From d07bcac281de8a2d56eef1cb61492674f6d34db6 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 11 Mar 2018 23:27:02 +0000 Subject: [PATCH] Update documentation --- doc/EN/apps.org | 6 +- doc/EN/fediverse.org | 14 +- doc/EN/index.org | 4 +- doc/EN/security.org | 48 +++ doc/EN/usage_email.org | 258 +------------ doc/EN/users.org | 21 ++ img/bbb3.png | Bin 39048 -> 40265 bytes website/EN/apps.html | 419 +++++++++------------- website/EN/fediverse.html | 209 ++++------- website/EN/index.html | 172 +++------ website/EN/security.html | 250 +++++++++++++ website/EN/usage_email.html | 695 ++++++++---------------------------- website/EN/users.html | 201 +++++++++++ 13 files changed, 966 insertions(+), 1331 deletions(-) create mode 100644 doc/EN/security.org create mode 100644 doc/EN/users.org create mode 100644 website/EN/security.html create mode 100644 website/EN/users.html diff --git a/doc/EN/apps.org b/doc/EN/apps.org index 2974036d..281824ea 100644 --- a/doc/EN/apps.org +++ b/doc/EN/apps.org @@ -10,10 +10,6 @@ [[file:images/logo.png]] #+END_CENTER -#+begin_export html -

Apps

-#+end_export - #+begin_quote "/In times of aggressive corporatization, increasing enclosure of communication spaces, and blanket surveillance, emancipatory communication practices appear to be particularly well suited to offer concrete alternatives to activists and citizens alike/" -- Stefania Milan #+end_quote @@ -53,6 +49,8 @@ Extremely simple and distraction-free notes system. If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail. [[./app_emacs.html][How to use it]] +* Email Server +Since many apps require email registration an email server is installed by default. You can find advice on using the email system [[./usage_email.html][here]]. * Etherpad Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it. diff --git a/doc/EN/fediverse.org b/doc/EN/fediverse.org index 971bca8b..5af89588 100644 --- a/doc/EN/fediverse.org +++ b/doc/EN/fediverse.org @@ -10,16 +10,14 @@ [[file:images/logo.png]] #+END_CENTER -#+BEGIN_EXPORT html -
-

Homesteading the Fediverse

-
-#+END_EXPORT +#+BEGIN_CENTER +*Homesteading the Fediverse* +#+END_CENTER Some things you might want to know about the Fediverse: * Federation as a concept -The political definition of a federation is "/a union of partially self-governing states or regions under a central (federal) government/". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elemantary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code. +The political definition of a federation is "/a union of partially self-governing states or regions under a central (federal) government/". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elementary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code. * Keep the number of users on each server small The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar. @@ -33,7 +31,9 @@ Especially if other servers are publishing content which may not be legal in you Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate. * Keep your follows under the Dunbar number -Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. _Real community happens at tribal scale_. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true. +Keep the number of other frequently active users you're following to under a couple of hundred. Your actual number of follows might be larger than this but could include users who rarely post anything. + +Once there are more than a couple of hundred highly active users in your timeline then you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will be drowned in the entropy. There are no algorithmic timelines to hide posts, and even if they're introduced then they create their own problems as an opaque form of censorship. _Real community happens at tribal scale_. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true. * Avoid big public servers It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided. diff --git a/doc/EN/index.org b/doc/EN/index.org index e88f500c..86f85cc2 100644 --- a/doc/EN/index.org +++ b/doc/EN/index.org @@ -32,12 +32,14 @@ Want to make a community mesh network which can either be fully autonomous or co After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it. * [[./domains.html][How to get a domain name]] + * [[./security.html][Improving security]] + * [[./users.html][Adding or removing users]] * [[./apps.html][Apps available on the system]] - * [[./usage.html][General usage]] * [[./faq.html][Frequently Asked Questions]] * [[./mobile.html][Advice on setting up a mobile phone]] * [[./support.html][I like this project. How can I help to support it?]] + If you find bugs, or want to add a new app to this system see the [[./devguide.html][Developers Guide]] and [[./codeofconduct.html][Code of Conduct]]. There is a Matrix chat room available at *#fbone:matrix.freedombone.net*. Ready made disk images which can be copied onto USB or microSD drives are [[./downloads/current][available here]]. diff --git a/doc/EN/security.org b/doc/EN/security.org new file mode 100644 index 00000000..d2f21925 --- /dev/null +++ b/doc/EN/security.org @@ -0,0 +1,48 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, security, ssh, debian, beaglebone +#+DESCRIPTION: Improving security +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+BEGIN_CENTER +[[file:images/logo.png]] +#+END_CENTER + +* Authentication with keys +It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running: + +#+begin_src bash +freedombone-client +#+end_src + +On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then: + +#+begin_src +ssh myusername@freedombone.local -p 2222 +#+end_src + +Select *Administrator controls* and re-enter your password, then *Manage Users* and *Change user ssh public key*. Copy and paste the ssh public keys which appeared after the *freedombone-client* command was run. Then go to *Security settings* and select *Allow ssh login with passwords* followed by *no*. + +You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to. +* Administrating the system via an onion address (Tor) +You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following: + +#+BEGIN_SRC bash +ssh username@freedombone.local -p 2222 +#+END_SRC + +Select /Administrator controls/ then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following on your local system: + +#+BEGIN_SRC bash +freedombone-client +#+END_SRC + +This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with: + +#+BEGIN_SRC bash +ssh username@address.onion -p 2222 +#+END_SRC + +Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating. diff --git a/doc/EN/usage_email.org b/doc/EN/usage_email.org index 4d76b080..75112993 100644 --- a/doc/EN/usage_email.org +++ b/doc/EN/usage_email.org @@ -10,23 +10,17 @@ [[file:images/logo.png]] #+END_CENTER -#+BEGIN_EXPORT html -
-

