Add documentation for turtl

This commit is contained in:
Bob Mottram 2016-12-20 16:16:37 +00:00
parent 667a4517d9
commit 0491cd0150
7 changed files with 505 additions and 144 deletions

50
doc/EN/app_turtl.org Normal file
View File

@ -0,0 +1,50 @@
#+TITLE:
#+AUTHOR: Bob Mottram
#+EMAIL: bob@freedombone.net
#+KEYWORDS: freedombone, turtl, notes, images, sharing
#+DESCRIPTION: How to use Ghost
#+OPTIONS: ^:nil toc:nil
#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
#+BEGIN_CENTER
[[file:images/logo.png]]
#+END_CENTER
#+BEGIN_EXPORT html
<center>
<h1>Turtl</h1>
</center>
#+END_EXPORT
Turtl is a system for privately creating and sharing notes and images, similar to Evernote. It can be set up so that a small number of users on the server can share their notes in a convenient way. It doesn't have any web user interface, and you need to install native clients on mobile or laptop/desktop machines.
Since the data at rest is stored in PGP encrypted format this is a good system to use in cases where security really is a critical factor.
#+BEGIN_CENTER
[[file:images/turtl.jpg]]
#+END_CENTER
* Installation
Log into your system with:
#+begin_src bash
ssh myusername@mydomain -p 2222
#+end_src
Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password.
Select *Add/Remove Apps* then *turtl*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /notes.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for Turtl. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message.
* Initial setup
The most common use case will be with Android devices. The Android app isn't currently available within F-droid (see [[https://turtlapp.com/faq][the FAQ]] for details) but can be [[https://turtlapp.com/download/][downloaded from the Turtl site]].
Run the app then at the bottom of the screen select *advanced settings* and enter your turl domain name, then register a new account. The password can be anything you choose, but since the client side encryption depends upon having a good password make it a long random string generated by a password manager such as KeepassX.
You should then be able to log in and start using the app. You might also want to invite any other users of your Freedombone system to also sign up using the turtl domain name which you specified during installation.
* Locking it down
Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the *administrator control panel* and select *App Settings* then *turtl*. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups later.

View File

@ -103,6 +103,10 @@ Possibly the best way to synchronise files across all of your devices. Once it h
Client and bootstrap node for the Tox chat/VoIP system.
[[./app_tox.html][How to use it]]
* Turtl
A system for privately creating and sharing notes and images, similar to Evernote but without the spying.
[[./app_turtl.html][How to use it]]
* Vim
If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.

View File

@ -16,8 +16,7 @@
</center>
#+END_EXPORT
| [[Readme]] |
| [[Improving ssh security]] |
| [[Improving security]] |
| [[Administrating the system via an onion address (Tor)]] |
| [[./mobile.html][Mobile advice]] |
| [[./usage_email.html][Using Email]] |
@ -41,6 +40,7 @@
| [[./app_gogs.html][Git Projects]] |
| [[Adding or removing users]] |
| [[./app_pihole.html][Blocking Ads]] |
| [[./app_turtl.html][Making and sharing notes and images]] |
* Improving security
It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running:

