Merge branch 'stretch' of https://github.com/bashrc/freedombone

README.md

@@ -1,25 +1,15 @@
-<img src="https://github.com/bashrc/freedombone/blob/master/img/logo.png?raw=true" width=800/>
+<img src="https://github.com/bashrc/freedombone/blob/master/img/logo.png?raw=true" width=600/>
 
-> _"With the increasing move of our computing to cloud infrastructures, we give up the control of our computing to the managers of those infrastructures. Our terminals (laptops, desktops) might now be running entirely on Free Software, but this is increasingly irrelevant given that most of what actually matters gets executed on a remote closed system that we don’t control. The Free Software community needs to work to help users keep the control of all their computing, by developing suitable alternatives and facilitating their deployment."_ -- Lucas Nussbaum
+So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone is a home server system which enables you to self-host all of these things.
 
-<img src="https://github.com/bashrc/freedombone/blob/master/img/bbb_above.jpg?raw=true" width=800/>
+You can run Freedombone on an old laptop or a single board computer. See the [list of installation methods](https://freedombone.net/installmethods.html). You can also use it to [set up a mesh network](https://freedombone.net/mesh.html) in your local area.
 
-So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.
+Check out the [list of available apps](https://freedombone.net/apps.html) and [Frequently Asked Questions](https://freedombone.net/faq.html) section. Recent developments are also described on [the blog](https://blog.freedombone.net/tag/freedombone).
 
-[Here's how](https://freedombone.net/homeserver.html).
+Disk images which can be cloned straight to USB or microSD drives are [available here](https://freedombone.net/downloads/v31).
 
-And here's how [on a Beaglebone Black](https://freedombone.net/beaglebone.html). A list of other supported ARM boards [can be found here](https://freedombone.net/boards.html).
+If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html) and [Code of Conduct](https://freedombone.net/codeofconduct.html). There is a Matrix chat room available at *#fbone:matrix.freedombone.net*.
 
-Want to make a community mesh network which doesn't depend upon the internet? The [Freedombone Mesh](https://freedombone.net/mesh.html) is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
+If you like this project and want to support continued development then [here's what to do](https://freedombone.net/support.html).
 
-After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it.
-
- * [Apps available on the system](https://freedombone.net/apps.html)
- * [General usage](https://freedombone.net/usage.html)
- * [Frequently Asked Questions](https://freedombone.net/faq.html)
- * [Advice on setting up on a mobile phone](https://freedombone.net/mobile.html)
- * [I like this project. How can I help to support it?](https://freedombone.net/support.html)
-
-If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html).
-
-Ready made disk images which can be copied onto USB or microSD drives are [available here](https://freedombone.net/downloads/v3).
+<a href="https://raw.githubusercontent.com/bashrc/freedombone/master/website/EN/fdl-1.3.txt"><img src="https://github.com/bashrc/freedombone/blob/master/img/gfdl.png?raw=true" width=80/></a>

doc/EN/app_pleroma.org

@@ -32,7 +32,7 @@ Using cursor keys, space bar and Enter key select *Administrator controls* and t
 Select *Add/Remove Apps* then *pleroma*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /pleroma.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
 
 * Initial setup
-The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
+The first thing you'll need to do is to obtain your login details. From the *administrator control panel* select *security settings* then *passwords* then *pleroma*. This gives the password you will need to log in, together with the username you gave during installation of the Freedombone system.
 
 Once you have done that then you can disable further registrations from the *Administrator control panel* by going to *App Settings* then *pleroma* then *Disable new account registrations*. This may take a while because the app gets recompiled afterwards.
 

doc/EN/armbian.org

@@ -23,7 +23,7 @@ If you have a single board ARM computer which isn't one of the supported ones th
 Download the Armbian image for your board. It must be version 9 (Stretch), otherwise it won't work. Extract the image from its archive, then copy it to a microSD card:
 
 #+begin_src bash
-sudo dd bs=1M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
 #+end_src
 
 Where */dev/sdX* is the path for the microSD drive on your system.

doc/EN/faq.org

@@ -19,12 +19,15 @@
 #+ATTR_HTML: :border -1
 | [[What applications are supported?]]                                                          |
 | [[I don't have a static IP address. Can I still install this system?]]                        |
+| [[What are the best microSD cards to use?]]                                                   |
+| [[On a single board computer can I boot from an external SSD or hard drive?]]                 |
 | [[Why Freedombone and not FreedomBox?]]                                                       |
 | [[Why not support building images for Raspberry Pi?]]                                         |
 | [[Why use Tor? I've heard it's used by bad people]]                                           |
 | [[How is Tor integrated with Freedombone?]]                                                   |
 | [[Can I add a clearnet domain to an onion build?]]                                            |
 | [[Why use Github?]]                                                                           |
+| [[What are the data protection implications of running this system?]]                         |
 | [[After using nmap or other scanning tool I can no longer log in]]                            |
 | [[Should I upload my GPG keys to keybase.io?]]                                                |
 | [[Keys and emails should not be stored on servers. Why do you do that?]]                      |
@@ -59,6 +62,24 @@
 Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.
 
 The lack of a static IP address can be worked around by using a dynamic DNS service. Freedombone uses [[https://troglobit.com/inadyn.html][inadyn]] , which supports a variety of dynamic DNS providers.
+* What are the best microSD cards to use?
+There can be big differences in the performance of microSD cards, and the cheaper ones are almost invariably terrible and/or unusable. Sandisk and Samsung currently appear to be the better brands. You can find some performance benchmarks [[http://www.pidramble.com/wiki/benchmarks/microsd-cards][here]]. However, benchmarks like this only give a very rough idea of performance and they can vary significantly between individual cards even within the same brand.
+* On a single board computer can I boot from an external SSD or hard drive?
+Some single board computers, such as Cubieboards or OLinuxino, have a SATA socket on them which enables an external drive to be connected. This is usually intended for extra file storage, but it is also possible to run the operating system from an external drive. This can have the advantage of significantly increasing the read/write performance and your apps will appear to run more quickly.
+
+Typically a microSD read speed is 10-30MB/s. An SSD or hard drive can be 100MB/s or more, so that's a big potential gain.
+
+Single board computers usually don't have the capability of booting directly from an external drive, but what you can do is boot from a partition on a microSD drive, which then runs the main filesystem (the rootfs) from the external drive.
+
+To create an image suitable for running from an SSD or hard drive use the --sata option, such as:
+
+#+BEGIN_SRC bash
+freedombone-image -t cubieboard2 --sata sda2
+#+END_SRC
+
+Note that the sata option should be set to point to the second partition on the drive, which is normally sda2.
+
+When the image is created then use the dd command to copy it both to a microSD card and to the SSD or hard drive. Plug them both into the board and it should then boot and use the external drive.
 * Why Freedombone and not FreedomBox?
 When the project began in late 2013 the FreedomBox project seemed to be going nowhere, and was only designed to work with the DreamPlug hardware. There was some new hardware out - the Beaglebone Black - which could run Debian and was also a free hardware design so seemed more appropriate. Hence the name "Freedombone", being like FreedomBox but on a Beaglebone. There are some similarities and differences between the two projects:
 
@@ -115,6 +136,16 @@ At present Github is useful just because of the sheer number of eyeballs and the
 The source code for this project is experimentally independently hosted, and it is expected that in future the main development will shift over to an independent site, maybe with mirrors on Github if it still exists in a viable form.
 
 Currently many of the repositories used for applications which are not yet packaged for Debian are on Github, and to provide some degree of resilliance against depending too much upon that copies of them also exist within disk images.
+* What are the data protection implications of running this system?
+Data protection laws such as [[https://en.wikipedia.org/wiki/General_Data_Protection_Regulation][GDPR]] in the EU or the [[https://en.wikipedia.org/wiki/Data_Protection_Act_1998][Data Protection Act]] in the UK usually only apply to formal organizations which are recognized as being legal entities. So you have to be running a business or a charity or some other formal organization in order for the storage of what's known as /personally identifying information/ to potentially become a legal issue. Laws like this usually include:
+
+ * A right to obtain your information
+ * A right to be forgotten (i.e. to have your data permanently deleted)
+ * Ensuring that stored personal data remains accurate
+
+If you're self-hosting then in the language of data protection law the "/data controller/" and the "/data subject/" are one and the same, so there isn't any power differential of that sort. Freedombone is only intended for small numbers of users, so if you are hosting more than one person chances are that you know the others quite well and can arrange to update their data or delete their account if that's needed. Even if data protection laws are later extended to include home server type scenarios it's unlikely that this will become a problem.
+
+For the mesh version similar applies. Each peer stores their own personal data and it never gets aggregated and stored in any centralized way.
 * After using nmap or other scanning tool I can no longer log in
 This system tries to block port scanners. Any other system trying to scan for open ports will have their IP address added to a temporary block list for 24 hours.
 * Should I upload my GPG keys to keybase.io?

doc/EN/homeserver.org

@@ -69,8 +69,8 @@ Now plug in the USB thumb drive, and do the same again. Notice which drive lette
 You can now copy the image to the USB thumb drive, replacing *sdX* with the identifier of the USB thumb drive. Don't include any numbers (so for example use *sdc* instead of *sdc1*).
 
 #+begin_src bash
-dd if=/dev/zero of=/dev/sdX bs=1M count=8
-dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
+dd if=/dev/zero of=/dev/sdX bs=32M count=8
+dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use as a server, power on and set the BIOS to boot from the USB stick.
@@ -119,7 +119,7 @@ Use the password you wrote down earlier to log in. Select the *administrator con
 
 Then select *About*. You'll see a list of sites and their onion addresses.
 
-#+attr_html: :width 80% :align center
+#+attr_html: :width 100% :align center
 [[file:images/controlpanel/control_panel_about.jpg]]
 
 The About screen contains the ssh server public key hashes and you can compare the relevant one with the previous terminal window to verify that they're the same. If they're not then you might have a /machine-in-the-middle/ snooping on you.

doc/EN/installation.org

@@ -129,7 +129,7 @@ unxz filename.img.xz
 Then copy it to a microSD card. Depending on your system you may need an adaptor to be able to do that.
 
 #+BEGIN_SRC bash
-sudo dd bs=1M if=filename.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync
 #+END_SRC
 
 Where *sdX* is the microSD drive. You can check which drive is the microSD drive using:

doc/EN/mesh_capabilities.org

@@ -19,7 +19,6 @@ The mesh system has the following capabilities:
  - Private and public sharing of files
  - Blogging
  - Collaborative editing of documents and presentations
- - Creating and broadcasting audio media/podcasts
  - Social network stream. Follow/unfollow other peers
  - No network administration required
  - No servers

doc/EN/mesh_images.org

@@ -41,8 +41,8 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz
 wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.sig
 gpg --verify freedombone-meshclient-i386.img.xz.sig
 unxz freedombone-meshclient-i386.img.xz
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
@@ -55,8 +55,8 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.
 wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz.sig
 gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
 unxz freedombone-meshclient-insecure-i386.img.xz
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 ** Router images
@@ -75,7 +75,7 @@ gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
 ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
 unxz freedombone-mesh_beaglebone-armhf.img.xz
-sudo dd bs=1M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
@@ -119,8 +119,8 @@ Now plug in the USB thumb drive, and do the same again. Notice which drive lette
 You can now copy the image to the USB thumb drive, replacing *sdX* with the identifier of the USB thumb drive. Don't include any numbers (so for example use *sdc* instead of *sdc1*).
 
 #+begin_src bash
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use on the mesh, power on and set the BIOS to boot from the USB stick.

doc/EN/mobile.org

@@ -9,37 +9,8 @@
 #+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
 
-* Mobile
-
 Mobile phones are insecure devices, but they're regarded as being so essential to modern life that telling people not to use them isn't a viable option. Here are some recommendations on setting up a mobile phone (aka "smartphone") to work with Freedombone.
 
-#+BEGIN_EXPORT html
- <center>
- <table style="width:80%; border:0">
-  <tr>
-    <td><center><b><h3>Open</h3></b><br>Use a free and open source operating system. Open means more trustworthy</center></td>
-    <td><center><b><h3>Remove</h3></b><br>If there are any proprietary apps then remove or deactivate them</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Encrypt</h3></b><br>Make sure your phone is encrypted with a password which isn't easy to guess</center></td>
-    <td><center><b><h3>Apps</h3></b><br>Use F-droid to install new apps</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Lock</h3></b><br>Enable a lock screen with a maximum number of password guesses</center></td>
-    <td><center><b><h3>Onion</h3></b><br>Onion route your connections to avoid bulk metadata collection</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Email</h3></b><br>Access webmail in a browser</center></td>
-    <td><center><b><h3>Services</h3></b><br>Connect to the Freedombone services</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Battery</h3></b><br>Avoid battery-eating apps and disable some optimisations</center></td>
-    <td><center><b><h3>Block</h3></b><br>Prevent access to know bad domains</center></td>
-  </tr>
-</table>
-</center>
-#+END_EXPORT
-
 * Open
 Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
 
@@ -125,6 +96,8 @@ Now edit the hosts file which was pulled and append:
 127.0.0.1       www.google-analytics.com
 127.0.0.1       google-analytics.com
 127.0.0.1       ssl.google-analytics.com
+127.0.0.1       telemetry.mozilla.org
+127.0.0.1       incoming.telemetry.mozilla.org
 #+end_src
 
 Then upload the hosts file back again with:

doc/EN/release3.org

@@ -31,7 +31,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
 
 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
 #+END_SRC
 
 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.

doc/EN/release31.org

@@ -39,7 +39,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
 
 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
 #+END_SRC
 
 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.

doc/EN/socialinstance.org

@@ -31,8 +31,8 @@ wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz
 wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
 gpg --verify freedombone-pleroma-amd64.img.xz.sig
 unxz freedombone-pleroma-amd64.img.xz
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 Also note that if the laptop has a removable SSD drive it's possible to copy the image directly to that if you have enough equipment.

src/freedombone-addremove

@@ -203,6 +203,7 @@ function install_apps_selected {
             fi
         fi
         app_index=$((app_index+1))
+
     done
 
     # if no apps to be installed then don't do anything

src/freedombone-app-etherpad

@@ -30,6 +30,7 @@ VARIANTS="full full-vim writer"
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+MINIMUM_RAM_MB=2000
 
 ETHERPAD_DOMAIN_NAME=
 ETHERPAD_CODE=

src/freedombone-app-gnusocial

@@ -30,6 +30,7 @@ VARIANTS='full full-vim social'
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 GNUSOCIAL_DOMAIN_NAME=
 GNUSOCIAL_CODE=
@@ -581,6 +582,7 @@ function remove_gnusocial {
     fi
     kill_pid=$(pgrep "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
     kill -9 "$kill_pid"
+    pkill "$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php"
 
     if [ -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
         rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
@@ -911,8 +913,8 @@ function install_gnusocial_main {
 }
 
 function install_gnusocial {
-    if [ ! "$ONION_ONLY" ]; then
-        ONION_ONLY='no'
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        return
     fi
 
     install_gnusocial_main
@@ -935,9 +937,12 @@ function install_gnusocial {
         sed -i 's|"theme":.*|"theme": "base16-apathy.css",|g' "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static/config.json"
     fi
 
-    # unleash the daemons!
+    # this has to be run as root initially, otherwise database tables
+    # don't get created
     cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 236482684
     php scripts/checkschema.php
+    sh scripts/startdaemons.sh
+
     /etc/cron.hourly/gnusocial-daemons
 
     systemctl restart nginx

src/freedombone-app-gogs

@@ -655,11 +655,11 @@ function install_gogs {
         echo $'No Tor installation found. Gogs onion site cannot be configured.'
         exit 877367
     fi
-    if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_gogs" "$ONION_SERVICES_FILE"; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
           echo 'HiddenServiceVersion 3';
           echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
-          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> "$ONION_SERVICES_FILE"
         echo $'Added onion site for Gogs'
     fi
 

src/freedombone-app-hubzilla

@@ -30,6 +30,7 @@ VARIANTS='full full-vim social'
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 HUBZILLA_DOMAIN_NAME=
 HUBZILLA_CODE=

src/freedombone-app-jitsi

@@ -32,6 +32,7 @@ VARIANTS=""
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
+NOT_ON_ONION=1
 
 VIDEOBRIDGE_PORT=5347
 JITSI_ONION_PORT=8102

src/freedombone-app-keyserver

@@ -656,12 +656,12 @@ function install_keyserver {
 
     chown debian-sks: $sksconf_file
 
-    if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_sks" "$ONION_SERVICES_FILE"; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
           echo 'HiddenServiceVersion 3';
           echo "HiddenServicePort 11370 127.0.0.1:11370";
           echo "HiddenServicePort 11373 127.0.0.1:11371";
-          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> "$ONION_SERVICES_FILE"
         echo $'Added onion site for sks'
     fi
 

src/freedombone-app-matrix

@@ -36,6 +36,8 @@ VARIANTS='full full-vim chat'
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
+MINIMUM_RAM_MB=1500
 
 MATRIX_DOMAIN_NAME=
 MATRIX_CODE=
@@ -702,7 +704,7 @@ function install_home_server {
 
     #MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
     add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
-    echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
+    echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> "$ONION_SERVICES_FILE"
     systemctl restart tor
 
     if [ ! "${MATRIX_PASSWORD}" ]; then

src/freedombone-app-pleroma

@@ -36,7 +36,7 @@ PLEROMA_CODE=
 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='e153b364a71de431787db236c57114f229162ddf'
+PLEROMA_COMMIT='762f6edc29a7a48e3a663e9bedec58e0036ff363'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""
@@ -62,6 +62,24 @@ pleroma_variables=(ONION_ONLY
                    MY_EMAIL_ADDRESS
                    MY_USERNAME)
 
+function pleroma_add_filtering {
+    if grep -q "# begin filtering" $pleroma_secret; then
+        return
+    fi
+    sed -i '/pbkdf2_rounds/a reject: []' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a federated_timeline_removal: [],' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a media_nsfw: [],' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a media_removal: [],' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a config :pleroma, :mrf_simple,' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a # begin filtering' $pleroma_secret
+
+    sed -i 's|reject: |  reject: |g' $pleroma_secret
+    sed -i 's|federated_timeline_removal: |  federated_timeline_removal: |g' $pleroma_secret
+    sed -i 's|media_nsfw: |  media_nsfw: |g' $pleroma_secret
+    sed -i 's|media_removal: |  media_removal: |g' $pleroma_secret
+    create_pleroma_blocklist
+}
+
 function pleroma_enable_chat {
     if [[ "$1" == 't'* || "$1" == 'y'* || "$1" == 'T'* || "$1" == 'Y'* ]]; then
         sed -i 's|"chatDisabled":.*|"chatDisabled": false,|g' $PLEROMA_DIR/priv/static/static/config.json
@@ -91,6 +109,7 @@ function create_pleroma_blocklist {
       echo 'users_query="DELETE FROM users WHERE"';
       echo 'websub_server_subscriptions_query="DELETE FROM websub_server_subscriptions WHERE"';
       echo 'websub_server_subscriptions_updated=';
+      echo 'filter_str=';
       echo 'while read blocked; do';
       echo "    if [[ \"\$blocked\" == *\".\"* || \"\$blocked\" == *\"@\"* ]]; then";
       echo "        if [ \${#blocked} -gt 4 ]; then";
@@ -102,6 +121,13 @@ function create_pleroma_blocklist {
       echo "            users_query=\"\${users_query} nickname ilike '%\${blocked}%'\"";
       echo '            objects_updated=1';
       echo "            if [[ \"\$blocked\" != *\"@\"* ]]; then";
+      echo '                # Create a filter string for the pleroma configuration';
+      echo "                if [ \"\$filter_str\" ]; then";
+      echo "                    filter_str=\"\${filter_str}, \\\"\$blocked\\\"\"";
+      echo '                else';
+      echo "                    filter_str=\"\\\"\${blocked}\\\"\"";
+      echo '                fi';
+      echo '';
       echo "                if ! grep -q \"127.0.0.1  \$blocked\" /etc/hosts; then";
       echo "                    echo \"127.0.0.1  \$blocked\" >> /etc/hosts";
       echo '                fi';
@@ -115,6 +141,19 @@ function create_pleroma_blocklist {
       echo '    fi';
       echo 'done </root/freedombone-firewall-domains.cfg';
       echo '';
+      echo "if [ \"\$filter_str\" ]; then";
+      echo "    if ! grep -q \" \$filter_str \" $pleroma_secret; then";
+      echo "        sed -i \"s| media_removal:.*| media_removal: [ \$filter_str ],|g\" $pleroma_secret";
+      echo "        sed -i \"s| federated_timeline_removal:.*| federated_timeline_removal: [ \$filter_str ],|g\" $pleroma_secret";
+      echo "        sed -i \"s| reject:.*| reject: [ \$filter_str ]|g\" $pleroma_secret";
+      echo "        chown -R pleroma:pleroma $PLEROMA_DIR";
+      echo '        sudo -u pleroma mix clean';
+      echo '        sudo -u pleroma mix deps.compile';
+      echo '        sudo -u pleroma mix compile';
+      echo '        systemctl restart pleroma';
+      echo '    fi';
+      echo 'fi';
+      echo '';
       echo 'cd /etc/postgresql';
       echo "if [ \$objects_updated ]; then";
       echo "    sudo -u postgres psql -d pleroma -c \"\$objects_query\"";
@@ -694,15 +733,21 @@ function configure_interactive_pleroma {
             enablechatstr=$'Disable chat system'
         fi
 
+        pleromatorstr=$'Enable routing through Tor for onion addresses'
+        if grep -q '9050' $pleroma_secret; then
+            pleromatorstr=$'Disable routing through Tor'
+        fi
+
         W=(1 $"Set a background image"
            2 $"Set the title"
            3 $"Disable new account registrations"
            4 $"Add a custom emoji"
            5 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)"
-           6 "$enablechatstr")
+           6 "$enablechatstr"
+           7 "$pleromatorstr")
 
         # shellcheck disable=SC2068
-        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Pleroma" --menu $"Choose an operation, or ESC to exit:" 13 60 6 "${W[@]}" 3>&2 2>&1 1>&3)
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Pleroma" --menu $"Choose an operation, or ESC to exit:" 14 60 7 "${W[@]}" 3>&2 2>&1 1>&3)
 
         if [ ! "$selection" ]; then
             break
@@ -720,14 +765,57 @@ function configure_interactive_pleroma {
                    pleroma_enable_chat true
                fi
                ;;
+            7) if grep -q '9050' $pleroma_secret; then
+                   pleroma_disable_tor
+               else
+                   pleroma_enable_tor
+               fi
+               ;;
         esac
     done
 }
 
+function pleroma_disable_tor {
+    if grep -q '9050' $pleroma_secret; then
+        sed -i '/9050/d' $pleroma_secret
+        sed -i 's|# config :pleroma, :http, proxy_url:|config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
+        pleroma_recompile
+    fi
+}
+
+function pleroma_enable_tor {
+    pleroma_tor_update=
+
+    if ! grep -q '{:socks5, :localhost, 9050}' $pleroma_secret; then
+        pleroma_tor_update=1
+    fi
+
+    if ! grep -q '# config :pleroma, :http, proxy_url:' $PLEROMA_DIR/config/config.exs; then
+        pleroma_tor_update=1
+    fi
+
+    if [ ! $pleroma_tor_update ]; then
+        return
+    fi
+
+    if ! grep -q '{:socks5, :localhost, 9050}' $pleroma_secret; then
+        sed -i '/9050/d' $pleroma_secret
+        sed -i '/url:/a config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}' $pleroma_secret
+    fi
+
+    if ! grep -q '# config :pleroma, :http, proxy_url:' $PLEROMA_DIR/config/config.exs; then
+        sed -i 's|config :pleroma, :http, proxy_url:|# config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
+    fi
+
+    pleroma_recompile
+}
+
 function upgrade_pleroma {
     read_config_param PLEROMA_DOMAIN_NAME
     read_config_param PLEROMA_EXPIRE_MONTHS
 
+    pleroma_add_filtering
+
     if ! grep -q "/media/" /etc/cron.daily/pleroma-expire; then
         rm $pleroma_expire_posts_script
     fi
@@ -738,6 +826,8 @@ function upgrade_pleroma {
         create_pleroma_blocklist
     fi
 
+    #pleroma_enable_tor
+
     CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
     if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
         return
@@ -748,6 +838,11 @@ function upgrade_pleroma {
         pleroma_registrations=
     fi
 
+    pleroma_chat_enabled=1
+    if grep -q ':chat, enabled: false' $PLEROMA_DIR/config/config.exs; then
+        pleroma_chat_enabled=
+    fi
+
     # make a copy of the configuration
     cp $PLEROMA_DIR/priv/static/static/config.json $PLEROMA_DIR/priv/static/static/config_prev.json
 
@@ -780,6 +875,12 @@ function upgrade_pleroma {
         sed -i 's|registrations_open: True|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
     fi
 
+    if [ ! $pleroma_chat_enabled ]; then
+        sed -i 's|config :pleroma, :chat.*|config :pleroma, :chat, enabled: false|g' $PLEROMA_DIR/config/config.exs
+    else
+        sed -i 's|config :pleroma, :chat.*|config :pleroma, :chat, enabled: true|g' $PLEROMA_DIR/config/config.exs
+    fi
+
     pleroma_recompile
 