Email

-
-#+END_EXPORT - | [[Things to be aware of]] | | [[A technical note about email transport security]] | | [[Add a password to your GPG key]] | | [[Publishing your GPG public key]] | | [[Mutt email client]] | | [[Thunderbird/Icedove]] | -| [[K9 Android client]] | +| [[Android apps]] | | [[Subscribing to mailing lists]] | | [[Adding email addresses to a group/folder]] | | [[Ignoring incoming emails]] | -| [[Your own mailing list]] | +| [[Using I2P for email transport]] | * Things to be aware of Even though this system makes it easy to set up an email server, running your own email system is still not easy and this is mainly due to the huge amount of collatoral damage caused by spammers over a long period of time, which in turn is due to the inherent insecurity of email protocols which enabled spam to become a big problem. Email is still very popular though and most internet services require that you have an email address in order to register. @@ -40,7 +34,7 @@ Port 465 is used for SMTP and this is supposedly deprecated for secure email. Ho From https://motherboard.vice.com/read/email-encryption-is-broken: #+BEGIN_QUOTE -The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor +/The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor/ #+END_QUOTE * Add a password to your GPG key If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password. @@ -202,232 +196,8 @@ By default you won't be able to see any folders which you may have created earli Make sure that "*show only subscribed folders*" is not checked. Then click the *ok* buttons. Folders will be re-scanned, which may take some time depending upon how much email you have, but your folders will then appear. -* K9 Android client -*** A point about GPG on Android -Before trying to set up email on Android you may want to consider whether you really need to do this. Android (and its variants) is not a particularly secure operating system and whether or not you wish to store GPG keys on it depends on your threat model and in what situations you'll be using your device. - -If you are going to use email on an Android device then ensure that you have full encryption enabled via the security settings, so that if you subsequently lose it, or if it gets stolen, the chances of encryption keys being exposed are minimised. -*** Compiling the development version -To get K9 working with Freedombone you'll need to install development versions of OpenKeychain and K9. At the time of writing the versions available in F-Droid do not support PGP/MIME or the "hidden recipient" feature of GPG. It is hoped that at some stage the patches will be integrated into the mainline or functionally equivalent changes made. Admittedly, this is not at all user friendly, but currently it's the only way to read Freedombone email on Android systems. - -Build script for OpenKeychain: - -#+BEGIN_SRC bash -mkdir ~/develop -cd ~/develop -git clone https://github.com/bashrc/open-keychain -cd open-keychain -git checkout origin/bashrc/hidden-recipient-minimal -git checkout -b bashrc/hidden-recipient-minimal -cd tools -nano build.sh -#+END_SRC - -Then add the following: - -#+BEGIN_SRC bash -#!/bin/bash - -# This script is intended to be used on Debian systems for building -# the project. It has been tested with Debian 8 - -USERNAME=$USER -SIGNING_NAME='openkeychain' -SDK_VERSION='r23.3.4' -SDK_DIR=$HOME/android-sdk - -cd .. - -PROJECT_HOME=$(pwd) - -sudo apt-get install build-essential default-jdk \ - lib32stdc++6 lib32z1 lib32z1-dev - -if [ ! -d $SDK_DIR ]; then - mkdir -p $SDK_DIR -fi -cd $SDK_DIR - -# download the SDK -if [[ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]]; then - wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz -fi -tar -xzvf android-sdk_$SDK_VERSION-linux.tgz -SDK_DIR=$SDK_DIR/android-sdk-linux - -echo 'Check that you have the SDK tools installed for Android 22, SDK 21.1.2' - -export ANDROID_HOME=$SDK_DIR -echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties -export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools - -cd $SDK_DIR/tools -./android sdk - -if [ ! -f $SDK_DIR/tools/android ]; then - echo "$SDK_DIR/tools/android not found" - exit -1 -fi -cd $SDK_DIR -chmod -R 0755 $SDK_DIR -chmod a+rx $SDK_DIR/tools - -# android sdk -cd $PROJECT_HOME -git submodule init && git submodule update - -if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then - echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found" - exit -2 -fi -. $PROJECT_HOME/gradlew assembleDebug - -# cleaning up -cd $PROJECT_HOME/OpenKeychain/build/outputs/apk -if [ ! -f OpenKeychain-debug.apk ]; then - echo 'OpenKeychain-debug.apk was not found' - exit -3 -fi - -echo 'Build script ended successfully' -echo -n 'apk is available at: ' -echo "$PROJECT_HOME/OpenKeychain/build/outputs/apk/OpenKeychain-debug.apk" -exit 0 -#+END_SRC - -Save and exit with *CTRL-o*, *CTRL-x*. - -#+BEGIN_SRC bash -chmod +x build.sh -./build.sh -#+END_SRC - -Build script for K9: - -#+BEGIN_SRC bash -cd ~/develop -git clone https://github.com/k9mail/k-9 -cd k-9 -cd tools -nano build.sh -#+END_SRC - -Then add the following: - -#+BEGIN_SRC bash -#!/bin/bash - -# This script is intended to be used on Debian systems for building -# the project. It has been tested with Debian 8 - -USERNAME=$USER -SIGNING_NAME='k-9' -SDK_VERSION='r24.3.3' -SDK_DIR=$HOME/android-sdk - -cd .. - -PROJECT_HOME=$(pwd) - -sudo apt-get install build-essential default-jdk \ - lib32stdc++6 lib32z1 lib32z1-dev - -if [ ! -d $SDK_DIR ]; then - mkdir -p $SDK_DIR -fi -cd $SDK_DIR - -# download the SDK -if [ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]; then - wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz - tar -xzvf android-sdk_$SDK_VERSION-linux.tgz -fi -SDK_DIR=$SDK_DIR/android-sdk-linux - -echo 'Check that you have the SDK tools installed for Android 17, SDK 19.1' -if [ ! -f $SDK_DIR/tools/android ]; then - echo "$SDK_DIR/tools/android not found" - exit -1 -fi -cd $SDK_DIR -chmod -R 0755 $SDK_DIR -chmod a+rx $SDK_DIR/tools - -ANDROID_HOME=$SDK_DIR -echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties -PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools - -android sdk -cd $PROJECT_HOME - -if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then - echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found" - exit -2 -fi -. $PROJECT_HOME/gradlew assembleDebug - -# cleaning up -cd $PROJECT_HOME/k9mail/build/outputs/apk -if [ ! -f k9mail-debug.apk ]; then - echo 'k9mail-debug.apk was not found' - exit -3 -fi -echo 'Build script ended successfully' -echo -n 'apk is available at: ' -echo "$PROJECT_HOME/k9mail/build/outputs/apk/k9mail-debug.apk" -exit 0 -#+END_SRC - -Save and exit with *CTRL-o*, *CTRL-x*. - -#+BEGIN_SRC bash -chmod +x build.sh -./build.sh -#+END_SRC - -*** Import your GPG key into OpenKeychain -With your device connected to a laptop via USB cable and with USB debugging enabled on it: - -#+BEGIN_SRC bash -ssh username@domainname -p 2222 -gpg --list-keys username@domainname -gpg --output ~/public_key.gpg --armor --export KEY_ID -gpg --output ~/private_key.gpg --armor --export-secret-key KEY_ID -cat ~/public_key.gpg ~/private_key.gpg > ~/mygpgkey.asc -exit -scp -P 2222 username@domainname:/home/username/mygpgkey.asc ~/ -sudo apt-get install android-tools-adb -push ~/mygpgkey.asc /sdcard/ -shred -zu ~/mygpgkey.asc -#+END_SRC - -Then on your device select OpenKeychain and import your key from file. -*** Incoming server settings - * Select settings/account settings - * Select Fetching mail/incoming server - * Enter your username and password - * IMAP server should be your domain name - * Security: SSL/TLS (always) - * Authentication: Plain - * Port: 993 -*** Outgoing (SMTP) server settings - * Select settings/account settings - * Select Sending mail/outgoing server - * Set SMTP server to your domain name - * Set Security to SSL/TLS (always) - * Set port to 465 - * Set authentication to PLAIN - * Enter your username and password - * Accept the SSL certificate -*** Crypto settings -Select *settings*, *Account settings*, *OpenKeychain* and then select your key and press *Allow*. You should now be able to decrypt emails by entering your GPG passphrase. - -You may also want to change the amount of time for which passwords are remembered, so that you don't need to enter your passphrase very often. -*** Folders -To view any new folders which you may have created using the /mailinglistrule/ script from your inbox press the *K9 icon* at the top left to access folders, then press the *menu button* and select *refresh folder list*. - -If your folder still doesn't show up then press the *menu button*, select *show folders* and select *all folders*. - +* Android apps +Mobile devices have a reputation for being quite insecure, so it's recommended that you don't store emails or GPG keys on your phone. Instead [[./app_mailpile.html][install Mailpile]] and access your email via the webmail interface. * Subscribing to mailing lists To subscribe to a mailing list log in as your user (i.e. not the root user). @@ -452,19 +222,5 @@ ssh username@domainname -p 2222 #+END_SRC Select /Administrator controls/ then *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*. -* Your own mailing list -If you want to set up a public mailing list then when installing the system remember to set the *PUBLIC_MAILING_LIST* variable within *freedombone.cfg* to the name of your list. The name should have no spaces in it. Public mailing lists are unencrypted so anyone will be able to read the contents, including non subscribers. - -To subscribe to your list send a cleartext email to: - -#+BEGIN_SRC bash -mymailinglistname+subscribe@domainname -#+END_SRC - -Tip: When using the Mutt email client if you want to send an email in cleartext then press *p* (for PGP) on the sending screen and select *clear*. Unsecure email is treated as being the exception rather than the default. - -#+BEGIN_EXPORT html -
-Return to the home page -
-#+END_EXPORT +* Using I2P for email transport +For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the [[./app_bdsmail.html][bdsmail app]]. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client. diff --git a/doc/EN/users.org b/doc/EN/users.org new file mode 100644 index 00000000..29be50d6 --- /dev/null +++ b/doc/EN/users.org @@ -0,0 +1,21 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, debian, beaglebone, users +#+DESCRIPTION: Adding or removing users +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+BEGIN_CENTER +[[file:images/logo.png]] +#+END_CENTER + +Log into the system with: + +#+BEGIN_SRC bash +ssh username@domainname -p 2222 +#+END_SRC + +Select *Administrator controls* then *User Management*. + +[[file:images/controlpanel/control_panel_manage_users.jpg]] diff --git a/img/bbb3.png b/img/bbb3.png index 4b3132bfb797b7d5106139d462c56dd16506d8ee..9158429ae8fdef9fcb75b3ad37bce68395f20af0 100644 GIT binary patch delta 6487 zcmX9?bzD>L+dhm&P(qMVBA`f0cN!pqq>Pw^!WcCvsS%r?hzN+p6bThnYA_mU5Tr(T z$cA4!hYT3ayWi(M|DE%Bo^zf%uIs+86I%xAt^*}mu>42Ma#>6=QN2LF461+z3H+#d zhYqDh6(!P|hmW0~t2tmEPT$T+;@zgMm^Up}hYvuRUKB*(!DEyysJPgBS!lffSGdXaL*sYh^5| z#v%ohcY+}Gk90?le}r(~$xsbgPpo1Rk4QtUU;nu&6RHT=NbzL+QuT<(@amkv>276I zac9SR_xuizchW_EYoUd+EV56ihp4K*h3cBif-(&N)C4?zbFgJg6sMP8bAFra0Q=%l z%t9tri5`bSd+uKR#KmEpFU3ZeT90!O;X;>4&KpEa$4da)(~rO}qQ{4d#s$pAiS{UO zm}4aMoRi~BOvd;enb~_{ycU*8n>yke=fQzauzEe$oT~Rn-EBW#P;>;Q z%<|QqIcH|%=IJAob?XR?reyfzg>U;{j;-XW&*%=3_R=<$M{8A1UvAewP*s042wb+rd6< zxtJb%%qaA;OZVd$|1;u#`yQQ`T)W3r^xEMoiwj9!9~%1Z1@=y;LXAtBP$!1D`{~QD zSk_6z5VQn~z!~jJvjf1S<6&q?x0Y2s_xozG@*zfXV&MW2#GIXbO_41*UHob#NLK9- z&ffq4nltJ?bzTd+jjE^lrZdJ2J#&G7pemRN$N1_?pR;F=%bBR5g->^X5dJ>Of4`Jz zDbFP&5?5RQPUq(Sdo2`@mhPjx^65cz&vb`qgd8&AG3k&g$aDh?bEg3^JbhKNf55Lg{2Mzq3ZrkTr}4r%S^d$}l;PISe0AHqOujnh!X$Q#ith@!9!SJRh60$KJ1D+oT&0 zD_Mq)qb`K{2@B9NY2UU~Z3s3#jK4Y8t5|uxj8KH)RZ_&~#HdX4t!*j`1p1mh=%jE^ zCcm-{C-I98{0zgW9S`mBv+=krtnQ!KSQ7B%J% zRveZ_Q)D?a!$1H~#Qf9!o)pc+edx>QKjuDs@d{FWSy56u!!;GKznyP!zMCa2OpArH zHJ_r+Wv*GTgQsAzCyrcrv`a!{1fQzYmM&YRMETNOd>D2v949iOAh;>G#ArnG0su_> zy5MvIlCLUE&a@3qkS_kaY`yU&-2~AztkI<~lFw`=C@0>v$mWg#n3%Kd$1V489J$$b!0kyH^kMXDNO zX_!`9z9qi(3Ma&6uk_BXx{URV`1E;L6Djan&S!a1CiW>E%u9@8L|I`=9lqF#4+Jz$L#wq^=4AI-4)v&rNR_fDMgC?&(dOT7 zZJxaqa2R6TO@RGGWQiX??{m0a0AUFA&>~Y*F=BCzF(a&u_5va35{(W_MLGJ;l-Tr%?K15OW$S?I#s2h0W^LPc4Qy7BX z(AS|tJJmccx6U5&kM;FqP&R5zYDI=&J}o>!Y*e!l=e7in&97PPs}1^-YrS6sBq;wJ zoyKV$o#JvSkeFBnx3M;Igp~P&LadqZcCaes`je7K_2Y9-DS_wFepi$Yv~JM{@fyCL z$*~W0Dg+7X0f6wVUm_FTN>xAMNHAHN*#$A9u_f1J4~KZ=ab%vJq9g`*?L2WtF(sw~ zVgF@1`Tu0~pugNCX4S0cWkM0tEE)Ve)wyW&t7=?(Ur6xXEIl1CS8@BA)lIhxat@`N zZ|GC!yM{DT@ml>UDYQMp{=rVMDRPQ9XT3pciaXk=AruR+ z5aj@pkdCjujSBQ*O&EcBY}HU zF4^6JljN`$&)rk{$t604zNqJpKyJjb!hhsK{}R{S{Ibk01QnLXyuppe?Txp6#oC(g zB|!Pjyp^(VjW15lNkAEv>)EkM6Y8 z-L=m$J-H9Hk7Abj{_R#`Ut)iAu(UmhQRuaMyAkSLY#}tt;FBClMnCa=#3tV$(I-^c ze#Qj*IgE@9nK9LH9h}h?)4NeDt4inqFHfTebp9s560##dg=rg}7^MAOtsg?9HNT-1 zHMO=KI-C7>(?A#i*ngNCP`vi|W}o`T+B3HV#SsWua9RDu=71Rc{y!P>lXV7BTP|SZ zVw7rSaSgY&;rDw>@NEIoLPQaNn%S@VqmGP~AwJ&~=9dXeVUx4lZ8UdZf3{Wqe(8rc zv2MrPu-3zlqf`DX9RTQf+}D!1S1nBwX-VK=yyGLFp{#bTaUvvBWnCEp9}9R0X@nZh z+Z*eU2$w@hE=C(c4x4FLhuxdAzom`?4^dv&5QXiqD5v)^wq6&Z(UKY~sfMl_6Rmag z!l2&Z;dXau%Q?P0I|bxcRRqhJj=e)Fv-<4K?7G^SDGWHcV;^N3%mreQiG&>n5iQeq zYFiee4}C&q2FhhEh_$CkoJUmxrMR9B&+g?f;sv%3^eX_DM*pSF z1^j86E>XLn9>fsT(5(Ia+I&Oj9E47yuwyD?R+0;n%dBA}?J_{Ye1l~x zI#GvqZ*_qQ(snA+F*wOpJp zJ#JI_S>HG31)H)9efDCtIeewktMu>j^icBiz@v2%{=jq1r%(AM)_dz0H zJmnl80EOCZ<_zsuE%2101c)Hf#g1C?bt@l-Jf0KOVcJ{K$Y!q&-1 zfd~>usgEJ=zQC&Sm(_XdnMDNr|F;I6wmC_-JBZ5K5{DnI+K$%@XsdrFWS&B5yLK