BIN
img/turtl.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

345
website/EN/app_turtl.html Normal file
View File

@ -0,0 +1,345 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-12-20 Tue 16:08 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="How to use Ghost"
/>
<meta name="keywords" content="freedombone, turtl, notes, images, sharing" />
<style type="text/css">
<!--/*--><![CDATA[/*><!--*/
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #ccc;
box-shadow: 3px 3px 3px #eee;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: visible;
padding-top: 1.2em;
}
pre.src:before {
display: none;
position: absolute;
background-color: white;
top: -10px;
right: 10px;
padding: 3px;
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="freedombone.css" />
<script type="text/javascript">
/*
@licstart The following is the entire license notice for the
JavaScript code in this tag.
Copyright (C) 2012-2013 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
General Public License (GNU GPL) as published by the Free Software
Foundation, either version 3 of the License, or (at your option)
any later version. The code is distributed WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
As additional permission under GNU GPL version 3 section 7, you
may distribute non-source (e.g., minimized or compacted) forms of
that code without the copy of the GNU GPL normally required by
section 4, provided you include this license notice and a URL
through which recipients can access the Corresponding Source.
@licend The above is the entire license notice
for the JavaScript code in this tag.
*/
<!--/*--><![CDATA[/*><!--*/
function CodeHighlightOn(elem, id)
{
var target = document.getElementById(id);
if(null != target) {
elem.cacheClassElem = elem.className;
elem.cacheClassTarget = target.className;
target.className = "code-highlighted";
elem.className = "code-highlighted";
}
}
function CodeHighlightOff(elem, id)
{
var target = document.getElementById(id);
if(elem.cacheClassElem)
elem.className = elem.cacheClassElem;
if(elem.cacheClassTarget)
target.className = elem.cacheClassTarget;
}
/*]]>*///-->
</script>
</head>
<body>
<div id="preamble" class="status">
<a name="top" id="top"></a>
</div>
<div id="content">
<div class="org-center">
<div class="figure">
<p><img src="images/logo.png" alt="logo.png" />
</p>
</div>
</div>
<center>
<h1>Turtl</h1>
</center>
<p>
Turtl is a system for privately creating and sharing notes and images, similar to Evernote. It can be set up so that a small number of users on the server can share their notes in a convenient way. It doesn't have any web user interface, and you need to install native clients on mobile or laptop/desktop machines.
</p>
<p>
Since the data at rest is stored in PGP encrypted format this is a good system to use in cases where security really is a critical factor.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/turtl.jpg" alt="turtl.jpg" />
</p>
</div>
</div>
<div id="outline-container-org8b85948" class="outline-2">
<h2 id="org8b85948">Installation</h2>
<div class="outline-text-2" id="text-org8b85948">
<p>
Log into your system with:
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh myusername@mydomain -p 2222
</pre>
</div>
<p>
Using cursor keys, space bar and Enter key select <b>Administrator controls</b> and type in your password.
</p>
<p>
Select <b>Add/Remove Apps</b> then <b>turtl</b>. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under <b>Dynamic DNS</b> on the FreeDNS site (the random string from "<i>quick cron example</i>" which appears after <i>update.php?</i> and before <i>&gt;&gt;</i>). For more details on obtaining a domain and making it accessible via dynamic DNS see the <a href="./faq.html">FAQ</a>. Typically the domain name you use will be a subdomain, such as <i>notes.mydomainname.net</i>. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
</p>
<p>
After the install has completed go to <b>Security settings</b> and select <b>Create a new Let's Encrypt certificate</b> and enter the domain name that you are using for Turtl. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message.
</p>
</div>
</div>
<div id="outline-container-org2839574" class="outline-2">
<h2 id="org2839574">Initial setup</h2>
<div class="outline-text-2" id="text-org2839574">
<p>
The most common use case will be with Android devices. The Android app isn't currently available within F-droid (see <a href="https://turtlapp.com/faq">the FAQ</a> for details) but can be <a href="https://turtlapp.com/download/">downloaded from the Turtl site</a>.
