diff --git a/doc/EN/app_turtl.org b/doc/EN/app_turtl.org new file mode 100644 index 00000000..47dba91a --- /dev/null +++ b/doc/EN/app_turtl.org @@ -0,0 +1,50 @@ +#+TITLE: +#+AUTHOR: Bob Mottram +#+EMAIL: bob@freedombone.net +#+KEYWORDS: freedombone, turtl, notes, images, sharing +#+DESCRIPTION: How to use Ghost +#+OPTIONS: ^:nil toc:nil +#+HTML_HEAD: + +#+BEGIN_CENTER +[[file:images/logo.png]] +#+END_CENTER + +#+BEGIN_EXPORT html +
+

Turtl

+
+#+END_EXPORT + +Turtl is a system for privately creating and sharing notes and images, similar to Evernote. It can be set up so that a small number of users on the server can share their notes in a convenient way. It doesn't have any web user interface, and you need to install native clients on mobile or laptop/desktop machines. + +Since the data at rest is stored in PGP encrypted format this is a good system to use in cases where security really is a critical factor. + + +#+BEGIN_CENTER +[[file:images/turtl.jpg]] +#+END_CENTER + +* Installation +Log into your system with: + +#+begin_src bash +ssh myusername@mydomain -p 2222 +#+end_src + +Using cursor keys, space bar and Enter key select *Administrator controls* and type in your password. + +Select *Add/Remove Apps* then *turtl*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /notes.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it. + +After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for Turtl. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message. + +* Initial setup +The most common use case will be with Android devices. The Android app isn't currently available within F-droid (see [[https://turtlapp.com/faq][the FAQ]] for details) but can be [[https://turtlapp.com/download/][downloaded from the Turtl site]]. + +Run the app then at the bottom of the screen select *advanced settings* and enter your turl domain name, then register a new account. The password can be anything you choose, but since the client side encryption depends upon having a good password make it a long random string generated by a password manager such as KeepassX. + +You should then be able to log in and start using the app. You might also want to invite any other users of your Freedombone system to also sign up using the turtl domain name which you specified during installation. + + +* Locking it down +Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the *administrator control panel* and select *App Settings* then *turtl*. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups later. diff --git a/doc/EN/apps.org b/doc/EN/apps.org index 45bc1daf..6f990afc 100644 --- a/doc/EN/apps.org +++ b/doc/EN/apps.org @@ -103,6 +103,10 @@ Possibly the best way to synchronise files across all of your devices. Once it h Client and bootstrap node for the Tox chat/VoIP system. [[./app_tox.html][How to use it]] +* Turtl +A system for privately creating and sharing notes and images, similar to Evernote but without the spying. + +[[./app_turtl.html][How to use it]] * Vim If you use the Mutt client to read your email then this will set it up to use vim for composing new mail. diff --git a/doc/EN/usage.org b/doc/EN/usage.org index a073ebed..8d32c6ee 100644 --- a/doc/EN/usage.org +++ b/doc/EN/usage.org @@ -16,8 +16,7 @@ #+END_EXPORT -| [[Readme]] | -| [[Improving ssh security]] | +| [[Improving security]] | | [[Administrating the system via an onion address (Tor)]] | | [[./mobile.html][Mobile advice]] | | [[./usage_email.html][Using Email]] | @@ -41,6 +40,7 @@ | [[./app_gogs.html][Git Projects]] | | [[Adding or removing users]] | | [[./app_pihole.html][Blocking Ads]] | +| [[./app_turtl.html][Making and sharing notes and images]] | * Improving security It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running: diff --git a/img/turtl.jpg b/img/turtl.jpg new file mode 100644 index 00000000..d66e143c Binary files /dev/null and b/img/turtl.jpg differ diff --git a/website/EN/app_turtl.html b/website/EN/app_turtl.html new file mode 100644 index 00000000..74412eab --- /dev/null +++ b/website/EN/app_turtl.html @@ -0,0 +1,345 @@ + + + + + + + + + + + + + + + + + +
+ +
+
+
+ +
+

logo.png +

+
+
+ +
+

Turtl

+
+ +

+Turtl is a system for privately creating and sharing notes and images, similar to Evernote. It can be set up so that a small number of users on the server can share their notes in a convenient way. It doesn't have any web user interface, and you need to install native clients on mobile or laptop/desktop machines. +