rkB;Fu?{nGtcI3$oId(di*}n8T_zP}ik)c^(DVqxP_*xedghNh&^fB>t8| z$d;>Ght$4}>uvLaVN*NTvzrP4I7XmDRz08iyrN8&8J2t-Ono;{Ehl1tiL#4_M;wsH zDU@JO>1aM~7u-``i#pGPKIr)g#>sK*bHPC*K7`Usr4ETm#7R(lfmfOnZuxt(DB{MO zQ+AZZoyvI)wi26f*vbX#vaY*qH}UsR-N5B_U1ZTCN5O!u!uoF&IBCiR%~edsVTFU9srx zezP!FTO=#4#=q!mzmLCFW`Jqte4E0#jM491q}frR@)3l;qmdV;ZaC1fvT35Z{Or$4 zi%+m8lq4x>1hH)}CiY~_MX|1TTwdcyD}qV(QTMA@xX1fH-778+8z?@(a%v04~h%{lfoV;1AO&v=EJoGBLg=;44RQoI_qmy*+C&YPUS zOCbD!k6xQL!t#k)Lj#po&+Nc&_kN&)KQ&v2IaH7YPYsm9Od#DbBX7z|rciLin!}z8 zf@pWjuWqX3Az-~wXQv!m^m{3m>fDO57J4cwq=Pu9g8shZZDeZnvMQ%}$1L5m?^ela ze9n ztjJn%%_#EBc5EeA3|~y?CjmOGD0h%M6XadXgb^&$;zuv+hd8+AllP>jf4bDt#IsIr zYc*Ljam~9jpHUY?VA4Z4jdbChgmQ{x4JffOFyF*9kFo0|3Y+$@nSz~kE7j0kFECNp z9X?m6y|wt`G2LY})i$XxnXjhWU)F~lR_V#R)tqikWmY6xykA6?{GGDD@%DY%%&kv< z_I=1+W3|hEI$<*flI#ckuC@`T-OA@o9k}i}us%TI_*G|qb)`*<)|RIlXvyc&nXl!> zziZB!tH9hw4ft{fR`?D4bih3T%pQ{4JjzT#n9WlULv3HyCxqMQHtcJiGJ#&9{M4}8*^7(J-H zJgPmvS8==YVNA zypdAi!{Ya2TyD^O1-?5k2^(@%7k-7vH42=3k{%3^`=Jp0Vv!BD@ZggABgoweQU7}e z-(?_Urga|8Aa(#fA4Q`maGsXAuy*~wDdRsj4m&^FY|%cH4AT-92wID zCh-srFM{)&I_rkNz{BCvwHVik`T$=C9%(Ls^_K)tnk!muIa^TYBQT`M{(v04`U_58TcT2P8;a-opy7R_H(<3e9Vrn42UaEAz z7DCuq1*hf)=?|++IT_HhLyz4nWuszFFzfAD@<^BdW&>U!VyfXPL|`PldIFWudEnsS zI%@YI%fI=l=kw z&FPSB(teQ2JYaLgOLajTD38HCzOpGpL72vyda)~7tKf8>@}Qv0i(md#)Nl0l-bq$J zlM)yzgu62GD%ml(jz6htDOhxUMc5zgb2W$wuTGqpea_Kxxr+v<*8s1bI8<{ad))W1 z5G?O;;;4+h*z!nbsI#SXuj1J-K^(z044O*XL_6;4hlU0>op-5~qulWDUJ3;#JuZ|R z6zf=RC9|smH|C-C0k0*?ewM&J(iOlb={4mtq+YT_TSL?F6-TOiGFs((|Sr` zYwpG|e6_u|&i(6FpOB_B7ivOkXPYGW{K-DA7&`!EeTzGLS*NmO z<#0AK=hEl%H6$wZpk|D)w{#^ru|bg@KAmVHPM|`WCr;u!t4Ej!VL@1Z0E?M14=Z_N95P7LLJtL;uZW6zf_dSl zwA3W80tqLOt7js3_!LWP_LllScwc~uwSzDJ%u&~REmo*9LQyC$__KfXiN;WHXOX=i zB7&J$Ys_o!bahfKY{ELzg_p`k0&w@cOnP)T{};r3VgIqsngdDRuep0ElGsZe(~m5P zsMGa%w=PIXSIOq-wF1$|InV&ToLGhJ|H+xyife%t@P=8^R()PLtq?qD^dinA9Hm+$ z%{NN4d}M<^;Cl$-^|(NLav>S`C2L^tZFr#fx^Nw|3~QPtj#k+b0&QV4Q7GTcbE?I<7*9=PN)c)iCoqs&2R z{rT%=L^}ss4*=$JAMm)VPQTXqXrXc#GNXW6s^&Kx2=4gKFxwU|eY?GzH63~-Ntc}k z3d~)Ivq;&x0Ptpwht0QOX-)yD_|~=SOGQ0~Qw=9mdxnnsEL2ElCG4Rfl`6)*B1!Ta zUkNRi9V?^dt28c5Nw=i>RBM--Lme$jzT#=9KyeoPRXv|mXTodh^==>wHX-4&mRd{C z*xx!rM#-H6)Dx3RLa`gG7_ z!lXwA0u~PNnTh9mtx3ZwW zKcRY!-$OGJ8u$!80mkWb>@oh@{5d`Xdtr|j3Dcd*kMX;16j8w6XYCM@=po7kP)qaW zemXMuuiBe!>pNWg0n_MO>s8xpv}XwD&G|AD#~y}iJ|u{mBH`ERVr&}2p)C{ddMr?IIvhz_6woNm9}It>PE zBdnw{av|&3kD=!X6OTC`An`Rfu+81+ltQ{xnnB|=+mrJG)}ysP?Qd|LZ#8oC$8x+T zZ2yMZX=CT?slC6~ZfJ3&&2nR<{Egr8reTEP^+i<0k;)CjL{duYkvm*B(&CESBC7sl ztqqF8C5@f$*GMdz0+wTMpf73M`|l)SY;f0+QYrQ@eqcquyx72=By=A{B_LwO^*QLn7sfMgk=VLeQLh0@WD2U2M|GO?O%7Xtr;}^gF|F-~|D-#8L?9f%B newNB`>Euf(*FNfBxv=fTl%}+;o{81_-*cmTrguwjJ4gK=5d6KH delta 5239 zcmW+(c_5Ts7r(<0LLy~Pucd@Avc-s$Aw|eKS+ZssYt}JlkflO)uV}~;+4p@b6~?}Y z*Oq0hO~#fOzUe#vJ@>iyoO{kazjJ=4yOAcUf+kL%Y2hp{3$uh@g=}>N5{9F>v|RND z7eI?`dPO_+`P#arzNqh4i}-O<24;L1ocHd?1XJxr z-ZGIlI%3}iS>y|Yx+n_7Ir6ZkGib<)Vt3Kslhf0TsN{z!0 z52o;xW;y$R&h))JuTx;c!*I>dsww&b;4%8PM{mYu2HDbp4(?=01yq?=j7`$9=JxoRlHc$j3@{obQ>&? z{=BZ55g;BYnzpNGtN^?6k9PBXb^VmLiA7EDo_|6l0T?*4{9RYKkds0% zPZ>pK+IBxddY|Z^f0)y-bN#43*S>xju76f~;)Yn?J)ho*gc1=wj~hn$!YFBgL2|5*IjrIcGXF8E zsQ+N%lv293md`oiem-(SN3!_Hv0qOL&>Gvnyj!E!jNvcu7s?{W^`b7&AEnXMIoXaM%iwp~>@J zfCOX@D+L!Yqo+)$HOo|7|Kl9&7607JS#f>`GPiJQ?OLxX5Fb<@h4;t>o7Z}p?S`Dmg`HVkJojo=W zU&VY1Z&qZBg}k_U!cY~?6wD@~f z!h2ok5@SCc0&vf0+^VyaA*{Y)cNz_U^<=qJa(}KW4VdPb^xF3*(?8vN2aSV_S4HTY zVx>fK3*olD+?v5<96dPOm|zNzg2F*2Yqgj|-zWZqsQDm7ypt^d7V}P6E=~=ATE!)0 z8dmY}D%TUZW>B-tYItAO=QIMR6wQGM6*azp?zE`K^BX()z1FzthnWo^;PB~a^s!YF9TWC5`=XB z$;n!?!#%j?Tgu`M4b1&+N~`glX>4_JE^JZMVG_~!%niAhaU(;c#6G3}$WQp2fw?vFcaRSHMfRQvQww>mo-yX2f#Il>+p;)kk6Ew6Gn zHhONp^bYP`faP9%RImMERt@!_PFUIUeTU=a)T^EK5uAI!r^nYf!_I#T&BJM%|W3MHaM64*k87wmCT`akG?wi zRKh<(WOAw(mQ)%K@yZt=GSUm(_4I@@u+4&7OKo4}`3T+s2vLE7cR| zd&;}Q=1DIPEcc=r?4wq`&)ca#4v4Z%s*^$lwH9W?yIzn>;b?dWfZz+yiN?GCi9^w_ zO(e8oIp$yN7^GYPqX0v0G2J^fnk_KrQ9`c%=qdW`PO7V(((j0(hN?4H;6(HYdb+KbkS%W<@7VqGN} z2t-ZEb8HZ2n+0ZT6Y04hH%2nYX%8)HI%Rm4QZW0B?h+HLYh?`+USCKBuprDtQwdqY zb3V$D^Pj0U?l(42>H~LNxK9c$G0s6Uv+7GiOh2q{O$V&N3Xa|TAN8e)E5+8h*bQPN zY_T8rBWm|+vzH61;}5x2I+X+F)?*1*7c4M~4|kujC{{y12kyY_6plT>(8AU6hihS| zfx1$ao@)w{;y)BclK^N>j`%WRVAsPwFSU&Fl-~XN-Y|?~I54KusmjvU#~41*Tj(e0 z^aRySoKB}9VI*G8;PYF_8rQcb5|V~_uvs5tIQ8g*^?teJUNKJZ7|(j;duv$;w(sIN zS16A>Rmu5r*b|gPtMetlEpt zwey{DW6Ke9%bu!Yol)63s|~rD+U-`K)K9Q4Z!@~gBg|)<#YLNsb|lf1mQOYM*h=dg-s$vI>~ zN+VNvDHAQ)(gV&1c_td@3B2Ed#&rXK?mq z{c7e+w#LvMGKX@oxSGlu&m-N=`b20p(et*J@Jni&_{Gj>Az7ToN6Tq%EL?sIXc#{7 z`;2BSv*+xzH5E61jiMv)sCemNS76>e?_%D?=@_5g`q$wBVa4&3f<8LNZUrjx)dKL% zz|wvw!JiGpVY^;dkj)hiik_H~I5JGOj^WL9kvyssefH4rOyXdk9^{gEsUAkxf9q}mo&t~&zny4U_H#i60 zyGnm+C@CrS)ptKK_rjhvjU}PP5ZbZGbr%aUDisCGRjA@?ix&Y^GGg7kpVkJuV=Q0i zkl-}6&tE+4iEo9zy%8x1q(5Id^LI~_YiF%!=*h-&tWu9vXJv}&!BWt5rK1|J__fOn zK#l1N3n=f9zWV_Jc9d0TRdnIqm-0FS#swE2MQ1`FSWy2sOVikkK|DHVBwC8avX(b` zdXiCHE9Y!k%`R9dzE7>L5hmM*+V4ekk^knN6b?q0QE5C_(EpDRvUtKT@?eJ)oSpFr7qA3nh@DyfJ>0BU^<@c%Szo>RGvoGlcx#Zg-o2nz*G8Qn9X8Fhi^X(E(pb#C1y z?PjNs*X`a}gWT>ToFLdqB+um`bN0eim-BuWOP9{F%nAb1H{+c33iHuYB86=TI-T zO=x4{t$+Vf`Vi(Hsh!7R8}nV-><|XfZkz|xI9wIk!hDtmfh%N!(RH3*t?YIJ2V4uV z!;?vVC3qGqo5rP{EVNd+XF+5?22dR@@t(?Y^|0;~EAB;zz%G&rp}ey{dsc{VB#go9hb~|u$>}%9tZS=QJhuBZ36EG^(NoSK$LC)MR93)%6E=*Z z{_se}c#<htU~@u5PC(i?XLDW~H=(RN^$q!9q{nfct(7A3xZdi|@fU6HY|fsFV6U zkNqQ#K!&@Zp5IPzH}Qy zMJV%-9#vyTKa*NfU#BTO)y)4zam{4Z=p-quL{5!50DgK)`~Ow)bWq9utS+zq)jCFB zY36V&ABa=GvKlEZfuWCMwCAG*?Oy{mGM{w9H?mLSGKo*6)D)=5kx<92DuGIby$`uX zF5ob8$w$$i4+8#sMyo$i6L{xRss;BMsu_^~G)6jLi4`+p_my*e7a9r#s#+yX`T7*)N?mef&DlbP;biWr3jK_K4oAZ80>Ez%IgLg zMi%2Zi1TZQw;7oJzUA-R;aLy@?sErYxDrOKZE7k?VfUyflk$b53#G9c*CxxpFSaOP zePaoLXr=WtXny(v-hU@KP)wMXuUBa5A9hCfYG!IX>8hU*<|!vejlMyc}7Q(!9Cljl>diPY&F)w=JbOHYE8`)l(2Y@5}T;Qx5O z<5^C*h^O;V$)NH-s>I!9$l@UJ=i%2S@|&Ub9)CjqzYGB1dFDa&gO@LiTNAMnbAO`^ zaMk{a+GctqzcLzS$aUjrB#R~Y_YXC-<8L`QEJ2OvBi0qFW*V- zdn2i&%Nk0p`wXeGn>E6w9K?Tb#AwT?l8P__w$r9RDPsyAmV)hztM`Wk3%xDpf78;0 ziUOQ^#5PkWwY`^%EV%Mwb8eR252+}dqtGKx{rDMm7w(%G3MnLr z^b+KT(Jdk3+gmG3$m&~_$AbWMW>wZgMZUydKeDP$*31aS*kY_;XAD*Tuq5mfx@~Yh zlRn)&e$R7bdM5r8tHpPR{Hdol&vZyKxV$-Ph}wl0nQivPF+CY{D-wy@8R`k|xVY3V aoSaqFJ0j3g0{&JipnXsGZs{HC(EkAmYX$EB diff --git a/website/EN/apps.html b/website/EN/apps.html index c831809c..227f8e75 100644 --- a/website/EN/apps.html +++ b/website/EN/apps.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,7 +144,8 @@ for the JavaScript code in this tag.

