Update documentation for the new user menu

README.md

 This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the *Disk Utility* application. Then plug it into the Freedombone system, then from your local machine run:
 
     ssh myusername@mydomainname -p 2222
-    sudo control
 
-Select *Backup and Restore* then *Backup GPG key to USB (master keydrive)*.
+Select *Administrator controls* then *Backup and Restore* then *Backup GPG key to USB (master keydrive)*.
 
 **Fragment keydrives**
 
 This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this can be done from the *Disk Utility* application. Plug it into the Freedombone system then from your local machine run the following commands:
 
     ssh myusername@mydomainname -p 2222
-    sudo control
 
-Select *Backup and Restore* then *Backup GPG key to USB (fragment keydrive)*.
+Select *Administrator controls* then *Backup and Restore* then *Backup GPG key to USB (fragment keydrive)*.
 
 Fragments are randomly assigned and so you will need at least three or four keydrives to have enough fragments to reconstruct your original key in a worst case scenario. You can store fragments for different Freedombone systems on the same encrypted USB drive, so you can help to ensure that your friends can also recover their systems. This might be called *"the web of backups"* or *"the web of encryption"*. Since you can only write a single key fragment from your Freedombone system to a given USB drive each friend doesn't have enough information to decrypt your backups or steal your identity, even if they turn evil. This is based on the assumption that it may be difficult to get three or more friends to conspire against you all at once.
 
 To administer the system after installation log in via ssh, become the root user and then launch the control panel.
 
     ssh fbone@freedombone.local -p 2222
-    sudo control
 
-From there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
+Select *Administrator controls* and from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.

doc/EN/backups.org

 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Backup and Restore/ then /Backup GPG key to USB drive (master keydrive)/.
+Select /Administrator controls/ then /Backup and Restore/ then /Backup GPG key to USB drive (master keydrive)/.
 
 Keep this USB drive in some safe place, since it will enable you to restore from previous backups.
 
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Backup and Restore/ and then /Backup data to USB drive/.
+Select /Administrator controls/ then /Backup and Restore/ and then /Backup data to USB drive/.
 
 Type in the LUKS password for the USB drive, then the backup will begin.
 
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-If this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting /Backup and Restore/ then /Restore GPG key from USB keydrive/. When that's done remove the keydrive and plug in the backup drive.
+Select /Administrator controls/ then if this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting /Backup and Restore/ then /Restore GPG key from USB keydrive/. When that's done remove the keydrive and plug in the backup drive.
 
 Select /Backup and Restore/ then /Restore data from USB drive/.
 
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Backup and Restore/ then /Configure remote backups/.
+Select /Administrator controls/ then /Backup and Restore/ then /Configure remote backups/.
 
 You can then enter the usernames, domains and ssh logins for one or more remote servers. The system will try to backup to these remote locations once per day.
 * Restore from a friend
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Backup and Restore/ then /Restore GPG key from USB (master keydrive)/. Select the username then plug in your keydrive and restore the key.
+Select /Administrator controls/ then /Backup and Restore/ then /Restore GPG key from USB (master keydrive)/. Select the username then plug in your keydrive and restore the key.
 
 Now select /Configure remote backups/ and configure the locations and logins for the remote server.
 
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Backup and Restore/ then /Restore from remote backup/ and enter the domain name of the remote server that you wish to restore from.
+Select /Administrator controls/ then /Backup and Restore/ then /Restore from remote backup/ and enter the domain name of the remote server that you wish to restore from.
 
 #+BEGIN_EXPORT html
 <center>

doc/EN/controlpanel.org

 | [[User management menu]]    |
 
 * Main menu
-You can access the main menu by logging into the system, then running the *control* command with root privileges.
+You can access the main menu by logging into the system.
 