     # migrate database
@@ -1252,6 +1353,10 @@ function install_pleroma {
     sed -i 's|redirect_on_failure:.*|redirect_on_failure: false|g' $PLEROMA_DIR/config/config.exs
     sed -i 's|:chat, enabled:.*|:chat, enabled: false|g' $PLEROMA_DIR/config/config.exs
 
+    # onion routing
+    sed -i '/url:/a config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}' $pleroma_secret
+    sed -i 's|config :pleroma, :http, proxy_url:|# config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
+
     # set registrations open initially
     sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
     sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
@@ -1264,6 +1369,8 @@ function install_pleroma {
     fi
     sed -i 's|"chatDisabled":.*|"chatDisabled": true,|g' $PLEROMA_DIR/priv/static/static/config.json
 
+    pleroma_add_filtering
+
     systemctl daemon-reload
     systemctl enable pleroma
     systemctl start pleroma

src/freedombone-app-postactiv

@@ -30,6 +30,7 @@ VARIANTS='full full-vim media'
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 POSTACTIV_DOMAIN_NAME=
 POSTACTIV_CODE=
@@ -65,11 +66,11 @@ function postactiv_customise_logo {
     domain_name=$1
 
     if [ -f "/var/www/${domain_name}/htdocs/static/logo.png" ]; then
-        if [ -f ~/freedombone/img/postactiv.png ]; then
-            cp ~/freedombone/img/postactiv.png "/var/www/${domain_name}/htdocs/static/logo.png"
+        if [ -f "$HOME/${PROJECT_NAME}/img/postactiv.png" ]; then
+            cp "$HOME/${PROJECT_NAME}/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
         else
-            if [ -f "/home/$MY_USERNAME/freedombone/img/postactiv.png" ]; then
-                cp "/home/$MY_USERNAME/freedombone/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
+            if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/postactiv.png" ]; then
+                cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
             fi
         fi
     fi
@@ -595,6 +596,7 @@ function remove_postactiv {
     fi
     kill_pid=$(pgrep "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
     kill -9 "$kill_pid"
+    pkill "$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php"
 
     if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
         rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
@@ -926,8 +928,8 @@ function install_postactiv_main {
 }
 
 function install_postactiv {
-    if [ ! "$ONION_ONLY" ]; then
-        ONION_ONLY='no'
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        return
     fi
 
     install_postactiv_main
@@ -952,7 +954,12 @@ function install_postactiv {
 
     expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS"
 
-    # unleash the daemons!
+    # this has to be run as root initially, otherwise database tables
+    # don't get created
+    cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 3658254254
+    sh scripts/startdaemons.sh
+    php scripts/checkschema.php
+
     /etc/cron.hourly/postactiv-daemons
 
     systemctl restart nginx

src/freedombone-app-riot

@@ -30,6 +30,7 @@ VARIANTS='full full-vim chat'
 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 RIOT_VERSION='0.13.3'
 RIOT_FILENAME="riot-v${RIOT_VERSION}"

src/freedombone-app-scuttlebot

@@ -376,6 +376,7 @@ function install_dat {
 }
 
 function mesh_install_scuttlebot {
+    #shellcheck disable=SC2153
     if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi

src/freedombone-app-searx

@@ -35,6 +35,7 @@ SHOW_ICANN_ADDRESS_ON_ABOUT=0
 SEARX_REPO="https://github.com/asciimoo/searx"
 SEARX_COMMIT='80460be8f69cea5f15c9d5ddbb63e4e48fde2dd0'
 SEARX_PATH=/etc
+SEARX_PORT=8888
 SEARX_ONION_PORT=8094
 SEARX_ONION_HOSTNAME=
 SEARX_LOGIN_TEXT=$"Search engine login"
@@ -55,12 +56,12 @@ function logging_off_searx {
 }
 
 function searx_set_default_background {
-    if [ -f ~/freedombone/img/backgrounds/searx.jpg ]; then
-        cp ~/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
+    if [ -f "$HOME/${PROJECT_NAME}/img/backgrounds/searx.jpg" ]; then
+        cp "$HOME/${PROJECT_NAME}/img/backgrounds/searx.jpg" /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
         chown -R searx:searx ${SEARX_PATH}/searx
     else
-        if [ -f "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" ]; then
-            cp "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" "/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg"
+        if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/backgrounds/searx.jpg" ]; then
+            cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/backgrounds/searx.jpg" "/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg"
             chown -R searx:searx ${SEARX_PATH}/searx
         fi
     fi
@@ -258,7 +259,7 @@ function create_searx_config {
       echo '    language : "all"';
       echo '';
       echo 'server:';
-      echo '    port : 8888';
+      echo "    port : ${SEARX_PORT}";
       echo '    bind_address : "127.0.0.1" # address to listen on';
       echo "    secret_key : \"${SEARX_SECRET_KEY}\"";
       echo "    base_url : http://${SEARX_ONION_HOSTNAME}/";
@@ -926,6 +927,7 @@ function install_searx {
     set_completion_param "searx commit" "$SEARX_COMMIT"
 
     # create an onion service
+    USE_V2_ONION_ADDRESS=1
     SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
 
     # an unprivileged user to run as
@@ -965,7 +967,7 @@ function install_searx {
       echo '    location / {'; } >> /etc/nginx/sites-available/searx
     function_check nginx_limits
     nginx_limits searx '1M'
-    { echo '        proxy_pass http://localhost:8888;';
+    { echo "        proxy_pass http://localhost:${SEARX_PORT};";
       echo "        #auth_basic \"${SEARX_LOGIN_TEXT}\";";
       echo '        #auth_basic_user_file /etc/nginx/.htpasswd;';
       echo '    }';

src/freedombone-app-tox

@@ -35,7 +35,7 @@ TOX_PORT=33445
 
 # upstream is https://github.com/TokTok/c-toxcore
 TOXCORE_REPO="https://github.com/bashrc/toxcore"
-TOXCORE_COMMIT='987ad5eac173442d6ad2d5cd80c2da763a815a9a'
+TOXCORE_COMMIT='7d399cedcfd20f0d91a8caf386ae3c63f4dcf285'
 
 TOXID_REPO="https://github.com/bashrc/toxid"
 TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
@@ -47,7 +47,7 @@ TOX_NODES=
 #  '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
 #)
 TOXIC_REPO="https://github.com/Tox/toxic"
-TOXIC_COMMIT='5cc83a7cb584886d90d7da15e8398215fed0d315'
+TOXIC_COMMIT='68ce17a57fd05599968a299e5dc516e183ebcf75'
 TOXIC_FILE=/usr/local/bin/toxic
 
 QTOX_REPO="https://github.com/bashrc/qTox"
@@ -184,8 +184,12 @@ function upgrade_tox {
     if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
         cd "$INSTALL_DIR/toxcore" || exit 53683563
         sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
-        autoreconf -i
-        ./configure --enable-daemon
+        ./autogen.sh
+        if [ ! -d "$INSTALL_DIR/toxcore/_build" ]; then
+            mkdir "$INSTALL_DIR/toxcore/_build"
+        fi
+        cd "$INSTALL_DIR/toxcore/_build" || return
+        cmake ..
         make
         make install
         systemctl daemon-reload
@@ -426,6 +430,7 @@ function install_tox_client {
 }
 
 function mesh_tox_node {
+    SECONDS=0
     # obtain commits from the main file
     TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
@@ -478,13 +483,13 @@ function mesh_tox_node {
         chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
         chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
         chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
-        chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
+        chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev cmake
     else
         apt-get -yq install build-essential libtool autotools-dev
         apt-get -yq install automake checkinstall check git yasm
         apt-get -yq install libsodium18 libsodium-dev libcap2-bin
         apt-get -yq install libconfig9 libconfig-dev autoconf
-        apt-get -yq install libopus-dev libvpx-dev
+        apt-get -yq install libopus-dev libvpx-dev cmake
     fi
 
     if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
@@ -508,23 +513,27 @@ function mesh_tox_node {
     if [ "${rootdir}" ]; then
         chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxcore
-autoreconf -i
-./configure --enable-daemon
+./autogen.sh
+mkdir _build
+cd _build || exit 1
+cmake ..
 make
 make install
 EOF
     else
         /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxcore
-autoreconf -i
-./configure --enable-daemon
+./autogen.sh
+mkdir _build
+cd _build || exit 1
+cmake ..
 make
 make install
 EOF
     fi
 
     # shellcheck disable=SC2086
-    cp $rootdir/usr/local/lib/libtoxcore* "$rootdir/usr/lib/"
+    cp -l $rootdir/usr/local/lib/libtoxcore* "$rootdir/usr/lib/"
     cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
     sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
     if [ "${rootdir}" ]; then
@@ -533,7 +542,6 @@ EOF
         systemctl enable tox-bootstrapd.service
     fi
 
-    SECONDS=0
     if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
         duration=$SECONDS
         echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
@@ -690,11 +698,14 @@ function mesh_tox_client {
     if [ "${rootdir}" ]; then
         chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
         chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
-        chroot "${rootdir}" apt-get -yq install libqrencode-dev
+        chroot "${rootdir}" apt-get -yq install libqrencode-dev libpng-dev libncurses5-dev libalut-dev
+        chroot "${rootdir}" apt-get -yq install libnotify-dev python3-dev
+        toxic_disable_notify=0
     else
         apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
         apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
-        apt-get -yq install libqrencode-dev
+        apt-get -yq install libqrencode-dev libpng-dev libncurses5-dev libalut-dev python3-dev
+        toxic_disable_notify=1
     fi
 
     TEMP_SCRIPT_NAME=fbtmp728353.sh
@@ -711,8 +722,11 @@ function mesh_tox_client {
       echo 'fi';
       echo "cd $INSTALL_DIR/toxic";
       echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
-      echo 'make';
-      echo 'if [ ! "$?" = "0" ]; then';
+      echo "export DISABLE_DESKTOP_NOTIFY=$toxic_disable_notify";
+      echo "export DISABLE_AV=$toxic_disable_notify";
+      echo "export DISABLE_X11=$toxic_disable_notify";
+      echo "export DISABLE_SOUND_NOTIFY=$toxic_disable_notify";
+      echo 'if ! make; then';
       echo '    exit 1';
       echo 'fi';
       echo 'make install';

src/freedombone-app-xmpp

@@ -51,6 +51,7 @@ prosody_nightly_url="https://prosody.im/nightly/${prosody_latest_version}/latest
 # From https://hg.prosody.im/prosody-modules
 prosody_modules_filename='prosody-modules-20180322.tar.gz'
 prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
+xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."
 
 xmpp_variables=(ONION_ONLY
                 INSTALLED_WITHIN_DOCKER
@@ -62,6 +63,37 @@ xmpp_variables=(ONION_ONLY
                 DEFAULT_DOMAIN_NAME
                 XMPP_DOMAIN_CODE)
 
+function xmpp_update_e2e_policy {
+    filename="$1"
+
+    read_config_param DEFAULT_DOMAIN_NAME
+    read_config_param ONION_ONLY
+
+    if ! grep -q "e2e_policy_muc" "$filename"; then
+        echo "e2e_policy_muc = \"none\"" >> "$filename"
+    else
+        sed -i 's|e2e_policy_muc.*|e2e_policy_muc = "none"|g' "$filename"
+    fi
+    if ! grep -q "e2e_policy_chat" "$filename"; then
+        echo "e2e_policy_chat = \"required\"" >> "$filename"
+    else
+        sed -i 's|e2e_policy_chat.*|e2e_policy_chat = "required"|g' "$filename"
+    fi
+    if ! grep -q "e2e_policy_message_required_chat" "$filename"; then
+        echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"" >> "$filename"
+    else
+        sed -i "s|e2e_policy_message_required_chat.*|e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"|g" "$filename"
+    fi
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+        sed -i "s|VirtualHost \".*.onion.*|VirtualHost \"${XMPP_ONION_HOSTNAME}\"|g" "$filename"
+        # TLS is not strictly needed for onion transport security
+        sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' "$filename"
+        sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' "$filename"
+    fi
+}
+
 function logging_on_xmpp {
     if [ -d /etc/prosody ]; then
         if [ ! -d /var/log/prosody ]; then
@@ -345,11 +377,11 @@ function update_prosody_modules {
 
     if [ ! -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
         # Obtain the modules
-        if [ -f ~/freedombone/image_build/$prosody_modules_filename ]; then
-            cp ~/freedombone/image_build/$prosody_modules_filename "$INSTALL_DIR"
+        if [ -f "$HOME/${PROJECT_NAME}/image_build/$prosody_modules_filename" ]; then
+            cp "$HOME/${PROJECT_NAME}/image_build/$prosody_modules_filename" "$INSTALL_DIR"
         else
-            if [ -f "/home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename" ]; then
-                cp "/home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename" "$INSTALL_DIR"
+            if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/$prosody_modules_filename" ]; then
+                cp "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/$prosody_modules_filename" "$INSTALL_DIR"
             fi
         fi
 
@@ -425,6 +457,10 @@ function upgrade_xmpp {
             usermod -a -G ssl-cert prosody
         fi
     fi
+
+    xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
+    xmpp_update_e2e_policy /etc/prosody/prosody.cfg.lua
+
     prosody_daemon_restart_script
     function_check update_prosody_modules
     update_prosody_modules
@@ -608,7 +644,7 @@ function remove_xmpp {
 
     function_check remove_onion_service
     remove_onion_service xmpp 5222 5223 5269
-    sed -i '/HiddenServiceVersion 2/d' /etc/tor/torrc
+    sed -i '/HiddenServiceVersion 2/d' "$ONION_SERVICES_FILE"
 
     apt-mark -q unhold prosody
     apt-get -yq remove --purge prosody
@@ -818,11 +854,16 @@ function xmpp_create_config {
     else
         echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     fi
+
     { echo '}';
       echo '';
       echo 'c2s_require_encryption = true';
       echo 's2s_require_encryption = true';
       echo '';
+      echo 'e2e_policy_muc = "none"';
+      echo 'e2e_policy_chat = "required"';
+      echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"";
+      echo '';
       echo 's2s_secure_auth = false';
       echo '';
       echo 'authentication = "internal_hashed"';
@@ -838,6 +879,9 @@ function xmpp_create_config {
       echo ''; } >> /etc/prosody/prosody.cfg.lua
     if [[ "$ONION_ONLY" != 'no' ]]; then
         echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
+        # TLS is not needed for onion transport security
+        sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
     else
         echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
     fi
@@ -1068,6 +1112,14 @@ function install_xmpp {
     else
         sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        sed -i 's|c2s_require_encryption.*|c2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i 's|s2s_require_encryption.*|s2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+
+    xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
+
     if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
         echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
     else
@@ -1079,11 +1131,11 @@ function install_xmpp {
         echo $'No Tor installation found. xmpp onion site cannot be configured.'
         exit 877367
     fi
-    if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_xmpp" "$ONION_SERVICES_FILE"; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/';
           echo 'HiddenServiceVersion 2';
           echo "HiddenServicePort 5222 127.0.0.1:5222";
-          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> "$ONION_SERVICES_FILE"
         echo $'Added onion site for xmpp chat'
     fi
 

src/freedombone-base-email

@@ -224,12 +224,12 @@ function email_create_template {
 
 function create_email_onion_address {
     email_hostname='/var/lib/tor/hidden_service_email/hostname'
-    if ! grep -q "hidden_service_email" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_email" $ONION_SERVICES_FILE; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
           echo 'HiddenServiceVersion 3';
           echo 'HiddenServicePort 25 127.0.0.1:25';
           echo 'HiddenServicePort 587 127.0.0.1:587';
-          echo 'HiddenServicePort 465 127.0.0.1:465'; } >> /etc/tor/torrc
+          echo 'HiddenServicePort 465 127.0.0.1:465'; } >> $ONION_SERVICES_FILE
 
         function_check onion_update
         onion_update
@@ -320,26 +320,9 @@ function configure_email_onion {
       echo "  hosts_avoid_tls = *";
       echo "  socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
 
-    if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
-        echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
-    else
-        sed -i 's|#AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
-        sed -i 's|AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
-    fi
-
-    if ! grep -q "DNSPort " /etc/tor/torrc; then
-        echo 'DNSPort 5300' >> /etc/tor/torrc
-    else
-        sed -i 's|#DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
-        sed -i 's|DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
-    fi
-
-    if ! grep -q "DNSListenAddress" /etc/tor/torrc; then
-        echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
-    else
-        sed -i 's|#DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
-        sed -i 's|DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
-    fi
+    { echo 'DNSPort 5300';
+      echo 'DNSListenAddress 127.0.0.1';
+      echo 'AutomapHostsOnResolve 1'; } > /etc/torrc.d/dns
 
     update-exim4.conf.template -r
     update-exim4.conf

src/freedombone-config

@@ -138,7 +138,7 @@ function show_help {
     echo ''
     echo ''
     echo $'  -h --help                         Show help'
-    echo $'  -f --filename                     Configuration file (usually freedombone.cfg)'
+    echo $"  -f --filename                     Configuration file (usually ${PROJECT_NAME}.cfg)"
     echo $'  -m --min                          Minimum password length (characters)'
     echo $'  -w --www                          Freedombone web site'
     echo $'  -o --onion [yes|no]               Whether to only create .onion sites'

src/freedombone-controlpanel

@@ -224,108 +224,153 @@ function show_tor_bridges {
 function show_domains {
     read_config_param "DEFAULT_DOMAIN_NAME"
 
-    W=()
+    while true
+    do
+        W=()
 
-    W+=("IPv4" "$(get_ipv4_address) / $(get_external_ipv4_address)")
-    ipv6_address="$(get_ipv6_address)"
-    if [ ${#ipv6_address} -gt 0 ]; then
-        W+=("IPv6" "${ipv6_address}")
-    fi
+        W+=("IPv4" "$(get_ipv4_address) / $(get_external_ipv4_address)")
+        ipv6_address="$(get_ipv6_address)"
+        if [ ${#ipv6_address} -gt 0 ]; then
+            W+=("IPv6" "${ipv6_address}")
+        fi
 
+        if [ -f /etc/ssh/ssh_host_rsa_key.pub ]; then
+            W+=("ssh rsa sha256" "$(awk '{print $2}' /etc/ssh/ssh_host_rsa_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 | sed 's|=||g')")
+        fi
+        if [ -f /etc/ssh/ssh_host_ed25519_key.pub ]; then
+            W+=("ssh ed25519 sha256" "$(awk '{print $2}' /etc/ssh/ssh_host_ed25519_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 | sed 's|=||g')")
+        fi
 
-    if grep -q "ssh onion domain" "$COMPLETION_FILE"; then
-        domain_onion=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
-        W+=("ssh" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
-    fi
-    if grep -q "email onion domain" "$COMPLETION_FILE"; then
-        domain_onion=$(grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
-        W+=("Email" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
-    fi
-    if grep -q "sks onion domain" "$COMPLETION_FILE"; then
-        read_config_param "KEYSERVER_DOMAIN_NAME"
-        domain_onion=$(grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
-        W+=("SKS" "${KEYSERVER_DOMAIN_NAME} / ${domain_onion}")
-    fi
+        if grep -q "ssh onion domain" "$COMPLETION_FILE"; then
+            domain_onion=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
+            W+=("ssh" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
+        fi
+        if grep -q "email onion domain" "$COMPLETION_FILE"; then
+            domain_onion=$(grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
+            W+=("Email" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
+        fi
+        if grep -q "sks onion domain" "$COMPLETION_FILE"; then
+            read_config_param "KEYSERVER_DOMAIN_NAME"
+            domain_onion=$(grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
+            W+=("SKS" "${KEYSERVER_DOMAIN_NAME} / ${domain_onion}")
+        fi
 
-    INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
-    if [ -f $INTRODUCER_FILENAME ]; then
-        W+=("Tahoe-LAFS" "$(cat $INTRODUCER_FILENAME)")
-    fi
+        INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
+        if [ -f $INTRODUCER_FILENAME ]; then
+            W+=("Tahoe-LAFS" "$(cat $INTRODUCER_FILENAME)")
+        fi
 
-    show_tor_bridges
+        show_tor_bridges
 
-    # shellcheck disable=SC2068
-    for app_name in ${APPS_INSTALLED_NAMES[@]}
-    do
-        if ! grep -q "SHOW_ON_ABOUT=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
-            continue
-        fi
+        # shellcheck disable=SC2068
+        for app_name in ${APPS_INSTALLED_NAMES[@]}
+        do
+            if ! grep -q "SHOW_ON_ABOUT=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
+                continue
+            fi
 
-        # handle the foibles of capitalisation
-        if ! grep -q "${app_name} domain" "$COMPLETION_FILE"; then
-            app_name_upper=$(echo "${app_name}" | awk '{print toupper($0)}')
-            if grep -q "${app_name_upper} domain" "$COMPLETION_FILE"; then
-                app_name=${app_name_upper}
-            else
-                app_name_first_upper="$(tr '[:lower:]' '[:upper:]' <<< "${app_name:0:1}")${app_name:1}"
-                if grep -q "${app_name_first_upper} domain" "$COMPLETION_FILE"; then
-                    app_name=${app_name_first_upper}
+            # handle the foibles of capitalisation
+            if ! grep -q "${app_name} domain" "$COMPLETION_FILE"; then
+                app_name_upper=$(echo "${app_name}" | awk '{print toupper($0)}')
+                if grep -q "${app_name_upper} domain" "$COMPLETION_FILE"; then
+                    app_name=${app_name_upper}
+                else
+                    app_name_first_upper="$(tr '[:lower:]' '[:upper:]' <<< "${app_name:0:1}")${app_name:1}"
+                    if grep -q "${app_name_first_upper} domain" "$COMPLETION_FILE"; then
+                        app_name=${app_name_first_upper}
+                    fi
                 fi
             fi
-        fi
 
-        if [ ${#app_name} -gt 0 ]; then
-            icann_address=$(get_app_icann_address "$app_name")
-            if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
-                icann_address='-'
-            fi
-            if [[ "$ONION_ONLY" != 'no' ]]; then
-                if [[ "${icann_address}" != "${LOCAL_NAME}.local" ]]; then
+            if [ ${#app_name} -gt 0 ]; then
+                icann_address=$(get_app_icann_address "$app_name")
+                if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
                     icann_address='-'
                 fi
-            fi
-            onion_address=$(get_app_onion_address "$app_name")
-            if [ ${#onion_address} -eq 0 ]; then
-                onion_address="-"
-            fi
-
-            if [[ "${icann_address}" != '-' ]]; then
-                if [[ "${onion_address}" != '-' ]]; then
-                    W+=("${app_name}" "${icann_address} / ${onion_address}")
-                else
-                    W+=("${app_name}" "${icann_address}")
+                if [[ "$ONION_ONLY" != 'no' ]]; then
+                    if [[ "${icann_address}" != "${LOCAL_NAME}.local" ]]; then
+                        icann_address='-'
+                    fi
+                fi
+                onion_address=$(get_app_onion_address "$app_name")
+                if [ ${#onion_address} -eq 0 ]; then
+                    onion_address="-"
                 fi
-            else
-                W+=("${app_name}" "${onion_address}")
-            fi
 
-            if grep -q "mobile${app_name} onion domain" "$COMPLETION_FILE"; then
-                onion_address=$(get_app_onion_address "${app_name}" "mobile")
                 if [[ "${icann_address}" != '-' ]]; then
-                    W+=("${app_name} (mobile)" "${icann_address} / ${onion_address}")
+                    if [[ "${onion_address}" != '-' ]]; then
+                        W+=("${app_name}" "${icann_address} / ${onion_address}")
+                    else
+                        W+=("${app_name}" "${icann_address}")
+                    fi
                 else
-                    W+=("${app_name} (mobile)" "${onion_address}")
+                    W+=("${app_name}" "${onion_address}")
+                fi
+
+                if grep -q "mobile${app_name} onion domain" "$COMPLETION_FILE"; then
+                    onion_address=$(get_app_onion_address "${app_name}" "mobile")
+                    if [[ "${icann_address}" != '-' ]]; then
+                        W+=("${app_name} (mobile)" "${icann_address} / ${onion_address}")
+                    else
+                        W+=("${app_name} (mobile)" "${onion_address}")
+                    fi
                 fi
             fi
-        fi
-    done
+        done
 
-    if grep -q "rss reader domain" "$COMPLETION_FILE"; then
-        if [ -d /var/lib/tor/hidden_service_ttrss ]; then
-            domain_onion=$(cat /var/lib/tor/hidden_service_ttrss/hostname)
-            W+=("RSS Reader" "${domain_onion}")
-        fi
-        if [ -d /var/lib/tor/hidden_service_mobilerss ]; then
-            domain_onion=$(cat /var/lib/tor/hidden_service_mobilerss/hostname)
-            W+=("RSS mobile" "${domain_onion}")
+        if grep -q "rss reader domain" "$COMPLETION_FILE"; then
+            if [ -d /var/lib/tor/hidden_service_ttrss ]; then
+                domain_onion=$(cat /var/lib/tor/hidden_service_ttrss/hostname)
+                W+=("RSS Reader" "${domain_onion}")
+            fi
+            if [ -d /var/lib/tor/hidden_service_mobilerss ]; then
+                domain_onion=$(cat /var/lib/tor/hidden_service_mobilerss/hostname)
+                W+=("RSS mobile" "${domain_onion}")
+            fi
         fi
-    fi
 
