From 53b883d89515eca05982b58a845f45525bce8ffc Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Thu, 12 Apr 2018 13:01:49 +0100 Subject: [PATCH] New formatting on images --- doc/EN/app_akaunting.org | 15 +- doc/EN/app_bdsmail.org | 9 +- doc/EN/app_bludit.org | 9 +- doc/EN/app_cryptpad.org | 12 +- doc/EN/app_dlna.org | 9 +- doc/EN/app_dokuwiki.org | 10 +- doc/EN/app_edith.org | 12 +- doc/EN/app_emacs.org | 9 +- doc/EN/app_etherpad.org | 9 +- doc/EN/app_fedwiki.org | 9 +- doc/EN/app_friendica.org | 12 +- doc/EN/app_gnusocial.org | 25 +- doc/EN/app_gogs.org | 9 +- doc/EN/app_htmly.org | 9 +- doc/EN/app_hubzilla.org | 12 +- doc/EN/app_icecast.org | 9 +- doc/EN/app_irc.org | 11 +- doc/EN/app_kanboard.org | 9 +- doc/EN/app_keyserver.org | 12 +- doc/EN/app_koel.org | 18 +- doc/EN/app_lychee.org | 12 +- doc/EN/app_mailpile.org | 15 +- doc/EN/app_matrix.org | 12 +- doc/EN/app_mediagoblin.org | 10 +- doc/EN/app_mumble.org | 12 +- doc/EN/app_nextcloud.org | 12 +- doc/EN/app_peertube.org | 6 +- doc/EN/app_pihole.org | 9 +- doc/EN/app_pleroma.org | 19 +- doc/EN/app_postactiv.org | 21 +- doc/EN/app_privatebin.org | 9 +- doc/EN/app_profanity.org | 9 +- doc/EN/app_riot.org | 12 +- doc/EN/app_rss.org | 12 +- doc/EN/app_searx.org | 13 +- doc/EN/app_syncthing.org | 15 +- doc/EN/app_tahoelafs.org | 12 +- doc/EN/app_tox.org | 12 +- doc/EN/app_turtl.org | 14 +- doc/EN/app_vpn.org | 9 +- doc/EN/app_xmpp.org | 9 +- doc/EN/apps.org | 7 +- doc/EN/armbian.org | 6 +- doc/EN/backups.org | 13 +- doc/EN/beaglebone.org | 21 +- doc/EN/boards.org | 9 +- doc/EN/code.org | 13 +- doc/EN/codeofconduct.org | 7 +- doc/EN/controlpanel.org | 44 +-- doc/EN/debianinstall.org | 9 +- doc/EN/devguide.org | 11 +- doc/EN/domains.org | 7 +- doc/EN/faq.org | 15 +- website/EN/app_akaunting.html | 175 +++------ website/EN/app_bdsmail.html | 167 ++------- website/EN/app_bludit.html | 167 ++------- website/EN/app_cryptpad.html | 173 +++------ website/EN/app_dokuwiki.html | 169 ++------- website/EN/app_edith.html | 165 ++------- website/EN/app_emacs.html | 216 ++++------- website/EN/app_etherpad.html | 175 +++------ website/EN/app_fedwiki.html | 200 +++-------- website/EN/app_friendica.html | 179 +++------- website/EN/app_gnusocial.html | 325 ++++++----------- website/EN/app_gogs.html | 169 +++------ website/EN/app_htmly.html | 168 ++------- website/EN/app_hubzilla.html | 179 +++------- website/EN/app_icecast.html | 193 +++------- website/EN/app_irc.html | 189 +++------- website/EN/app_kanboard.html | 175 +++------ website/EN/app_keyserver.html | 204 +++-------- website/EN/app_koel.html | 213 +++-------- website/EN/app_lychee.html | 172 +++------ website/EN/app_mailpile.html | 181 +++------- website/EN/app_matrix.html | 190 +++------- website/EN/app_mediagoblin.html | 183 +++------- website/EN/app_mumble.html | 183 +++------- website/EN/app_nextcloud.html | 185 +++------- website/EN/app_peertube.html | 180 +++------- website/EN/app_pihole.html | 226 ++++-------- website/EN/app_pleroma.html | 203 +++-------- website/EN/app_postactiv.html | 330 ++++++----------- website/EN/app_privatebin.html | 167 ++------- website/EN/app_profanity.html | 198 +++-------- website/EN/app_riot.html | 179 +++------- website/EN/app_rss.html | 180 +++------- website/EN/app_searx.html | 188 +++------- website/EN/app_syncthing.html | 180 +++------- website/EN/app_tahoelafs.html | 185 +++------- website/EN/app_tox.html | 166 ++------- website/EN/app_turtl.html | 178 +++------- website/EN/app_vpn.html | 194 +++------- website/EN/app_xmpp.html | 205 +++-------- website/EN/apps.html | 420 +++++++++------------- website/EN/armbian.html | 177 +++------ website/EN/backups.html | 234 ++++-------- website/EN/beaglebone.html | 200 +++-------- website/EN/boards.html | 192 +++------- website/EN/code.html | 166 +++------ website/EN/codeofconduct.html | 191 +++------- website/EN/controlpanel.html | 290 +++++---------- website/EN/debianinstall.html | 164 ++------- website/EN/devguide.html | 215 ++++------- website/EN/domains.html | 181 +++------- website/EN/faq.html | 611 +++++++++++++++----------------- 105 files changed, 3184 insertions(+), 8156 deletions(-) diff --git a/doc/EN/app_akaunting.org b/doc/EN/app_akaunting.org index 479c5c9a..aeca891e 100644 --- a/doc/EN/app_akaunting.org +++ b/doc/EN/app_akaunting.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Akaunting

-
-#+END_EXPORT +* Akaunting The Freedombone system isn't primarily aimed at companies or institutions, but if you're a one person company or freelancer then having the ability to run your own accounting system and keep the data private and also backed up is useful. Akaunting provides a nice web based system for small business accounts, and is also quite usable within a mobile web browser. @@ -33,14 +28,12 @@ From the *Administrator control panel* select *Passwords* and look up the passwo Now in a browser navigate to your subdomain. You will need to enter some details for the database. The password should be the mariadb one. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/akaunting_setup.jpg]] -#+END_CENTER After that you'll need to enter a company name and an email address. You can make the administrator password anything you prefer, and a suggestion can be found within the *Passwords* section of the *Administrator control panel* under *akaunting*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/akaunting_setup_company.jpg]] -#+END_CENTER From then on the system should be usable. Accounts software can often be quite complex, and so you'll probably want to refer to the [[https://akaunting.com/docs][official documentation]] for details. diff --git a/doc/EN/app_bdsmail.org b/doc/EN/app_bdsmail.org index 8830abd7..93af81e5 100644 --- a/doc/EN/app_bdsmail.org +++ b/doc/EN/app_bdsmail.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

BDS Mail

-
-#+END_EXPORT +* BDS Mail BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing email server which comes installed as default. It creates an extra folder within the Mutt client which allows you to send and receive email using [[https://en.wikipedia.org/wiki/I2P][i2p]] as the transport layer. This solves the problem of being blocked by dubious systems and also the problem of user friendly email encryption. If you're behind a hostile firewall which you don't control and which blocks all ports, this system is still likely to work. You can use GPG as an additional encryption layer if you prefer, but it's not strictly necessary because you already have the i2p public key system to ensure end-to-end security. diff --git a/doc/EN/app_bludit.org b/doc/EN/app_bludit.org index f02f639f..1ed5ddb3 100644 --- a/doc/EN/app_bludit.org +++ b/doc/EN/app_bludit.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Bludit

-
-#+END_EXPORT +* Bludit This is a databaseless blogging system which uses markdown files. It's not very complex and so there is not much to go wrong, and it should run well on any server hardware. diff --git a/doc/EN/app_cryptpad.org b/doc/EN/app_cryptpad.org index f24946a3..b680d530 100644 --- a/doc/EN/app_cryptpad.org +++ b/doc/EN/app_cryptpad.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

CryptPad

-
-#+END_EXPORT +* CryptPad -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/cryptpad.jpg]] -#+END_CENTER This is similar to [[./app_etherpad.html][EtherPad]] but with better security and more document types which can be collaboratively edited in real time. It includes not just text editing but also creating presentations, voting and editing source code. diff --git a/doc/EN/app_dlna.org b/doc/EN/app_dlna.org index 705521bf..d7825e88 100644 --- a/doc/EN/app_dlna.org +++ b/doc/EN/app_dlna.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

DLNA

-
-#+END_EXPORT +* DLNA An easy way to play music on any mobile device in your home is to use the DLNA service. Copy your music into a directory called "/Music/" on an unencrypted USB thumb drive and then insert it into a USB socket on the Freedombone system. diff --git a/doc/EN/app_dokuwiki.org b/doc/EN/app_dokuwiki.org index 4bc7839c..47acb5bb 100644 --- a/doc/EN/app_dokuwiki.org +++ b/doc/EN/app_dokuwiki.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Dokuwiki

-
-#+END_EXPORT +* Dokuwiki Dokuwiki is a wiki which stores its content in text files. Having no database makes maintaining it simpler, and it's not tied to any particular domain name so you can easily copy the files to a different domain if you need to. - * Installation Log into your system with: diff --git a/doc/EN/app_edith.org b/doc/EN/app_edith.org index bbdeb69f..2352a0d0 100644 --- a/doc/EN/app_edith.org +++ b/doc/EN/app_edith.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Edith Notes

-
-#+END_EXPORT +* Edith Notes Edith notes is the simplest and quickest kind of notes system. It has no complicated user interface. Just enter your domain and a title and a note will be created. Everything typed is saved automatically. @@ -28,8 +23,7 @@ ssh myusername@mydomain.com -p 2222 Select *Administrator controls* then *App Settings* then *edith*. Enter a subdomain name, such as /notes.mydomain.com/, and optionally a freedns code. When the installation is complete you can then look up the password for the site within the *Passwords* section of the *Administrator control panel*, then navigate to the subdomain. Log in, then enter something like /notes.mydomain.com/testnote/ and start typing. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/edith_notes.jpg]] -#+END_CENTER It is possible to turn off the login via *App Settings/edith* if you wish, but this will enable anyone on the internet to view or edit notes on your system, which could have obvious privacy or stability implications. From *App settings/edith* it's also possible to browse through your notes files. diff --git a/doc/EN/app_emacs.org b/doc/EN/app_emacs.org index dbadeb59..1bba2f4a 100644 --- a/doc/EN/app_emacs.org +++ b/doc/EN/app_emacs.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Emacs

-
-#+END_EXPORT +* Emacs Emacs is a text editor popular with software developers or anyone who needs to take notes at high speed or be able to customise their editing environment to a high degree. When installed on Freedombone it can be used together the Mutt email client to edit new emails or if you need to manually edit configuration files. diff --git a/doc/EN/app_etherpad.org b/doc/EN/app_etherpad.org index 707473cb..5aa89d65 100644 --- a/doc/EN/app_etherpad.org +++ b/doc/EN/app_etherpad.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Etherpad

-
-#+END_EXPORT +* Etherpad This is a well known system for real time collaborative editing of documents. Just log in, choose a document title and then edit. Different users will appear in different colours, and can also chat in the sidebar. This is installed as a private system in which only users on your Freedombone server will be able to create and edit documents, so it's not open to any random users on the internet. diff --git a/doc/EN/app_fedwiki.org b/doc/EN/app_fedwiki.org index 9e94bfb1..145cde6e 100644 --- a/doc/EN/app_fedwiki.org +++ b/doc/EN/app_fedwiki.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Federated Wiki

-
-#+END_EXPORT +* Federated Wiki Federated wikis are a relatively new concept. There can be multiple copies of the same page on different servers and it's then easy to pick which version you prefer, or make something new. It's like wiki meets mashup meets federation, and so is different from many previous web paradigms and may take some recalibration of how you think the web should work. diff --git a/doc/EN/app_friendica.org b/doc/EN/app_friendica.org index 350219ec..ad9e79bb 100644 --- a/doc/EN/app_friendica.org +++ b/doc/EN/app_friendica.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Friendica

-
-#+END_EXPORT +* Friendica Friendica is a federated social networking system. It can federate with other popular systems such as GNU Social and Diaspora. Currently Friendica only works on the clearnet and doesn't have an onion address. @@ -37,9 +32,8 @@ If you have just obtained a Lets Encrypt certificate as above then go to *About* On first visiting your Friendica site you'll see the login screen. The first thing you need to do is to select *register* to create a new Friendica administrator user. The first user on the system then becomes its administrator. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/friendicaadmin.jpg]] -#+END_CENTER Friendica has numerous addons which you might want to explore. Select the small icon next to the search box and you will get to the administrator settings. Select *plugins* and you can then configure which ones you want. From the *site* settings you can also force all links to use SSL/TLS for added security. diff --git a/doc/EN/app_gnusocial.org b/doc/EN/app_gnusocial.org index 3e355064..68032a05 100644 --- a/doc/EN/app_gnusocial.org +++ b/doc/EN/app_gnusocial.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

GNU Social

-
-#+END_EXPORT +* GNU Social GNU Social is typically referred to as a microblogging system, although with a maximum post length much longer than Twitter it's really a sort of federated community blog with a stream-based appearance which also supports markdown formatting. @@ -24,10 +19,8 @@ You should regard anything posted to GNU Social as being /public communication/ Some general advice about life in the fediverse [[./fediverse.html][can be found here]]. - -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/gnusocial_pleroma.jpg]] -#+END_CENTER * Installation @@ -52,16 +45,14 @@ Once you have logged in to GNU Social you may then want to select *Admin* and ch GNU Social has a clutter-free mobile user interface which can be accessed via a Tor compatible browser (make sure to add a NoScript exception). Unlike similar proprietary sites there are no bribed posts. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/gnusocial_mobile.jpg]] -#+END_CENTER * Switching user interfaces A few web based user interfaces are available for GNU SOcial. They are selectable by going to the *Administrator control panel* and choosing *App settings* then *gnusocial*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/gnusocial_settings.jpg]] -#+END_CENTER * *Qvitter*: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived * *Pleroma*: A modern and lightweight user interface @@ -69,9 +60,8 @@ A few web based user interfaces are available for GNU SOcial. They are selectabl * Using with Emacs -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/gnu-social-mode.jpg]] -#+END_CENTER If you are an Emacs user it's also possible to set up GNU Social mode as follows: @@ -122,9 +112,8 @@ Showing timelines: | CTRL-c CTRL-d | Post direct Message | * Blocking controls -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_blocking.jpg]] -#+END_CENTER The biggest hazard with GNU Social is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/doc/EN/app_gogs.org b/doc/EN/app_gogs.org index bb3669a7..09052b62 100644 --- a/doc/EN/app_gogs.org +++ b/doc/EN/app_gogs.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Gogs

-
-#+END_EXPORT +* Gogs Github is ok, but it's proprietary and funded by venture capital. If you been around on the internet for long enough then you know how this story eventually works itself out - i.e. badly for the users. It's really only a question of time. If you're a software developer or do things which involve the Git version control system then it's a good idea to become accustomed to hosting your own repositories, before the inevitable Github shitstorm occurs. diff --git a/doc/EN/app_htmly.org b/doc/EN/app_htmly.org index e3fd5059..9ff77fc4 100644 --- a/doc/EN/app_htmly.org +++ b/doc/EN/app_htmly.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

HTMLy

-
-#+END_EXPORT +* HTMLy HTMLy is a databaseless blogging system. diff --git a/doc/EN/app_hubzilla.org b/doc/EN/app_hubzilla.org index 0a405c26..cb012b92 100644 --- a/doc/EN/app_hubzilla.org +++ b/doc/EN/app_hubzilla.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Hubzilla

-
-#+END_EXPORT +* Hubzilla Hubzilla is a web publishing and social network system which includes wiki, web pages, photo albums and file storage. It also has privacy controls which allow you to define who can see which content. It's possible to write posts and have them visible only to a group of friends (known as "/privacy groups/"), with the encryption being handled automatically. Currently Hubzilla only works on the clearnet and doesn't have an onion address. @@ -37,6 +32,5 @@ If you have just obtained a Lets Encrypt certificate as above then go to *About* On first visiting your Hubzilla site you'll see the login screen. The first thing you need to do is *register* a new user. The first user on the system then becomes its administrator. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/hubzilla_mobile.jpg]] -#+END_CENTER diff --git a/doc/EN/app_icecast.org b/doc/EN/app_icecast.org index bcfe122e..b7684e44 100644 --- a/doc/EN/app_icecast.org +++ b/doc/EN/app_icecast.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Icecast

-
-#+END_EXPORT +* Icecast Icecast enables you to run something like an internet radio station. So if you have multiple audio files and want to be able to stream those in sequence from a web site then this can be useful. diff --git a/doc/EN/app_irc.org b/doc/EN/app_irc.org index a3ede2c0..c7d7935b 100644 --- a/doc/EN/app_irc.org +++ b/doc/EN/app_irc.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

IRC

-
-#+END_EXPORT +* IRC IRC is useful for multi-user chat. The classic use case is for software development where many engineers might need to coordinate their activities, but it's also useful for meetings, parties and general socialising. @@ -56,10 +51,12 @@ Enter first and second nicknames and check *connect to this network on startup*. If you are using the ordinary domain name (clearnet/ICANN) then make sure that *Use SSL* is checked. +#+attr_html: :width 80% :align center [[file:images/hexchat_setup_clearnet.jpg]] If you are using the onion address then *use SSL* should be unchecked and the transport encryption will be handled via the onion address itself. +#+attr_html: :width 80% :align center [[file:images/hexchat_setup.jpg]] Within the *Password* field enter the password which can be found from the IRC menu of the *control panel*. diff --git a/doc/EN/app_kanboard.org b/doc/EN/app_kanboard.org index aee56cf1..15947e5a 100644 --- a/doc/EN/app_kanboard.org +++ b/doc/EN/app_kanboard.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

KanBoard

-
-#+END_EXPORT +* KanBoard Kanbans are one way of managing projects. They're traditionally used in businesses but can also be useful for personal TODO lists or within open source or DIY projects. If you have a list of things which need to be done and want to keep track of progress then this provides a way to do that. diff --git a/doc/EN/app_keyserver.org b/doc/EN/app_keyserver.org index fe663847..b6871716 100644 --- a/doc/EN/app_keyserver.org +++ b/doc/EN/app_keyserver.org @@ -6,23 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

OpenPGP Key Server

-
-#+END_EXPORT +* OpenPGP Key Server The /web of trust/ is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side. For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to /find out how to communicate with others securely via email/. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/keyserver.jpg]] -#+END_CENTER * Installation diff --git a/doc/EN/app_koel.org b/doc/EN/app_koel.org index 96f6e2a1..21327a8f 100644 --- a/doc/EN/app_koel.org +++ b/doc/EN/app_koel.org @@ -6,21 +6,15 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Koel

-
-#+END_EXPORT +* Koel This enables you to store your music on the Freedombone server and then access it from any internet connected device. If you just want to make music accessible within your home network then [[./app_dlna.html][DLNA]] is usually sufficient, but if you want to be able to play your music from anywhere then [[https://koel.phanan.net][Koel]] is a better option. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/koel.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -37,17 +31,15 @@ Go back to the *Administrator control panel*, select *Passwords* then *koel*. Yo Once logged in go to settings and set the media path to */music*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/koelsettings.jpg]] -#+END_CENTER * Importing music This app doesn't have any way to upload music and instead just expects that there will be a directory on the server containing music files. There are a couple of ways to get new music files onto the system: either by using ssh or by putting them onto a USB drive. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_koel.jpg]] -#+END_CENTER ** Via ssh diff --git a/doc/EN/app_lychee.org b/doc/EN/app_lychee.org index 6cd6b941..2e689294 100644 --- a/doc/EN/app_lychee.org +++ b/doc/EN/app_lychee.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Lychee

-
-#+END_EXPORT +* Lychee Lychee is a simple and lightweight photo album for the web. Whether you're an amateur or professional photographer, or want to publish random holiday pics or cat pictures. Lychee just does what it says it does without any fuss. There is also a photo album feature within [[./app_hubzilla.html][Hubzilla]] if you need more sophisticated social photo sharing with individualised permissions. @@ -36,9 +31,8 @@ If you have just obtained a Lets Encrypt certificate as above then go to *About* Within a browser navigate to your lychee domain name or onion address. It should look like this: -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/lychee_setup.jpg]] -#+END_CENTER Within the *Administrator control panel* select *App Settings* and then *lychee*. This will show the initial login settings which you need to set up the database. To copy the password hold down the shift key, select the password then right click and copy. diff --git a/doc/EN/app_mailpile.org b/doc/EN/app_mailpile.org index efb46330..14781ba8 100644 --- a/doc/EN/app_mailpile.org +++ b/doc/EN/app_mailpile.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Mailpile

-
-#+END_EXPORT +* Mailpile Mailpile provides a nice looking webmail interface suitable for use on desktop or mobile clients. It has good support for email encryption and makes that quite an simple process. At present it's usable but still has a few bugs and limitations. If you need a fully functional email client with comprehensive encryption support then either use Mutt or Thunderbird/Icedove. @@ -56,15 +51,13 @@ Uncheck *Detect Settings* and click *Next*. Under *Sending Mail* select *local* or if you need to proxy outgoing email through your ISP's server select *SMTP/TLS* and enter the details, then click *Next*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mailpile_setup.jpg]] -#+END_CENTER Under *Receiving files* select *IMAP*, the domain as *localhost*, port *143* and your username, then click *Next*. Astute readers may well be concerned that IMAP over port 143 is not encrypted, but since this is only via localhost communication between the Mail Transport Agent and Mailpile doesn't travel over the internet and port 143 is not opened on the firewall so it's not possible to accidentally connect an external mail client insecurely. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mailpile_setup_keys.jpg]] -#+END_CENTER Under *Security and Privacy* either select your existing encryption key or if you only get the option to create a new one then do so, then click *Add* or *Save*. diff --git a/doc/EN/app_matrix.org b/doc/EN/app_matrix.org index 6c414d3d..ae9af7bd 100644 --- a/doc/EN/app_matrix.org +++ b/doc/EN/app_matrix.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Matrix