+ +

+Since the data at rest is stored in PGP encrypted format this is a good system to use in cases where security really is a critical factor. +

+ + +
+ +
+

turtl.jpg +

+
+
+ +
+

Installation

+
+

+Log into your system with: +

+ +
+
ssh myusername@mydomain -p 2222
+
+
+ +

+Using cursor keys, space bar and Enter key select Administrator controls and type in your password. +

+ +

+Select Add/Remove Apps then turtl. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under Dynamic DNS on the FreeDNS site (the random string from "quick cron example" which appears after update.php? and before >>). For more details on obtaining a domain and making it accessible via dynamic DNS see the FAQ. Typically the domain name you use will be a subdomain, such as notes.mydomainname.net. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it. +

+ +

+After the install has completed go to Security settings and select Create a new Let's Encrypt certificate and enter the domain name that you are using for Turtl. If you're using the "onion only" version of the system then you don't need to do this. If the certificate is obtained successfully then you will see a congratulations message. +

+
+
+ +
+

Initial setup

+
+

+The most common use case will be with Android devices. The Android app isn't currently available within F-droid (see the FAQ for details) but can be downloaded from the Turtl site. +

+ +

+Run the app then at the bottom of the screen select advanced settings and enter your turl domain name, then register a new account. The password can be anything you choose, but since the client side encryption depends upon having a good password make it a long random string generated by a password manager such as KeepassX. +

+ +

+You should then be able to log in and start using the app. You might also want to invite any other users of your Freedombone system to also sign up using the turtl domain name which you specified during installation. +

+
+
+ + +
+

Locking it down

+
+

+Once you have created accounts it's a good idea to turn off new turtl signups. This will prevent millions of random users on the interwebs from creating accounts on your system and killing your server, or possibly other nefarious security scenarios. Go to the administrator control panel and select App Settings then turtl. You will then be able to disable new user registrations and also set the data storage limit for users. If you need additional users later you can always temporarily re-enable signups later. +

+
+
+
+
+ + + +
+Back to top | E-mail me +
+
+ + diff --git a/website/EN/apps.html b/website/EN/apps.html index 5d54640d..1cf8b4a8 100644 --- a/website/EN/apps.html +++ b/website/EN/apps.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -263,9 +263,9 @@ The base install of the system just contains an email server and Mutt client, bu -
-

DLNA

-
+
+

DLNA

+

Enables you to use the system as a music server which any DLNA compatible devices can connect to within your home network.

@@ -275,9 +275,9 @@ Enables you to use the system as a music server which any DLNA compatible device

-
-

Dokuwiki

-
+
+

Dokuwiki

+

A databaseless wiki system.

@@ -287,9 +287,9 @@ A databaseless wiki system.

-
-

Emacs

-
+
+

Emacs

+

If you use the Mutt client to read your email then this will set it up to use emacs for composing new mail.

@@ -299,9 +299,9 @@ If you use the Mutt client to read your email then this will set it up to use em

-
-

Etherpad

-
+
+

Etherpad

+

Collaborate on creating documents in real time. Maybe you're planning a holiday with other family members or creating documentation for a Free Software project along with other volunteers. Etherpad is hard to beat for simplicity and speed. Only users of the system will be able to access it.

@@ -311,9 +311,9 @@ Collaborate on creating documents in real time. Maybe you're planning a holiday

-
-

Ghost

-
+
+

Ghost

+

Modern looking blogging system.

@@ -323,9 +323,9 @@ Modern looking blogging system.

-
-

GNU Social

-
+
+

GNU Social

+

Federated social network. You can "remote follow" other users within the GNU Social federation.