</p>
<p>
Run the app then at the bottom of the screen select <b>advanced settings</b> and enter your turl domain name, then register a new account. The password can be anything you choose, but since the client side encryption depends upon having a good password make it a long random string generated by a password manager such as KeepassX.
</p>
<p>
You should then be able to log in and start using the app. You might also want to invite any other users of your Freedombone system to also sign up using the turtl domain name which you specified during installation.
</p>
</div>
</div>
<div id="outline-container-org0637f00" class="outline-2">
<h2 id="org0637f00">Locking it down</h2>
<div class="outline-text-2" id="text-org0637f00">
<p>
Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the <b>administrator control panel</b> and select <b>App Settings</b> then <b>turtl</b>. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups later.
</p>
</div>
</div>
</div>
<div id="postamble" class="status">
<style type="text/css">
.back-to-top {
position: fixed;
bottom: 2em;
right: 0px;
text-decoration: none;
color: #000000;
background-color: rgba(235, 235, 235, 0.80);
font-size: 12px;
padding: 1em;
display: none;
}
.back-to-top:hover {
background-color: rgba(135, 135, 135, 0.50);
}
</style>
<div class="back-to-top">
<a href="#top">Back to top</a> | <a href="mailto:bob@freedombone.net">E-mail me</a>
</div>
</div>
</body>
</html>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-11-28 Mon 19:23 -->
<!-- 2016-12-20 Tue 15:34 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -263,9 +263,9 @@ The base install of the system just contains an email server and Mutt client, bu
</div>
</div>
<div id="outline-container-orgc561169" class="outline-2">
<h2 id="orgc561169">DLNA</h2>
<div class="outline-text-2" id="text-orgc561169">
<div id="outline-container-org06af72a" class="outline-2">
<h2 id="org06af72a">DLNA</h2>
<div class="outline-text-2" id="text-org06af72a">
<p>
Enables you to use the system as a music server which any DLNA compatible devices can connect to within your home network.
</p>
@ -275,9 +275,9 @@ Enables you to use the system as a music server which any DLNA compatible device
</p>
</div>
</div>
<div id="outline-container-org76beeab" class="outline-2">
<h2 id="org76beeab">Dokuwiki</h2>
<div class="outline-text-2" id="text-org76beeab">
<div id="outline-container-org82e3b5a" class="outline-2">
<h2 id="org82e3b5a">Dokuwiki</h2>
<div class="outline-text-2" id="text-org82e3b5a">
<p>
A databaseless wiki system.
</p>
@ -287,9 +287,9 @@ A databaseless wiki system.
</p>
</div>
</div>
<div id="outline-container-org7af6c69" class="outline-2">
<h2 id="org7af6c69">Emacs</h2>
<div class="outline-text-2" id="text-org7af6c69">
<div id="outline-container-org9c90fa1" class="outline-2">
<h2 id="org9c90fa1">Emacs</h2>
<div class="outline-text-2" id="text-org9c90fa1">
<p>
If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail.
</p>
@ -299,9 +299,9 @@ If you use the Mutt client to read your email then this will set it up to use em
</p>
</div>
</div>
<div id="outline-container-org14afa61" class="outline-2">
<h2 id="org14afa61">Etherpad</h2>
<div class="outline-text-2" id="text-org14afa61">
<div id="outline-container-org2a81d3f" class="outline-2">
<h2 id="org2a81d3f">Etherpad</h2>
<div class="outline-text-2" id="text-org2a81d3f">
<p>
Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it.
</p>
@ -311,9 +311,9 @@ Collaborate on creating documents in real time. Maybe you're planning a holiday
</p>
</div>
</div>
<div id="outline-container-orgb5c7f21" class="outline-2">
<h2 id="orgb5c7f21">Ghost</h2>
<div class="outline-text-2" id="text-orgb5c7f21">
<div id="outline-container-org7701c14" class="outline-2">
<h2 id="org7701c14">Ghost</h2>
<div class="outline-text-2" id="text-org7701c14">
<p>
Modern looking blogging system.
</p>
@ -323,9 +323,9 @@ Modern looking blogging system.
</p>
</div>
</div>
<div id="outline-container-orgfc37116" class="outline-2">
<h2 id="orgfc37116">GNU Social</h2>
<div class="outline-text-2" id="text-orgfc37116">
<div id="outline-container-orgb096bfe" class="outline-2">
<h2 id="orgb096bfe">GNU Social</h2>
<div class="outline-text-2" id="text-orgb096bfe">
<p>
Federated social network. You can "<i>remote follow</i>" other users within the GNU Social federation.
</p>
@ -335,9 +335,9 @@ Federated social network. You can "<i>remote follow</i>" other users within the
</p>
</div>
</div>
<div id="outline-container-orgdfd2c0b" class="outline-2">
<h2 id="orgdfd2c0b">Gogs</h2>
<div class="outline-text-2" id="text-orgdfd2c0b">
<div id="outline-container-org9de96f8" class="outline-2">
<h2 id="org9de96f8">Gogs</h2>
<div class="outline-text-2" id="text-org9de96f8">
<p>
Lightweight git project hosting system. You can mirror projects from Github, or if Github turns evil then just host your own projects while retaining the familiar <i>fork-and-pull</i> workflow. If you can use Github then you can also use Gogs.
</p>
@ -347,9 +347,9 @@ Lightweight git project hosting system. You can mirror projects from Github, or
</p>
</div>
</div>
<div id="outline-container-org6f78c37" class="outline-2">
<h2 id="org6f78c37">HTMLy</h2>
<div class="outline-text-2" id="text-org6f78c37">
<div id="outline-container-orgfeb902f" class="outline-2">
<h2 id="orgfeb902f">HTMLy</h2>
<div class="outline-text-2" id="text-orgfeb902f">
<p>
Databaseless blogging system. Quite simple and with a markdown-like format.
</p>
@ -359,9 +359,9 @@ Databaseless blogging system. Quite simple and with a markdown-like format.
</p>
</div>
</div>
<div id="outline-container-org8c3eafd" class="outline-2">
<h2 id="org8c3eafd">Hubzilla</h2>
<div class="outline-text-2" id="text-org8c3eafd">
<div id="outline-container-org53f98d5" class="outline-2">
<h2 id="org53f98d5">Hubzilla</h2>
<div class="outline-text-2" id="text-org53f98d5">
<p>
Web publishing platform with social network like features and good privacy controls so that it's possible to specify who can see which content. Includes photo albums, calendar, wiki and file storage.
</p>
@ -371,9 +371,9 @@ Web publishing platform with social network like features and good privacy contr
</p>
</div>
</div>
<div id="outline-container-orgbea0c52" class="outline-2">
<h2 id="orgbea0c52">IRC Server (ngirc)</h2>
<div class="outline-text-2" id="text-orgbea0c52">
<div id="outline-container-org04b2461" class="outline-2">
<h2 id="org04b2461">IRC Server (ngirc)</h2>
<div class="outline-text-2" id="text-org04b2461">
<p>
Run your own IRC chat channel which can be secured with a password and accessible via an onion address. A bouncer is included so that you can receive messages sent while you were offline. Works with Hexchat and other popular clients.
</p>
@ -383,18 +383,18 @@ Run your own IRC chat channel which can be secured with a password and accessibl
</p>
</div>
</div>
<div id="outline-container-org8ab9a8f" class="outline-2">
<h2 id="org8ab9a8f">Jitsi Meet</h2>
<div class="outline-text-2" id="text-org8ab9a8f">
<div id="outline-container-org01bf547" class="outline-2">
<h2 id="org01bf547">Jitsi Meet</h2>
<div class="outline-text-2" id="text-org01bf547">
<p>
Experimental WebRTC video conferencing system, similar to Google Hangouts. This may not be fully functional, but is hoped to be in the near future.
</p>
</div>
</div>
<div id="outline-container-org87accf2" class="outline-2">
<h2 id="org87accf2">Lychee</h2>
<div class="outline-text-2" id="text-org87accf2">
<div id="outline-container-org4fa4c1f" class="outline-2">
<h2 id="org4fa4c1f">Lychee</h2>
<div class="outline-text-2" id="text-org4fa4c1f">
<p>
Make your photo albums available on the web.
</p>
@ -404,9 +404,9 @@ Make your photo albums available on the web.
</p>
</div>
</div>
<div id="outline-container-orge84db07" class="outline-2">
<h2 id="orge84db07">Mailpile</h2>
<div class="outline-text-2" id="text-orge84db07">
<div id="outline-container-org021659d" class="outline-2">
<h2 id="org021659d">Mailpile</h2>
<div class="outline-text-2" id="text-org021659d">
<p>
Modern email client which supports GPG encryption.
</p>
@ -416,9 +416,9 @@ Modern email client which supports GPG encryption.
</p>
</div>
</div>
<div id="outline-container-org5f25ae9" class="outline-2">
<h2 id="org5f25ae9">Mumble</h2>
<div class="outline-text-2" id="text-org5f25ae9">
<div id="outline-container-orgbf29cc7" class="outline-2">
<h2 id="orgbf29cc7">Mumble</h2>
<div class="outline-text-2" id="text-orgbf29cc7">
<p>
The popular VoIP and text chat system. Say goodbye to old-fashioned telephony conferences with silly dial codes. Also works well on mobile.
</p>
@ -428,9 +428,9 @@ The popular VoIP and text chat system. Say goodbye to old-fashioned telephony co
</p>
</div>
</div>
<div id="outline-container-org56cecbb" class="outline-2">
