diff --git a/doc/faq.org b/doc/faq.org index 1c38ec30..ba4a9a5c 100644 --- a/doc/faq.org +++ b/doc/faq.org @@ -10,12 +10,13 @@ #+BEGIN_CENTER #+ATTR_HTML: :border -1 -| [[file:index.html][Home]] | -| [[Why not supply a disk image download?]] | -| [[Is metadata protected?]] | -| [[How do I get a domain name?]] | -| [[How do I get a "real" SSL certificate?]] | -| [[Why use self-signed certificates?]] | +| [[file:index.html][Home]] | +| [[Why not supply a disk image download?]] | +| [[Is metadata protected?]] | +| [[Why isn't dynamic DNS working?]] | +| [[How do I get a domain name?]] | +| [[How do I get a "real" SSL certificate?]] | +| [[Why use self-signed certificates?]] | | [[Why not use the services of $company instead? They took the Seppuku pledge]] | #+END_CENTER @@ -23,6 +24,64 @@ Shipping a Freedombone disk image ready to install on a flash disk would be easy, but disk images are relatively opaque. It would be quite easy to hide something nasty within a disk image and the user might never know. To guard against that possibility installing via the /install-freedombone.sh/ script is a lot more transparent. You can check the code to see exactly what it's doing, and the packages are all downloaded from standard Debian repos (you can even choose which one you trust) or git repos. Doing it this way the system is fully auditable, whereas when shipping a disk image it's harder to be confident that no nefarious extras have been added. * Is metadata protected? Even when using Freedombone metadata analysis by third parties is still possible. They might have a much harder time knowing what the content is, but they can potentially construct extensive dossiers based upon who communicated with your server when. Metadata leakage is a general problem with most current web systems and it is hoped that more secure technology will become available in future. But for now if metadata protection is your main concern using Freedombone won't help. +* Why isn't dynamic DNS working? +If you run the command: + +#+BEGIN_SRC bash +service inadyn status +#+END_SRC + +And see some error related to checking for changes in the IP address then you can try other external IP services. Edit */etc/inadyn.conf* and change the domain for the *checkip-url* parameter. Possible sites are: + +#+BEGIN_SRC bash +https://check.torproject.org/ +https://www.whatsmydns.net/whats-my-ip-address.html +https://www.privateinternetaccess.com/pages/whats-my-ip/ +http://checkip.two-dns.de +http://ip.dnsexit.com +http://ifconfig.me/ip +http://ipecho.net/plain +http://checkip.dyndns.org/plain +http://ipogre.com/linux.php +http://whatismyipaddress.com/ +http://ip.my-proxy.com/ +http://websiteipaddress.com/WhatIsMyIp +http://getmyipaddress.org/ +http://www.my-ip-address.net/ +http://myexternalip.com/raw +http://www.canyouseeme.org/ +http://www.trackip.net/ +http://icanhazip.com/ +http://www.iplocation.net/ +http://www.howtofindmyipaddress.com/ +http://www.ipchicken.com/ +http://whatsmyip.net/ +http://www.ip-adress.com/ +http://checkmyip.com/ +http://www.tracemyip.org/ +http://checkmyip.net/ +http://www.lawrencegoetz.com/programs/ipinfo/ +http://www.findmyip.co/ +http://ip-lookup.net/ +http://www.dslreports.com/whois +http://www.mon-ip.com/en/my-ip/ +http://www.myip.ru +http://ipgoat.com/ +http://www.myipnumber.com/my-ip-address.asp +http://www.whatsmyipaddress.net/ +http://formyip.com/ +http://www.displaymyip.com/ +http://www.bobborst.com/tools/whatsmyip/ +http://www.geoiptool.com/ +http://checkip.dyndns.com/ +http://myexternalip.com/ +http://www.ip-adress.eu/ +http://www.infosniper.net/ +http://wtfismyip.com/ +http://ipinfo.io/ +http://httpbin.org/ip +#+END_SRC + * How do I get a domain name? Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead. diff --git a/website/faq.html b/website/faq.html index 6c8e2121..244ca32b 100644 --- a/website/faq.html +++ b/website/faq.html @@ -4,7 +4,7 @@
+If you run the command: +
+ +service inadyn status ++
+And see some error related to checking for changes in the IP address then you can try other external IP services. Edit /etc/inadyn.conf and change the domain for the checkip-url parameter. Possible sites are: +
+ +https://check.torproject.org/ +https://www.whatsmydns.net/whats-my-ip-address.html +https://www.privateinternetaccess.com/pages/whats-my-ip/ +http://checkip.two-dns.de +http://ip.dnsexit.com +http://ifconfig.me/ip +http://ipecho.net/plain +http://checkip.dyndns.org/plain +http://ipogre.com/linux.php +http://whatismyipaddress.com/ +http://ip.my-proxy.com/ +http://websiteipaddress.com/WhatIsMyIp +http://getmyipaddress.org/ +http://www.my-ip-address.net/ +http://myexternalip.com/raw +http://www.canyouseeme.org/ +http://www.trackip.net/ +http://icanhazip.com/ +http://www.iplocation.net/ +http://www.howtofindmyipaddress.com/ +http://www.ipchicken.com/ +http://whatsmyip.net/ +http://www.ip-adress.com/ +http://checkmyip.com/ +http://www.tracemyip.org/ +http://checkmyip.net/ +http://www.lawrencegoetz.com/programs/ipinfo/ +http://www.findmyip.co/ +http://ip-lookup.net/ +http://www.dslreports.com/whois +http://www.mon-ip.com/en/my-ip/ +http://www.myip.ru +http://ipgoat.com/ +http://www.myipnumber.com/my-ip-address.asp +http://www.whatsmyipaddress.net/ +http://formyip.com/ +http://www.displaymyip.com/ +http://www.bobborst.com/tools/whatsmyip/ +http://www.geoiptool.com/ +http://checkip.dyndns.com/ +http://myexternalip.com/ +http://www.ip-adress.eu/ +http://www.infosniper.net/ +http://wtfismyip.com/ +http://ipinfo.io/ +http://httpbin.org/ip ++
Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.
@@ -281,9 +355,9 @@ You should now be able to send an email from postmaster@mynewdomainname aYou can obtain a free "official" (as in recognised by default by web browsers) SSL certificate from StartSSL. You will first need to have bought a domain name, since it's not possible to obtain one for a freedns subdomain, so see Using your own domain for details of how to do that. You should also have tested that you can send email to the domain and receive it on the Freedombone (via Mutt or any other email client).
@@ -463,9 +537,9 @@ Now visit your web site at https://mydomainnAlmost everywhere on the web you will read that self-signed certificates are worthless. They bring up scary looking browser warnings and gurus will advise you not to use them. Self-signed certificates are quite useful though. What the scary warnings mean - and it would be good if they explained this more clearly - is that you have an encrypted connection established but there is no certainty about who that connection is with. The usual solution to this is to get a "real" SSL certificate from one of the certificate authorities, but it's far from clear that such authorities can be trusted. There have been various scandals involving such organisations, and it does not seem plausible to assume that they are somehow immune to the sort of treatment which Lavabit received. So although most internet users have been trained to look for the lock icon as an indication that the connection is secured that belief may not always be well founded.
@@ -479,9 +553,9 @@ For now a self-signed certificate will probably in most cases protect your commuThat pledge is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "on our side". Post-nymwars and post-PRISM we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.