-    width=$(tput cols)
-    height=$(tput lines)
+        width=$(tput cols)
+        height=$(tput lines)
 
-    # shellcheck disable=SC2068
-    dialog --backtitle $"Freedombone Control Panel" --title $"Domains" --menu $"Use Shift+cursors to select and copy onion addresses" $((height-4)) $((width-4)) $((height-4)) "${W[@]}" 3>&2 2>&1 1>&3
+        # shellcheck disable=SC2068
+        selected=$(dialog --backtitle $"Freedombone Control Panel" --title $"Domains" --menu $"Use Shift+cursors to select and copy onion addresses" $((height-4)) $((width-4)) $((height-4)) "${W[@]}" 3>&2 2>&1 1>&3)
+        if [ ! "$selected" ]; then
+            break
+        fi
+        # obtain the addresses from the key by itterating through
+        # the array. This is quite crude and maybe there's a better way
+        key_found=
+        selected_addresses=
+        for key in "${W[@]}";
+        do
+            if [ $key_found ]; then
+                selected_addresses="$key"
+                break
+            fi
+            if [[ "$key" == "$selected" ]]; then
+                key_found=1
+            fi
+        done
+        # Was the key matched?
+        if [ ! "$selected_addresses" ]; then
+            break
+        fi
+        # addresses were found - is this an onion?
+        if [[ "$selected_addresses" != *".onion"* ]]; then
+            continue
+        fi
+        # There are two forms of addresses: "x / y.onion" and "x.onion"
+        if [[ "$selected_addresses" == *'/'* ]]; then
+            onion_addr=$(echo "$selected_addresses" | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
+        else
+            onion_addr="$selected_addresses"
+        fi
+        # show the onion address as a QR code
+        clear
+        echo "${selected}: ${onion_addr}"
+        echo -n "$onion_addr" | qrencode -t UTF8
+        any_key
+    done
 }
 
 function show_users {
@@ -362,40 +407,10 @@ function show_tahoelafs {
     echo ''
 }
 
-function show_ip_addresses {
-    echo $'IP/DNS addresses'
-    echo '================'
-    echo ''
-    echo -n "IPv4: $(get_ipv4_address)/$(get_external_ipv4_address)"
-    ipv6_address="$(get_ipv6_address)"
-    if [ ${#ipv6_address} -gt 0 ]; then
-        echo "    IPv6: ${ipv6_address}"
-    fi
-    echo ''
-    echo ''
-}
-
-function show_ssh_public_key {
-    echo $'SSH Public Keys'
-    echo '==============='
-    echo ''
-    get_ssh_server_key
-    echo ''
-    echo ''
-}
-
 function show_about {
     detect_apps
     get_apps_installed_names
-
-    #clear
-    #echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
-    #echo ''
-    #show_ip_addresses
-    #show_ssh_public_key
     show_domains
-    #show_users
-    #any_key
 }
 
 function select_user {
@@ -1817,6 +1832,28 @@ function wifi_enable {
     "${PROJECT_NAME}-wifi" --disable $disable_wifi
 }
 
+function performance_benchmarks {
+    clear
+
+    if [ ! -f /sbin/hdparm ]; then
+        apt-get -yq install hdparm
+    fi
+
+    test_drive=/dev/sda1
+    if ! ls $test_drive; then
+        if ls /dev/mmcblk0p2; then
+            test_drive=/dev/mmcblk0p2
+        else
+            return
+        fi
+    fi
+    clear
+    echo ''
+    echo $"Testing read speed of drive $test_drive"
+    hdparm -tT $test_drive
+    any_key
+}
+
 function add_clacks {
     clacks=
 
@@ -1943,8 +1980,9 @@ function menu_top_level {
            12 $"Wifi menu"
            13 $"Add Clacks"
            14 $"Check for updates"
-           15 $"Power off the system"
-           16 $"Restart the system")
+           15 $"Performance Benchmarks"
+           16 $"Power off the system"
+           17 $"Restart the system")
 
         # shellcheck disable=SC2068
         selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 24 60 24 "${W[@]}" 3>&2 2>&1 1>&3)
@@ -1973,8 +2011,9 @@ function menu_top_level {
             12) menu_wifi;;
             13) add_clacks;;
             14) check_for_updates;;
-            15) shut_down_system;;
-            16) restart_system;;
+            15) performance_benchmarks;;
+            16) shut_down_system;;
+            17) restart_system;;
         esac
     done
 }

src/freedombone-controlpanel-user

@@ -434,6 +434,10 @@ function show_gpg_key {
     dialog --title $"My PGP/GPG Key" \
            --backtitle $"Freedombone User Control Panel" \
            --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
+    clear
+    echo $"Your GPG/PGP public key:"
+    gpg --armor --export "$GPG_ID" | qrencode -t UTF8
+    any_key
 }
 
 function show_full_gpg_key {

src/freedombone-image

@@ -74,6 +74,8 @@ IMAGE_NAME='full'
 USERNAME="$USER"
 PASSWORD=
 
+CONTINUOUS_INTEGRATION=
+
 # IP address of the router (gateway)
 ROUTER_IP_ADDRESS="192.168.1.254"
 
@@ -153,6 +155,10 @@ MULTIPATH_TOOLS_REPO="https://aur.archlinux.org/multipath-tools.git"
 MBR_REPO="https://aur.archlinux.org/mbr.git"
 CLIAPP_REPO="git://git.liw.fi/cliapp"
 
+# Whether to use a SATA drive and if so what its device/partition name is
+# eg. sda2
+EXTERNAL_DRIVE=
+
 function image_setup {
     setup_type=$1
 
@@ -240,7 +246,7 @@ function image_setup {
             cd "$USERHOME/develop/multipath-tools" || exit 27462454
             makepkg --force --noconfirm
             makepkg -i --force --noconfirm
-            sudo wget "https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
+            sudo wget "https://raw.githubusercontent.com/bashrc/${PROJECT_NAME}/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
             sudo cp -f "/usr/share/debootstrap/scripts/debscript" "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
             if [ ! -f "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" ]; then
                 echo $"No debian debootstrap script was found for $DEBIAN_VERSION"
@@ -374,6 +380,10 @@ do
             shift
             INTERACTIVE="$1"
             ;;
+        --ci)
+            shift
+            CONTINUOUS_INTEGRATION="$1"
+            ;;
         -g|--generic)
             shift
             GENERIC_IMAGE="$1"
@@ -453,6 +463,10 @@ do
             shift
             LOCAL_NAME="$1"
             ;;
+        --sata|--hdd)
+            shift
+            EXTERNAL_DRIVE="$1"
+            ;;
         *)
             # unknown option
             ;;
@@ -533,6 +547,10 @@ if [[ $ONION_ONLY != "no" ]]; then
     IMAGE_NAME=$'onion'
 fi
 
+if [ "$EXTERNAL_DRIVE" ]; then
+    IMAGE_NAME=$'sata'
+fi
+
 if [[ $VARIANT == 'mesh' ]]; then
     IMAGE_NAME=$'mesh'
     # typically not much disk space is needed for a mesh node
@@ -601,6 +619,8 @@ make "$IMAGE_TYPE" \
      INSECURE="$INSECURE" \
      AMNESIC="$AMNESIC" \
      SOCIALINSTANCE="$SOCIALINSTANCE" \
+     EXTERNAL_DRIVE="$EXTERNAL_DRIVE" \
+     CONTINUOUS_INTEGRATION="$CONTINUOUS_INTEGRATION" \
      LOCAL_NAME="$LOCAL_NAME"
 
 # shellcheck disable=SC2181
@@ -628,8 +648,8 @@ fi
 for im in ${image_types[@]}
 do
     # shellcheck disable=SC2012,SC2086
-    no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l)
-    if (( no_of_files > 0 )); then
+    no_of_files=$(ls -l build/${PROJECT_NAME}*.${im} | wc -l)
+    if [ "$no_of_files" -gt 0 ]; then
         # shellcheck disable=SC2086
         mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/
         # shellcheck disable=SC2086
@@ -698,8 +718,8 @@ if [[ $IMAGE_TYPE != "qemu"* ]]; then
     fi
     echo ''
     echo "    unxz -k ${PROJECT_NAME}*.img.xz"
-    echo '    sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8'
-    echo "    sudo dd bs=1M if=${PROJECT_NAME}*.img of=/dev/sdX conv=fdatasync"
+    echo '    sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8'
+    echo "    sudo dd bs=32M if=${PROJECT_NAME}*.img of=/dev/sdX conv=fdatasync"
     echo ''
 fi
 

src/freedombone-image-customise

@@ -139,8 +139,14 @@ BMX6_COMMIT='39dd1f2d99ac5a3fa28e92f8173c15039132e181'
 BMX7_REPO="https://github.com/bmx-routing/bmx7"
 BMX7_COMMIT='0a82c7c10fef44b259b35e77ab33632aa132d219'
 
+CONTINUOUS_INTEGRATION=
+
 PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
 
+# Whether to use a SATA drive and if so what its device/partition name is
+# eg. sda2
+EXTERNAL_DRIVE=
+
 configure_backports() {
     echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> "$rootdir/etc/apt/sources.list"
 }
@@ -437,7 +443,7 @@ EOF
       echo "                    echo 'User=root' >> /etc/systemd/system/wifistart.service";
       echo "                    echo 'Group=root' >> /etc/systemd/system/wifistart.service";
       echo "                    echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service";
-      echo "                    echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'ExecStart=/usr/local/bin/${PROJECT_NAME}-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service";
       echo "                    echo '' >> /etc/systemd/system/wifistart.service";
       echo "                    echo '[Install]' >> /etc/systemd/system/wifistart.service";
       echo "                    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service";
@@ -483,7 +489,7 @@ continue_installation() {
 }
 
 atheros_wifi() {
-    chroot "$rootdir" dpkg -i /root/freedombone/drivers/firmware-ath9k-htc.deb
+    chroot "$rootdir" dpkg -i /root/${PROJECT_NAME}/drivers/firmware-ath9k-htc.deb
     chroot "$rootdir" apt-get -yq install firmware-linux-free
 }
 
@@ -1526,7 +1532,7 @@ if [ \$no_of_users -gt 0 ]; then
             echo 'Comment[it]=Crea un invito per patchwork' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Comment[ru]=    ' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Comment[zh]=' >> /home/$MY_USERNAME/Desktop/invite.desktop
-            echo 'Exec=mate-terminal -e freedombone-mesh-invite' >> /home/$MY_USERNAME/Desktop/invite.desktop
+            echo 'Exec=mate-terminal -e ${PROJECT_NAME}-mesh-invite' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Icon=/usr/share/$PROJECT_NAME/avatars/icon_invite.png' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/invite.desktop
@@ -1719,7 +1725,7 @@ image_setup_utils() {
     chroot "$rootdir" apt-get -yq dist-upgrade
     chroot "$rootdir" apt-get -yq install ca-certificates
     chroot "$rootdir" apt-get -yq install apt-utils
-    chroot "$rootdir" apt-get -yq install shellcheck
+    chroot "$rootdir" apt-get -yq install shellcheck hdparm
 
     if [[ "$ARCHITECTURE" == 'amd64' ]]; then
         chroot "$rootdir" apt-get -yq install linux-image-amd64
@@ -1762,8 +1768,8 @@ image_setup_utils() {
     chroot "$rootdir" apt-get -yq -t stretch-backports install tor
     chroot "$rootdir" apt-get -yq install connect-proxy
     chroot "$rootdir" connect-proxy
-    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
-    sed -i 's|Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
+    sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' "$rootdir/etc/tor/torrc"
+    sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' "$rootdir/etc/tor/torrc"
     sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" "$rootdir/etc/tor/torrc"
     sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" "$rootdir/etc/tor/torrc"
     if ! grep -q 'Host *.onion' "$rootdir/root/.ssh/config"; then

src/freedombone-image-hardware-setup

@@ -155,6 +155,10 @@ beaglebone_repack_kernel() {
 
 a20_setup_boot() {
     dtb="$1"
+    a20_root_device='mmcblk0p2'
+    if [ "$2" ]; then
+        a20_root_device="$2"
+    fi
 
     # Setup boot.cmd
     if grep -q btrfs /etc/fstab ; then
@@ -173,7 +177,7 @@ a20_setup_boot() {
 setenv mmcdev 0
 setenv mmcpart 1
 
-setenv mmcroot /dev/mmcblk0p2 ro
+setenv mmcroot /dev/${a20_root_device} ro
 setenv mmcrootfstype $fstype rootwait fixrtc
 setenv mmcrootflags subvol=@
 
@@ -239,27 +243,27 @@ case "$MACHINE" in
         enable_serial_console ttyO0
         ;;
     cubietruck)
-        a20_setup_boot sun7i-a20-cubietruck.dtb
+        a20_setup_boot sun7i-a20-cubietruck.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     a20-olinuxino-lime)
-        a20_setup_boot sun7i-a20-olinuxino-lime.dtb
+        a20_setup_boot sun7i-a20-olinuxino-lime.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     a20-olinuxino-lime2)
-        a20_setup_boot sun7i-a20-olinuxino-lime2.dtb
+        a20_setup_boot sun7i-a20-olinuxino-lime2.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     a20-olinuxino-micro)
-        a20_setup_boot sun7i-a20-olinuxino-micro.dtb
+        a20_setup_boot sun7i-a20-olinuxino-micro.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     cubieboard2)
-        a20_setup_boot sun7i-a20-cubieboard2.dtb
+        a20_setup_boot sun7i-a20-cubieboard2.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     pcduino3)
-        a20_setup_boot sun7i-a20-pcduino3.dtb
+        a20_setup_boot sun7i-a20-pcduino3.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
 esac

src/freedombone-image-make

@@ -77,6 +77,8 @@ export INSECURE
 export AMNESIC
 export SOCIALINSTANCE
 export LOCAL_NAME
+export EXTERNAL_DRIVE
+export CONTINUOUS_INTEGRATION
 
 # Locate vmdebootstrap program fetched in Makefile
 basedir=`pwd`
@@ -101,7 +103,7 @@ a20_pkgs="linux-image-armmp-lpae u-boot-tools u-boot u-boot-sunxi"
 # Packages needed for self-hosted development
 dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial"
 
-echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE".
+echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE" "$EXTERNAL_DRIVE"
 
 case "$MACHINE" in
     beaglebone)
@@ -225,7 +227,9 @@ sed -i "s|INSECURE=.*|INSECURE=\"${INSECURE}\"|g" "$TEMP_CUSTOMISE3"
 sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" "$TEMP_CUSTOMISE3"
 sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" "$TEMP_CUSTOMISE3"
 sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|EXTERNAL_DRIVE=.*|EXTERNAL_DRIVE=\"${EXTERNAL_DRIVE}\"|g" "$TEMP_CUSTOMISE3"
 sed -i 's|#!/bin/bash||g' "$TEMP_CUSTOMISE3"
+sed -i "s|CONTINUOUS_INTEGRATION=.*|CONTINUOUS_INTEGRATION=${CONTINUOUS_INTEGRATION}|g" "$TEMP_CUSTOMISE3"
 
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
 if [ -f $TEMP_CUSTOMISE ]; then
@@ -254,6 +258,7 @@ sudo -H \
      ARCHITECTURE="$ARCHITECTURE" \
      SOURCE="$SOURCE" \
      CUSTOM_SETUP="$CUSTOM_SETUP" \
+     EXTERNAL_DRIVE="$EXTERNAL_DRIVE" \
      $VMDEBOOTSTRAP \
      --log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
      --log-level debug \

src/freedombone-image-makefile

@@ -41,8 +41,13 @@ IMAGE = $(NAME).img
 ARCHIVE = $(IMAGE).xz
 SIGNATURE = $(ARCHIVE).sig
 OWNER = 1000
-XZ = xz --no-warn --verbose --keep --threads=0 -3
-SIGN = -gpg --output $(SIGNATURE) --detach-sig $(ARCHIVE)
+ifeq ("$CONTINUOUS_INTEGRATION", "")
+    XZ = xz --no-warn --verbose --keep --threads=0 -3 $(IMAGE)
+    SIGN = -gpg --output $(SIGNATURE) --detach-sig $(ARCHIVE)
+else
+	XZ =
+	SIGN =
+endif
 
 # settings for `make test`
 TEST_SSH_PORT = 2222
@@ -90,7 +95,7 @@ beaglebone: prep
 	$(eval MACHINE = beaglebone)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -101,7 +106,7 @@ cubieboard2: prep
 	$(eval MACHINE = cubieboard2)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -112,7 +117,7 @@ pcduino3: prep
 	$(eval MACHINE = pcduino3)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -123,7 +128,7 @@ cubietruck: prep
 	$(eval MACHINE = cubietruck)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -135,7 +140,7 @@ a20-olinuxino-lime: prep
 	$(eval IMAGE = $(NAME).img)
 	$(MAKE_IMAGE)
 	rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 
@@ -145,7 +150,7 @@ a20-olinuxino-lime2: prep
 	$(eval MACHINE = a20-olinuxino-lime2)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -156,7 +161,7 @@ a20-olinuxino-micro: prep
 	$(eval MACHINE = a20-olinuxino-micro)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -167,7 +172,7 @@ i386: prep
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -178,7 +183,7 @@ i686: prep
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -189,7 +194,7 @@ amd64: prep
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -200,7 +205,7 @@ apu: prep
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -215,7 +220,7 @@ qemu-i386: prep
 	# Convert image to qemu format
 	qemu-img convert -O qcow2 $(NAME).img $(NAME).qcow2
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
@@ -227,7 +232,7 @@ qemu-x86_64: prep
 	# Convert image to qemu format
 	qemu-img convert -O qcow2 $(NAME).img $(NAME).qcow2
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."

src/freedombone-image-vmdebootstrap

@@ -30,7 +30,7 @@ export TEXTDOMAIN=${PROJECT_NAME}-image-vmdebootstrap
 export TEXTDOMAINDIR="/usr/share/locale"
 
 VMDEBOOTSTRAP_REPO="https://github.com/bashrc/vmdebootstrap"
-VMDEBOOTSTRAP_BRANCH='bashrc/freedombone'
+VMDEBOOTSTRAP_BRANCH="bashrc/${PROJECT_NAME}"
 
 mkdir -p vendor
 if [ -d vendor/vmdebootstrap ] ; then

src/freedombone-logging

@@ -90,48 +90,31 @@ function turn_logging_off {
     done
 }
 
-function turn_off_rsys_logging {
-    if ! grep -q '/var/log/auth.log' /etc/rsyslog.conf; then
-        return
-    fi
-    sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.info.*|mail.info            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.warn.*|mail.warn            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.err.*|mail.err            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|daemon.\*.*|daemon.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.\*.*|mail.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|user.\*.*|user.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
-    sed -i 's|cron.\*.*|cron.\*             /dev/null|g' /etc/rsyslog.conf
-    $REMOVE_FILES_COMMAND /var/log/wtmp*
-    $REMOVE_FILES_COMMAND /var/log/debug*
-    $REMOVE_FILES_COMMAND /var/log/cron.*
-    $REMOVE_FILES_COMMAND /var/log/auth.*
-    $REMOVE_FILES_COMMAND /var/log/mail.*
-    $REMOVE_FILES_COMMAND /var/log/daemon.*
-    $REMOVE_FILES_COMMAND /var/log/user.*
-    $REMOVE_FILES_COMMAND /var/log/messages*
-}
-
 function turn_on_rsys_logging {
-    if grep -q '/var/log/auth.log' /etc/rsyslog.conf; then
-        return
-    fi
-    sed -i 's|mail,news.none.*|mail,news.none      -/var/log/messages|g' /etc/rsyslog.conf
-    sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /var/log/auth.log|g' /etc/rsyslog.conf
-    sed -i 's|mail.info.*|mail.info            -/var/log/mail.info|g' /etc/rsyslog.conf
-    sed -i 's|mail.warn.*|mail.warn            -/var/log/mail.warn|g' /etc/rsyslog.conf
-    sed -i 's|mail.err.*|mail.err            /var/log/mail.err|g' /etc/rsyslog.conf
-    sed -i 's|daemon.\*.*|daemon.\*              -/var/log/daemon.log|g' /etc/rsyslog.conf
-    sed -i 's|mail.\*.*|mail.\*              -/var/log/mail.log|g' /etc/rsyslog.conf
-    sed -i 's|user.\*.*|user.\*              -/var/log/user.log|g' /etc/rsyslog.conf
-    sed -i 's|news.none;mail.none.*|news.none;mail.none -/var/log/debug|g' /etc/rsyslog.conf
-    sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      -/var/log/syslog|g' /etc/rsyslog.conf
-    sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
-    sed -i 's|cron.\*.*|cron.\*             /var/log/cron.log|g' /etc/rsyslog.conf
+    save_rsys_header
+
+    { echo 'auth,authpriv.*         /var/log/auth.log';
+      echo '*.*;auth,authpriv.none -/var/log/syslog';
+      echo 'cron.*                  /var/log/cron.log';
+      echo 'daemon.*               -/var/log/daemon.log';
+      echo 'kern.*                 -/var/log/kern.log';
+      echo 'lpr.*                  -/var/log/lpr.log';
+      echo 'mail.*                 -/var/log/mail.log';
+      echo 'user.*                 -/var/log/user.log';
+      echo '';
+      echo 'mail.info              -/var/log/mail.info';
+      echo 'mail.warn              -/var/log/mail.warn';
+      echo 'mail.err                /var/log/mail.err';
+      echo '';
+      echo "*.=debug;\\";
+      echo "        auth,authpriv.none;\\";
+      echo '        news.none;mail.none -/var/log/debug';
+      echo "*.=info;*.=notice;*.=warn;\\";
+      echo "        auth,authpriv.none;\\";
+      echo "        cron,daemon.none;\\";
+      echo '        mail,news.none      -/var/log/messages';
+      echo '';
+      echo '*.emerg                         :omusrmsg:*'; } >> /etc/rsyslog.conf
 }
 
 if [ ! "$1" ]; then
@@ -150,8 +133,7 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
             touch /var/log/tor/notices.log
             chown debian-tor:adm /var/log/tor/notices.log
         fi
-        sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
-        sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
+        echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
     fi
     if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
         sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
@@ -193,13 +175,12 @@ if [[ "$1" == "on" || "$1" == "On" || "$1" == "ON" ]]; then
         fi
     fi
     turn_on_rsys_logging
+    turn_on_postgresql_logging
 else
     turn_logging_off
 
-    if [ -d /etc/tor ]; then
-        sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-        sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-        rm /var/log/tor/*
+    if [ -d /etc/torrc.d ]; then
+        echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
     fi
     if [ -d /var/log/radicale ]; then
         $REMOVE_FILES_COMMAND /var/log/radicale/*
@@ -250,6 +231,7 @@ else
         fi
     fi
     turn_off_rsys_logging
+    turn_off_postgresql_logging
 fi
 
 if [ -d /etc/exim4 ]; then
@@ -295,5 +277,8 @@ fi
 if [ -d /etc/matrix ]; then
     systemctl restart matrix
 fi
+if [ -d /etc/postgresql ]; then
+    systemctl restart postgresql
+fi
 
 exit 0

src/freedombone-mesh-blog

@@ -88,7 +88,7 @@ function regenerate_blog {
 }
 
 function view_blog {
-    freedombone-mesh-visit-site '/Blog'
+    ${PROJECT_NAME}-mesh-visit-site '/Blog'
     exit 0
 }
 

src/freedombone-prepare-scripts

@@ -30,9 +30,9 @@ PROJECT_NAME='freedombone'
 
 cat /usr/local/bin/${PROJECT_NAME}-vars /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* > /tmp/includescripts
 
-cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel > /usr/local/bin/control
-cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel-user > /usr/local/bin/controluser
-cat /tmp/includescripts /usr/local/bin/freedombone-addremove > /usr/local/bin/addremove
+cat /tmp/includescripts /usr/local/bin/${PROJECT_NAME}-controlpanel > /usr/local/bin/control
+cat /tmp/includescripts /usr/local/bin/${PROJECT_NAME}-controlpanel-user > /usr/local/bin/controluser
+cat /tmp/includescripts /usr/local/bin/${PROJECT_NAME}-addremove > /usr/local/bin/addremove
 
 sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/control
 sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/controluser

src/freedombone-tests

@@ -759,6 +759,12 @@ function test_stig {
     output "V-38605" $? ${SETLANG}
     ################
 
+    ##Check that openssh client and server are installed
+    bash $STIG_TESTS_DIR/check-ssh.sh installed >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86857r1_rule" $? ${SETLANG}
+    ################
+    
     ##RHEL-06-000227
     ##The SSH daemon must be configured to use only the SSHv2 protocol.
 

