END_SRC
+
 * How do I get a domain name?
 Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.

--- a/website/faq.html
+++ b/website/faq.html
@ -4,7 +4,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
 <title></title>
-<!-- 2014-11-09 Sun 18:29 -->
+<!-- 2015-01-21 Wed 20:35 -->
 <meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta  name="generator" content="Org-mode" />
 <meta  name="author" content="Bob Mottram" />
@ -177,19 +177,23 @@ for the JavaScript code in this tag.
 </tr>

 <tr>
-<td class="left"><a href="#unnumbered-3">How do I get a domain name?</a></td>
+<td class="left"><a href="#unnumbered-3">Why isn't dynamic DNS working?</a></td>
 </tr>

 <tr>
-<td class="left"><a href="#unnumbered-4">How do I get a "real" SSL certificate?</a></td>
+<td class="left"><a href="#unnumbered-4">How do I get a domain name?</a></td>
 </tr>

 <tr>
-<td class="left"><a href="#unnumbered-5">Why use self-signed certificates?</a></td>
+<td class="left"><a href="#unnumbered-5">How do I get a "real" SSL certificate?</a></td>
 </tr>

 <tr>
-<td class="left"><a href="#unnumbered-6">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
+<td class="left"><a href="#unnumbered-6">Why use self-signed certificates?</a></td>
+</tr>
+
+<tr>
+<td class="left"><a href="#unnumbered-7">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
 </tr>
 </tbody>
 </table>
@ -212,9 +216,79 @@ Even when using Freedombone metadata analysis by third parties is still possible
 </div>
 </div>
 <div id="outline-container-unnumbered-3" class="outline-2">
-<h2 id="unnumbered-3">How do I get a domain name?</h2>
+<h2 id="unnumbered-3">Why isn't dynamic DNS working?</h2>
 <div class="outline-text-2" id="text-unnumbered-3">
 <p>
+If you run the command:
+</p>
+
+<div class="org-src-container">
+
+<pre class="src src-bash">service inadyn status
+</pre>
+</div>
+
+<p>
+And see some error related to checking for changes in the IP address then you can try other external IP services. Edit <b>/etc/inadyn.conf</b> and change the domain for the <b>checkip-url</b> parameter. Possible sites are:
+</p>
+
+<div class="org-src-container">
+
+<pre class="src src-bash">https://check.torproject.org/
+https://www.whatsmydns.net/whats-my-ip-address.html
+https://www.privateinternetaccess.com/pages/whats-my-ip/
+http://checkip.two-dns.de
+http://ip.dnsexit.com
+http://ifconfig.me/ip
+http://ipecho.net/plain
+http://checkip.dyndns.org/plain
+http://ipogre.com/linux.php
+http://whatismyipaddress.com/
+http://ip.my-proxy.com/
+http://websiteipaddress.com/WhatIsMyIp
+http://getmyipaddress.org/
+http://www.my-ip-address.net/
+http://myexternalip.com/raw
+http://www.canyouseeme.org/
+http://www.trackip.net/
+http://icanhazip.com/
+http://www.iplocation.net/
+http://www.howtofindmyipaddress.com/
+http://www.ipchicken.com/
+http://whatsmyip.net/
+http://www.ip-adress.com/
+http://checkmyip.com/
+http://www.tracemyip.org/
+http://checkmyip.net/
+http://www.lawrencegoetz.com/programs/ipinfo/
+http://www.findmyip.co/
+http://ip-lookup.net/
+http://www.dslreports.com/whois
+http://www.mon-ip.com/en/my-ip/
+http://www.myip.ru
+http://ipgoat.com/
+http://www.myipnumber.com/my-ip-address.asp
+http://www.whatsmyipaddress.net/
+http://formyip.com/
+http://www.displaymyip.com/
+http://www.bobborst.com/tools/whatsmyip/
+http://www.geoiptool.com/
+http://checkip.dyndns.com/
+http://myexternalip.com/
+http://www.ip-adress.eu/
+http://www.infosniper.net/
+http://wtfismyip.com/
+http://ipinfo.io/
+http://httpbin.org/ip
+</pre>
+</div>
+</div>
+</div>
+
+<div id="outline-container-unnumbered-4" class="outline-2">
+<h2 id="unnumbered-4">How do I get a domain name?</h2>
+<div class="outline-text-2" id="text-unnumbered-4">
+<p>
 Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.
 </p>

@ -281,9 +355,9 @@ You should now be able to send an email from <i>postmaster@mynewdomainname</i> a
 </div>
 </div>

-<div id="outline-container-unnumbered-4" class="outline-2">
-<h2 id="unnumbered-4">How do I get a "real" SSL certificate?</h2>
-<div class="outline-text-2" id="text-unnumbered-4">
+<div id="outline-container-unnumbered-5" class="outline-2">
+<h2 id="unnumbered-5">How do I get a "real" SSL certificate?</h2>
+<div class="outline-text-2" id="text-unnumbered-5">
 <p>
 You can obtain a free "official" (as in recognised by default by web browsers) SSL certificate from <a href="https://www.startssl.com/">StartSSL</a>. You will first need to have bought a domain name, since it's not possible to obtain one for a freedns subdomain, so see <i>Using your own domain</i> for details of how to do that.  You should also have tested that you can send email to the domain and receive it on the Freedombone (via Mutt or any other email client).
 </p>
@ -463,9 +537,9 @@ Now visit your web site at <a href="https://mydomainname.com/">https://mydomainn
 </div>
 </div>

-<div id="outline-container-unnumbered-5" class="outline-2">
-<h2 id="unnumbered-5">Why use self-signed certificates?</h2>
-<div class="outline-text-2" id="text-unnumbered-5">
+<div id="outline-container-unnumbered-6" class="outline-2">
+<h2 id="unnumbered-6">Why use self-signed certificates?</h2>
+<div class="outline-text-2" id="text-unnumbered-6">
 <p>
 Almost everywhere on the web you will read that self-signed certificates are worthless. They bring up scary looking browser warnings and gurus will advise you not to use them. Self-signed certificates are quite useful though. What the scary warnings mean - and it would be good if they explained this more clearly - is that you have an encrypted connection established but there is <i>no certainty about who that connection is with</i>. The usual solution to this is to get a "real" SSL certificate from one of the certificate authorities, but it's far from clear that such authorities can be trusted. There have been various scandals involving such organisations, and it does not seem plausible to assume that they are somehow immune to the sort of treatment which <a href="http://en.wikipedia.org/wiki/Lavabit">Lavabit</a> received. So although most internet users have been trained to look for the lock icon as an indication that the connection is secured that belief may not always be well founded.
 </p>
@ -479,9 +553,9 @@ For now a self-signed certificate will probably in most cases protect your commu
 </p>
 </div>
 </div>
-<div id="outline-container-unnumbered-6" class="outline-2">
-<h2 id="unnumbered-6">Why not use the services of $company instead? They took the Seppuku pledge</h2>
-<div class="outline-text-2" id="text-unnumbered-6">
+<div id="outline-container-unnumbered-7" class="outline-2">
+<h2 id="unnumbered-7">Why not use the services of $company instead? They took the Seppuku pledge</h2>
+<div class="outline-text-2" id="text-unnumbered-7">
 <p>
 <a href="http://seppuku.cryptostorm.org/">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<a href="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
 </p>