-
+

+

logo.png @@ -244,8 +153,6 @@ for the JavaScript code in this tag.

-

Apps

-

"In times of aggressive corporatization, increasing enclosure of communication spaces, and blanket surveillance, emancipatory communication practices appear to be particularly well suited to offer concrete alternatives to activists and citizens alike" – Stefania Milan @@ -256,7 +163,7 @@ for the JavaScript code in this tag. The base install of the system just contains an email server and Mutt client, but not much else. In addition from within the Administrator control panel under Add/remove apps the following are installable. This list only applies on the home server version, with the mesh network version having a different and smaller set of apps.

-
+

control_panel_apps.jpg @@ -265,9 +172,9 @@ The base install of the system just contains an email server and Mutt client, bu

-
-

Akaunting

-
+
+

Akaunting

+

A web based accounts system for small businesses or freelancers.

@@ -277,9 +184,9 @@ A web based accounts system for small businesses or freelancers.

-
-

BDS Mail

-
+
+

BDS Mail

+

It's like ordinary email, but with i2p as the transport mechanism.

@@ -289,9 +196,9 @@ It's like ordinary email, but with i

-
-

CryptPad

-
+
+

CryptPad

+

Collaborate on editing documents, presentations and source code, or vote on things. All with a good level of security.

@@ -301,9 +208,9 @@ Collaborate on editing documents, presentations and source code, or vote on thin

-
-

DLNA

-
+
+

DLNA

+

Enables you to use the system as a music server which any DLNA compatible devices can connect to within your home network.

@@ -313,9 +220,9 @@ Enables you to use the system as a music server which any DLNA compatible device

-
-

Dokuwiki

-
+
+

Dokuwiki

+

A databaseless wiki system.

@@ -325,9 +232,9 @@ A databaseless wiki system.

-
-

Edith

-
+
+

Edith

+

Extremely simple and distraction-free notes system.

@@ -337,9 +244,9 @@ Extremely simple and distraction-free notes system.

-
-

Emacs

-
+
+

Emacs

+

If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail.

@@ -349,9 +256,17 @@ If you use the Mutt client to read your email then this will set it up to use em

-
-

Etherpad

-
+
+

Email Server

+
+

+Since many apps require email registration an email server is installed by default. You can find advice on using the email system here. +

+
+
+
+

Etherpad

+

Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it.

@@ -361,9 +276,9 @@ Collaborate on creating documents in real time. Maybe you're planning a holiday

-
-

Federated wiki

-
+
+

Federated wiki

+

A new approach to creating wiki content.

@@ -373,9 +288,9 @@ A new approach to creating wiki content.

-
-

Friendica

-
+
+

Friendica

+

Federated social network system.

@@ -385,9 +300,9 @@ Federated social network system.

-
-

Ghost

-
+
+

Ghost

+

Modern looking blogging system.

@@ -397,9 +312,9 @@ Modern looking blogging system.

-
-

GNU Social

-
+
+

GNU Social

+

Federated social network based on the OStatus protocol. You can "remote follow" other users within the GNU Social federation.

@@ -409,9 +324,9 @@ Federated social network based on the OStatus protocol. You can "remote follo

-
-

Gogs

-
+
+

Gogs

+

Lightweight git project hosting system. You can mirror projects from Github, or if Github turns evil then just host your own projects while retaining the familiar fork-and-pull workflow. If you can use Github then you can also use Gogs.

@@ -421,9 +336,9 @@ Lightweight git project hosting system. You can mirror projects from Github, or

-
-

HTMLy

-
+
+

HTMLy

+

Databaseless blogging system. Quite simple and with a markdown-like format.

@@ -433,9 +348,9 @@ Databaseless blogging system. Quite simple and with a markdown-like format.

-
-

Hubzilla

-
+
+

Hubzilla

+

Web publishing platform with social network like features and good privacy controls so that it's possible to specify who can see which content. Includes photo albums, calendar, wiki and file storage.

@@ -445,9 +360,9 @@ Web publishing platform with social network like features and good privacy contr

-
-

Icecast media stream

-
+
+

Icecast media stream

+

Make your own internet radio station.

@@ -457,9 +372,9 @@ Make your own internet radio station.

-
-

IRC Server (ngirc)

-
+
+

IRC Server (ngirc)

+

Run your own IRC chat channel which can be secured with a password and accessible via an onion address. A bouncer is included so that you can receive messages sent while you were offline. Works with Hexchat and other popular clients.

@@ -469,18 +384,18 @@ Run your own IRC chat channel which can be secured with a password and accessibl

-
-

Jitsi Meet

-
+
+

Jitsi Meet

+

Experimental WebRTC video conferencing system, similar to Google Hangouts. This may not be fully functional, but is hoped to be in the near future.

-
-

KanBoard

-
+
+

KanBoard

+

A simple kanban system for managing projects or TODO lists.

@@ -490,9 +405,9 @@ A simple kanban system for managing projects or TODO lists.

-
-

Key Server

-
+
+

Key Server

+

An OpenPGP key server for storing and retrieving GPG public keys.

@@ -502,9 +417,9 @@ An OpenPGP key server for storing and retrieving GPG public keys.

-
-

Koel

-
+
+

Koel

+

Access your music collection from any internet connected device.

@@ -514,9 +429,9 @@ Access your music collection from any internet connected device.

-
-

Lychee

-
+
+

Lychee

+

Make your photo albums available on the web.

@@ -526,9 +441,9 @@ Make your photo albums available on the web.

-
-

Mailpile

-
+
+

Mailpile

+

Modern email client which supports GPG encryption.

@@ -538,9 +453,9 @@ Modern email client which supports GPG encryption.

-
-

Matrix

-
+
+

Matrix

+

Multi-user chat with some security and moderation controls.

@@ -550,9 +465,9 @@ Multi-user chat with some security and moderation controls.

-
-

Mediagoblin

-
+
+

Mediagoblin

+

Publicly host video and audio files so that you don't need to use YouTube/Vimeo/etc.

@@ -562,9 +477,9 @@ Publicly host video and audio files so that you don't need to use YouTube/Vimeo/

-
-

Mumble

-
+
+

Mumble

+

The popular VoIP and text chat system. Say goodbye to old-fashioned telephony conferences with silly dial codes. Also works well on mobile.

@@ -574,9 +489,9 @@ The popular VoIP and text chat system. Say goodbye to old-fashioned telephony co

-
-

NextCloud

-
+
+

NextCloud

+

Store files on your server and sync them with laptops or mobile devices. Includes many plugins including videoconferencing and collaborative document editing.

@@ -586,9 +501,9 @@ Store files on your server and sync them with laptops or mobile devices. Include

-
-

PeerTube

-
+
+

PeerTube

+

Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better enables the streaming load to be shared across servers.

@@ -598,9 +513,9 @@ Peer-to-peer video hosting. Similar to Mediagoblin, but the P2P aspect better en

-
-

PI-Hole

-
+
+

PI-Hole

+

The black hole for web adverts. Block adverts at the domain name level within your local network. It can significantly reduce bandwidth, speed up page load times and protect your systems from being tracked by spyware.

@@ -610,9 +525,9 @@ The black hole for web adverts. Block adverts at the domain name level within yo

-
-

Pleroma

-
+
+

Pleroma

+

Fediverse instance which is compatible with GNU Social and Mastodon, and suited for systems without much RAM or CPU resource.