-
-#+END_EXPORT +* Matrix -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/matrix_riotweb.jpg]] -#+END_CENTER Matrix is a federated communications system, typically for multi-user chat, with end-to-end content security features. You can consider it to be like a modernized version of IRC chat where the crypto and access controls have been built in by default. At present Matrix is really only a creature of the clearnet and so there isn't any way to protect the metadata. Despite the talk of security the lack of metadata defenses make this really only suitable for public communications, similar to microblogging or public IRC channels. diff --git a/doc/EN/app_mediagoblin.org b/doc/EN/app_mediagoblin.org index 9fef5ce0..cbfd8fb4 100644 --- a/doc/EN/app_mediagoblin.org +++ b/doc/EN/app_mediagoblin.org @@ -6,20 +6,16 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Mediagoblin

-
-#+END_EXPORT +* Mediagoblin With Mediagoblin you can host video and audio content in a similar manner to the proprietary systems such as YouTube and SoundCloud. This system supports free media formats such as /webm/, /ogv/ and /ogg/. Another similar system which might be better fitted for small servers is [[./app_peertube.html][PeerTube]], since it uses webtorrent to distribute video files. Webtorrent will only work with WebRTC enabled browsers though. When hosting media files you should take into consideration that since anyone on the internet can view your content then this could significantly increase your bandwidth usage and overall strain on the server. Also unless you are just hosting images then hardware such as the Beaglebone Black won't be powerful enough for a good user experience when either uploading or playing back videos. It's recommended that you use one of the more powerful quad (or more) core single board computers or an old laptop if you want to run Mediagoblin on it. +#+attr_html: :width 50% :align center #+BEGIN_CENTER [[file:images/mediagoblin.jpg]] #+END_CENTER diff --git a/doc/EN/app_mumble.org b/doc/EN/app_mumble.org index 2e046792..808af12e 100644 --- a/doc/EN/app_mumble.org +++ b/doc/EN/app_mumble.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Mumble

-
-#+END_EXPORT +* Mumble Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings. @@ -32,9 +27,8 @@ Within the software center search for "mumble" and install the client then run i From the menu select *Configure* then *Settings*. Select the *Advanced* checkbox then select *Network*. Select *Force TCP mode* and proxy type *Socks5*. Hostname should be set to *localhost* and port should be *9050*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/mumble_config.jpg]] -#+END_CENTER Select *Apply* and *Ok*, then on the menu *Server* and *Connect*. diff --git a/doc/EN/app_nextcloud.org b/doc/EN/app_nextcloud.org index 4920101c..6ecb2c72 100644 --- a/doc/EN/app_nextcloud.org +++ b/doc/EN/app_nextcloud.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

NextCloud

-
-#+END_EXPORT +* NextCloud -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/nextcloud.jpg]] -#+END_CENTER NextCloud is a system for file synchronisation and also has many other plugins for calendar, videoconferencing, collaborative document editing and federated file sharing. It's a lot more elaborate than Syncthing, but there may be situations where centralized control of your files on your server is better than a purely peer-to-peer approach (eg. if you need to remove a user's access to files). diff --git a/doc/EN/app_peertube.org b/doc/EN/app_peertube.org index 93f90606..d8a47e77 100644 --- a/doc/EN/app_peertube.org +++ b/doc/EN/app_peertube.org @@ -6,13 +6,11 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/peertube.jpg]] -#+END_CENTER This is a video hosting system similar to Mediagoblin but using webtorrent to help distribute the files to or between clients. This should be more practical for situations where a video becomes popular because the load is then spread across the network, with performance increasing with the number of nodes. However, the torrenting aspect of it only works with WebRTC enabled browsers and so this means it's unlikely to fully work with a Tor browser. Without WebRTC then from a user point of view it's effectively the same thing as Mediagoblin. diff --git a/doc/EN/app_pihole.org b/doc/EN/app_pihole.org index 24bf68c9..3c513625 100644 --- a/doc/EN/app_pihole.org +++ b/doc/EN/app_pihole.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

PI-Hole: The Black Hole for Web Adverts

-
-#+END_EXPORT +* PI-Hole: The Black Hole for Web Adverts Idiots who have an inflated sense of self-entitlement will tell you that it's /your moral duty/ to view their mind-numbingly tedious corporate ads on their web site or YouTube channel, or else their kids will starve and the sky will fall because their revenue stream will dry up. But that's bullshit. There is nothing intrinsic or morally mandatory about adverts propping up the livelihoods of netizens, and indeed a web not primarily based on advertising money might have been a much better and more interesting place by now, with a lot less spying. diff --git a/doc/EN/app_pleroma.org b/doc/EN/app_pleroma.org index 562bdd04..e2202190 100644 --- a/doc/EN/app_pleroma.org +++ b/doc/EN/app_pleroma.org @@ -6,13 +6,11 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/pleroma-logo.png]] -#+END_CENTER #+BEGIN_QUOTE "/The way to keep giant companies from sterilizing the Internet is to make their sites irrelevant. If all the cool stuff happens elsewhere, people will follow. We did this with AOL and Prodigy, and we can do it again./" -- Maciej Cegłowski @@ -22,9 +20,8 @@ Pleroma is an OStatus and ActivityPub compatible social networking server, compa Some general advice about life in the fediverse [[./fediverse.html][can be found here]]. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/pleroma.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -45,20 +42,18 @@ Once you have done that then you can disable further registrations from the *Adm * Mastodon user interface If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to */yourpleromadomainname/web* and log in. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/pleromamastodon.jpg]] -#+END_CENTER * Mobile apps It's also possible to use Mastodon apps together with Pleroma, such as Tusky, since it supports the Mastodon API. You may need to install *IcecatMobile* and set it as your default browser (under *Settings/Apps/Menu*) in order for the initial oauth registration process to work. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/tusky.jpg]] -#+END_CENTER + * Blocking controls -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_blocking.jpg]] -#+END_CENTER The biggest hazard with Pleroma is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/doc/EN/app_postactiv.org b/doc/EN/app_postactiv.org index 769198f9..7624b81a 100644 --- a/doc/EN/app_postactiv.org +++ b/doc/EN/app_postactiv.org @@ -6,23 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

PostActiv

-
-#+END_EXPORT +* PostActiv PostActiv is a fork of [[./app_gnusocial.html][GNU Social]] which includes some extra fixes and optimisations to improve performance. It federates just like GNU Social does and so whether you choose GNU Social or PostActiv is really just down to personal prefernce. Some general advice about life in the fediverse [[./fediverse.html][can be found here]]. -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/postactiv_pleroma.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -47,9 +41,8 @@ Navigate to your PostActiv domain name and log in. * Switching user interfaces A few web based user interfaces are available for PostActiv. They are selectable by going to the *Administrator control panel* and choosing *App settings* then *postactiv*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/postactiv_settings.jpg]] -#+END_CENTER * *Qvitter*: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived * *Pleroma*: A modern and lightweight user interface @@ -57,9 +50,8 @@ A few web based user interfaces are available for PostActiv. They are selectable * Using with Emacs -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/gnu-social-mode.jpg]] -#+END_CENTER If you are an Emacs user it's also possible to set up GNU Social mode, which is compatible with PostActiv. You can do that as follows: @@ -110,9 +102,8 @@ Showing timelines: | CTRL-c CTRL-d | Post direct Message | * Blocking controls -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_blocking.jpg]] -#+END_CENTER The biggest hazard with PostActiv is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "/whole known network/" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the *Administrator control panel* and selecting *Domain or User Blocking*, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/doc/EN/app_privatebin.org b/doc/EN/app_privatebin.org index eb5d5f3e..2b53c0a7 100644 --- a/doc/EN/app_privatebin.org +++ b/doc/EN/app_privatebin.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

PrivateBin

-
-#+END_EXPORT +* PrivateBin This is an encrypted pastebin, such that the server has zero knowledge of the content. It's intended for small amounts of text less than 32K in length. It's not intended for transfering large files, or for storing pastes for more than a day. diff --git a/doc/EN/app_profanity.org b/doc/EN/app_profanity.org index 938390a8..1f72fa92 100644 --- a/doc/EN/app_profanity.org +++ b/doc/EN/app_profanity.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Profanity

-
-#+END_EXPORT +* Profanity To install this app you will first need to install the [[./app_xmpp.html][XMPP server]]. diff --git a/doc/EN/app_riot.org b/doc/EN/app_riot.org index c0a3ea5a..ef78420b 100644 --- a/doc/EN/app_riot.org +++ b/doc/EN/app_riot.org @@ -6,19 +6,13 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Riot Web

-
-#+END_EXPORT +* Riot Web -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/riotweb.jpg]] -#+END_CENTER Riot Web is a browser based user interface for the [[./app_matrix.html][Matrix]] federated communications system. It allows you to do encrypted one-to-one or group chat, and has some fancy WebRTC features for voice and video conversations. The WebRTC stuff won't work in a Tor browser though. This type of system is fine for general public communications and collaboration on open source projects or gaming groups. For things which require real privacy though stick to XMPP with OMEMO. diff --git a/doc/EN/app_rss.org b/doc/EN/app_rss.org index cbb54951..38b44edd 100644 --- a/doc/EN/app_rss.org +++ b/doc/EN/app_rss.org @@ -6,21 +6,15 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

RSS Reader

-
-#+END_EXPORT +* RSS Reader The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/rss_reader_mobile.jpg]] -#+END_CENTER * Finding the onion address See the control panel for the RSS reader onion address. diff --git a/doc/EN/app_searx.org b/doc/EN/app_searx.org index 6c1d4f18..9a539152 100644 --- a/doc/EN/app_searx.org +++ b/doc/EN/app_searx.org @@ -6,24 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

SearX

-
-#+END_EXPORT +* SearX SearX is a metasearch engine. That means it returns results from other selected search engines. It's accessible via an onion address and provides a private search ability. Really the only advantage it gives you over searching directly from a Tor browser is the ability to customise your search experience. In terms of security both the connection between you and the server, and the outgoing connection from the server to other search engines are onion routed. This should give you a reasonable level of search privacy. - -#+BEGIN_CENTER +#+attr_html: :width 100% :align center [[file:images/searx.jpg]] -#+END_CENTER * Installation diff --git a/doc/EN/app_syncthing.org b/doc/EN/app_syncthing.org index 1a1b54b3..d2e97ee2 100644 --- a/doc/EN/app_syncthing.org +++ b/doc/EN/app_syncthing.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Syncthing

-
-#+END_EXPORT +* Syncthing Syncthing provides a similar capability to proprietary systems such as Dropbox, and also is well suited for use with low power single board computers. You can have one or more directories which are synchronized across your various laptops/desktops/devices, and this makes it hard for you to ever lose important files. The manner in which the synchronization is done is pretty secure, such that it would be difficult for passive adversaries (mass surveillance, "/men in the middle/", etc) to know what files you're sharing. Of course, you don't necessarily need to be running a server in order to use Syncthing, but if you do have a server which is always running then there's always at least one place to synchronize your files to or from. @@ -46,17 +41,15 @@ ssh username@domainname -p 2222 Then select *File Synchronization*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_file_sync.jpg]] -#+END_CENTER Select *Show device ID* and copy the long string of letters and numbers shown, using the shift key then select the text followed by right click then select copy. Open a non-Tor browser and enter *http://127.0.0.1:8384* as the URL. You should now see the minimalistic user interface. Under *Remote Devices* select *Add Remote Device*. In the *Device ID* field paste the string you just copied (CTRL+v). The Device name can be anything. Under *Share Folders with Device* check *default* (or whatever folder you created on your local machine), then save. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/syncthing_browser.jpg]] -#+END_CENTER From the top menu select *Actions* and then *Show ID*, then copy the ID string (usually select then CTRL+c). Go back to the terminal control panel menu and select *Add an ID* then paste what you just copied (CTRL+v). Optionally you can also provide a description so that you later can know what that string corresponds to. diff --git a/doc/EN/app_tahoelafs.org b/doc/EN/app_tahoelafs.org index 19bacaba..e9896ce0 100644 --- a/doc/EN/app_tahoelafs.org +++ b/doc/EN/app_tahoelafs.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Tahoe-LAFS

-
-#+END_EXPORT +* Tahoe-LAFS This is a robust system for encrypted file storage on one or more servers. Files are accessed via a URL which contains the public key with which it was encrypted. @@ -37,8 +32,7 @@ Go to the *About* screen on the *Administrator control panel* and look for the o * Adding more servers You can add more servers to the system to increase its storage capacity. In a typical Tahoe-LAFS new data storage servers are automatically discovered via an introducer node, but that creates a single centralised point of failure. The installation on Freedombone has no introducer node and so details for the servers of your friends need to be entered manually. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/controlpanel/control_panel_tahoelafs.jpg]] -#+END_CENTER Other servers will typically be Freedombone systems with Tahoe-LAFS installed. Your Tahoe-LAFS server settings can be found on the *About* screen of the *Administrator control panel*. Use an end-to-end encrypted chat app to copy and paste those details and send them to other friends. To add the server details go to *App settings* on the *Administrator control panel* then select *tahoelafs* and *Add server*. diff --git a/doc/EN/app_tox.org b/doc/EN/app_tox.org index 21fd89d5..090bc2b1 100644 --- a/doc/EN/app_tox.org +++ b/doc/EN/app_tox.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Tox

-
-#+END_EXPORT +* Tox Tox is an encrypted peer-to-peer messaging system and so should work without Freedombone. It uses a system of nodes which act as a sort of directory service allowing users to find and connect to each other. The Tox node ID on the Freedombone can be found within *App Settings* under *tox* within the *Administrator control panel*. If you have other users connect to your node then you will be able to continue chatting even when no other nodes are available. @@ -27,6 +22,5 @@ ssh myusername@mydomain -p 2222 Then from the menu select *Run an app* followed by *tox*. Tox is encrypted by default and also routed through Tor, so it should be reasonably secure both in terms of message content and metadata. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/toxic.jpg]] -#+END_CENTER diff --git a/doc/EN/app_turtl.org b/doc/EN/app_turtl.org index c0385a02..ed0a6ecb 100644 --- a/doc/EN/app_turtl.org +++ b/doc/EN/app_turtl.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Turtl

-
-#+END_EXPORT +* Turtl #+begin_quote "/Now is a very important time in history. Every aspect of our lives is moving into the digital world faster than we realize. We use apps like Dropbox or Evernote because of their convenience, but in doing so we sacrifice our privacy. What data isn't sold to advertisers or stolen by hackers is carved up by government surveillance./" @@ -24,10 +19,8 @@ Turtl is a system for privately creating and sharing notes and images, similar t Since the data at rest is stored in PGP encrypted format this is a good system to use in cases where security really is a critical factor. - -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/turtl.jpg]] -#+END_CENTER * Installation Log into your system with: @@ -49,6 +42,5 @@ Run the downloaded native app then at the bottom of the screen select *advanced You should then be able to log in and start using the app. You might also want to invite any other users of your Freedombone system to also sign up using the turtl domain name which you specified during installation. - * Locking it down Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the *administrator control panel* and select *App Settings* then *turtl*. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups. diff --git a/doc/EN/app_vpn.org b/doc/EN/app_vpn.org index cbf1f2bf..74de7600 100644 --- a/doc/EN/app_vpn.org +++ b/doc/EN/app_vpn.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

OpenVPN

-
-#+END_EXPORT +* OpenVPN #+begin_quote "/The Net interprets censorship as damage and routes around it./" -- John Gilmore diff --git a/doc/EN/app_xmpp.org b/doc/EN/app_xmpp.org index 4dd404ec..dee57a64 100644 --- a/doc/EN/app_xmpp.org +++ b/doc/EN/app_xmpp.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

XMPP/Jabber

-
-#+END_EXPORT +* XMPP/Jabber Most people know XMPP as "/Jabber/" and it's sometimes regarded and an old protocol once used by Google and Facebook but which is no longer relevant. However, it still works and if appropriately configured, as it is on Freedombone, can provide the best chat messaging security currently available. diff --git a/doc/EN/apps.org b/doc/EN/apps.org index 7da061ca..243380fe 100644 --- a/doc/EN/apps.org +++ b/doc/EN/apps.org @@ -6,9 +6,8 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER #+begin_quote "/In times of aggressive corporatization, increasing enclosure of communication spaces, and blanket surveillance, emancipatory communication practices appear to be particularly well suited to offer concrete alternatives to activists and citizens alike/" -- Stefania Milan @@ -16,10 +15,8 @@ The base install of the system just contains an email server and Mutt client, but not much else. In addition from within the *Administrator control panel* under *Add/remove apps* the following are installable. This list only applies on the home server version, with the mesh network version having a different and smaller set of apps. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_apps.jpg]] -#+END_CENTER - * Akaunting A web based accounts system for small businesses or freelancers. diff --git a/doc/EN/armbian.org b/doc/EN/armbian.org index 746fee67..b77cdcea 100644 --- a/doc/EN/armbian.org +++ b/doc/EN/armbian.org @@ -6,9 +6,8 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER #+begin_export html @@ -43,9 +42,8 @@ ssh root@[local IP address] Using the default Armbian password of *1234*. You should see the Armbian welcome message and will be asked to change the password, then create a new user account. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/armbian_setup.jpg]] -#+END_CENTER When the user account is created type *exit* to leave the ssh session then log back in with your new user account. diff --git a/doc/EN/backups.org b/doc/EN/backups.org index 640fb201..960e1cc7 100644 --- a/doc/EN/backups.org +++ b/doc/EN/backups.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, backup +#+DESCRIPTION: How to make backups on Freedombone #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Backups

-
-#+END_EXPORT +* Backups #+BEGIN_CENTER #+ATTR_HTML: :border -1 diff --git a/doc/EN/beaglebone.org b/doc/EN/beaglebone.org index 574fe4e0..aa08c16a 100644 --- a/doc/EN/beaglebone.org +++ b/doc/EN/beaglebone.org @@ -6,23 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Installing Freedombone on a Beaglebone Black

-
-#+END_EXPORT +* Installing Freedombone on a Beaglebone Black The Beaglebone Black is small, cheap, a fully open hardware design, has a hardware random number generator and consumes very little electrical power, making it suitable for all kinds of uses. There is also a wireless version. You can easily use one to run your own internet services from home. -#+BEGIN_CENTER +#+attr_html: :width 50% :align center [[file:images/bbb_board.jpg]] -#+END_CENTER You will need: @@ -57,9 +51,8 @@ sudo make install freedombone-image --setup parabola #+end_src -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/microsd_reader.jpg]] -#+END_CENTER If you own a domain name and have it linked to a dynamic DNS account (eg. [[https://freedns.afraid.org][freeDNS]]) and want to make a system accessible via an ordinary browser then run: @@ -75,15 +68,13 @@ freedombone-image -t beaglebone --onion-addresses-only yes Onion addresses have the advantage of being difficult to censor and you don't need to buy a domain or have a dynamic DNS account. An onion based system also means you don't need to think about NAT traversal type issues. This *does not* mean that everything gets routed through Tor, it just means that the sites for apps which you install will be available through Tor's address system. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/bbb_back.jpg]] -#+END_CENTER Now follow the [[./homeserver.html][instructions given here to copy the image to the microSD drive]] beginning with running the /freedombone-client/ command. Wherever it says "USB drive" substitute "microSD drive". When the microSD drive is ready plug it into the front of the Beaglebone. The photo below also includes an Atheros wifi USB dongle plugged into the front, but that's not necessary unless you want to set up the system to run on a wifi network. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/bbb_front.jpg]] -#+END_CENTER Connect the power and for the non-wireless versions of the Beaglebone Black also connect the ethernet cable and plug it into your internet router. diff --git a/doc/EN/boards.org b/doc/EN/boards.org index c6f00254..36c9c818 100644 --- a/doc/EN/boards.org +++ b/doc/EN/boards.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Supported ARM boards

-
-#+END_EXPORT +* Supported ARM boards The following ARM boards are supported by the build system. If your board isn't listed here then you may still be able to install Freedombone using [[./armbian.html][Armbian]]. diff --git a/doc/EN/code.org b/doc/EN/code.org index 87a96e54..26112df0 100644 --- a/doc/EN/code.org +++ b/doc/EN/code.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, code +#+DESCRIPTION: Freedombone codebase #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Code

-
-#+END_EXPORT +* Code Freedombone is really just a couple of [[https://www.gnu.org/software/bash][bash]] scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the [[https://www.gnu.org/licenses/agpl.html][GNU Affero General Public License version 3]] (or later). diff --git a/doc/EN/codeofconduct.org b/doc/EN/codeofconduct.org index 68397380..fa7a7988 100644 --- a/doc/EN/codeofconduct.org +++ b/doc/EN/codeofconduct.org @@ -6,13 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Code of Conduct

-#+end_export +* Code of Conduct * Be respectful diff --git a/doc/EN/controlpanel.org b/doc/EN/controlpanel.org index 06274865..1356253d 100644 --- a/doc/EN/controlpanel.org +++ b/doc/EN/controlpanel.org @@ -1,20 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber +#+KEYWORDS: freedombone, control panel #+DESCRIPTION: Control Panel #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Control panel

-
-#+END_EXPORT +* Control panel | [[Main menu]] | | [[User control panel]] | @@ -39,9 +34,8 @@ Then selecting /Administrator controls/. It should look like this: -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel.jpg]] -#+END_CENTER To select anythng on the control panel use the *up and down* cursor keys and *space bar* to tag, then press *Enter*. @@ -50,17 +44,15 @@ When a user initially logs in they will see a version of the control panel with From this menu checking email or running chat applications is very easy, and they are configured in a safe manner without the user needing to do anything special. Email uses *mutt*, XMPP uses *profanity* and IRC uses *irssi*. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[./images/controlpanel/control_panel_user.jpg]] -#+END_CENTER It's also possible for the user to define email filtering rules, add a ssh public key for key based login and also add or remove GPG public keys. They can also do this via the commandline if they prefer, but the menu system may provide an easier user interface. * About screen To find out your current domain names select the About screen from the main menu. This is especially useful for finding your onion addresses. For improved security by compartmentalisation, and also simpler implementation, each application has its own onion address. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_about.jpg]] -#+END_CENTER You can also see the SIP extension numbers for each user and how much disk space each user is consuming (typically this corresponds with email use). @@ -69,55 +61,47 @@ The Local Mirrors contains mirrored copies of the git repositories used by the s * Email filtering rules You can add users to mailing lists, or block particular email addresses or subject lines in this menu. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_filtering.jpg]] -#+END_CENTER * Hubzilla menu This allows you to set the global directory location and obtain an SSL/TLS certificate if necessary. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_hubzilla.jpg]] -#+END_CENTER * IRC menu You can view the current IRC password or change it from here. Currently the IRC server does not work equally well on clrearnet and via Tor, so there is an option to switch from one to the other. Initially the IRC server will be running on clearnet (i.e. no onion routing). -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_irc.jpg]] -#+END_CENTER * Media menu It's possible to add playable media to a USB drive and plug it into the system, then make it accessible to other devices such as tablets or phones on your local network via DLNA. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_media.jpg]] -#+END_CENTER * Repository mirrors If you don't want to use the default repositories, or don't have access to them, then you can obtain them from another Freedombone server (the details can be found on the other server on the *About* screen of the control panel). -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_mirrors.jpg]] -#+END_CENTER * Backup and restore menu You can create backups or restore from backup here. It's also possible to create keydrives which store the backup key. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_backup_restore.jpg]] -#+END_CENTER * Security menu If you need to generate SSL/TLS certificates or change cypher details due to changing recommendations then you can do that here. If you are changing cypher details be extra careful not to make mistakes/typos, which could reduce the security of your system. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_security.jpg]] -#+END_CENTER * User management menu Users can be added or removed here. -#+BEGIN_CENTER +#+attr_html: :width 80% :align center [[file:images/controlpanel/control_panel_users.jpg]] -#+END_CENTER diff --git a/doc/EN/debianinstall.org b/doc/EN/debianinstall.org index 423f3e83..4f069d2d 100644 --- a/doc/EN/debianinstall.org +++ b/doc/EN/debianinstall.org @@ -6,15 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

How to install on an existing Debian system

-
-#+END_EXPORT +* How to install on an existing Debian system #+BEGIN_QUOTE "/The antagonism of surveillance is not privacy but the making of communities in struggle/" diff --git a/doc/EN/devguide.org b/doc/EN/devguide.org index 636dccfa..3e982c36 100644 --- a/doc/EN/devguide.org +++ b/doc/EN/devguide.org @@ -1,18 +1,15 @@ #+TITLE: #+AUTHOR: Bob Mottram #+EMAIL: bob@freedombone.net -#+KEYWORDS: freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber -#+DESCRIPTION: Turn the Beaglebone Black into a personal communications server +#+KEYWORDS: freedombone, developers +#+DESCRIPTION: Freedombone developers guide #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

Developers Guide

-#+end_export +* Developers Guide * Introduction Freedombone consists of a set of bash scripts. There are a lot of them, but they're not very complicated. If you're familiar with the GNU/Linux commandline and can hack a bash script then you can probably add a new app or fix a bug in the system. There are no trendy development frameworks to learn or to get in your way. You might also want to consult the [[./codeofconduct.html][Code of Conduct]], and there is a Matrix room at *#fbone:matrix.freedombone.net* diff --git a/doc/EN/domains.org b/doc/EN/domains.org index f640b705..b22de245 100644 --- a/doc/EN/domains.org +++ b/doc/EN/domains.org @@ -6,13 +6,10 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+begin_export html -

How to get a domain name

-#+end_export +* How to get a domain name * The domain name itself diff --git a/doc/EN/faq.org b/doc/EN/faq.org index b36b6ae3..885a02f0 100644 --- a/doc/EN/faq.org +++ b/doc/EN/faq.org @@ -6,20 +6,17 @@ #+OPTIONS: ^:nil toc:nil #+HTML_HEAD: -#+BEGIN_CENTER +#+attr_html: :width 80% :height 10% :align center [[file:images/logo.png]] -#+END_CENTER -#+BEGIN_EXPORT html -
-

Frequently Asked Questions

-
-#+END_EXPORT -#+BEGIN_CENTER +* Frequently Asked Questions + +#+attr_html: :width 100% :align center [[file:images/surveillanceoptions.jpg]] + /Possible options for dealing with bulk surveillance at The Glass Room exhibition, 2017/ -#+END_CENTER + #+BEGIN_CENTER #+ATTR_HTML: :border -1 diff --git a/website/EN/app_akaunting.html b/website/EN/app_akaunting.html index dc28ca1c..4e1e959f 100644 --- a/website/EN/app_akaunting.html +++ b/website/EN/app_akaunting.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,30 +144,31 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Akaunting

-
+
+

Akaunting

+

The Freedombone system isn't primarily aimed at companies or institutions, but if you're a one person company or freelancer then having the ability to run your own accounting system and keep the data private and also backed up is useful. Akaunting provides a nice web based system for small business accounts, and is also quite usable within a mobile web browser.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -280,25 +189,21 @@ From the Administrator control panel select Passwords and look up Now in a browser navigate to your subdomain. You will need to enter some details for the database. The password should be the mariadb one.

-
-

akaunting_setup.jpg +

akaunting_setup.jpg

-

After that you'll need to enter a company name and an email address. You can make the administrator password anything you prefer, and a suggestion can be found within the Passwords section of the Administrator control panel under akaunting.

-
-

akaunting_setup_company.jpg +

akaunting_setup_company.jpg

-

From then on the system should be usable. Accounts software can often be quite complex, and so you'll probably want to refer to the official documentation for details. diff --git a/website/EN/app_bdsmail.html b/website/EN/app_bdsmail.html index 8d22c13a..0a1a760d 100644 --- a/website/EN/app_bdsmail.html +++ b/website/EN/app_bdsmail.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

BDS Mail

-
+
+

BDS Mail

+

BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing email server which comes installed as default. It creates an extra folder within the Mutt client which allows you to send and receive email using i2p as the transport layer. This solves the problem of being blocked by dubious systems and also the problem of user friendly email encryption. If you're behind a hostile firewall which you don't control and which blocks all ports, this system is still likely to work. You can use GPG as an additional encryption layer if you prefer, but it's not strictly necessary because you already have the i2p public key system to ensure end-to-end security.

@@ -255,15 +161,18 @@ BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing

It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be next to impossible to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable.

+
+
-
-

Installation

-
+
+

Installation

+

ssh into the system with:

+
ssh myusername@mydomain.com -p 2222
 
diff --git a/website/EN/app_bludit.html b/website/EN/app_bludit.html index a5bc9a0b..b8196b8f 100644 --- a/website/EN/app_bludit.html +++ b/website/EN/app_bludit.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,30 +144,31 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Bludit

-
+
+

Bludit

+

This is a databaseless blogging system which uses markdown files. It's not very complex and so there is not much to go wrong, and it should run well on any server hardware.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
diff --git a/website/EN/app_cryptpad.html b/website/EN/app_cryptpad.html index f0564961..dec9b0f9 100644 --- a/website/EN/app_cryptpad.html +++ b/website/EN/app_cryptpad.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,25 +144,21 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
-
-

CryptPad

-
- -
+
+

CryptPad

+
-

cryptpad.jpg +

cryptpad.jpg

-

This is similar to EtherPad but with better security and more document types which can be collaboratively edited in real time. It includes not just text editing but also creating presentations, voting and editing source code. @@ -271,17 +175,20 @@ Enabling someone to edit a document is as simple as sending them the URL via a c

Documents are stored locally within the browser of each user and the server just acts as a coordinator. No documents are stored on the server.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

diff --git a/website/EN/app_dokuwiki.html b/website/EN/app_dokuwiki.html index 380ff49c..fcb1c56c 100644 --- a/website/EN/app_dokuwiki.html +++ b/website/EN/app_dokuwiki.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,31 +144,31 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

Dokuwiki

-
+
+

Dokuwiki

+

Dokuwiki is a wiki which stores its content in text files. Having no database makes maintaining it simpler, and it's not tied to any particular domain name so you can easily copy the files to a different domain if you need to.

+
+
- -
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -278,9 +187,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Dokuwiki domain listed there along with an onion address. You can then navigate to your site in a browser.

diff --git a/website/EN/app_edith.html b/website/EN/app_edith.html index fb31fd66..e61039f9 100644 --- a/website/EN/app_edith.html +++ b/website/EN/app_edith.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Edith Notes

-
+
+

Edith Notes

+

Edith notes is the simplest and quickest kind of notes system. It has no complicated user interface. Just enter your domain and a title and a note will be created. Everything typed is saved automatically.

@@ -261,6 +167,7 @@ ssh into the system with:

+
ssh myusername@mydomain.com -p 2222
 
@@ -269,18 +176,18 @@ ssh into the system with: Select Administrator controls then App Settings then edith. Enter a subdomain name, such as notes.mydomain.com, and optionally a freedns code. When the installation is complete you can then look up the password for the site within the Passwords section of the Administrator control panel, then navigate to the subdomain. Log in, then enter something like notes.mydomain.com/testnote and start typing.

-
-

edith_notes.jpg +

edith_notes.jpg

-

It is possible to turn off the login via App Settings/edith if you wish, but this will enable anyone on the internet to view or edit notes on your system, which could have obvious privacy or stability implications. From App settings/edith it's also possible to browse through your notes files.

+
+
@@ -235,30 +144,31 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Emacs

-
+
+

Emacs

+

Emacs is a text editor popular with software developers or anyone who needs to take notes at high speed or be able to customise their editing environment to a high degree. When installed on Freedombone it can be used together the Mutt email client to edit new emails or if you need to manually edit configuration files.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -273,9 +183,9 @@ Select Add/Remove Apps. If Vim is selected then you might want to unselec
-
-

Common key combinations

-
+
+

Common key combinations

+

For anyone new to Emacs some common keys are:

@@ -284,64 +194,64 @@ For anyone new to Emacs some common keys are: - + - + -CTRL-x CTRL-s -Save +CTRL-x CTRL-s +Save -CTRL-x CTRL-c -Exit +CTRL-x CTRL-c +Exit -CTRL-l -Go to a line number +CTRL-l +Go to a line number -CTRL-x CTRL-f -Open a file +CTRL-x CTRL-f +Open a file -SHIFT-ALT-< -Go to the top of the file +SHIFT-ALT-< +Go to the top of the file -SHIFT-ALT-> -Go to the end of the file +SHIFT-ALT-> +Go to the end of the file -SHIFT cursors -Select text +SHIFT cursors +Select text -CTRL-x CTRL-h -Highlight all text +CTRL-x CTRL-h +Highlight all text -ALT-w -Copy selected text +ALT-w +Copy selected text -CTRL-y -Paste selected text +CTRL-y +Paste selected text -ESC-ESC-ESC -Undo current selection +ESC-ESC-ESC +Undo current selection diff --git a/website/EN/app_etherpad.html b/website/EN/app_etherpad.html index 57088115..688572a6 100644 --- a/website/EN/app_etherpad.html +++ b/website/EN/app_etherpad.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Etherpad

-
+
+

Etherpad

+

This is a well known system for real time collaborative editing of documents. Just log in, choose a document title and then edit. Different users will appear in different colours, and can also chat in the sidebar. This is installed as a private system in which only users on your Freedombone server will be able to create and edit documents, so it's not open to any random users on the internet.

@@ -255,17 +161,20 @@ This is a well known system for real time collaborative editing of documents. Ju

If security is an especially important factor then you might also want to consider installing CryptPad instead. It has more features and doesn't store any documents on the server.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -282,9 +191,9 @@ After the install has completed go to Security settings and select Cre

-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Etherpad domain listed there along with an onion address. You can then navigate to your site in a browser.

diff --git a/website/EN/app_fedwiki.html b/website/EN/app_fedwiki.html index 05a13b65..f145e518 100644 --- a/website/EN/app_fedwiki.html +++ b/website/EN/app_fedwiki.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,30 +144,31 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Federated Wiki

-
+
+

Federated Wiki

+

Federated wikis are a relatively new concept. There can be multiple copies of the same page on different servers and it's then easy to pick which version you prefer, or make something new. It's like wiki meets mashup meets federation, and so is different from many previous web paradigms and may take some recalibration of how you think the web should work.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -275,9 +184,9 @@ Select Add/Remove Apps then fedwiki. You will then be asked for a
-
-

Usage

-
+
+

Usage

+

First you'll need to get the login password, which can be found on the Administrator control panel under Passwords then fedwiki.

@@ -291,15 +200,24 @@ There are a few things to know about using the federated wiki.

    -
  • You can edit by clicking on the wiki button at the bottom of the screen
  • -
  • To edit a paragraph double click on it
  • -
  • To remove a paragraph just delete all of its text
  • -
  • Paragraphs can be dragged up and down to change their order, or moved between pages
  • -
  • To add a new paragraph use the + button
  • -
  • You can use left and right cursor keys to move through pages
  • -
  • To claim/fork a page from another server click on the flag icon
  • -
  • When done editing click on the wiki button again
  • -
  • Different versions of the same page on different servers are represented by boxes at the bottom right of the screen. You can double click on them to see the different versions, and use the flag icon to fork if you prefer that version
  • +
  • You can edit by clicking on the wiki button at the bottom of the screen +
  • +
  • To edit a paragraph double click on it +
  • +
  • To remove a paragraph just delete all of its text +
  • +
  • Paragraphs can be dragged up and down to change their order, or moved between pages +
  • +
  • To add a new paragraph use the + button +
  • +
  • You can use left and right cursor keys to move through pages +
  • +
  • To claim/fork a page from another server click on the flag icon +
  • +
  • When done editing click on the wiki button again +
  • +
  • Different versions of the same page on different servers are represented by boxes at the bottom right of the screen. You can double click on them to see the different versions, and use the flag icon to fork if you prefer that version +
diff --git a/website/EN/app_friendica.html b/website/EN/app_friendica.html index 8b06ebcd..302d58a2 100644 --- a/website/EN/app_friendica.html +++ b/website/EN/app_friendica.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,32 +144,33 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Friendica

-
+
+

Friendica

+

Friendica is a federated social networking system. It can federate with other popular systems such as GNU Social and Diaspora. Currently Friendica only works on the clearnet and doesn't have an onion address.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -279,9 +188,9 @@ After the install has completed go to Security settings and select Cre

-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Friendica domain listed there. You can then navigate to your site in a browser.

@@ -290,13 +199,11 @@ If you have just obtained a Lets Encrypt certificate as above then go to Abou On first visiting your Friendica site you'll see the login screen. The first thing you need to do is to select register to create a new Friendica administrator user. The first user on the system then becomes its administrator.

-
-

friendicaadmin.jpg +

friendicaadmin.jpg

-

Friendica has numerous addons which you might want to explore. Select the small icon next to the search box and you will get to the administrator settings. Select plugins and you can then configure which ones you want. From the site settings you can also force all links to use SSL/TLS for added security. diff --git a/website/EN/app_gnusocial.html b/website/EN/app_gnusocial.html index 132c1442..7b5ebb13 100644 --- a/website/EN/app_gnusocial.html +++ b/website/EN/app_gnusocial.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

GNU Social

-
+
+

GNU Social

+

GNU Social is typically referred to as a microblogging system, although with a maximum post length much longer than Twitter it's really a sort of federated community blog with a stream-based appearance which also supports markdown formatting.

@@ -265,23 +171,23 @@ Some general advice about life in the fediverse can b

-
-
-

gnusocial_pleroma.jpg +

gnusocial_pleroma.jpg

+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -300,9 +206,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your GNU Social domain listed there along with an onion address. You can then navigate to your site in a browser.

@@ -319,63 +225,61 @@ Once you have logged in to GNU Social you may then want to select Admin a GNU Social has a clutter-free mobile user interface which can be accessed via a Tor compatible browser (make sure to add a NoScript exception). Unlike similar proprietary sites there are no bribed posts.

-
-

gnusocial_mobile.jpg +

gnusocial_mobile.jpg

-
-
-

Switching user interfaces

-
+
+

Switching user interfaces

+

A few web based user interfaces are available for GNU SOcial. They are selectable by going to the Administrator control panel and choosing App settings then gnusocial.

-
-

gnusocial_settings.jpg +

gnusocial_settings.jpg

-
    -
  • Qvitter: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived
  • -
  • Pleroma: A modern and lightweight user interface
  • -
  • Classic: Like the original StatusNet UI. Minimal Javascript and has good support for threaded conversations.
  • +
  • Qvitter: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived +
  • +
  • Pleroma: A modern and lightweight user interface +
  • +
  • Classic: Like the original StatusNet UI. Minimal Javascript and has good support for threaded conversations. +
-
-

Using with Emacs

-
-
+
+

Using with Emacs

+
-

gnu-social-mode.jpg +

gnu-social-mode.jpg

-

If you are an Emacs user it's also possible to set up GNU Social mode as follows:

+
mkdir ~/elisp
 git clone https://github.com/bashrc/gnu-social-mode ~/elisp/gnu-social-mode
-echo "(add-to-list 'load-path \"~/elisp/gnu-social-mode\")" >> ~/.emacs
-echo "(require 'gnu-social-mode)" >> ~/.emacs
-echo "(setq gnu-social-server-textlimit 2000" >> ~/.emacs
-echo "      gnu-social-server \"yourgnusocialdomain\"" >> ~/.emacs
-echo "    gnu-social-username \"yourusername\"" >> ~/.emacs
-echo "    gnu-social-password \"gnusocialpassword\")" >> ~/.emacs
+echo "(add-to-list 'load-path \"~/elisp/gnu-social-mode\")" >> ~/.emacs
+echo "(require 'gnu-social-mode)" >> ~/.emacs
+echo "(setq gnu-social-server-textlimit 2000" >> ~/.emacs
+echo "      gnu-social-server \"yourgnusocialdomain\"" >> ~/.emacs
+echo "    gnu-social-username \"yourusername\"" >> ~/.emacs
+echo "    gnu-social-password \"gnusocialpassword\")" >> ~/.emacs
 
@@ -384,6 +288,7 @@ And as a quick reference the main keys are:

+
M-x gnu-social
 
@@ -396,54 +301,54 @@ The basics: - + - + -i -Show icons +i +Show icons -CTRL-c CTRL-s -Post status update +CTRL-c CTRL-s +Post status update -r -Repeat +r +Repeat -F -Favourite +F +Favourite -CTRL-c CTRL-h -Highlight +CTRL-c CTRL-h +Highlight -R -Reply to user +R +Reply to user -CTRL-c CTRL-r -Show replies +CTRL-c CTRL-r +Show replies -CTRL-c CTRL-f -Friends timeline +CTRL-c CTRL-f +Friends timeline -CTRL-c CTRL-v -View user profile +CTRL-c CTRL-v +View user profile @@ -456,19 +361,19 @@ Navigation: - + - + -j -Next +j +Next -k -Previous +k +Previous @@ -481,70 +386,68 @@ Showing timelines: - + - + -g -Current timeline +g +Current timeline -CTRL-c CTRL-a -Public timeline +CTRL-c CTRL-a +Public timeline -CTRL-c CTRL-g -Group timeline +CTRL-c CTRL-g +Group timeline -CTRL-c CTRL-t -Tag timeline +CTRL-c CTRL-t +Tag timeline -CTRL-c CTRL-k -Stop +CTRL-c CTRL-k +Stop -CTRL-c CTRL-u -User timeline +CTRL-c CTRL-u +User timeline -CTRL-c CTRL-c -Conversation timeline +CTRL-c CTRL-c +Conversation timeline -CTRL-c CTRL-o -Remote user timeline +CTRL-c CTRL-o +Remote user timeline -CTRL-c CTRL-d -Post direct Message +CTRL-c CTRL-d +Post direct Message
-
-

Blocking controls

-
-
+
+

Blocking controls

+
-

control_panel_blocking.jpg +

control_panel_blocking.jpg

-

The biggest hazard with GNU Social is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the Administrator control panel and selecting Domain or User Blocking, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/website/EN/app_gogs.html b/website/EN/app_gogs.html index 26c05ff5..8de916d8 100644 --- a/website/EN/app_gogs.html +++ b/website/EN/app_gogs.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,18 +144,16 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

Gogs

-
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -281,9 +191,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Gogs domain listed there along with an onion address. You can then navigate to your site in a browser.

@@ -293,6 +203,7 @@ In a browser navigate to your Gogs site and click the Register button. Th

+
sudo username@domainname -p 2222
 
diff --git a/website/EN/app_htmly.html b/website/EN/app_htmly.html index 6b0b9c69..9b045dc9 100644 --- a/website/EN/app_htmly.html +++ b/website/EN/app_htmly.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,30 +144,31 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

HTMLy

-
+
+

HTMLy

+

HTMLy is a databaseless blogging system.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -277,9 +187,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your HTMLy blog domain listed there along with an onion address. You can then navigate to your site in a browser.

diff --git a/website/EN/app_hubzilla.html b/website/EN/app_hubzilla.html index 373d35a4..af416cb8 100644 --- a/website/EN/app_hubzilla.html +++ b/website/EN/app_hubzilla.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,32 +144,33 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Hubzilla

-
+
+

Hubzilla

+

Hubzilla is a web publishing and social network system which includes wiki, web pages, photo albums and file storage. It also has privacy controls which allow you to define who can see which content. It's possible to write posts and have them visible only to a group of friends (known as "privacy groups"), with the encryption being handled automatically. Currently Hubzilla only works on the clearnet and doesn't have an onion address.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -279,9 +188,9 @@ After the install has completed go to Security settings and select Cre

-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Hubzilla domain listed there. You can then navigate to your site in a browser.