<h2 id="org56cecbb">PI-Hole</h2>
<div class="outline-text-2" id="text-org56cecbb">
<div id="outline-container-org6bca095" class="outline-2">
<h2 id="org6bca095">PI-Hole</h2>
<div class="outline-text-2" id="text-org6bca095">
<p>
The black hole for web adverts. Block adverts at the domain name level within your local network. It can significantly reduce bandwidth, speed up page load times and protect your systems from being tracked by spyware.
</p>
@ -440,9 +440,9 @@ The black hole for web adverts. Block adverts at the domain name level within yo
</p>
</div>
</div>
<div id="outline-container-org6a9f389" class="outline-2">
<h2 id="org6a9f389">PostActiv</h2>
<div class="outline-text-2" id="text-org6a9f389">
<div id="outline-container-orgbd5ecde" class="outline-2">
<h2 id="orgbd5ecde">PostActiv</h2>
<div class="outline-text-2" id="text-orgbd5ecde">
<p>
An alternative federated social networking system compatible with GNU Social. It includes some optimisations and fixes currently not available within the main GNU Social project.
</p>
@ -452,9 +452,9 @@ An alternative federated social networking system compatible with GNU Social. It
</p>
</div>
</div>
<div id="outline-container-org3a8271f" class="outline-2">
<h2 id="org3a8271f">Radicale</h2>
<div class="outline-text-2" id="text-org3a8271f">
<div id="outline-container-org93e655a" class="outline-2">
<h2 id="org93e655a">Radicale</h2>
<div class="outline-text-2" id="text-org93e655a">
<p>
Calendar system compatible with CalDAV and CardDAV. Synch your calendar events easily and securely across all your devices.
</p>
@ -464,9 +464,9 @@ Calendar system compatible with CalDAV and CardDAV. Synch your calendar events e
</p>
</div>
</div>
<div id="outline-container-org6f4a73c" class="outline-2">
<h2 id="org6f4a73c">tt-rss</h2>
<div class="outline-text-2" id="text-org6f4a73c">
<div id="outline-container-orga5d4e72" class="outline-2">
<h2 id="orga5d4e72">tt-rss</h2>
<div class="outline-text-2" id="text-orga5d4e72">
<p>
Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "<i>the right to read</i>" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.
</p>
@ -476,9 +476,9 @@ Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via a
</p>
</div>
</div>
<div id="outline-container-orgc3881e2" class="outline-2">
<h2 id="orgc3881e2">Syncthing</h2>
<div class="outline-text-2" id="text-orgc3881e2">
<div id="outline-container-org3ff38e9" class="outline-2">
<h2 id="org3ff38e9">Syncthing</h2>
<div class="outline-text-2" id="text-org3ff38e9">
<p>
Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.
</p>
@ -488,9 +488,9 @@ Possibly the best way to synchronise files across all of your devices. Once it h
</p>
</div>
</div>
<div id="outline-container-org2244242" class="outline-2">
<h2 id="org2244242">Tox</h2>
<div class="outline-text-2" id="text-org2244242">
<div id="outline-container-org0629dc7" class="outline-2">
<h2 id="org0629dc7">Tox</h2>
<div class="outline-text-2" id="text-org0629dc7">
<p>
Client and bootstrap node for the Tox chat/VoIP system.
</p>
@ -500,18 +500,30 @@ Client and bootstrap node for the Tox chat/VoIP system.
</p>
</div>
</div>
<div id="outline-container-org3a977cd" class="outline-2">
<h2 id="org3a977cd">Vim</h2>
<div class="outline-text-2" id="text-org3a977cd">
<div id="outline-container-org058f776" class="outline-2">
<h2 id="org058f776">Turtl</h2>
<div class="outline-text-2" id="text-org058f776">
<p>
A system for privately creating and sharing notes and images, similar to Evernote but without the spying.
</p>
<p>
<a href="./app_turtl.html">How to use it</a>
</p>
</div>
</div>
<div id="outline-container-orgb8da554" class="outline-2">
<h2 id="orgb8da554">Vim</h2>
<div class="outline-text-2" id="text-orgb8da554">
<p>
If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.
</p>
</div>
</div>
<div id="outline-container-org70eae09" class="outline-2">
<h2 id="org70eae09">XMPP</h2>
<div class="outline-text-2" id="text-org70eae09">
<div id="outline-container-org286851f" class="outline-2">
<h2 id="org286851f">XMPP</h2>
<div class="outline-text-2" id="text-org286851f">
<p>
Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as <i>client state notification</i> to save battery power on your mobile devices, support for seamless roaming between networks and <i>message carbons</i> so that you can receive the same messages while being simultaneously logged in to your account on more than one device.
</p>