@@ -622,9 +537,9 @@ Fediverse instance which is compatible with GNU Social and Mastodon, and suited

-
-

PostActiv

-
+
+

PostActiv

+

An alternative federated social networking system compatible with GNU Social, Pleroma and Mastodon. It includes some optimisations and fixes currently not available within the main GNU Social project.

@@ -634,9 +549,9 @@ An alternative federated social networking system compatible with GNU Social, Pl

-
-

PrivateBin

-
+
+

PrivateBin

+

A pastebin where the server has zero knowledge of the content being pasted.

@@ -646,9 +561,9 @@ A pastebin where the server has zero knowledge of the content being pasted.

-
-

Profanity

-
+
+

Profanity

+

A shell based XMPP client which you can run on the Freedombone server via ssh.

@@ -658,9 +573,9 @@ A shell based XMPP client which you can run on the Freedombone server via ssh.

-
-

Riot Web

-
+
+

Riot Web

+

A browser based user interface for the Matrix federated communications system, including WebRTC audio and video chat.

@@ -670,9 +585,9 @@ A browser based user interface for the Matrix federated communications system, i

-
-

SearX

-
+
+

SearX

+

A metasearch engine for customised and private web searches.

@@ -682,9 +597,9 @@ A metasearch engine for customised and private web searches.

-
-

tt-rss

-
+
+

tt-rss

+

Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "the right to read" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.

@@ -694,9 +609,9 @@ Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via a

-
-

Syncthing

-
+
+

Syncthing

+

Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.

@@ -706,9 +621,9 @@ Possibly the best way to synchronise files across all of your devices. Once it h

-
-

Tahoe-LAFS

-
+
+

Tahoe-LAFS

+

Robust and encrypted storage of files on one or more server.

@@ -718,9 +633,9 @@ Robust and encrypted storage of files on one or more server.

-
-

Tox

-
+
+

Tox

+

Client and bootstrap node for the Tox chat/VoIP system.

@@ -730,9 +645,9 @@ Client and bootstrap node for the Tox chat/VoIP system.

-
-

Turtl

-
+
+

Turtl

+

A system for privately creating and sharing notes and images, similar to Evernote but without the spying.

@@ -742,18 +657,18 @@ A system for privately creating and sharing notes and images, similar to Evernot

-
-

Vim

-
+
+

Vim

+

If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.

-
-

Virtual Private Network (VPN)

-
+
+

Virtual Private Network (VPN)

+

Set up a VPN on your server so that you can bypass local internet censorship.

@@ -763,9 +678,9 @@ Set up a VPN on your server so that you can bypass local internet censorship.

-
-

XMPP

-
+
+

XMPP

+

Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as client state notification to save battery power on your mobile devices, support for seamless roaming between networks and message carbons so that you can receive the same messages while being simultaneously logged in to your account on more than one device.

diff --git a/website/EN/fediverse.html b/website/EN/fediverse.html index e42ef356..795e80b9 100644 --- a/website/EN/fediverse.html +++ b/website/EN/fediverse.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,7 +144,8 @@ for the JavaScript code in this tag.
-
+

+

logo.png @@ -244,77 +153,83 @@ for the JavaScript code in this tag.

-
-

Homesteading the Fediverse

-
+
+

+Homesteading the Fediverse +

+

Some things you might want to know about the Fediverse:

-
-

Federation as a concept

-
+
+

Federation as a concept

+

-The political definition of a federation is "a union of partially self-governing states or regions under a central (federal) government". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elemantary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code. +The political definition of a federation is "a union of partially self-governing states or regions under a central (federal) government". The fediverse isn't exactly like that, in that there is no federal government. However there are protocols which govern the communication between instances and that might be analogized to being a sort of elementary constitution or mutual agreement binding all participants together. The protocols are merely ways of moving data around though, and don't impose any sort of moral code.

-
-

Keep the number of users on each server small

-
+
+

Keep the number of users on each server small

+

The importance of this can't be overstated. Servers with lots of users always eventually have problems where the interests of the users are not the same as the interests of the server administrator. If you are the server administrator, or if there are only a small squad-size group of people on the server, then it's a lot easier to resolve differences and everyone's interests are likely to be similar.

-
-

Drama will happen

-
+
+

Drama will happen

+

It's inevitable in any social network, but fortunately your options for dealing with it are better than they are in the giant proprietary monoliths. In the proprietary world Google or Facebook don't give a damn about the fate of individual users. On a server with a small number of users if you're getting griefed then the administrator is likely to care and be able to do something about it.

-
-

Don't be afraid to block

-
+
+

Don't be afraid to block

+

Especially if other servers are publishing content which may not be legal in your jurisdiction then don't be afraid to use domain or user blocking from the Administrator control panel. The same applies if users on other servers are trying to harass you. Blocking creates politics and drama but this is a feature not a bug. It allows you to craft your own distinct community and user experience while also existing in the wider federation. It's hard to do this on sites like Twitter or Facebook. Try to keep blocking to a minimum though and avoid doing it for insubstantial reasons. If you have other users on your server then publish the blocked domains list somewhere they can see. That avoids disappointment and enables you to have a discussion about the validity of blocking decisions.

-
-

Network structure maps on to social structure

-
+
+

Network structure maps on to social structure

+

Over time follows and blocking rules come to match the underlying social geography of affinity groups. Blocking will happen and users will move around or start new servers. Drama related to blocking will dissipate.

-
-

Keep your follows under the Dunbar number

-
+
+

Keep your follows under the Dunbar number

+

-Keep the number of other users you're following and who are also active to under a couple of hundred. Any more than that and you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will dissolve in a sea of entropy. There are no algorithmic timelines, and even if they're introduced then they create their own problems as an opaque form of censorship. Real community happens at tribal scale. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true. +Keep the number of other frequently active users you're following to under a couple of hundred. Your actual number of follows might be larger than this but could include users who rarely post anything. +

+ +

+Once there are more than a couple of hundred highly active users in your timeline then you'll just be overwhelmed by irrelevant stuff and whatever community you may have been part of will be drowned in the entropy. There are no algorithmic timelines to hide posts, and even if they're introduced then they create their own problems as an opaque form of censorship. Real community happens at tribal scale. It's something which people often don't like to admit because they get fixated upon bigger and bigger numbers, but it definitely seems to be true.

-
-

Avoid big public servers

-
+
+

Avoid big public servers

+

It may seem like a good idea and it may seem like you're doing a service to the community by allowing random strangers to register, but servers with thousands of users only cause problems - social, administrative, financial and possibly also legal. The financial strain of running a powerful server with high reliability may be enough to encourage the administrator to begin pushing advertising onto the system, or sell user content, and then before you know it you have identical problems to Twitter. Instead try to encourage people to set up their own servers. Follow this principle and a lot of arguments and stress will be more easily avoided.

-
+

This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the GNU Free Documentation License version 1.3

diff --git a/website/EN/index.html b/website/EN/index.html index a9c57b09..9249cee9 100644 --- a/website/EN/index.html +++ b/website/EN/index.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - - + + + + + - + @@ -189,7 +97,7 @@ @licstart The following is the entire license notice for the JavaScript code in this tag. -Copyright (C) 2012-2017 Free Software Foundation, Inc. +Copyright (C) 2012-2013 Free Software Foundation, Inc. The JavaScript code in this tag is free software: you can redistribute it and/or modify it under the terms of the GNU @@ -236,7 +144,8 @@ for the JavaScript code in this tag.
-
+

+

logo.png bbb3.png @@ -282,14 +191,23 @@ After installation it's possible that you might want some advice on how to run y

+

If you find bugs, or want to add a new app to this system see the Developers Guide and Code of Conduct. There is a Matrix chat room available at #fbone:matrix.freedombone.net.

@@ -298,7 +216,7 @@ If you find bugs, or want to add a new app to this system see the available here.

-
+

This site can also be accessed via a Tor browser at http://yjxlc3imv7obva4grjae6u3qw527koaytrgjgdp364hmthrst3jodiid.onion. This documentation is under the GNU Free Documentation License version 1.3

diff --git a/website/EN/security.html b/website/EN/security.html new file mode 100644 index 00000000..4d2656de --- /dev/null +++ b/website/EN/security.html @@ -0,0 +1,250 @@ + + + + + + + + + + + + + + + + +
+ +
+
+

+
+ +
+

logo.png +

+
+
+ +
+

Authentication with keys

+
+

+It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running: +

+ +
+ +
freedombone-client
+
+
+ +

+On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then: +

+ +
+ssh myusername@freedombone.local -p 2222
+
+ +

+Select Administrator controls and re-enter your password, then Manage Users and Change user ssh public key. Copy and paste the ssh public keys which appeared after the freedombone-client command was run. Then go to Security settings and select Allow ssh login with passwords followed by no. +

+ +

+You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to. +

+
+
+
+

Administrating the system via an onion address (Tor)

+
+

+You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following: +

+ +
+ +
ssh username@freedombone.local -p 2222
+
+
+ +

+Select Administrator controls then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following on your local system: +

+ +
+ +
freedombone-client
+
+
+ +

+This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with: +

+ +
+ +
ssh username@address.onion -p 2222
+
+
+ +

+Subsequently even if dynamic DNS isn't working you may still be able to administer your system. Using the onion address also gives you some degree of protection against corporate or government metadata analysis, since it becomes more difficult to passively detect which systems are communicating. +

+
+
+
+
+ + + + +
+ + diff --git a/website/EN/usage_email.html b/website/EN/usage_email.html index 45dfc6d6..28b814e9 100644 --- a/website/EN/usage_email.html +++ b/website/EN/usage_email.html @@ -3,33 +3,26 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - - - - - - + + + + - + @@ -235,7 +144,8 @@ for the JavaScript code in this tag.
-
+

+

logo.png @@ -243,66 +153,62 @@ for the JavaScript code in this tag.