@@ -335,9 +335,9 @@ Federated social network. You can "remote follow" other users within the

-
-

Gogs

-
+
+

Gogs

+

Lightweight git project hosting system. You can mirror projects from Github, or if Github turns evil then just host your own projects while retaining the familiar fork-and-pull workflow. If you can use Github then you can also use Gogs.

@@ -347,9 +347,9 @@ Lightweight git project hosting system. You can mirror projects from Github, or

-
-

HTMLy

-
+
+

HTMLy

+

Databaseless blogging system. Quite simple and with a markdown-like format.

@@ -359,9 +359,9 @@ Databaseless blogging system. Quite simple and with a markdown-like format.

-
-

Hubzilla

-
+
+

Hubzilla

+

Web publishing platform with social network like features and good privacy controls so that it's possible to specify who can see which content. Includes photo albums, calendar, wiki and file storage.

@@ -371,9 +371,9 @@ Web publishing platform with social network like features and good privacy contr

-
-

IRC Server (ngirc)

-
+
+

IRC Server (ngirc)

+

Run your own IRC chat channel which can be secured with a password and accessible via an onion address. A bouncer is included so that you can receive messages sent while you were offline. Works with Hexchat and other popular clients.

@@ -383,18 +383,18 @@ Run your own IRC chat channel which can be secured with a password and accessibl

-
-

Jitsi Meet

-
+
+

Jitsi Meet

+

Experimental WebRTC video conferencing system, similar to Google Hangouts. This may not be fully functional, but is hoped to be in the near future.

-
-

Lychee

-
+
+

Lychee

+

Make your photo albums available on the web.

@@ -404,9 +404,9 @@ Make your photo albums available on the web.

-
-

Mailpile

-
+
+

Mailpile

+

Modern email client which supports GPG encryption.

@@ -416,9 +416,9 @@ Modern email client which supports GPG encryption.

-
-

Mumble

-
+
+

Mumble

+

The popular VoIP and text chat system. Say goodbye to old-fashioned telephony conferences with silly dial codes. Also works well on mobile.

@@ -428,9 +428,9 @@ The popular VoIP and text chat system. Say goodbye to old-fashioned telephony co

-
-

PI-Hole

-
+
+

PI-Hole

+

The black hole for web adverts. Block adverts at the domain name level within your local network. It can significantly reduce bandwidth, speed up page load times and protect your systems from being tracked by spyware.

@@ -440,9 +440,9 @@ The black hole for web adverts. Block adverts at the domain name level within yo

-
-

PostActiv

-
+
+

PostActiv

+

An alternative federated social networking system compatible with GNU Social. It includes some optimisations and fixes currently not available within the main GNU Social project.

@@ -452,9 +452,9 @@ An alternative federated social networking system compatible with GNU Social. It

-
-

Radicale

-
+
+

Radicale

+

Calendar system compatible with CalDAV and CardDAV. Synch your calendar events easily and securely across all your devices.

@@ -464,9 +464,9 @@ Calendar system compatible with CalDAV and CardDAV. Synch your calendar events e

-
-

tt-rss

-
+
+

tt-rss

+

Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via an onion address. Have "the right to read" without the Surveillance State knowing what you're reading. Also available with a user interface suitable for viewing on mobile devices via a browser such as OrFox.

@@ -476,9 +476,9 @@ Private RSS reader. Pulls in RSS/Atom feeds via Tor and is only accessible via a

-
-

Syncthing

-
+
+

Syncthing

+

Possibly the best way to synchronise files across all of your devices. Once it has been set up it "just works" with no user intervention needed.

@@ -488,9 +488,9 @@ Possibly the best way to synchronise files across all of your devices. Once it h

-
-

Tox

-
+
+

Tox

+

Client and bootstrap node for the Tox chat/VoIP system.

@@ -500,18 +500,30 @@ Client and bootstrap node for the Tox chat/VoIP system.

-
-

Vim

-
+
+

Turtl

+
+

+A system for privately creating and sharing notes and images, similar to Evernote but without the spying. +

+ +

+How to use it +

+
+
+
+

Vim

+

If you use the Mutt client to read your email then this will set it up to use vim for composing new mail.