@@ -290,16 +199,14 @@ If you have just obtained a Lets Encrypt certificate as above then go to Abou On first visiting your Hubzilla site you'll see the login screen. The first thing you need to do is register a new user. The first user on the system then becomes its administrator.

-
-

hubzilla_mobile.jpg +

hubzilla_mobile.jpg

-
@@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Icecast

-
+
+

Icecast

+

Icecast enables you to run something like an internet radio station. So if you have multiple audio files and want to be able to stream those in sequence from a web site then this can be useful.

@@ -255,15 +161,18 @@ Icecast enables you to run something like an internet radio station. So if you h

This system is available only via an onion address, which should mitigate the potential for copyright disputes over streamed content. By default it's only set up to stream to a small number of users so that it doesn't put too much stress on CPU or memory requirements, although you can increase the maximum limit if you have a more powerful system and enough bandwidth.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -278,9 +187,9 @@ If you then go to the About screen you'll see the onion address for Iceca
-
-

Adding files to be streamed

-
+
+

Adding files to be streamed

+

There are two ways to get files onto the system: either via ssh or via a USB drive. File types can be ogg, ogv, mp3 or mp4 format.

@@ -290,9 +199,9 @@ It may take a while for the files to import, especially on a low power single bo

-
-

From a USB drive

-
+
+

From a USB drive

+

Create a directory on the USB drive named icestream and copy your files into there. Plug the drive into your server.

@@ -303,14 +212,15 @@ Go to the Administrator control panel, select App settings, then <
-
-

Via ssh

-
+
+

Via ssh

+

Make a directory named icestream and copy your files into it. Then copy the directory to your server.

+
scp -r -P 2222 icestream myusername@mydomain:/home/myusername
 
@@ -320,6 +230,7 @@ Log into your server with:

+
ssh myusername@mydomain -p 2222
 
@@ -331,9 +242,9 @@ Select Administrator controls, enter your password, then go to App set
-
-

Access controls

-
+
+

Access controls

+

By default anyone who happens to find your Icecast onion address can listen to your stream. If you only want it to be available to a few friends or family then you can add an extra login password.

diff --git a/website/EN/app_irc.html b/website/EN/app_irc.html index 7a17e7e1..106427a1 100644 --- a/website/EN/app_irc.html +++ b/website/EN/app_irc.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,30 +144,31 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

IRC

-
+
+

IRC

+

IRC is useful for multi-user chat. The classic use case is for software development where many engineers might need to coordinate their activities, but it's also useful for meetings, parties and general socialising.

+
+
-
-

Irssi

-
+
+

Irssi

+

The easiest way to use irssi is to connect to your system, like this:

+
ssh myusername@mydomain -p 2222
 
@@ -269,9 +179,9 @@ Then select IRC from the menu. However, other than via this method using
-
-

HexChat

-
+
+

HexChat

+

HexChat (formerly XChat) is compatible with proxying via Tor and so provides the best security when connecting to your IRC server. It will allow you to connect to your IRC server's onion address.

@@ -281,6 +191,7 @@ First install HexChat and set up its configuration file. This can be done on you

+
freedombone-client --setup hexchat
 
@@ -290,6 +201,7 @@ Now look up the onion address for your IRC server

+
ssh username@mydomainname -p 2222
 
@@ -324,7 +236,7 @@ If you are using the ordinary domain name (clearnet/ICANN) then make sure that <
-

hexchat_setup_clearnet.jpg +

hexchat_setup_clearnet.jpg

@@ -334,7 +246,7 @@ If you are using the onion address then use SSL should be unchecked and t
-

hexchat_setup.jpg +

hexchat_setup.jpg

@@ -352,9 +264,9 @@ Click close and then connect.
-
-

Emacs

-
+
+

Emacs

+

If you are an Emacs user then you can also connect to your IRC server via Emacs.

@@ -364,6 +276,7 @@ Ensure that tor is installed onto your local system:

+
sudo apt-get install tor
 
@@ -373,6 +286,7 @@ Add the following to your Emacs configuration file:

+
(setq socks-noproxy '("localhost"))
 (require 'socks)
 (require 'tls)
@@ -386,14 +300,15 @@ Add the following to your Emacs configuration file:
 
-
-

Changing or removing the IRC password

-
+
+

Changing or removing the IRC password

+

By default the IRC server is set up to require a password for users to log in. The password is the same for all users. If you want to change or remove the password:

+
ssh myusername@mydomain -p 2222
 
diff --git a/website/EN/app_kanboard.html b/website/EN/app_kanboard.html index 4a3b1f55..e3cded05 100644 --- a/website/EN/app_kanboard.html +++ b/website/EN/app_kanboard.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,32 +144,33 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

KanBoard

-
+
+

KanBoard

+

Kanbans are one way of managing projects. They're traditionally used in businesses but can also be useful for personal TODO lists or within open source or DIY projects. If you have a list of things which need to be done and want to keep track of progress then this provides a way to do that.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -278,9 +187,9 @@ After the install has completed go to Security settings and select Cre

-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your KanBoard domain listed there along with an onion address. You can then navigate to your site in a browser.

diff --git a/website/EN/app_keyserver.html b/website/EN/app_keyserver.html index 1421b6f0..f173acd9 100644 --- a/website/EN/app_keyserver.html +++ b/website/EN/app_keyserver.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

OpenPGP Key Server

-
+
+

OpenPGP Key Server

+

The web of trust is a nice idea, but how trustable is it? If you take a look at how many OpenPGP key servers are out there then there are a two or three main ones and not much else. Can you trust those servers? Who is maintaining them and how often? Is any censorship going on? How hard would it be for adversaries to get implants onto them? In terms of technology this infrastructure is quite old and it could have been neglected for a long time. Once vigilant maintainers might have turned lazy and gotten lax with server security, or been recruited over to the dark side.

@@ -256,24 +162,25 @@ The web of trust is a nice idea, but how trustable is it? If you take a l For these kinds of reasons you might prefer to run your own web of trust infrastructure. In simple terms it's a database of GPG public keys which provides a way for users to find out how to communicate with others securely via email. You can meet in person and exchange public keys via sneakernet on USB drives, but most users of GPG don't do that. Instead they just download the public key for a given email address from one of the key servers.

-
-

keyserver.jpg +

keyserver.jpg

+
-
-

Installation

-
+
+

Installation

+

ssh into the system with:

-
ssh myusername@mydomain.com -p 2222
-
+ +
ssh myusername@mydomain.com -p 2222
+

@@ -286,16 +193,17 @@ After the install has completed go to Security settings and select Cre

-
-

How to use it

-
+
+

How to use it

+

Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the –keyserver option. For example to search for a key on your server:

-
gpg --keyserver [your keyserver domain] --search-keys [email address]
-
+ +
gpg --keyserver [your keyserver domain] --search-keys [email address]
+
@@ -304,8 +212,9 @@ Or to send a key to it:

-
gpg --keyserver [your keyserver domain] --send-keys [email address or key ID]
-
+ +
gpg --keyserver [your keyserver domain] --send-keys [email address or key ID]
+

@@ -313,14 +222,15 @@ Or to get a key:

-
gpg --keyserver [your keyserver domain] --recv-keys [email address or key ID]
-
+ +
gpg --keyserver [your keyserver domain] --recv-keys [email address or key ID]
+
-
-

Sync with other keyservers

-
+
+

Sync with other keyservers

+

Key servers avoid censorship or errors by gossiping between each other and cross referencing the data. You can define which other servers your key server will gossip with by going to the Administrator control panel, selecting App Settings then keyserver then Sync with other keyserver.

@@ -330,9 +240,9 @@ It's a good idea not to try to sync with the popular OpenPGP key servers, becaus

-
-

Possible problems

-
+
+

Possible problems

+

OpenPGP key servers are not very well defended from flooding attacks. This means that an adversary could just upload a billion keys to destabilize the server and fill it with nonsense to make it unusable. Since key servers are fully open to the public there isn't anything to prevent that from happening.

diff --git a/website/EN/app_koel.html b/website/EN/app_koel.html index c4f729c0..5aad5e96 100644 --- a/website/EN/app_koel.html +++ b/website/EN/app_koel.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,40 +144,39 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Koel

-
+
+

Koel

+

This enables you to store your music on the Freedombone server and then access it from any internet connected device. If you just want to make music accessible within your home network then DLNA is usually sufficient, but if you want to be able to play your music from anywhere then Koel is a better option.

-
-

koel.jpg +

koel.jpg

+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -288,42 +195,39 @@ Go back to the Administrator control panel, select Passwords then Once logged in go to settings and set the media path to /music.

-
-

koelsettings.jpg +

koelsettings.jpg

-
-
-

Importing music

-
+
+

Importing music

+

This app doesn't have any way to upload music and instead just expects that there will be a directory on the server containing music files. There are a couple of ways to get new music files onto the system: either by using ssh or by putting them onto a USB drive.

-
-

control_panel_koel.jpg +

control_panel_koel.jpg

-
-
-

Via ssh

-
+
+

Via ssh

+

On your local system:

-
scp -P 2222 -r ~/Music username@domainname:/home/username
-
+ +
scp -P 2222 -r ~/Music username@domainname:/home/username
+

@@ -335,8 +239,9 @@ Now log in to your Freedombone system:

-
ssh username@domainname -p 2222
-
+ +
ssh username@domainname -p 2222
+

@@ -345,9 +250,9 @@ And select Administrator settings followed by App settings then

-
-

Via USB drive

-
+
+

Via USB drive

+

Create a LUKS formatted USB drive. It's possible to do this by plugging a new USB drive into the Freedombone system then going to the Administrator control panel, selecting App settings then koel then Format a USB drive. You will need to specify a password, which in this case doesn't need to be anything highly secure.

@@ -362,9 +267,9 @@ Once you have music on a LUKS formatted USB drive then plug it into the Freedomb
-
-

Synchronizing

-
+
+

Synchronizing

+

To detect the imported files you might need to re-synchronize. Within Koel go to settings and then select Scan. Any imported files should then be available to play.

diff --git a/website/EN/app_lychee.html b/website/EN/app_lychee.html index 1b15672c..a3da189d 100644 --- a/website/EN/app_lychee.html +++ b/website/EN/app_lychee.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,30 +144,31 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Lychee

-
+
+

Lychee

+

Lychee is a simple and lightweight photo album for the web. Whether you're an amateur or professional photographer, or want to publish random holiday pics or cat pictures. Lychee just does what it says it does without any fuss. There is also a photo album feature within Hubzilla if you need more sophisticated social photo sharing with individualised permissions.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -277,9 +187,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Lychee domain listed there along with an onion address. You can then navigate to your site in a browser.

@@ -288,13 +198,11 @@ If you have just obtained a Lets Encrypt certificate as above then go to Abou Within a browser navigate to your lychee domain name or onion address. It should look like this:

-
-

lychee_setup.jpg +

lychee_setup.jpg

-

Within the Administrator control panel select App Settings and then lychee. This will show the initial login settings which you need to set up the database. To copy the password hold down the shift key, select the password then right click and copy. diff --git a/website/EN/app_mailpile.html b/website/EN/app_mailpile.html index df956335..d2de925e 100644 --- a/website/EN/app_mailpile.html +++ b/website/EN/app_mailpile.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

Mailpile

-
+
+

Mailpile

+

Mailpile provides a nice looking webmail interface suitable for use on desktop or mobile clients. It has good support for email encryption and makes that quite an simple process. At present it's usable but still has a few bugs and limitations. If you need a fully functional email client with comprehensive encryption support then either use Mutt or Thunderbird/Icedove.

@@ -259,15 +165,18 @@ An advantage of this type of webmail is that it keeps your GPG keys off of an

One down side is that this appears to be a single user system, so if you have multiple users on your Freedombone server only the administrator will actually be able to use mailpile.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -286,9 +195,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Mailpile domain listed there along with an onion address. You can then navigate to your site in a browser.

@@ -329,25 +238,21 @@ Uncheck Detect Settings and click Next. Under Sending Mail select local or if you need to proxy outgoing email through your ISP's server select SMTP/TLS and enter the details, then click Next.

-
-

mailpile_setup.jpg +

mailpile_setup.jpg

-

Under Receiving files select IMAP, the domain as localhost, port 143 and your username, then click Next. Astute readers may well be concerned that IMAP over port 143 is not encrypted, but since this is only via localhost communication between the Mail Transport Agent and Mailpile doesn't travel over the internet and port 143 is not opened on the firewall so it's not possible to accidentally connect an external mail client insecurely.

-
-

mailpile_setup_keys.jpg +

mailpile_setup_keys.jpg

-

Under Security and Privacy either select your existing encryption key or if you only get the option to create a new one then do so, then click Add or Save. diff --git a/website/EN/app_matrix.html b/website/EN/app_matrix.html index b1a35c4e..d57fa176 100644 --- a/website/EN/app_matrix.html +++ b/website/EN/app_matrix.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,25 +144,21 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
-
-

Matrix

-
- -
+
+

Matrix

+
-

matrix_riotweb.jpg +

matrix_riotweb.jpg

-

Matrix is a federated communications system, typically for multi-user chat, with end-to-end content security features. You can consider it to be like a modernized version of IRC chat where the crypto and access controls have been built in by default. At present Matrix is really only a creature of the clearnet and so there isn't any way to protect the metadata. Despite the talk of security the lack of metadata defenses make this really only suitable for public communications, similar to microblogging or public IRC channels. @@ -263,15 +167,18 @@ Matrix is a federated communications system, typically for multi-user chat, with

Another consideration is that since matrix operates on the usual HTTPS port number (443) this may make it difficult for ISPs or governments to censor this type of communications via port blocking without significant blowback.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -286,9 +193,9 @@ Select Add/Remove Apps then matrix. You will then be asked for a d
-
-

Initial setup

-
+
+

Initial setup

+

Go to the Administrator control panel and select Passwords then matrix. This will give you the password to initially log in to the system and you can change it later from a client app if needed.

@@ -303,14 +210,15 @@ Other client apps are available but are currently mostly only at the alpha stage
-
-

DNS setup

-
+
+

DNS setup

+

It's recommended that you add an SRV record for Matrix to your DNS setup. How you do this will depend upon your dynamic DNS provider and their web interface. On FreeDNS on the subdomains settings in addition to the subdomain which you are using for the matrix server create an extra entry as follows:

+
Type: SRV
 Subdomain: _matrix._tcp
 Domain: [youdomain]
@@ -324,9 +232,9 @@ You may also want to make another entry with the same settings but replacing 
 
-
-

Mobile app

-
+
+

Mobile app

+

If you're using the Riot mobile app to access your Matrix homeserver then you can significantly improve battery performance by going to the settings and changing Sync request timeout to 30 seconds and Delay between two sync requests to 600 seconds. Also turning off msgs in group chats will help, since it will avoid getting a notification whenever a group chat event happens, which then wakes up the screen.

diff --git a/website/EN/app_mediagoblin.html b/website/EN/app_mediagoblin.html index ab90dc05..824a798b 100644 --- a/website/EN/app_mediagoblin.html +++ b/website/EN/app_mediagoblin.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Mediagoblin

-
+
+

Mediagoblin

+

With Mediagoblin you can host video and audio content in a similar manner to the proprietary systems such as YouTube and SoundCloud. This system supports free media formats such as webm, ogv and ogg. Another similar system which might be better fitted for small servers is PeerTube, since it uses webtorrent to distribute video files. Webtorrent will only work with WebRTC enabled browsers though.

@@ -256,22 +162,25 @@ With Mediagoblin you can host video and audio content in a similar manner to the When hosting media files you should take into consideration that since anyone on the internet can view your content then this could significantly increase your bandwidth usage and overall strain on the server. Also unless you are just hosting images then hardware such as the Beaglebone Black won't be powerful enough for a good user experience when either uploading or playing back videos. It's recommended that you use one of the more powerful quad (or more) core single board computers or an old laptop if you want to run Mediagoblin on it.

-
+

mediagoblin.jpg

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -291,9 +200,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Mediagoblin domain listed there along with an onion address. You can then navigate to your site in a browser.

@@ -309,14 +218,15 @@ You should repeat that for however many accounts you want on the system and then
-
-

File formats

-
+
+

File formats

+

It's a good idea to upload videos in webm format. In that case Mediagoblin will skip the transcoding step (which can take hours for videos of non-trivial length) and the whole process will be quicker. Transcoding just converts whatever file format you submit into a standard resolution and file type. On your local system you can convert a video to webm with:

+
ffmpeg -i myvideo.mp4 myvideo.webm
 
@@ -326,6 +236,7 @@ Or if you are moving a video from YouTube to your own site:

+
youtube-dl -f webm [my_video_url]
 
diff --git a/website/EN/app_mumble.html b/website/EN/app_mumble.html index 2c3723af..ca8a2579 100644 --- a/website/EN/app_mumble.html +++ b/website/EN/app_mumble.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,39 +144,40 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Mumble

-
+
+

Mumble

+

Mumble is a well known VoIP system originally used for gaming, but which works just as well for any general conference calls or meetings.

+
+
-
-

Text chat

-
+
+

Text chat

+

In addition to voice it is also possible to do text chat via mumble. The security of this is pretty good provided that you do it via Plumble and Orbot on mobile, but compared to other options such as XMPP/Conversations or Tox the security is not as good, since the mumble server currently doesn't support forward secrecy.

-
-

Using with Ubuntu

-
+
+

Using with Ubuntu

+

First ensure that tor is installed. Within a terminal:

+
sudo apt-get install tor
 
@@ -281,13 +190,11 @@ Within the software center search for "mumble" and install the client then run i From the menu select Configure then Settings. Select the Advanced checkbox then select Network. Select Force TCP mode and proxy type Socks5. Hostname should be set to localhost and port should be 9050.

-
-

mumble_config.jpg +

mumble_config.jpg

-

Select Apply and Ok, then on the menu Server and Connect. @@ -299,9 +206,9 @@ Click on "add new" to add a new server and enter the default domain name

-
-

Using with Android

-
+
+

Using with Android

+

Install F-Droid

diff --git a/website/EN/app_nextcloud.html b/website/EN/app_nextcloud.html index e148fcf0..6b9faaa1 100644 --- a/website/EN/app_nextcloud.html +++ b/website/EN/app_nextcloud.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,25 +144,21 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
-
-

NextCloud

-
- -
+
+

NextCloud

+
-

nextcloud.jpg +

nextcloud.jpg

-

NextCloud is a system for file synchronisation and also has many other plugins for calendar, videoconferencing, collaborative document editing and federated file sharing. It's a lot more elaborate than Syncthing, but there may be situations where centralized control of your files on your server is better than a purely peer-to-peer approach (eg. if you need to remove a user's access to files). @@ -263,25 +167,28 @@ NextCloud is a system for file synchronisation and also has many other plugins f

The videoconferencing plugin requires a browser with WebRTC support and so is unlikely to work in a Tor browser, but may still be a better option than using proprietary systems.

+
+
-
-

Operational considerations

-
+
+

Operational considerations

+

If your ISP or the government in your area is part of your threat model then NextCloud may not be the best choice for hosting files and Syncthing could be preferable. In the past the NextCloud company is known to have remotely scanned servers without permission and reported server admins who don't immediately update to the latest version of the software to their ISPs or to questionable government agencies. Depending upon where you are located such activities by the developer, which are not really in the spirit of independent self-hosting, could have very undesirable results.

-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -294,9 +201,9 @@ Select Add/Remove Apps then nextcloud. You will then be asked for

-
-

Initial setup

-
+
+

Initial setup

+

Go to the Administrator control panel and select Passwords then nextcloud. This will give you the password to initially log in to the system and you can change it later from a client app if needed.

diff --git a/website/EN/app_peertube.html b/website/EN/app_peertube.html index 454b0fae..767ed128 100644 --- a/website/EN/app_peertube.html +++ b/website/EN/app_peertube.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,34 +144,32 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
-
-

peertube.jpg +

peertube.jpg

-

This is a video hosting system similar to Mediagoblin but using webtorrent to help distribute the files to or between clients. This should be more practical for situations where a video becomes popular because the load is then spread across the network, with performance increasing with the number of nodes. However, the torrenting aspect of it only works with WebRTC enabled browsers and so this means it's unlikely to fully work with a Tor browser. Without WebRTC then from a user point of view it's effectively the same thing as Mediagoblin.

-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -278,9 +184,9 @@ Select Add/Remove Apps then peertube. You will then be asked for a
-
-

Initial setup

-
+
+

Initial setup

+

Navigate to your site and select Signup to create a new account. By default the maximum number of accounts on your system is limited to a small number so that millions of random internet users can't then begin uploading dubious content. After that it's pretty straightforward.

@@ -291,9 +197,9 @@ If you wish it's possible to turn off further signups via the Administrator c
-
-

Importing videos from YouTube/Vimeo/Dailymotion

-
+
+

Importing videos from YouTube/Vimeo/Dailymotion

+

It's possible to import videos from the main proprietary video hosting sites. Only do this if they're videos which you made, or if the license is Creative Commons. Hosting arbitrary videos under nonfree licenses is likely to get you into trouble, and we know how that works out from the P2P wars of the 2000s (i.e. badly).

@@ -304,9 +210,9 @@ Go to the Administrator control panel, select App settings then
-
-

Importing videos from your desktop

-
+
+

Importing videos from your desktop

+

The most convenient way to add new videos to PeerTube is if you have the syncthing app installed. Set up syncthing with a folder called ~/Sync in your home directory. Create a subdirectory called ~/Sync/peertube_upload. Within that directory make a text file called login.txt. This will contain your PeerTube login details.

diff --git a/website/EN/app_pihole.html b/website/EN/app_pihole.html index 65a57a41..6c40c55f 100644 --- a/website/EN/app_pihole.html +++ b/website/EN/app_pihole.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

PI-Hole: The Black Hole for Web Adverts

-
+
+

PI-Hole: The Black Hole for Web Adverts

+

Idiots who have an inflated sense of self-entitlement will tell you that it's your moral duty to view their mind-numbingly tedious corporate ads on their web site or YouTube channel, or else their kids will starve and the sky will fall because their revenue stream will dry up. But that's bullshit. There is nothing intrinsic or morally mandatory about adverts propping up the livelihoods of netizens, and indeed a web not primarily based on advertising money might have been a much better and more interesting place by now, with a lot less spying.

@@ -263,10 +169,12 @@ You can block ads for any devices connected to your local network by installing

Also don't expect perfection. Though many ads may be blocked by this system some will still get through. It's a constant cat and mouse game between advertisers and blockers.

+
+
-
-

Set a static IP address

-
+
+

Set a static IP address

+

Ensure that your system has a static local IP address (typically 192.168..) using the option on the control panel. You will also need to know the IP address of your internet router, which is usually 192.168.1.1 or 192.168.1.254.

@@ -277,17 +185,18 @@ When that's done select About this system from the control panel and see
-
-

On each client system within your local network

-
+
+

On each client system within your local network

+

Make sure that you add the static IP address for the server to /etc/hosts.

-
STATIC_IP=[your server static IP]
-sudo echo "$STATIC_IP [your domain name]" >> /etc/hosts
-
+ +
STATIC_IP=[your server static IP]
+sudo echo "$STATIC_IP [your domain name]" >> /etc/hosts
+

@@ -295,12 +204,13 @@ On Arch/Parabola:

-
sudo pacman -S openresolv
-sudo sed -i "s|#name_servers=.*|name_servers=$STATIC_IP|g" /etc/resolvconf.conf
-sudo sed -i "s|name_servers=.*|name_servers=$STATIC_IP|g" /etc/resolvconf.conf
+
+
sudo pacman -S openresolv
+sudo sed -i "s|#name_servers=.*|name_servers=$STATIC_IP|g" /etc/resolvconf.conf
+sudo sed -i "s|name_servers=.*|name_servers=$STATIC_IP|g" /etc/resolvconf.conf
 sudo chattr -i /etc/resolv.conf
 sudo resolvconf -u
-
+

@@ -308,21 +218,22 @@ Or on a Debian based system:

-
sudo apt-get install resolvconf
-echo 'domain localdomain' > /tmp/resolvconf
-echo 'search localdomain' >> /tmp/resolvconf
-echo "nameserver $STATIC_IP" >> /tmp/resolvconf
+
+
sudo apt-get install resolvconf
+echo 'domain localdomain' > /tmp/resolvconf
+echo 'search localdomain' >> /tmp/resolvconf
+echo "nameserver $STATIC_IP" >> /tmp/resolvconf
 sudo mv /tmp/resolvconf /etc/resolvconf/resolv.conf.d/head
 sudo chattr -i /etc/resolv.conf
 sudo resolvconf -u
-
+
-
-

On your internet router

-
+
+

On your internet router

+

If you can access the settings on your local internet router then this is the simplest way to provide ad blocking for all devices which connect to it. Unfortunately some router models don't let you edit the DNS settings and if that's the case you might want to consider getting a different router.

@@ -332,9 +243,9 @@ Edit the DNS settings and add the IPv4 address which you got from the control pa

-
-

LibreCMC

-
+
+

LibreCMC

+

On a router running LibreCMC from the Network menu select DHCP and DNS. Enter the static IP address of your Freedombone system within DNS Forwardings, then at the bottom of the page click on Save & Apply. Any devices which connect to your router will now have ad blocking.

@@ -342,18 +253,23 @@ On a router running LibreCMC from the Network menu select DHCP and DNS
-
-

Configuring block lists

-
+
+

Configuring block lists

+

You can configure the block lists which the system uses by going to the administrator control panel, selecting App Settings then choosing pihole. You can also add any extra domain names to the whitelist if they're being wrongly blocked or to the blacklist if they're not blocked by the current lists.

-
-Return to the home page -
+
+

+<center> +Return to the <a href="index.html">home page</a> +</center> +

+ +
diff --git a/website/EN/app_pleroma.html b/website/EN/app_pleroma.html index 1a3fa739..554fc8a8 100644 --- a/website/EN/app_pleroma.html +++ b/website/EN/app_pleroma.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,21 +144,18 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
-
-

pleroma-logo.png +

pleroma-logo.png

-

@@ -266,22 +171,21 @@ Pleroma is an OStatus and ActivityPub compatible social networking server, compa Some general advice about life in the fediverse can be found here.

-
-

pleroma.jpg +

pleroma.jpg

-
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -296,9 +200,9 @@ Select Add/Remove Apps then pleroma. You will then be asked for a
-
-

Initial setup

-
+
+

Initial setup

+

The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.

@@ -309,49 +213,44 @@ Once you have done that then you can disable further registrations from the A
-
-

Mastodon user interface

-
+
+

Mastodon user interface

+

If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to /yourpleromadomainname/web and log in.

-
-

pleromamastodon.jpg +

pleromamastodon.jpg

-
-
-

Mobile apps

-
+
+

Mobile apps

+

It's also possible to use Mastodon apps together with Pleroma, such as Tusky, since it supports the Mastodon API. You may need to install IcecatMobile and set it as your default browser (under Settings/Apps/Menu) in order for the initial oauth registration process to work.

-
-

tusky.jpg +

tusky.jpg

-
-
-

Blocking controls

-
-
+ +
+

Blocking controls

+
-

control_panel_blocking.jpg +

control_panel_blocking.jpg

-

The biggest hazard with Pleroma is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the Administrator control panel and selecting Domain or User Blocking, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/website/EN/app_postactiv.html b/website/EN/app_postactiv.html index 25a462bf..4286e336 100644 --- a/website/EN/app_postactiv.html +++ b/website/EN/app_postactiv.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

PostActiv

-
+
+

PostActiv

+

PostActiv is a fork of GNU Social which includes some extra fixes and optimisations to improve performance. It federates just like GNU Social does and so whether you choose GNU Social or PostActiv is really just down to personal prefernce.

@@ -256,24 +162,25 @@ PostActiv is a fork of GNU Social which inclu Some general advice about life in the fediverse can be found here.

-
-

postactiv_pleroma.jpg +

postactiv_pleroma.jpg

+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -290,9 +197,9 @@ After the install has completed go to Security settings and select Cre

-
-

Initial setup

-
+
+

Initial setup

+

If you have just obtained a Lets Encrypt certificate as above then go to About on the administrator control panel and you should see your Postactiv domain listed there along with an onion address. You can then navigate to your site in a browser.

@@ -307,54 +214,54 @@ Navigate to your PostActiv domain name and log in.
-
-

Switching user interfaces

-
+
+

Switching user interfaces

+

A few web based user interfaces are available for PostActiv. They are selectable by going to the Administrator control panel and choosing App settings then postactiv.

-
-

postactiv_settings.jpg +

postactiv_settings.jpg

-
    -
  • Qvitter: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived
  • -
  • Pleroma: A modern and lightweight user interface
  • -
  • Classic: Like the original StatusNet UI. Minimal Javascript and has good support for threaded conversations.
  • +
  • Qvitter: Looks similar to Twitter during its golden era, before the ads and other antifeatures arrived +
  • +
  • Pleroma: A modern and lightweight user interface +
  • +
  • Classic: Like the original StatusNet UI. Minimal Javascript and has good support for threaded conversations. +
-
-

Using with Emacs

-
-
+
+

Using with Emacs

+
-

gnu-social-mode.jpg +

gnu-social-mode.jpg

-

If you are an Emacs user it's also possible to set up GNU Social mode, which is compatible with PostActiv. You can do that as follows:

-
mkdir ~/elisp
+
+
mkdir ~/elisp
 git clone https://github.com/bashrc/gnu-social-mode ~/elisp/gnu-social-mode
-echo "(add-to-list 'load-path \"~/elisp/gnu-social-mode\")" >> ~/.emacs
-echo "(require 'gnu-social-mode)" >> ~/.emacs
-echo "(setq gnu-social-server-textlimit 2000" >> ~/.emacs
-echo "      gnu-social-server \"yourpostactivdomain\"" >> ~/.emacs
-echo "    gnu-social-username \"yourusername\"" >> ~/.emacs
-echo "    gnu-social-password \"postactivpassword\")" >> ~/.emacs
-
+echo "(add-to-list 'load-path \"~/elisp/gnu-social-mode\")" >> ~/.emacs +echo "(require 'gnu-social-mode)" >> ~/.emacs +echo "(setq gnu-social-server-textlimit 2000" >> ~/.emacs +echo " gnu-social-server \"yourpostactivdomain\"" >> ~/.emacs +echo " gnu-social-username \"yourusername\"" >> ~/.emacs +echo " gnu-social-password \"postactivpassword\")" >> ~/.emacs +

@@ -362,8 +269,9 @@ And as a quick reference the main keys are:

-
M-x gnu-social
-
+ +
M-x gnu-social
+

@@ -374,54 +282,54 @@ The basics: - + - + -i -Show icons +i +Show icons -CTRL-c CTRL-s -Post status update +CTRL-c CTRL-s +Post status update -r -Repeat +r +Repeat -F -Favourite +F +Favourite -CTRL-c CTRL-h -Highlight +CTRL-c CTRL-h +Highlight -R -Reply to user +R +Reply to user -CTRL-c CTRL-r -Show replies +CTRL-c CTRL-r +Show replies -CTRL-c CTRL-f -Friends timeline +CTRL-c CTRL-f +Friends timeline -CTRL-c CTRL-v -View user profile +CTRL-c CTRL-v +View user profile @@ -434,19 +342,19 @@ Navigation: - + - + -j -Next +j +Next -k -Previous +k +Previous @@ -459,70 +367,68 @@ Showing timelines: - + - + -g -Current timeline +g +Current timeline -CTRL-c CTRL-a -Public timeline +CTRL-c CTRL-a +Public timeline -CTRL-c CTRL-g -Group timeline +CTRL-c CTRL-g +Group timeline -CTRL-c CTRL-t -Tag timeline +CTRL-c CTRL-t +Tag timeline -CTRL-c CTRL-k -Stop +CTRL-c CTRL-k +Stop -CTRL-c CTRL-u -User timeline +CTRL-c CTRL-u +User timeline -CTRL-c CTRL-c -Conversation timeline +CTRL-c CTRL-c +Conversation timeline -CTRL-c CTRL-o -Remote user timeline +CTRL-c CTRL-o +Remote user timeline -CTRL-c CTRL-d -Post direct Message +CTRL-c CTRL-d +Post direct Message

-
-

Blocking controls

-
-
+
+

Blocking controls

+
-

control_panel_blocking.jpg +

control_panel_blocking.jpg

-

The biggest hazard with PostActiv is that it's part of a public federated communications system. This means that conversations and replies from other servers may end up in your "whole known network" stream. The internet being what it is, some of these could be undesirable. You can block individual users or entire domains by going to the Administrator control panel and selecting Domain or User Blocking, then adding or removing entries. This blocks domains at the firewall level and also at the level of database and file storage. diff --git a/website/EN/app_privatebin.html b/website/EN/app_privatebin.html index 67ec1dfc..436f4ae8 100644 --- a/website/EN/app_privatebin.html +++ b/website/EN/app_privatebin.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

PrivateBin

-
+
+

PrivateBin

+

This is an encrypted pastebin, such that the server has zero knowledge of the content. It's intended for small amounts of text less than 32K in length. It's not intended for transfering large files, or for storing pastes for more than a day.

@@ -255,15 +161,18 @@ This is an encrypted pastebin, such that the server has zero knowledge of the co

Because this is completely open to any user on the internet you should be wary of the potential for DDoS, and only install this app if you really need to avoid using other pastebins or if other pastebin sites are censored or untrustable. There are traffic limits set within this app to attempt to minimize the potential for flooding attacks, but that might still not be sufficient in the worst cases.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
diff --git a/website/EN/app_profanity.html b/website/EN/app_profanity.html index 30faa505..4842c790 100644 --- a/website/EN/app_profanity.html +++ b/website/EN/app_profanity.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
@@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,40 +144,39 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
-
-

Riot Web

-
- -
+
+

Riot Web

+
-

riotweb.jpg +

riotweb.jpg

-

Riot Web is a browser based user interface for the Matrix federated communications system. It allows you to do encrypted one-to-one or group chat, and has some fancy WebRTC features for voice and video conversations. The WebRTC stuff won't work in a Tor browser though. This type of system is fine for general public communications and collaboration on open source projects or gaming groups. For things which require real privacy though stick to XMPP with OMEMO.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -282,9 +189,9 @@ Select Add/Remove Apps then riot and also make sure that matrix

-
-

Initial setup

-
+
+

Initial setup

+

Go to the Administrator control panel and select Passwords then matrix. This will give you the password to initially log in using the Riot Web user interface. Log in, and that's it. Happy chatting.

diff --git a/website/EN/app_rss.html b/website/EN/app_rss.html index 78872b04..fe169a99 100644 --- a/website/EN/app_rss.html +++ b/website/EN/app_rss.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,38 +144,37 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

RSS Reader

-
+
+

RSS Reader

+

The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier.

-
-

rss_reader_mobile.jpg +

rss_reader_mobile.jpg

+
-
-
-

With Emacs

-
+
+

With Emacs

+

If you are an Emacs user then you can also read your RSS feeds via the Avandu mode.

@@ -311,6 +219,7 @@ Add the following to your configuration, changing the address and password as ap

+
(setq avandu-tt-rss-api-url "http://rss_reader_onion_address/api/"
       avandu-user "admin"
       avandu-password "mypassword")
@@ -322,6 +231,7 @@ If you don't already have Emacs set up to route through Tor then also add the fo
 

+
(setq socks-noproxy '("localhost"))
 (require 'socks)
 (require 'tls)
@@ -334,6 +244,7 @@ And ensure that the Tor daemon is installed. On a debian based system:
 

+
sudo apt-get install tor
 
@@ -343,6 +254,7 @@ or on Arch/Parabola:

+
sudo pacman -S tor
 sudo systemctl enable tor
 sudo systemctl start tor
diff --git a/website/EN/app_searx.html b/website/EN/app_searx.html
index 7b400650..e47c07eb 100644
--- a/website/EN/app_searx.html
+++ b/website/EN/app_searx.html
@@ -3,33 +3,26 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
 
-
-
-
-
-
-
-
+
+
+
+
+
-
+
 
 
@@ -189,7 +97,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2017 Free Software Foundation, Inc.
+Copyright (C) 2012-2013 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -236,18 +144,16 @@ for the JavaScript code in this tag.
 
 
-
+

-

logo.png +

logo.png

-
- -
-

SearX

-
+
+

SearX

+

SearX is a metasearch engine. That means it returns results from other selected search engines. It's accessible via an onion address and provides a private search ability. Really the only advantage it gives you over searching directly from a Tor browser is the ability to customise your search experience.

@@ -257,22 +163,22 @@ In terms of security both the connection between you and the server, and the out

-
-
-

searx.jpg +

searx.jpg

+
-
-

Installation

-
+
+

Installation

+

ssh into the system with:

+
ssh myusername@mydomain.com -p 2222
 
@@ -287,18 +193,18 @@ Once it has installed go to About on the Administrator control panel
-
-

Make it your default search

-
+
+

Make it your default search

+

In a Tor browser click on the magnifying glass icon next to the search box and you can then add your metasearch site. A small icon will appear called "Freedombone Metasearch" and you can then right click on it and make it the default search.

-
-

Enabling password login

-
+
+

Enabling password login

+

It's possible that you might not want just anyone on the interwebs to be able to use your metasearch engine. Even with the onion routing this might carry some legal risk or make you a target for denial-of-service attempts (although Tor's rate limits and the firewall will give you some defense against that).

@@ -309,9 +215,9 @@ To enable password login go to the Administrator control panel then Ap
-
-

Customization

-
+
+

Customization

+

It's also possible to customise the background image if you go to App settings then select searx.

diff --git a/website/EN/app_syncthing.html b/website/EN/app_syncthing.html index 5709c808..5d477593 100644 --- a/website/EN/app_syncthing.html +++ b/website/EN/app_syncthing.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Syncthing

-
+
+

Syncthing

+

Syncthing provides a similar capability to proprietary systems such as Dropbox, and also is well suited for use with low power single board computers. You can have one or more directories which are synchronized across your various laptops/desktops/devices, and this makes it hard for you to ever lose important files. The manner in which the synchronization is done is pretty secure, such that it would be difficult for passive adversaries (mass surveillance, "men in the middle", etc) to know what files you're sharing. Of course, you don't necessarily need to be running a server in order to use Syncthing, but if you do have a server which is always running then there's always at least one place to synchronize your files to or from.

@@ -254,17 +161,20 @@ Syncthing provides a similar capability to proprietary systems such as Dropbox,

Freedombone provides Syncthing shared directories for each user on the system, plus a single shared directory for all users. The expected most common scenario here is that of a family in which members may not want to share all of their files with each other, but might want to share some in a common pool (eg. birthday photos). You can also easily share between different servers.

+
+
-
-

On a laptop

-
+
+

On a laptop

+

Install syncthing on a Debian based distro:

+
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
-echo "deb http://apt.syncthing.net/ syncthing release" | sudo tee /etc/apt/sources.list.d/syncthing.list
+echo "deb http://apt.syncthing.net/ syncthing release" | sudo tee /etc/apt/sources.list.d/syncthing.list
 sudo apt-get update
 sudo apt-get install syncthing
 
@@ -275,6 +185,7 @@ Or on Arch/Parabola:

+
sudo pacman -S syncthing
 
@@ -288,6 +199,7 @@ In another terminal log into Freedombone:

+
ssh username@domainname -p 2222
 
@@ -296,13 +208,11 @@ In another terminal log into Freedombone: Then select File Synchronization.

-
-

control_panel_file_sync.jpg +

control_panel_file_sync.jpg

-

Select Show device ID and copy the long string of letters and numbers shown, using the shift key then select the text followed by right click then select copy. @@ -312,13 +222,11 @@ Select Show device ID and copy the long string of letters and numbers sho Open a non-Tor browser and enter http://127.0.0.1:8384 as the URL. You should now see the minimalistic user interface. Under Remote Devices select Add Remote Device. In the Device ID field paste the string you just copied (CTRL+v). The Device name can be anything. Under Share Folders with Device check default (or whatever folder you created on your local machine), then save.

-
-

syncthing_browser.jpg +

syncthing_browser.jpg

-

From the top menu select Actions and then Show ID, then copy the ID string (usually select then CTRL+c). Go back to the terminal control panel menu and select Add an ID then paste what you just copied (CTRL+v). Optionally you can also provide a description so that you later can know what that string corresponds to. @@ -330,9 +238,9 @@ Now wait for a few minutes. Eventually you will see two messages appear within t

-
-

On Android

-
+
+

On Android

+

Install Syncthing and Connectbot from F-droid.

diff --git a/website/EN/app_tahoelafs.html b/website/EN/app_tahoelafs.html index 905d246b..fe675aba 100644 --- a/website/EN/app_tahoelafs.html +++ b/website/EN/app_tahoelafs.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,32 +144,33 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Tahoe-LAFS

-
+
+

Tahoe-LAFS

+

This is a robust system for encrypted file storage on one or more servers. Files are accessed via a URL which contains the public key with which it was encrypted.

+
+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

-
ssh myusername@mydomain -p 2222
-
+ +
ssh myusername@mydomain -p 2222
+

@@ -274,9 +183,9 @@ Select Add/Remove Apps then tahoelafs. This system is entirely bas

-
-

Initial setup

-
+
+

Initial setup

+

Get the login password for your Tahoe-LAFS system by going to Passwords on the Administrator control panel and selecting tahoelafs.

@@ -287,20 +196,18 @@ Go to the About screen on the Administrator control panel and look
-
-

Adding more servers

-
+
+

Adding more servers

+

You can add more servers to the system to increase its storage capacity. In a typical Tahoe-LAFS new data storage servers are automatically discovered via an introducer node, but that creates a single centralised point of failure. The installation on Freedombone has no introducer node and so details for the servers of your friends need to be entered manually.

-
-

control_panel_tahoelafs.jpg +

control_panel_tahoelafs.jpg

-

Other servers will typically be Freedombone systems with Tahoe-LAFS installed. Your Tahoe-LAFS server settings can be found on the About screen of the Administrator control panel. Use an end-to-end encrypted chat app to copy and paste those details and send them to other friends. To add the server details go to App settings on the Administrator control panel then select tahoelafs and Add server. diff --git a/website/EN/app_tox.html b/website/EN/app_tox.html index 2895b7dc..91e9b77b 100644 --- a/website/EN/app_tox.html +++ b/website/EN/app_tox.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,30 +144,31 @@ for the JavaScript code in this tag.

-
+

-

logo.png +

logo.png

-
- -
-

Tox

-
+
+

Tox

+

Tox is an encrypted peer-to-peer messaging system and so should work without Freedombone. It uses a system of nodes which act as a sort of directory service allowing users to find and connect to each other. The Tox node ID on the Freedombone can be found within App Settings under tox within the Administrator control panel. If you have other users connect to your node then you will be able to continue chatting even when no other nodes are available.

+
+
-
-

The Toxic client

-
+
+

The Toxic client

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -267,16 +177,14 @@ Log into your system with: Then from the menu select Run an app followed by tox. Tox is encrypted by default and also routed through Tor, so it should be reasonably secure both in terms of message content and metadata.

-
-

toxic.jpg +

toxic.jpg

-
@@ -235,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Turtl

-
+
+

Turtl

+

"Now is a very important time in history. Every aspect of our lives is moving into the digital world faster than we realize. We use apps like Dropbox or Evernote because of their convenience, but in doing so we sacrifice our privacy. What data isn't sold to advertisers or stolen by hackers is carved up by government surveillance." @@ -262,22 +169,22 @@ Since the data at rest is stored in PGP encrypted format this is a good system t

-
-
-

turtl.jpg +

turtl.jpg

+
-
-

Installation

-
+
+

Installation

+

Log into your system with:

+
ssh myusername@mydomain -p 2222
 
@@ -296,9 +203,9 @@ After the install has completed go to Security settings and select Cre
-
-

Initial setup

-
+
+

Initial setup

+

The most common use case will be with Android devices. The Android app isn't currently available within F-droid (see the FAQ for details) but can be downloaded from the Turtl site.

@@ -313,10 +220,9 @@ You should then be able to log in and start using the app. You might also want t
- -
-

Locking it down

-
+
+

Locking it down

+

Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the administrator control panel and select App Settings then turtl. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups.

diff --git a/website/EN/app_vpn.html b/website/EN/app_vpn.html index 964c4599..f0f8f43e 100644 --- a/website/EN/app_vpn.html +++ b/website/EN/app_vpn.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

OpenVPN

-
+
+

OpenVPN

+

"The Net interprets censorship as damage and routes around it." – John Gilmore @@ -265,15 +171,18 @@ Using a Tor browser is another way to get around censorship, but there might be

On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity.

+
+
-
-

Installation

-
+
+

Installation

+

ssh into the system with:

+
ssh myusername@mydomainname -p 2222
 
@@ -288,14 +197,15 @@ Only use ports 443 or 80 for VPN as an absolute last resort, since doing
-
-

Usage

-
+
+

Usage

+

When the installation is complete you can download your VPN keys and configuration files onto your local machine.

+
scp -P 2222 myusername@mydomainname:/home/myusername/client.ovpn .
 scp -P 2222 myusername@mydomainname:/home/myusername/stunnel* .
 
@@ -306,6 +216,7 @@ You will need to ensure that the openvpn and stunnel packages are

+
sudo pacman -S openvpn stunnel4
 
@@ -315,6 +226,7 @@ Or on a Debian based system:

+
sudo apt-get install openvpn stunnel4
 
@@ -324,6 +236,7 @@ Now you can connect to your VPN with:

+
sudo stunnel stunnel-client.conf
 sudo openvpn client.ovpn
 
@@ -335,29 +248,30 @@ You should see a series of messages with "Initialization Sequence Completed
-
-

Changing port number

-
+
+

Changing port number

+

Avoiding censorship can be a cat and mouse game, and so if the port you're using for VPN gets blocked then you may want to change it.

+
ssh myusername@mydomainname -p 2222
 

-Select Administrator controls then App Settings then vpn. Choose Change TLS port and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the Usage section above. +Select Administrator controls then App Settings then vpn. Choose Change TLS port and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the Usage section above.

-
-

Generating new keys

-
+
+

Generating new keys

+

-It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the Administrator controls by going to App Settings then vpn then choosing Regenerate keys for a user and downloading the new keys as described in the Usage section above. +It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the Administrator controls by going to App Settings then vpn then choosing Regenerate keys for a user and downloading the new keys as described in the Usage section above.

diff --git a/website/EN/app_xmpp.html b/website/EN/app_xmpp.html index 25aa7682..4f5a5c6f 100644 --- a/website/EN/app_xmpp.html +++ b/website/EN/app_xmpp.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

XMPP/Jabber

-
+
+

XMPP/Jabber

+

Most people know XMPP as "Jabber" and it's sometimes regarded and an old protocol once used by Google and Facebook but which is no longer relevant. However, it still works and if appropriately configured, as it is on Freedombone, can provide the best chat messaging security currently available.

@@ -259,31 +165,34 @@ With regard to chat apps you might have read a lot of stuff about end-to-end

A well written article on the state of XMPP and how it compares to other chat protocols can be found here.

+
+
-
-

Using with Profanity

-
+
+

Using with Profanity

+

You can install the profanity app via Add/remove apps on the Administrator control panel. Logging in and then selecting Run App and profanity will start it.

-
-

Using with Gajim

-
+
+

Using with Gajim

+

In mid 2016 Gajim became the first desktop XMPP client to support the OMEMO end-to-end security standard, which is superior to the more traditional OTR since it also includes multi-user chat and the ratcheting mechanism pioneered by Open Whisper Systems. To install it:

-
su -c 'echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list'
+
+
su -c 'echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list'
 sudo apt-get update
 sudo apt-get -y install gajim-dev-keyring
 sudo apt-get -y install git tor python-dev python-pip gajim-nightly
 mkdir ~/.local/share/gajim/plugins -p
-cd ~/.local/share/gajim/plugins
+cd ~/.local/share/gajim/plugins
 git clone https://github.com/omemo/gajim-omemo
-sudo pip install protobuf==2.6.1, python-axolotl==0.1.35
+sudo pip install protobuf==2.6.1, python-axolotl==0.1.35
 
@@ -308,6 +217,7 @@ If you wish to make backups of the OMEMO keys then they can be found within:

+
~/.local/share/gajim
 
@@ -318,9 +228,9 @@ If you wish to use OpenPGP to encrypt your messages then go to Edit/Accounts<
-
-

Using with Jitsi

-
+
+

Using with Jitsi

+

Jitsi can be downloaded from https://jitsi.org

@@ -347,9 +257,9 @@ You can also see this vide
-
-

Using with Ubuntu

-
+
+

Using with Ubuntu

+

The default XMPP client in Ubuntu is Empathy. Using Empathy isn't as secure as using Jitsi, since it doesn't include the off the record feature, but since it's the default it's what many users will have easy access to.

@@ -368,18 +278,18 @@ Click on Advanced and make sure that Encryption required and Ig
-
-

Using Tor Messenger

-
+ -
-

Using with Android/Conversations

-
+
+

Using with Android/Conversations

+

Install F-Droid

@@ -401,6 +311,7 @@ From the menu select Manage accounts and add a new account.

+
Jabber ID: myusername@mydomain
 Password:  your XMPP password
 Hostname:  mydomain (preferably your xmpp onion address)
diff --git a/website/EN/apps.html b/website/EN/apps.html
index 37b3f77a..9ba8ef42 100644
--- a/website/EN/apps.html
+++ b/website/EN/apps.html
@@ -3,33 +3,26 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
 
-
-
-
-
-
-
-
+
+
+
+
+
-
+
 
 
@@ -189,7 +97,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2017 Free Software Foundation, Inc.
+Copyright (C) 2012-2013 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -236,13 +144,12 @@ for the JavaScript code in this tag.
 
 
-
+

-

logo.png +

logo.png

-

@@ -254,18 +161,15 @@ for the JavaScript code in this tag. The base install of the system just contains an email server and Mutt client, but not much else. In addition from within the Administrator control panel under Add/remove apps the following are installable. This list only applies on the home server version, with the mesh network version having a different and smaller set of apps.

-
-

control_panel_apps.jpg +

control_panel_apps.jpg

-
- -
-

Akaunting

-
+
+

Akaunting

+

A web based accounts system for small businesses or freelancers.

@@ -275,9 +179,9 @@ A web based accounts system for small businesses or freelancers.

-
-

BDS Mail

-
+
+

BDS Mail

+

It's like ordinary email, but with i2p as the transport mechanism.

@@ -287,9 +191,9 @@ It's like ordinary email, but with i

-
-

Bludit

-
+
+

Bludit

+

This is a simple databaseless blogging system which uses markdown files. It should run well on any hardware.

@@ -299,9 +203,9 @@ This is a simple databaseless blogging system which uses markdown files. It shou

-
-

CryptPad

-
+
+

CryptPad

+

Collaborate on editing documents, presentations and source code, or vote on things. All with a good level of security.

@@ -311,9 +215,9 @@ Collaborate on editing documents, presentations and source code, or vote on thin

-
-

DLNA

-
+
+

DLNA

+

Enables you to use the system as a music server which any DLNA compatible devices can connect to within your home network.

@@ -323,9 +227,9 @@ Enables you to use the system as a music server which any DLNA compatible device

-
-

Dokuwiki

-
+
+

Dokuwiki

+

A databaseless wiki system.

@@ -335,9 +239,9 @@ A databaseless wiki system.

-
-

Edith

-
+
+

Edith

+

Extremely simple and distraction-free notes system.

@@ -347,9 +251,9 @@ Extremely simple and distraction-free notes system.

-
-

Emacs

-
+
+

Emacs

+

If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail.

@@ -359,17 +263,17 @@ If you use the Mutt client to read your email then this will set it up to use em

-
-

Email Server

-
+
+

Email Server

+

Since many apps require email registration an email server is installed by default. You can find advice on using the email system here.

-
-

Etherpad

-
+
+

Etherpad

+

Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it.

@@ -379,9 +283,9 @@ Collaborate on creating documents in real time. Maybe you're planning a holiday

-
-

Federated wiki

-
+
+

Federated wiki

+

A new approach to creating wiki content.

@@ -391,9 +295,9 @@ A new approach to creating wiki content.

-
-

Friendica

-
+
+

Friendica

+

Federated social network system.

@@ -403,9 +307,9 @@ Federated social network system.

-
-

GNU Social

-
+
+

GNU Social

+

Federated social network based on the OStatus protocol. You can "remote follow" other users within the GNU Social federation.

@@ -415,9 +319,9 @@ Federated social network based on the OStatus protocol. You can "remote follo

-
-

Gogs

-
+
+

Gogs

+

Lightweight git project hosting system. You can mirror projects from Github, or if Github turns evil then just host your own projects while retaining the familiar fork-and-pull workflow. If you can use Github then you can also use Gogs.

@@ -427,9 +331,9 @@ Lightweight git project hosting system. You can mirror projects from Github, or

-
-

HTMLy

-
+
+

HTMLy

+

Databaseless blogging system. Quite simple and with a markdown-like format.

@@ -439,9 +343,9 @@ Databaseless blogging system. Quite simple and with a markdown-like format.

-
-

Hubzilla

-
+
+

Hubzilla

+

Web publishing platform with social network like features and good privacy controls so that it's possible to specify who can see which content. Includes photo albums, calendar, wiki and file storage.

@@ -451,9 +355,9 @@ Web publishing platform with social network like features and good privacy contr

-
-

Icecast media stream

-
+
+

Icecast media stream

+

Make your own internet radio station.

@@ -463,9 +367,9 @@ Make your own internet radio station.

-
-

IRC Server (ngirc)

-
+
+

IRC Server (ngirc)

+

Run your own IRC chat channel which can be secured with a password and accessible via an onion address. A bouncer is included so that you can receive messages sent while you were offline. Works with Hexchat and other popular clients.

@@ -475,18 +379,18 @@ Run your own IRC chat channel which can be secured with a password and accessibl

-
-

Jitsi Meet

-
+
+

Jitsi Meet

+

Experimental WebRTC video conferencing system, similar to Google Hangouts. This may not be fully functional, but is hoped to be in the near future.

-
-

KanBoard

-
+
+

KanBoard

+

A simple kanban system for managing projects or TODO lists.

@@ -496,9 +400,9 @@ A simple kanban system for managing projects or TODO lists.

-
-

Key Server

-
+
+

Key Server

+

An OpenPGP key server for storing and retrieving GPG public keys.

@@ -508,9 +412,9 @@ An OpenPGP key server for storing and retrieving GPG public keys.

-
-

Koel

-
+
+

Koel

+

Access your music collection from any internet connected device.

@@ -520,9 +424,9 @@ Access your music collection from any internet connected device.

-
-

Lychee

-
+
+

Lychee

+

Make your photo albums available on the web.

@@ -532,9 +436,9 @@ Make your photo albums available on the web.

-
-

Mailpile

-
+
+

Mailpile

+

Modern email client which supports GPG encryption.

@@ -544,9 +448,9 @@ Modern email client which supports GPG encryption.

-
-

Matrix

-
+
+

Matrix

+

Multi-user chat with some security and moderation controls.

@@ -556,9 +460,9 @@ Multi-user chat with some security and moderation controls.

-
-

Mediagoblin

-
+
+

Mediagoblin

+

Publicly host video and audio files so that you don't need to use YouTube/Vimeo/etc.

@@ -568,9 +472,9 @@ Publicly host video and audio files so that you don't need to use YouTube/Vimeo/

-
-

Mumble

-
+
+

Mumble

+

The popular VoIP and text chat system. Say goodbye to old-fashioned telephony conferences with silly dial codes. Also works well on mobile.

@@ -580,9 +484,9 @@ The popular VoIP and text chat system. Say goodbye to old-fashioned telephony co

-
-

NextCloud

-
+
+

NextCloud

+

Store files on your server and sync them with laptops or mobile devices. Includes many plugins including videoconferencing and collaborative document editing.

@@ -592,9 +496,9 @@ Store files on your server and sync them with laptops or mobile devices. Include

-
-

PeerTube

-
+
+

PeerTube

+

Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better enables the streaming load to be shared across servers.

@@ -604,9 +508,9 @@ Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better en

-
-

PI-Hole

-
+
+

PI-Hole

+

The black hole for web adverts. Block adverts at the domain name level within your local network. It can significantly reduce bandwidth, speed up page load times and protect your systems from being tracked by spyware.

@@ -616,9 +520,9 @@ The black hole for web adverts. Block adverts at the domain name level within yo

-
-

Pleroma

-
+
+

Pleroma

+

Fediverse instance which is compatible with GNU Social and Mastodon, and suited for systems without much RAM or CPU resource.

@@ -628,9 +532,9 @@ Fediverse instance which is compatible with GNU Social and Mastodon, and suited

-
-

PostActiv

-
+
+

PostActiv

+

An alternative federated social networking system compatible with GNU Social, Pleroma and Mastodon. It includes some optimisations and fixes currently not available within the main GNU Social project.

@@ -640,9 +544,9 @@ An alternative federated social networking system compatible with GNU Social, Pl

-
-

PrivateBin

-
+
+

PrivateBin

+

A pastebin where the server has zero knowledge of the content being pasted.

@@ -652,9 +556,9 @@ A pastebin where the server has zero knowledge of the content being pasted.

-
-

Profanity

-
+
+

Profanity

+

A shell based XMPP client which you can run on the Freedombone server via ssh.

@@ -664,9 +568,9 @@ A shell based XMPP client which you can run on the Freedombone server via ssh.

-
-

Riot Web

-
+
+

Riot Web

+

A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.

@@ -676,9 +580,9 @@ A browser based user interface for the Matrix federated communications system, i

-
-

SearX

-
+
+

SearX

+

A metasearch engine for customised and private web searches.

@@ -688,9 +592,9 @@ A metasearch engine for customised and private web searches.

-
-

tt-rss

-
+
+

tt-rss

+

Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "the right to read" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.

@@ -700,9 +604,9 @@ Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via a

-
-

Syncthing

-
+
+

Syncthing

+

Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.

@@ -712,9 +616,9 @@ Possibly the best way to synchronise files across all of your devices. Once it h

-
-

Tahoe-LAFS

-
+
+

Tahoe-LAFS

+

Robust and encrypted storage of files on one or more server.

@@ -724,9 +628,9 @@ Robust and encrypted storage of files on one or more server.

-
-

Tox

-
+
+

Tox

+

Client and bootstrap node for the Tox chat/VoIP system.

@@ -736,9 +640,9 @@ Client and bootstrap node for the Tox chat/VoIP system.

-
-

Turtl

-
+
+

Turtl

+

A system for privately creating and sharing notes and images, similar to Evernote but without the spying.

@@ -748,18 +652,18 @@ A system for privately creating and sharing notes and images, similar to Evernot

-
-

Vim

-
+
+

Vim

+

If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.

-
-

Virtual Private Network (VPN)

-
+
+

Virtual Private Network (VPN)

+

Set up a VPN on your server so that you can bypass local internet censorship.

@@ -769,9 +673,9 @@ Set up a VPN on your server so that you can bypass local internet censorship.

-
-

XMPP

-
+
+

XMPP

+

Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as client state notification to save battery power on your mobile devices, support for seamless roaming between networks and message carbons so that you can receive the same messages while being simultaneously logged in to your account on more than one device.

diff --git a/website/EN/armbian.html b/website/EN/armbian.html index 729c26a6..7c5fafc2 100644 --- a/website/EN/armbian.html +++ b/website/EN/armbian.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,17 +144,21 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

+ + +
+

+<center><h1>Installing on Armbian</h1></center> +

+
- -

Installing on Armbian

-

"we are the music makers, we are the dreamers of dreams. cyberpunks and pirates. chaotic spectres haunting cyberspace. engineers, artists, hackers." @@ -262,7 +174,8 @@ Download the Armbian image for your board. It must be version 9 (Stretch), other

-
sudo dd bs=1M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
+
+
sudo dd bs=1M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
 
@@ -287,6 +200,7 @@ Once you know the local IP address of your ARM board then you can log into it wi

+
ssh root@[local IP address]
 
@@ -295,19 +209,18 @@ Once you know the local IP address of your ARM board then you can log into it wi Using the default Armbian password of 1234. You should see the Armbian welcome message and will be asked to change the password, then create a new user account.

-
-

armbian_setup.jpg +

armbian_setup.jpg

-

When the user account is created type exit to leave the ssh session then log back in with your new user account.

+
ssh myusername@[local IP address]
 
@@ -317,6 +230,7 @@ Become the root user:

+
sudo su
 
@@ -326,9 +240,10 @@ Then clone the Freedombone repository and checkout the stretch development branc

+
apt-get -y install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+cd freedombone
 git checkout stretch
 
@@ -338,6 +253,7 @@ Install the Freedombone commands:

+
make install
 
@@ -347,6 +263,7 @@ And now you can begin installing the Freedombone system. There are two ways of d

+
freedombone menuconfig
 
@@ -356,6 +273,7 @@ Alternatively, if you don't own a domain name, don't have administrator access t

+
freedombone menuconfig-onion
 
@@ -365,6 +283,7 @@ You will then be taken through a few questions and the system will install. Afte

+
ssh myusername@freedombone.local -p 2222
 
diff --git a/website/EN/backups.html b/website/EN/backups.html index 7ca0b0cf..55e937f7 100644 --- a/website/EN/backups.html +++ b/website/EN/backups.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,57 +144,58 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
-
-

Backups

-
- -
+ -
-

Backup keys

-
+
+

Backup keys

+

As part of the Freedombone installation the GPG key used to encrypt backups will have been added to the .gnupg keyring in your home directory. Ensure that you have a copy of all your keys by plugging in a LUKS encrypted USB drive and then running the commands:

+
ssh username@domainname -p 2222
 
@@ -304,9 +213,9 @@ A pro-tip for the best possible security is to create multiple USB drives contai

-
-

Backup to USB

-
+
+

Backup to USB

+

First and foremost - encrypt your USB drives! Even if you think you have "nothing to hide" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the Disk Utility application. Some instructions can be found here.

@@ -320,6 +229,7 @@ Log into the system and become the root user, then run the backup command

+
ssh username@domainname -p 2222
 
@@ -337,14 +247,15 @@ When the backup ends remove the USB drive and keep it somewhere safe. Even if it

-
-

Restore from USB

-
+
+

Restore from USB

+

Log into the system and become the root user:

+
ssh username@domainname -p 2222
 
@@ -362,9 +273,9 @@ Enter the LUKS password for the USB drive. When the restore is complete you can

-
-

Distributed/remote backups

-
+
+

Distributed/remote backups

+

Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.

@@ -374,6 +285,7 @@ Firstly you will need to have a user account on one or more of your friends serv

+
ssh username@domainname -p 2222
 
@@ -387,13 +299,12 @@ You can then enter the usernames, domains and ssh logins for one or more remote

-
-

Restore from a friend

-
-
-
-

With a completely new Freedombone installation

-
+
+

Restore from a friend

+
+
+

With a completely new Freedombone installation

+

This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored on a USB thumb drive.

@@ -403,6 +314,7 @@ First log in and if you don't already have one then create a new friends list:

+
ssh username@domainname -p 2222
 
@@ -420,9 +332,9 @@ Finally select Restore from remote backup and enter the domain name of th

-
-

On an existing Freedombone installation

-
+
+

On an existing Freedombone installation

+

This is for more common situations in which maybe some data became corrupted and you want to restore it.

@@ -432,6 +344,7 @@ Log in as root:

+
ssh username@domainname -p 2222
 
@@ -440,9 +353,14 @@ Log in as root: Select Administrator controls then Backup and Restore then Restore from remote backup and enter the domain name of the remote server that you wish to restore from.

-
-Return to the home page -
+
+

+<center> +Return to the <a href="index.html">home page</a> +</center> +

+ +
diff --git a/website/EN/beaglebone.html b/website/EN/beaglebone.html index dddba8f8..f3822cd9 100644 --- a/website/EN/beaglebone.html +++ b/website/EN/beaglebone.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Installing Freedombone on a Beaglebone Black

-
+
+

Installing Freedombone on a Beaglebone Black

+

The Beaglebone Black is small, cheap, a fully open hardware design, has a hardware random number generator and consumes very little electrical power, making it suitable for all kinds of uses. There is also a wireless version.

@@ -256,25 +162,29 @@ The Beaglebone Black is small, cheap, a fully open hardware design, has a hardwa You can easily use one to run your own internet services from home.