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2016-11-20 Sun 17:09 -->
<!-- 2016-12-20 Tue 16:16 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title>
@ -255,15 +255,11 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#orgdbaccc3">Readme</a></td>
<td class="org-left"><a href="#org0e58259">Improving security</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org9144c86">Improving ssh security</a></td>
</tr>
<tr>
<td class="org-left"><a href="#org60b4bc6">Administrating the system via an onion address (Tor)</a></td>
<td class="org-left"><a href="#org2189c3f">Administrating the system via an onion address (Tor)</a></td>
</tr>
<tr>
@ -347,88 +343,51 @@ for the JavaScript code in this tag.
</tr>
<tr>
<td class="org-left"><a href="#org7c0835c">Adding or removing users</a></td>
<td class="org-left"><a href="#org6c689d0">Adding or removing users</a></td>
</tr>
<tr>
<td class="org-left"><a href="./app_pihole.html">Blocking Ads</a></td>
</tr>
<tr>
<td class="org-left"><a href="./app_turtl.html">Making and sharing notes and images</a></td>
</tr>
</tbody>
</table>
<div id="outline-container-orgdbaccc3" class="outline-2">
<h2 id="orgdbaccc3">Readme</h2>
<div class="outline-text-2" id="text-orgdbaccc3">
<div id="outline-container-org0e58259" class="outline-2">
<h2 id="org0e58259">Improving security</h2>
<div class="outline-text-2" id="text-org0e58259">
<p>
After the system has installed a README file will be generated which contains any advice on particular apps installed. Ordinarily you won't need to read it though. You can access it with the following commands:
It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running:
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domainname -p 2222
editor ~/README
<pre class="src src-bash">freedombone-client
</pre>
</div>
<p>
To exit if you're using emacs (which is the default editor, but can be changed to vim) you can either just close the terminal or use <b>CTRL-x CTRL-c</b> followed by the <b>exit</b> command.
</p>
</div>
</div>
<div id="outline-container-org9144c86" class="outline-2">
<h2 id="org9144c86">Improving ssh security</h2>
<div class="outline-text-2" id="text-org9144c86">
<p>
To improve ssh security you can generate an ssh key pair on your system and then upload the public key to the Freedombone.
On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then:
</p>
<p>
On your local machine:
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh-keygen
<pre class="example">
ssh myusername@freedombone.local -p 2222
</pre>
</div>
<p>
For extra security you may also want to add a passphrase to the ssh private key. You can show the generated public key with:
</p>
<div class="org-src-container">
<pre class="src src-bash">cat ~/.ssh/id_rsa.pub
</pre>
</div>
<p>
Log into your system and open the control panel.
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@domain -p 2222
</pre>
</div>
<p>
Select <i>Administrator controls</i> then <i>Manage Users</i> then <i>Change user ssh public key</i>. Copy and paste the public key here, then exit.
Select <b>Administrator controls</b> and re-enter your password, then <b>Manage Users</b> and <b>Change user ssh public key</b>. Copy and paste the ssh public keys which appeared after the <b>freedombone-client</b> command was run. Then go to <b>Security settings</b> and select <b>Allow ssh login with passwords</b> followed by <b>no</b>.
</p>
<p>
It's a good idea to also copy the contents of <b>~/.ssh/id_rsa</b> and <b>~/.ssh/id_rsa.pub</b> to you password manager, together with the private key password if you created one.
</p>
<p>
There are advantages and disadvantages to using ssh keys for logins. The advantage is that this is much more secure than a memorised password, but the disadvantage is that you need to carry your ssh keys around and be able to install them on any computer of mobile device that you use. In high security or hostile infosec environments it may not be possible to carry or use USB thumb drives containing your keys and so memorised passwords may be the only available choice.
</p>
<p>
If you wish to only use ssh keys then log in to the Freedombone, become the root user and open the control panel with the 'control' command. Select <i>Security Settings</i> then keep hitting enter until you reach the question about allowing password logins. Select "no" for that, then apply the settings. Any subsequent attempts to log in via a password will then be denied.
You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to.
</p>
</div>
</div>
<div id="outline-container-org60b4bc6" class="outline-2">
<h2 id="org60b4bc6">Administrating the system via an onion address (Tor)</h2>
<div class="outline-text-2" id="text-org60b4bc6">
<div id="outline-container-org2189c3f" class="outline-2">
<h2 id="org2189c3f">Administrating the system via an onion address (Tor)</h2>
<div class="outline-text-2" id="text-org2189c3f">
<p>
You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following:
</p>
@ -448,16 +407,7 @@ Select <i>Administrator controls</i> then select "About this system" and look fo
</div>
<p>
This will set up your ssh environment to be able to handle onion addresses. In addition if you use monkeysphere then you can do:
</p>
<div class="org-src-container">
<pre class="src src-bash">freedombone-client --ms yes
</pre>
</div>
<p>
Then you can test ssh with:
This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with:
</p>
<div class="org-src-container">
@ -470,9 +420,9 @@ Subsequently even if dynamic DNS isn't working you may still be able to administ
</p>
</div>
</div>
<div id="outline-container-org7c0835c" class="outline-2">
<h2 id="org7c0835c">Adding or removing users</h2>
<div class="outline-text-2" id="text-org7c0835c">
<div id="outline-container-org6c689d0" class="outline-2">
<h2 id="org6c689d0">Adding or removing users</h2>
<div class="outline-text-2" id="text-org6c689d0">
<p>
Log into the system with:
</p>