 #+BEGIN_SRC bash
 ssh myusername@mydomain -p 2222
-sudo control
 #+END_SRC
 
+Then selecting /Administrator controls/.
+
 It should look like this:
 
 #+BEGIN_CENTER

doc/EN/faq.org

 
 #+BEGIN_SRC bash
 ssh username@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Manage Users/ and then /Add a user/. You will be prompted for a username and you can also optionally provide their ssh public key.
+Select /Administrator controls/ then /Manage Users/ and then /Add a user/. You will be prompted for a username and you can also optionally provide their ssh public key.
 
 Something to consider when having more than a single user on the system is the security situation. The original administrator user will have access to all of the data for other users (including their encryption keys), so if you do add extra users they need to have *complete trust* in the administrator.
 
 
 #+BEGIN_SRC bash
 ssh username@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Manage Users/ and then /Delete a user/. Note that this will delete all of that user's files and email.
+Select /Administrator controls/ then /Manage Users/ and then /Delete a user/. Note that this will delete all of that user's files and email.
 * How do I reset the tripwire?
 The tripwire will be automatically reset once per week. If you want to reset it earlier then do the following:
 
 #+BEGIN_SRC bash
 ssh username@mydomain -p 2222
-sudo control
 #+END_SRC
 
-Select "reset tripwire" using cursors and space bar then enter.
+Select /Administrator controls/ then "reset tripwire" using cursors and space bar then enter.
 * Is metadata protected?
 #+BEGIN_QUOTE
 "/We kill people based on metadata/"
 * How do I create email processing rules?
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Email Filtering Rules/ then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
+Select /Administrator controls/ then /Email Filtering Rules/ then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
 
 | freedombone-addlist  | Adds a mailing list                                                  |
 | freedombone-rmlist   | Removes a mailing list                                               |
 
 #+BEGIN_SRC bash
 ssh myusername@mydomain -p 2222
-sudo control
 #+END_SRC
 
-Then select /Security Settings/. You will then be able to edit the crypto settings for all of the installed applications. *Be very careful when editing*, since any mistake could make your system less secure rather than more.
+Select /Administrator controls/ then select /Security Settings/. You will then be able to edit the crypto settings for all of the installed applications. *Be very careful when editing*, since any mistake could make your system less secure rather than more.
 * How do I get a domain name?
 Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.
 
 
 #+BEGIN_SRC bash
 ssh username@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select *Security settings* then *Create a new Let's Encrypt certificate*.
+Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
 
 One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
 * How do I renew a Let's Encrypt certificate?
 
 #+BEGIN_SRC bash
 ssh username@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select *Security settings* then *Renew Let's Encrypt certificate*.
+Select /Administrator controls/ then *Security settings* then *Renew Let's Encrypt certificate*.
 * I tried to renew a Let's Encrypt certificate and it failed. What should I do?
 Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
 
 #+BEGIN_SRC bash
 ssh username@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select *Security settings* then *Create a new Let's Encrypt certificate*.
+Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
 * Why use self-signed certificates?
 Almost everywhere on the web you will read that self-signed certificates are worthless. They bring up /scary-scary looking/ browser warnings and gurus will advise you not to use them. Self-signed certificates are quite useful though. What the scary warnings mean - and it would be good if they explained this more clearly - is that you have an encrypted connection established but there is /no certainty about who that connection is with/.
 
 
 #+BEGIN_SRC bash
 ssh username@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select *Outgoing Email Proxy* and enter the details for your ISP SMTP server.
+Select /Administrator controls/ then *Outgoing Email Proxy* and enter the details for your ISP SMTP server.
 
 This may work, at least when using Mutt, and admittedly if it does then it's a compromise in which you are using some infrastructure which is not controlled by the community - with all of the usual hazards which go along with that.
 

doc/EN/installation.org

 
 #+BEGIN_SRC bash
 ssh myusername@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Backup and Restore/ then /Backup GPG key to USB (master keydrive)/.
+Select /Administrator controls/ then /Backup and Restore/ then /Backup GPG key to USB (master keydrive)/.
 ** Fragment keydrives
 This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this [[https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage][can be done from the /Disk Utility/ application]]. Plug it into the Freedombone system then from your local machine run the following commands:
 
 #+BEGIN_SRC bash
 ssh myusername@mydomainname -p 2222
-sudo control
 #+END_SRC
 
-Select /Backup and Restore/ then /Backup GPG key to USB (fragment keydrive)/.
+Select /Administrator controls/ then /Backup and Restore/ then /Backup GPG key to USB (fragment keydrive)/.
 