-
-

bbb_board.jpg +

bbb_board.jpg

-

You will need:

    -
  • A Beaglebone Black. The exact revision of the hardware isn't very important, but it should have an ethernet socket.
  • -
  • Optionally a plastic or metal case to protect the electronics.
  • -
  • An ethernet cable. Typically these are colour coded either blue or yellow. Either colour will do. If you're using the Wireless version of the Beaglebone Black then you don't need this.
  • -
  • Either a 5v power supply with 5.5mm barrel plug, or a miniUSB type B cable (typically supplied with the Beaglebone) and USB to mains adaptor.
  • -
  • A microSD card at least 8 gigabytes in size. In tests Sandisk class 10 works well. Prefer smaller but faster I/O rating to larger but slower.
  • -
  • A microSD card adaptor for your laptop or desktop system, so that you can copy the disk image to the card.
  • +
  • A Beaglebone Black. The exact revision of the hardware isn't very important, but it should have an ethernet socket. +
  • +
  • Optionally a plastic or metal case to protect the electronics. +
  • +
  • An ethernet cable. Typically these are colour coded either blue or yellow. Either colour will do. If you're using the Wireless version of the Beaglebone Black then you don't need this. +
  • +
  • Either a 5v power supply with 5.5mm barrel plug, or a miniUSB type B cable (typically supplied with the Beaglebone) and USB to mains adaptor. +
  • +
  • A microSD card at least 8 gigabytes in size. In tests Sandisk class 10 works well. Prefer smaller but faster I/O rating to larger but slower. +
  • +
  • A microSD card adaptor for your laptop or desktop system, so that you can copy the disk image to the card. +

@@ -286,9 +196,10 @@ On your laptop or desktop prepare a microSD card image as follows. To create an

+
sudo apt-get install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+cd freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup debian
@@ -300,22 +211,21 @@ Or on Arch/Parabola:
 

+
sudo pacman -S git dialog
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+cd freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup parabola
 
-
-

microsd_reader.jpg +

microsd_reader.jpg

-

If you own a domain name and have it linked to a dynamic DNS account (eg. freeDNS) and want to make a system accessible via an ordinary browser then run: @@ -337,25 +247,21 @@ freedombone-image -t beaglebone --onion-addresses-only yes Onion addresses have the advantage of being difficult to censor and you don't need to buy a domain or have a dynamic DNS account. An onion based system also means you don't need to think about NAT traversal type issues. This does not mean that everything gets routed through Tor, it just means that the sites for apps which you install will be available through Tor's address system.

-
-

bbb_back.jpg +

bbb_back.jpg

-

Now follow the instructions given here to copy the image to the microSD drive beginning with running the freedombone-client command. Wherever it says "USB drive" substitute "microSD drive". When the microSD drive is ready plug it into the front of the Beaglebone. The photo below also includes an Atheros wifi USB dongle plugged into the front, but that's not necessary unless you want to set up the system to run on a wifi network.

-
-

bbb_front.jpg +

bbb_front.jpg

-

Connect the power and for the non-wireless versions of the Beaglebone Black also connect the ethernet cable and plug it into your internet router. @@ -373,6 +279,8 @@ Follow the rest of the instructions given here t There are many apps available within the Freedombone system and trying to install them all is probably not a good idea, since this hardware is very resource constrained on CPU and especially on RAM. If the system seems to be becoming unstable and crashing then the most likely cause is running out of RAM, in which case you can try uninstalling some apps. It is possible to monitor RAM usage by logging in with ssh, exiting to the command line and then running the top command.

+
+
@@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,39 +144,51 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Supported ARM boards

-
+
+

Supported ARM boards

+

The following ARM boards are supported by the build system. If your board isn't listed here then you may still be able to install Freedombone using Armbian.

The latest image builds can be found here.

-
-Return to the home page -
+
+

+<center> +Return to the <a href="index.html">home page</a> +</center> +

+ +
+
+
diff --git a/website/EN/code.html b/website/EN/code.html index 8515b3b3..7edf3947 100644 --- a/website/EN/code.html +++ b/website/EN/code.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Code

-
+
+

Code

+

Freedombone is really just a couple of bash scripts which install and configure software on a Debian GNU/Linux system. If you're a system administrator, software engineer or Linux hobbyist you'll probably be familiar with command line scripting and be able to make your own modifications or custom variants to suit your needs. Freedombone is licensed under the GNU Affero General Public License version 3 (or later).

@@ -271,9 +178,16 @@ Github is closed source. Sooner or later it will probably turn evil or become li Longer term it is expected that the source code for this project will also be self-hosted, with Github acting only as a mirror to increase visibility.

-
-Return to the home page -
+
+

+<center> +Return to the <a href="index.html">home page</a> +</center> +

+ +
+
+
diff --git a/website/EN/codeofconduct.html b/website/EN/codeofconduct.html index 146f9a90..c001e2af 100644 --- a/website/EN/codeofconduct.html +++ b/website/EN/codeofconduct.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,37 +144,38 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

+ +
+

Code of Conduct

-

Code of Conduct

- -
-

Be respectful

-
+
+

Be respectful

+

In any Free Software project with more than one participant inevitably there may be people with whom you may disagree, or find it difficult to cooperate. Accept that, but even so, remain respectful. Disagreement is no excuse for poor behaviour or personal attacks, and a community in which people feel threatened is not a healthy community.

-
-

Assume good faith

-
+
+

Assume good faith

+

Freedombone Contributors have many ways of reaching our common goal of providing freedom respecting internet or mesh systems which may differ from your ways. Assume that other people are working towards this goal.

-
-

Be collaborative

-
+
+

Be collaborative

+

Freedombone is a moderately complex project, though nothing big and professional like GNU. It's good to ask for help when you need it. Similarly, offers for help should be seen in the context of our shared goal of improving the system.

@@ -277,9 +186,9 @@ When you make something for the benefit of the project, be willing to explain to
-
-

Try to be concise

-
+
+

Try to be concise

+

If you're submitting documentation then keep in mind that what you write once could be read by many other people. To avoid TL;DR keep it as short and concise as possible. This will also reduce the amount of translations effort needed.

@@ -290,9 +199,9 @@ If you're discussing an issue or bug, try to stay on topic, especially in discus
-
-

Be open

-
+
+

Be open

+

Most ways of communication used within Freedombone (eg Matrix/XMPP) allow for public and private communication. Prefer public methods of communication for Freedombone-related messages, unless posting something sensitive.

@@ -303,9 +212,9 @@ This applies to messages for help, too; not only is a public support request muc
-
-

In case of problems

-
+
+

In case of problems

+

While this code of conduct should be adhered to by participants, we recognize that sometimes people may have a bad day, or be unaware of some of the guidelines in this code of conduct. When that happens, you may reply to them and point out this code of conduct. Such messages may be in public or in private, whatever is most appropriate. However, regardless of whether the message is public or not, it should still adhere to the relevant parts of this code of conduct; in particular, it should not be abusive or disrespectful. Assume good faith; it is more likely that participants are unaware of their bad behaviour than that they intentionally try to degrade the quality of the discussion.

diff --git a/website/EN/controlpanel.html b/website/EN/controlpanel.html index a8bcbccb..d4885ff0 100644 --- a/website/EN/controlpanel.html +++ b/website/EN/controlpanel.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,79 +144,80 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

Control panel

-
+ -
-

Main menu

-
+
+

Main menu

+

You can access the main menu by logging into the system.

+
ssh myusername@mydomain -p 2222
 
@@ -320,13 +230,11 @@ Then selecting Administrator controls. It should look like this:

-
-

control_panel.jpg +

control_panel.jpg

-

To select anythng on the control panel use the up and down cursor keys and space bar to tag, then press Enter. @@ -334,9 +242,9 @@ To select anythng on the control panel use the up and down cursor keys an

-
-

User control panel

-
+
+

User control panel

+

When a user initially logs in they will see a version of the control panel with restricted options aimed at the kinds of things which someone who isn't the administrator might wish to do. An expected scenario is that you might have a few friends or family members on the system, and this is who this menu is intended for.

@@ -345,33 +253,29 @@ When a user initially logs in they will see a version of the control panel with From this menu checking email or running chat applications is very easy, and they are configured in a safe manner without the user needing to do anything special. Email uses mutt, XMPP uses profanity and IRC uses irssi.

-
-

control_panel_user.jpg +

control_panel_user.jpg

-

It's also possible for the user to define email filtering rules, add a ssh public key for key based login and also add or remove GPG public keys. They can also do this via the commandline if they prefer, but the menu system may provide an easier user interface.

-
-

About screen

-
+
+

About screen

+

To find out your current domain names select the About screen from the main menu. This is especially useful for finding your onion addresses. For improved security by compartmentalisation, and also simpler implementation, each application has its own onion address.

-
-

control_panel_about.jpg +

control_panel_about.jpg

-

You can also see the SIP extension numbers for each user and how much disk space each user is consuming (typically this corresponds with email use). @@ -383,142 +287,126 @@ The Local Mirrors contains mirrored copies of the git repositories used by the s

-
-

Email filtering rules

-
+
+

Email filtering rules

+

You can add users to mailing lists, or block particular email addresses or subject lines in this menu.

-
-

control_panel_filtering.jpg +

control_panel_filtering.jpg

-
-
-

Hubzilla menu

-
+
+

Hubzilla menu

+

This allows you to set the global directory location and obtain an SSL/TLS certificate if necessary.

-
-

control_panel_hubzilla.jpg +

control_panel_hubzilla.jpg

-
-
-

IRC menu

-
+
+

IRC menu

+

You can view the current IRC password or change it from here. Currently the IRC server does not work equally well on clrearnet and via Tor, so there is an option to switch from one to the other. Initially the IRC server will be running on clearnet (i.e. no onion routing).

-
-

control_panel_irc.jpg +

control_panel_irc.jpg

-
-
-

Media menu

-
+
+

Media menu

+

It's possible to add playable media to a USB drive and plug it into the system, then make it accessible to other devices such as tablets or phones on your local network via DLNA.

-
-

control_panel_media.jpg +

control_panel_media.jpg

-
-
-

Repository mirrors

-
+
+

Repository mirrors

+

If you don't want to use the default repositories, or don't have access to them, then you can obtain them from another Freedombone server (the details can be found on the other server on the About screen of the control panel).

-
-

control_panel_mirrors.jpg +

control_panel_mirrors.jpg

-
-
-

Backup and restore menu

-
+
+

Backup and restore menu

+

You can create backups or restore from backup here. It's also possible to create keydrives which store the backup key.

-
-

control_panel_backup_restore.jpg +

control_panel_backup_restore.jpg

-
-
-

Security menu

-
+
+

Security menu

+

If you need to generate SSL/TLS certificates or change cypher details due to changing recommendations then you can do that here. If you are changing cypher details be extra careful not to make mistakes/typos, which could reduce the security of your system.

-
-

control_panel_security.jpg +

control_panel_security.jpg

-
-
-

User management menu

-
+
+

User management menu

+

Users can be added or removed here.

-
-

control_panel_users.jpg +

control_panel_users.jpg

-
@@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,18 +144,16 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

-
- -
-

How to install on an existing Debian system

-
+
+

How to install on an existing Debian system

+

"The antagonism of surveillance is not privacy but the making of communities in struggle" @@ -267,11 +173,12 @@ It's still possible to install the system onto these unsupported devices if you

+
su
 apt-get update
 apt-get -qy install build-essential git dialog
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+cd freedombone
 git checkout stretch
 make install
 freedombone menuconfig (or freedombone menuconfig-onion)
@@ -287,10 +194,13 @@ Once installed you can then log in from another system with:
 

+
ssh yourusername@freedombone.local -p 2222
 
+
+
@@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,27 +144,28 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

+ +
+

Developers Guide

-

Developers Guide

- -
-

Introduction

-
+
+

Introduction

+

Freedombone consists of a set of bash scripts. There are a lot of them, but they're not very complicated. If you're familiar with the GNU/Linux commandline and can hack a bash script then you can probably add a new app or fix a bug in the system. There are no trendy development frameworks to learn or to get in your way. You might also want to consult the Code of Conduct, and there is a Matrix room at #fbone:matrix.freedombone.net

-
-

Adding extra apps

-
+
+

Adding extra apps

+

Suppose you have some internet application which you want to add to the system. To do this you need to create an app script which tells the system how to install/remove and also backup/restore. The script should be designed to work with the current stable version of Debian.

@@ -270,8 +179,9 @@ To create a script for a generic PHP plus MySql/MariaDB web app:

-
freedombone-template --app [name] -e [email] -r [repo url] \
-                     -c [commit] --php yes -d mariadb > \
+
+
freedombone-template --app [name] -e [email] -r [repo url] \
+                     -c [commit] --php yes -d mariadb > \
                      src/freedombone-app-myappname
 
@@ -281,9 +191,10 @@ For a Nodejs app with MySql/MariaDB database:

-
freedombone-template --app [name] -e [email] -r [repo url] \
-                     -c [commit] --node yes -d mariadb \
-                     --dir /etc/myappname --daemon yes > \
+
+
freedombone-template --app [name] -e [email] -r [repo url] \
+                     -c [commit] --node yes -d mariadb \
+                     --dir /etc/myappname --daemon yes > \
                      src/freedombone-app-myappname
 
@@ -293,9 +204,10 @@ For a Python app with Postgresql database:

-
freedombone-template --app [name] -e [email] -r [repo url] \
-                     -c [commit] -d postgresql \
-                     --dir /etc/myappname --daemon yes > \
+
+
freedombone-template --app [name] -e [email] -r [repo url] \
+                     -c [commit] -d postgresql \
+                     --dir /etc/myappname --daemon yes > \
                      src/freedombone-app-myappname
 
@@ -305,9 +217,10 @@ For a Python app without any database, communicating between the daemon and the

-
freedombone-template --app [name] -e [email] -r [repo url] \
-                     -c [commit] --dir /etc/myappname \
-                     --daemon yes --portinternal 1234 > \
+
+
freedombone-template --app [name] -e [email] -r [repo url] \
+                     -c [commit] --dir /etc/myappname \
+                     --daemon yes --portinternal 1234 > \
                      src/freedombone-app-myappname
 
@@ -317,9 +230,10 @@ For an app without any database which communicates directly on a particular port

-
freedombone-template --app [name] -e [email] -r [repo url] \
-                     -c [commit] --dir /etc/myappname \
-                     --daemon yes --port 5000 > \
+
+
freedombone-template --app [name] -e [email] -r [repo url] \
+                     -c [commit] --dir /etc/myappname \
+                     --daemon yes --port 5000 > \
                      src/freedombone-app-myappname
 
@@ -329,9 +243,10 @@ A generic PHP plus MySql/MariaDB web app which is only available on an onion add

-
freedombone-template --app [name] -e [email] -r [repo url] \
-                     -c [commit] --php yes -d mariadb \
-                     --onion yes > \
+
+
freedombone-template --app [name] -e [email] -r [repo url] \
+                     -c [commit] --php yes -d mariadb \
+                     --onion yes > \
                      src/freedombone-app-myappname
 
@@ -341,6 +256,7 @@ For more details see the manpage:

+
man freedombone-template
 
@@ -354,6 +270,7 @@ When your new script is ready for testing you can install it with:

+
make install
 
@@ -368,9 +285,9 @@ Submit your working app to -

Customising mesh images

-
+
+

Customising mesh images

+

If you want to make your own specially branded version of the mesh images, such as for a particular event, then to change the default desktop backgrounds edit the images within img/backgrounds and to change the available avatars and desktop icons edit the images within img/avatars. Re-create disk images using the instructions shown previously.

diff --git a/website/EN/domains.html b/website/EN/domains.html index 1fcc6d65..b8883fe9 100644 --- a/website/EN/domains.html +++ b/website/EN/domains.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,19 +144,20 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

+ +
+

How to get a domain name

-

How to get a domain name

- -
-

The domain name itself

-
+
+

The domain name itself

+

If you want your sites or chat systems to be available via an ordinary web browser (i.e. not a Tor browser) then you'll need to obtain a domain name. The domain name system is ultimately controlled by ICANN and to obtain a domain name for which you can also get a TLS certificate you'll need to buy one. There are various sites which sell domain names, and fortunately they can often be quite cheap - especially if you can think of an obscure name for your site. Prefer sites where the domain name subscription can be automatically renewed, because otherwise trolls can quickly buy your domain when it expires and then hold it for ransom. If you're planning to self-host for more than an ephemeral purpose, such as a conference or festival, then choose the longest subscription period you can afford (typically a few years).

@@ -258,9 +168,9 @@ You probably only need one ICANN domain name and then the various Freedombone ap
-
-

Dynamic DNS

-
+
+

Dynamic DNS

+

You will also need a dynamic DNS account, and again this might be something you have to pay a subscription for. Your Freedombone system will have a local network address (typically 192.168.x.y or 10.x.y.z) and also a public IP address assigned by your ISP. Your ISP will change your public IP address every so often (that's why it's called "dynamic") and so there needs to be some way to link the domain name which you've obtained to your changing public IP address. That's what the dynamic DNS service does.

@@ -278,6 +188,7 @@ The dynamic DNS service will have their own DNS servers maintaining the IP addre

+
NS1.AFRAID.ORG
 NS2.AFRAID.ORG
 NS3.AFRAID.ORG
@@ -290,9 +201,9 @@ It might take a few minutes for the changes to take effect, so don't be too hast
 

-
-

Configuring with FreeDNS

-
+
+

Configuring with FreeDNS

+

If you are using FreeDNS as a dynamic DNS provider then on their site select "Domains" and add your domain name (this might only be available to paid subscribers). Make sure that they're marked as "private" so that subdomains of your domain name are not used by other users of the site.

@@ -304,18 +215,18 @@ Select "Subdomains" from the menu on the left then select the MX entry for your
-
-

Setting up with Freedombone

-
+
+

Setting up with Freedombone

+

When you start the base installation of the system it will ask you to choose a dynamic DNS provider and then enter the login details for the dynamic DNS service.

-
-

A note about Tor

-
+
+

A note about Tor

+

If you only want your sites to be available via Tor then none of the above is needed and you can access your sites and systems via their onion addresses. Tor has its own naming system which is independent from ICANN, and you also won't need TLS/SSL certificates since it also manages transport encryption itself. When building disk images use the –onion yes option, or choose one of the ready made onion disk images from downloads.

diff --git a/website/EN/faq.html b/website/EN/faq.html index 69874ea7..31dce71f 100644 --- a/website/EN/faq.html +++ b/website/EN/faq.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,171 +144,176 @@ for the JavaScript code in this tag.
-
+

-

logo.png +

logo.png

+ + +
+

Frequently Asked Questions

+
+ +
+

surveillanceoptions.jpg +

-
-

Frequently Asked Questions

-
- -

-surveillanceoptions.jpg Possible options for dealing with bulk surveillance at The Glass Room exhibition, 2017

-
-
+ +
-+ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +
What applications are supported?What applications are supported?
I don't have a static IP address. Can I still install this system?I don't have a static IP address. Can I still install this system?
Why Freedombone and not FreedomBox?Why Freedombone and not FreedomBox?
Why not support building images for Raspberry Pi?Why not support building images for Raspberry Pi?
Why use Tor? I've heard it's used by bad peopleWhy use Tor? I've heard it's used by bad people
How is Tor integrated with Freedombone?How is Tor integrated with Freedombone?
Can I add a clearnet domain to an onion build?Can I add a clearnet domain to an onion build?
Why use Github?Why use Github?
Should I upload my GPG keys to keybase.io?Should I upload my GPG keys to keybase.io?
Keys and emails should not be stored on servers. Why do you do that?Keys and emails should not be stored on servers. Why do you do that?
Why can't I access my .onion site with a Tor browser?Why can't I access my .onion site with a Tor browser?
What is the best hardware to run this system on?What is the best hardware to run this system on?
Can I add more users to the system?Can I add more users to the system?
Why not use Signal for mobile chat?Why not use Signal for mobile chat?
What is the most secure chat app to use on mobile?What is the most secure chat app to use on mobile?
How do I remove a user from the system?How do I remove a user from the system?
Why is logging for web sites turned off by default?Why is logging for web sites turned off by default?
How do I reset the tripwire?How do I reset the tripwire?
Is metadata protected?Is metadata protected?
How do I create email processing rules?How do I create email processing rules?
Why isn't dynamic DNS working?Why isn't dynamic DNS working?
How do I change my encryption settings?How do I change my encryption settings?
How do I get a domain name?How do I get a domain name?
How do I get a "real" SSL/TLS/HTTPS certificate?How do I get a "real" SSL/TLS/HTTPS certificate?
How do I renew a Let's Encrypt certificate?How do I renew a Let's Encrypt certificate?
I tried to renew a Let's Encrypt certificate and it failed. What should I do?I tried to renew a Let's Encrypt certificate and it failed. What should I do?
Why not use the services of $company instead? They took the Seppuku pledgeWhy not use the services of $company instead? They took the Seppuku pledge
Why does my email keep getting rejected as spam by Gmail/etc?Why does my email keep getting rejected as spam by Gmail/etc?
Tor is censored/blocked in my area. What can I do?Tor is censored/blocked in my area. What can I do?
I want to block a particular domain from getting its content into my social network sitesI want to block a particular domain from getting its content into my social network sites
The mesh system doesn't boot from USB driveThe mesh system doesn't boot from USB drive
+
+
-
-

What applications are supported?

-
+
+

What applications are supported?

+

See here for the complete list of apps. In addition to those as part of the base install you get an email server.

-
-

I don't have a static IP address. Can I still install this system?

-
+
+

I don't have a static IP address. Can I still install this system?

+

Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.

@@ -410,50 +323,68 @@ The lack of a static IP address can be worked around by using a dynamic DNS serv

-
-

Why Freedombone and not FreedomBox?

-
+
+

Why Freedombone and not FreedomBox?

+

When the project began in late 2013 the FreedomBox project seemed to be going nowhere, and was only designed to work with the DreamPlug hardware. There was some new hardware out - the Beaglebone Black - which could run Debian and was also a free hardware design so seemed more appropriate. Hence the name "Freedombone", being like FreedomBox but on a Beaglebone. There are some similarities and differences between the two projects:

-
-

Similarities

-
+
+

Similarities

+
    -
  • Uses freedom-maker and vmdebootstrap to build debian images
  • -
  • Supports the use of Tor onion addresses to access websites
  • -
  • Typically runs on ARM single board computers
  • -
  • Both projects aim to increase independence and privacy for internet users
  • -
  • Both projects aim to make running your own server at home easy
  • -
  • Both projects include wiki, blog, VoIP and file sync
  • -
  • Both projects enable easy installation and removal of apps
  • -
  • Both are typically "bare metal" rather than running as VMs or containers
  • -
  • Both currently are hosted on Github
  • +
  • Uses freedom-maker and vmdebootstrap to build debian images +
  • +
  • Supports the use of Tor onion addresses to access websites +
  • +
  • Typically runs on ARM single board computers +
  • +
  • Both projects aim to increase independence and privacy for internet users +
  • +
  • Both projects aim to make running your own server at home easy +
  • +
  • Both projects include wiki, blog, VoIP and file sync +
  • +
  • Both projects enable easy installation and removal of apps +
  • +
  • Both are typically "bare metal" rather than running as VMs or containers +
  • +
  • Both currently are hosted on Github +
-
-

Differences

-
+
+

Differences

+
    -
  • FreedomBox is a Debian pure blend. Freedombone is not
  • -
  • Freedombone only supports Free Software. FreedomBox includes some closed binary boot blobs for certain ARM boards
  • -
  • FreedomBox is aimed at consumers. Freedombone is aimed at slightly more technical people who don't have time to configure servers
  • -
  • Freedombone includes some software not yet in the official Debian repos
  • -
  • Freedombone includes an email server set up for use with GPG by default
  • -
  • Freedombone has encrypted backups capability
  • -
  • Freedombone implements the social key management idea which was described in a 2012 FreedomBox meetup
  • -
  • Freedombone implements recommendations from bettercrypto.org whereas FreedomBox sticks to Debian default crypto settings
  • -
  • Freedombone has a mesh network version. FreedomBox doesn't yet
  • +
  • FreedomBox is a Debian pure blend. Freedombone is not +
  • +
  • Freedombone only supports Free Software. FreedomBox includes some closed binary boot blobs for certain ARM boards +
  • +
  • FreedomBox is aimed at consumers. Freedombone is aimed at slightly more technical people who don't have time to configure servers +
  • +
  • Freedombone includes some software not yet in the official Debian repos +
  • +
  • Freedombone includes an email server set up for use with GPG by default +
  • +
  • Freedombone has encrypted backups capability +
  • +
  • Freedombone implements the social key management idea which was described in a 2012 FreedomBox meetup +
  • +
  • Freedombone implements recommendations from bettercrypto.org whereas FreedomBox sticks to Debian default crypto settings +
  • +
  • Freedombone has a mesh network version. FreedomBox doesn't yet +
-
-

Why not support building images for Raspberry Pi?

-
+
+

Why not support building images for Raspberry Pi?

+

The FreedomBox project supports Raspberry Pi builds, and the image build system for Freedombone is based on the same system. However, although the Raspberry Pi can run a version of Debian it requires a closed proprietary blob in order to boot the hardware. Who knows what that blob might contain or what exploits it could facilitate. From an adversarial point of view if you were trying to deliver "bulk equipment interference" then it doesn't get any better than piggybacking on something which has control of the boot process, and hence all subsequently run processes.

@@ -463,9 +394,9 @@ So although the Raspberry Pi is cheap and hugely popular it's not supported by t

-
-

Why use Tor? I've heard it's used by bad people

-
+
+

Why use Tor? I've heard it's used by bad people

+

Years ago Tor was usually depicted in the mainstream media as something scary inhabited by cyberterrorists and other bad cybers, but today to a large extent Tor is accepted as just another way of routing data in a network. Depending upon where you live there may still be some amount of fearmongering about Tor, but it now seems clear that the trajectory is towards general acceptance.

@@ -475,10 +406,14 @@ Tor and its onion addresses, previously called hidden addresses, have a few key

    -
  • NAT traversal
  • -
  • Firewall traversal
  • -
  • Avoiding the domain name system (DNS), which is mostly centralized and not secure
  • -
  • Avoiding passive bulk surveillance in which governments try to find out who is communicating with who
  • +
  • NAT traversal +
  • +
  • Firewall traversal +
  • +
  • Avoiding the domain name system (DNS), which is mostly centralized and not secure +
  • +
  • Avoiding passive bulk surveillance in which governments try to find out who is communicating with who +

@@ -486,9 +421,9 @@ On the negative side it's a complex system which is not fully decentralized.

-
-

How is Tor integrated with Freedombone?

-
+
+

How is Tor integrated with Freedombone?

+

Within this project Tor is used more to provide accessibility than the anonymity factor for which Tor is better known. The onion address system provides a way of being able to access sites even if you don't own a conventional domain name or don't have administrator access to your local internet router to be able to do port forwarding.

@@ -506,17 +441,17 @@ Even if you're running the "onion only" build, this only means that sites are ac

-
-

Can I add a clearnet domain to an onion build?

-
+
+

Can I add a clearnet domain to an onion build?

+

You could if you manually edited the relevant nginx configuration files and installed some dynamic DNS system yourself. If you already have sysadmin knowledge then that's probably not too hard. But the builds created with the onion-addresses-only option aren't really intended to support access via clearnet domains.

-
-

Why use Github?

-
+
+

Why use Github?

+

Github is paradoxically a centralized, closed and proprietary system which happens to mostly host free and open source projects. Up until now it has been relatively benign, but at some point in the name of "growth" it will likely start becoming more evil, or just become like SourceForge - which was also once much loved by FOSS developers, but turned into a den of malvertizing.

@@ -534,21 +469,21 @@ Currently many of the repositories used for applications which are not yet packa

-
-

Should I upload my GPG keys to keybase.io?

-
+
+

Should I upload my GPG keys to keybase.io?

+

It's not recommended unless there exists some compelling reason for you to be on there. That site asks users to upload the private keys, and even if the keys are client side encrypted with a passphrase there's always the chance that there will be a data leak in future and letter agencies will then have a full time opportunity to crack the passphrases.

-Saying something resembling "only noobs will use crackable private key passphrases" isn't good enough. A passphrase should not be considered to be a substitute for a private key. +Saying something resembling /"only noobs will use crackable private key passphrases"/ isn't good enough. A passphrase should not be considered to be a substitute for a private key.

-
-

Keys and emails should not be stored on servers. Why do you do that?

-
+
+

Keys and emails should not be stored on servers. Why do you do that?

+

Ordinarily this is good advice. However, the threat model for a device in your home is different from the one for a generic server in a massive warehouse. Compare and contrast:

@@ -557,45 +492,45 @@ Ordinarily this is good advice. However, the threat model for a device in your h - + - + -At home -In a warehouse +At home +In a warehouse -Accessible to a small number of people -Accessible to possibly many random strangers +Accessible to a small number of people +Accessible to possibly many random strangers -You control the environment -You have no control over the warehouse +You control the environment +You have no control over the warehouse -You know what gets plugged in to the box -Anything could be plugged in to the box and you might not know +You know what gets plugged in to the box +Anything could be plugged in to the box and you might not know -You know where your home is -The warehouse could be anywhere in the world +You know where your home is +The warehouse could be anywhere in the world -Normally requires a warrant to search -Requires little or no justification to search +Normally requires a warrant to search +Requires little or no justification to search -You know what jurisdiction your home is within -You may have no idea what jurisdiction the warehouse is within +You know what jurisdiction your home is within +You may have no idea what jurisdiction the warehouse is within @@ -606,9 +541,9 @@ In the home environment a box with a good firewall and no GUI components install
-
-

Why can't I access my .onion site with a Tor browser?

-
+
+

Why can't I access my .onion site with a Tor browser?

+

Probably you need to add the site to the NoScript whitelist. Typically click/press on the noscript icon (or select from the menu on mobile) then select whitelist and add the site URL. You may also need to disable HTTPS Everywhere when using onion addresses, which don't use https.

@@ -618,9 +553,9 @@ Another factor to be aware of is that it can take a while for the onion address

-
-

What is the best hardware to run this system on?

-
+
+

What is the best hardware to run this system on?

+

It was originally designed to run on the Beaglebone Black, but that should be regarded as the most minimal system, because it's single core and has by today's standards a small amount of memory. Obviously the more powerful the hardware is the faster things like web pages (blog, social networking, etc) will be served but the more electricity such a system will require if you're running it 24/7. A good compromise between performance and energy consumption is something like an old netbook. The battery of an old netbook or laptop even gives you UPS capability to keep the system going during brief power outages or cable re-arrangements, and that means using full disk encryption on the server also becomes more practical.

@@ -630,14 +565,15 @@ It was originally designed to run on the Beaglebone Black, but that should be re

-
-

Can I add more users to the system?

-
+
+

Can I add more users to the system?

+

Yes. Freedombone can support a small number of users, for a "friends and family" type of home installation. This gives them access to an email account, XMPP, SIP phone and the blog (depending on whether the variant which you installed includes those).

+
ssh username@mydomainname -p 2222
 
@@ -655,9 +591,9 @@ Another point is that Freedombone installations are not intended to support many

-
-

Why not use Signal for mobile chat?

-
+
+

Why not use Signal for mobile chat?

+

Celebrities recommend Signal. It's Free Software so it must be good, right?

@@ -667,12 +603,18 @@ If you are currently using a proprietary chat app, something without any encrypt

    -
  • It uses phone numbers. Phone numbers are used for Signal's initial verification, and they can of course be intercepted or faked. Plus it means that Open Whisper Systems keeps a list of phone numbers on its centralised server for its "X has joined Signal" notification. Even if they're hashed, they're still unique identifiers and rainbow tables for the phone number system probably exist. Phone numbers are convenient for some users, but are also a non-trivial security risk. If you're using Signal then consider what it knows about who your contacts are, where that data is located and who else might have access to that. Consider what might happen if an adversary gets to know your mobile number.
  • -
  • It's based on a single server run by Open Whisper Systems. That's a single point of failure and ought to be a big red flag (of the sporting rather than the socialist variety) as a possible locus for concentrated nefariousness.
  • -
  • It requires the installation of Google Play. If you already have Google Play installed on a stock Android OS then this doesn't increase your security problems, but for other more secure Android variants it's a massive increase in attack surface. There is a separate apk available for download, but it won't receive updates and the hash shown on the site often doesn't match.
  • -
  • It depends entirely upon the Google message pushing system. That means that Google at least knows who Signal messages are being sent to and may be able to infer the rest via your (insecure) Android phone contact list or via timing correlation of alternating deliveries. Remember that for an adversary metadata in aggregate is much better than having the content of messages. At any time Google could decide that it doesn't want to support Signal, or in adverse circumstances they could be leaned upon by the usual agencies or government cronies.
  • -
  • Their privacy policy indicates that they will give whatever server data they have to third parties under some conditions. Of course this is always claimed to be for the very best of reasons - such as combating fraud - but once that sort of disclosure capability exists it may be abused without you ever knowing about it. Consider how difficult, or not, it may be for a government to reverse engineer a database of hashed telephone numbers.
  • -
  • Forking isn't really an option. A fork was tried, but Moxie got annoyed when it still used his server. At the same time the level of interest in federating the server is not detectable with our best intrumentation, and is suspected to be negative. That's a catch 22 which effectively means that independent implementations of Signal will always leave some users unable to communicate with each other.
  • +
  • It uses phone numbers. Phone numbers are used for Signal's initial verification, and they can of course be intercepted or faked. Plus it means that Open Whisper Systems keeps a list of phone numbers on its centralised server for its /"X has joined Signal"/ notification. Even if they're hashed, they're still unique identifiers and rainbow tables for the phone number system probably exist. Phone numbers are convenient for some users, but are also a non-trivial security risk. If you're using Signal then consider what it knows about who your contacts are, where that data is located and who else might have access to that. Consider what might happen if an adversary gets to know your mobile number. +
  • +
  • It's based on a single server run by Open Whisper Systems. That's a single point of failure and ought to be a big red flag (of the sporting rather than the socialist variety) as a possible locus for concentrated nefariousness. +
  • +
  • It requires the installation of Google Play. If you already have Google Play installed on a stock Android OS then this doesn't increase your security problems, but for other more secure Android variants it's a massive increase in attack surface. There is a separate apk available for download, but it won't receive updates and the hash shown on the site often doesn't match. +
  • +
  • It depends entirely upon the Google message pushing system. That means that Google at least knows who Signal messages are being sent to and may be able to infer the rest via your (insecure) Android phone contact list or via timing correlation of alternating deliveries. Remember that for an adversary metadata in aggregate is much better than having the content of messages. At any time Google could decide that it doesn't want to support Signal, or in adverse circumstances they could be leaned upon by the usual agencies or government cronies. +
  • +
  • Their privacy policy indicates that they will give whatever server data they have to third parties under some conditions. Of course this is always claimed to be for the very best of reasons - such as combating fraud - but once that sort of disclosure capability exists it may be abused without you ever knowing about it. Consider how difficult, or not, it may be for a government to reverse engineer a database of hashed telephone numbers. +
  • +
  • Forking isn't really an option. A fork was tried, but Moxie got annoyed when it still used his server. At the same time the level of interest in federating the server is not detectable with our best intrumentation, and is suspected to be negative. That's a catch 22 which effectively means that independent implementations of Signal will always leave some users unable to communicate with each other. +

@@ -680,9 +622,9 @@ To give credit where it's due Signal is good, but it could be a lot better. The

-
-

What is the most secure chat app to use on mobile?

-
+
+

What is the most secure chat app to use on mobile?

+

On mobile there are various options. The apps which are likely to be most secure are ones which have end-to-end encryption enabled by default and which can also be onion routed via Orbot. End-to-end encryption secures the content of the message and onion routing obscures the metadata, making it hard for a passive adversary to know who is communicating with who.

@@ -692,18 +634,19 @@ The current safest way to chat is to use Conv

-There are many other fashionable chat apps with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified. +There are many other fashionable chat apps with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.

-
-

How do I remove a user from the system?

-
+
+

How do I remove a user from the system?

+

To remove a user:

+
ssh username@mydomainname -p 2222
 
@@ -713,9 +656,9 @@ Select Administrator controls then Manage Users and then Delete

-
-

Why is logging for web sites turned off by default?

-
+
+

Why is logging for web sites turned off by default?

+

If you're making profits out of the logs by running large server warehouses and then data mining what users click on - as is the business model of well known internet companies - then logging everything makes total sense. However, if you're running a home server then logging really only makes sense if you're trying to diagnose some specific problem with the system, and outside of that context logging everything becomes more of a liability than an asset.

@@ -729,14 +672,15 @@ On the Freedombone system web logs containing IP addresses are turned off by def

-
-

How do I reset the tripwire?

-
+
+

How do I reset the tripwire?

+

The tripwire will be automatically reset once per week. If you want to reset it earlier then do the following:

+
ssh username@mydomain -p 2222
 
@@ -746,9 +690,9 @@ Select Administrator controls then "reset tripwire" using cursors and spa

-
-

Is metadata protected?

-
+
+

Is metadata protected?

+

"We kill people based on metadata" @@ -764,10 +708,11 @@ Even when using Freedombone metadata analysis by third parties is still possible

-
-

How do I create email processing rules?

-
+
+

How do I create email processing rules?

+
+
ssh username@domainname -p 2222
 
@@ -780,39 +725,39 @@ Select Administrator controls then Email Filtering Rules then you - + - + -freedombone-addlist -Adds a mailing list +freedombone-addlist +Adds a mailing list -freedombone-rmlist -Removes a mailing list +freedombone-rmlist +Removes a mailing list -freedombone-addemail -Transfers emails from an address to a given folder +freedombone-addemail +Transfers emails from an address to a given folder -freedombone-rmemail -Removes an email transferal rule +freedombone-rmemail +Removes an email transferal rule -freedombone-ignore -Ignores email from an address or with a subject line containing text +freedombone-ignore +Ignores email from an address or with a subject line containing text -freedombone-unignore -Removes an ignore rule +freedombone-unignore +Removes an ignore rule @@ -822,14 +767,15 @@ Spamassassin is also available and within Mutt you can use the S (shift+s) key t

-
-

Why isn't dynamic DNS working?

-
+
+

Why isn't dynamic DNS working?

+

If you run the command:

+
systemctl status inadyn
 
@@ -839,6 +785,7 @@ And see some error related to checking for changes in the IP address then you ca

+
https://check.torproject.org/
 https://www.whatsmydns.net/whats-my-ip-address.html
 https://www.privateinternetaccess.com/pages/whats-my-ip/
@@ -847,14 +794,15 @@ https://www.privateinternetaccess.com/pages/whats-my-ip/
 
-
-

How do I change my encryption settings?

-
+
+

How do I change my encryption settings?

+

Suppose that some new encryption vulnerability has been announced and that you need to change your encryption settings. Maybe an algorithm thought to be secure is now no longer so and you need to remove it. You can change your settings by doing the following:

+
ssh myusername@mydomain -p 2222
 
@@ -864,9 +812,9 @@ Select Administrator controls then select Security Settings. You w

-
-

How do I get a domain name?

-
+
+

How do I get a domain name?

+

Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.

@@ -876,6 +824,7 @@ Remove any existing nameservers for your domain (or select "custom" nameservers)

+
NS1.AFRAID.ORG
 NS2.AFRAID.ORG
 NS3.AFRAID.ORG
@@ -896,6 +845,7 @@ To route email to one of your freedns domains:
 

+
editor /etc/mailname
 
@@ -905,6 +855,7 @@ Add any extra domains which you own, then save and exit.

+
editor /etc/exim4/update-exim4.conf.conf
 
@@ -918,6 +869,7 @@ Save and exit, then restart exim.

+
update-exim4.conf.template -r
 update-exim4.conf
 service exim4 restart
@@ -930,14 +882,15 @@ You should now be able to send an email from postmaster@mynewdomainname a
 
-
-

How do I get a "real" SSL/TLS/HTTPS certificate?

-
+
+

How do I get a "real" SSL/TLS/HTTPS certificate?

+

If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:

+
ssh username@mydomainname -p 2222
 
@@ -951,9 +904,9 @@ One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS

-
-

How do I renew a Let's Encrypt certificate?

-
+
+

How do I renew a Let's Encrypt certificate?

+

Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.

@@ -963,6 +916,7 @@ If you need to manually renew a certificate:

+
ssh username@mydomainname -p 2222
 
@@ -972,14 +926,15 @@ Select Administrator controls then Security settings then Renew

-
-

I tried to renew a Let's Encrypt certificate and it failed. What should I do?

-
+
+

I tried to renew a Let's Encrypt certificate and it failed. What should I do?

+

Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:

+
ssh username@mydomainname -p 2222
 
@@ -989,17 +944,17 @@ Select Administrator controls then Security settings then Creat

-
-

Why not use the services of $company instead? They took the Seppuku pledge

-
+
+

Why not use the services of $company instead? They took the Seppuku pledge

+

-That pledge is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "on our side". Post-nymwars and post-PRISM we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere. +That pledge is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "on our side". Post-nymwars and post-PRISM we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.

-
-

Why does my email keep getting rejected as spam by Gmail/etc?

-
+
+

Why does my email keep getting rejected as spam by Gmail/etc?

+

Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.

@@ -1009,6 +964,7 @@ Often ISPs will run their own SMTP mail server which you can use for proxying, t

+
ssh username@mydomainname -p 2222
 
@@ -1030,9 +986,9 @@ So the situation with email presently is pretty bad, and there's a clear selecti

-
-

Tor is censored/blocked in my area. What can I do?

-
+
+

Tor is censored/blocked in my area. What can I do?

+

If you can find some details for an obfs4 Tor bridge (its IP address, port number and key or nickname) then you can set up the system to use it to connect to the Tor network. Unlike relay nodes the IP addresses for bridges are not public information and so can't be easily known and added to block lists by authoritarian regimes or over-zealous ISPs.

@@ -1041,7 +997,7 @@ If you can find some details for an obfs4 Tor bridge (its IP address, port numbe ssh into your Freedombone system, go to the administrator control panel, select security settings then Tor Bridges and Add a bridge. You can then enter the details.

-
+

control_panel_bridges.jpg @@ -1059,9 +1015,9 @@ You can also set your system to act as a Tor bridge, although this is not recomm

-
-

I want to block a particular domain from getting its content into my social network sites

-
+
+

I want to block a particular domain from getting its content into my social network sites

+

If you're being pestered by some domain which contains bad/illegal/harrassing content or irritating users you can block domains at the firewall level. Go to the administrator control panel and select domain blocking. You can then block, unblock and view the list of blocked domains.

@@ -1076,9 +1032,9 @@ Select Administrator controls then Domain blocking.
-
-

The mesh system doesn't boot from USB drive

-
+
+

The mesh system doesn't boot from USB drive

+

If the system doesn't boot and reports an error which includes /dev/mapper/loop0p1 then reboot with Ctrl-Alt-Del and when you see the grub menu press e and manually change /dev/mapper/loop0p1 to /dev/sdb1, then press Ctrl-x. If that doesn't work then reboot and try /dev/sdc1 instead.

@@ -1088,9 +1044,14 @@ After the system has booted successfully the problem should resolve itself on su

-
-Return to the home page -
+
+

+<center> +Return to the <a href="index.html">home page</a> +</center> +

+ +