src/freedombone-tor-health

@@ -0,0 +1,62 @@
+#!/bin/bash
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# Returns a health status for Tor
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+PROJECT_NAME='freedombone'
+
+export TEXTDOMAIN=${PROJECT_NAME}-tor-health
+export TEXTDOMAINDIR="/usr/share/locale"
+
+d1=$(date --date="-10 min" "+%b %d %H:%M"):00
+d2=$(date "+%b %d %H:%M"):00
+ctr=0
+echo -n '' > /var/log/tor/notices_new.log
+while read -r line; do
+    datestr=$(echo "$line" | awk -F '.' '{print $1}')
+    if [[ "$datestr" > "$d1" && "$datestr" < "$d2" || "$datestr" =~ $d2 ]]; then
+        if [[ "$line" == *'Retrying'* ]]; then
+            ctr=$((ctr+1))
+        fi
+        echo "$line" >> /var/log/tor/notices_new.log
+    fi
+done < /var/log/tor/notices.log
+
+mv /var/log/tor/notices_new.log /var/log/tor/notices.log
+chown -R debian-tor:adm /var/log/tor
+
+if [ $ctr -gt 5 ]; then
+    echo $'Failed'
+    exit 0
+fi
+
+if [ $ctr -gt 0 ]; then
+    echo $'Poor'
+    exit 0
+fi
+
+echo $'Good'
+exit 0

src/freedombone-upgrade

@@ -64,7 +64,7 @@ fi
 if [ -f /usr/bin/backupdatabases ]; then
     if grep -q "cat /root/dbpass" /usr/bin/backupdatabases; then
         # update to using the password manager
-        sed -i "s|cat /root/dbpass|freedombone-pass -u root -a mariadb|g" /usr/bin/backupdatabases
+        sed -i "s|cat /root/dbpass|${PROJECT_NAME}-pass -u root -a mariadb|g" /usr/bin/backupdatabases
     fi
 fi
 
@@ -95,6 +95,7 @@ if [ -d "$PROJECT_DIR" ]; then
         fi
 
         #rebuild_exim_with_socks
+        torrc_migrate
         nodejs_upgrade
         apt-get -yq -t stretch-backports install certbot
         email_install_tls

src/freedombone-utils-dns

@@ -119,9 +119,9 @@ function create_freedns_updater {
     fi
 
     # add the update command to cron
-    if ! grep -q "/usr/local/bin/freedombone-freedns" /etc/crontab; then
+    if ! grep -q "/usr/local/bin/${PROJECT_NAME}-freedns" /etc/crontab; then
         function_check cron_add_mins
-        cron_add_mins 3 '/usr/local/bin/freedombone-freedns'
+        cron_add_mins 3 "/usr/local/bin/${PROJECT_NAME}-freedns"
         systemctl restart cron
     fi
 

src/freedombone-utils-firewall

@@ -32,6 +32,7 @@ FIREWALL_CONFIG=$HOME/${PROJECT_NAME}-firewall.cfg
 FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg
 FIREWALL_EIFACE=eth0
 EXTERNAL_IPV4_ADDRESS=
+FIREFOX_TELEMETRY_IP='52.88.27.118'
 
 function save_firewall_settings {
     iptables-save > /etc/firewall.conf
@@ -47,6 +48,25 @@ function save_firewall_settings {
     fi
 }
 
+function block_firefox_telemetry {
+    # This shouldn't be needed on a server, but we'll do it anyway
+    # to be on the safe side
+    # Within firefox source code see submit_telemetry_data.py
+
+    if ! grep -q 'telemetry.mozilla' /etc/hosts; then
+	echo '127.0.0.1  telemetry.mozilla.org' >> /etc/hosts
+	echo '127.0.0.1  incoming.telemetry.mozilla.org' >> /etc/hosts
+    fi
+        
+    if grep -q "$FIREFOX_TELEMETRY_IP" /etc/firewall.conf; then
+        return
+    fi
+
+    iptables -A INPUT -s $FIREFOX_TELEMETRY_IP -j DROP
+    iptables -A OUTPUT -s $FIREFOX_TELEMETRY_IP -j DROP
+    save_firewall_settings
+}
+
 function firewall_block_bad_ip_ranges {
     if [ "$INSTALLING_MESH" ]; then
         return
@@ -340,6 +360,32 @@ function mesh_firewall {
     FIREWALL_FILENAME="${rootdir}/etc/systemd/system/meshfirewall.service"
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
 
+    if ! grep -q 'telemetry.mozilla' ${rootdir}/etc/hosts; then
+	echo '127.0.0.1       telemetry.mozilla.org' >> ${rootdir}/etc/hosts
+	echo '127.0.0.1       incoming.telemetry.mozilla.org' >> ${rootdir}/etc/hosts
+    fi
+
+    if ! grep -q 'facebook' ${rootdir}/etc/hosts; then
+	{ echo '127.0.0.1       www.facebook.com';
+	  echo '127.0.0.1       facebook.com';
+	  echo '127.0.0.1       static.ak.fbcdn.net';
+	  echo '127.0.0.1       www.static.ak.fbcdn.net';
+	  echo '127.0.0.1       login.facebook.com';
+	  echo '127.0.0.1       www.login.facebook.com';
+	  echo '127.0.0.1       fbcdn.net';
+	  echo '127.0.0.1       www.fbcdn.net';
+	  echo '127.0.0.1       fbcdn.com';
+	  echo '127.0.0.1       www.fbcdn.com';
+	  echo '127.0.0.1       static.ak.connect.facebook.com';
+	  echo '127.0.0.1       www.static.ak.connect.facebook.com'; } >> ${rootdir}/etc/hosts	
+    fi
+    
+    if ! grep -q 'google' ${rootdir}/etc/hosts; then
+	{ echo '127.0.0.1       www.google-analytics.com';
+	  echo '127.0.0.1       google-analytics.com';
+	  echo '127.0.0.1       ssl.google-analytics.com'; } >> ${rootdir}/etc/hosts
+    fi    
+    
     { echo '#!/bin/bash';
       echo 'iptables -P INPUT ACCEPT';
       echo 'ip6tables -P INPUT ACCEPT';
@@ -387,7 +433,9 @@ function mesh_firewall {
       echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
       echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
       echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
-      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT"; } > "$MESH_FIREWALL_SCRIPT"
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT";
+      echo "iptables -A INPUT -s $FIREFOX_TELEMETRY_IP -j DROP";
+      echo "iptables -A OUTPUT -s $FIREFOX_TELEMETRY_IP -j DROP"; } > "$MESH_FIREWALL_SCRIPT"
     chmod +x "$MESH_FIREWALL_SCRIPT"
 
     { echo '[Unit]';

src/freedombone-utils-gnusocialtools

@@ -484,7 +484,7 @@ function gnusocial_block_user_script {
       echo "database_name=\$1";
       echo "remove_user=\$2";
       echo "domain_name=\$3";
-      echo "MARIADB_PASSWORD=\$(freedombone-pass -u root -a mariadb)";
+      echo "MARIADB_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)";
       echo '';
       echo "if [ \${#remove_user} -lt 2 ]; then";
       echo '  echo $"No user was specified"';

src/freedombone-utils-mesh

@@ -182,8 +182,8 @@ function mesh_create_app_downloads_page {
     if [ ! -f /var/www/html/images/trifa.png ]; then
         cp "/root/$PROJECT_NAME/img/trifa.png" /var/www/html/images/trifa.png
     fi
-    if [ ! -f /var/www/html/freedombone.css ]; then
-        cp "/root/$PROJECT_NAME/website/freedombone.css" /var/www/html/freedombone.css
+    if [ ! -f "/var/www/html/${PROJECT_NAME}.css" ]; then
+        cp "/root/$PROJECT_NAME/website/${PROJECT_NAME}.css" "/var/www/html/${PROJECT_NAME}.css"
     fi
     chown -R www-data:www-data /var/www/html/*
 }

src/freedombone-utils-onion

@@ -31,6 +31,47 @@ TOR_MAX_TRAFFIC_PER_MONTH_GB=10
 
 USE_V2_ONION_ADDRESS=
 HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
+ONION_SERVICES_FILE=/etc/torrc.d/${PROJECT_NAME}
+
+function torrc_migrate {
+    if [ -f "$ONION_SERVICES_FILE" ]; then
+        if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
+            sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+            systemctl restart tor
+        fi
+        return
+    fi
+    systemctl stop tor
+
+    mkdir /etc/torrc.d
+
+    grep "HiddenServiceDir\\|HiddenServiceVersion\\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> "$ONION_SERVICES_FILE"
+
+    if ! grep "HiddenServiceVersion" "$ONION_SERVICES_FILE"; then
+        systemctl restart tor
+        return
+    fi
+
+    if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
+        sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    else
+        echo "%include /etc/torrc.d" >> /etc/tor/torrc
+    fi
+
+    { echo 'DNSPort 5300';
+      echo 'DNSListenAddress 127.0.0.1';
+      echo 'AutomapHostsOnResolve 1'; } > /etc/torrc.d/dns
+
+    sed -i '/DNSPort 5300/d' /etc/tor/torrc
+    sed -i '/DNSListenAddress 127.0.0./d' /etc/tor/torrc
+    sed -i '/AutomapHostsOnResolve 1/d' /etc/tor/torrc
+
+    sed -i '/HiddenServiceDir/d' /etc/tor/torrc
+    sed -i '/HiddenServiceVersion/d' /etc/tor/torrc
+    sed -i '/HiddenServicePort/d' /etc/tor/torrc
+
+    systemctl restart tor
+}
 
 function add_email_hostname {
     extra_email_hostname="$1"
@@ -80,17 +121,17 @@ function remove_onion_service {
     nick="$3"
 
     if [ ${#nick} -gt 0 ]; then
-        sed -i "/stealth ${nick}/d" /etc/tor/torrc
+        sed -i "/stealth ${nick}/d" "$ONION_SERVICES_FILE"
     fi
-    sed -i "/hidden_service_${onion_service_name}/,+1 d" /etc/tor/torrc
-    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" /etc/tor/torrc
-    sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
+    sed -i "/hidden_service_${onion_service_name}/,+1 d" "$ONION_SERVICES_FILE"
+    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" "$ONION_SERVICES_FILE"
+    sed -i "/127.0.0.1:${onion_service_port_to}/d" "$ONION_SERVICES_FILE"
     if [ "$3" ]; then
-        sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
+        sed -i "/127.0.0.1:${3}/d" "$ONION_SERVICES_FILE"
         if [ "$4" ]; then
-            sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
+            sed -i "/127.0.0.1:${4}/d" "$ONION_SERVICES_FILE"
             if [ "$5" ]; then
-                sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
+                sed -i "/127.0.0.1:${5}/d" "$ONION_SERVICES_FILE"
             fi
         fi
     fi
@@ -123,16 +164,16 @@ function add_onion_service {
         USE_V2_ONION_ADDRESS=
         exit 877367
     fi
-    if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
-        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc
+    if ! grep -q "hidden_service_${onion_service_name}" "$ONION_SERVICES_FILE"; then
+        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> "$ONION_SERVICES_FILE"
         if [ ! $USE_V2_ONION_ADDRESS ]; then
-            echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 3' >> "$ONION_SERVICES_FILE"
         else
-            echo 'HiddenServiceVersion 2' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 2' >> "$ONION_SERVICES_FILE"
         fi
-        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
+        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> "$ONION_SERVICES_FILE"
         if [ ${#onion_stealth_name} -gt 0 ]; then
-            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc
+            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> "$ONION_SERVICES_FILE"
         fi
     fi
 
@@ -270,6 +311,34 @@ function configure_ssh_onion {
     mark_completed "${FUNCNAME[0]}"
 }
 
+function check_tor_health {
+    { echo '#!/bin/bash';
+      echo "status=\$(${PROJECT_NAME}-tor-health)";
+      echo "ADMIN_USER=\$(grep \"MY_USERNAME=\" ~/${PROJECT_NAME}.cfg | awk -F '=' '{print \$2}')";
+      echo "if [[ \"\$status\" == 'G'* ]]; then";
+      echo '    if [ -f /tmp/.torfailed ]; then';
+      echo '        rm /tmp/.torfailed';
+      echo "        tail -n 3 /var/log/tor/notices.log | mail -s \"[${PROJECT_NAME}] Tor status is now \$status\" \$ADMIN_USER@\$HOSTNAME";
+      echo '    fi';
+      echo '    exit 0';
+      echo 'fi';
+      echo 'if [ ! -f /tmp/.torfailed ]; then';
+      echo "    tail -n 3 /var/log/tor/notices.log | mail -s \"[${PROJECT_NAME}] Tor status is \$status\" \$ADMIN_USER@\$HOSTNAME";
+      echo "    echo \"\$status\" > /tmp/.torfailed";
+      echo 'else';
+      echo "    prev_status=\$(cat /tmp/.torfailed)";
+      echo "    if [[ \"\$prev_status\" != \"\$status\" ]]; then";
+      echo "        tail -n 3 /var/log/tor/notices.log | mail -s \"[${PROJECT_NAME}] Tor status is \$status\" \$ADMIN_USER@\$HOSTNAME";
+      echo "        echo \"\$status\" > /tmp/.torfailed";
+      echo '    fi';
+      echo 'fi'; } > /usr/bin/check_tor_health
+    chmod +x /usr/bin/check_tor_health
+
+    if ! grep -q 'check_tor_health' /etc/crontab; then
+        cron_add_mins 10 "/usr/bin/check_tor_health"
+    fi
+}
+
 function install_tor {
     if [[ $SYSTEM_TYPE == "mesh*" ]]; then
         return
@@ -287,44 +356,16 @@ function install_tor {
     # For torify
     apt-get -yq install torsocks
 
-    # turn off logging
-    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-    sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-
-    # Restrict traffic
-    sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
-    sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
-
-    mark_completed "${FUNCNAME[0]}"
-}
-
-function resolve_dns_via_tor {
-    if [[ $SYSTEM_TYPE == "mesh"* ]]; then
-        return
-    fi
-    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
-        return
-    fi
-    if [ ! -f /etc/tor/torrc ]; then
-        echo $'tor was not installed'
-        exit 52952
+    if [ ! -d /etc/torrc.d ]; then
+        mkdir /etc/torrc.d
     fi
-
-    # resolve DNS via tor
-    if ! grep -q 'DNSPort 53' /etc/tor/torrc; then
-        { echo 'DNSPort 53';
-          echo 'AutomapHostsOnResolve 1';
-          echo 'AutomapHostsSuffixes .exit,.onion'; } >> /etc/tor/torrc
-        onion_update
+    sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    if ! grep -q '%include /etc/torrc.d' /etc/tor/torrc; then
+        echo '%include /etc/torrc.d' >> /etc/tor/torrc
     fi
 
-    # don't change resolv.conf
-    sed -i 's|, domain-name-servers||g' /etc/dhcp/dhclient.conf
-
-    # point resolv.conf to tor
-    resolvconf=/etc/resolvconf/resolv.conf.d/head
-    echo 'nameserver 127.0.0.1:53' > $resolvconf
-    resolvconf -u
+    echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
+    echo "AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes" > /etc/torrc.d/maxtraffic
 
     mark_completed "${FUNCNAME[0]}"
 }
@@ -465,24 +506,14 @@ function tor_add_bridge {
 
     apt-get -yq install obfs4proxy
 
-    if grep -q "ClientTransportPlugin" /etc/tor/torrc; then
-        sed -i 's|#ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
-        sed -i 's|# ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
-        sed -i 's|ClientTransportPlugin.*|ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed|g' /etc/tor/torrc
+    if [ ! -f /etc/torrc.d/bridges ]; then
+        { echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed';
+          echo 'UseBridges 1';
+          echo "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"; } > /etc/torrc.d/bridges
     else
-        echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed' >> /etc/tor/torrc
-    fi
-    if grep -q "UseBridges" /etc/tor/torrc; then
-        sed -i 's|#UseBridges|UseBridges|g' /etc/tor/torrc
-        sed -i 's|# UseBridges|UseBridges|g' /etc/tor/torrc
-        sed -i 's|UseBridges.*|UseBridges 1|g' /etc/tor/torrc
-    else
-        echo 'UseBridges 1' >> /etc/tor/torrc
-    fi
-
-    bridge_str="Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"
-    if ! grep -q "${bridge_str}" /etc/tor/torrc; then
-        sed -i "/UseBridges/a ${bridge_str}" >> /etc/tor/torrc
+        if ! grep -q "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}" /etc/torrc.d/bridges; then
+            echo "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}" >> /etc/torrc.d/bridges
+        fi
     fi
 
     systemctl restart tor
@@ -495,24 +526,19 @@ function tor_remove_bridge {
     if [[ "$bridge_ip_address" == *"."* ]]; then
         bridge_str="Bridge $bridge_type ${bridge_ip_address}"
     else
-        if grep -q " ${bridge_ip_address}" /etc/tor/torrc; then
+        if grep -q " ${bridge_ip_address}" /etc/torrc.d/bridges; then
             bridge_str=" ${bridge_ip_address}"
         else
             return
         fi
     fi
-    if grep -q "${bridge_str}" /etc/tor/torrc; then
-        sed -i "/${bridge_str}/d" /etc/tor/torrc
+    if grep -q "${bridge_str}" /etc/torrc.d/bridges; then
+        sed -i "/${bridge_str}/d" /etc/torrc.d/bridges
     fi
 
-    # If there are no bridges remaining then remove UseBridges
-    if ! grep -q "Bridge " /etc/tor/torrc; then
-        if ! grep -q "#UseBridges" /etc/tor/torrc; then
-            sed -i 's|UseBridges|#UseBridges|g' /etc/tor/torrc
-        fi
-        if ! grep -q "#ClientTransportPlugin" /etc/tor/torrc; then
-            sed -i 's|ClientTransportPlugin|#ClientTransportPlugin|g' /etc/tor/torrc
-        fi
+    # If there are no bridges remaining then remove the file
+    if ! grep -q "Bridge " /etc/torrc.d/bridges; then
+        rm /etc/torrc.d/bridges
     fi
 
     systemctl restart tor
@@ -521,6 +547,8 @@ function tor_remove_bridge {
 function tor_create_bridge_relay {
     read_config_param 'TOR_BRIDGE_PORT'
     read_config_param 'TOR_BRIDGE_NICKNAME'
+    read_config_param 'MY_EMAIL_ADDRESS'
+
     if [ ! "$TOR_BRIDGE_PORT" ]; then
         return
     fi
@@ -533,47 +561,25 @@ function tor_create_bridge_relay {
 
     apt-get -yq install obfs4proxy
 
-    sed -i 's|#BridgeRelay.*|BridgeRelay 1|g' /etc/tor/torrc
-    sed -i 's|BridgeRelay.*|BridgeRelay 1|g' /etc/tor/torrc
-    sed -i 's|#ServerTransportPlugin.*|ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy|g' /etc/tor/torrc
-    sed -i 's|ServerTransportPlugin.*|ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy|g' /etc/tor/torrc
-
-    if ! grep -q 'ExtORPort ' /etc/tor/torrc; then
-        echo "ExtORPort $TOR_BRIDGE_PORT" >> /etc/tor/torrc
-    else
-        sed -i "s|#ExtORPort .*|ExtORPort $TOR_BRIDGE_PORT|g" /etc/tor/torrc
-        sed -i "s|ExtORPort .*|ExtORPort $TOR_BRIDGE_PORT|g" /etc/tor/torrc
-    fi
-
-    read_config_param 'MY_EMAIL_ADDRESS'
+    { echo 'BridgeRelay 1';
+      echo 'ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy';
+      echo "ExtORPort $TOR_BRIDGE_PORT";
+      echo "ContactInfo $MY_EMAIL_ADDRESS";
+      echo "Nickname $TOR_BRIDGE_NICKNAME"; } > /etc/torrc.d/bridgerelay
 
-    sed -i "s|#ContactInfo.*|ContactInfo $MY_EMAIL_ADDRESS|g" /etc/tor/torrc
-    if [ "$TOR_BRIDGE_NICKNAME" ]; then
-        sed -i "s|#Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
-        sed -i "s|Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
-    fi
     firewall_add tor_bridge "$TOR_BRIDGE_PORT" tcp
+
     systemctl restart tor
 }
 
 function tor_remove_bridge_relay {
-    if ! grep -q '#BridgeRelay ' /etc/tor/torrc; then
-        sed -i 's|BridgeRelay |#BridgeRelay |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ServerTransportPlugin ' /etc/tor/torrc; then
-        sed -i 's|ServerTransportPlugin |#ServerTransportPlugin |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ExtORPort ' /etc/tor/torrc; then
-        sed -i 's|ExtORPort |#ExtORPort |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ContactInfo ' /etc/tor/torrc; then
-        sed -i "s|ContactInfo |#ContactInfo |g" /etc/tor/torrc
-    fi
-    if ! grep -q '#Nickname ' /etc/tor/torrc; then
-        sed -i "s|Nickname |#Nickname |g" /etc/tor/torrc
+    if [ -f /etc/torrc.d/bridgerelay ]; then
+        rm /etc/torrc.d/bridgerelay
     fi
+
     read_config_param 'TOR_BRIDGE_PORT'
     firewall_remove "$TOR_BRIDGE_PORT" tcp
+
     systemctl restart tor
 }
 

src/freedombone-utils-postgresql

@@ -29,6 +29,26 @@
 # Set this when calling backup and restore commands
 USE_POSTGRESQL=
 POSTGRESQL_PACKAGES='postgresql-9.6 postgresql-contrib-9.6 postgresql-client'
+POSTGRESQL_VERSION=9.6
+
+function turn_off_postgresql_logging {
+    if [ ! -f /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|#log_destination|log_destination|g' /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'syslog'|g" /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    if [ -d /var/log/postgresql ]; then
+        $REMOVE_FILES_COMMAND /var/log/postgresql/*
+    fi
+}
+
+function turn_on_postgresql_logging {
+    if [ ! -f /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|log_destination|#log_destination|g' /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'stderr'|g" /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+}
 
 function store_original_postgresql_password {
     if [ ! -f /root/.postgresqloriginal ]; then

src/freedombone-utils-selector

@@ -272,6 +272,39 @@ function get_apps_installed_names {
     done
 }
 
+function app_not_on_onion_only {
+    app_name="$1"
+
+    read_config_param ONION_ONLY
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        if grep -q "NOT_ON_ONION=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
+            echo "0"
+            return
+        fi
+    fi
+    echo "1"
+}
+
+function enough_ram_for_app {
+    app_name="$1"
+
+    if ! grep -q "MINIMUM_RAM_MB=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
+        echo "0"
+        return
+    fi
+
+    minimum_ram_MB=$(grep "MINIMUM_RAM_MB=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}" | head -n 1 | awk -F '=' '{print $2}')
+    minimum_ram_bytes=$((minimum_ram_MB * 1024))
+
+    ram_available=$(grep MemTotal /proc/meminfo | awk '{print $2}')
+    if [ "$ram_available" -lt "$minimum_ram_bytes" ]; then
+        echo "1"
+        return
+    fi
+    echo "0"
+}
+
 # detects what apps are available
 function detect_apps {
     FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
@@ -285,11 +318,14 @@ function detect_apps {
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-
-        # shellcheck disable=SC2068
-        if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-            APPS_AVAILABLE+=("${app_name}")
-            APPS_CHOSEN+=("0")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                # shellcheck disable=SC2068
+                if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                    APPS_AVAILABLE+=("${app_name}")
+                    APPS_CHOSEN+=("0")
+                fi
+            fi
         fi
     done
 
@@ -318,16 +354,20 @@ function detect_installable_apps {
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        # shellcheck disable=SC2068
-        if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-            variants_list=$(app_variants "$filename")
-            # check for empty string
-            if [ ${#variants_list} -gt 0 ]; then
-                APPS_AVAILABLE+=("${app_name}")
-                APPS_CHOSEN+=("0")
-                APPS_INSTALLED+=("$(app_is_installed "$app_name")")
-                if [[ $(app_is_installed "$app_name") == "1" ]]; then
-                    APPS_INSTALLED_NAMES+=("$app_name")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                # shellcheck disable=SC2068
+                if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                    variants_list=$(app_variants "$filename")
+                    # check for empty string
+                    if [ ${#variants_list} -gt 0 ]; then
+                        APPS_AVAILABLE+=("${app_name}")
+                        APPS_CHOSEN+=("0")
+                        APPS_INSTALLED+=("$(app_is_installed "$app_name")")
+                        if [[ $(app_is_installed "$app_name") == "1" ]]; then
+                            APPS_INSTALLED_NAMES+=("$app_name")
+                        fi
+                    fi
                 fi
             fi
         fi
@@ -350,13 +390,17 @@ function detect_installed_apps {
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        if [[ $(app_is_installed "$app_name") == "1" ]]; then
-            # shellcheck disable=SC2068
-            if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-                variants_list=$(app_variants "$filename")
-                if [ ${#variants_list} -gt 0 ]; then
-                    APPS_AVAILABLE+=("${app_name}")
-                    APPS_INSTALLED_NAMES+=("$app_name")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                if [[ $(app_is_installed "$app_name") == "1" ]]; then
+                    # shellcheck disable=SC2068
+                    if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                        variants_list=$(app_variants "$filename")
+                        if [ ${#variants_list} -gt 0 ]; then
+                            APPS_AVAILABLE+=("${app_name}")
+                            APPS_INSTALLED_NAMES+=("$app_name")
+                        fi
+                    fi
                 fi
             fi
         fi
@@ -385,27 +429,30 @@ function choose_apps_for_variant {
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-
-        # shellcheck disable=SC2068
-        if item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-            if grep -q "VARIANTS=" "${filename}"; then
-                variants_list=$(app_variants "$filename")
-                if [[ "${variants_list}" == 'all'* || \
-                      "${variants_list}" == "$variant_name" || \
-                      "${variants_list}" == "$variant_name "* || \
-                      "${variants_list}" == *" $variant_name "* || \
-                      "${variants_list}" == *" $variant_name" ]]; then
-                    if [[ $(app_is_removed "${a}") == "0" ]]; then
-                        #echo $"${app_name} chosen"
-                        APPS_CHOSEN+=("1")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                # shellcheck disable=SC2068
+                if item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                    if grep -q "VARIANTS=" "${filename}"; then
+                        variants_list=$(app_variants "$filename")
+                        if [[ "${variants_list}" == 'all'* || \
+                                  "${variants_list}" == "$variant_name" || \
+                                  "${variants_list}" == "$variant_name "* || \
+                                  "${variants_list}" == *" $variant_name "* || \
+                                  "${variants_list}" == *" $variant_name" ]]; then
+                            if [[ $(app_is_removed "${a}") == "0" ]]; then
+                                #echo $"${app_name} chosen"
+                                APPS_CHOSEN+=("1")
+                            else
+                                APPS_CHOSEN+=("0")
+                            fi
+                        else
+                            APPS_CHOSEN+=("0")
+                        fi
                     else
                         APPS_CHOSEN+=("0")
                     fi
-                else
-                    APPS_CHOSEN+=("0")
                 fi
-            else
-                APPS_CHOSEN+=("0")
             fi
         fi
     done

src/freedombone-utils-setup

@@ -223,30 +223,53 @@ function install_backports_kernel {
     fi
 }
 
+function save_rsys_header {
+    { echo "";
+      echo "#################";
+      echo "#### MODULES ####";
+      echo "#################";
+      echo '';
+      echo 'module(load="imuxsock")';
+      echo 'module(load="imklog")';
+      echo '';
+      echo '###########################';
+      echo '#### GLOBAL DIRECTIVES ####';
+      echo '###########################';
+      echo '';
+      echo "\$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat";
+      echo '';
+      echo "\$FileOwner root";
+      echo "\$FileGroup adm";
+      echo "\$FileCreateMode 0640";
+      echo "\$DirCreateMode 0755";
+      echo "\$Umask 0022";
+      echo '';
+      echo "\$WorkDirectory /var/spool/rsyslog";
+      echo '';
+      echo "\$IncludeConfig /etc/rsyslog.d/*.conf";
+      echo '';
+      echo '###############';
+      echo '#### RULES ####';
+      echo '###############';
+      echo ''; } > /etc/rsyslog.conf
+}
+
 function turn_off_rsys_logging {
-    if grep -q '/dev/null' /etc/rsyslog.conf; then
-        return
-    fi
-    sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.info.*|mail.info            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.warn.*|mail.warn            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.err.*|mail.err            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|daemon.\*.*|daemon.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.\*.*|mail.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|user.\*.*|user.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
-    sed -i 's|cron.\*.*|cron.\*             /dev/null|g' /etc/rsyslog.conf
-    shred -zu /var/log/wtmp*
-    shred -zu /var/log/debug*
-    shred -zu /var/log/cron.*
-    shred -zu /var/log/auth.*
-    shred -zu /var/log/mail.*
-    shred -zu /var/log/daemon.*
-    shred -zu /var/log/user.*
-    shred -zu /var/log/messages*
+    save_rsys_header
+    echo '*.*     ~' >> /etc/rsyslog.conf
+
+    rm -rf /var/log/wtmp*
+    rm -rf /var/log/debug*
+    rm -rf /var/log/cron.*
+    rm -rf /var/log/auth.*
+    rm -rf /var/log/mail.*
+    rm -rf /var/log/daemon.*
+    rm -rf /var/log/user.*
+    rm -rf /var/log/messages*
+    rm -rf /var/log/syslog*
+    rm -rf /var/log/alternatives*
+    rm -rf /var/log/faillog
+    rm -rf /var/log/kern.log*
 }
 
 function initial_setup {
@@ -697,6 +720,9 @@ function setup_firewall {
     function_check configure_firewall
     configure_firewall
 
+    function_check block_firefox_telemetry
+    block_firefox_telemetry
+
     function_check configure_firewall_ping
     configure_firewall_ping
 
@@ -794,6 +820,48 @@ function install_shellcheck {
     apt-get -yq install shellcheck
 }
 
+function microsd_card_optimisations {
+    # These values can improve performance on microSD cards
+
+    apt-get -yq install hdparm
+
+    printf '#!/bin/bash\n' > /usr/bin/enable_optimisations
+
+    if [ -f /sys/devices/virtual/bdi/179:0/read_ahead_kb ]; then
+        echo -n '4096' > /sys/devices/virtual/bdi/179:0/read_ahead_kb
+        echo "echo -n '4096' > /sys/devices/virtual/bdi/179:0/read_ahead_kb" >> /usr/bin/enable_optimisations
+    fi
+
+    if [ -f /proc/sys/vm/dirty_expire_centisecs ]; then
+        echo -n '100' > /proc/sys/vm/dirty_expire_centisecs
+        echo "echo -n '100' > /proc/sys/vm/dirty_expire_centisecs" >> /usr/bin/enable_optimisations
+    fi
+
+    if [ -f /proc/sys/vm/dirty_writeback_centisecs ]; then
+        echo -n '100' > /proc/sys/vm/dirty_writeback_centisecs
+        echo "echo -n '100' > /proc/sys/vm/dirty_writeback_centisecs" >> /usr/bin/enable_optimisations
+    fi
+
+    chmod +x /usr/bin/enable_optimisations
+
+    { echo '[Unit]';
+      echo "Description=${PROJECT_NAME} optimisations";
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=remote-fs.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'WorkingDirectory=/root';
+      echo 'ExecStart=/usr/bin/enable_optimisations';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/optimisations.service
+      systemctl enable optimisations
+}
+
 function setup_utils {
     read_config_param "PROJECT_REPO"
     write_config_param "PROJECT_REPO" "$PROJECT_REPO"
@@ -816,6 +884,9 @@ function setup_utils {
     function_check separate_tmp_filesystem
     separate_tmp_filesystem 150
 
+    function_check microsd_card_optimisations
+    microsd_card_optimisations
+
     function_check proc_filesystem_settings
     proc_filesystem_settings
 
@@ -903,8 +974,8 @@ function setup_utils {
     function_check install_tor
     install_tor
 
-    #function_check resolve_dns_via_tor
-    #resolve_dns_via_tor
+    function_check check_tor_health
+    check_tor_health
 
     function_check install_command_line_browser
     install_command_line_browser

src/freedombone-utils-web

@@ -88,11 +88,11 @@ function nginx_limits {
         max_body=$2
     fi
     filename=/etc/nginx/sites-available/$domain_name
-    { echo "    client_max_body_size ${max_body};";
-      echo '    client_body_buffer_size 128k;';
+    { echo "        client_max_body_size ${max_body};";
+      echo '        client_body_buffer_size 128k;';
       echo '';
-      echo '    limit_conn conn_limit_per_ip 10;';
-      echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;';
+      echo '        limit_conn conn_limit_per_ip 10;';
+      echo '        limit_req zone=req_limit_per_ip burst=10 nodelay;';
       echo ''; } >> "$filename"
 }
 

src/freedombone-utils-wifi

@@ -88,10 +88,10 @@ function setup_wifi_atheros {
 
     atheros_drivers_file=drivers/firmware-ath9k-htc.deb
     if [ ! -f $atheros_drivers_file ]; then
-        if [ ! -f ~/freedombone/$atheros_drivers_file ]; then
+        if [ ! -f "$HOME/${PROJECT_NAME}/$atheros_drivers_file" ]; then
             return
         else
-            atheros_drivers_file=~/freedombone/$atheros_drivers_file
+            atheros_drivers_file="$HOME/${PROJECT_NAME}/$atheros_drivers_file"
         fi
     else
         atheros_drivers_file=$(pwd)/$atheros_drivers_file

tests/check-ssh.sh

@@ -44,6 +44,19 @@ case $1 in
             exit 1
         fi
         ;;
+    installed)
+	OPENSSH_SERVER=$(dpkg -s openssh-server | grep -i "Status:.*install.*ok.*installed" | wc -l)
+	OPENSSH_CLIENT=$(dpkg -s openssh-client | grep -i "Status:.*install.*ok.*installed" | wc -l)
+	if [ ${OPENSSH_SERVER} -eq 1 ]; then
+	    if [ ${OPENSSH_CLIENT} -eq 1 ]; then
+		:
+	    else
+		exit 1
+	    fi
+	else
+	    exit 1
+	fi	
+	;;    
     sshd_status)
         if systemctl status sshd | grep "Active:.*(running)";then
             :

tests/output.sh

@@ -1399,6 +1399,15 @@ disabled. The "nis" service can be disabled with the following commands:\n\n#upd
                   printf '\n######################\n\nSTIG-ID:RHEL-06-000224\n\nVulnerability Discussion: Due to its usage for maintenance and security-supporting tasks, enabling the cron daemon is essential.\n\nFix text: The "crond" service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary maintenance tasks, such as notifying root of system activity. The "crond" service can be enabled with the following commands:\n\n#update-rc.d cron defaults\nservice cron start\n\n######################\n\n' >> $LOG
               fi
               ;;
+    SV-86857r1_rule) if [ "$3" = "en" ]; then
+			 log_msg $2 'OpenSSH server and client must be installed.'
+		     else
+			 log_msg $2 '必须安装OpenSSH服务器和客户端'
+		     fi		     
+		     if [ $2 -ne 0 ];then
+			 printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
+		     fi
+		     ;;
     V-38607)  if [ "$3" = "en" ]; then
                   log_msg $2 'The SSH daemon must be configured to use only the SSHv2 protocol.'
               else

website/EN/app_pleroma.html

@@ -3,33 +3,26 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-14 Sat 22:26 -->
-<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta name="viewport" content="width=device-width, initial-scale=1" />
-<title>&lrm;</title>
-<meta name="generator" content="Org mode" />
-<meta name="author" content="Bob Mottram" />
-<meta name="description" content="How to use Pleroma"
+<title></title>
+<!-- 2018-04-18 Wed 15:48 -->
+<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta  name="generator" content="Org-mode" />
+<meta  name="author" content="Bob Mottram" />
+<meta  name="description" content="How to use Pleroma"
  />
-<meta name="keywords" content="freedombone, pleroma" />
+<meta  name="keywords" content="freedombone, pleroma" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center;
-             margin-bottom: .2em; }
-  .subtitle { text-align: center;
-              font-size: medium;
-              font-weight: bold;
-              margin-top:0; }
+  .title  { text-align: center; }
   .todo   { font-family: monospace; color: red; }
-  .done   { font-family: monospace; color: green; }
-  .priority { font-family: monospace; color: orange; }
+  .done   { color: green; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
+  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -56,111 +49,27 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  /* Languages per Org manual */
-  pre.src-asymptote:before { content: 'Asymptote'; }
-  pre.src-awk:before { content: 'Awk'; }
-  pre.src-C:before { content: 'C'; }
-  /* pre.src-C++ doesn't work in CSS */
-  pre.src-clojure:before { content: 'Clojure'; }
-  pre.src-css:before { content: 'CSS'; }
-  pre.src-D:before { content: 'D'; }
-  pre.src-ditaa:before { content: 'ditaa'; }
-  pre.src-dot:before { content: 'Graphviz'; }
-  pre.src-calc:before { content: 'Emacs Calc'; }
+  pre.src-sh:before    { content: 'sh'; }
+  pre.src-bash:before  { content: 'sh'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-fortran:before { content: 'Fortran'; }
-  pre.src-gnuplot:before { content: 'gnuplot'; }
-  pre.src-haskell:before { content: 'Haskell'; }
-  pre.src-hledger:before { content: 'hledger'; }
-  pre.src-java:before { content: 'Java'; }
-  pre.src-js:before { content: 'Javascript'; }
-  pre.src-latex:before { content: 'LaTeX'; }
-  pre.src-ledger:before { content: 'Ledger'; }
-  pre.src-lisp:before { content: 'Lisp'; }
-  pre.src-lilypond:before { content: 'Lilypond'; }
-  pre.src-lua:before { content: 'Lua'; }
-  pre.src-matlab:before { content: 'MATLAB'; }
-  pre.src-mscgen:before { content: 'Mscgen'; }
-  pre.src-ocaml:before { content: 'Objective Caml'; }
-  pre.src-octave:before { content: 'Octave'; }
-  pre.src-org:before { content: 'Org mode'; }
-  pre.src-oz:before { content: 'OZ'; }
-  pre.src-plantuml:before { content: 'Plantuml'; }
-  pre.src-processing:before { content: 'Processing.js'; }
-  pre.src-python:before { content: 'Python'; }
-  pre.src-R:before { content: 'R'; }
-  pre.src-ruby:before { content: 'Ruby'; }
-  pre.src-sass:before { content: 'Sass'; }
-  pre.src-scheme:before { content: 'Scheme'; }
-  pre.src-screen:before { content: 'Gnu Screen'; }
-  pre.src-sed:before { content: 'Sed'; }
-  pre.src-sh:before { content: 'shell'; }
-  pre.src-sql:before { content: 'SQL'; }
-  pre.src-sqlite:before { content: 'SQLite'; }
-  /* additional languages in org.el's org-babel-load-languages alist */
-  pre.src-forth:before { content: 'Forth'; }
-  pre.src-io:before { content: 'IO'; }
-  pre.src-J:before { content: 'J'; }
-  pre.src-makefile:before { content: 'Makefile'; }
-  pre.src-maxima:before { content: 'Maxima'; }
-  pre.src-perl:before { content: 'Perl'; }
-  pre.src-picolisp:before { content: 'Pico Lisp'; }
-  pre.src-scala:before { content: 'Scala'; }
-  pre.src-shell:before { content: 'Shell Script'; }
-  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
-  /* additional language identifiers per "defun org-babel-execute"
-       in ob-*.el */
-  pre.src-cpp:before  { content: 'C++'; }
-  pre.src-abc:before  { content: 'ABC'; }
-  pre.src-coq:before  { content: 'Coq'; }
-  pre.src-groovy:before  { content: 'Groovy'; }
-  /* additional language identifiers from org-babel-shell-names in
-     ob-shell.el: ob-shell is the only babel language using a lambda to put
-     the execution function name together. */
-  pre.src-bash:before  { content: 'bash'; }
-  pre.src-csh:before  { content: 'csh'; }
-  pre.src-ash:before  { content: 'ash'; }
-  pre.src-dash:before  { content: 'dash'; }
-  pre.src-ksh:before  { content: 'ksh'; }
-  pre.src-mksh:before  { content: 'mksh'; }
-  pre.src-posh:before  { content: 'posh'; }
-  /* Additional Emacs modes also supported by the LaTeX listings package */
-  pre.src-ada:before { content: 'Ada'; }
-  pre.src-asm:before { content: 'Assembler'; }
-  pre.src-caml:before { content: 'Caml'; }
-  pre.src-delphi:before { content: 'Delphi'; }
-  pre.src-html:before { content: 'HTML'; }
-  pre.src-idl:before { content: 'IDL'; }
-  pre.src-mercury:before { content: 'Mercury'; }
-  pre.src-metapost:before { content: 'MetaPost'; }
-  pre.src-modula-2:before { content: 'Modula-2'; }
-  pre.src-pascal:before { content: 'Pascal'; }
-  pre.src-ps:before { content: 'PostScript'; }
-  pre.src-prolog:before { content: 'Prolog'; }
-  pre.src-simula:before { content: 'Simula'; }
-  pre.src-tcl:before { content: 'tcl'; }
-  pre.src-tex:before { content: 'TeX'; }
-  pre.src-plain-tex:before { content: 'Plain TeX'; }
-  pre.src-verilog:before { content: 'Verilog'; }
-  pre.src-vhdl:before { content: 'VHDL'; }
-  pre.src-xml:before { content: 'XML'; }
-  pre.src-nxml:before { content: 'XML'; }
-  /* add a generic configuration mode; LaTeX export needs an additional
-     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
-  pre.src-conf:before { content: 'Configuration File'; }
+  pre.src-R:before     { content: 'R'; }
+  pre.src-perl:before  { content: 'Perl'; }
+  pre.src-java:before  { content: 'Java'; }
+  pre.src-sql:before   { content: 'SQL'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.org-right  { text-align: center;  }
-  th.org-left   { text-align: center;   }
-  th.org-center { text-align: center; }
-  td.org-right  { text-align: right;  }
-  td.org-left   { text-align: left;   }
-  td.org-center { text-align: center; }
+  th.right  { text-align: center;  }
+  th.left   { text-align: center;   }
+  th.center { text-align: center; }
+  td.right  { text-align: right;  }
+  td.left   { text-align: left;   }
+  td.center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara { display: inline; }
+  .footpara:nth-child(2) { display: inline; }
+  .footpara { display: block; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -180,7 +89,6 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
-  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -189,7 +97,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2017 Free Software Foundation, Inc.
+Copyright (C) 2012-2013 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -236,6 +144,7 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
+<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
@@ -262,14 +171,15 @@ Some general advice about life in the fediverse <a href="./fediverse.html">can b
 </p>
 </div>
 
-<div id="outline-container-org0daf1b1" class="outline-2">
-<h2 id="org0daf1b1">Installation</h2>
-<div class="outline-text-2" id="text-org0daf1b1">
+<div id="outline-container-sec-1" class="outline-2">
+<h2 id="sec-1">Installation</h2>
+<div class="outline-text-2" id="text-1">
 <p>
 Log into your system with:
 </p>
 
 <div class="org-src-container">
+
 <pre class="src src-bash">ssh myusername@mydomain -p 2222
 </pre>
 </div>
@@ -284,11 +194,11 @@ Select <b>Add/Remove Apps</b> then <b>pleroma</b>. You will then be asked for a
 </div>
 </div>
 
-<div id="outline-container-org79fb756" class="outline-2">
-<h2 id="org79fb756">Initial setup</h2>
-<div class="outline-text-2" id="text-org79fb756">
+<div id="outline-container-sec-2" class="outline-2">
+<h2 id="sec-2">Initial setup</h2>
+<div class="outline-text-2" id="text-2">
 <p>
-The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
+The first thing you'll need to do is to obtain your login details. From the <b>administrator control panel</b> select <b>security settings</b> then <b>passwords</b> then <b>pleroma</b>. This gives the password you will need to log in, together with the username you gave during installation of the Freedombone system.
 </p>
 
 <p>
@@ -297,9 +207,9 @@ Once you have done that then you can disable further registrations from the <b>A
 </div>
 </div>
 
-<div id="outline-container-org260dfa9" class="outline-2">
-<h2 id="org260dfa9">Mastodon user interface</h2>
-<div class="outline-text-2" id="text-org260dfa9">
+<div id="outline-container-sec-3" class="outline-2">
+<h2 id="sec-3">Mastodon user interface</h2>
+<div class="outline-text-2" id="text-3">
 <p>
 If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to <b>/yourpleromadomainname/web</b> and log in.
 </p>
@@ -312,9 +222,9 @@ If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once y
 </div>
 </div>
 
-<div id="outline-container-org2c42cb3" class="outline-2">
-<h2 id="org2c42cb3">Mobile apps</h2>
-<div class="outline-text-2" id="text-org2c42cb3">
+<div id="outline-container-sec-4" class="outline-2">
+<h2 id="sec-4">Mobile apps</h2>
+<div class="outline-text-2" id="text-4">
 <p>
 It's also possible to use Mastodon apps together with Pleroma, such as Tusky, since it supports the Mastodon API. You may need to install <b>IcecatMobile</b> and set it as your default browser (under <b>Settings/Apps/Menu</b>) in order for the initial oauth registration process to work.
 </p>
@@ -327,9 +237,9 @@ It's also possible to use Mastodon apps together with Pleroma, such as Tusky, si
 </div>
 </div>
 
-<div id="outline-container-org07c16bd" class="outline-2">
-<h2 id="org07c16bd">Blocking controls</h2>
-<div class="outline-text-2" id="text-org07c16bd">
+<div id="outline-container-sec-5" class="outline-2">
+<h2 id="sec-5">Blocking controls</h2>
+<div class="outline-text-2" id="text-5">
 
 <div class="figure">
 <p><img src="images/controlpanel/control_panel_blocking.jpg" alt="control_panel_blocking.jpg" width="80%" align="center" />

website/EN/armbian.html

@@ -3,26 +3,33 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 14:28 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Installing Freedombone on Armbian"
+<!-- 2018-04-21 Sat 14:58 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Installing Freedombone on Armbian"
  />
-<meta  name="keywords" content="freedombone, debian, armbian, sbc" />
+<meta name="keywords" content="freedombone, debian, armbian, sbc" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -49,27 +56,111 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -89,6 +180,7 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -97,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -144,7 +236,6 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
@@ -152,12 +243,7 @@ for the JavaScript code in this tag.
 </div>
 
 
-<div class="export">
-<p>
-&lt;center&gt;&lt;h1&gt;Installing on Armbian&lt;/h1&gt;&lt;/center&gt;
-</p>
-
-</div>
+<center><h1>Installing on Armbian</h1></center>
 
 <blockquote>
 <p>
@@ -174,8 +260,7 @@ Download the Armbian image for your board. It must be version 9 (Stretch), other
 </p>
 
 <div class="org-src-container">
-
-<pre class="src src-bash">sudo dd bs=1M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
+<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=[Armbian .img file] <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -200,7 +285,6 @@ Once you know the local IP address of your ARM board then you can log into it wi
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh root@[local IP address]
 </pre>
 </div>
@@ -220,7 +304,6 @@ When the user account is created type <b>exit</b> to leave the ssh session then
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@[local IP address]
 </pre>
 </div>
@@ -230,7 +313,6 @@ Become the root user:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo su
 </pre>
 </div>
@@ -240,10 +322,9 @@ Then clone the Freedombone repository and checkout the stretch development branc
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">apt-get -y install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 </pre>
 </div>
@@ -253,7 +334,6 @@ Install the Freedombone commands:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">make install
 </pre>
 </div>
@@ -263,7 +343,6 @@ And now you can begin installing the Freedombone system. There are two ways of d
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone menuconfig
 </pre>
 </div>
@@ -273,7 +352,6 @@ Alternatively, if you don't own a domain name, don't have administrator access t
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone menuconfig-onion
 </pre>
 </div>
@@ -283,7 +361,6 @@ You will then be taken through a few questions and the system will install. Afte
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@freedombone.local -p 2222
 </pre>
 </div>

website/EN/faq.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-14 Sat 15:14 -->
+<!-- 2018-05-02 Wed 10:48 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -262,151 +262,163 @@ for the JavaScript code in this tag.
 </colgroup>
 <tbody>
 <tr>
-<td class="org-left"><a href="#org2ecea54">What applications are supported?</a></td>
+<td class="org-left"><a href="#org93b2b96">What applications are supported?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgaa0a705">I don't have a static IP address. Can I still install this system?</a></td>
+<td class="org-left"><a href="#org6b1a1dc">I don't have a static IP address. Can I still install this system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org340be8a">Why Freedombone and not FreedomBox?</a></td>
+<td class="org-left"><a href="#orgf904a2b">What are the best microSD cards to use?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgccf5702">Why not support building images for Raspberry Pi?</a></td>
+<td class="org-left"><a href="#orgd5b8a5e">On a single board computer can I boot from an external SSD or hard drive?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org2af436d">Why use Tor? I've heard it's used by bad people</a></td>
+<td class="org-left"><a href="#org5e06ace">Why Freedombone and not FreedomBox?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org3981923">How is Tor integrated with Freedombone?</a></td>
+<td class="org-left"><a href="#org84e7731">Why not support building images for Raspberry Pi?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgb732986">Can I add a clearnet domain to an onion build?</a></td>
+<td class="org-left"><a href="#orgfa08e9c">Why use Tor? I've heard it's used by bad people</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgb1382c0">Why use Github?</a></td>
+<td class="org-left"><a href="#org047311c">How is Tor integrated with Freedombone?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org8d5c33e">After using nmap or other scanning tool I can no longer log in</a></td>
+<td class="org-left"><a href="#org8a3b2df">Can I add a clearnet domain to an onion build?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgcaa8f8c">Should I upload my GPG keys to keybase.io?</a></td>
+<td class="org-left"><a href="#org7f5c083">Why use Github?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org787d325">Keys and emails should not be stored on servers. Why do you do that?</a></td>
+<td class="org-left"><a href="#org8fe35e9">What are the data protection implications of running this system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org45d4472">Why can't I access my .onion site with a Tor browser?</a></td>
+<td class="org-left"><a href="#org972c439">After using nmap or other scanning tool I can no longer log in</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org000c926">What is the best hardware to run this system on?</a></td>
+<td class="org-left"><a href="#org67aacdc">Should I upload my GPG keys to keybase.io?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org36ddec5">Can I add more users to the system?</a></td>
+<td class="org-left"><a href="#orgbc89a7d">Keys and emails should not be stored on servers. Why do you do that?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgdd36f96">Why not use Signal for mobile chat?</a></td>
+<td class="org-left"><a href="#org4d0819e">Why can't I access my .onion site with a Tor browser?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org79827b5">What is the most secure chat app to use on mobile?</a></td>
+<td class="org-left"><a href="#org7256ac2">What is the best hardware to run this system on?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org5e417ee">How do I remove a user from the system?</a></td>
+<td class="org-left"><a href="#org890ba4a">Can I add more users to the system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org24c86ab">Why is logging for web sites turned off by default?</a></td>
+<td class="org-left"><a href="#org61728f5">Why not use Signal for mobile chat?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgd972cda">How do I reset the tripwire?</a></td>
+<td class="org-left"><a href="#orgfd44c68">What is the most secure chat app to use on mobile?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org4d6c566">Is metadata protected?</a></td>
+<td class="org-left"><a href="#orgb4af501">How do I remove a user from the system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orga67d74a">How do I create email processing rules?</a></td>
+<td class="org-left"><a href="#orgc664233">Why is logging for web sites turned off by default?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org69c34a0">Why isn't dynamic DNS working?</a></td>
+<td class="org-left"><a href="#orgcfb3562">How do I reset the tripwire?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgd5c5acc">How do I change my encryption settings?</a></td>
+<td class="org-left"><a href="#org693ad33">Is metadata protected?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgfc6fd46">How do I get a domain name?</a></td>
+<td class="org-left"><a href="#org3879dd9">How do I create email processing rules?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org90eafd9">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
+<td class="org-left"><a href="#org2e9552d">Why isn't dynamic DNS working?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgc91fc72">How do I renew a Let's Encrypt certificate?</a></td>
+<td class="org-left"><a href="#org88c1819">How do I change my encryption settings?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org73b061c">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
+<td class="org-left"><a href="#org7fa4cfd">How do I get a domain name?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org6a6cce4">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
+<td class="org-left"><a href="#org082c153">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgc36400d">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
+<td class="org-left"><a href="#org30ff050">How do I renew a Let's Encrypt certificate?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org73e8a5c">Tor is censored/blocked in my area. What can I do?</a></td>
+<td class="org-left"><a href="#org5e86349">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org1332523">I want to block a particular domain from getting its content into my social network sites</a></td>
+<td class="org-left"><a href="#org839eacd">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org7e84bef">The mesh system doesn't boot from USB drive</a></td>
+<td class="org-left"><a href="#org7b528f9">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgdae680c">Mesh system doesn't connect to the network</a></td>
+<td class="org-left"><a href="#org840d72e">Tor is censored/blocked in my area. What can I do?</a></td>
+</tr>
+
+<tr>
+<td class="org-left"><a href="#org4f99713">I want to block a particular domain from getting its content into my social network sites</a></td>
+</tr>
+
+<tr>
+<td class="org-left"><a href="#org99e5150">The mesh system doesn't boot from USB drive</a></td>
+</tr>
+
+<tr>
+<td class="org-left"><a href="#org80b7531">Mesh system doesn't connect to the network</a></td>
 </tr>
 </tbody>
 </table>
 </div>
 
-<div id="outline-container-org2ecea54" class="outline-2">
-<h2 id="org2ecea54">What applications are supported?</h2>
-<div class="outline-text-2" id="text-org2ecea54">
+<div id="outline-container-org93b2b96" class="outline-2">
+<h2 id="org93b2b96">What applications are supported?</h2>
+<div class="outline-text-2" id="text-org93b2b96">
 <p>
 <a href="./apps.html">See here</a> for the complete list of apps. In addition to those as part of the base install you get an email server.
 </p>
 </div>
 </div>
-<div id="outline-container-orgaa0a705" class="outline-2">
-<h2 id="orgaa0a705">I don't have a static IP address. Can I still install this system?</h2>
-<div class="outline-text-2" id="text-orgaa0a705">
+<div id="outline-container-org6b1a1dc" class="outline-2">
+<h2 id="org6b1a1dc">I don't have a static IP address. Can I still install this system?</h2>
+<div class="outline-text-2" id="text-org6b1a1dc">
 <p>
 Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.
 </p>
@@ -416,17 +428,58 @@ The lack of a static IP address can be worked around by using a dynamic DNS serv
 </p>
 </div>
 </div>
-<div id="outline-container-org340be8a" class="outline-2">
-<h2 id="org340be8a">Why Freedombone and not FreedomBox?</h2>
-<div class="outline-text-2" id="text-org340be8a">
+<div id="outline-container-orgf904a2b" class="outline-2">
+<h2 id="orgf904a2b">What are the best microSD cards to use?</h2>
+<div class="outline-text-2" id="text-orgf904a2b">
+<p>
+There can be big differences in the performance of microSD cards, and the cheaper ones are almost invariably terrible and/or unusable. Sandisk and Samsung currently appear to be the better brands. You can find some performance benchmarks <a href="http://www.pidramble.com/wiki/benchmarks/microsd-cards">here</a>. However, benchmarks like this only give a very rough idea of performance and they can vary significantly between individual cards even within the same brand.
+</p>
+</div>
+</div>
+<div id="outline-container-orgd5b8a5e" class="outline-2">
+<h2 id="orgd5b8a5e">On a single board computer can I boot from an external SSD or hard drive?</h2>
+<div class="outline-text-2" id="text-orgd5b8a5e">
+<p>
+Some single board computers, such as Cubieboards or OLinuxino, have a SATA socket on them which enables an external drive to be connected. This is usually intended for extra file storage, but it is also possible to run the operating system from an external drive. This can have the advantage of significantly increasing the read/write performance and your apps will appear to run more quickly.
+</p>
+
+<p>
+Typically a microSD read speed is 10-30MB/s. An SSD or hard drive can be 100MB/s or more, so that's a big potential gain.
+</p>
+
+<p>
+Single board computers usually don't have the capability of booting directly from an external drive, but what you can do is boot from a partition on a microSD drive, which then runs the main filesystem (the rootfs) from the external drive.
+</p>
+
+<p>
+To create an image suitable for running from an SSD or hard drive use the &#x2013;sata option, such as:
+</p>
+
+<div class="org-src-container">
+<pre class="src src-bash">freedombone-image -t cubieboard2 --sata sda2
+</pre>
+</div>
+
+<p>
+Note that the sata option should be set to point to the second partition on the drive, which is normally sda2.
+</p>
+
+<p>
+When the image is created then use the dd command to copy it both to a microSD card and to the SSD or hard drive. Plug them both into the board and it should then boot and use the external drive.
+</p>
+</div>
+</div>
+<div id="outline-container-org5e06ace" class="outline-2">
+<h2 id="org5e06ace">Why Freedombone and not FreedomBox?</h2>
+<div class="outline-text-2" id="text-org5e06ace">
 <p>
 When the project began in late 2013 the FreedomBox project seemed to be going nowhere, and was only designed to work with the DreamPlug hardware. There was some new hardware out - the Beaglebone Black - which could run Debian and was also a free hardware design so seemed more appropriate. Hence the name "Freedombone", being like FreedomBox but on a Beaglebone. There are some similarities and differences between the two projects:
 </p>
 </div>
 
-<div id="outline-container-org918eba1" class="outline-3">
-<h3 id="org918eba1">Similarities</h3>
-<div class="outline-text-3" id="text-org918eba1">
+<div id="outline-container-orgb6fee98" class="outline-3">
+<h3 id="orgb6fee98">Similarities</h3>
+<div class="outline-text-3" id="text-orgb6fee98">
 <ul class="org-ul">
 <li>Uses freedom-maker and vmdebootstrap to build debian images</li>
 <li>Supports the use of Tor onion addresses to access websites</li>
@@ -440,9 +493,9 @@ When the project began in late 2013 the FreedomBox project seemed to be going no
 </ul>
 </div>
 </div>
-<div id="outline-container-orgf04a715" class="outline-3">
-<h3 id="orgf04a715">Differences</h3>
-<div class="outline-text-3" id="text-orgf04a715">
+<div id="outline-container-org0568d2b" class="outline-3">
+<h3 id="org0568d2b">Differences</h3>
+<div class="outline-text-3" id="text-org0568d2b">
 <ul class="org-ul">
 <li>FreedomBox is a Debian pure blend. Freedombone is not</li>
 <li>Freedombone only supports Free Software. FreedomBox includes some closed binary boot blobs for certain ARM boards</li>
@@ -457,9 +510,9 @@ When the project began in late 2013 the FreedomBox project seemed to be going no
 </div>
 </div>
 </div>
-<div id="outline-container-orgccf5702" class="outline-2">
-<h2 id="orgccf5702">Why not support building images for Raspberry Pi?</h2>
-<div class="outline-text-2" id="text-orgccf5702">
+<div id="outline-container-org84e7731" class="outline-2">
+<h2 id="org84e7731">Why not support building images for Raspberry Pi?</h2>
+<div class="outline-text-2" id="text-org84e7731">
 <p>
 The FreedomBox project supports Raspberry Pi builds, and the image build system for Freedombone is based on the same system. However, although the Raspberry Pi can run a version of Debian it requires a closed proprietary blob in order to boot the hardware. Who knows what that blob might contain or what exploits it could facilitate. From an adversarial point of view if you were trying to deliver "bulk equipment interference" then it doesn't get any better than piggybacking on something which has control of the boot process, and hence all subsequently run processes.
 </p>
@@ -469,9 +522,9 @@ So although the Raspberry Pi is cheap and hugely popular it's not supported by t
 </p>
 </div>
 </div>
-<div id="outline-container-org2af436d" class="outline-2">
-<h2 id="org2af436d">Why use Tor? I've heard it's used by bad people</h2>
-<div class="outline-text-2" id="text-org2af436d">
+<div id="outline-container-orgfa08e9c" class="outline-2">
+<h2 id="orgfa08e9c">Why use Tor? I've heard it's used by bad people</h2>
+<div class="outline-text-2" id="text-orgfa08e9c">
 <p>
 Years ago Tor was usually depicted in the mainstream media as something scary inhabited by cyberterrorists and other bad cybers, but today to a large extent Tor is accepted as just another way of routing data in a network. Depending upon where you live there may still be some amount of fearmongering about Tor, but it now seems clear that the trajectory is towards general acceptance.
 </p>
@@ -492,9 +545,9 @@ On the negative side it's a complex system which is not fully decentralized.
 </p>
 </div>
 </div>
-<div id="outline-container-org3981923" class="outline-2">
-<h2 id="org3981923">How is Tor integrated with Freedombone?</h2>
-<div class="outline-text-2" id="text-org3981923">
+<div id="outline-container-org047311c" class="outline-2">
+<h2 id="org047311c">How is Tor integrated with Freedombone?</h2>
+<div class="outline-text-2" id="text-org047311c">
 <p>
 Within this project Tor is used more to provide <i>accessibility</i> than the <i>anonymity</i> factor for which Tor is better known. The onion address system provides a way of being able to access sites even if you don't own a conventional domain name or don't have administrator access to your local internet router to be able to do port forwarding.
 </p>
@@ -512,17 +565,17 @@ Even if you're running the "onion only" build, this only means that sites are ac
 </p>
 </div>
 </div>
-<div id="outline-container-orgb732986" class="outline-2">
-<h2 id="orgb732986">Can I add a clearnet domain to an onion build?</h2>
-<div class="outline-text-2" id="text-orgb732986">
+<div id="outline-container-org8a3b2df" class="outline-2">
+<h2 id="org8a3b2df">Can I add a clearnet domain to an onion build?</h2>
+<div class="outline-text-2" id="text-org8a3b2df">
 <p>
 You could if you manually edited the relevant nginx configuration files and installed some dynamic DNS system yourself. If you already have sysadmin knowledge then that's probably not too hard. But the builds created with the <b>onion-addresses-only</b> option aren't really intended to support access via clearnet domains.
 </p>
 </div>
 </div>
-<div id="outline-container-orgb1382c0" class="outline-2">
-<h2 id="orgb1382c0">Why use Github?</h2>
-<div class="outline-text-2" id="text-orgb1382c0">
+<div id="outline-container-org7f5c083" class="outline-2">
+<h2 id="org7f5c083">Why use Github?</h2>
+<div class="outline-text-2" id="text-org7f5c083">
 <p>
 Github is paradoxically a centralized, closed and proprietary system which happens to mostly host free and open source projects. Up until now it has been relatively benign, but at some point in the name of "growth" it will likely start becoming more evil, or just become like SourceForge - which was also once much loved by FOSS developers, but turned into a den of malvertizing.
 </p>
@@ -540,17 +593,39 @@ Currently many of the repositories used for applications which are not yet packa
 </p>
 </div>
 </div>
-<div id="outline-container-org8d5c33e" class="outline-2">
-<h2 id="org8d5c33e">After using nmap or other scanning tool I can no longer log in</h2>
-<div class="outline-text-2" id="text-org8d5c33e">
+<div id="outline-container-org8fe35e9" class="outline-2">
+<h2 id="org8fe35e9">What are the data protection implications of running this system?</h2>
+<div class="outline-text-2" id="text-org8fe35e9">
+<p>
+Data protection laws such as <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a> in the EU or the <a href="https://en.wikipedia.org/wiki/Data_Protection_Act_1998">Data Protection Act</a> in the UK usually only apply to formal organizations which are recognized as being legal entities. So you have to be running a business or a charity or some other formal organization in order for the storage of what's known as <i>personally identifying information</i> to potentially become a legal issue. Laws like this usually include:
+</p>
+
+<ul class="org-ul">
+<li>A right to obtain your information</li>
+<li>A right to be forgotten (i.e. to have your data permanently deleted)</li>
+<li>Ensuring that stored personal data remains accurate</li>
+</ul>
+
+<p>
+If you're self-hosting then in the language of data protection law the "<i>data controller</i>" and the "<i>data subject</i>" are one and the same, so there isn't any power differential of that sort. Freedombone is only intended for small numbers of users, so if you are hosting more than one person chances are that you know the others quite well and can arrange to update their data or delete their account if that's needed. Even if data protection laws are later extended to include home server type scenarios it's unlikely that this will become a problem.
+</p>
+
+<p>
+For the mesh version similar applies. Each peer stores their own personal data and it never gets aggregated and stored in any centralized way.
+</p>
+</div>
+</div>
+<div id="outline-container-org972c439" class="outline-2">
+<h2 id="org972c439">After using nmap or other scanning tool I can no longer log in</h2>
+<div class="outline-text-2" id="text-org972c439">
 <p>
 This system tries to block port scanners. Any other system trying to scan for open ports will have their IP address added to a temporary block list for 24 hours.
 </p>
 </div>
 </div>
-<div id="outline-container-orgcaa8f8c" class="outline-2">
-<h2 id="orgcaa8f8c">Should I upload my GPG keys to keybase.io?</h2>
-<div class="outline-text-2" id="text-orgcaa8f8c">
+<div id="outline-container-org67aacdc" class="outline-2">
+<h2 id="org67aacdc">Should I upload my GPG keys to keybase.io?</h2>
+<div class="outline-text-2" id="text-org67aacdc">
 <p>
 It's not recommended unless there exists some compelling reason for you to be on there. That site asks users to upload the <b>private keys</b>, and even if the keys are client side encrypted with a passphrase there's always the chance that there will be a data leak in future and letter agencies will then have a full time opportunity to crack the passphrases.
 </p>
@@ -560,9 +635,9 @@ Saying something resembling <i>"only noobs will use crackable private key passph
 </p>
 </div>
 </div>
-<div id="outline-container-org787d325" class="outline-2">
-<h2 id="org787d325">Keys and emails should not be stored on servers. Why do you do that?</h2>
-<div class="outline-text-2" id="text-org787d325">
+<div id="outline-container-orgbc89a7d" class="outline-2">
+<h2 id="orgbc89a7d">Keys and emails should not be stored on servers. Why do you do that?</h2>
+<div class="outline-text-2" id="text-orgbc89a7d">
 <p>
 Ordinarily this is good advice. However, the threat model for a device in your home is different from the one for a generic server in a massive warehouse. Compare and contrast:
 </p>
@@ -620,9 +695,9 @@ In the home environment a box with a good firewall and no GUI components install
 </div>
 </div>
 
-<div id="outline-container-org45d4472" class="outline-2">
-<h2 id="org45d4472">Why can't I access my .onion site with a Tor browser?</h2>
-<div class="outline-text-2" id="text-org45d4472">
+<div id="outline-container-org4d0819e" class="outline-2">
+<h2 id="org4d0819e">Why can't I access my .onion site with a Tor browser?</h2>
+<div class="outline-text-2" id="text-org4d0819e">
 <p>
 Probably you need to add the site to the NoScript whitelist. Typically click/press on the noscript icon (or select from the menu on mobile) then select <i>whitelist</i> and add the site URL. You may also need to disable HTTPS Everywhere when using onion addresses, which don't use https.
 </p>
@@ -632,9 +707,9 @@ Another factor to be aware of is that it can take a while for the onion address
 </p>
 </div>
 </div>
-<div id="outline-container-org000c926" class="outline-2">
-<h2 id="org000c926">What is the best hardware to run this system on?</h2>
-<div class="outline-text-2" id="text-org000c926">
+<div id="outline-container-org7256ac2" class="outline-2">
+<h2 id="org7256ac2">What is the best hardware to run this system on?</h2>
+<div class="outline-text-2" id="text-org7256ac2">
 <p>
 It was originally designed to run on the Beaglebone Black, but that should be regarded as the most minimal system, because it's single core and has by today's standards a small amount of memory. Obviously the more powerful the hardware is the faster things like web pages (blog, social networking, etc) will be served but the more electricity such a system will require if you're running it 24/7. A good compromise between performance and energy consumption is something like an old netbook. The battery of an old netbook or laptop even gives you <a href="https://en.wikipedia.org/wiki/Uninterruptible_power_supply">UPS capability</a> to keep the system going during brief power outages or cable re-arrangements, and that means using full disk encryption on the server also becomes more practical.
 </p>
@@ -644,9 +719,9 @@ It was originally designed to run on the Beaglebone Black, but that should be re
 </p>
 </div>
 </div>
-<div id="outline-container-org36ddec5" class="outline-2">
-<h2 id="org36ddec5">Can I add more users to the system?</h2>
-<div class="outline-text-2" id="text-org36ddec5">
+<div id="outline-container-org890ba4a" class="outline-2">
+<h2 id="org890ba4a">Can I add more users to the system?</h2>
+<div class="outline-text-2" id="text-org890ba4a">
 <p>
 Yes. Freedombone can support a small number of users, for a "<i>friends and family</i>" type of home installation. This gives them access to an email account, XMPP, SIP phone and the blog (depending on whether the variant which you installed includes those).
 </p>
@@ -669,9 +744,9 @@ Another point is that Freedombone installations are not intended to support many
 </p>
 </div>
 </div>
-<div id="outline-container-orgdd36f96" class="outline-2">
-<h2 id="orgdd36f96">Why not use Signal for mobile chat?</h2>
-<div class="outline-text-2" id="text-orgdd36f96">
+<div id="outline-container-org61728f5" class="outline-2">
+<h2 id="org61728f5">Why not use Signal for mobile chat?</h2>
+<div class="outline-text-2" id="text-org61728f5">
 <p>
 Celebrities recommend Signal. It's Free Software so it must be good, right?
 </p>
@@ -694,9 +769,9 @@ To give credit where it's due Signal is good, but it could be a lot better. The
 </p>
 </div>
 </div>
-<div id="outline-container-org79827b5" class="outline-2">
-<h2 id="org79827b5">What is the most secure chat app to use on mobile?</h2>
-<div class="outline-text-2" id="text-org79827b5">
+<div id="outline-container-orgfd44c68" class="outline-2">
+<h2 id="orgfd44c68">What is the most secure chat app to use on mobile?</h2>
+<div class="outline-text-2" id="text-orgfd44c68">
 <p>
 On mobile there are various options. The apps which are likely to be most secure are ones which have end-to-end encryption enabled by default and which can also be onion routed via Orbot. End-to-end encryption secures the content of the message and onion routing obscures the metadata, making it hard for a passive adversary to know who is communicating with who.
 </p>
@@ -706,13 +781,13 @@ The current safest way to chat is to use <a href="https://conversations.im">Conv
 </p>
 
 <p>
-There are many <a href="#orgdd36f96">other fashionable chat apps</a> with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.
+There are many <a href="#org61728f5">other fashionable chat apps</a> with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.
 </p>
 </div>
 </div>
-<div id="outline-container-org5e417ee" class="outline-2">
-<h2 id="org5e417ee">How do I remove a user from the system?</h2>
-<div class="outline-text-2" id="text-org5e417ee">
+<div id="outline-container-orgb4af501" class="outline-2">
+<h2 id="orgb4af501">How do I remove a user from the system?</h2>
+<div class="outline-text-2" id="text-orgb4af501">
 <p>
 To remove a user:
 </p>
@@ -727,9 +802,9 @@ Select <i>Administrator controls</i> then <i>Manage Users</i> and then <i>Delete
 </p>
 </div>
 </div>
-<div id="outline-container-org24c86ab" class="outline-2">
-<h2 id="org24c86ab">Why is logging for web sites turned off by default?</h2>
-<div class="outline-text-2" id="text-org24c86ab">
+<div id="outline-container-orgc664233" class="outline-2">
+<h2 id="orgc664233">Why is logging for web sites turned off by default?</h2>
+<div class="outline-text-2" id="text-orgc664233">
 <p>
 If you're making profits out of the logs by running large server warehouses and then data mining what users click on - as is the business model of well known internet companies - then logging everything makes total sense. However, if you're running a home server then logging really only makes sense if you're trying to diagnose some specific problem with the system, and outside of that context logging everything becomes more of a liability than an asset.
 </p>
@@ -743,9 +818,9 @@ On the Freedombone system web logs containing IP addresses are turned off by def
 </p>
 </div>
 </div>
-<div id="outline-container-orgd972cda" class="outline-2">
-<h2 id="orgd972cda">How do I reset the tripwire?</h2>
-<div class="outline-text-2" id="text-orgd972cda">
+<div id="outline-container-orgcfb3562" class="outline-2">
+<h2 id="orgcfb3562">How do I reset the tripwire?</h2>
+<div class="outline-text-2" id="text-orgcfb3562">
 <p>
 The tripwire will be automatically reset once per week. If you want to reset it earlier then do the following:
 </p>
@@ -760,9 +835,9 @@ Select <i>Administrator controls</i> then "reset tripwire" using cursors and spa
 </p>
 </div>
 </div>
-<div id="outline-container-org4d6c566" class="outline-2">
-<h2 id="org4d6c566">Is metadata protected?</h2>
-<div class="outline-text-2" id="text-org4d6c566">
+<div id="outline-container-org693ad33" class="outline-2">
+<h2 id="org693ad33">Is metadata protected?</h2>
+<div class="outline-text-2" id="text-org693ad33">
 <blockquote>
 <p>
 "<i>We kill people based on metadata</i>"
@@ -778,9 +853,9 @@ Even when using Freedombone metadata analysis by third parties is still possible
 </p>
 </div>
 </div>
-<div id="outline-container-orga67d74a" class="outline-2">
-<h2 id="orga67d74a">How do I create email processing rules?</h2>
-<div class="outline-text-2" id="text-orga67d74a">
+<div id="outline-container-org3879dd9" class="outline-2">
+<h2 id="org3879dd9">How do I create email processing rules?</h2>
+<div class="outline-text-2" id="text-org3879dd9">
 <div class="org-src-container">
 <pre class="src src-bash">ssh username@domainname -p 2222
 </pre>
@@ -836,9 +911,9 @@ Spamassassin is also available and within Mutt you can use the S (shift+s) key t
 </p>
 </div>
 </div>
-<div id="outline-container-org69c34a0" class="outline-2">
-<h2 id="org69c34a0">Why isn't dynamic DNS working?</h2>
-<div class="outline-text-2" id="text-org69c34a0">
+<div id="outline-container-org2e9552d" class="outline-2">
+<h2 id="org2e9552d">Why isn't dynamic DNS working?</h2>
+<div class="outline-text-2" id="text-org2e9552d">
 <p>
 If you run the command:
 </p>
@@ -861,9 +936,9 @@ https://www.privateinternetaccess.com/pages/whats-my-ip/
 </div>
 </div>
 
-<div id="outline-container-orgd5c5acc" class="outline-2">
-<h2 id="orgd5c5acc">How do I change my encryption settings?</h2>
-<div class="outline-text-2" id="text-orgd5c5acc">
+<div id="outline-container-org88c1819" class="outline-2">
+<h2 id="org88c1819">How do I change my encryption settings?</h2>
+<div class="outline-text-2" id="text-org88c1819">
 <p>
 Suppose that some new encryption vulnerability has been announced and that you need to change your encryption settings. Maybe an algorithm thought to be secure is now no longer so and you need to remove it. You can change your settings by doing the following:
 </p>
@@ -878,9 +953,9 @@ Select <i>Administrator controls</i> then select <i>Security Settings</i>. You w
 </p>
 </div>
 </div>
-<div id="outline-container-orgfc6fd46" class="outline-2">
-<h2 id="orgfc6fd46">How do I get a domain name?</h2>
-<div class="outline-text-2" id="text-orgfc6fd46">
+<div id="outline-container-org7fa4cfd" class="outline-2">
+<h2 id="org7fa4cfd">How do I get a domain name?</h2>
+<div class="outline-text-2" id="text-org7fa4cfd">
 <p>
 Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.
 </p>
@@ -944,9 +1019,9 @@ You should now be able to send an email from <i>postmaster@mynewdomainname</i> a
 </div>
 </div>
 
-<div id="outline-container-org90eafd9" class="outline-2">
-<h2 id="org90eafd9">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
-<div class="outline-text-2" id="text-org90eafd9">
+<div id="outline-container-org082c153" class="outline-2">
+<h2 id="org082c153">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
+<div class="outline-text-2" id="text-org082c153">
 <p>
 If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
 </p>
@@ -965,9 +1040,9 @@ One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS
 </p>
 </div>
 </div>
-<div id="outline-container-orgc91fc72" class="outline-2">
-<h2 id="orgc91fc72">How do I renew a Let's Encrypt certificate?</h2>
-<div class="outline-text-2" id="text-orgc91fc72">
+<div id="outline-container-org30ff050" class="outline-2">
+<h2 id="org30ff050">How do I renew a Let's Encrypt certificate?</h2>
+<div class="outline-text-2" id="text-org30ff050">
 <p>
 Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
 </p>
@@ -986,9 +1061,9 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Renew
 </p>
 </div>
 </div>
-<div id="outline-container-org73b061c" class="outline-2">
-<h2 id="org73b061c">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
-<div class="outline-text-2" id="text-org73b061c">
+<div id="outline-container-org5e86349" class="outline-2">
+<h2 id="org5e86349">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
+<div class="outline-text-2" id="text-org5e86349">
 <p>
 Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
 </p>
@@ -1003,17 +1078,17 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Creat
 </p>
 </div>
 </div>
-<div id="outline-container-org6a6cce4" class="outline-2">
-<h2 id="org6a6cce4">Why not use the services of $company instead? They took the Seppuku pledge</h2>
-<div class="outline-text-2" id="text-org6a6cce4">
+<div id="outline-container-org839eacd" class="outline-2">
+<h2 id="org839eacd">Why not use the services of $company instead? They took the Seppuku pledge</h2>
+<div class="outline-text-2" id="text-org839eacd">
 <p>
 <a href="https://cryptostorm.org/viewtopic.php?f=63&amp;t=2954&amp;sid=7de2d1e699cfde2f574e6a7f6ea5a173">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<a href="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
 </p>
 </div>
 </div>
-<div id="outline-container-orgc36400d" class="outline-2">
-<h2 id="orgc36400d">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
-<div class="outline-text-2" id="text-orgc36400d">
+<div id="outline-container-org7b528f9" class="outline-2">
+<h2 id="org7b528f9">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
+<div class="outline-text-2" id="text-org7b528f9">
 <p>
 Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.
 </p>
@@ -1044,9 +1119,9 @@ So the situation with email presently is pretty bad, and there's a clear selecti
 </p>
 </div>
 </div>
-<div id="outline-container-org73e8a5c" class="outline-2">
-<h2 id="org73e8a5c">Tor is censored/blocked in my area. What can I do?</h2>
-<div class="outline-text-2" id="text-org73e8a5c">
+<div id="outline-container-org840d72e" class="outline-2">
+<h2 id="org840d72e">Tor is censored/blocked in my area. What can I do?</h2>
+<div class="outline-text-2" id="text-org840d72e">
 <p>
 If you can find some details for an obfs4 Tor bridge (its IP address, port number and key or nickname) then you can set up the system to use it to connect to the Tor network. Unlike relay nodes the IP addresses for bridges are not public information and so can't be easily known and added to block lists by authoritarian regimes or over-zealous ISPs.
 </p>
@@ -1071,9 +1146,9 @@ You can also set your system to act as a Tor bridge, although this is not recomm
 </div>
 </div>
 
-<div id="outline-container-org1332523" class="outline-2">
-<h2 id="org1332523">I want to block a particular domain from getting its content into my social network sites</h2>
-<div class="outline-text-2" id="text-org1332523">
+<div id="outline-container-org4f99713" class="outline-2">
+<h2 id="org4f99713">I want to block a particular domain from getting its content into my social network sites</h2>
+<div class="outline-text-2" id="text-org4f99713">
 <p>
 If you're being pestered by some domain which contains bad/illegal/harrassing content or irritating users you can block domains at the firewall level. Go to the administrator control panel and select <i>domain blocking</i>. You can then block, unblock and view the list of blocked domains.
 </p>
@@ -1088,9 +1163,9 @@ Select <i>Administrator controls</i> then <i>Domain blocking</i>.
 </div>
 </div>
 
-<div id="outline-container-org7e84bef" class="outline-2">
-<h2 id="org7e84bef">The mesh system doesn't boot from USB drive</h2>
-<div class="outline-text-2" id="text-org7e84bef">
+<div id="outline-container-org99e5150" class="outline-2">
+<h2 id="org99e5150">The mesh system doesn't boot from USB drive</h2>
+<div class="outline-text-2" id="text-org99e5150">
 <p>
 If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
 </p>
@@ -1101,9 +1176,9 @@ After the system has booted successfully the problem should resolve itself on su
 </div>
 </div>
 
-<div id="outline-container-orgdae680c" class="outline-2">
-<h2 id="orgdae680c">Mesh system doesn't connect to the network</h2>
-<div class="outline-text-2" id="text-orgdae680c">
+<div id="outline-container-org80b7531" class="outline-2">
+<h2 id="org80b7531">Mesh system doesn't connect to the network</h2>
+<div class="outline-text-2" id="text-org80b7531">
 <p>
 Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the <b>network restart</b> icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects.
 </p>

website/EN/homeserver.html

@@ -3,26 +3,33 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 18:24 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone home server setup"
+<!-- 2018-04-24 Tue 18:17 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone home server setup"
  />
-<meta  name="keywords" content="freedombone, home server" />
+<meta name="keywords" content="freedombone, home server" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -49,27 +56,111 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -89,6 +180,7 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -97,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -144,7 +236,6 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
@@ -152,9 +243,9 @@ for the JavaScript code in this tag.
 </div>
 
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Home Server</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-org3d2bd4a" class="outline-2">
+<h2 id="org3d2bd4a">Home Server</h2>
+<div class="outline-text-2" id="text-org3d2bd4a">
 <p>
 The quickest way to get started is as follows. You will need to be running a Debian based system (version 8 or later), have an old but still working laptop or netbook which you can use as a server, and 8GB or larger USB thumb drive and an ethernet cable to connect the laptop to your internet router.
 </p>
@@ -164,10 +255,9 @@ First install freedombone onto your local system (not the target hardware that y
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo apt-get install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup debian
@@ -180,10 +270,9 @@ Or on Arch/Parabola:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo pacman -S git dialog
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup parabola
@@ -196,7 +285,6 @@ Now prepare your local system to talk to the freedombone by running the followin
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-client
 </pre>
 </div>
@@ -234,7 +322,6 @@ List what drives are on your system with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ls /dev/sd*
 </pre>
 </div>
@@ -248,9 +335,8 @@ You can now copy the image to the USB thumb drive, replacing <b>sdX</b> with the
 </p>
 
 <div class="org-src-container">
-
-<pre class="src src-bash">dd if=/dev/zero of=/dev/sdX bs=1M count=8
-dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
+<pre class="src src-bash">dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -263,7 +349,6 @@ As the system boots for the first time the login is:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">username: fbone
 password: freedombone
 </pre>
@@ -274,7 +359,6 @@ If you're installing from a microSD card on a single board computer without a sc
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
 </div>
@@ -296,7 +380,6 @@ When it's installed on your local system open a terminal and verify the ssh serv
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-client --verify
 </pre>
 </div>
@@ -316,7 +399,6 @@ Open another terminal window then run:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-client
 ssh myusername@freedombone.local -p 2222
 </pre>
@@ -338,7 +420,7 @@ Then select <b>About</b>. You'll see a list of sites and their onion addresses.
 
 
 <div class="figure">
-<p><img src="images/controlpanel/control_panel_about.jpg" alt="control_panel_about.jpg" width="80%" align="center" />
+<p><img src="images/controlpanel/control_panel_about.jpg" alt="control_panel_about.jpg" width="100%" align="center" />
 </p>
 </div>
 
@@ -377,7 +459,6 @@ Of course, this is just one way in which you can install the Freedombone system.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">man freedombone-image
 </pre>
 </div>

website/EN/installation.html

@@ -3,26 +3,33 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 13:09 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone installation"
+<!-- 2018-04-21 Sat 14:58 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone installation"
  />
-<meta  name="keywords" content="freedombone, installation" />
+<meta name="keywords" content="freedombone, installation" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -49,27 +56,111 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -89,6 +180,7 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -97,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -144,66 +236,65 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Installation</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-orgaaffe7e" class="outline-2">
+<h2 id="orgaaffe7e">Installation</h2>
+<div class="outline-text-2" id="text-orgaaffe7e">
 <table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
 
 
 <colgroup>
-<col  class="left" />
+<col  class="org-left" />
 </colgroup>
 <tbody>
 <tr>
-<td class="left"><a href="#sec-2">Building an image for a Single Board Computer or Virtual Machine</a></td>
+<td class="org-left"><a href="#org85992f0">Building an image for a Single Board Computer or Virtual Machine</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-3">Checklist</a></td>
+<td class="org-left"><a href="#orga435974">Checklist</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="./mesh.html">Mesh network</a></td>
+<td class="org-left"><a href="./mesh.html">Mesh network</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-1">Installation</a></td>
+<td class="org-left"><a href="#orgaaffe7e">Installation</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-5">Social Key Management - the 'Unforgettable Key'</a></td>
+<td class="org-left"><a href="#orgdbb804d">Social Key Management - the 'Unforgettable Key'</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-6">Final Setup</a></td>
+<td class="org-left"><a href="#orgc7f7e79">Final Setup</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-7">Keydrives</a></td>
+<td class="org-left"><a href="#org5c56524">Keydrives</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-8">On Client Machines</a></td>
+<td class="org-left"><a href="#org27e42b6">On Client Machines</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-9">Administering the system</a></td>
+<td class="org-left"><a href="#org24fb926">Administering the system</a></td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
 
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">Building an image for a Single Board Computer or Virtual Machine</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-org85992f0" class="outline-2">
+<h2 id="org85992f0">Building an image for a Single Board Computer or Virtual Machine</h2>
+<div class="outline-text-2" id="text-org85992f0">
 <p>
 You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the <b>freedombone-image</b> command.
 </p>
@@ -213,10 +304,9 @@ Install the freedombone commands onto your laptop/desktop:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo apt-get install git build-essential dialog
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 </pre>
@@ -227,7 +317,6 @@ Then install packages needed for building images:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image --setup debian
 </pre>
 </div>
@@ -237,7 +326,6 @@ or on an Arch/Parabola system:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image --setup parabola
 </pre>
 </div>
@@ -247,7 +335,6 @@ A typical use case to build an 8GB image for a Beaglebone Black is as follows. Y
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t beaglebone -s 8G
 </pre>
 </div>
@@ -257,7 +344,6 @@ If you prefer an advanced installation with all of the options available then us
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t beaglebone -s 8G --minimal no
 </pre>
 </div>
@@ -267,7 +353,6 @@ To build a 64bit Qemu image:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t qemu-x86_64 -s 8G
 </pre>
 </div>
@@ -281,56 +366,49 @@ If the image build fails with an error such as "<i>Error reading from server. Re
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t beaglebone -s 8G -m http://ftp.de.debian.org/debian
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">Checklist</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-orga435974" class="outline-2">
+<h2 id="orga435974">Checklist</h2>
+<div class="outline-text-2" id="text-orga435974">
 <p>
 Before installing Freedombone you will need a few things.
 </p>
 
 <ul class="org-ul">
-<li>Have some domains, or subdomains, registered with a dynamic DNS service. For the full install you may need two "official" purchased domains or be using a subdomain provider which is supported by Let's Encrypt.
-</li>
-<li>System with a new installation of Debian Stretch or a downloaded/prepared disk image
-</li>
-<li>Ethernet connection between the system and your internet router
-</li>
-<li>That it is possible to forward ports from the internet router to the system, typically via firewall settings
-</li>
-<li>Have ssh access to the system, typically via fbone@freedombone.local on port 2222
-</li>
+<li>Have some domains, or subdomains, registered with a dynamic DNS service. For the full install you may need two "official" purchased domains or be using a subdomain provider which is supported by Let's Encrypt.</li>
+<li>System with a new installation of Debian Stretch or a downloaded/prepared disk image</li>
+<li>Ethernet connection between the system and your internet router</li>
+<li>That it is possible to forward ports from the internet router to the system, typically via firewall settings</li>
+<li>Have ssh access to the system, typically via fbone@freedombone.local on port 2222</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-sec-4" class="outline-2">
-<h2 id="sec-4">Installation</h2>
-<div class="outline-text-2" id="text-4">
+<div id="outline-container-org81afcd3" class="outline-2">
+<h2 id="org81afcd3">Installation</h2>
+<div class="outline-text-2" id="text-org81afcd3">
 <p>
 There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
 </p>
 </div>
 
-<div id="outline-container-sec-4-1" class="outline-3">
-<h3 id="sec-4-1">On a Laptop, Netbook or Desktop machine</h3>
-<div class="outline-text-3" id="text-4-1">
+<div id="outline-container-org8cf2237" class="outline-3">
+<h3 id="org8cf2237">On a Laptop, Netbook or Desktop machine</h3>
+<div class="outline-text-3" id="text-org8cf2237">
 <p>
 If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Stretch onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">su
 apt-get update
 apt-get -y install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 make install
 freedombone menuconfig
@@ -339,28 +417,21 @@ freedombone menuconfig
 </div>
 </div>
 
-<div id="outline-container-sec-4-2" class="outline-3">
-<h3 id="sec-4-2">On a single board computer (SBC)</h3>
-<div class="outline-text-3" id="text-4-2">
+<div id="outline-container-orge5e5408" class="outline-3">
+<h3 id="orge5e5408">On a single board computer (SBC)</h3>
+<div class="outline-text-3" id="text-orge5e5408">
 <p>
 Currently the following boards are supported:
 </p>
 
 <ul class="org-ul">
-<li><a href="https://beagleboard.org/BLACK">Beaglebone Black</a>
-</li>
-<li><a href="https://linux-sunxi.org/Cubietech_Cubieboard2">Cubieboard 2</a>
-</li>
-<li><a href="https://linux-sunxi.org/Cubietruck">Cubietruck (Cubieboard 3)</a>
-</li>
-<li><a href="https://www.sparkfun.com/products/retired/12856">PCDuino3</a>
-</li>
-<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME/open-source-hardware">olinuxino Lime</a>
-</li>
-<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware">olinuxino Lime2</a>
-</li>
-<li><a href="https://www.olimex.com/Products/OlinuXino/A20/A20-OlinuXino-MICRO/open-source-hardware">olinuxino Micro</a>
-</li>
+<li><a href="https://beagleboard.org/BLACK">Beaglebone Black</a></li>
+<li><a href="https://linux-sunxi.org/Cubietech_Cubieboard2">Cubieboard 2</a></li>
+<li><a href="https://linux-sunxi.org/Cubietruck">Cubietruck (Cubieboard 3)</a></li>
+<li><a href="https://www.sparkfun.com/products/retired/12856">PCDuino3</a></li>
+<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME/open-source-hardware">olinuxino Lime</a></li>
+<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware">olinuxino Lime2</a></li>
+<li><a href="https://www.olimex.com/Products/OlinuXino/A20/A20-OlinuXino-MICRO/open-source-hardware">olinuxino Micro</a></li>
 </ul>
 
 <p>
@@ -368,7 +439,6 @@ If there is no existing image available then you can build one from scratch. See
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">gpg --verify filename.img.asc
 </pre>
 </div>
@@ -378,7 +448,6 @@ And the hash with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sha256sum filename.img
 </pre>
 </div>
@@ -388,7 +457,6 @@ If the image is compressed then decompress it with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">unxz filename.img.xz
 </pre>
 </div>
@@ -398,8 +466,7 @@ Then copy it to a microSD card. Depending on your system you may need an adaptor
 </p>
 
 <div class="org-src-container">
-
-<pre class="src src-bash">sudo dd bs=1M if=filename.img of=/dev/sdX conv=fdatasync
+<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=filename.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -408,7 +475,6 @@ Where <b>sdX</b> is the microSD drive. You can check which drive is the microSD
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ls /dev/sd*
 </pre>
 </div>
@@ -422,7 +488,6 @@ With the board connected and running you can ssh into the system with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
 </div>
@@ -433,15 +498,14 @@ Using the password 'freedombone'. Take a note of the new login password and then
 </div>
 </div>
 
-<div id="outline-container-sec-4-3" class="outline-3">
-<h3 id="sec-4-3">As a Virtual Machine</h3>
-<div class="outline-text-3" id="text-4-3">
+<div id="outline-container-org9ae9946" class="outline-3">
+<h3 id="org9ae9946">As a Virtual Machine</h3>
+<div class="outline-text-3" id="text-org9ae9946">
 <p>
 Qemu is currently supported, since it's s fully free software system. You can run a 64 bit Qemu image with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">qemu-system-x86_64 -m 1G filename.img
 </pre>
 </div>
@@ -453,42 +517,42 @@ The default login will be username 'fbone' and password 'freedombone'. Take a no
 </div>
 </div>
 
-<div id="outline-container-sec-5" class="outline-2">
-<h2 id="sec-5">Social Key Management - the 'Unforgettable Key'</h2>
-<div class="outline-text-2" id="text-5">
+<div id="outline-container-orgdbb804d" class="outline-2">
+<h2 id="orgdbb804d">Social Key Management - the 'Unforgettable Key'</h2>
+<div class="outline-text-2" id="text-orgdbb804d">
 <p>
 During the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities
 </p>
 </div>
 
-<div id="outline-container-sec-5-1" class="outline-3">
-<h3 id="sec-5-1">You have the gnupg keyring on an encrypted USB drive</h3>
-<div class="outline-text-3" id="text-5-1">
+<div id="outline-container-orgea070ec" class="outline-3">
+<h3 id="orgea070ec">You have the gnupg keyring on an encrypted USB drive</h3>
+<div class="outline-text-3" id="text-orgea070ec">
 <p>
 If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-5-2" class="outline-3">
-<h3 id="sec-5-2">You have a number of key fragments on USB drives retrieved from friends</h3>
-<div class="outline-text-3" id="text-5-2">
+<div id="outline-container-org08d572c" class="outline-3">
+<h3 id="org08d572c">You have a number of key fragments on USB drives retrieved from friends</h3>
+<div class="outline-text-3" id="text-org08d572c">
 <p>
-If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#sec-7">Keydrives</a>.
+If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#org5c56524">Keydrives</a>.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-5-3" class="outline-3">
-<h3 id="sec-5-3">You can specify some ssh login details for friends servers containing key fragments</h3>
-<div class="outline-text-3" id="text-5-3">
+<div id="outline-container-orgf13618c" class="outline-3">
+<h3 id="orgf13618c">You can specify some ssh login details for friends servers containing key fragments</h3>
+<div class="outline-text-3" id="text-orgf13618c">
 <p>
 Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.
 </p>
 </div>
 </div>
 </div>
-<div id="outline-container-sec-6" class="outline-2">
-<h2 id="sec-6">Final Setup</h2>
-<div class="outline-text-2" id="text-6">
+<div id="outline-container-orgc7f7e79" class="outline-2">
+<h2 id="orgc7f7e79">Final Setup</h2>
+<div class="outline-text-2" id="text-orgc7f7e79">
 <p>
 Any manual post-installation setup instructions or passwords can be found in /home/username/README.
 </p>
@@ -501,127 +565,126 @@ On your internet router, typically under firewall settings, open the following p
 
 
 <colgroup>
-<col  class="left" />
+<col  class="org-left" />
 
-<col  class="right" />
+<col  class="org-right" />
 </colgroup>
 <thead>
 <tr>
-<th scope="col" class="left">Service</th>
-<th scope="col" class="right">Ports</th>
+<th scope="col" class="org-left">Service</th>
+<th scope="col" class="org-right">Ports</th>
 </tr>
 </thead>
 <tbody>
 <tr>
-<td class="left">HTTP</td>
-<td class="right">80</td>
+<td class="org-left">HTTP</td>
+<td class="org-right">80</td>
 </tr>
 
 <tr>
-<td class="left">HTTPS</td>
-<td class="right">443</td>
+<td class="org-left">HTTPS</td>
+<td class="org-right">443</td>
 </tr>
 
 <tr>
-<td class="left">SSH</td>
-<td class="right">2222</td>
+<td class="org-left">SSH</td>
+<td class="org-right">2222</td>
 </tr>
 
 <tr>
-<td class="left">DLNA</td>
-<td class="right">1900</td>
+<td class="org-left">DLNA</td>
+<td class="org-right">1900</td>
 </tr>
 
 <tr>
-<td class="left">DLNA</td>
-<td class="right">8200</td>
+<td class="org-left">DLNA</td>
+<td class="org-right">8200</td>
 </tr>
 
 <tr>
-<td class="left">XMPP</td>
-<td class="right">5222..5223</td>
+<td class="org-left">XMPP</td>
+<td class="org-right">5222..5223</td>
 </tr>
 
 <tr>
-<td class="left">XMPP</td>
-<td class="right">5269</td>
+<td class="org-left">XMPP</td>
+<td class="org-right">5269</td>
 </tr>
 
 <tr>
-<td class="left">XMPP</td>
-<td class="right">5280..5281</td>
+<td class="org-left">XMPP</td>
+<td class="org-right">5280..5281</td>
 </tr>
 
 <tr>
-<td class="left">IRC</td>
-<td class="right">6697</td>
+<td class="org-left">IRC</td>
+<td class="org-right">6697</td>
 </tr>
 
 <tr>
-<td class="left">Git</td>
-<td class="right">9418</td>
+<td class="org-left">Git</td>
+<td class="org-right">9418</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">25</td>
+<td class="org-left">Email</td>
+<td class="org-right">25</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">587</td>
+<td class="org-left">Email</td>
+<td class="org-right">587</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">465</td>
+<td class="org-left">Email</td>
+<td class="org-right">465</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">993</td>
+<td class="org-left">Email</td>
+<td class="org-right">993</td>
 </tr>
 
 <tr>
-<td class="left">VoIP</td>
-<td class="right">64738</td>
+<td class="org-left">VoIP</td>
+<td class="org-right">64738</td>
 </tr>
 
 <tr>
-<td class="left">VoIP</td>
-<td class="right">5060</td>
+<td class="org-left">VoIP</td>
+<td class="org-right">5060</td>
 </tr>
 
 <tr>
-<td class="left">Tox</td>
-<td class="right">33445</td>
+<td class="org-left">Tox</td>
+<td class="org-right">33445</td>
 </tr>
 
 <tr>
-<td class="left">Syncthing</td>
-<td class="right">22000</td>
+<td class="org-left">Syncthing</td>
+<td class="org-right">22000</td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
 
-<div id="outline-container-sec-7" class="outline-2">
-<h2 id="sec-7">Keydrives</h2>
-<div class="outline-text-2" id="text-7">
+<div id="outline-container-org5c56524" class="outline-2">
+<h2 id="org5c56524">Keydrives</h2>
+<div class="outline-text-2" id="text-org5c56524">
 <p>
 After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:
 </p>
 </div>
-<div id="outline-container-sec-7-1" class="outline-3">
-<h3 id="sec-7-1">Master Keydrive</h3>
-<div class="outline-text-3" id="text-7-1">
+<div id="outline-container-orga8df9a9" class="outline-3">
+<h3 id="orga8df9a9">Master Keydrive</h3>
+<div class="outline-text-3" id="text-orga8df9a9">
 <p>
 This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">done from the <i>Disk Utility</i> application</a>. Then plug it into the Freedombone system, then from your local machine run:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@mydomainname -p 2222
 </pre>
 </div>
@@ -631,15 +694,14 @@ Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Back
 </p>
 </div>
 </div>
-<div id="outline-container-sec-7-2" class="outline-3">
-<h3 id="sec-7-2">Fragment keydrives</h3>
-<div class="outline-text-3" id="text-7-2">
+<div id="outline-container-orgfbd6e5b" class="outline-3">
+<h3 id="orgfbd6e5b">Fragment keydrives</h3>
+<div class="outline-text-3" id="text-orgfbd6e5b">
 <p>
 This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be done from the <i>Disk Utility</i> application</a>. Plug it into the Freedombone system then from your local machine run the following commands:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@mydomainname -p 2222
 </pre>
 </div>
@@ -654,19 +716,18 @@ Fragments are randomly assigned and so you will need at least three or four keyd
 </div>
 </div>
 </div>
-<div id="outline-container-sec-8" class="outline-2">
-<h2 id="sec-8">On Client Machines</h2>
-<div class="outline-text-2" id="text-8">
+<div id="outline-container-org27e42b6" class="outline-2">
+<h2 id="org27e42b6">On Client Machines</h2>
+<div class="outline-text-2" id="text-org27e42b6">
 <p>
 You can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo apt-get update
 sudo apt-get install git dialog haveged build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 freedombone-client
@@ -675,15 +736,14 @@ freedombone-client
 </div>
 </div>
 
-<div id="outline-container-sec-9" class="outline-2">
-<h2 id="sec-9">Administering the system</h2>
-<div class="outline-text-2" id="text-9">
+<div id="outline-container-org24fb926" class="outline-2">
+<h2 id="org24fb926">Administering the system</h2>
+<div class="outline-text-2" id="text-org24fb926">
 <p>
 To administer the system after installation log in via ssh, become the root user and then launch the control panel.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@freedombone.local -p 2222
 </pre>
 </div>
@@ -692,14 +752,9 @@ To administer the system after installation log in via ssh, become the root user
 Select <i>Administrator controls</i> then from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
 </p>
 
-<div class="export">
-<p>
-&lt;center&gt;
-Return to the &lt;a href="index.html"&gt;home page&lt;/a&gt;
-&lt;/center&gt;
-</p>
-
-</div>
+<center>
+Return to the <a href="index.html">home page</a>
+</center>
 </div>
 </div>
 </div>

website/EN/mesh_capabilities.html

@@ -3,26 +3,33 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 18:24 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone mesh network capabilities"
+<!-- 2018-04-22 Sun 10:31 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone mesh network capabilities"
  />
-<meta  name="keywords" content="freedombone, mesh" />
+<meta name="keywords" content="freedombone, mesh" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -49,27 +56,111 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -89,6 +180,7 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -97,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -144,51 +236,34 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Mesh Network: Capabilities</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-org19c4251" class="outline-2">
+<h2 id="org19c4251">Mesh Network: Capabilities</h2>
+<div class="outline-text-2" id="text-org19c4251">
 <p>
 The mesh system has the following capabilities:
 </p>
 
 <ul class="org-ul">
-<li>Discovery of other users on the network
-</li>
-<li>Text based chat, one-to-one and in groups
-</li>
-<li>Voice chat (VoIP) and video calls
-</li>
-<li>Private and public sharing of files
-</li>
-<li>Blogging
-</li>
-<li>Collaborative editing of documents and presentations
-</li>
-<li>Creating and broadcasting audio media/podcasts
-</li>
-<li>Social network stream. Follow/unfollow other peers
-</li>
-<li>No network administration required
-</li>
-<li>No servers
-</li>
-<li>Internet connection is optional
-</li>
-<li>Works from bootable USB drives or microSD drives
-</li>
-<li>Data is mesh routed between systems
-</li>
-<li>Private communications is end-to-end secured and forward secret
-</li>
-<li>Publicly shared data is <i>content addressable</i>
-</li>
+<li>Discovery of other users on the network</li>
+<li>Text based chat, one-to-one and in groups</li>
+<li>Voice chat (VoIP) and video calls</li>
+<li>Private and public sharing of files</li>
+<li>Blogging</li>
+<li>Collaborative editing of documents and presentations</li>
+<li>Social network stream. Follow/unfollow other peers</li>
+<li>No network administration required</li>
+<li>No servers</li>
+<li>Internet connection is optional</li>
+<li>Works from bootable USB drives or microSD drives</li>
+<li>Data is mesh routed between systems</li>
+<li>Private communications is end-to-end secured and forward secret</li>
+<li>Publicly shared data is <i>content addressable</i></li>
 </ul>
 
 <p>

website/EN/mesh_images.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-15 Sun 18:25 -->
+<!-- 2018-04-21 Sat 14:59 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -242,17 +242,17 @@ for the JavaScript code in this tag.
 </p>
 </div>
 
-<div id="outline-container-orgd03cecc" class="outline-2">
-<h2 id="orgd03cecc">Mesh Network: Images</h2>
+<div id="outline-container-org86cebe1" class="outline-2">
+<h2 id="org86cebe1">Mesh Network: Images</h2>
 </div>
 
-<div id="outline-container-org2613bbd" class="outline-2">
-<h2 id="org2613bbd">Pre-built Disk Images</h2>
-<div class="outline-text-2" id="text-org2613bbd">
+<div id="outline-container-org144a10d" class="outline-2">
+<h2 id="org144a10d">Pre-built Disk Images</h2>
+<div class="outline-text-2" id="text-org144a10d">
 </div>
-<div id="outline-container-org3cdda6d" class="outline-3">
-<h3 id="org3cdda6d">Writing many images quickly</h3>
-<div class="outline-text-3" id="text-org3cdda6d">
+<div id="outline-container-org4231464" class="outline-3">
+<h3 id="org4231464">Writing many images quickly</h3>
+<div class="outline-text-3" id="text-org4231464">
 <p>
 There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
 </p>
@@ -280,9 +280,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
 </p>
 </div>
 </div>
-<div id="outline-container-org41f717a" class="outline-3">
-<h3 id="org41f717a">Client images</h3>
-<div class="outline-text-3" id="text-org41f717a">
+<div id="outline-container-org47d0e94" class="outline-3">
+<h3 id="org47d0e94">Client images</h3>
+<div class="outline-text-3" id="text-org47d0e94">
 
 <div class="figure">
 <p><img src="images/mesh_netbook.jpg" alt="mesh_netbook.jpg" width="100%" align="center" />
@@ -299,8 +299,8 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz
 wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.sig
 gpg --verify freedombone-meshclient-i386.img.xz.sig
 unxz freedombone-meshclient-i386.img.xz
-sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-meshclient-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -318,23 +318,23 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.
 wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz.sig
 gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
 unxz freedombone-meshclient-insecure-i386.img.xz
-sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-meshclient-insecure-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-insecure-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-orgbe3f97e" class="outline-3">
-<h3 id="orgbe3f97e">Router images</h3>
-<div class="outline-text-3" id="text-orgbe3f97e">
+<div id="outline-container-orge2c765f" class="outline-3">
+<h3 id="orge2c765f">Router images</h3>
+<div class="outline-text-3" id="text-orge2c765f">
 <p>
 Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
 </p>
 </div>
-<div id="outline-container-org1859392" class="outline-4">
-<h4 id="org1859392">Beaglebone Black</h4>
-<div class="outline-text-4" id="text-org1859392">
+<div id="outline-container-org0194fde" class="outline-4">
+<h4 id="org0194fde">Beaglebone Black</h4>
+<div class="outline-text-4" id="text-org0194fde">
 
 <div class="figure">
 <p><img src="images/mesh_router.jpg" alt="mesh_router.jpg" width="50%" align="center" />
@@ -353,7 +353,7 @@ gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
 ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
 unxz freedombone-mesh_beaglebone-armhf.img.xz
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-mesh_beaglebone-armhf.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-mesh_beaglebone-armhf.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -369,9 +369,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
 </div>
 </div>
 
-<div id="outline-container-orgf16e84d" class="outline-2">
-<h2 id="orgf16e84d">Building Disk Images</h2>
-<div class="outline-text-2" id="text-orgf16e84d">
+<div id="outline-container-orgfcd1440" class="outline-2">
+<h2 id="orgfcd1440">Building Disk Images</h2>
+<div class="outline-text-2" id="text-orgfcd1440">
 <p>
 It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
 </p>
@@ -425,8 +425,8 @@ You can now copy the image to the USB thumb drive, replacing <b>sdX</b> with the
 </p>
 
 <div class="org-src-container">
-<pre class="src src-bash">sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+<pre class="src src-bash">sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 

website/EN/mobile.html

@@ -3,26 +3,33 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 18:25 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone mobile setup"
+<!-- 2018-04-24 Tue 16:29 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone mobile setup"
  />
-<meta  name="keywords" content="freedombone, mobile" />
+<meta name="keywords" content="freedombone, mobile" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -49,27 +56,111 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -89,6 +180,7 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -97,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -144,55 +236,19 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Mobile</h2>
-<div class="outline-text-2" id="text-1">
 <p>
 Mobile phones are insecure devices, but they're regarded as being so essential to modern life that telling people not to use them isn't a viable option. Here are some recommendations on setting up a mobile phone (aka "smartphone") to work with Freedombone.
 </p>
 
-<div class="export">
-<p>
- &lt;center&gt;
- &lt;table style="width:80%; border:0"&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Open&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Use a free and open source operating system. Open means more trustworthy&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Remove&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;If there are any proprietary apps then remove or deactivate them&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Encrypt&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Make sure your phone is encrypted with a password which isn't easy to guess&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Apps&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Use F-droid to install new apps&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Lock&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Enable a lock screen with a maximum number of password guesses&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Onion&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Onion route your connections to avoid bulk metadata collection&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Email&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Access webmail in a browser&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Services&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Connect to the Freedombone services&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Battery&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Avoid battery-eating apps and disable some optimisations&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Block&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Prevent access to know bad domains&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-&lt;/table&gt;
-&lt;/center&gt;
-</p>
-
-</div>
-</div>
-</div>
-
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">Open</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-orgc9f2368" class="outline-2">
+<h2 id="orgc9f2368">Open</h2>
+<div class="outline-text-2" id="text-orgc9f2368">
 <p>
 Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
 </p>
@@ -207,27 +263,27 @@ In the end it comes down to the fact that <i>if the source code for the device c
 </div>
 </div>
 
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">Remove</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-org1da5240" class="outline-2">
+<h2 id="org1da5240">Remove</h2>
+<div class="outline-text-2" id="text-org1da5240">
 <p>
 So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of <i>surveillance capital</i>. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-4" class="outline-2">
-<h2 id="sec-4">Encrypt</h2>
-<div class="outline-text-2" id="text-4">
+<div id="outline-container-orge6cd0f0" class="outline-2">
+<h2 id="orge6cd0f0">Encrypt</h2>
+<div class="outline-text-2" id="text-orge6cd0f0">
 <p>
 Encrypt your phone. This can usually be done via <b>Settings/Security</b> and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-5" class="outline-2">
-<h2 id="sec-5">Apps</h2>
-<div class="outline-text-2" id="text-5">
+<div id="outline-container-org149be87" class="outline-2">
+<h2 id="org149be87">Apps</h2>
+<div class="outline-text-2" id="text-org149be87">
 <p>
 Installing <b>F-droid</b> and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.
 </p>
@@ -238,18 +294,18 @@ Avoid using the Open Whisper Systems Signal app if you can, no matter what "expe
 </div>
 </div>
 
-<div id="outline-container-sec-6" class="outline-2">
-<h2 id="sec-6">Lock</h2>
-<div class="outline-text-2" id="text-6">
+<div id="outline-container-orgd1ea4fa" class="outline-2">
+<h2 id="orgd1ea4fa">Lock</h2>
+<div class="outline-text-2" id="text-orgd1ea4fa">
 <p>
 Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called <b>Locker</b>, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-7" class="outline-2">
-<h2 id="sec-7">Onion</h2>
-<div class="outline-text-2" id="text-7">
+<div id="outline-container-org98e33e6" class="outline-2">
+<h2 id="org98e33e6">Onion</h2>
+<div class="outline-text-2" id="text-org98e33e6">
 <p>
 Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not <i>theoretically</i> impossible but at least <i>very hard</i> for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.
 </p>
@@ -260,26 +316,26 @@ In F-droid under the <b>repositories</b> menu you can enable the <b>guardian pro
 </div>
 </div>
 
-<div id="outline-container-sec-8" class="outline-2">
-<h2 id="sec-8">Email</h2>
-<div class="outline-text-2" id="text-8">
+<div id="outline-container-org0b855a4" class="outline-2">
+<h2 id="org0b855a4">Email</h2>
+<div class="outline-text-2" id="text-org0b855a4">
 <p>
 The easiest way to access email is by installing the <a href="./app_mailpile.html">Mailpile</a> app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-9" class="outline-2">
-<h2 id="sec-9">Services</h2>
-<div class="outline-text-2" id="text-9">
+<div id="outline-container-org4eecc0f" class="outline-2">
+<h2 id="org4eecc0f">Services</h2>
+<div class="outline-text-2" id="text-org4eecc0f">
 <p>
 For information on configuring various apps to work with Freedombone see the <a href="./apps.html">apps section</a>. Also see advice on chat apps in the <a href="./faq.html">FAQ</a>.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-10" class="outline-2">
-<h2 id="sec-10">Battery</h2>
-<div class="outline-text-2" id="text-10">
+<div id="outline-container-org0f96cf1" class="outline-2">
+<h2 id="org0f96cf1">Battery</h2>
+<div class="outline-text-2" id="text-org0f96cf1">
 <p>
 Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.
 </p>
@@ -298,9 +354,9 @@ It's also recommended to disable battery optimisations for Conversations and Orb
 </div>
 </div>
 
-<div id="outline-container-sec-11" class="outline-2">
-<h2 id="sec-11">Blocking bad domains</h2>
-<div class="outline-text-2" id="text-11">
+<div id="outline-container-orgb6d0da7" class="outline-2">
+<h2 id="orgb6d0da7">Blocking bad domains</h2>
+<div class="outline-text-2" id="text-orgb6d0da7">
 <p>
 You can block known bad domains by editing the <b>/system/etc/hosts</b> file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
 </p>
@@ -318,7 +374,6 @@ On your system (not the device) install the <b>android-tools</b> package. For ex
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo pacman -S android-tools
 </pre>
 </div>
@@ -328,7 +383,6 @@ Connect the device to your system via a USB cable, then:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">adb root
 adb remount
 adb pull /system/etc/hosts
@@ -340,7 +394,6 @@ Now edit the hosts file which was pulled and append:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">127.0.0.1       www.facebook.com
 127.0.0.1       facebook.com
 127.0.0.1       static.ak.fbcdn.net
@@ -365,7 +418,6 @@ Then upload the hosts file back again with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">adb push hosts /system/etc/hosts
 </pre>
 </div>
@@ -374,14 +426,9 @@ Then upload the hosts file back again with:
 Once that's done you may want to set <b>Root access</b> on the device back to <b>Disabled</b> and turn <b>Android debugging</b> off.
 </p>
 
-<div class="export">
-<p>
-&lt;center&gt;
-Return to the &lt;a href="index.html"&gt;home page&lt;/a&gt;
-&lt;/center&gt;
-</p>
-
-</div>
+<center>
+Return to the <a href="index.html">home page</a>
+</center>
 
 
 

website/EN/release3.html

@@ -3,26 +3,33 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 13:25 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Version 3"
+<!-- 2018-04-21 Sat 14:59 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Version 3"
  />
-<meta  name="keywords" content="freedombone" />
+<meta name="keywords" content="freedombone" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
@@ -49,27 +56,111 @@
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
@@ -89,6 +180,7 @@
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
@@ -97,7 +189,7 @@
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
@@ -144,16 +236,15 @@ for the JavaScript code in this tag.
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/release3.jpg" alt="release3.jpg" width="100%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Building an internet run by the users, for the users</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-org9121f8f" class="outline-2">
+<h2 id="org9121f8f">Building an internet run by the users, for the users</h2>
+<div class="outline-text-2" id="text-org9121f8f">
 <p>
 The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries.
 </p>
@@ -163,27 +254,20 @@ Freedombone version 3 is based on Debian 9 (Stretch). It was released in July 20
 </p>
 
 <ul class="org-ul">
-<li>Faster initial setup
-</li>
-<li>More <a href="./apps.html">installable apps</a>, including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb
-</li>
-<li>Automated <a href="https://github.com/hardenedlinux/STIG-4-Debian">security tests</a>
-</li>
-<li>Improved XMPP configuration for support of the <a href="https://conversations.im">Conversations</a> app features
-</li>
-<li>Improved blocking controls for a better federated network experience
-</li>
-<li>Uses <a href="https://en.wikipedia.org/wiki/EdDSA">elliptic curve</a> based GPG keys for better performance on low power single board computers
-</li>
-<li>Pre-downloaded repos distributed within images for faster and more autonomous app installs
-</li>
+<li>Faster initial setup</li>
+<li>More <a href="./apps.html">installable apps</a>, including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb</li>
+<li>Automated <a href="https://github.com/hardenedlinux/STIG-4-Debian">security tests</a></li>
+<li>Improved XMPP configuration for support of the <a href="https://conversations.im">Conversations</a> app features</li>
+<li>Improved blocking controls for a better federated network experience</li>
+<li>Uses <a href="https://en.wikipedia.org/wiki/EdDSA">elliptic curve</a> based GPG keys for better performance on low power single board computers</li>
+<li>Pre-downloaded repos distributed within images for faster and more autonomous app installs</li>
 </ul>
 </div>
 </div>
 
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">Installation</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-org68d06a3" class="outline-2">
+<h2 id="org68d06a3">Installation</h2>
+<div class="outline-text-2" id="text-org68d06a3">
 <p>
 The simplest way to install is from a pre-made disk image. Images can be <a href="https://freedombone.net/downloads/v3">downloaded here</a>. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
 </p>
@@ -193,9 +277,8 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">unxz downloadedimagefile.img.xz
-dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -212,7 +295,6 @@ As the system boots for the first time the login is:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">username: fbone
 password: freedombone
 </pre>
@@ -223,7 +305,6 @@ If you're installing from a microSD card on a single board computer without a sc
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
 </div>
@@ -242,9 +323,9 @@ More detailed installation instructions are linked from <a href="./index.html">t
 </div>
 </div>
 
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">Upgrading from a previous install</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-org976059e" class="outline-2">
+<h2 id="org976059e">Upgrading from a previous install</h2>
+<div class="outline-text-2" id="text-org976059e">
 <p>
 To upgrade from the Debian Jessie version first create a master keydrive. Go to the <b>Administrator control panel</b> and select <b>Backup and restore</b> then <b>Backup GPG key to USB (master keydrive)</b>. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting <b>Backup data to USB drive</b> and using another LUKS encrypted USB drive.
 </p>

website/EN/release31.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-15 Sun 19:01 -->
+<!-- 2018-04-21 Sat 15:00 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -242,9 +242,9 @@ for the JavaScript code in this tag.
 </p>
 </div>
 
-<div id="outline-container-org996a8d0" class="outline-2">
-<h2 id="org996a8d0"><b>Version 3.1, 2018-04-15</b></h2>
-<div class="outline-text-2" id="text-org996a8d0">
+<div id="outline-container-org562f1b2" class="outline-2">
+<h2 id="org562f1b2"><b>Version 3.1, 2018-04-15</b></h2>
+<div class="outline-text-2" id="text-org562f1b2">
 <p>
 Newer and shinier than before, <a href="./index.html">Freedombone</a> 3.1 rests upon the solid foundation of Debian stable and delivers major new self-hosted apps, improved mesh networking and a new logo. It supports version 3 onion addresses and the ability to use <a href="./usage_email.html">email with onion and I2P addresses</a>. New apps are:
 </p>
@@ -281,9 +281,9 @@ The future is decentralized.
 </div>
 </div>
 
-<div id="outline-container-org811872a" class="outline-2">
-<h2 id="org811872a">Installation</h2>
-<div class="outline-text-2" id="text-org811872a">
+<div id="outline-container-org0f2b77a" class="outline-2">
+<h2 id="org0f2b77a">Installation</h2>
+<div class="outline-text-2" id="text-org0f2b77a">
 <p>
 The simplest way to install is from a pre-made disk image. Images can be <a href="https://freedombone.net/downloads/v31">downloaded here</a>. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere. Or if you don't need clearnet domains and will be using Tor compatible browsers then you can use the "onion only" images where apps will be accessible via an onion address.
 </p>
@@ -294,7 +294,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
 
 <div class="org-src-container">
 <pre class="src src-bash">unxz downloadedimagefile.img.xz
-dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -339,9 +339,9 @@ More detailed installation instructions are linked from <a href="./installmethod
 </div>
 </div>
 
-<div id="outline-container-orgba24030" class="outline-2">
-<h2 id="orgba24030">Upgrading from a previous install</h2>
-<div class="outline-text-2" id="text-orgba24030">
+<div id="outline-container-orgf8d3f00" class="outline-2">
+<h2 id="orgf8d3f00">Upgrading from a previous install</h2>
+<div class="outline-text-2" id="text-orgf8d3f00">
 <p>
 To upgrade from version 3 just go to the <b>administrator control panel</b> and select <b>check for updates</b>.
 </p>

website/EN/socialinstance.html

@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-15 Sun 18:26 -->
+<!-- 2018-04-21 Sat 15:00 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -242,9 +242,9 @@ for the JavaScript code in this tag.
 </p>
 </div>
 
-<div id="outline-container-org3a57e54" class="outline-2">
-<h2 id="org3a57e54">Social Instance</h2>
-<div class="outline-text-2" id="text-org3a57e54">
+<div id="outline-container-org7227583" class="outline-2">
+<h2 id="org7227583">Social Instance</h2>
+<div class="outline-text-2" id="text-org7227583">
 <p>
 A social instance image allows you to easily set up a fediverse server, which federates using the OStatus or ActivityPub protocol. You will need:
 </p>
@@ -263,9 +263,9 @@ The installation process is the same as usual, with the only difference being th
 </div>
 </div>
 
-<div id="outline-container-orgb2f2066" class="outline-2">
-<h2 id="orgb2f2066">Copy the image to the USB drive</h2>
-<div class="outline-text-2" id="text-orgb2f2066">
+<div id="outline-container-org1d12ef2" class="outline-2">
+<h2 id="org1d12ef2">Copy the image to the USB drive</h2>
+<div class="outline-text-2" id="text-org1d12ef2">
 <p>
 Substitute <b>sdX</b> with the device name for your USB drive.
 </p>
@@ -276,8 +276,8 @@ wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz
 wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
 gpg --verify freedombone-pleroma-amd64.img.xz.sig
 unxz freedombone-pleroma-amd64.img.xz
-sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-pleroma-amd64.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-pleroma-amd64.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
@@ -287,9 +287,9 @@ Also note that if the laptop has a removable SSD drive it's possible to copy the
 </div>
 </div>
 
-<div id="outline-container-orgb12b5ef" class="outline-2">
-<h2 id="orgb12b5ef">Connect the laptop to your internet router</h2>
-<div class="outline-text-2" id="text-orgb12b5ef">
+<div id="outline-container-org1acc3f8" class="outline-2">
+<h2 id="org1acc3f8">Connect the laptop to your internet router</h2>
+<div class="outline-text-2" id="text-org1acc3f8">
 <p>
 Plug the USB drive into the laptop and connect it to your internet router with the ethernet cable.
 </p>
@@ -302,9 +302,9 @@ Plug the USB drive into the laptop and connect it to your internet router with t
 </div>
 </div>
 
-<div id="outline-container-org32addf2" class="outline-2">
-<h2 id="org32addf2">Boot the laptop from the USB drive</h2>
-<div class="outline-text-2" id="text-org32addf2">
+<div id="outline-container-orgc06c32b" class="outline-2">
+<h2 id="orgc06c32b">Boot the laptop from the USB drive</h2>
+<div class="outline-text-2" id="text-orgc06c32b">
 <p>
 You may need to alter the BIOS settings to get this to work reliably.
 </p>
@@ -317,9 +317,9 @@ You may need to alter the BIOS settings to get this to work reliably.
 </div>
 </div>
 
-<div id="outline-container-org6417b90" class="outline-2">
-<h2 id="org6417b90">Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop</h2>
-<div class="outline-text-2" id="text-org6417b90">
+<div id="outline-container-orgbe57b0d" class="outline-2">
+<h2 id="orgbe57b0d">Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop</h2>
+<div class="outline-text-2" id="text-orgbe57b0d">
 <p>
 Log into your internet router using a non-Tor browser (usually it's on an address like 192.168.1.1 or 192.168.1.254). Often port forwarding settings are together with firewall settings.
 </p>
@@ -332,9 +332,9 @@ Log into your internet router using a non-Tor browser (usually it's on an addres
 </div>
 </div>
 
-<div id="outline-container-orga1248fc" class="outline-2">
-<h2 id="orga1248fc">From another machine ssh into the laptop</h2>
-<div class="outline-text-2" id="text-orga1248fc">
+<div id="outline-container-org61c8baa" class="outline-2">
+<h2 id="org61c8baa">From another machine ssh into the laptop</h2>
+<div class="outline-text-2" id="text-org61c8baa">
 <div class="org-src-container">
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
@@ -346,18 +346,18 @@ Or alternatively you can log in directly on the laptop. The initial username is
 </div>
 </div>
 
-<div id="outline-container-orge7dea9e" class="outline-2">
-<h2 id="orge7dea9e">Follow the setup procedure</h2>
-<div class="outline-text-2" id="text-orge7dea9e">
+<div id="outline-container-orgaaaf930" class="outline-2">
+<h2 id="orgaaaf930">Follow the setup procedure</h2>
+<div class="outline-text-2" id="text-orgaaaf930">
 <p>
 Enter your user details, domain name and dynamic DNS settings.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgde5ef18" class="outline-2">
-<h2 id="orgde5ef18">When installation is complete</h2>
-<div class="outline-text-2" id="text-orgde5ef18">
+<div id="outline-container-orgbd9fe95" class="outline-2">
+<h2 id="orgbd9fe95">When installation is complete</h2>
+<div class="outline-text-2" id="text-orgbd9fe95">
 <p>
 Navigate to your domain and register a new user.
 </p>