 Fragments are randomly assigned and so you will need at least three or four keydrives to have enough fragments to reconstruct your original key in a worst case scenario. You can store fragments for different Freedombone systems on the same encrypted USB drive, so you can help to ensure that your friends can also recover their systems. This might be called "/the web of backups/" or "/the web of encryption/". Since you can only write a single key fragment from your Freedombone system to a given USB drive each friend doesn't have enough information to decrypt your backups or steal your identity, even if they turn evil. This is based on the assumption that it may be difficult to get three or more friends to conspire against you all at once.
 * On Client Machines
 
 #+BEGIN_SRC bash
 ssh myusername@freedombone.local -p 2222
-sudo control
 #+END_SRC
 
-From there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
+Select /Administrator controls/ then from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
 
 #+BEGIN_EXPORT html
 <center>

doc/EN/usage.org

 
 #+BEGIN_SRC bash
 ssh username@domain -p 2222
-sudo control
 #+END_SRC
 
-Select /Manage Users/ then /Change user ssh public key/. Copy and paste the public key here, then exit.
+Select /Administrator controls/ then /Manage Users/ then /Change user ssh public key/. Copy and paste the public key here, then exit.
 
 It's a good idea to also copy the contents of *~/.ssh/id_rsa* and *~/.ssh/id_rsa.pub* to you password manager, together with the private key password if you created one.
 
 
 #+BEGIN_SRC bash
 ssh username@freedombone.local -p 2222
-sudo control
 #+END_SRC
 
-Then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
+Select /Administrator controls/ then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
 
 #+BEGIN_SRC bash
 sudo apt-get install tor connect-proxy
 
 #+BEGIN_SRC bash
 ssh myusername@mydomain -p 2222
-sudo control
 #+END_SRC
 
-Select the *IRC Menu* and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
+Select /Administrator controls/ then *IRC Menu* and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
 
 ** XMPP/Jabber
 *** Using with Profanity
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Then select the *About* screen.
+Select /Administrator controls/ then select the *About* screen.
 
 The RSS reader is accessible only via an onion address. This provides a reasonable degree of reading privacy, making it difficult for passive adversaries such as governments, corporations or criminals to create lists of sites which you are subscribed to.
 

doc/EN/usage_email.org

 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select *Email filtering rules* then *Add a user to a mailing list*. If you want to do it purely from the commandline then see the manpage for *freedombone-addlist*.
+Select /Administrator controls/ then *Email filtering rules* then *Add a user to a mailing list*. If you want to do it purely from the commandline then see the manpage for *freedombone-addlist*.
 * Adding email addresses to a group/folder
 Similar to adding mailing list folders you can also add specified email addresses into a group/folder.
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select *Email filtering rules* then *Add email rule*. To do the same from the commandline see the manpage for *freedombone-addemail*.
+Select /Administrator controls/ then *Email filtering rules* then *Add email rule*. To do the same from the commandline see the manpage for *freedombone-addemail*.
 * Ignoring incoming emails
 It is possible to ignore incoming emails if they are from a particular email address or if the subject line contains particular text.
 
 #+BEGIN_SRC bash
 ssh username@domainname -p 2222
-sudo control
 #+END_SRC
 
-Select *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*.
+Select /Administrator controls/ then *Email filtering rules* then *Block/Unblock and email address* or *Block/Unblock email with subject line*. Also see the manpage for *freedombone-ignore*.
 * Your own mailing list
 If you want to set up a public mailing list then when installing the system remember to set the *PUBLIC_MAILING_LIST* variable within *freedombone.cfg* to the name of your list. The name should have no spaces in it. Public mailing lists are unencrypted so anyone will be able to read the contents, including non subscribers.
 

website/EN/backups.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-02-27 Sat 22:05 -->
+<!-- 2016-04-06 Wed 18:52 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Backup and Restore</i> then <i>Backup GPG key to USB drive (master keydrive)</i>.
+Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Backup GPG key to USB drive (master keydrive)</i>.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Backup and Restore</i> and then <i>Backup data to USB drive</i>.
+Select <i>Administrator controls</i> then <i>Backup and Restore</i> and then <i>Backup data to USB drive</i>.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-If this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting <i>Backup and Restore</i> then <i>Restore GPG key from USB keydrive</i>. When that's done remove the keydrive and plug in the backup drive.
+Select <i>Administrator controls</i> then if this is a new Freedombone installation then you will first need to restore your backup keys. That can be done by selecting <i>Backup and Restore</i> then <i>Restore GPG key from USB keydrive</i>. When that's done remove the keydrive and plug in the backup drive.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Backup and Restore</i> then <i>Configure remote backups</i>.
+Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Configure remote backups</i>.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Backup and Restore</i> then <i>Restore GPG key from USB (master keydrive)</i>. Select the username then plug in your keydrive and restore the key.
+Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Restore GPG key from USB (master keydrive)</i>. Select the username then plug in your keydrive and restore the key.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Backup and Restore</i> then <i>Restore from remote backup</i> and enter the domain name of the remote server that you wish to restore from.
+Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Restore from remote backup</i> and enter the domain name of the remote server that you wish to restore from.
 </p>
 
 <center>

website/EN/controlpanel.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-02-27 Sat 23:18 -->
+<!-- 2016-04-06 Wed 18:54 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
 <h2 id="orgheadline1">Main menu</h2>
 <div class="outline-text-2" id="text-orgheadline1">
 <p>
-You can access the main menu by logging into the system, then running the <b>control</b> command with root privileges.
+You can access the main menu by logging into the system.
 </p>
 
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh myusername@mydomain -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
+Then selecting <i>Administrator controls</i>.
+</p>
+
+<p>
 It should look like this:
 </p>
 

website/EN/faq.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-03-23 Wed 21:10 -->
+<!-- 2016-04-06 Wed 18:58 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Manage Users</i> and then <i>Add a user</i>. You will be prompted for a username and you can also optionally provide their ssh public key.
+Select <i>Administrator controls</i> then <i>Manage Users</i> and then <i>Add a user</i>. You will be prompted for a username and you can also optionally provide their ssh public key.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Manage Users</i> and then <i>Delete a user</i>. Note that this will delete all of that user's files and email.
+Select <i>Administrator controls</i> then <i>Manage Users</i> and then <i>Delete a user</i>. Note that this will delete all of that user's files and email.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@mydomain -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select "reset tripwire" using cursors and space bar then enter.
+Select <i>Administrator controls</i> then "reset tripwire" using cursors and space bar then enter.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Email Filtering Rules</i> then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
+Select <i>Administrator controls</i> then <i>Email Filtering Rules</i> then you can add rules to be applied to incoming email addresses or mailing lists. If you prefer to do things directly on the command line, without the control panel, then the following commands are available:
 </p>
 
 <table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh myusername@mydomain -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Then select <i>Security Settings</i>. You will then be able to edit the crypto settings for all of the installed applications. <b>Be very careful when editing</b>, since any mistake could make your system less secure rather than more.
+Select <i>Administrator controls</i> then select <i>Security Settings</i>. You will then be able to edit the crypto settings for all of the installed applications. <b>Be very careful when editing</b>, since any mistake could make your system less secure rather than more.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
+Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <b>Security settings</b> then <b>Renew Let's Encrypt certificate</b>.
+Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Renew Let's Encrypt certificate</b>.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
+Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <b>Outgoing Email Proxy</b> and enter the details for your ISP SMTP server.
+Select <i>Administrator controls</i> then <b>Outgoing Email Proxy</b> and enter the details for your ISP SMTP server.
 </p>
 
 <p>

website/EN/installation.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-04-06 Wed 14:35 -->
+<!-- 2016-04-06 Wed 18:50 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
 </colgroup>
 <tbody>
 <tr>
-<td class="org-left"><a href="#orgcbeb5c6">Building an image for a Single Board Computer or Virtual Machine</a></td>
+<td class="org-left"><a href="#orgheadline1">Building an image for a Single Board Computer or Virtual Machine</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org561a41c">Checklist</a></td>
+<td class="org-left"><a href="#orgheadline2">Checklist</a></td>
 </tr>
 
 <tr>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org84e979f">Installation</a></td>
+<td class="org-left"><a href="#orgheadline3">Installation</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org2acc932">Social Key Management - the 'Unforgettable Key'</a></td>
+<td class="org-left"><a href="#orgheadline4">Social Key Management - the 'Unforgettable Key'</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org7ba815b">Final Setup</a></td>
+<td class="org-left"><a href="#orgheadline5">Final Setup</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgca4804f">Keydrives</a></td>
+<td class="org-left"><a href="#orgheadline6">Keydrives</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgb1a9030">On Client Machines</a></td>
+<td class="org-left"><a href="#orgheadline7">On Client Machines</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org6fc0eae">Administering the system</a></td>
+<td class="org-left"><a href="#orgheadline8">Administering the system</a></td>
 </tr>
 </tbody>
 </table>
 
-<div id="outline-container-orgcbeb5c6" class="outline-2">
-<h2 id="orgcbeb5c6">Building an image for a Single Board Computer or Virtual Machine</h2>
-<div class="outline-text-2" id="text-orgcbeb5c6">
+<div id="outline-container-orgheadline1" class="outline-2">
+<h2 id="orgheadline1">Building an image for a Single Board Computer or Virtual Machine</h2>
+<div class="outline-text-2" id="text-orgheadline1">
 <p>
 You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the <b>freedombone-image</b> command.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org561a41c" class="outline-2">
-<h2 id="org561a41c">Checklist</h2>
-<div class="outline-text-2" id="text-org561a41c">
+<div id="outline-container-orgheadline2" class="outline-2">
+<h2 id="orgheadline2">Checklist</h2>
+<div class="outline-text-2" id="text-orgheadline2">
 <p>
 Before installing Freedombone you will need a few things.
 </p>
 </ul>
 </div>
 </div>
-<div id="outline-container-org84e979f" class="outline-2">
-<h2 id="org84e979f">Installation</h2>
-<div class="outline-text-2" id="text-org84e979f">
+<div id="outline-container-orgheadline3" class="outline-2">
+<h2 id="orgheadline3">Installation</h2>
+<div class="outline-text-2" id="text-orgheadline3">
 <p>
 There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
 </p>
 </div>
 
-<div id="outline-container-org7ed0a15" class="outline-3">
-<h3 id="org7ed0a15">On a Laptop, Netbook or Desktop machine</h3>
-<div class="outline-text-3" id="text-org7ed0a15">
+<div id="outline-container-orgheadline9" class="outline-3">
+<h3 id="orgheadline9">On a Laptop, Netbook or Desktop machine</h3>
+<div class="outline-text-3" id="text-orgheadline9">
 <p>
 If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Jessie onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
 </p>
 </div>
 </div>
 
-<div id="outline-container-orge190975" class="outline-3">
-<h3 id="orge190975">On a single board computer (SBC)</h3>
-<div class="outline-text-3" id="text-orge190975">
+<div id="outline-container-orgheadline10" class="outline-3">
+<h3 id="orgheadline10">On a single board computer (SBC)</h3>
+<div class="outline-text-3" id="text-orgheadline10">
 <p>
 Currently the following boards are supported:
 </p>
 </div>
 </div>
 
-<div id="outline-container-org8cf8e11" class="outline-3">
-<h3 id="org8cf8e11">As a Virtual Machine</h3>
-<div class="outline-text-3" id="text-org8cf8e11">
+<div id="outline-container-orgheadline11" class="outline-3">
+<h3 id="orgheadline11">As a Virtual Machine</h3>
+<div class="outline-text-3" id="text-orgheadline11">
 <p>
 Virtualbox and Qemu are supported. You can run a 64 bit Qemu image with:
 </p>
 </div>
 </div>
 
-<div id="outline-container-org2acc932" class="outline-2">
-<h2 id="org2acc932">Social Key Management - the 'Unforgettable Key'</h2>
-<div class="outline-text-2" id="text-org2acc932">
+<div id="outline-container-orgheadline4" class="outline-2">
+<h2 id="orgheadline4">Social Key Management - the 'Unforgettable Key'</h2>
+<div class="outline-text-2" id="text-orgheadline4">
 <p>
 During the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities
 </p>
 </div>
 
-<div id="outline-container-org67b9067" class="outline-3">
-<h3 id="org67b9067">You have the gnupg keyring on an encrypted USB drive</h3>
-<div class="outline-text-3" id="text-org67b9067">
+<div id="outline-container-orgheadline12" class="outline-3">
+<h3 id="orgheadline12">You have the gnupg keyring on an encrypted USB drive</h3>
+<div class="outline-text-3" id="text-orgheadline12">
 <p>
 If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.
 </p>
 </div>
 </div>
-<div id="outline-container-org633470b" class="outline-3">
-<h3 id="org633470b">You have a number of key fragments on USB drives retrieved from friends</h3>
-<div class="outline-text-3" id="text-org633470b">
+<div id="outline-container-orgheadline13" class="outline-3">
+<h3 id="orgheadline13">You have a number of key fragments on USB drives retrieved from friends</h3>
+<div class="outline-text-3" id="text-orgheadline13">
 <p>
-If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#orgca4804f">Keydrives</a>.
+If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#orgheadline6">Keydrives</a>.
 </p>
 </div>
 </div>
-<div id="outline-container-org1fe74d2" class="outline-3">
-<h3 id="org1fe74d2">You can specify some ssh login details for friends servers containing key fragments</h3>
-<div class="outline-text-3" id="text-org1fe74d2">
+<div id="outline-container-orgheadline14" class="outline-3">
+<h3 id="orgheadline14">You can specify some ssh login details for friends servers containing key fragments</h3>
+<div class="outline-text-3" id="text-orgheadline14">
 <p>
 Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.
 </p>
 </div>
 </div>
 </div>
-<div id="outline-container-org7ba815b" class="outline-2">
-<h2 id="org7ba815b">Final Setup</h2>
-<div class="outline-text-2" id="text-org7ba815b">
+<div id="outline-container-orgheadline5" class="outline-2">
+<h2 id="orgheadline5">Final Setup</h2>
+<div class="outline-text-2" id="text-orgheadline5">
 <p>
 Any manual post-installation setup instructions or passwords can be found in /home/username/README. You should remove any passwords from that file and store them within a password manager such as KeepassX.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgca4804f" class="outline-2">
-<h2 id="orgca4804f">Keydrives</h2>
-<div class="outline-text-2" id="text-orgca4804f">
+<div id="outline-container-orgheadline6" class="outline-2">
+<h2 id="orgheadline6">Keydrives</h2>
+<div class="outline-text-2" id="text-orgheadline6">
 <p>
 After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:
 </p>
 </div>
-<div id="outline-container-orge7fc013" class="outline-3">
-<h3 id="orge7fc013">Master Keydrive</h3>
-<div class="outline-text-3" id="text-orge7fc013">
+<div id="outline-container-orgheadline15" class="outline-3">
+<h3 id="orgheadline15">Master Keydrive</h3>
+<div class="outline-text-3" id="text-orgheadline15">
 <p>
 This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">done from the <i>Disk Utility</i> application</a>. Then plug it into the Freedombone system, then from your local machine run:
 </p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh myusername@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Backup and Restore</i> then <i>Backup GPG key to USB (master keydrive)</i>.
+Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Backup GPG key to USB (master keydrive)</i>.
 </p>
 </div>
 </div>
-<div id="outline-container-orgf721691" class="outline-3">
-<h3 id="orgf721691">Fragment keydrives</h3>
-<div class="outline-text-3" id="text-orgf721691">
+<div id="outline-container-orgheadline16" class="outline-3">
+<h3 id="orgheadline16">Fragment keydrives</h3>
+<div class="outline-text-3" id="text-orgheadline16">
 <p>
 This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be done from the <i>Disk Utility</i> application</a>. Plug it into the Freedombone system then from your local machine run the following commands:
 </p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh myusername@mydomainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Backup and Restore</i> then <i>Backup GPG key to USB (fragment keydrive)</i>.
+Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Backup GPG key to USB (fragment keydrive)</i>.
 </p>
 
 <p>
 </div>
 </div>
 </div>
-<div id="outline-container-orgb1a9030" class="outline-2">
-<h2 id="orgb1a9030">On Client Machines</h2>
-<div class="outline-text-2" id="text-orgb1a9030">
+<div id="outline-container-orgheadline7" class="outline-2">
+<h2 id="orgheadline7">On Client Machines</h2>
+<div class="outline-text-2" id="text-orgheadline7">
 <p>
 You can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org6fc0eae" class="outline-2">
-<h2 id="org6fc0eae">Administering the system</h2>
-<div class="outline-text-2" id="text-org6fc0eae">
+<div id="outline-container-orgheadline8" class="outline-2">
+<h2 id="orgheadline8">Administering the system</h2>
+<div class="outline-text-2" id="text-orgheadline8">
 <p>
 To administer the system after installation log in via ssh, become the root user and then launch the control panel.
 </p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh myusername@freedombone.local -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-From there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
+Select <i>Administrator controls</i> then from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
 </p>
 
 <center>

website/EN/usage.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-04-05 Tue 21:49 -->
+<!-- 2016-04-06 Wed 18:59 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domain -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <i>Manage Users</i> then <i>Change user ssh public key</i>. Copy and paste the public key here, then exit.
+Select <i>Administrator controls</i> then <i>Manage Users</i> then <i>Change user ssh public key</i>. Copy and paste the public key here, then exit.
 </p>
 
 <p>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@freedombone.local -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
+Select <i>Administrator controls</i> then select "About this system" and look for the onion address for ssh. You can then close the terminal and open another, then do the following:
 </p>
 
 <div class="org-src-container">
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh myusername@mydomain -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select the <b>IRC Menu</b> and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
+Select <i>Administrator controls</i> then <b>IRC Menu</b> and then change the password. An empty password will allow anyone to log in, so you can have a globally accessible IRC system if you wish, although you might want to carefully consider whether that's wise.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Then select the <b>About</b> screen.
+Select <i>Administrator controls</i> then select the <b>About</b> screen.
 </p>
 
 <p>

website/EN/usage_email.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2016-02-27 Sat 22:12 -->
+<!-- 2016-04-06 Wed 18:55 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <b>Email filtering rules</b> then <b>Add a user to a mailing list</b>. If you want to do it purely from the commandline then see the manpage for <b>freedombone-addlist</b>.
+Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Add a user to a mailing list</b>. If you want to do it purely from the commandline then see the manpage for <b>freedombone-addlist</b>.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <b>Email filtering rules</b> then <b>Add email rule</b>. To do the same from the commandline see the manpage for <b>freedombone-addemail</b>.
+Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Add email rule</b>. To do the same from the commandline see the manpage for <b>freedombone-addemail</b>.
 </p>
 </div>
 </div>
 <div class="org-src-container">
 
 <pre class="src src-bash">ssh username@domainname -p 2222
-sudo control
 </pre>
 </div>
 
 <p>
-Select <b>Email filtering rules</b> then <b>Block/Unblock and email address</b> or <b>Block/Unblock email with subject line</b>. Also see the manpage for <b>freedombone-ignore</b>.
+Select <i>Administrator controls</i> then <b>Email filtering rules</b> then <b>Block/Unblock and email address</b> or <b>Block/Unblock email with subject line</b>. Also see the manpage for <b>freedombone-ignore</b>.
 </p>
 </div>
 </div>