-
-

Email

-
- -+ - + - + - + - + - + - + - + - + - + - + - +
Things to be aware ofThings to be aware of
A technical note about email transport securityA technical note about email transport security
Add a password to your GPG keyAdd a password to your GPG key
Publishing your GPG public keyPublishing your GPG public key
Mutt email clientMutt email client
Thunderbird/IcedoveThunderbird/Icedove
K9 Android clientAndroid apps
Subscribing to mailing listsSubscribing to mailing lists
Adding email addresses to a group/folderAdding email addresses to a group/folder
Ignoring incoming emailsIgnoring incoming emails
Your own mailing listUsing I2P for email transport
-
-

Things to be aware of

-
+
+

Things to be aware of

+

Even though this system makes it easy to set up an email server, running your own email system is still not easy and this is mainly due to the huge amount of collatoral damage caused by spammers over a long period of time, which in turn is due to the inherent insecurity of email protocols which enabled spam to become a big problem. Email is still very popular though and most internet services require that you have an email address in order to register.

@@ -316,9 +222,9 @@ So if you want to use your own email address hosted on your own system you do ne

-
-

A technical note about email transport security

-
+
+

A technical note about email transport security

+

Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are possible attacks against STARTTLS in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.

@@ -329,25 +235,26 @@ From http

-The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor +The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor

-
-

Add a password to your GPG key

-
+
+

Add a password to your GPG key

+

If you didn't use existing GPG keys during the Freedombone installation then you'll need to add a password to your newly generated private key. This is highly recommended. Go through the following sequence of commands to ssh into the Freedombone and then change your GPG password.

+
ssh username@domainname -p 2222
 gpg --edit-key username@domain
 passwd
 save
 quit
-exit
+exit
 
@@ -357,25 +264,26 @@ Having a password on your GPG key will prevent someone from reading your email <
-
-

Publishing your GPG public key

-
+
+

Publishing your GPG public key

+

If you havn't already then you should publish your GPG public key so that others can find it.

+
ssh username@domainname -p 2222
 gpg --send-keys username@domainname
-exit
+exit
 
-
-

Mutt email client

-
-
+
+

Mutt email client

+
+

mutt.jpeg @@ -388,6 +296,7 @@ Mutt is a terminal based email client which comes already installed onto the Fre

+
ssh username@domainname -p 2222
 
@@ -408,124 +317,124 @@ Some useful keys to know are: - + - + -"/" -Search for text within headers +"/" +Search for text within headers -* -Move to the last message +* +Move to the last message -TAB -Move to the next unread message +TAB +Move to the next unread message -d -Delete a message +d +Delete a message -u -Undelete a mail which is pending deletion +u +Undelete a mail which is pending deletion -$ -Delete all messages selected and check for new messages +$ +Delete all messages selected and check for new messages -a -Add to the address book +a +Add to the address book -m -Send a new mail +m +Send a new mail -ESC-m -Mark all messages as having been read +ESC-m +Mark all messages as having been read -S -Mark a message as spam +S +Mark a message as spam -H -Mark a message as ham +H +Mark a message as ham -CTRL-b -Toggle side bar on/off +CTRL-b +Toggle side bar on/off -CTRL-n -Next mailbox (on side bar) +CTRL-n +Next mailbox (on side bar) -CTRL-p -Previous mailbox (on side bar) +CTRL-p +Previous mailbox (on side bar) -CTRL-o -Open mailbox (on side bar) +CTRL-o +Open mailbox (on side bar) -r -Reply to an email +r +Reply to an email -L -Reply to a mailing list email +L +Reply to a mailing list email -] -Expand or collapse all threads +] +Expand or collapse all threads -[ -Expand of collapse the current thread +[ +Expand of collapse the current thread -CTRL-k -Import a PGP/GPG public key +CTRL-k +Import a PGP/GPG public key -v -View current email in different formats, such as HTML +v +View current email in different formats, such as HTML -CTRL-u -View long URLs +CTRL-u +View long URLs -q -Quit +q +Quit @@ -548,9 +457,9 @@ There is one irksome thing about email within mutt, and that's if you get sent a
-
-

Thunderbird/Icedove

-
+
+

Thunderbird/Icedove

+

Another common way in which you may want to access email is via Thunderbird (also known as Icedove on Debian). This may be especially useful if you're trying to convert former Windows users who may previously have been using some version of Outlook.

@@ -560,9 +469,9 @@ The following instructions should be carried out on the client machines (laptop,

-
-

Initial setup

-
+
+

Initial setup

+

Install Thunderbird and Enigmail. How you do this just depends upon your distro and software manager or "app store".

@@ -588,9 +497,12 @@ The settings should be as follows, substituting mydomainname.com for your

    -
  • Incoming: IMAP, mydomainname.com, 993, SSL/TLS, Normal Password
  • -
  • Outgoing: SMTP, mydomainname.com, 465, SSL/TLS, Normal Password
  • -
  • Username: myusername
  • +
  • Incoming: IMAP, mydomainname.com, 993, SSL/TLS, Normal Password +
  • +
  • Outgoing: SMTP, mydomainname.com, 465, SSL/TLS, Normal Password +
  • +
  • Username: myusername +

@@ -618,14 +530,15 @@ Select "yes" to change default settings.

-
-

Import your GPG keys

-
+
+

Import your GPG keys

+

On the Freedombone export your GPG public and private keys.

+
ssh username@domainname -p 2222
 gpg --list-keys username@domainname
 gpg --output ~/public_key.gpg --armor --export KEY_ID
@@ -638,6 +551,7 @@ On your laptop or desktop you can import the keys with:
 

+
scp -P 2222 username@domain:/home/username/*.gpg ~/
 
@@ -659,6 +573,7 @@ Remove your exported key files, both on your laptop/desktop and also on the Free

+
shred -zu ~/public_key.gpg
 shred -zu ~/private_key.gpg
 
@@ -666,9 +581,9 @@ shred -zu ~/private_key.gpg
-
-

Using for the first time

-
+
+

Using for the first time

+

Click on the Thunderbird menu, which looks like three horizontal bars on the right hand side.

@@ -703,9 +618,9 @@ Get into the habit of using email encryption and encourage others to do so. Rem
-
-

Making folders visible

-
+
+

Making folders visible

+

By default you won't be able to see any folders which you may have created earlier using the mailinglistrule script. To make folders visible select:

@@ -721,312 +636,23 @@ Make sure that "show only subscribed folders" is not checked. Then click
-
-

K9 Android client

-
-
-

A point about GPG on Android

-
+
+

Android apps

+

-Before trying to set up email on Android you may want to consider whether you really need to do this. Android (and its variants) is not a particularly secure operating system and whether or not you wish to store GPG keys on it depends on your threat model and in what situations you'll be using your device. -

- -

-If you are going to use email on an Android device then ensure that you have full encryption enabled via the security settings, so that if you subsequently lose it, or if it gets stolen, the chances of encryption keys being exposed are minimised. +Mobile devices have a reputation for being quite insecure, so it's recommended that you don't store emails or GPG keys on your phone. Instead install Mailpile and access your email via the webmail interface.

-
-

Compiling the development version

-
-

-To get K9 working with Freedombone you'll need to install development versions of OpenKeychain and K9. At the time of writing the versions available in F-Droid do not support PGP/MIME or the "hidden recipient" feature of GPG. It is hoped that at some stage the patches will be integrated into the mainline or functionally equivalent changes made. Admittedly, this is not at all user friendly, but currently it's the only way to read Freedombone email on Android systems. -

- -

-Build script for OpenKeychain: -

- -
-
mkdir ~/develop
-cd ~/develop
-git clone https://github.com/bashrc/open-keychain
-cd open-keychain
-git checkout origin/bashrc/hidden-recipient-minimal
-git checkout -b bashrc/hidden-recipient-minimal
-cd tools
-nano build.sh
-
-
- -

-Then add the following: -

- -
-
#!/bin/bash
-
-# This script is intended to be used on Debian systems for building
-# the project. It has been tested with Debian 8
-
-USERNAME=$USER
-SIGNING_NAME='openkeychain'
-SDK_VERSION='r23.3.4'
-SDK_DIR=$HOME/android-sdk
-
-cd ..
-
-PROJECT_HOME=$(pwd)
-
-sudo apt-get install build-essential default-jdk \
-     lib32stdc++6 lib32z1 lib32z1-dev
-
-if [ ! -d $SDK_DIR ]; then
-    mkdir -p $SDK_DIR
-fi
-cd $SDK_DIR
-
-# download the SDK
-if [[ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]]; then
-    wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz
-fi
-tar -xzvf android-sdk_$SDK_VERSION-linux.tgz
-SDK_DIR=$SDK_DIR/android-sdk-linux
-
-echo 'Check that you have the SDK tools installed for Android 22, SDK 21.1.2'
-
-export ANDROID_HOME=$SDK_DIR
-echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties
-export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools
-
-cd $SDK_DIR/tools
-./android sdk
-
-if [ ! -f $SDK_DIR/tools/android ]; then
-    echo "$SDK_DIR/tools/android not found"
-    exit -1
-fi
-cd $SDK_DIR
-chmod -R 0755 $SDK_DIR
-chmod a+rx $SDK_DIR/tools
-
-# android sdk
-cd $PROJECT_HOME
-git submodule init && git submodule update
-
-if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then
-    echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found"
-    exit -2
-fi
-. $PROJECT_HOME/gradlew assembleDebug
-
-# cleaning up
-cd $PROJECT_HOME/OpenKeychain/build/outputs/apk
-if [ ! -f OpenKeychain-debug.apk ]; then
-    echo 'OpenKeychain-debug.apk was not found'
-    exit -3
-fi
-
-echo 'Build script ended successfully'
-echo -n 'apk is available at: '
-echo "$PROJECT_HOME/OpenKeychain/build/outputs/apk/OpenKeychain-debug.apk"
-exit 0
-
-
- -

-Save and exit with CTRL-o, CTRL-x. -

- -
-
chmod +x build.sh
-./build.sh
-
-
- -

-Build script for K9: -

- -
-
cd ~/develop
-git clone https://github.com/k9mail/k-9
-cd k-9
-cd tools
-nano build.sh
-
-
- -

-Then add the following: -

- -
-
#!/bin/bash
-
-# This script is intended to be used on Debian systems for building
-# the project. It has been tested with Debian 8
-
-USERNAME=$USER
-SIGNING_NAME='k-9'
-SDK_VERSION='r24.3.3'
-SDK_DIR=$HOME/android-sdk
-
-cd ..
-
-PROJECT_HOME=$(pwd)
-
-sudo apt-get install build-essential default-jdk \
-     lib32stdc++6 lib32z1 lib32z1-dev
-
-if [ ! -d $SDK_DIR ]; then
-    mkdir -p $SDK_DIR
-fi
-cd $SDK_DIR
-
-# download the SDK
-if [ ! -f $SDK_DIR/android-sdk_$SDK_VERSION-linux.tgz ]; then
-    wget https://dl.google.com/android/android-sdk_$SDK_VERSION-linux.tgz
-    tar -xzvf android-sdk_$SDK_VERSION-linux.tgz
-fi
-SDK_DIR=$SDK_DIR/android-sdk-linux
-
-echo 'Check that you have the SDK tools installed for Android 17, SDK 19.1'
-if [ ! -f $SDK_DIR/tools/android ]; then
-    echo "$SDK_DIR/tools/android not found"
-    exit -1
-fi
-cd $SDK_DIR
-chmod -R 0755 $SDK_DIR
-chmod a+rx $SDK_DIR/tools
-
-ANDROID_HOME=$SDK_DIR
-echo "sdk.dir=$SDK_DIR" > $ANDROID_HOME/local.properties
-PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools
-
-android sdk
-cd $PROJECT_HOME
-
-if [ ! -f $SDK_DIR/tools/templates/gradle/wrapper/gradlew ]; then
-    echo "$SDK_DIR/tools/templates/gradle/wrapper/gradlew not found"
-    exit -2
-fi
-. $PROJECT_HOME/gradlew assembleDebug
-
-# cleaning up
-cd $PROJECT_HOME/k9mail/build/outputs/apk
-if [ ! -f k9mail-debug.apk ]; then
-    echo 'k9mail-debug.apk was not found'
-    exit -3
-fi
-echo 'Build script ended successfully'
-echo -n 'apk is available at: '
-echo "$PROJECT_HOME/k9mail/build/outputs/apk/k9mail-debug.apk"
-exit 0
-
-
- -

-Save and exit with CTRL-o, CTRL-x. -

- -
-
chmod +x build.sh
-./build.sh
-
-
-
-
- -
-

Import your GPG key into OpenKeychain

-
-

-With your device connected to a laptop via USB cable and with USB debugging enabled on it: -

- -
-
ssh username@domainname -p 2222
-gpg --list-keys username@domainname
-gpg --output ~/public_key.gpg --armor --export KEY_ID
-gpg --output ~/private_key.gpg --armor --export-secret-key KEY_ID
-cat ~/public_key.gpg ~/private_key.gpg > ~/mygpgkey.asc
-exit
-scp -P 2222 username@domainname:/home/username/mygpgkey.asc ~/
-sudo apt-get install android-tools-adb
-push ~/mygpgkey.asc /sdcard/
-shred -zu ~/mygpgkey.asc
-
-
- -

-Then on your device select OpenKeychain and import your key from file. -

-
-
-
-

Incoming server settings

-
-
    -
  • Select settings/account settings
  • -
  • Select Fetching mail/incoming server
  • -
  • Enter your username and password
  • -
  • IMAP server should be your domain name
  • -
  • Security: SSL/TLS (always)
  • -
  • Authentication: Plain
  • -
  • Port: 993
  • -
-
-
-
-

Outgoing (SMTP) server settings

-
-
    -
  • Select settings/account settings
  • -
  • Select Sending mail/outgoing server
  • -
  • Set SMTP server to your domain name
  • -
  • Set Security to SSL/TLS (always)
  • -
  • Set port to 465
  • -
  • Set authentication to PLAIN
  • -
  • Enter your username and password
  • -
  • Accept the SSL certificate
  • -
-
-
-
-

Crypto settings

-
-

-Select settings, Account settings, OpenKeychain and then select your key and press Allow. You should now be able to decrypt emails by entering your GPG passphrase. -

- -

-You may also want to change the amount of time for which passwords are remembered, so that you don't need to enter your passphrase very often. -

-
-
-
-

Folders

-
-

-To view any new folders which you may have created using the mailinglistrule script from your inbox press the K9 icon at the top left to access folders, then press the menu button and select refresh folder list. -

- -

-If your folder still doesn't show up then press the menu button, select show folders and select all folders. -

-
-
-
- -
-

Subscribing to mailing lists

-
+
+

Subscribing to mailing lists

+

To subscribe to a mailing list log in as your user (i.e. not the root user).

+
ssh username@domainname -p 2222
 
@@ -1036,14 +662,15 @@ Select Administrator controls then Email filtering rules then A

-
-

Adding email addresses to a group/folder

-
+
+

Adding email addresses to a group/folder

+

Similar to adding mailing list folders you can also add specified email addresses into a group/folder.

+
ssh username@domainname -p 2222
 
@@ -1053,14 +680,15 @@ Select Administrator controls then Email filtering rules then A

-
-

Ignoring incoming emails

-
+
+

Ignoring incoming emails

+

It is possible to ignore incoming emails if they are from a particular email address or if the subject line contains particular text.

+
ssh username@domainname -p 2222
 
@@ -1070,29 +698,12 @@ Select Administrator controls then Email filtering rules then B

-
-

Your own mailing list

-
+
+

Using I2P for email transport

+

-If you want to set up a public mailing list then when installing the system remember to set the PUBLIC_MAILING_LIST variable within freedombone.cfg to the name of your list. The name should have no spaces in it. Public mailing lists are unencrypted so anyone will be able to read the contents, including non subscribers. +For the most paranoid use cases it is also possible to use I2P as an email transport mechanism. This will of course require the people you're communicating with to have a similar setup in place. For details see the bdsmail app. An advantage of this is that it's very unlikely that your email will get blocked. The disadvantage is that few others will be capable of receiving email this way, and it's only really usable via the Mutt email client.

- -

-To subscribe to your list send a cleartext email to: -

- -
-
mymailinglistname+subscribe@domainname
-
-
- -

-Tip: When using the Mutt email client if you want to send an email in cleartext then press p (for PGP) on the sending screen and select clear. Unsecure email is treated as being the exception rather than the default. -

- -
-Return to the home page -
diff --git a/website/EN/users.html b/website/EN/users.html new file mode 100644 index 00000000..5532e051 --- /dev/null +++ b/website/EN/users.html @@ -0,0 +1,201 @@ + + + + + + + + + + + + + + + + +
+
+

+
+ +
+

logo.png +

+
+
+ +

+Log into the system with: +

+ +
+ +
ssh username@domainname -p 2222
+
+
+ +

+Select Administrator controls then User Management. +

+ + +
+

control_panel_manage_users.jpg +

+
+
+
+ +