-
-

XMPP

-
+
+

XMPP

+

Chat server which can be used together with client such as Gajim or Conversations to provide end-to-end content security and also onion routed metadata security. Includes advanced features such as client state notification to save battery power on your mobile devices, support for seamless roaming between networks and message carbons so that you can receive the same messages while being simultaneously logged in to your account on more than one device.

diff --git a/website/EN/usage.html b/website/EN/usage.html index 30cc694b..34d3165d 100644 --- a/website/EN/usage.html +++ b/website/EN/usage.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -255,15 +255,11 @@ for the JavaScript code in this tag. -Readme +Improving security -Improving ssh security - - - -Administrating the system via an onion address (Tor) +Administrating the system via an onion address (Tor) @@ -347,88 +343,51 @@ for the JavaScript code in this tag. -Adding or removing users +Adding or removing users Blocking Ads + + +Making and sharing notes and images + -
-

Readme

-
+
+

Improving security

+

-After the system has installed a README file will be generated which contains any advice on particular apps installed. Ordinarily you won't need to read it though. You can access it with the following commands: +It's a lot more secure to log in to the Freedombone system using ssh keys rather than with a password. You can set that up by first running:

-
ssh username@domainname -p 2222
-editor ~/README
+
freedombone-client

-To exit if you're using emacs (which is the default editor, but can be changed to vim) you can either just close the terminal or use CTRL-x CTRL-c followed by the exit command. -

-
-
-
-

Improving ssh security

-
-

-To improve ssh security you can generate an ssh key pair on your system and then upload the public key to the Freedombone. +On your local system (i.e. whatever you're logging in to the Freedombone system from, typically a laptop). Then:

-

-On your local machine: -

- -
-
ssh-keygen
+
+ssh myusername@freedombone.local -p 2222
 

-

-For extra security you may also want to add a passphrase to the ssh private key. You can show the generated public key with: -

- -
-
cat ~/.ssh/id_rsa.pub
-
-
- -

-Log into your system and open the control panel. -

- -
-
ssh username@domain -p 2222
-
-
- -

-Select Administrator controls then Manage Users then Change user ssh public key. Copy and paste the public key here, then exit. +Select Administrator controls and re-enter your password, then Manage Users and Change user ssh public key. Copy and paste the ssh public keys which appeared after the freedombone-client command was run. Then go to Security settings and select Allow ssh login with passwords followed by no.

-It's a good idea to also copy the contents of ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub to you password manager, together with the private key password if you created one. -

- -

-There are advantages and disadvantages to using ssh keys for logins. The advantage is that this is much more secure than a memorised password, but the disadvantage is that you need to carry your ssh keys around and be able to install them on any computer of mobile device that you use. In high security or hostile infosec environments it may not be possible to carry or use USB thumb drives containing your keys and so memorised passwords may be the only available choice. -

- -

-If you wish to only use ssh keys then log in to the Freedombone, become the root user and open the control panel with the 'control' command. Select Security Settings then keep hitting enter until you reach the question about allowing password logins. Select "no" for that, then apply the settings. Any subsequent attempts to log in via a password will then be denied. +You'll need to make sure that you have a copy of the ~/.ssh directory on your local system. You could just copy that directory to a USB drive and then keep that somewhere safe so that you can restore the keys if you need to.

- -
-

Administrating the system via an onion address (Tor)

-
+
+

Administrating the system via an onion address (Tor)

+

You can also access your system via the Tor system using an onion address. To find out what the onion address for ssh access is you can do the following:

@@ -448,16 +407,7 @@ Select Administrator controls then select "About this system" and look fo

-This will set up your ssh environment to be able to handle onion addresses. In addition if you use monkeysphere then you can do: -

- -
-
freedombone-client --ms yes
-
-
- -

-Then you can test ssh with: +This will set up your ssh environment to be able to handle onion addresses. Then you can test ssh with:

@@ -470,9 +420,9 @@ Subsequently even if dynamic DNS isn't working you may still be able to administ

-
-

Adding or removing users

-
+
+

Adding or removing users

+

Log into the system with: