Merge branch 'stretch' of https://github.com/bashrc/freedombone

README.md

-<img src="https://github.com/bashrc/freedombone/blob/master/img/logo.png?raw=true" width=800/>
+<img src="https://github.com/bashrc/freedombone/blob/master/img/logo.png?raw=true" width=600/>
 
-> _"With the increasing move of our computing to cloud infrastructures, we give up the control of our computing to the managers of those infrastructures. Our terminals (laptops, desktops) might now be running entirely on Free Software, but this is increasingly irrelevant given that most of what actually matters gets executed on a remote closed system that we don’t control. The Free Software community needs to work to help users keep the control of all their computing, by developing suitable alternatives and facilitating their deployment."_ -- Lucas Nussbaum
+So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone is a home server system which enables you to self-host all of these things.
 
-<img src="https://github.com/bashrc/freedombone/blob/master/img/bbb_above.jpg?raw=true" width=800/>
+You can run Freedombone on an old laptop or a single board computer. See the [list of installation methods](https://freedombone.net/installmethods.html). You can also use it to [set up a mesh network](https://freedombone.net/mesh.html) in your local area.
 
-So you want to run your own internet services? Email, chat, VoIP, web sites, file synchronisation, wikis, blogs, social networks, media hosting, backups, VPN. Freedombone enables you to do all of that in a self-hosted way, where you keep control of your data and it resides in your own home.
+Check out the [list of available apps](https://freedombone.net/apps.html) and [Frequently Asked Questions](https://freedombone.net/faq.html) section. Recent developments are also described on [the blog](https://blog.freedombone.net/tag/freedombone).
 
-[Here's how](https://freedombone.net/homeserver.html).
+Disk images which can be cloned straight to USB or microSD drives are [available here](https://freedombone.net/downloads/v31).
 
-And here's how [on a Beaglebone Black](https://freedombone.net/beaglebone.html). A list of other supported ARM boards [can be found here](https://freedombone.net/boards.html).
+If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html) and [Code of Conduct](https://freedombone.net/codeofconduct.html). There is a Matrix chat room available at *#fbone:matrix.freedombone.net*.
 
-Want to make a community mesh network which doesn't depend upon the internet? The [Freedombone Mesh](https://freedombone.net/mesh.html) is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
+If you like this project and want to support continued development then [here's what to do](https://freedombone.net/support.html).
 
-After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it.
-
- * [Apps available on the system](https://freedombone.net/apps.html)
- * [General usage](https://freedombone.net/usage.html)
- * [Frequently Asked Questions](https://freedombone.net/faq.html)
- * [Advice on setting up on a mobile phone](https://freedombone.net/mobile.html)
- * [I like this project. How can I help to support it?](https://freedombone.net/support.html)
-
-If you find bugs, or want to add a new app to this system see the [Developers Guide](https://freedombone.net/devguide.html).
-
-Ready made disk images which can be copied onto USB or microSD drives are [available here](https://freedombone.net/downloads/v3).
+<a href="https://raw.githubusercontent.com/bashrc/freedombone/master/website/EN/fdl-1.3.txt"><img src="https://github.com/bashrc/freedombone/blob/master/img/gfdl.png?raw=true" width=80/></a>

doc/EN/app_pleroma.org

 Select *Add/Remove Apps* then *pleroma*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /pleroma.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
 
 * Initial setup
-The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
+The first thing you'll need to do is to obtain your login details. From the *administrator control panel* select *security settings* then *passwords* then *pleroma*. This gives the password you will need to log in, together with the username you gave during installation of the Freedombone system.
 
 Once you have done that then you can disable further registrations from the *Administrator control panel* by going to *App Settings* then *pleroma* then *Disable new account registrations*. This may take a while because the app gets recompiled afterwards.
 

doc/EN/armbian.org

 Download the Armbian image for your board. It must be version 9 (Stretch), otherwise it won't work. Extract the image from its archive, then copy it to a microSD card:
 
 #+begin_src bash
-sudo dd bs=1M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
 #+end_src
 
 Where */dev/sdX* is the path for the microSD drive on your system.

doc/EN/faq.org

 #+ATTR_HTML: :border -1
 | [[What applications are supported?]]                                                          |
 | [[I don't have a static IP address. Can I still install this system?]]                        |
+| [[What are the best microSD cards to use?]]                                                   |
+| [[On a single board computer can I boot from an external SSD or hard drive?]]                 |
 | [[Why Freedombone and not FreedomBox?]]                                                       |
 | [[Why not support building images for Raspberry Pi?]]                                         |
 | [[Why use Tor? I've heard it's used by bad people]]                                           |
 | [[How is Tor integrated with Freedombone?]]                                                   |
 | [[Can I add a clearnet domain to an onion build?]]                                            |
 | [[Why use Github?]]                                                                           |
+| [[What are the data protection implications of running this system?]]                         |
 | [[After using nmap or other scanning tool I can no longer log in]]                            |
 | [[Should I upload my GPG keys to keybase.io?]]                                                |
 | [[Keys and emails should not be stored on servers. Why do you do that?]]                      |
 Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.
 
 The lack of a static IP address can be worked around by using a dynamic DNS service. Freedombone uses [[https://troglobit.com/inadyn.html][inadyn]] , which supports a variety of dynamic DNS providers.
+* What are the best microSD cards to use?
+There can be big differences in the performance of microSD cards, and the cheaper ones are almost invariably terrible and/or unusable. Sandisk and Samsung currently appear to be the better brands. You can find some performance benchmarks [[http://www.pidramble.com/wiki/benchmarks/microsd-cards][here]]. However, benchmarks like this only give a very rough idea of performance and they can vary significantly between individual cards even within the same brand.
+* On a single board computer can I boot from an external SSD or hard drive?
+Some single board computers, such as Cubieboards or OLinuxino, have a SATA socket on them which enables an external drive to be connected. This is usually intended for extra file storage, but it is also possible to run the operating system from an external drive. This can have the advantage of significantly increasing the read/write performance and your apps will appear to run more quickly.
+
+Typically a microSD read speed is 10-30MB/s. An SSD or hard drive can be 100MB/s or more, so that's a big potential gain.
+
+Single board computers usually don't have the capability of booting directly from an external drive, but what you can do is boot from a partition on a microSD drive, which then runs the main filesystem (the rootfs) from the external drive.
+
+To create an image suitable for running from an SSD or hard drive use the --sata option, such as:
+
+#+BEGIN_SRC bash
+freedombone-image -t cubieboard2 --sata sda2
+#+END_SRC
+
+Note that the sata option should be set to point to the second partition on the drive, which is normally sda2.
+
+When the image is created then use the dd command to copy it both to a microSD card and to the SSD or hard drive. Plug them both into the board and it should then boot and use the external drive.
 * Why Freedombone and not FreedomBox?
 When the project began in late 2013 the FreedomBox project seemed to be going nowhere, and was only designed to work with the DreamPlug hardware. There was some new hardware out - the Beaglebone Black - which could run Debian and was also a free hardware design so seemed more appropriate. Hence the name "Freedombone", being like FreedomBox but on a Beaglebone. There are some similarities and differences between the two projects:
 
 The source code for this project is experimentally independently hosted, and it is expected that in future the main development will shift over to an independent site, maybe with mirrors on Github if it still exists in a viable form.
 
 Currently many of the repositories used for applications which are not yet packaged for Debian are on Github, and to provide some degree of resilliance against depending too much upon that copies of them also exist within disk images.
+* What are the data protection implications of running this system?
+Data protection laws such as [[https://en.wikipedia.org/wiki/General_Data_Protection_Regulation][GDPR]] in the EU or the [[https://en.wikipedia.org/wiki/Data_Protection_Act_1998][Data Protection Act]] in the UK usually only apply to formal organizations which are recognized as being legal entities. So you have to be running a business or a charity or some other formal organization in order for the storage of what's known as /personally identifying information/ to potentially become a legal issue. Laws like this usually include:
+
+ * A right to obtain your information
+ * A right to be forgotten (i.e. to have your data permanently deleted)
+ * Ensuring that stored personal data remains accurate
+
+If you're self-hosting then in the language of data protection law the "/data controller/" and the "/data subject/" are one and the same, so there isn't any power differential of that sort. Freedombone is only intended for small numbers of users, so if you are hosting more than one person chances are that you know the others quite well and can arrange to update their data or delete their account if that's needed. Even if data protection laws are later extended to include home server type scenarios it's unlikely that this will become a problem.
+
+For the mesh version similar applies. Each peer stores their own personal data and it never gets aggregated and stored in any centralized way.
 * After using nmap or other scanning tool I can no longer log in
 This system tries to block port scanners. Any other system trying to scan for open ports will have their IP address added to a temporary block list for 24 hours.
 * Should I upload my GPG keys to keybase.io?

doc/EN/homeserver.org

 You can now copy the image to the USB thumb drive, replacing *sdX* with the identifier of the USB thumb drive. Don't include any numbers (so for example use *sdc* instead of *sdc1*).
 
 #+begin_src bash
-dd if=/dev/zero of=/dev/sdX bs=1M count=8
-dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
+dd if=/dev/zero of=/dev/sdX bs=32M count=8
+dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use as a server, power on and set the BIOS to boot from the USB stick.
 
 Then select *About*. You'll see a list of sites and their onion addresses.
 
-#+attr_html: :width 80% :align center
+#+attr_html: :width 100% :align center
 [[file:images/controlpanel/control_panel_about.jpg]]
 
 The About screen contains the ssh server public key hashes and you can compare the relevant one with the previous terminal window to verify that they're the same. If they're not then you might have a /machine-in-the-middle/ snooping on you.

doc/EN/installation.org

 Then copy it to a microSD card. Depending on your system you may need an adaptor to be able to do that.
 
 #+BEGIN_SRC bash
-sudo dd bs=1M if=filename.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync
 #+END_SRC
 
 Where *sdX* is the microSD drive. You can check which drive is the microSD drive using:

doc/EN/mesh_capabilities.org

  - Private and public sharing of files
  - Blogging
  - Collaborative editing of documents and presentations
- - Creating and broadcasting audio media/podcasts
  - Social network stream. Follow/unfollow other peers
  - No network administration required
  - No servers

doc/EN/mesh_images.org

 wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.sig
 gpg --verify freedombone-meshclient-i386.img.xz.sig
 unxz freedombone-meshclient-i386.img.xz
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
 wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz.sig
 gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
 unxz freedombone-meshclient-insecure-i386.img.xz
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 ** Router images
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
 ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
 unxz freedombone-mesh_beaglebone-armhf.img.xz
-sudo dd bs=1M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
+sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
 You can now copy the image to the USB thumb drive, replacing *sdX* with the identifier of the USB thumb drive. Don't include any numbers (so for example use *sdc* instead of *sdc1*).
 
 #+begin_src bash
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use on the mesh, power on and set the BIOS to boot from the USB stick.

doc/EN/mobile.org

 #+attr_html: :width 80% :height 10% :align center
 [[file:images/logo.png]]
 
-* Mobile
-
 Mobile phones are insecure devices, but they're regarded as being so essential to modern life that telling people not to use them isn't a viable option. Here are some recommendations on setting up a mobile phone (aka "smartphone") to work with Freedombone.
 
-#+BEGIN_EXPORT html
- <center>
- <table style="width:80%; border:0">
-  <tr>
-    <td><center><b><h3>Open</h3></b><br>Use a free and open source operating system. Open means more trustworthy</center></td>
-    <td><center><b><h3>Remove</h3></b><br>If there are any proprietary apps then remove or deactivate them</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Encrypt</h3></b><br>Make sure your phone is encrypted with a password which isn't easy to guess</center></td>
-    <td><center><b><h3>Apps</h3></b><br>Use F-droid to install new apps</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Lock</h3></b><br>Enable a lock screen with a maximum number of password guesses</center></td>
-    <td><center><b><h3>Onion</h3></b><br>Onion route your connections to avoid bulk metadata collection</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Email</h3></b><br>Access webmail in a browser</center></td>
-    <td><center><b><h3>Services</h3></b><br>Connect to the Freedombone services</center></td>
-  </tr>
-  <tr>
-    <td><center><b><h3>Battery</h3></b><br>Avoid battery-eating apps and disable some optimisations</center></td>
-    <td><center><b><h3>Block</h3></b><br>Prevent access to know bad domains</center></td>
-  </tr>
-</table>
-</center>
-#+END_EXPORT
-
 * Open
 Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
 
 127.0.0.1       www.google-analytics.com
 127.0.0.1       google-analytics.com
 127.0.0.1       ssl.google-analytics.com
+127.0.0.1       telemetry.mozilla.org
+127.0.0.1       incoming.telemetry.mozilla.org
 #+end_src
 
 Then upload the hosts file back again with:

doc/EN/release3.org

 
 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
 #+END_SRC
 
 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.

doc/EN/release31.org

 
 #+BEGIN_SRC bash
 unxz downloadedimagefile.img.xz
-dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
 #+END_SRC
 
 And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.

doc/EN/socialinstance.org

 wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
 gpg --verify freedombone-pleroma-amd64.img.xz.sig
 unxz freedombone-pleroma-amd64.img.xz
-sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8
-sudo dd bs=1M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync
+sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
+sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync
 #+end_src
 
 Also note that if the laptop has a removable SSD drive it's possible to copy the image directly to that if you have enough equipment.

src/freedombone-addremove

             fi
         fi
         app_index=$((app_index+1))
+
     done
 
     # if no apps to be installed then don't do anything

src/freedombone-app-etherpad

 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+MINIMUM_RAM_MB=2000
 
 ETHERPAD_DOMAIN_NAME=
 ETHERPAD_CODE=

src/freedombone-app-gnusocial

 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 GNUSOCIAL_DOMAIN_NAME=
 GNUSOCIAL_CODE=
     fi
     kill_pid=$(pgrep "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
     kill -9 "$kill_pid"
+    pkill "$GNUSOCIAL_DOMAIN_NAME/htdocs/scripts/queuedaemon.php"
 
     if [ -d "/var/www/$GNUSOCIAL_DOMAIN_NAME" ]; then
         rm -rf "/var/www/$GNUSOCIAL_DOMAIN_NAME"
 }
 
 function install_gnusocial {
-    if [ ! "$ONION_ONLY" ]; then
-        ONION_ONLY='no'
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        return
     fi
 
     install_gnusocial_main
         sed -i 's|"theme":.*|"theme": "base16-apathy.css",|g' "/var/www/${GNUSOCIAL_DOMAIN_NAME}/htdocs/static/config.json"
     fi
 
-    # unleash the daemons!
+    # this has to be run as root initially, otherwise database tables
+    # don't get created
     cd "/var/www/$GNUSOCIAL_DOMAIN_NAME/htdocs" || exit 236482684
     php scripts/checkschema.php
+    sh scripts/startdaemons.sh
+
     /etc/cron.hourly/gnusocial-daemons
 
     systemctl restart nginx

src/freedombone-app-gogs

         echo $'No Tor installation found. Gogs onion site cannot be configured.'
         exit 877367
     fi
-    if ! grep -q "hidden_service_gogs" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_gogs" "$ONION_SERVICES_FILE"; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_gogs/';
           echo 'HiddenServiceVersion 3';
           echo "HiddenServicePort 80 127.0.0.1:${GIT_ONION_PORT}";
-          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 9418 127.0.0.1:9418"; } >> "$ONION_SERVICES_FILE"
         echo $'Added onion site for Gogs'
     fi
 

src/freedombone-app-hubzilla

 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 HUBZILLA_DOMAIN_NAME=
 HUBZILLA_CODE=

src/freedombone-app-jitsi

 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=0
+NOT_ON_ONION=1
 
 VIDEOBRIDGE_PORT=5347
 JITSI_ONION_PORT=8102

src/freedombone-app-keyserver

 
     chown debian-sks: $sksconf_file
 
-    if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_sks" "$ONION_SERVICES_FILE"; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/';
           echo 'HiddenServiceVersion 3';
           echo "HiddenServicePort 11370 127.0.0.1:11370";
           echo "HiddenServicePort 11373 127.0.0.1:11371";
-          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 11372 127.0.0.1:11372"; } >> "$ONION_SERVICES_FILE"
         echo $'Added onion site for sks'
     fi
 

src/freedombone-app-matrix

 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
+MINIMUM_RAM_MB=1500
 
 MATRIX_DOMAIN_NAME=
 MATRIX_CODE=
 
     #MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
     add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT}
-    echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> /etc/tor/torrc
+    echo "HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_FEDERATION_ONION_PORT}" >> "$ONION_SERVICES_FILE"
     systemctl restart tor
 
     if [ ! "${MATRIX_PASSWORD}" ]; then

src/freedombone-app-pleroma

 PLEROMA_PORT=4000
 PLEROMA_ONION_PORT=8011
 PLEROMA_REPO="https://git.pleroma.social/pleroma/pleroma.git"
-PLEROMA_COMMIT='e153b364a71de431787db236c57114f229162ddf'
+PLEROMA_COMMIT='762f6edc29a7a48e3a663e9bedec58e0036ff363'
 PLEROMA_ADMIN_PASSWORD=
 PLEROMA_DIR=/etc/pleroma
 PLEROMA_SECRET_KEY=""
                    MY_EMAIL_ADDRESS
                    MY_USERNAME)
 
+function pleroma_add_filtering {
+    if grep -q "# begin filtering" $pleroma_secret; then
+        return
+    fi
+    sed -i '/pbkdf2_rounds/a reject: []' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a federated_timeline_removal: [],' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a media_nsfw: [],' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a media_removal: [],' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a config :pleroma, :mrf_simple,' $pleroma_secret
+    sed -i '/pbkdf2_rounds/a # begin filtering' $pleroma_secret
+
+    sed -i 's|reject: |  reject: |g' $pleroma_secret
+    sed -i 's|federated_timeline_removal: |  federated_timeline_removal: |g' $pleroma_secret
+    sed -i 's|media_nsfw: |  media_nsfw: |g' $pleroma_secret
+    sed -i 's|media_removal: |  media_removal: |g' $pleroma_secret
+    create_pleroma_blocklist
+}
+
 function pleroma_enable_chat {
     if [[ "$1" == 't'* || "$1" == 'y'* || "$1" == 'T'* || "$1" == 'Y'* ]]; then
         sed -i 's|"chatDisabled":.*|"chatDisabled": false,|g' $PLEROMA_DIR/priv/static/static/config.json
       echo 'users_query="DELETE FROM users WHERE"';
       echo 'websub_server_subscriptions_query="DELETE FROM websub_server_subscriptions WHERE"';
       echo 'websub_server_subscriptions_updated=';
+      echo 'filter_str=';
       echo 'while read blocked; do';
       echo "    if [[ \"\$blocked\" == *\".\"* || \"\$blocked\" == *\"@\"* ]]; then";
       echo "        if [ \${#blocked} -gt 4 ]; then";
       echo "            users_query=\"\${users_query} nickname ilike '%\${blocked}%'\"";
       echo '            objects_updated=1';
       echo "            if [[ \"\$blocked\" != *\"@\"* ]]; then";
+      echo '                # Create a filter string for the pleroma configuration';
+      echo "                if [ \"\$filter_str\" ]; then";
+      echo "                    filter_str=\"\${filter_str}, \\\"\$blocked\\\"\"";
+      echo '                else';
+      echo "                    filter_str=\"\\\"\${blocked}\\\"\"";
+      echo '                fi';
+      echo '';
       echo "                if ! grep -q \"127.0.0.1  \$blocked\" /etc/hosts; then";
       echo "                    echo \"127.0.0.1  \$blocked\" >> /etc/hosts";
       echo '                fi';
       echo '    fi';
       echo 'done </root/freedombone-firewall-domains.cfg';
       echo '';
+      echo "if [ \"\$filter_str\" ]; then";
+      echo "    if ! grep -q \" \$filter_str \" $pleroma_secret; then";
+      echo "        sed -i \"s| media_removal:.*| media_removal: [ \$filter_str ],|g\" $pleroma_secret";
+      echo "        sed -i \"s| federated_timeline_removal:.*| federated_timeline_removal: [ \$filter_str ],|g\" $pleroma_secret";
+      echo "        sed -i \"s| reject:.*| reject: [ \$filter_str ]|g\" $pleroma_secret";
+      echo "        chown -R pleroma:pleroma $PLEROMA_DIR";
+      echo '        sudo -u pleroma mix clean';
+      echo '        sudo -u pleroma mix deps.compile';
+      echo '        sudo -u pleroma mix compile';
+      echo '        systemctl restart pleroma';
+      echo '    fi';
+      echo 'fi';
+      echo '';
       echo 'cd /etc/postgresql';
       echo "if [ \$objects_updated ]; then";
       echo "    sudo -u postgres psql -d pleroma -c \"\$objects_query\"";
             enablechatstr=$'Disable chat system'
         fi
 
+        pleromatorstr=$'Enable routing through Tor for onion addresses'
+        if grep -q '9050' $pleroma_secret; then
+            pleromatorstr=$'Disable routing through Tor'
+        fi
+
         W=(1 $"Set a background image"
            2 $"Set the title"
            3 $"Disable new account registrations"
            4 $"Add a custom emoji"
            5 $"Set post expiry period (currently $PLEROMA_EXPIRE_MONTHS months)"
-           6 "$enablechatstr")
+           6 "$enablechatstr"
+           7 "$pleromatorstr")
 
         # shellcheck disable=SC2068
-        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Pleroma" --menu $"Choose an operation, or ESC to exit:" 13 60 6 "${W[@]}" 3>&2 2>&1 1>&3)
+        selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Pleroma" --menu $"Choose an operation, or ESC to exit:" 14 60 7 "${W[@]}" 3>&2 2>&1 1>&3)
 
         if [ ! "$selection" ]; then
             break
                    pleroma_enable_chat true
                fi
                ;;
+            7) if grep -q '9050' $pleroma_secret; then
+                   pleroma_disable_tor
+               else
+                   pleroma_enable_tor
+               fi
+               ;;
         esac
     done
 }
 
+function pleroma_disable_tor {
+    if grep -q '9050' $pleroma_secret; then
+        sed -i '/9050/d' $pleroma_secret
+        sed -i 's|# config :pleroma, :http, proxy_url:|config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
+        pleroma_recompile
+    fi
+}
+
+function pleroma_enable_tor {
+    pleroma_tor_update=
+
+    if ! grep -q '{:socks5, :localhost, 9050}' $pleroma_secret; then
+        pleroma_tor_update=1
+    fi
+
+    if ! grep -q '# config :pleroma, :http, proxy_url:' $PLEROMA_DIR/config/config.exs; then
+        pleroma_tor_update=1
+    fi
+
+    if [ ! $pleroma_tor_update ]; then
+        return
+    fi
+
+    if ! grep -q '{:socks5, :localhost, 9050}' $pleroma_secret; then
+        sed -i '/9050/d' $pleroma_secret
+        sed -i '/url:/a config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}' $pleroma_secret
+    fi
+
+    if ! grep -q '# config :pleroma, :http, proxy_url:' $PLEROMA_DIR/config/config.exs; then
+        sed -i 's|config :pleroma, :http, proxy_url:|# config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
+    fi
+
+    pleroma_recompile
+}
+
 function upgrade_pleroma {
     read_config_param PLEROMA_DOMAIN_NAME
     read_config_param PLEROMA_EXPIRE_MONTHS
 
+    pleroma_add_filtering
+
     if ! grep -q "/media/" /etc/cron.daily/pleroma-expire; then
         rm $pleroma_expire_posts_script
     fi
         create_pleroma_blocklist
     fi
 
+    #pleroma_enable_tor
+
     CURR_PLEROMA_COMMIT=$(get_completion_param "pleroma commit")
     if [[ "$CURR_PLEROMA_COMMIT" == "$PLEROMA_COMMIT" ]]; then
         return
         pleroma_registrations=
     fi
 
+    pleroma_chat_enabled=1
+    if grep -q ':chat, enabled: false' $PLEROMA_DIR/config/config.exs; then
+        pleroma_chat_enabled=
+    fi
+
     # make a copy of the configuration
     cp $PLEROMA_DIR/priv/static/static/config.json $PLEROMA_DIR/priv/static/static/config_prev.json
 
         sed -i 's|registrations_open: True|registrations_open: false|g' $PLEROMA_DIR/config/config.exs
     fi
 
+    if [ ! $pleroma_chat_enabled ]; then
+        sed -i 's|config :pleroma, :chat.*|config :pleroma, :chat, enabled: false|g' $PLEROMA_DIR/config/config.exs
+    else
+        sed -i 's|config :pleroma, :chat.*|config :pleroma, :chat, enabled: true|g' $PLEROMA_DIR/config/config.exs
+    fi
+
     pleroma_recompile
 
     # migrate database
     sed -i 's|redirect_on_failure:.*|redirect_on_failure: false|g' $PLEROMA_DIR/config/config.exs
     sed -i 's|:chat, enabled:.*|:chat, enabled: false|g' $PLEROMA_DIR/config/config.exs
 
+    # onion routing
+    sed -i '/url:/a config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}' $pleroma_secret
+    sed -i 's|config :pleroma, :http, proxy_url:|# config :pleroma, :http, proxy_url:|g' $PLEROMA_DIR/config/config.exs
+
     # set registrations open initially
     sed -i 's|registrations_open:.*|registrations_open: true,|g' $PLEROMA_DIR/config/config.exs
     sed -i 's|"registrationOpen":.*|"registrationOpen": true,|g' $PLEROMA_DIR/priv/static/static/config.json
     fi
     sed -i 's|"chatDisabled":.*|"chatDisabled": true,|g' $PLEROMA_DIR/priv/static/static/config.json
 
+    pleroma_add_filtering
+
     systemctl daemon-reload
     systemctl enable pleroma
     systemctl start pleroma

src/freedombone-app-postactiv

 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 POSTACTIV_DOMAIN_NAME=
 POSTACTIV_CODE=
     domain_name=$1
 
     if [ -f "/var/www/${domain_name}/htdocs/static/logo.png" ]; then
-        if [ -f ~/freedombone/img/postactiv.png ]; then
-            cp ~/freedombone/img/postactiv.png "/var/www/${domain_name}/htdocs/static/logo.png"
+        if [ -f "$HOME/${PROJECT_NAME}/img/postactiv.png" ]; then
+            cp "$HOME/${PROJECT_NAME}/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
         else
-            if [ -f "/home/$MY_USERNAME/freedombone/img/postactiv.png" ]; then
-                cp "/home/$MY_USERNAME/freedombone/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
+            if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/postactiv.png" ]; then
+                cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/postactiv.png" "/var/www/${domain_name}/htdocs/static/logo.png"
             fi
         fi
     fi
     fi
     kill_pid=$(pgrep "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php" | head -n 1)
     kill -9 "$kill_pid"
+    pkill "$POSTACTIV_DOMAIN_NAME/htdocs/scripts/queuedaemon.php"
 
     if [ -d "/var/www/$POSTACTIV_DOMAIN_NAME" ]; then
         rm -rf "/var/www/$POSTACTIV_DOMAIN_NAME"
 }
 
 function install_postactiv {
-    if [ ! "$ONION_ONLY" ]; then
-        ONION_ONLY='no'
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        return
     fi
 
     install_postactiv_main
 
     expire_gnusocial_posts "$POSTACTIV_DOMAIN_NAME" "postactiv" "$POSTACTIV_EXPIRE_MONTHS"
 
-    # unleash the daemons!
+    # this has to be run as root initially, otherwise database tables
+    # don't get created
+    cd "/var/www/$POSTACTIV_DOMAIN_NAME/htdocs" || exit 3658254254
+    sh scripts/startdaemons.sh
+    php scripts/checkschema.php
+
     /etc/cron.hourly/postactiv-daemons
 
     systemctl restart nginx

src/freedombone-app-riot

 
 IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
 
 RIOT_VERSION='0.13.3'
 RIOT_FILENAME="riot-v${RIOT_VERSION}"

src/freedombone-app-scuttlebot

 }
 
 function mesh_install_scuttlebot {
+    #shellcheck disable=SC2153
     if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
         return
     fi

src/freedombone-app-searx

 SEARX_REPO="https://github.com/asciimoo/searx"
 SEARX_COMMIT='80460be8f69cea5f15c9d5ddbb63e4e48fde2dd0'
 SEARX_PATH=/etc
+SEARX_PORT=8888
 SEARX_ONION_PORT=8094
 SEARX_ONION_HOSTNAME=
 SEARX_LOGIN_TEXT=$"Search engine login"
 }
 
 function searx_set_default_background {
-    if [ -f ~/freedombone/img/backgrounds/searx.jpg ]; then
-        cp ~/freedombone/img/backgrounds/searx.jpg /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
+    if [ -f "$HOME/${PROJECT_NAME}/img/backgrounds/searx.jpg" ]; then
+        cp "$HOME/${PROJECT_NAME}/img/backgrounds/searx.jpg" /etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg
         chown -R searx:searx ${SEARX_PATH}/searx
     else
-        if [ -f "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" ]; then
-            cp "/home/$MY_USERNAME/freedombone/img/backgrounds/searx.jpg" "/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg"
+        if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/img/backgrounds/searx.jpg" ]; then
+            cp "/home/$MY_USERNAME/${PROJECT_NAME}/img/backgrounds/searx.jpg" "/etc/searx/searx/static/themes/courgette/img/bg-body-index.jpg"
             chown -R searx:searx ${SEARX_PATH}/searx
         fi
     fi
       echo '    language : "all"';
       echo '';
       echo 'server:';
-      echo '    port : 8888';
+      echo "    port : ${SEARX_PORT}";
       echo '    bind_address : "127.0.0.1" # address to listen on';
       echo "    secret_key : \"${SEARX_SECRET_KEY}\"";
       echo "    base_url : http://${SEARX_ONION_HOSTNAME}/";
     set_completion_param "searx commit" "$SEARX_COMMIT"
 
     # create an onion service
+    USE_V2_ONION_ADDRESS=1
     SEARX_ONION_HOSTNAME=$(add_onion_service searx 80 ${SEARX_ONION_PORT})
 
     # an unprivileged user to run as
       echo '    location / {'; } >> /etc/nginx/sites-available/searx
     function_check nginx_limits
     nginx_limits searx '1M'
-    { echo '        proxy_pass http://localhost:8888;';
+    { echo "        proxy_pass http://localhost:${SEARX_PORT};";
       echo "        #auth_basic \"${SEARX_LOGIN_TEXT}\";";
       echo '        #auth_basic_user_file /etc/nginx/.htpasswd;';
       echo '    }';

src/freedombone-app-tox

 
 # upstream is https://github.com/TokTok/c-toxcore
 TOXCORE_REPO="https://github.com/bashrc/toxcore"
-TOXCORE_COMMIT='987ad5eac173442d6ad2d5cd80c2da763a815a9a'
+TOXCORE_COMMIT='7d399cedcfd20f0d91a8caf386ae3c63f4dcf285'
 
 TOXID_REPO="https://github.com/bashrc/toxid"
 TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
 #  '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
 #)
 TOXIC_REPO="https://github.com/Tox/toxic"
-TOXIC_COMMIT='5cc83a7cb584886d90d7da15e8398215fed0d315'
+TOXIC_COMMIT='68ce17a57fd05599968a299e5dc516e183ebcf75'
 TOXIC_FILE=/usr/local/bin/toxic
 
 QTOX_REPO="https://github.com/bashrc/qTox"
     if [[ $(commit_has_changed "$INSTALL_DIR/toxcore" "toxcore commit" "$TOXCORE_COMMIT") == "1" ]]; then
         cd "$INSTALL_DIR/toxcore" || exit 53683563
         sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
-        autoreconf -i
-        ./configure --enable-daemon
+        ./autogen.sh
+        if [ ! -d "$INSTALL_DIR/toxcore/_build" ]; then
+            mkdir "$INSTALL_DIR/toxcore/_build"
+        fi
+        cd "$INSTALL_DIR/toxcore/_build" || return
+        cmake ..
         make
         make install
         systemctl daemon-reload
 }
 
 function mesh_tox_node {
+    SECONDS=0
     # obtain commits from the main file
     TOXCORE_COMMIT_MAIN=$(grep "TOXCORE_COMMIT=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox" | head -n 1 | awk -F "'" '{print $2}')
     if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
         chroot "${rootdir}" apt-get -yq install automake checkinstall check git yasm
         chroot "${rootdir}" apt-get -yq install libsodium18 libsodium-dev libcap2-bin
         chroot "${rootdir}" apt-get -yq install libconfig9 libconfig-dev autoconf
-        chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev
+        chroot "${rootdir}" apt-get -yq install libopus-dev libvpx-dev cmake
     else
         apt-get -yq install build-essential libtool autotools-dev
         apt-get -yq install automake checkinstall check git yasm
         apt-get -yq install libsodium18 libsodium-dev libcap2-bin
         apt-get -yq install libconfig9 libconfig-dev autoconf
-        apt-get -yq install libopus-dev libvpx-dev
+        apt-get -yq install libopus-dev libvpx-dev cmake
     fi
 
     if [ ! -d "${rootdir}${INSTALL_DIR}" ]; then
     if [ "${rootdir}" ]; then
         chroot "${rootdir}" /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxcore
-autoreconf -i
-./configure --enable-daemon
+./autogen.sh
+mkdir _build
+cd _build || exit 1
+cmake ..
 make
 make install
 EOF
     else
         /bin/bash -x <<EOF
 cd ${INSTALL_DIR}/toxcore
-autoreconf -i
-./configure --enable-daemon
+./autogen.sh
+mkdir _build
+cd _build || exit 1
+cmake ..
 make
 make install
 EOF
     fi
 
     # shellcheck disable=SC2086
-    cp $rootdir/usr/local/lib/libtoxcore* "$rootdir/usr/lib/"
+    cp -l $rootdir/usr/local/lib/libtoxcore* "$rootdir/usr/lib/"
     cp "${rootdir}${INSTALL_DIR}/toxcore/other/bootstrap_daemon/tox-bootstrapd.service" "$rootdir/etc/systemd/system/"
     sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' "$rootdir/etc/systemd/system/tox-bootstrapd.service"
     if [ "${rootdir}" ]; then
         systemctl enable tox-bootstrapd.service
     fi
 
-    SECONDS=0
     if [ ! -f "$rootdir/usr/local/bin/tox-bootstrapd" ]; then
         duration=$SECONDS
         echo $"Toxcore compile failed at $((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
     if [ "${rootdir}" ]; then
         chroot "${rootdir}" apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
         chroot "${rootdir}" apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
-        chroot "${rootdir}" apt-get -yq install libqrencode-dev
+        chroot "${rootdir}" apt-get -yq install libqrencode-dev libpng-dev libncurses5-dev libalut-dev
+        chroot "${rootdir}" apt-get -yq install libnotify-dev python3-dev
+        toxic_disable_notify=0
     else
         apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
         apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
-        apt-get -yq install libqrencode-dev
+        apt-get -yq install libqrencode-dev libpng-dev libncurses5-dev libalut-dev python3-dev
+        toxic_disable_notify=1
     fi
 
     TEMP_SCRIPT_NAME=fbtmp728353.sh
       echo 'fi';
       echo "cd $INSTALL_DIR/toxic";
       echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT";
-      echo 'make';
-      echo 'if [ ! "$?" = "0" ]; then';
+      echo "export DISABLE_DESKTOP_NOTIFY=$toxic_disable_notify";
+      echo "export DISABLE_AV=$toxic_disable_notify";
+      echo "export DISABLE_X11=$toxic_disable_notify";
+      echo "export DISABLE_SOUND_NOTIFY=$toxic_disable_notify";
+      echo 'if ! make; then';
       echo '    exit 1';
       echo 'fi';
       echo 'make install';

src/freedombone-app-xmpp

 # From https://hg.prosody.im/prosody-modules
 prosody_modules_filename='prosody-modules-20180322.tar.gz'
 prosody_modules_hash='982d0dfcef98e9cb9cee4cc3801b8ce9a503a32e44c32b99df6fe94545b90072'
+xmpp_encryption_warning=$"For security reasons, OMEMO or PGP encryption is required for conversations on this server."
 
 xmpp_variables=(ONION_ONLY
                 INSTALLED_WITHIN_DOCKER
                 DEFAULT_DOMAIN_NAME
                 XMPP_DOMAIN_CODE)
 
+function xmpp_update_e2e_policy {
+    filename="$1"
+
+    read_config_param DEFAULT_DOMAIN_NAME
+    read_config_param ONION_ONLY
+
+    if ! grep -q "e2e_policy_muc" "$filename"; then
+        echo "e2e_policy_muc = \"none\"" >> "$filename"
+    else
+        sed -i 's|e2e_policy_muc.*|e2e_policy_muc = "none"|g' "$filename"
+    fi
+    if ! grep -q "e2e_policy_chat" "$filename"; then
+        echo "e2e_policy_chat = \"required\"" >> "$filename"
+    else
+        sed -i 's|e2e_policy_chat.*|e2e_policy_chat = "required"|g' "$filename"
+    fi
+    if ! grep -q "e2e_policy_message_required_chat" "$filename"; then
+        echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"" >> "$filename"
+    else
+        sed -i "s|e2e_policy_message_required_chat.*|e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"|g" "$filename"
+    fi
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        XMPP_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_xmpp/hostname)
+        sed -i "s|VirtualHost \".*.onion.*|VirtualHost \"${XMPP_ONION_HOSTNAME}\"|g" "$filename"
+        # TLS is not strictly needed for onion transport security
+        sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' "$filename"
+        sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' "$filename"
+    fi
+}
+
 function logging_on_xmpp {
     if [ -d /etc/prosody ]; then
         if [ ! -d /var/log/prosody ]; then
 
     if [ ! -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
         # Obtain the modules
-        if [ -f ~/freedombone/image_build/$prosody_modules_filename ]; then
-            cp ~/freedombone/image_build/$prosody_modules_filename "$INSTALL_DIR"
+        if [ -f "$HOME/${PROJECT_NAME}/image_build/$prosody_modules_filename" ]; then
+            cp "$HOME/${PROJECT_NAME}/image_build/$prosody_modules_filename" "$INSTALL_DIR"
         else
-            if [ -f "/home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename" ]; then
-                cp "/home/$MY_USERNAME/freedombone/image_build/$prosody_modules_filename" "$INSTALL_DIR"
+            if [ -f "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/$prosody_modules_filename" ]; then
+                cp "/home/$MY_USERNAME/${PROJECT_NAME}/image_build/$prosody_modules_filename" "$INSTALL_DIR"
             fi
         fi
 
             usermod -a -G ssl-cert prosody
         fi
     fi
+
+    xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
+    xmpp_update_e2e_policy /etc/prosody/prosody.cfg.lua
+
     prosody_daemon_restart_script
     function_check update_prosody_modules
     update_prosody_modules
 
     function_check remove_onion_service
     remove_onion_service xmpp 5222 5223 5269
-    sed -i '/HiddenServiceVersion 2/d' /etc/tor/torrc
+    sed -i '/HiddenServiceVersion 2/d' "$ONION_SERVICES_FILE"
 
     apt-mark -q unhold prosody
     apt-get -yq remove --purge prosody
     else
         echo "    dhparam = \"/etc/ssl/certs/xmpp.dhparam\";" >> /etc/prosody/prosody.cfg.lua
     fi
+
     { echo '}';
       echo '';
       echo 'c2s_require_encryption = true';
       echo 's2s_require_encryption = true';
       echo '';
+      echo 'e2e_policy_muc = "none"';
+      echo 'e2e_policy_chat = "required"';
+      echo "e2e_policy_message_required_chat = \"$xmpp_encryption_warning\"";
+      echo '';
       echo 's2s_secure_auth = false';
       echo '';
       echo 'authentication = "internal_hashed"';
       echo ''; } >> /etc/prosody/prosody.cfg.lua
     if [[ "$ONION_ONLY" != 'no' ]]; then
         echo "VirtualHost \"${XMPP_ONION_HOSTNAME}\"" >> /etc/prosody/prosody.cfg.lua
+        # TLS is not needed for onion transport security
+        sed -i 's|s2s_require_encryption =.*|s2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
+        sed -i 's|c2s_require_encryption =.*|c2s_require_encryption = false|g' /etc/prosody/prosody.cfg.lua
     else
         echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
     fi
     else
         sed -i 's|s2s_require_encryption.*|s2s_require_encryption = true|g' /etc/prosody/conf.avail/xmpp.cfg.lua
     fi
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        sed -i 's|c2s_require_encryption.*|c2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+        sed -i 's|s2s_require_encryption.*|s2s_require_encryption = false|g' /etc/prosody/conf.avail/xmpp.cfg.lua
+    fi
+
+    xmpp_update_e2e_policy /etc/prosody/conf.avail/xmpp.cfg.lua
+
     if ! grep -q "allow_unencrypted_plain_auth" /etc/prosody/conf.avail/xmpp.cfg.lua; then
         echo 'allow_unencrypted_plain_auth = false' >> /etc/prosody/conf.avail/xmpp.cfg.lua
     else
         echo $'No Tor installation found. xmpp onion site cannot be configured.'
         exit 877367
     fi
-    if ! grep -q "hidden_service_xmpp" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_xmpp" "$ONION_SERVICES_FILE"; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_xmpp/';
           echo 'HiddenServiceVersion 2';
           echo "HiddenServicePort 5222 127.0.0.1:5222";
-          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> /etc/tor/torrc
+          echo "HiddenServicePort 5269 127.0.0.1:5269"; } >> "$ONION_SERVICES_FILE"
         echo $'Added onion site for xmpp chat'
     fi
 

src/freedombone-base-email

 
 function create_email_onion_address {
     email_hostname='/var/lib/tor/hidden_service_email/hostname'
-    if ! grep -q "hidden_service_email" /etc/tor/torrc; then
+    if ! grep -q "hidden_service_email" $ONION_SERVICES_FILE; then
         { echo 'HiddenServiceDir /var/lib/tor/hidden_service_email/';
           echo 'HiddenServiceVersion 3';
           echo 'HiddenServicePort 25 127.0.0.1:25';
           echo 'HiddenServicePort 587 127.0.0.1:587';
-          echo 'HiddenServicePort 465 127.0.0.1:465'; } >> /etc/tor/torrc
+          echo 'HiddenServicePort 465 127.0.0.1:465'; } >> $ONION_SERVICES_FILE
 
         function_check onion_update
         onion_update
       echo "  hosts_avoid_tls = *";
       echo "  socks_proxy = 127.0.0.1 port=9050"; } > /etc/exim4/conf.d/transport/050_exim4-config_onion_relay
 
-    if ! grep -q "AutomapHostsOnResolve" /etc/tor/torrc; then
-        echo 'AutomapHostsOnResolve 1' >> /etc/tor/torrc
-    else
-        sed -i 's|#AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
-        sed -i 's|AutomapHostsOnResolve.*|AutomapHostsOnResolve 1|g' /etc/tor/torrc
-    fi
-
-    if ! grep -q "DNSPort " /etc/tor/torrc; then
-        echo 'DNSPort 5300' >> /etc/tor/torrc
-    else
-        sed -i 's|#DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
-        sed -i 's|DNSPort .*|DNSPort 5300|g' /etc/tor/torrc
-    fi
-
-    if ! grep -q "DNSListenAddress" /etc/tor/torrc; then
-        echo 'DNSListenAddress 127.0.0.1' >> /etc/tor/torrc
-    else
-        sed -i 's|#DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
-        sed -i 's|DNSListenAddress.*|DNSListenAddress 127.0.0.1|g' /etc/tor/torrc
-    fi
+    { echo 'DNSPort 5300';
+      echo 'DNSListenAddress 127.0.0.1';
+      echo 'AutomapHostsOnResolve 1'; } > /etc/torrc.d/dns
 
     update-exim4.conf.template -r
     update-exim4.conf

src/freedombone-config

     echo ''
     echo ''
     echo $'  -h --help                         Show help'
-    echo $'  -f --filename                     Configuration file (usually freedombone.cfg)'
+    echo $"  -f --filename                     Configuration file (usually ${PROJECT_NAME}.cfg)"
     echo $'  -m --min                          Minimum password length (characters)'
     echo $'  -w --www                          Freedombone web site'
     echo $'  -o --onion [yes|no]               Whether to only create .onion sites'

src/freedombone-controlpanel

 function show_domains {
     read_config_param "DEFAULT_DOMAIN_NAME"
 
-    W=()
+    while true
+    do
+        W=()
 
-    W+=("IPv4" "$(get_ipv4_address) / $(get_external_ipv4_address)")
-    ipv6_address="$(get_ipv6_address)"
-    if [ ${#ipv6_address} -gt 0 ]; then
-        W+=("IPv6" "${ipv6_address}")
-    fi
+        W+=("IPv4" "$(get_ipv4_address) / $(get_external_ipv4_address)")
+        ipv6_address="$(get_ipv6_address)"
+        if [ ${#ipv6_address} -gt 0 ]; then
+            W+=("IPv6" "${ipv6_address}")
+        fi
 
+        if [ -f /etc/ssh/ssh_host_rsa_key.pub ]; then
+            W+=("ssh rsa sha256" "$(awk '{print $2}' /etc/ssh/ssh_host_rsa_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 | sed 's|=||g')")
+        fi
+        if [ -f /etc/ssh/ssh_host_ed25519_key.pub ]; then
+            W+=("ssh ed25519 sha256" "$(awk '{print $2}' /etc/ssh/ssh_host_ed25519_key.pub | base64 -d | sha256sum -b | awk '{print $1}' | xxd -r -p | base64 | sed 's|=||g')")
+        fi
 
-    if grep -q "ssh onion domain" "$COMPLETION_FILE"; then
-        domain_onion=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
-        W+=("ssh" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
-    fi
-    if grep -q "email onion domain" "$COMPLETION_FILE"; then
-        domain_onion=$(grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
-        W+=("Email" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
-    fi
-    if grep -q "sks onion domain" "$COMPLETION_FILE"; then
-        read_config_param "KEYSERVER_DOMAIN_NAME"
-        domain_onion=$(grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
-        W+=("SKS" "${KEYSERVER_DOMAIN_NAME} / ${domain_onion}")
-    fi
+        if grep -q "ssh onion domain" "$COMPLETION_FILE"; then
+            domain_onion=$(grep 'ssh onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
+            W+=("ssh" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
+        fi
+        if grep -q "email onion domain" "$COMPLETION_FILE"; then
+            domain_onion=$(grep 'email onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
+            W+=("Email" "${DEFAULT_DOMAIN_NAME} / ${domain_onion}")
+        fi
+        if grep -q "sks onion domain" "$COMPLETION_FILE"; then
+            read_config_param "KEYSERVER_DOMAIN_NAME"
+            domain_onion=$(grep 'sks onion domain' "${COMPLETION_FILE}" | awk -F ':' '{print $2}')
+            W+=("SKS" "${KEYSERVER_DOMAIN_NAME} / ${domain_onion}")
+        fi
 
-    INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
-    if [ -f $INTRODUCER_FILENAME ]; then
-        W+=("Tahoe-LAFS" "$(cat $INTRODUCER_FILENAME)")
-    fi
+        INTRODUCER_FILENAME=/home/tahoelafs/data/private/introducer.furl
+        if [ -f $INTRODUCER_FILENAME ]; then
+            W+=("Tahoe-LAFS" "$(cat $INTRODUCER_FILENAME)")
+        fi
 
-    show_tor_bridges
+        show_tor_bridges
 
-    # shellcheck disable=SC2068
-    for app_name in ${APPS_INSTALLED_NAMES[@]}
-    do
-        if ! grep -q "SHOW_ON_ABOUT=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
-            continue
-        fi
+        # shellcheck disable=SC2068
+        for app_name in ${APPS_INSTALLED_NAMES[@]}
+        do
+            if ! grep -q "SHOW_ON_ABOUT=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
+                continue
+            fi
 
-        # handle the foibles of capitalisation
-        if ! grep -q "${app_name} domain" "$COMPLETION_FILE"; then
-            app_name_upper=$(echo "${app_name}" | awk '{print toupper($0)}')
-            if grep -q "${app_name_upper} domain" "$COMPLETION_FILE"; then
-                app_name=${app_name_upper}
-            else
-                app_name_first_upper="$(tr '[:lower:]' '[:upper:]' <<< "${app_name:0:1}")${app_name:1}"
-                if grep -q "${app_name_first_upper} domain" "$COMPLETION_FILE"; then
-                    app_name=${app_name_first_upper}
+            # handle the foibles of capitalisation
+            if ! grep -q "${app_name} domain" "$COMPLETION_FILE"; then
+                app_name_upper=$(echo "${app_name}" | awk '{print toupper($0)}')
+                if grep -q "${app_name_upper} domain" "$COMPLETION_FILE"; then
+                    app_name=${app_name_upper}
+                else
+                    app_name_first_upper="$(tr '[:lower:]' '[:upper:]' <<< "${app_name:0:1}")${app_name:1}"
+                    if grep -q "${app_name_first_upper} domain" "$COMPLETION_FILE"; then
+                        app_name=${app_name_first_upper}
+                    fi
                 fi
             fi
-        fi
 
-        if [ ${#app_name} -gt 0 ]; then
-            icann_address=$(get_app_icann_address "$app_name")
-            if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
-                icann_address='-'
-            fi
-            if [[ "$ONION_ONLY" != 'no' ]]; then
-                if [[ "${icann_address}" != "${LOCAL_NAME}.local" ]]; then
+            if [ ${#app_name} -gt 0 ]; then
+                icann_address=$(get_app_icann_address "$app_name")
+                if grep -q "SHOW_ICANN_ADDRESS_ON_ABOUT=0" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
                     icann_address='-'
                 fi
-            fi
-            onion_address=$(get_app_onion_address "$app_name")
-            if [ ${#onion_address} -eq 0 ]; then
-                onion_address="-"
-            fi
-
-            if [[ "${icann_address}" != '-' ]]; then
-                if [[ "${onion_address}" != '-' ]]; then
-                    W+=("${app_name}" "${icann_address} / ${onion_address}")
-                else
-                    W+=("${app_name}" "${icann_address}")
+                if [[ "$ONION_ONLY" != 'no' ]]; then
+                    if [[ "${icann_address}" != "${LOCAL_NAME}.local" ]]; then
+                        icann_address='-'
+                    fi
+                fi
+                onion_address=$(get_app_onion_address "$app_name")
+                if [ ${#onion_address} -eq 0 ]; then
+                    onion_address="-"
                 fi
-            else
-                W+=("${app_name}" "${onion_address}")
-            fi
 
-            if grep -q "mobile${app_name} onion domain" "$COMPLETION_FILE"; then
-                onion_address=$(get_app_onion_address "${app_name}" "mobile")
                 if [[ "${icann_address}" != '-' ]]; then
-                    W+=("${app_name} (mobile)" "${icann_address} / ${onion_address}")
+                    if [[ "${onion_address}" != '-' ]]; then
+                        W+=("${app_name}" "${icann_address} / ${onion_address}")
+                    else
+                        W+=("${app_name}" "${icann_address}")
+                    fi
                 else
-                    W+=("${app_name} (mobile)" "${onion_address}")
+                    W+=("${app_name}" "${onion_address}")
+                fi
+
+                if grep -q "mobile${app_name} onion domain" "$COMPLETION_FILE"; then
+                    onion_address=$(get_app_onion_address "${app_name}" "mobile")
+                    if [[ "${icann_address}" != '-' ]]; then
+                        W+=("${app_name} (mobile)" "${icann_address} / ${onion_address}")
+                    else
+                        W+=("${app_name} (mobile)" "${onion_address}")
+                    fi
                 fi
             fi
-        fi
-    done
+        done
 
-    if grep -q "rss reader domain" "$COMPLETION_FILE"; then
-        if [ -d /var/lib/tor/hidden_service_ttrss ]; then
-            domain_onion=$(cat /var/lib/tor/hidden_service_ttrss/hostname)
-            W+=("RSS Reader" "${domain_onion}")
-        fi
-        if [ -d /var/lib/tor/hidden_service_mobilerss ]; then
-            domain_onion=$(cat /var/lib/tor/hidden_service_mobilerss/hostname)
-            W+=("RSS mobile" "${domain_onion}")
+        if grep -q "rss reader domain" "$COMPLETION_FILE"; then
+            if [ -d /var/lib/tor/hidden_service_ttrss ]; then
+                domain_onion=$(cat /var/lib/tor/hidden_service_ttrss/hostname)
+                W+=("RSS Reader" "${domain_onion}")
+            fi
+            if [ -d /var/lib/tor/hidden_service_mobilerss ]; then
+                domain_onion=$(cat /var/lib/tor/hidden_service_mobilerss/hostname)
+                W+=("RSS mobile" "${domain_onion}")
+            fi
         fi
-    fi
 
-    width=$(tput cols)
-    height=$(tput lines)
+        width=$(tput cols)
+        height=$(tput lines)
 
-    # shellcheck disable=SC2068
-    dialog --backtitle $"Freedombone Control Panel" --title $"Domains" --menu $"Use Shift+cursors to select and copy onion addresses" $((height-4)) $((width-4)) $((height-4)) "${W[@]}" 3>&2 2>&1 1>&3
+        # shellcheck disable=SC2068
+        selected=$(dialog --backtitle $"Freedombone Control Panel" --title $"Domains" --menu $"Use Shift+cursors to select and copy onion addresses" $((height-4)) $((width-4)) $((height-4)) "${W[@]}" 3>&2 2>&1 1>&3)
+        if [ ! "$selected" ]; then
+            break
+        fi
+        # obtain the addresses from the key by itterating through
+        # the array. This is quite crude and maybe there's a better way
+        key_found=
+        selected_addresses=
+        for key in "${W[@]}";
+        do
+            if [ $key_found ]; then
+                selected_addresses="$key"
+                break
+            fi
+            if [[ "$key" == "$selected" ]]; then
+                key_found=1
+            fi
+        done
+        # Was the key matched?
+        if [ ! "$selected_addresses" ]; then
+            break
+        fi
+        # addresses were found - is this an onion?
+        if [[ "$selected_addresses" != *".onion"* ]]; then
+            continue
+        fi
+        # There are two forms of addresses: "x / y.onion" and "x.onion"
+        if [[ "$selected_addresses" == *'/'* ]]; then
+            onion_addr=$(echo "$selected_addresses" | awk -F '/' '{print $2}' | awk -F ' ' '{print $1}')
+        else
+            onion_addr="$selected_addresses"
+        fi
+        # show the onion address as a QR code
+        clear
+        echo "${selected}: ${onion_addr}"
+        echo -n "$onion_addr" | qrencode -t UTF8
+        any_key
+    done
 }
 
 function show_users {
     echo ''
 }
 
-function show_ip_addresses {
-    echo $'IP/DNS addresses'
-    echo '================'
-    echo ''
-    echo -n "IPv4: $(get_ipv4_address)/$(get_external_ipv4_address)"
-    ipv6_address="$(get_ipv6_address)"
-    if [ ${#ipv6_address} -gt 0 ]; then
-        echo "    IPv6: ${ipv6_address}"
-    fi
-    echo ''
-    echo ''
-}
-
-function show_ssh_public_key {
-    echo $'SSH Public Keys'
-    echo '==============='
-    echo ''
-    get_ssh_server_key
-    echo ''
-    echo ''
-}
-
 function show_about {
     detect_apps
     get_apps_installed_names
-
-    #clear
-    #echo "==== ${PROJECT_NAME} version ${VERSION} ($DEBIAN_VERSION) ===="
-    #echo ''
-    #show_ip_addresses
-    #show_ssh_public_key
     show_domains
-    #show_users
-    #any_key
 }
 
 function select_user {
     "${PROJECT_NAME}-wifi" --disable $disable_wifi
 }
 
+function performance_benchmarks {
+    clear
+
+    if [ ! -f /sbin/hdparm ]; then
+        apt-get -yq install hdparm
+    fi
+
+    test_drive=/dev/sda1
+    if ! ls $test_drive; then
+        if ls /dev/mmcblk0p2; then
+            test_drive=/dev/mmcblk0p2
+        else
+            return
+        fi
+    fi
+    clear
+    echo ''
+    echo $"Testing read speed of drive $test_drive"
+    hdparm -tT $test_drive
+    any_key
+}
+
 function add_clacks {
     clacks=
 
            12 $"Wifi menu"
            13 $"Add Clacks"
            14 $"Check for updates"
-           15 $"Power off the system"
-           16 $"Restart the system")
+           15 $"Performance Benchmarks"
+           16 $"Power off the system"
+           17 $"Restart the system")
 
         # shellcheck disable=SC2068
         selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 24 60 24 "${W[@]}" 3>&2 2>&1 1>&3)
             12) menu_wifi;;
             13) add_clacks;;
             14) check_for_updates;;
-            15) shut_down_system;;
-            16) restart_system;;
+            15) performance_benchmarks;;
+            16) shut_down_system;;
+            17) restart_system;;
         esac
     done
 }

src/freedombone-controlpanel-user

     dialog --title $"My PGP/GPG Key" \
            --backtitle $"Freedombone User Control Panel" \
            --msgbox $"Email Address: $MY_EMAIL_ADDRESS\\n\\nKey ID: $GPG_ID\\n\\nFingerprint: $GPG_FINGERPRINT\\n\\nCreated: $GPG_DATE" 12 70
+    clear
+    echo $"Your GPG/PGP public key:"
+    gpg --armor --export "$GPG_ID" | qrencode -t UTF8
+    any_key
 }
 
 function show_full_gpg_key {

src/freedombone-image

 USERNAME="$USER"
 PASSWORD=
 
+CONTINUOUS_INTEGRATION=
+
 # IP address of the router (gateway)
 ROUTER_IP_ADDRESS="192.168.1.254"
 
 MBR_REPO="https://aur.archlinux.org/mbr.git"
 CLIAPP_REPO="git://git.liw.fi/cliapp"
 
+# Whether to use a SATA drive and if so what its device/partition name is
+# eg. sda2
+EXTERNAL_DRIVE=
+
 function image_setup {
     setup_type=$1
 
             cd "$USERHOME/develop/multipath-tools" || exit 27462454
             makepkg --force --noconfirm
             makepkg -i --force --noconfirm
-            sudo wget "https://raw.githubusercontent.com/bashrc/freedombone/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
+            sudo wget "https://raw.githubusercontent.com/bashrc/${PROJECT_NAME}/master/image_build/debootstrap/scripts/${DEBIAN_VERSION}" -O /usr/share/debootstrap/scripts/debscript
             sudo cp -f "/usr/share/debootstrap/scripts/debscript" "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}"
             if [ ! -f "/usr/share/debootstrap/scripts/${DEBIAN_VERSION}" ]; then
                 echo $"No debian debootstrap script was found for $DEBIAN_VERSION"
             shift
             INTERACTIVE="$1"
             ;;
+        --ci)
+            shift
+            CONTINUOUS_INTEGRATION="$1"
+            ;;
         -g|--generic)
             shift
             GENERIC_IMAGE="$1"
             shift
             LOCAL_NAME="$1"
             ;;
+        --sata|--hdd)
+            shift
+            EXTERNAL_DRIVE="$1"
+            ;;
         *)
             # unknown option
             ;;
     IMAGE_NAME=$'onion'
 fi
 
+if [ "$EXTERNAL_DRIVE" ]; then
+    IMAGE_NAME=$'sata'
+fi
+
 if [[ $VARIANT == 'mesh' ]]; then
     IMAGE_NAME=$'mesh'
     # typically not much disk space is needed for a mesh node
      INSECURE="$INSECURE" \
      AMNESIC="$AMNESIC" \
      SOCIALINSTANCE="$SOCIALINSTANCE" \
+     EXTERNAL_DRIVE="$EXTERNAL_DRIVE" \
+     CONTINUOUS_INTEGRATION="$CONTINUOUS_INTEGRATION" \
      LOCAL_NAME="$LOCAL_NAME"
 
 # shellcheck disable=SC2181
 for im in ${image_types[@]}
 do
     # shellcheck disable=SC2012,SC2086
-    no_of_files=$(ls -afq build/${PROJECT_NAME}*.${im} | wc -l)
-    if (( no_of_files > 0 )); then
+    no_of_files=$(ls -l build/${PROJECT_NAME}*.${im} | wc -l)
+    if [ "$no_of_files" -gt 0 ]; then
         # shellcheck disable=SC2086
         mv build/${PROJECT_NAME}*.${im} ${CURR_DIR}/
         # shellcheck disable=SC2086
     fi
     echo ''
     echo "    unxz -k ${PROJECT_NAME}*.img.xz"
-    echo '    sudo dd if=/dev/zero of=/dev/sdX bs=1M count=8'
-    echo "    sudo dd bs=1M if=${PROJECT_NAME}*.img of=/dev/sdX conv=fdatasync"
+    echo '    sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8'
+    echo "    sudo dd bs=32M if=${PROJECT_NAME}*.img of=/dev/sdX conv=fdatasync"
     echo ''
 fi
 

src/freedombone-image-customise

 BMX7_REPO="https://github.com/bmx-routing/bmx7"
 BMX7_COMMIT='0a82c7c10fef44b259b35e77ab33632aa132d219'
 
+CONTINUOUS_INTEGRATION=
+
 PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
 
+# Whether to use a SATA drive and if so what its device/partition name is
+# eg. sda2
+EXTERNAL_DRIVE=
+
 configure_backports() {
     echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> "$rootdir/etc/apt/sources.list"
 }
       echo "                    echo 'User=root' >> /etc/systemd/system/wifistart.service";
       echo "                    echo 'Group=root' >> /etc/systemd/system/wifistart.service";
       echo "                    echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service";
-      echo "                    echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service";
+      echo "                    echo 'ExecStart=/usr/local/bin/${PROJECT_NAME}-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service";
       echo "                    echo '' >> /etc/systemd/system/wifistart.service";
       echo "                    echo '[Install]' >> /etc/systemd/system/wifistart.service";
       echo "                    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service";
 }
 
 atheros_wifi() {
-    chroot "$rootdir" dpkg -i /root/freedombone/drivers/firmware-ath9k-htc.deb
+    chroot "$rootdir" dpkg -i /root/${PROJECT_NAME}/drivers/firmware-ath9k-htc.deb
     chroot "$rootdir" apt-get -yq install firmware-linux-free
 }
 
             echo 'Comment[it]=Crea un invito per patchwork' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Comment[ru]=    ' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Comment[zh]=' >> /home/$MY_USERNAME/Desktop/invite.desktop
-            echo 'Exec=mate-terminal -e freedombone-mesh-invite' >> /home/$MY_USERNAME/Desktop/invite.desktop
+            echo 'Exec=mate-terminal -e ${PROJECT_NAME}-mesh-invite' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Icon=/usr/share/$PROJECT_NAME/avatars/icon_invite.png' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/invite.desktop
             echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/invite.desktop
     chroot "$rootdir" apt-get -yq dist-upgrade
     chroot "$rootdir" apt-get -yq install ca-certificates
     chroot "$rootdir" apt-get -yq install apt-utils
-    chroot "$rootdir" apt-get -yq install shellcheck
+    chroot "$rootdir" apt-get -yq install shellcheck hdparm
 
     if [[ "$ARCHITECTURE" == 'amd64' ]]; then
         chroot "$rootdir" apt-get -yq install linux-image-amd64
     chroot "$rootdir" apt-get -yq -t stretch-backports install tor
     chroot "$rootdir" apt-get -yq install connect-proxy
     chroot "$rootdir" connect-proxy
-    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
-    sed -i 's|Log notice file.*|Log notice file /dev/null|g' "$rootdir/etc/tor/torrc"
+    sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' "$rootdir/etc/tor/torrc"
+    sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' "$rootdir/etc/tor/torrc"
     sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" "$rootdir/etc/tor/torrc"
     sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" "$rootdir/etc/tor/torrc"
     if ! grep -q 'Host *.onion' "$rootdir/root/.ssh/config"; then

src/freedombone-image-hardware-setup

 
 a20_setup_boot() {
     dtb="$1"
+    a20_root_device='mmcblk0p2'
+    if [ "$2" ]; then
+        a20_root_device="$2"
+    fi
 
     # Setup boot.cmd
     if grep -q btrfs /etc/fstab ; then
 setenv mmcdev 0
 setenv mmcpart 1
 
-setenv mmcroot /dev/mmcblk0p2 ro
+setenv mmcroot /dev/${a20_root_device} ro
 setenv mmcrootfstype $fstype rootwait fixrtc
 setenv mmcrootflags subvol=@
 
         enable_serial_console ttyO0
         ;;
     cubietruck)
-        a20_setup_boot sun7i-a20-cubietruck.dtb
+        a20_setup_boot sun7i-a20-cubietruck.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     a20-olinuxino-lime)
-        a20_setup_boot sun7i-a20-olinuxino-lime.dtb
+        a20_setup_boot sun7i-a20-olinuxino-lime.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     a20-olinuxino-lime2)
-        a20_setup_boot sun7i-a20-olinuxino-lime2.dtb
+        a20_setup_boot sun7i-a20-olinuxino-lime2.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     a20-olinuxino-micro)
-        a20_setup_boot sun7i-a20-olinuxino-micro.dtb
+        a20_setup_boot sun7i-a20-olinuxino-micro.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     cubieboard2)
-        a20_setup_boot sun7i-a20-cubieboard2.dtb
+        a20_setup_boot sun7i-a20-cubieboard2.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
     pcduino3)
-        a20_setup_boot sun7i-a20-pcduino3.dtb
+        a20_setup_boot sun7i-a20-pcduino3.dtb "$EXTERNAL_DRIVE"
         enable_serial_console ttyS0
         ;;
 esac

src/freedombone-image-make

 export AMNESIC
 export SOCIALINSTANCE
 export LOCAL_NAME
+export EXTERNAL_DRIVE
+export CONTINUOUS_INTEGRATION
 
 # Locate vmdebootstrap program fetched in Makefile
 basedir=`pwd`
 # Packages needed for self-hosted development
 dev_pkgs="build-essential devscripts make man-db emacs org-mode git mercurial"
 
-echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE".
+echo Building "$MACHINE" "$PROJECT_NAME" for "$ARCHITECTURE" "$EXTERNAL_DRIVE"
 
 case "$MACHINE" in
     beaglebone)
 sed -i "s|AMNESIC=.*|AMNESIC=\"${AMNESIC}\"|g" "$TEMP_CUSTOMISE3"
 sed -i "s|SOCIALINSTANCE=.*|SOCIALINSTANCE=\"${SOCIALINSTANCE}\"|g" "$TEMP_CUSTOMISE3"
 sed -i "s|LOCAL_NAME=.*|LOCAL_NAME=\"${LOCAL_NAME}\"|g" "$TEMP_CUSTOMISE3"
+sed -i "s|EXTERNAL_DRIVE=.*|EXTERNAL_DRIVE=\"${EXTERNAL_DRIVE}\"|g" "$TEMP_CUSTOMISE3"
 sed -i 's|#!/bin/bash||g' "$TEMP_CUSTOMISE3"
+sed -i "s|CONTINUOUS_INTEGRATION=.*|CONTINUOUS_INTEGRATION=${CONTINUOUS_INTEGRATION}|g" "$TEMP_CUSTOMISE3"
 
 cat $TEMP_CUSTOMISE2 $TEMP_CUSTOMISE3 > $TEMP_CUSTOMISE4
 if [ -f $TEMP_CUSTOMISE ]; then
      ARCHITECTURE="$ARCHITECTURE" \
      SOURCE="$SOURCE" \
      CUSTOM_SETUP="$CUSTOM_SETUP" \
+     EXTERNAL_DRIVE="$EXTERNAL_DRIVE" \
      $VMDEBOOTSTRAP \
      --log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
      --log-level debug \

src/freedombone-image-makefile

 ARCHIVE = $(IMAGE).xz
 SIGNATURE = $(ARCHIVE).sig
 OWNER = 1000
-XZ = xz --no-warn --verbose --keep --threads=0 -3
-SIGN = -gpg --output $(SIGNATURE) --detach-sig $(ARCHIVE)
+ifeq ("$CONTINUOUS_INTEGRATION", "")
+    XZ = xz --no-warn --verbose --keep --threads=0 -3 $(IMAGE)
+    SIGN = -gpg --output $(SIGNATURE) --detach-sig $(ARCHIVE)
+else
+	XZ =
+	SIGN =
+endif
 
 # settings for `make test`
 TEST_SSH_PORT = 2222
 	$(eval MACHINE = beaglebone)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = cubieboard2)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = pcduino3)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = cubietruck)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval IMAGE = $(NAME).img)
 	$(MAKE_IMAGE)
 	rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 
 	$(eval MACHINE = a20-olinuxino-lime2)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = a20-olinuxino-micro)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	$(eval MACHINE = all)
 	$(MAKE_IMAGE)
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	# Convert image to qemu format
 	qemu-img convert -O qcow2 $(NAME).img $(NAME).qcow2
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."
 	# Convert image to qemu format
 	qemu-img convert -O qcow2 $(NAME).img $(NAME).qcow2
 	@rm -f $(ARCHIVE)
-	$(XZ) $(IMAGE)
+	$(XZ)
 	@echo ""
 	$(SIGN)
 	@echo "Build complete."

src/freedombone-image-vmdebootstrap

 export TEXTDOMAINDIR="/usr/share/locale"
 
 VMDEBOOTSTRAP_REPO="https://github.com/bashrc/vmdebootstrap"
-VMDEBOOTSTRAP_BRANCH='bashrc/freedombone'
+VMDEBOOTSTRAP_BRANCH="bashrc/${PROJECT_NAME}"
 
 mkdir -p vendor
 if [ -d vendor/vmdebootstrap ] ; then

src/freedombone-logging

     done
 }
 
-function turn_off_rsys_logging {
-    if ! grep -q '/var/log/auth.log' /etc/rsyslog.conf; then
-        return
-    fi
-    sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.info.*|mail.info            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.warn.*|mail.warn            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.err.*|mail.err            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|daemon.\*.*|daemon.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.\*.*|mail.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|user.\*.*|user.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
-    sed -i 's|cron.\*.*|cron.\*             /dev/null|g' /etc/rsyslog.conf
-    $REMOVE_FILES_COMMAND /var/log/wtmp*
-    $REMOVE_FILES_COMMAND /var/log/debug*
-    $REMOVE_FILES_COMMAND /var/log/cron.*
-    $REMOVE_FILES_COMMAND /var/log/auth.*
-    $REMOVE_FILES_COMMAND /var/log/mail.*
-    $REMOVE_FILES_COMMAND /var/log/daemon.*
-    $REMOVE_FILES_COMMAND /var/log/user.*
-    $REMOVE_FILES_COMMAND /var/log/messages*
-}
-
 function turn_on_rsys_logging {
-    if grep -q '/var/log/auth.log' /etc/rsyslog.conf; then
-        return
-    fi
-    sed -i 's|mail,news.none.*|mail,news.none      -/var/log/messages|g' /etc/rsyslog.conf
-    sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /var/log/auth.log|g' /etc/rsyslog.conf
-    sed -i 's|mail.info.*|mail.info            -/var/log/mail.info|g' /etc/rsyslog.conf
-    sed -i 's|mail.warn.*|mail.warn            -/var/log/mail.warn|g' /etc/rsyslog.conf
-    sed -i 's|mail.err.*|mail.err            /var/log/mail.err|g' /etc/rsyslog.conf
-    sed -i 's|daemon.\*.*|daemon.\*              -/var/log/daemon.log|g' /etc/rsyslog.conf
-    sed -i 's|mail.\*.*|mail.\*              -/var/log/mail.log|g' /etc/rsyslog.conf
-    sed -i 's|user.\*.*|user.\*              -/var/log/user.log|g' /etc/rsyslog.conf
-    sed -i 's|news.none;mail.none.*|news.none;mail.none -/var/log/debug|g' /etc/rsyslog.conf
-    sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      -/var/log/syslog|g' /etc/rsyslog.conf
-    sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
-    sed -i 's|cron.\*.*|cron.\*             /var/log/cron.log|g' /etc/rsyslog.conf
+    save_rsys_header
+
+    { echo 'auth,authpriv.*         /var/log/auth.log';
+      echo '*.*;auth,authpriv.none -/var/log/syslog';
+      echo 'cron.*                  /var/log/cron.log';
+      echo 'daemon.*               -/var/log/daemon.log';
+      echo 'kern.*                 -/var/log/kern.log';
+      echo 'lpr.*                  -/var/log/lpr.log';
+      echo 'mail.*                 -/var/log/mail.log';
+      echo 'user.*                 -/var/log/user.log';
+      echo '';
+      echo 'mail.info              -/var/log/mail.info';
+      echo 'mail.warn              -/var/log/mail.warn';
+      echo 'mail.err                /var/log/mail.err';
+      echo '';
+      echo "*.=debug;\\";
+      echo "        auth,authpriv.none;\\";
+      echo '        news.none;mail.none -/var/log/debug';
+      echo "*.=info;*.=notice;*.=warn;\\";
+      echo "        auth,authpriv.none;\\";
+      echo "        cron,daemon.none;\\";
+      echo '        mail,news.none      -/var/log/messages';
+      echo '';
+      echo '*.emerg                         :omusrmsg:*'; } >> /etc/rsyslog.conf
 }
 
 if [ ! "$1" ]; then
             touch /var/log/tor/notices.log
             chown debian-tor:adm /var/log/tor/notices.log
         fi
-        sed -i 's|#Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
-        sed -i 's|Log notice file.*|Log notice file /var/log/tor/notices.log|g' /etc/tor/torrc
+        echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
     fi
     if [ -f /etc/php/7.0/fpm/php-fpm.conf ]; then
         sed -i 's|error_log =.*|error_log = /var/log/php-fpm.log|g' /etc/php/7.0/fpm/php-fpm.conf
         fi
     fi
     turn_on_rsys_logging
+    turn_on_postgresql_logging
 else
     turn_logging_off
 
-    if [ -d /etc/tor ]; then
-        sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-        sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-        rm /var/log/tor/*
+    if [ -d /etc/torrc.d ]; then
+        echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
     fi
     if [ -d /var/log/radicale ]; then
         $REMOVE_FILES_COMMAND /var/log/radicale/*
         fi
     fi
     turn_off_rsys_logging
+    turn_off_postgresql_logging
 fi
 
 if [ -d /etc/exim4 ]; then
 if [ -d /etc/matrix ]; then
     systemctl restart matrix
 fi
+if [ -d /etc/postgresql ]; then
+    systemctl restart postgresql
+fi
 
 exit 0

src/freedombone-mesh-blog

 }
 
 function view_blog {
-    freedombone-mesh-visit-site '/Blog'
+    ${PROJECT_NAME}-mesh-visit-site '/Blog'
     exit 0
 }
 

src/freedombone-prepare-scripts

 
 cat /usr/local/bin/${PROJECT_NAME}-vars /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-* /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-* > /tmp/includescripts
 
-cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel > /usr/local/bin/control
-cat /tmp/includescripts /usr/local/bin/freedombone-controlpanel-user > /usr/local/bin/controluser
-cat /tmp/includescripts /usr/local/bin/freedombone-addremove > /usr/local/bin/addremove
+cat /tmp/includescripts /usr/local/bin/${PROJECT_NAME}-controlpanel > /usr/local/bin/control
+cat /tmp/includescripts /usr/local/bin/${PROJECT_NAME}-controlpanel-user > /usr/local/bin/controluser
+cat /tmp/includescripts /usr/local/bin/${PROJECT_NAME}-addremove > /usr/local/bin/addremove
 
 sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/control
 sed -i '/# Start including files/,/# End including files/d' /usr/local/bin/controluser

src/freedombone-tests

     output "V-38605" $? ${SETLANG}
     ################
 
+    ##Check that openssh client and server are installed
+    bash $STIG_TESTS_DIR/check-ssh.sh installed >/dev/null 2>&1 &
+    stig_spinner $!
+    output "SV-86857r1_rule" $? ${SETLANG}
+    ################
+    
     ##RHEL-06-000227
     ##The SSH daemon must be configured to use only the SSHv2 protocol.
 

src/freedombone-tor-health

+#!/bin/bash
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# Returns a health status for Tor
+#
+# License
+# =======
+#
+# Copyright (C) 2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+PROJECT_NAME='freedombone'
+
+export TEXTDOMAIN=${PROJECT_NAME}-tor-health
+export TEXTDOMAINDIR="/usr/share/locale"
+
+d1=$(date --date="-10 min" "+%b %d %H:%M"):00
+d2=$(date "+%b %d %H:%M"):00
+ctr=0
+echo -n '' > /var/log/tor/notices_new.log
+while read -r line; do
+    datestr=$(echo "$line" | awk -F '.' '{print $1}')
+    if [[ "$datestr" > "$d1" && "$datestr" < "$d2" || "$datestr" =~ $d2 ]]; then
+        if [[ "$line" == *'Retrying'* ]]; then
+            ctr=$((ctr+1))
+        fi
+        echo "$line" >> /var/log/tor/notices_new.log
+    fi
+done < /var/log/tor/notices.log
+
+mv /var/log/tor/notices_new.log /var/log/tor/notices.log
+chown -R debian-tor:adm /var/log/tor
+
+if [ $ctr -gt 5 ]; then
+    echo $'Failed'
+    exit 0
+fi
+
+if [ $ctr -gt 0 ]; then
+    echo $'Poor'
+    exit 0
+fi
+
+echo $'Good'
+exit 0

src/freedombone-upgrade

 if [ -f /usr/bin/backupdatabases ]; then
     if grep -q "cat /root/dbpass" /usr/bin/backupdatabases; then
         # update to using the password manager
-        sed -i "s|cat /root/dbpass|freedombone-pass -u root -a mariadb|g" /usr/bin/backupdatabases
+        sed -i "s|cat /root/dbpass|${PROJECT_NAME}-pass -u root -a mariadb|g" /usr/bin/backupdatabases
     fi
 fi
 
         fi
 
         #rebuild_exim_with_socks
+        torrc_migrate
         nodejs_upgrade
         apt-get -yq -t stretch-backports install certbot
         email_install_tls

src/freedombone-utils-dns

     fi
 
     # add the update command to cron
-    if ! grep -q "/usr/local/bin/freedombone-freedns" /etc/crontab; then
+    if ! grep -q "/usr/local/bin/${PROJECT_NAME}-freedns" /etc/crontab; then
         function_check cron_add_mins
-        cron_add_mins 3 '/usr/local/bin/freedombone-freedns'
+        cron_add_mins 3 "/usr/local/bin/${PROJECT_NAME}-freedns"
         systemctl restart cron
     fi
 

src/freedombone-utils-firewall

 FIREWALL_DOMAINS=$HOME/${PROJECT_NAME}-firewall-domains.cfg
 FIREWALL_EIFACE=eth0
 EXTERNAL_IPV4_ADDRESS=
+FIREFOX_TELEMETRY_IP='52.88.27.118'
 
 function save_firewall_settings {
     iptables-save > /etc/firewall.conf
     fi
 }
 
+function block_firefox_telemetry {
+    # This shouldn't be needed on a server, but we'll do it anyway
+    # to be on the safe side
+    # Within firefox source code see submit_telemetry_data.py
+
+    if ! grep -q 'telemetry.mozilla' /etc/hosts; then
+	echo '127.0.0.1  telemetry.mozilla.org' >> /etc/hosts
+	echo '127.0.0.1  incoming.telemetry.mozilla.org' >> /etc/hosts
+    fi
+        
+    if grep -q "$FIREFOX_TELEMETRY_IP" /etc/firewall.conf; then
+        return
+    fi
+
+    iptables -A INPUT -s $FIREFOX_TELEMETRY_IP -j DROP
+    iptables -A OUTPUT -s $FIREFOX_TELEMETRY_IP -j DROP
+    save_firewall_settings
+}
+
 function firewall_block_bad_ip_ranges {
     if [ "$INSTALLING_MESH" ]; then
         return
     FIREWALL_FILENAME="${rootdir}/etc/systemd/system/meshfirewall.service"
     MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
 
+    if ! grep -q 'telemetry.mozilla' ${rootdir}/etc/hosts; then
+	echo '127.0.0.1       telemetry.mozilla.org' >> ${rootdir}/etc/hosts
+	echo '127.0.0.1       incoming.telemetry.mozilla.org' >> ${rootdir}/etc/hosts
+    fi
+
+    if ! grep -q 'facebook' ${rootdir}/etc/hosts; then
+	{ echo '127.0.0.1       www.facebook.com';
+	  echo '127.0.0.1       facebook.com';
+	  echo '127.0.0.1       static.ak.fbcdn.net';
+	  echo '127.0.0.1       www.static.ak.fbcdn.net';
+	  echo '127.0.0.1       login.facebook.com';
+	  echo '127.0.0.1       www.login.facebook.com';
+	  echo '127.0.0.1       fbcdn.net';
+	  echo '127.0.0.1       www.fbcdn.net';
+	  echo '127.0.0.1       fbcdn.com';
+	  echo '127.0.0.1       www.fbcdn.com';
+	  echo '127.0.0.1       static.ak.connect.facebook.com';
+	  echo '127.0.0.1       www.static.ak.connect.facebook.com'; } >> ${rootdir}/etc/hosts	
+    fi
+    
+    if ! grep -q 'google' ${rootdir}/etc/hosts; then
+	{ echo '127.0.0.1       www.google-analytics.com';
+	  echo '127.0.0.1       google-analytics.com';
+	  echo '127.0.0.1       ssl.google-analytics.com'; } >> ${rootdir}/etc/hosts
+    fi    
+    
     { echo '#!/bin/bash';
       echo 'iptables -P INPUT ACCEPT';
       echo 'ip6tables -P INPUT ACCEPT';
       echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
       echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
       echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
-      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT"; } > "$MESH_FIREWALL_SCRIPT"
+      echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT";
+      echo "iptables -A INPUT -s $FIREFOX_TELEMETRY_IP -j DROP";
+      echo "iptables -A OUTPUT -s $FIREFOX_TELEMETRY_IP -j DROP"; } > "$MESH_FIREWALL_SCRIPT"
     chmod +x "$MESH_FIREWALL_SCRIPT"
 
     { echo '[Unit]';

src/freedombone-utils-gnusocialtools

       echo "database_name=\$1";
       echo "remove_user=\$2";
       echo "domain_name=\$3";
-      echo "MARIADB_PASSWORD=\$(freedombone-pass -u root -a mariadb)";
+      echo "MARIADB_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)";
       echo '';
       echo "if [ \${#remove_user} -lt 2 ]; then";
       echo '  echo $"No user was specified"';

src/freedombone-utils-mesh

     if [ ! -f /var/www/html/images/trifa.png ]; then
         cp "/root/$PROJECT_NAME/img/trifa.png" /var/www/html/images/trifa.png
     fi
-    if [ ! -f /var/www/html/freedombone.css ]; then
-        cp "/root/$PROJECT_NAME/website/freedombone.css" /var/www/html/freedombone.css
+    if [ ! -f "/var/www/html/${PROJECT_NAME}.css" ]; then
+        cp "/root/$PROJECT_NAME/website/${PROJECT_NAME}.css" "/var/www/html/${PROJECT_NAME}.css"
     fi
     chown -R www-data:www-data /var/www/html/*
 }

src/freedombone-utils-onion

 
 USE_V2_ONION_ADDRESS=
 HIDDEN_SERVICE_PATH='/var/lib/tor/hidden_service_'
+ONION_SERVICES_FILE=/etc/torrc.d/${PROJECT_NAME}
+
+function torrc_migrate {
+    if [ -f "$ONION_SERVICES_FILE" ]; then
+        if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
+            sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+            systemctl restart tor
+        fi
+        return
+    fi
+    systemctl stop tor
+
+    mkdir /etc/torrc.d
+
+    grep "HiddenServiceDir\\|HiddenServiceVersion\\|HiddenServicePort" /etc/tor/torrc | grep -v "#HiddenServiceDir" >> "$ONION_SERVICES_FILE"
+
+    if ! grep "HiddenServiceVersion" "$ONION_SERVICES_FILE"; then
+        systemctl restart tor
+        return
+    fi
+
+    if grep -q "#%include /etc/torrc.d" /etc/tor/torrc; then
+        sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    else
+        echo "%include /etc/torrc.d" >> /etc/tor/torrc
+    fi
+
+    { echo 'DNSPort 5300';
+      echo 'DNSListenAddress 127.0.0.1';
+      echo 'AutomapHostsOnResolve 1'; } > /etc/torrc.d/dns
+
+    sed -i '/DNSPort 5300/d' /etc/tor/torrc
+    sed -i '/DNSListenAddress 127.0.0./d' /etc/tor/torrc
+    sed -i '/AutomapHostsOnResolve 1/d' /etc/tor/torrc
+
+    sed -i '/HiddenServiceDir/d' /etc/tor/torrc
+    sed -i '/HiddenServiceVersion/d' /etc/tor/torrc
+    sed -i '/HiddenServicePort/d' /etc/tor/torrc
+
+    systemctl restart tor
+}
 
 function add_email_hostname {
     extra_email_hostname="$1"
     nick="$3"
 
     if [ ${#nick} -gt 0 ]; then
-        sed -i "/stealth ${nick}/d" /etc/tor/torrc
+        sed -i "/stealth ${nick}/d" "$ONION_SERVICES_FILE"
     fi
-    sed -i "/hidden_service_${onion_service_name}/,+1 d" /etc/tor/torrc
-    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" /etc/tor/torrc
-    sed -i "/127.0.0.1:${onion_service_port_to}/d" /etc/tor/torrc
+    sed -i "/hidden_service_${onion_service_name}/,+1 d" "$ONION_SERVICES_FILE"
+    sed -i "/hidden_service_${onion_service_name}_mobile/,+1 d" "$ONION_SERVICES_FILE"
+    sed -i "/127.0.0.1:${onion_service_port_to}/d" "$ONION_SERVICES_FILE"
     if [ "$3" ]; then
-        sed -i "/127.0.0.1:${3}/d" /etc/tor/torrc
+        sed -i "/127.0.0.1:${3}/d" "$ONION_SERVICES_FILE"
         if [ "$4" ]; then
-            sed -i "/127.0.0.1:${4}/d" /etc/tor/torrc
+            sed -i "/127.0.0.1:${4}/d" "$ONION_SERVICES_FILE"
             if [ "$5" ]; then
-                sed -i "/127.0.0.1:${5}/d" /etc/tor/torrc
+                sed -i "/127.0.0.1:${5}/d" "$ONION_SERVICES_FILE"
             fi
         fi
     fi
         USE_V2_ONION_ADDRESS=
         exit 877367
     fi
-    if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
-        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc
+    if ! grep -q "hidden_service_${onion_service_name}" "$ONION_SERVICES_FILE"; then
+        echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> "$ONION_SERVICES_FILE"
         if [ ! $USE_V2_ONION_ADDRESS ]; then
-            echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 3' >> "$ONION_SERVICES_FILE"
         else
-            echo 'HiddenServiceVersion 2' >> /etc/tor/torrc
+            echo 'HiddenServiceVersion 2' >> "$ONION_SERVICES_FILE"
         fi
-        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
+        echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> "$ONION_SERVICES_FILE"
         if [ ${#onion_stealth_name} -gt 0 ]; then
-            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc
+            echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> "$ONION_SERVICES_FILE"
         fi
     fi
 
     mark_completed "${FUNCNAME[0]}"
 }
 
+function check_tor_health {
+    { echo '#!/bin/bash';
+      echo "status=\$(${PROJECT_NAME}-tor-health)";
+      echo "ADMIN_USER=\$(grep \"MY_USERNAME=\" ~/${PROJECT_NAME}.cfg | awk -F '=' '{print \$2}')";
+      echo "if [[ \"\$status\" == 'G'* ]]; then";
+      echo '    if [ -f /tmp/.torfailed ]; then';
+      echo '        rm /tmp/.torfailed';
+      echo "        tail -n 3 /var/log/tor/notices.log | mail -s \"[${PROJECT_NAME}] Tor status is now \$status\" \$ADMIN_USER@\$HOSTNAME";
+      echo '    fi';
+      echo '    exit 0';
+      echo 'fi';
+      echo 'if [ ! -f /tmp/.torfailed ]; then';
+      echo "    tail -n 3 /var/log/tor/notices.log | mail -s \"[${PROJECT_NAME}] Tor status is \$status\" \$ADMIN_USER@\$HOSTNAME";
+      echo "    echo \"\$status\" > /tmp/.torfailed";
+      echo 'else';
+      echo "    prev_status=\$(cat /tmp/.torfailed)";
+      echo "    if [[ \"\$prev_status\" != \"\$status\" ]]; then";
+      echo "        tail -n 3 /var/log/tor/notices.log | mail -s \"[${PROJECT_NAME}] Tor status is \$status\" \$ADMIN_USER@\$HOSTNAME";
+      echo "        echo \"\$status\" > /tmp/.torfailed";
+      echo '    fi';
+      echo 'fi'; } > /usr/bin/check_tor_health
+    chmod +x /usr/bin/check_tor_health
+
+    if ! grep -q 'check_tor_health' /etc/crontab; then
+        cron_add_mins 10 "/usr/bin/check_tor_health"
+    fi
+}
+
 function install_tor {
     if [[ $SYSTEM_TYPE == "mesh*" ]]; then
         return
     # For torify
     apt-get -yq install torsocks
 
-    # turn off logging
-    sed -i 's|#Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-    sed -i 's|Log notice file.*|Log notice file /dev/null|g' /etc/tor/torrc
-
-    # Restrict traffic
-    sed -i "s|#AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
-    sed -i "s|AccountingMax.*|AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes|g" /etc/tor/torrc
-
-    mark_completed "${FUNCNAME[0]}"
-}
-
-function resolve_dns_via_tor {
-    if [[ $SYSTEM_TYPE == "mesh"* ]]; then
-        return
-    fi
-    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
-        return
-    fi
-    if [ ! -f /etc/tor/torrc ]; then
-        echo $'tor was not installed'
-        exit 52952
+    if [ ! -d /etc/torrc.d ]; then
+        mkdir /etc/torrc.d
     fi
-
-    # resolve DNS via tor
-    if ! grep -q 'DNSPort 53' /etc/tor/torrc; then
-        { echo 'DNSPort 53';
-          echo 'AutomapHostsOnResolve 1';
-          echo 'AutomapHostsSuffixes .exit,.onion'; } >> /etc/tor/torrc
-        onion_update
+    sed -i 's|#%include /etc/torrc.d|%include /etc/torrc.d|g' /etc/tor/torrc
+    if ! grep -q '%include /etc/torrc.d' /etc/tor/torrc; then
+        echo '%include /etc/torrc.d' >> /etc/tor/torrc
     fi
 
-    # don't change resolv.conf
-    sed -i 's|, domain-name-servers||g' /etc/dhcp/dhclient.conf
-
-    # point resolv.conf to tor
-    resolvconf=/etc/resolvconf/resolv.conf.d/head
-    echo 'nameserver 127.0.0.1:53' > $resolvconf
-    resolvconf -u
+    echo 'Log notice file /var/log/tor/notices.log' > /etc/torrc.d/logging
+    echo "AccountingMax $TOR_MAX_TRAFFIC_PER_MONTH_GB GBytes" > /etc/torrc.d/maxtraffic
 
     mark_completed "${FUNCNAME[0]}"
 }
 
     apt-get -yq install obfs4proxy
 
-    if grep -q "ClientTransportPlugin" /etc/tor/torrc; then
-        sed -i 's|#ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
-        sed -i 's|# ClientTransportPlugin|ClientTransportPlugin|g' /etc/tor/torrc
-        sed -i 's|ClientTransportPlugin.*|ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed|g' /etc/tor/torrc
+    if [ ! -f /etc/torrc.d/bridges ]; then
+        { echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed';
+          echo 'UseBridges 1';
+          echo "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"; } > /etc/torrc.d/bridges
     else
-        echo 'ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed' >> /etc/tor/torrc
-    fi
-    if grep -q "UseBridges" /etc/tor/torrc; then
-        sed -i 's|#UseBridges|UseBridges|g' /etc/tor/torrc
-        sed -i 's|# UseBridges|UseBridges|g' /etc/tor/torrc
-        sed -i 's|UseBridges.*|UseBridges 1|g' /etc/tor/torrc
-    else
-        echo 'UseBridges 1' >> /etc/tor/torrc
-    fi
-
-    bridge_str="Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}"
-    if ! grep -q "${bridge_str}" /etc/tor/torrc; then
-        sed -i "/UseBridges/a ${bridge_str}" >> /etc/tor/torrc
+        if ! grep -q "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}" /etc/torrc.d/bridges; then
+            echo "Bridge $bridge_type ${bridge_ip_address}:${bridge_port} ${bridge_key}" >> /etc/torrc.d/bridges
+        fi
     fi
 
     systemctl restart tor
     if [[ "$bridge_ip_address" == *"."* ]]; then
         bridge_str="Bridge $bridge_type ${bridge_ip_address}"
     else
-        if grep -q " ${bridge_ip_address}" /etc/tor/torrc; then
+        if grep -q " ${bridge_ip_address}" /etc/torrc.d/bridges; then
             bridge_str=" ${bridge_ip_address}"
         else
             return
         fi
     fi
-    if grep -q "${bridge_str}" /etc/tor/torrc; then
-        sed -i "/${bridge_str}/d" /etc/tor/torrc
+    if grep -q "${bridge_str}" /etc/torrc.d/bridges; then
+        sed -i "/${bridge_str}/d" /etc/torrc.d/bridges
     fi
 
-    # If there are no bridges remaining then remove UseBridges
-    if ! grep -q "Bridge " /etc/tor/torrc; then
-        if ! grep -q "#UseBridges" /etc/tor/torrc; then
-            sed -i 's|UseBridges|#UseBridges|g' /etc/tor/torrc
-        fi
-        if ! grep -q "#ClientTransportPlugin" /etc/tor/torrc; then
-            sed -i 's|ClientTransportPlugin|#ClientTransportPlugin|g' /etc/tor/torrc
-        fi
+    # If there are no bridges remaining then remove the file
+    if ! grep -q "Bridge " /etc/torrc.d/bridges; then
+        rm /etc/torrc.d/bridges
     fi
 
     systemctl restart tor
 function tor_create_bridge_relay {
     read_config_param 'TOR_BRIDGE_PORT'
     read_config_param 'TOR_BRIDGE_NICKNAME'
+    read_config_param 'MY_EMAIL_ADDRESS'
+
     if [ ! "$TOR_BRIDGE_PORT" ]; then
         return
     fi
 
     apt-get -yq install obfs4proxy
 
-    sed -i 's|#BridgeRelay.*|BridgeRelay 1|g' /etc/tor/torrc
-    sed -i 's|BridgeRelay.*|BridgeRelay 1|g' /etc/tor/torrc
-    sed -i 's|#ServerTransportPlugin.*|ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy|g' /etc/tor/torrc
-    sed -i 's|ServerTransportPlugin.*|ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy|g' /etc/tor/torrc
-
-    if ! grep -q 'ExtORPort ' /etc/tor/torrc; then
-        echo "ExtORPort $TOR_BRIDGE_PORT" >> /etc/tor/torrc
-    else
-        sed -i "s|#ExtORPort .*|ExtORPort $TOR_BRIDGE_PORT|g" /etc/tor/torrc
-        sed -i "s|ExtORPort .*|ExtORPort $TOR_BRIDGE_PORT|g" /etc/tor/torrc
-    fi
-
-    read_config_param 'MY_EMAIL_ADDRESS'
+    { echo 'BridgeRelay 1';
+      echo 'ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy';
+      echo "ExtORPort $TOR_BRIDGE_PORT";
+      echo "ContactInfo $MY_EMAIL_ADDRESS";
+      echo "Nickname $TOR_BRIDGE_NICKNAME"; } > /etc/torrc.d/bridgerelay
 
-    sed -i "s|#ContactInfo.*|ContactInfo $MY_EMAIL_ADDRESS|g" /etc/tor/torrc
-    if [ "$TOR_BRIDGE_NICKNAME" ]; then
-        sed -i "s|#Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
-        sed -i "s|Nickname.*|Nickname $TOR_BRIDGE_NICKNAME|g" /etc/tor/torrc
-    fi
     firewall_add tor_bridge "$TOR_BRIDGE_PORT" tcp
+
     systemctl restart tor
 }
 
 function tor_remove_bridge_relay {
-    if ! grep -q '#BridgeRelay ' /etc/tor/torrc; then
-        sed -i 's|BridgeRelay |#BridgeRelay |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ServerTransportPlugin ' /etc/tor/torrc; then
-        sed -i 's|ServerTransportPlugin |#ServerTransportPlugin |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ExtORPort ' /etc/tor/torrc; then
-        sed -i 's|ExtORPort |#ExtORPort |g' /etc/tor/torrc
-    fi
-    if ! grep -q '#ContactInfo ' /etc/tor/torrc; then
-        sed -i "s|ContactInfo |#ContactInfo |g" /etc/tor/torrc
-    fi
-    if ! grep -q '#Nickname ' /etc/tor/torrc; then
-        sed -i "s|Nickname |#Nickname |g" /etc/tor/torrc
+    if [ -f /etc/torrc.d/bridgerelay ]; then
+        rm /etc/torrc.d/bridgerelay
     fi
+
     read_config_param 'TOR_BRIDGE_PORT'
     firewall_remove "$TOR_BRIDGE_PORT" tcp
+
     systemctl restart tor
 }
 

src/freedombone-utils-postgresql

 # Set this when calling backup and restore commands
 USE_POSTGRESQL=
 POSTGRESQL_PACKAGES='postgresql-9.6 postgresql-contrib-9.6 postgresql-client'
+POSTGRESQL_VERSION=9.6
+
+function turn_off_postgresql_logging {
+    if [ ! -f /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|#log_destination|log_destination|g' /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'syslog'|g" /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    if [ -d /var/log/postgresql ]; then
+        $REMOVE_FILES_COMMAND /var/log/postgresql/*
+    fi
+}
+
+function turn_on_postgresql_logging {
+    if [ ! -f /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf ]; then
+        return
+    fi
+    sed -i 's|log_destination|#log_destination|g' /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+    sed -i "s|log_destination.*|log_destination = 'stderr'|g" /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
+}
 
 function store_original_postgresql_password {
     if [ ! -f /root/.postgresqloriginal ]; then

src/freedombone-utils-selector

     done
 }
 
+function app_not_on_onion_only {
+    app_name="$1"
+
+    read_config_param ONION_ONLY
+
+    if [[ "$ONION_ONLY" != 'no' ]]; then
+        if grep -q "NOT_ON_ONION=1" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
+            echo "0"
+            return
+        fi
+    fi
+    echo "1"
+}
+
+function enough_ram_for_app {
+    app_name="$1"
+
+    if ! grep -q "MINIMUM_RAM_MB=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}"; then
+        echo "0"
+        return
+    fi
+
+    minimum_ram_MB=$(grep "MINIMUM_RAM_MB=" "/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-${app_name}" | head -n 1 | awk -F '=' '{print $2}')
+    minimum_ram_bytes=$((minimum_ram_MB * 1024))
+
+    ram_available=$(grep MemTotal /proc/meminfo | awk '{print $2}')
+    if [ "$ram_available" -lt "$minimum_ram_bytes" ]; then
+        echo "1"
+        return
+    fi
+    echo "0"
+}
+
 # detects what apps are available
 function detect_apps {
     FILES="/usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-*"
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-
-        # shellcheck disable=SC2068
-        if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-            APPS_AVAILABLE+=("${app_name}")
-            APPS_CHOSEN+=("0")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                # shellcheck disable=SC2068
+                if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                    APPS_AVAILABLE+=("${app_name}")
+                    APPS_CHOSEN+=("0")
+                fi
+            fi
         fi
     done
 
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        # shellcheck disable=SC2068
-        if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-            variants_list=$(app_variants "$filename")
-            # check for empty string
-            if [ ${#variants_list} -gt 0 ]; then
-                APPS_AVAILABLE+=("${app_name}")
-                APPS_CHOSEN+=("0")
-                APPS_INSTALLED+=("$(app_is_installed "$app_name")")
-                if [[ $(app_is_installed "$app_name") == "1" ]]; then
-                    APPS_INSTALLED_NAMES+=("$app_name")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                # shellcheck disable=SC2068
+                if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                    variants_list=$(app_variants "$filename")
+                    # check for empty string
+                    if [ ${#variants_list} -gt 0 ]; then
+                        APPS_AVAILABLE+=("${app_name}")
+                        APPS_CHOSEN+=("0")
+                        APPS_INSTALLED+=("$(app_is_installed "$app_name")")
+                        if [[ $(app_is_installed "$app_name") == "1" ]]; then
+                            APPS_INSTALLED_NAMES+=("$app_name")
+                        fi
+                    fi
                 fi
             fi
         fi
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
 
-        if [[ $(app_is_installed "$app_name") == "1" ]]; then
-            # shellcheck disable=SC2068
-            if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-                variants_list=$(app_variants "$filename")
-                if [ ${#variants_list} -gt 0 ]; then
-                    APPS_AVAILABLE+=("${app_name}")
-                    APPS_INSTALLED_NAMES+=("$app_name")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                if [[ $(app_is_installed "$app_name") == "1" ]]; then
+                    # shellcheck disable=SC2068
+                    if ! item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                        variants_list=$(app_variants "$filename")
+                        if [ ${#variants_list} -gt 0 ]; then
+                            APPS_AVAILABLE+=("${app_name}")
+                            APPS_INSTALLED_NAMES+=("$app_name")
+                        fi
+                    fi
                 fi
             fi
         fi
     for filename in $FILES
     do
         app_name=$(echo "${filename}" | awk -F '-app-' '{print $2}')
-
-        # shellcheck disable=SC2068
-        if item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
-            if grep -q "VARIANTS=" "${filename}"; then
-                variants_list=$(app_variants "$filename")
-                if [[ "${variants_list}" == 'all'* || \
-                      "${variants_list}" == "$variant_name" || \
-                      "${variants_list}" == "$variant_name "* || \
-                      "${variants_list}" == *" $variant_name "* || \
-                      "${variants_list}" == *" $variant_name" ]]; then
-                    if [[ $(app_is_removed "${a}") == "0" ]]; then
-                        #echo $"${app_name} chosen"
-                        APPS_CHOSEN+=("1")
+        if [[ $(enough_ram_for_app "$app_name") == "0" ]]; then
+            if [[ $(app_not_on_onion_only "$app_name") != "0" ]]; then
+                # shellcheck disable=SC2068
+                if item_in_array "${app_name}" ${APPS_AVAILABLE[@]}; then
+                    if grep -q "VARIANTS=" "${filename}"; then
+                        variants_list=$(app_variants "$filename")
+                        if [[ "${variants_list}" == 'all'* || \
+                                  "${variants_list}" == "$variant_name" || \
+                                  "${variants_list}" == "$variant_name "* || \
+                                  "${variants_list}" == *" $variant_name "* || \
+                                  "${variants_list}" == *" $variant_name" ]]; then
+                            if [[ $(app_is_removed "${a}") == "0" ]]; then
+                                #echo $"${app_name} chosen"
+                                APPS_CHOSEN+=("1")
+                            else
+                                APPS_CHOSEN+=("0")
+                            fi
+                        else
+                            APPS_CHOSEN+=("0")
+                        fi
                     else
                         APPS_CHOSEN+=("0")
                     fi
-                else
-                    APPS_CHOSEN+=("0")
                 fi
-            else
-                APPS_CHOSEN+=("0")
             fi
         fi
     done

src/freedombone-utils-setup

     fi
 }
 
+function save_rsys_header {
+    { echo "";
+      echo "#################";
+      echo "#### MODULES ####";
+      echo "#################";
+      echo '';
+      echo 'module(load="imuxsock")';
+      echo 'module(load="imklog")';
+      echo '';
+      echo '###########################';
+      echo '#### GLOBAL DIRECTIVES ####';
+      echo '###########################';
+      echo '';
+      echo "\$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat";
+      echo '';
+      echo "\$FileOwner root";
+      echo "\$FileGroup adm";
+      echo "\$FileCreateMode 0640";
+      echo "\$DirCreateMode 0755";
+      echo "\$Umask 0022";
+      echo '';
+      echo "\$WorkDirectory /var/spool/rsyslog";
+      echo '';
+      echo "\$IncludeConfig /etc/rsyslog.d/*.conf";
+      echo '';
+      echo '###############';
+      echo '#### RULES ####';
+      echo '###############';
+      echo ''; } > /etc/rsyslog.conf
+}
+
 function turn_off_rsys_logging {
-    if grep -q '/dev/null' /etc/rsyslog.conf; then
-        return
-    fi
-    sed -i 's|mail,news.none.*|mail,news.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|auth,authpriv.\*.*|auth,authpriv.\*         /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.info.*|mail.info            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.warn.*|mail.warn            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.err.*|mail.err            /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|daemon.\*.*|daemon.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|mail.\*.*|mail.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|user.\*.*|user.\*              /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|news.none;mail.none.*|news.none;mail.none /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|\*.\*;auth,authpriv.none.*|\*.\*;auth,authpriv.none      /dev/null|g' /etc/rsyslog.conf
-    sed -i 's|#cron.\*|cron.\*|g' /etc/rsyslog.conf
-    sed -i 's|cron.\*.*|cron.\*             /dev/null|g' /etc/rsyslog.conf
-    shred -zu /var/log/wtmp*
-    shred -zu /var/log/debug*
-    shred -zu /var/log/cron.*
-    shred -zu /var/log/auth.*
-    shred -zu /var/log/mail.*
-    shred -zu /var/log/daemon.*
-    shred -zu /var/log/user.*
-    shred -zu /var/log/messages*
+    save_rsys_header
+    echo '*.*     ~' >> /etc/rsyslog.conf
+
+    rm -rf /var/log/wtmp*
+    rm -rf /var/log/debug*
+    rm -rf /var/log/cron.*
+    rm -rf /var/log/auth.*
+    rm -rf /var/log/mail.*
+    rm -rf /var/log/daemon.*
+    rm -rf /var/log/user.*
+    rm -rf /var/log/messages*
+    rm -rf /var/log/syslog*
+    rm -rf /var/log/alternatives*
+    rm -rf /var/log/faillog
+    rm -rf /var/log/kern.log*
 }
 
 function initial_setup {
     function_check configure_firewall
     configure_firewall
 
+    function_check block_firefox_telemetry
+    block_firefox_telemetry
+
     function_check configure_firewall_ping
     configure_firewall_ping
 
     apt-get -yq install shellcheck
 }
 
+function microsd_card_optimisations {
+    # These values can improve performance on microSD cards
+
+    apt-get -yq install hdparm
+
+    printf '#!/bin/bash\n' > /usr/bin/enable_optimisations
+
+    if [ -f /sys/devices/virtual/bdi/179:0/read_ahead_kb ]; then
+        echo -n '4096' > /sys/devices/virtual/bdi/179:0/read_ahead_kb
+        echo "echo -n '4096' > /sys/devices/virtual/bdi/179:0/read_ahead_kb" >> /usr/bin/enable_optimisations
+    fi
+
+    if [ -f /proc/sys/vm/dirty_expire_centisecs ]; then
+        echo -n '100' > /proc/sys/vm/dirty_expire_centisecs
+        echo "echo -n '100' > /proc/sys/vm/dirty_expire_centisecs" >> /usr/bin/enable_optimisations
+    fi
+
+    if [ -f /proc/sys/vm/dirty_writeback_centisecs ]; then
+        echo -n '100' > /proc/sys/vm/dirty_writeback_centisecs
+        echo "echo -n '100' > /proc/sys/vm/dirty_writeback_centisecs" >> /usr/bin/enable_optimisations
+    fi
+
+    chmod +x /usr/bin/enable_optimisations
+
+    { echo '[Unit]';
+      echo "Description=${PROJECT_NAME} optimisations";
+      echo 'After=syslog.target';
+      echo 'After=network.target';
+      echo 'After=remote-fs.target';
+      echo '';
+      echo '[Service]';
+      echo 'Type=simple';
+      echo 'User=root';
+      echo 'Group=root';
+      echo 'WorkingDirectory=/root';
+      echo 'ExecStart=/usr/bin/enable_optimisations';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/optimisations.service
+      systemctl enable optimisations
+}
+
 function setup_utils {
     read_config_param "PROJECT_REPO"
     write_config_param "PROJECT_REPO" "$PROJECT_REPO"
     function_check separate_tmp_filesystem
     separate_tmp_filesystem 150
 
+    function_check microsd_card_optimisations
+    microsd_card_optimisations
+
     function_check proc_filesystem_settings
     proc_filesystem_settings
 
     function_check install_tor
     install_tor
 
-    #function_check resolve_dns_via_tor
-    #resolve_dns_via_tor
+    function_check check_tor_health
+    check_tor_health
 
     function_check install_command_line_browser
     install_command_line_browser

src/freedombone-utils-web

         max_body=$2
     fi
     filename=/etc/nginx/sites-available/$domain_name
-    { echo "    client_max_body_size ${max_body};";
-      echo '    client_body_buffer_size 128k;';
+    { echo "        client_max_body_size ${max_body};";
+      echo '        client_body_buffer_size 128k;';
       echo '';
-      echo '    limit_conn conn_limit_per_ip 10;';
-      echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;';
+      echo '        limit_conn conn_limit_per_ip 10;';
+      echo '        limit_req zone=req_limit_per_ip burst=10 nodelay;';
       echo ''; } >> "$filename"
 }
 

src/freedombone-utils-wifi

 
     atheros_drivers_file=drivers/firmware-ath9k-htc.deb
     if [ ! -f $atheros_drivers_file ]; then
-        if [ ! -f ~/freedombone/$atheros_drivers_file ]; then
+        if [ ! -f "$HOME/${PROJECT_NAME}/$atheros_drivers_file" ]; then
             return
         else
-            atheros_drivers_file=~/freedombone/$atheros_drivers_file
+            atheros_drivers_file="$HOME/${PROJECT_NAME}/$atheros_drivers_file"
         fi
     else
         atheros_drivers_file=$(pwd)/$atheros_drivers_file

tests/check-ssh.sh

             exit 1
         fi
         ;;
+    installed)
+	OPENSSH_SERVER=$(dpkg -s openssh-server | grep -i "Status:.*install.*ok.*installed" | wc -l)
+	OPENSSH_CLIENT=$(dpkg -s openssh-client | grep -i "Status:.*install.*ok.*installed" | wc -l)
+	if [ ${OPENSSH_SERVER} -eq 1 ]; then
+	    if [ ${OPENSSH_CLIENT} -eq 1 ]; then
+		:
+	    else
+		exit 1
+	    fi
+	else
+	    exit 1
+	fi	
+	;;    
     sshd_status)
         if systemctl status sshd | grep "Active:.*(running)";then
             :

tests/output.sh

                   printf '\n######################\n\nSTIG-ID:RHEL-06-000224\n\nVulnerability Discussion: Due to its usage for maintenance and security-supporting tasks, enabling the cron daemon is essential.\n\nFix text: The "crond" service is used to execute commands at preconfigured times. It is required by almost all systems to perform necessary maintenance tasks, such as notifying root of system activity. The "crond" service can be enabled with the following commands:\n\n#update-rc.d cron defaults\nservice cron start\n\n######################\n\n' >> $LOG
               fi
               ;;
+    SV-86857r1_rule) if [ "$3" = "en" ]; then
+			 log_msg $2 'OpenSSH server and client must be installed.'
+		     else
+			 log_msg $2 '必须安装OpenSSH服务器和客户端'
+		     fi		     
+		     if [ $2 -ne 0 ];then
+			 printf '\n######################\n\nWithout protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. \n\nThis requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. \n\nProtecting the confidentiality and integrity of organizational information can be accomplished by physical means (e.g., employing physical distribution systems) or by logical means (e.g., employing cryptographic techniques). If physical means of protection are employed, logical means (cryptography) do not have to be employed, and vice versa.\n\n######################\n\n' >> $LOG
+		     fi
+		     ;;
     V-38607)  if [ "$3" = "en" ]; then
                   log_msg $2 'The SSH daemon must be configured to use only the SSHv2 protocol.'
               else

website/EN/app_pleroma.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-14 Sat 22:26 -->
-<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta name="viewport" content="width=device-width, initial-scale=1" />
-<title>&lrm;</title>
-<meta name="generator" content="Org mode" />
-<meta name="author" content="Bob Mottram" />
-<meta name="description" content="How to use Pleroma"
+<title></title>
+<!-- 2018-04-18 Wed 15:48 -->
+<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta  name="generator" content="Org-mode" />
+<meta  name="author" content="Bob Mottram" />
+<meta  name="description" content="How to use Pleroma"
  />
-<meta name="keywords" content="freedombone, pleroma" />
+<meta  name="keywords" content="freedombone, pleroma" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center;
-             margin-bottom: .2em; }
-  .subtitle { text-align: center;
-              font-size: medium;
-              font-weight: bold;
-              margin-top:0; }
+  .title  { text-align: center; }
   .todo   { font-family: monospace; color: red; }
-  .done   { font-family: monospace; color: green; }
-  .priority { font-family: monospace; color: orange; }
+  .done   { color: green; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
+  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  /* Languages per Org manual */
-  pre.src-asymptote:before { content: 'Asymptote'; }
-  pre.src-awk:before { content: 'Awk'; }
-  pre.src-C:before { content: 'C'; }
-  /* pre.src-C++ doesn't work in CSS */
-  pre.src-clojure:before { content: 'Clojure'; }
-  pre.src-css:before { content: 'CSS'; }
-  pre.src-D:before { content: 'D'; }
-  pre.src-ditaa:before { content: 'ditaa'; }
-  pre.src-dot:before { content: 'Graphviz'; }
-  pre.src-calc:before { content: 'Emacs Calc'; }
+  pre.src-sh:before    { content: 'sh'; }
+  pre.src-bash:before  { content: 'sh'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-fortran:before { content: 'Fortran'; }
-  pre.src-gnuplot:before { content: 'gnuplot'; }
-  pre.src-haskell:before { content: 'Haskell'; }
-  pre.src-hledger:before { content: 'hledger'; }
-  pre.src-java:before { content: 'Java'; }
-  pre.src-js:before { content: 'Javascript'; }
-  pre.src-latex:before { content: 'LaTeX'; }
-  pre.src-ledger:before { content: 'Ledger'; }
-  pre.src-lisp:before { content: 'Lisp'; }
-  pre.src-lilypond:before { content: 'Lilypond'; }
-  pre.src-lua:before { content: 'Lua'; }
-  pre.src-matlab:before { content: 'MATLAB'; }
-  pre.src-mscgen:before { content: 'Mscgen'; }
-  pre.src-ocaml:before { content: 'Objective Caml'; }
-  pre.src-octave:before { content: 'Octave'; }
-  pre.src-org:before { content: 'Org mode'; }
-  pre.src-oz:before { content: 'OZ'; }
-  pre.src-plantuml:before { content: 'Plantuml'; }
-  pre.src-processing:before { content: 'Processing.js'; }
-  pre.src-python:before { content: 'Python'; }
-  pre.src-R:before { content: 'R'; }
-  pre.src-ruby:before { content: 'Ruby'; }
-  pre.src-sass:before { content: 'Sass'; }
-  pre.src-scheme:before { content: 'Scheme'; }
-  pre.src-screen:before { content: 'Gnu Screen'; }
-  pre.src-sed:before { content: 'Sed'; }
-  pre.src-sh:before { content: 'shell'; }
-  pre.src-sql:before { content: 'SQL'; }
-  pre.src-sqlite:before { content: 'SQLite'; }
-  /* additional languages in org.el's org-babel-load-languages alist */
-  pre.src-forth:before { content: 'Forth'; }
-  pre.src-io:before { content: 'IO'; }
-  pre.src-J:before { content: 'J'; }
-  pre.src-makefile:before { content: 'Makefile'; }
-  pre.src-maxima:before { content: 'Maxima'; }
-  pre.src-perl:before { content: 'Perl'; }
-  pre.src-picolisp:before { content: 'Pico Lisp'; }
-  pre.src-scala:before { content: 'Scala'; }
-  pre.src-shell:before { content: 'Shell Script'; }
-  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
-  /* additional language identifiers per "defun org-babel-execute"
-       in ob-*.el */
-  pre.src-cpp:before  { content: 'C++'; }
-  pre.src-abc:before  { content: 'ABC'; }
-  pre.src-coq:before  { content: 'Coq'; }
-  pre.src-groovy:before  { content: 'Groovy'; }
-  /* additional language identifiers from org-babel-shell-names in
-     ob-shell.el: ob-shell is the only babel language using a lambda to put
-     the execution function name together. */
-  pre.src-bash:before  { content: 'bash'; }
-  pre.src-csh:before  { content: 'csh'; }
-  pre.src-ash:before  { content: 'ash'; }
-  pre.src-dash:before  { content: 'dash'; }
-  pre.src-ksh:before  { content: 'ksh'; }
-  pre.src-mksh:before  { content: 'mksh'; }
-  pre.src-posh:before  { content: 'posh'; }
-  /* Additional Emacs modes also supported by the LaTeX listings package */
-  pre.src-ada:before { content: 'Ada'; }
-  pre.src-asm:before { content: 'Assembler'; }
-  pre.src-caml:before { content: 'Caml'; }
-  pre.src-delphi:before { content: 'Delphi'; }
-  pre.src-html:before { content: 'HTML'; }
-  pre.src-idl:before { content: 'IDL'; }
-  pre.src-mercury:before { content: 'Mercury'; }
-  pre.src-metapost:before { content: 'MetaPost'; }
-  pre.src-modula-2:before { content: 'Modula-2'; }
-  pre.src-pascal:before { content: 'Pascal'; }
-  pre.src-ps:before { content: 'PostScript'; }
-  pre.src-prolog:before { content: 'Prolog'; }
-  pre.src-simula:before { content: 'Simula'; }
-  pre.src-tcl:before { content: 'tcl'; }
-  pre.src-tex:before { content: 'TeX'; }
-  pre.src-plain-tex:before { content: 'Plain TeX'; }
-  pre.src-verilog:before { content: 'Verilog'; }
-  pre.src-vhdl:before { content: 'VHDL'; }
-  pre.src-xml:before { content: 'XML'; }
-  pre.src-nxml:before { content: 'XML'; }
-  /* add a generic configuration mode; LaTeX export needs an additional
-     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
-  pre.src-conf:before { content: 'Configuration File'; }
+  pre.src-R:before     { content: 'R'; }
+  pre.src-perl:before  { content: 'Perl'; }
+  pre.src-java:before  { content: 'Java'; }
+  pre.src-sql:before   { content: 'SQL'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.org-right  { text-align: center;  }
-  th.org-left   { text-align: center;   }
-  th.org-center { text-align: center; }
-  td.org-right  { text-align: right;  }
-  td.org-left   { text-align: left;   }
-  td.org-center { text-align: center; }
+  th.right  { text-align: center;  }
+  th.left   { text-align: center;   }
+  th.center { text-align: center; }
+  td.right  { text-align: right;  }
+  td.left   { text-align: left;   }
+  td.center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara { display: inline; }
+  .footpara:nth-child(2) { display: inline; }
+  .footpara { display: block; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
-  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2017 Free Software Foundation, Inc.
+Copyright (C) 2012-2013 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
+<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-org0daf1b1" class="outline-2">
-<h2 id="org0daf1b1">Installation</h2>
-<div class="outline-text-2" id="text-org0daf1b1">
+<div id="outline-container-sec-1" class="outline-2">
+<h2 id="sec-1">Installation</h2>
+<div class="outline-text-2" id="text-1">
 <p>
 Log into your system with:
 </p>
 
 <div class="org-src-container">
+
 <pre class="src src-bash">ssh myusername@mydomain -p 2222
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-org79fb756" class="outline-2">
-<h2 id="org79fb756">Initial setup</h2>
-<div class="outline-text-2" id="text-org79fb756">
+<div id="outline-container-sec-2" class="outline-2">
+<h2 id="sec-2">Initial setup</h2>
+<div class="outline-text-2" id="text-2">
 <p>
-The first thing you'll need to do is register a new account. You can set your profile details and profile image by selecting the small settings icon to the right of your name.
+The first thing you'll need to do is to obtain your login details. From the <b>administrator control panel</b> select <b>security settings</b> then <b>passwords</b> then <b>pleroma</b>. This gives the password you will need to log in, together with the username you gave during installation of the Freedombone system.
 </p>
 
 <p>
 </div>
 </div>
 
-<div id="outline-container-org260dfa9" class="outline-2">
-<h2 id="org260dfa9">Mastodon user interface</h2>
-<div class="outline-text-2" id="text-org260dfa9">
+<div id="outline-container-sec-3" class="outline-2">
+<h2 id="sec-3">Mastodon user interface</h2>
+<div class="outline-text-2" id="text-3">
 <p>
 If you prefer a Tweetdeck-style user interface, similar to Mastodon, then once you have registered an account navigate to <b>/yourpleromadomainname/web</b> and log in.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org2c42cb3" class="outline-2">
-<h2 id="org2c42cb3">Mobile apps</h2>
-<div class="outline-text-2" id="text-org2c42cb3">
+<div id="outline-container-sec-4" class="outline-2">
+<h2 id="sec-4">Mobile apps</h2>
+<div class="outline-text-2" id="text-4">
 <p>
 It's also possible to use Mastodon apps together with Pleroma, such as Tusky, since it supports the Mastodon API. You may need to install <b>IcecatMobile</b> and set it as your default browser (under <b>Settings/Apps/Menu</b>) in order for the initial oauth registration process to work.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org07c16bd" class="outline-2">
-<h2 id="org07c16bd">Blocking controls</h2>
-<div class="outline-text-2" id="text-org07c16bd">
+<div id="outline-container-sec-5" class="outline-2">
+<h2 id="sec-5">Blocking controls</h2>
+<div class="outline-text-2" id="text-5">
 
 <div class="figure">
 <p><img src="images/controlpanel/control_panel_blocking.jpg" alt="control_panel_blocking.jpg" width="80%" align="center" />

website/EN/armbian.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 14:28 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Installing Freedombone on Armbian"
+<!-- 2018-04-21 Sat 14:58 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Installing Freedombone on Armbian"
  />
-<meta  name="keywords" content="freedombone, debian, armbian, sbc" />
+<meta name="keywords" content="freedombone, debian, armbian, sbc" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </div>
 
 
-<div class="export">
-<p>
-&lt;center&gt;&lt;h1&gt;Installing on Armbian&lt;/h1&gt;&lt;/center&gt;
-</p>
-
-</div>
+<center><h1>Installing on Armbian</h1></center>
 
 <blockquote>
 <p>
 </p>
 
 <div class="org-src-container">
-
-<pre class="src src-bash">sudo dd bs=1M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
+<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=[Armbian .img file] <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh root@[local IP address]
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@[local IP address]
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo su
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">apt-get -y install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">make install
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone menuconfig
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone menuconfig-onion
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@freedombone.local -p 2222
 </pre>
 </div>

website/EN/faq.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-14 Sat 15:14 -->
+<!-- 2018-05-02 Wed 10:48 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 </colgroup>
 <tbody>
 <tr>
-<td class="org-left"><a href="#org2ecea54">What applications are supported?</a></td>
+<td class="org-left"><a href="#org93b2b96">What applications are supported?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgaa0a705">I don't have a static IP address. Can I still install this system?</a></td>
+<td class="org-left"><a href="#org6b1a1dc">I don't have a static IP address. Can I still install this system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org340be8a">Why Freedombone and not FreedomBox?</a></td>
+<td class="org-left"><a href="#orgf904a2b">What are the best microSD cards to use?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgccf5702">Why not support building images for Raspberry Pi?</a></td>
+<td class="org-left"><a href="#orgd5b8a5e">On a single board computer can I boot from an external SSD or hard drive?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org2af436d">Why use Tor? I've heard it's used by bad people</a></td>
+<td class="org-left"><a href="#org5e06ace">Why Freedombone and not FreedomBox?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org3981923">How is Tor integrated with Freedombone?</a></td>
+<td class="org-left"><a href="#org84e7731">Why not support building images for Raspberry Pi?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgb732986">Can I add a clearnet domain to an onion build?</a></td>
+<td class="org-left"><a href="#orgfa08e9c">Why use Tor? I've heard it's used by bad people</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgb1382c0">Why use Github?</a></td>
+<td class="org-left"><a href="#org047311c">How is Tor integrated with Freedombone?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org8d5c33e">After using nmap or other scanning tool I can no longer log in</a></td>
+<td class="org-left"><a href="#org8a3b2df">Can I add a clearnet domain to an onion build?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgcaa8f8c">Should I upload my GPG keys to keybase.io?</a></td>
+<td class="org-left"><a href="#org7f5c083">Why use Github?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org787d325">Keys and emails should not be stored on servers. Why do you do that?</a></td>
+<td class="org-left"><a href="#org8fe35e9">What are the data protection implications of running this system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org45d4472">Why can't I access my .onion site with a Tor browser?</a></td>
+<td class="org-left"><a href="#org972c439">After using nmap or other scanning tool I can no longer log in</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org000c926">What is the best hardware to run this system on?</a></td>
+<td class="org-left"><a href="#org67aacdc">Should I upload my GPG keys to keybase.io?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org36ddec5">Can I add more users to the system?</a></td>
+<td class="org-left"><a href="#orgbc89a7d">Keys and emails should not be stored on servers. Why do you do that?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgdd36f96">Why not use Signal for mobile chat?</a></td>
+<td class="org-left"><a href="#org4d0819e">Why can't I access my .onion site with a Tor browser?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org79827b5">What is the most secure chat app to use on mobile?</a></td>
+<td class="org-left"><a href="#org7256ac2">What is the best hardware to run this system on?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org5e417ee">How do I remove a user from the system?</a></td>
+<td class="org-left"><a href="#org890ba4a">Can I add more users to the system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org24c86ab">Why is logging for web sites turned off by default?</a></td>
+<td class="org-left"><a href="#org61728f5">Why not use Signal for mobile chat?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgd972cda">How do I reset the tripwire?</a></td>
+<td class="org-left"><a href="#orgfd44c68">What is the most secure chat app to use on mobile?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org4d6c566">Is metadata protected?</a></td>
+<td class="org-left"><a href="#orgb4af501">How do I remove a user from the system?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orga67d74a">How do I create email processing rules?</a></td>
+<td class="org-left"><a href="#orgc664233">Why is logging for web sites turned off by default?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org69c34a0">Why isn't dynamic DNS working?</a></td>
+<td class="org-left"><a href="#orgcfb3562">How do I reset the tripwire?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgd5c5acc">How do I change my encryption settings?</a></td>
+<td class="org-left"><a href="#org693ad33">Is metadata protected?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgfc6fd46">How do I get a domain name?</a></td>
+<td class="org-left"><a href="#org3879dd9">How do I create email processing rules?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org90eafd9">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
+<td class="org-left"><a href="#org2e9552d">Why isn't dynamic DNS working?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgc91fc72">How do I renew a Let's Encrypt certificate?</a></td>
+<td class="org-left"><a href="#org88c1819">How do I change my encryption settings?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org73b061c">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
+<td class="org-left"><a href="#org7fa4cfd">How do I get a domain name?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org6a6cce4">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
+<td class="org-left"><a href="#org082c153">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgc36400d">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
+<td class="org-left"><a href="#org30ff050">How do I renew a Let's Encrypt certificate?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org73e8a5c">Tor is censored/blocked in my area. What can I do?</a></td>
+<td class="org-left"><a href="#org5e86349">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org1332523">I want to block a particular domain from getting its content into my social network sites</a></td>
+<td class="org-left"><a href="#org839eacd">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#org7e84bef">The mesh system doesn't boot from USB drive</a></td>
+<td class="org-left"><a href="#org7b528f9">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
 </tr>
 
 <tr>
-<td class="org-left"><a href="#orgdae680c">Mesh system doesn't connect to the network</a></td>
+<td class="org-left"><a href="#org840d72e">Tor is censored/blocked in my area. What can I do?</a></td>
+</tr>
+
+<tr>
+<td class="org-left"><a href="#org4f99713">I want to block a particular domain from getting its content into my social network sites</a></td>
+</tr>
+
+<tr>
+<td class="org-left"><a href="#org99e5150">The mesh system doesn't boot from USB drive</a></td>
+</tr>
+
+<tr>
+<td class="org-left"><a href="#org80b7531">Mesh system doesn't connect to the network</a></td>
 </tr>
 </tbody>
 </table>
 </div>
 
-<div id="outline-container-org2ecea54" class="outline-2">
-<h2 id="org2ecea54">What applications are supported?</h2>
-<div class="outline-text-2" id="text-org2ecea54">
+<div id="outline-container-org93b2b96" class="outline-2">
+<h2 id="org93b2b96">What applications are supported?</h2>
+<div class="outline-text-2" id="text-org93b2b96">
 <p>
 <a href="./apps.html">See here</a> for the complete list of apps. In addition to those as part of the base install you get an email server.
 </p>
 </div>
 </div>
-<div id="outline-container-orgaa0a705" class="outline-2">
-<h2 id="orgaa0a705">I don't have a static IP address. Can I still install this system?</h2>
-<div class="outline-text-2" id="text-orgaa0a705">
+<div id="outline-container-org6b1a1dc" class="outline-2">
+<h2 id="org6b1a1dc">I don't have a static IP address. Can I still install this system?</h2>
+<div class="outline-text-2" id="text-org6b1a1dc">
 <p>
 Yes. The minimum requirements are to have some hardware that you can install Debian onto and also that you have administrator access to your internet router so that you can forward ports to the system which has Freedombone installed.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org340be8a" class="outline-2">
-<h2 id="org340be8a">Why Freedombone and not FreedomBox?</h2>
-<div class="outline-text-2" id="text-org340be8a">
+<div id="outline-container-orgf904a2b" class="outline-2">
+<h2 id="orgf904a2b">What are the best microSD cards to use?</h2>
+<div class="outline-text-2" id="text-orgf904a2b">
+<p>
+There can be big differences in the performance of microSD cards, and the cheaper ones are almost invariably terrible and/or unusable. Sandisk and Samsung currently appear to be the better brands. You can find some performance benchmarks <a href="http://www.pidramble.com/wiki/benchmarks/microsd-cards">here</a>. However, benchmarks like this only give a very rough idea of performance and they can vary significantly between individual cards even within the same brand.
+</p>
+</div>
+</div>
+<div id="outline-container-orgd5b8a5e" class="outline-2">
+<h2 id="orgd5b8a5e">On a single board computer can I boot from an external SSD or hard drive?</h2>
+<div class="outline-text-2" id="text-orgd5b8a5e">
+<p>
+Some single board computers, such as Cubieboards or OLinuxino, have a SATA socket on them which enables an external drive to be connected. This is usually intended for extra file storage, but it is also possible to run the operating system from an external drive. This can have the advantage of significantly increasing the read/write performance and your apps will appear to run more quickly.
+</p>
+
+<p>
+Typically a microSD read speed is 10-30MB/s. An SSD or hard drive can be 100MB/s or more, so that's a big potential gain.
+</p>
+
+<p>
+Single board computers usually don't have the capability of booting directly from an external drive, but what you can do is boot from a partition on a microSD drive, which then runs the main filesystem (the rootfs) from the external drive.
+</p>
+
+<p>
+To create an image suitable for running from an SSD or hard drive use the &#x2013;sata option, such as:
+</p>
+
+<div class="org-src-container">
+<pre class="src src-bash">freedombone-image -t cubieboard2 --sata sda2
+</pre>
+</div>
+
+<p>
+Note that the sata option should be set to point to the second partition on the drive, which is normally sda2.
+</p>
+
+<p>
+When the image is created then use the dd command to copy it both to a microSD card and to the SSD or hard drive. Plug them both into the board and it should then boot and use the external drive.
+</p>
+</div>
+</div>
+<div id="outline-container-org5e06ace" class="outline-2">
+<h2 id="org5e06ace">Why Freedombone and not FreedomBox?</h2>
+<div class="outline-text-2" id="text-org5e06ace">
 <p>
 When the project began in late 2013 the FreedomBox project seemed to be going nowhere, and was only designed to work with the DreamPlug hardware. There was some new hardware out - the Beaglebone Black - which could run Debian and was also a free hardware design so seemed more appropriate. Hence the name "Freedombone", being like FreedomBox but on a Beaglebone. There are some similarities and differences between the two projects:
 </p>
 </div>
 
-<div id="outline-container-org918eba1" class="outline-3">
-<h3 id="org918eba1">Similarities</h3>
-<div class="outline-text-3" id="text-org918eba1">
+<div id="outline-container-orgb6fee98" class="outline-3">
+<h3 id="orgb6fee98">Similarities</h3>
+<div class="outline-text-3" id="text-orgb6fee98">
 <ul class="org-ul">
 <li>Uses freedom-maker and vmdebootstrap to build debian images</li>
 <li>Supports the use of Tor onion addresses to access websites</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-orgf04a715" class="outline-3">
-<h3 id="orgf04a715">Differences</h3>
-<div class="outline-text-3" id="text-orgf04a715">
+<div id="outline-container-org0568d2b" class="outline-3">
+<h3 id="org0568d2b">Differences</h3>
+<div class="outline-text-3" id="text-org0568d2b">
 <ul class="org-ul">
 <li>FreedomBox is a Debian pure blend. Freedombone is not</li>
 <li>Freedombone only supports Free Software. FreedomBox includes some closed binary boot blobs for certain ARM boards</li>
 </div>
 </div>
 </div>
-<div id="outline-container-orgccf5702" class="outline-2">
-<h2 id="orgccf5702">Why not support building images for Raspberry Pi?</h2>
-<div class="outline-text-2" id="text-orgccf5702">
+<div id="outline-container-org84e7731" class="outline-2">
+<h2 id="org84e7731">Why not support building images for Raspberry Pi?</h2>
+<div class="outline-text-2" id="text-org84e7731">
 <p>
 The FreedomBox project supports Raspberry Pi builds, and the image build system for Freedombone is based on the same system. However, although the Raspberry Pi can run a version of Debian it requires a closed proprietary blob in order to boot the hardware. Who knows what that blob might contain or what exploits it could facilitate. From an adversarial point of view if you were trying to deliver "bulk equipment interference" then it doesn't get any better than piggybacking on something which has control of the boot process, and hence all subsequently run processes.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org2af436d" class="outline-2">
-<h2 id="org2af436d">Why use Tor? I've heard it's used by bad people</h2>
-<div class="outline-text-2" id="text-org2af436d">
+<div id="outline-container-orgfa08e9c" class="outline-2">
+<h2 id="orgfa08e9c">Why use Tor? I've heard it's used by bad people</h2>
+<div class="outline-text-2" id="text-orgfa08e9c">
 <p>
 Years ago Tor was usually depicted in the mainstream media as something scary inhabited by cyberterrorists and other bad cybers, but today to a large extent Tor is accepted as just another way of routing data in a network. Depending upon where you live there may still be some amount of fearmongering about Tor, but it now seems clear that the trajectory is towards general acceptance.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org3981923" class="outline-2">
-<h2 id="org3981923">How is Tor integrated with Freedombone?</h2>
-<div class="outline-text-2" id="text-org3981923">
+<div id="outline-container-org047311c" class="outline-2">
+<h2 id="org047311c">How is Tor integrated with Freedombone?</h2>
+<div class="outline-text-2" id="text-org047311c">
 <p>
 Within this project Tor is used more to provide <i>accessibility</i> than the <i>anonymity</i> factor for which Tor is better known. The onion address system provides a way of being able to access sites even if you don't own a conventional domain name or don't have administrator access to your local internet router to be able to do port forwarding.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgb732986" class="outline-2">
-<h2 id="orgb732986">Can I add a clearnet domain to an onion build?</h2>
-<div class="outline-text-2" id="text-orgb732986">
+<div id="outline-container-org8a3b2df" class="outline-2">
+<h2 id="org8a3b2df">Can I add a clearnet domain to an onion build?</h2>
+<div class="outline-text-2" id="text-org8a3b2df">
 <p>
 You could if you manually edited the relevant nginx configuration files and installed some dynamic DNS system yourself. If you already have sysadmin knowledge then that's probably not too hard. But the builds created with the <b>onion-addresses-only</b> option aren't really intended to support access via clearnet domains.
 </p>
 </div>
 </div>
-<div id="outline-container-orgb1382c0" class="outline-2">
-<h2 id="orgb1382c0">Why use Github?</h2>
-<div class="outline-text-2" id="text-orgb1382c0">
+<div id="outline-container-org7f5c083" class="outline-2">
+<h2 id="org7f5c083">Why use Github?</h2>
+<div class="outline-text-2" id="text-org7f5c083">
 <p>
 Github is paradoxically a centralized, closed and proprietary system which happens to mostly host free and open source projects. Up until now it has been relatively benign, but at some point in the name of "growth" it will likely start becoming more evil, or just become like SourceForge - which was also once much loved by FOSS developers, but turned into a den of malvertizing.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org8d5c33e" class="outline-2">
-<h2 id="org8d5c33e">After using nmap or other scanning tool I can no longer log in</h2>
-<div class="outline-text-2" id="text-org8d5c33e">
+<div id="outline-container-org8fe35e9" class="outline-2">
+<h2 id="org8fe35e9">What are the data protection implications of running this system?</h2>
+<div class="outline-text-2" id="text-org8fe35e9">
+<p>
+Data protection laws such as <a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a> in the EU or the <a href="https://en.wikipedia.org/wiki/Data_Protection_Act_1998">Data Protection Act</a> in the UK usually only apply to formal organizations which are recognized as being legal entities. So you have to be running a business or a charity or some other formal organization in order for the storage of what's known as <i>personally identifying information</i> to potentially become a legal issue. Laws like this usually include:
+</p>
+
+<ul class="org-ul">
+<li>A right to obtain your information</li>
+<li>A right to be forgotten (i.e. to have your data permanently deleted)</li>
+<li>Ensuring that stored personal data remains accurate</li>
+</ul>
+
+<p>
+If you're self-hosting then in the language of data protection law the "<i>data controller</i>" and the "<i>data subject</i>" are one and the same, so there isn't any power differential of that sort. Freedombone is only intended for small numbers of users, so if you are hosting more than one person chances are that you know the others quite well and can arrange to update their data or delete their account if that's needed. Even if data protection laws are later extended to include home server type scenarios it's unlikely that this will become a problem.
+</p>
+
+<p>
+For the mesh version similar applies. Each peer stores their own personal data and it never gets aggregated and stored in any centralized way.
+</p>
+</div>
+</div>
+<div id="outline-container-org972c439" class="outline-2">
+<h2 id="org972c439">After using nmap or other scanning tool I can no longer log in</h2>
+<div class="outline-text-2" id="text-org972c439">
 <p>
 This system tries to block port scanners. Any other system trying to scan for open ports will have their IP address added to a temporary block list for 24 hours.
 </p>
 </div>
 </div>
-<div id="outline-container-orgcaa8f8c" class="outline-2">
-<h2 id="orgcaa8f8c">Should I upload my GPG keys to keybase.io?</h2>
-<div class="outline-text-2" id="text-orgcaa8f8c">
+<div id="outline-container-org67aacdc" class="outline-2">
+<h2 id="org67aacdc">Should I upload my GPG keys to keybase.io?</h2>
+<div class="outline-text-2" id="text-org67aacdc">
 <p>
 It's not recommended unless there exists some compelling reason for you to be on there. That site asks users to upload the <b>private keys</b>, and even if the keys are client side encrypted with a passphrase there's always the chance that there will be a data leak in future and letter agencies will then have a full time opportunity to crack the passphrases.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org787d325" class="outline-2">
-<h2 id="org787d325">Keys and emails should not be stored on servers. Why do you do that?</h2>
-<div class="outline-text-2" id="text-org787d325">
+<div id="outline-container-orgbc89a7d" class="outline-2">
+<h2 id="orgbc89a7d">Keys and emails should not be stored on servers. Why do you do that?</h2>
+<div class="outline-text-2" id="text-orgbc89a7d">
 <p>
 Ordinarily this is good advice. However, the threat model for a device in your home is different from the one for a generic server in a massive warehouse. Compare and contrast:
 </p>
 </div>
 </div>
 
-<div id="outline-container-org45d4472" class="outline-2">
-<h2 id="org45d4472">Why can't I access my .onion site with a Tor browser?</h2>
-<div class="outline-text-2" id="text-org45d4472">
+<div id="outline-container-org4d0819e" class="outline-2">
+<h2 id="org4d0819e">Why can't I access my .onion site with a Tor browser?</h2>
+<div class="outline-text-2" id="text-org4d0819e">
 <p>
 Probably you need to add the site to the NoScript whitelist. Typically click/press on the noscript icon (or select from the menu on mobile) then select <i>whitelist</i> and add the site URL. You may also need to disable HTTPS Everywhere when using onion addresses, which don't use https.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org000c926" class="outline-2">
-<h2 id="org000c926">What is the best hardware to run this system on?</h2>
-<div class="outline-text-2" id="text-org000c926">
+<div id="outline-container-org7256ac2" class="outline-2">
+<h2 id="org7256ac2">What is the best hardware to run this system on?</h2>
+<div class="outline-text-2" id="text-org7256ac2">
 <p>
 It was originally designed to run on the Beaglebone Black, but that should be regarded as the most minimal system, because it's single core and has by today's standards a small amount of memory. Obviously the more powerful the hardware is the faster things like web pages (blog, social networking, etc) will be served but the more electricity such a system will require if you're running it 24/7. A good compromise between performance and energy consumption is something like an old netbook. The battery of an old netbook or laptop even gives you <a href="https://en.wikipedia.org/wiki/Uninterruptible_power_supply">UPS capability</a> to keep the system going during brief power outages or cable re-arrangements, and that means using full disk encryption on the server also becomes more practical.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org36ddec5" class="outline-2">
-<h2 id="org36ddec5">Can I add more users to the system?</h2>
-<div class="outline-text-2" id="text-org36ddec5">
+<div id="outline-container-org890ba4a" class="outline-2">
+<h2 id="org890ba4a">Can I add more users to the system?</h2>
+<div class="outline-text-2" id="text-org890ba4a">
 <p>
 Yes. Freedombone can support a small number of users, for a "<i>friends and family</i>" type of home installation. This gives them access to an email account, XMPP, SIP phone and the blog (depending on whether the variant which you installed includes those).
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgdd36f96" class="outline-2">
-<h2 id="orgdd36f96">Why not use Signal for mobile chat?</h2>
-<div class="outline-text-2" id="text-orgdd36f96">
+<div id="outline-container-org61728f5" class="outline-2">
+<h2 id="org61728f5">Why not use Signal for mobile chat?</h2>
+<div class="outline-text-2" id="text-org61728f5">
 <p>
 Celebrities recommend Signal. It's Free Software so it must be good, right?
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org79827b5" class="outline-2">
-<h2 id="org79827b5">What is the most secure chat app to use on mobile?</h2>
-<div class="outline-text-2" id="text-org79827b5">
+<div id="outline-container-orgfd44c68" class="outline-2">
+<h2 id="orgfd44c68">What is the most secure chat app to use on mobile?</h2>
+<div class="outline-text-2" id="text-orgfd44c68">
 <p>
 On mobile there are various options. The apps which are likely to be most secure are ones which have end-to-end encryption enabled by default and which can also be onion routed via Orbot. End-to-end encryption secures the content of the message and onion routing obscures the metadata, making it hard for a passive adversary to know who is communicating with who.
 </p>
 </p>
 
 <p>
-There are many <a href="#orgdd36f96">other fashionable chat apps</a> with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.
+There are many <a href="#org61728f5">other fashionable chat apps</a> with end-to-end security, but often they are closed source, have a single central server or can't be onion routed. It's also important to remember that closed source chat apps should be assumed to be untrustworthy, since their security cannot be independently verified.
 </p>
 </div>
 </div>
-<div id="outline-container-org5e417ee" class="outline-2">
-<h2 id="org5e417ee">How do I remove a user from the system?</h2>
-<div class="outline-text-2" id="text-org5e417ee">
+<div id="outline-container-orgb4af501" class="outline-2">
+<h2 id="orgb4af501">How do I remove a user from the system?</h2>
+<div class="outline-text-2" id="text-orgb4af501">
 <p>
 To remove a user:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org24c86ab" class="outline-2">
-<h2 id="org24c86ab">Why is logging for web sites turned off by default?</h2>
-<div class="outline-text-2" id="text-org24c86ab">
+<div id="outline-container-orgc664233" class="outline-2">
+<h2 id="orgc664233">Why is logging for web sites turned off by default?</h2>
+<div class="outline-text-2" id="text-orgc664233">
 <p>
 If you're making profits out of the logs by running large server warehouses and then data mining what users click on - as is the business model of well known internet companies - then logging everything makes total sense. However, if you're running a home server then logging really only makes sense if you're trying to diagnose some specific problem with the system, and outside of that context logging everything becomes more of a liability than an asset.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgd972cda" class="outline-2">
-<h2 id="orgd972cda">How do I reset the tripwire?</h2>
-<div class="outline-text-2" id="text-orgd972cda">
+<div id="outline-container-orgcfb3562" class="outline-2">
+<h2 id="orgcfb3562">How do I reset the tripwire?</h2>
+<div class="outline-text-2" id="text-orgcfb3562">
 <p>
 The tripwire will be automatically reset once per week. If you want to reset it earlier then do the following:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org4d6c566" class="outline-2">
-<h2 id="org4d6c566">Is metadata protected?</h2>
-<div class="outline-text-2" id="text-org4d6c566">
+<div id="outline-container-org693ad33" class="outline-2">
+<h2 id="org693ad33">Is metadata protected?</h2>
+<div class="outline-text-2" id="text-org693ad33">
 <blockquote>
 <p>
 "<i>We kill people based on metadata</i>"
 </p>
 </div>
 </div>
-<div id="outline-container-orga67d74a" class="outline-2">
-<h2 id="orga67d74a">How do I create email processing rules?</h2>
-<div class="outline-text-2" id="text-orga67d74a">
+<div id="outline-container-org3879dd9" class="outline-2">
+<h2 id="org3879dd9">How do I create email processing rules?</h2>
+<div class="outline-text-2" id="text-org3879dd9">
 <div class="org-src-container">
 <pre class="src src-bash">ssh username@domainname -p 2222
 </pre>
 </p>
 </div>
 </div>
-<div id="outline-container-org69c34a0" class="outline-2">
-<h2 id="org69c34a0">Why isn't dynamic DNS working?</h2>
-<div class="outline-text-2" id="text-org69c34a0">
+<div id="outline-container-org2e9552d" class="outline-2">
+<h2 id="org2e9552d">Why isn't dynamic DNS working?</h2>
+<div class="outline-text-2" id="text-org2e9552d">
 <p>
 If you run the command:
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgd5c5acc" class="outline-2">
-<h2 id="orgd5c5acc">How do I change my encryption settings?</h2>
-<div class="outline-text-2" id="text-orgd5c5acc">
+<div id="outline-container-org88c1819" class="outline-2">
+<h2 id="org88c1819">How do I change my encryption settings?</h2>
+<div class="outline-text-2" id="text-org88c1819">
 <p>
 Suppose that some new encryption vulnerability has been announced and that you need to change your encryption settings. Maybe an algorithm thought to be secure is now no longer so and you need to remove it. You can change your settings by doing the following:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgfc6fd46" class="outline-2">
-<h2 id="orgfc6fd46">How do I get a domain name?</h2>
-<div class="outline-text-2" id="text-orgfc6fd46">
+<div id="outline-container-org7fa4cfd" class="outline-2">
+<h2 id="org7fa4cfd">How do I get a domain name?</h2>
+<div class="outline-text-2" id="text-org7fa4cfd">
 <p>
 Suppose that you have bought a domain name (rather than using a free subdomain on freedns) and you want to use that instead.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org90eafd9" class="outline-2">
-<h2 id="org90eafd9">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
-<div class="outline-text-2" id="text-org90eafd9">
+<div id="outline-container-org082c153" class="outline-2">
+<h2 id="org082c153">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
+<div class="outline-text-2" id="text-org082c153">
 <p>
 If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-orgc91fc72" class="outline-2">
-<h2 id="orgc91fc72">How do I renew a Let's Encrypt certificate?</h2>
-<div class="outline-text-2" id="text-orgc91fc72">
+<div id="outline-container-org30ff050" class="outline-2">
+<h2 id="org30ff050">How do I renew a Let's Encrypt certificate?</h2>
+<div class="outline-text-2" id="text-org30ff050">
 <p>
 Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org73b061c" class="outline-2">
-<h2 id="org73b061c">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
-<div class="outline-text-2" id="text-org73b061c">
+<div id="outline-container-org5e86349" class="outline-2">
+<h2 id="org5e86349">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
+<div class="outline-text-2" id="text-org5e86349">
 <p>
 Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org6a6cce4" class="outline-2">
-<h2 id="org6a6cce4">Why not use the services of $company instead? They took the Seppuku pledge</h2>
-<div class="outline-text-2" id="text-org6a6cce4">
+<div id="outline-container-org839eacd" class="outline-2">
+<h2 id="org839eacd">Why not use the services of $company instead? They took the Seppuku pledge</h2>
+<div class="outline-text-2" id="text-org839eacd">
 <p>
 <a href="https://cryptostorm.org/viewtopic.php?f=63&amp;t=2954&amp;sid=7de2d1e699cfde2f574e6a7f6ea5a173">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<a href="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
 </p>
 </div>
 </div>
-<div id="outline-container-orgc36400d" class="outline-2">
-<h2 id="orgc36400d">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
-<div class="outline-text-2" id="text-orgc36400d">
+<div id="outline-container-org7b528f9" class="outline-2">
+<h2 id="org7b528f9">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
+<div class="outline-text-2" id="text-org7b528f9">
 <p>
 Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org73e8a5c" class="outline-2">
-<h2 id="org73e8a5c">Tor is censored/blocked in my area. What can I do?</h2>
-<div class="outline-text-2" id="text-org73e8a5c">
+<div id="outline-container-org840d72e" class="outline-2">
+<h2 id="org840d72e">Tor is censored/blocked in my area. What can I do?</h2>
+<div class="outline-text-2" id="text-org840d72e">
 <p>
 If you can find some details for an obfs4 Tor bridge (its IP address, port number and key or nickname) then you can set up the system to use it to connect to the Tor network. Unlike relay nodes the IP addresses for bridges are not public information and so can't be easily known and added to block lists by authoritarian regimes or over-zealous ISPs.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org1332523" class="outline-2">
-<h2 id="org1332523">I want to block a particular domain from getting its content into my social network sites</h2>
-<div class="outline-text-2" id="text-org1332523">
+<div id="outline-container-org4f99713" class="outline-2">
+<h2 id="org4f99713">I want to block a particular domain from getting its content into my social network sites</h2>
+<div class="outline-text-2" id="text-org4f99713">
 <p>
 If you're being pestered by some domain which contains bad/illegal/harrassing content or irritating users you can block domains at the firewall level. Go to the administrator control panel and select <i>domain blocking</i>. You can then block, unblock and view the list of blocked domains.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org7e84bef" class="outline-2">
-<h2 id="org7e84bef">The mesh system doesn't boot from USB drive</h2>
-<div class="outline-text-2" id="text-org7e84bef">
+<div id="outline-container-org99e5150" class="outline-2">
+<h2 id="org99e5150">The mesh system doesn't boot from USB drive</h2>
+<div class="outline-text-2" id="text-org99e5150">
 <p>
 If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgdae680c" class="outline-2">
-<h2 id="orgdae680c">Mesh system doesn't connect to the network</h2>
-<div class="outline-text-2" id="text-orgdae680c">
+<div id="outline-container-org80b7531" class="outline-2">
+<h2 id="org80b7531">Mesh system doesn't connect to the network</h2>
+<div class="outline-text-2" id="text-org80b7531">
 <p>
 Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the <b>network restart</b> icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects.
 </p>

website/EN/homeserver.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 18:24 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone home server setup"
+<!-- 2018-04-24 Tue 18:17 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone home server setup"
  />
-<meta  name="keywords" content="freedombone, home server" />
+<meta name="keywords" content="freedombone, home server" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </div>
 
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Home Server</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-org3d2bd4a" class="outline-2">
+<h2 id="org3d2bd4a">Home Server</h2>
+<div class="outline-text-2" id="text-org3d2bd4a">
 <p>
 The quickest way to get started is as follows. You will need to be running a Debian based system (version 8 or later), have an old but still working laptop or netbook which you can use as a server, and 8GB or larger USB thumb drive and an ethernet cable to connect the laptop to your internet router.
 </p>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo apt-get install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup debian
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo pacman -S git dialog
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 freedombone-image --setup parabola
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-client
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ls /dev/sd*
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
-<pre class="src src-bash">dd if=/dev/zero of=/dev/sdX bs=1M count=8
-dd bs=1M if=myimagefile.img of=/dev/sdX conv=fdatasync
+<pre class="src src-bash">dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">username: fbone
 password: freedombone
 </pre>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-client --verify
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-client
 ssh myusername@freedombone.local -p 2222
 </pre>
 
 
 <div class="figure">
-<p><img src="images/controlpanel/control_panel_about.jpg" alt="control_panel_about.jpg" width="80%" align="center" />
+<p><img src="images/controlpanel/control_panel_about.jpg" alt="control_panel_about.jpg" width="100%" align="center" />
 </p>
 </div>
 
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">man freedombone-image
 </pre>
 </div>

website/EN/installation.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 13:09 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone installation"
+<!-- 2018-04-21 Sat 14:58 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone installation"
  />
-<meta  name="keywords" content="freedombone, installation" />
+<meta name="keywords" content="freedombone, installation" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Installation</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-orgaaffe7e" class="outline-2">
+<h2 id="orgaaffe7e">Installation</h2>
+<div class="outline-text-2" id="text-orgaaffe7e">
 <table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
 
 
 <colgroup>
-<col  class="left" />
+<col  class="org-left" />
 </colgroup>
 <tbody>
 <tr>
-<td class="left"><a href="#sec-2">Building an image for a Single Board Computer or Virtual Machine</a></td>
+<td class="org-left"><a href="#org85992f0">Building an image for a Single Board Computer or Virtual Machine</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-3">Checklist</a></td>
+<td class="org-left"><a href="#orga435974">Checklist</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="./mesh.html">Mesh network</a></td>
+<td class="org-left"><a href="./mesh.html">Mesh network</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-1">Installation</a></td>
+<td class="org-left"><a href="#orgaaffe7e">Installation</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-5">Social Key Management - the 'Unforgettable Key'</a></td>
+<td class="org-left"><a href="#orgdbb804d">Social Key Management - the 'Unforgettable Key'</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-6">Final Setup</a></td>
+<td class="org-left"><a href="#orgc7f7e79">Final Setup</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-7">Keydrives</a></td>
+<td class="org-left"><a href="#org5c56524">Keydrives</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-8">On Client Machines</a></td>
+<td class="org-left"><a href="#org27e42b6">On Client Machines</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-9">Administering the system</a></td>
+<td class="org-left"><a href="#org24fb926">Administering the system</a></td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
 
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">Building an image for a Single Board Computer or Virtual Machine</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-org85992f0" class="outline-2">
+<h2 id="org85992f0">Building an image for a Single Board Computer or Virtual Machine</h2>
+<div class="outline-text-2" id="text-org85992f0">
 <p>
 You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the <b>freedombone-image</b> command.
 </p>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo apt-get install git build-essential dialog
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 </pre>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image --setup debian
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image --setup parabola
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t beaglebone -s 8G
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t beaglebone -s 8G --minimal no
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t qemu-x86_64 -s 8G
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">freedombone-image -t beaglebone -s 8G -m http://ftp.de.debian.org/debian
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">Checklist</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-orga435974" class="outline-2">
+<h2 id="orga435974">Checklist</h2>
+<div class="outline-text-2" id="text-orga435974">
 <p>
 Before installing Freedombone you will need a few things.
 </p>
 
 <ul class="org-ul">
-<li>Have some domains, or subdomains, registered with a dynamic DNS service. For the full install you may need two "official" purchased domains or be using a subdomain provider which is supported by Let's Encrypt.
-</li>
-<li>System with a new installation of Debian Stretch or a downloaded/prepared disk image
-</li>
-<li>Ethernet connection between the system and your internet router
-</li>
-<li>That it is possible to forward ports from the internet router to the system, typically via firewall settings
-</li>
-<li>Have ssh access to the system, typically via fbone@freedombone.local on port 2222
-</li>
+<li>Have some domains, or subdomains, registered with a dynamic DNS service. For the full install you may need two "official" purchased domains or be using a subdomain provider which is supported by Let's Encrypt.</li>
+<li>System with a new installation of Debian Stretch or a downloaded/prepared disk image</li>
+<li>Ethernet connection between the system and your internet router</li>
+<li>That it is possible to forward ports from the internet router to the system, typically via firewall settings</li>
+<li>Have ssh access to the system, typically via fbone@freedombone.local on port 2222</li>
 </ul>
 </div>
 </div>
-<div id="outline-container-sec-4" class="outline-2">
-<h2 id="sec-4">Installation</h2>
-<div class="outline-text-2" id="text-4">
+<div id="outline-container-org81afcd3" class="outline-2">
+<h2 id="org81afcd3">Installation</h2>
+<div class="outline-text-2" id="text-org81afcd3">
 <p>
 There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
 </p>
 </div>
 
-<div id="outline-container-sec-4-1" class="outline-3">
-<h3 id="sec-4-1">On a Laptop, Netbook or Desktop machine</h3>
-<div class="outline-text-3" id="text-4-1">
+<div id="outline-container-org8cf2237" class="outline-3">
+<h3 id="org8cf2237">On a Laptop, Netbook or Desktop machine</h3>
+<div class="outline-text-3" id="text-org8cf2237">
 <p>
 If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Stretch onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">su
 apt-get update
 apt-get -y install git dialog build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 make install
 freedombone menuconfig
 </div>
 </div>
 
-<div id="outline-container-sec-4-2" class="outline-3">
-<h3 id="sec-4-2">On a single board computer (SBC)</h3>
-<div class="outline-text-3" id="text-4-2">
+<div id="outline-container-orge5e5408" class="outline-3">
+<h3 id="orge5e5408">On a single board computer (SBC)</h3>
+<div class="outline-text-3" id="text-orge5e5408">
 <p>
 Currently the following boards are supported:
 </p>
 
 <ul class="org-ul">
-<li><a href="https://beagleboard.org/BLACK">Beaglebone Black</a>
-</li>
-<li><a href="https://linux-sunxi.org/Cubietech_Cubieboard2">Cubieboard 2</a>
-</li>
-<li><a href="https://linux-sunxi.org/Cubietruck">Cubietruck (Cubieboard 3)</a>
-</li>
-<li><a href="https://www.sparkfun.com/products/retired/12856">PCDuino3</a>
-</li>
-<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME/open-source-hardware">olinuxino Lime</a>
-</li>
-<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware">olinuxino Lime2</a>
-</li>
-<li><a href="https://www.olimex.com/Products/OlinuXino/A20/A20-OlinuXino-MICRO/open-source-hardware">olinuxino Micro</a>
-</li>
+<li><a href="https://beagleboard.org/BLACK">Beaglebone Black</a></li>
+<li><a href="https://linux-sunxi.org/Cubietech_Cubieboard2">Cubieboard 2</a></li>
+<li><a href="https://linux-sunxi.org/Cubietruck">Cubietruck (Cubieboard 3)</a></li>
+<li><a href="https://www.sparkfun.com/products/retired/12856">PCDuino3</a></li>
+<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME/open-source-hardware">olinuxino Lime</a></li>
+<li><a href="https://www.olimex.com/Products/OLinuXino/A20/A20-OLinuXIno-LIME2/open-source-hardware">olinuxino Lime2</a></li>
+<li><a href="https://www.olimex.com/Products/OlinuXino/A20/A20-OlinuXino-MICRO/open-source-hardware">olinuxino Micro</a></li>
 </ul>
 
 <p>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">gpg --verify filename.img.asc
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sha256sum filename.img
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">unxz filename.img.xz
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
-<pre class="src src-bash">sudo dd bs=1M if=filename.img of=/dev/sdX conv=fdatasync
+<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=filename.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ls /dev/sd*
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-sec-4-3" class="outline-3">
-<h3 id="sec-4-3">As a Virtual Machine</h3>
-<div class="outline-text-3" id="text-4-3">
+<div id="outline-container-org9ae9946" class="outline-3">
+<h3 id="org9ae9946">As a Virtual Machine</h3>
+<div class="outline-text-3" id="text-org9ae9946">
 <p>
 Qemu is currently supported, since it's s fully free software system. You can run a 64 bit Qemu image with:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">qemu-system-x86_64 -m 1G filename.img
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-sec-5" class="outline-2">
-<h2 id="sec-5">Social Key Management - the 'Unforgettable Key'</h2>
-<div class="outline-text-2" id="text-5">
+<div id="outline-container-orgdbb804d" class="outline-2">
+<h2 id="orgdbb804d">Social Key Management - the 'Unforgettable Key'</h2>
+<div class="outline-text-2" id="text-orgdbb804d">
 <p>
 During the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities
 </p>
 </div>
 
-<div id="outline-container-sec-5-1" class="outline-3">
-<h3 id="sec-5-1">You have the gnupg keyring on an encrypted USB drive</h3>
-<div class="outline-text-3" id="text-5-1">
+<div id="outline-container-orgea070ec" class="outline-3">
+<h3 id="orgea070ec">You have the gnupg keyring on an encrypted USB drive</h3>
+<div class="outline-text-3" id="text-orgea070ec">
 <p>
 If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-5-2" class="outline-3">
-<h3 id="sec-5-2">You have a number of key fragments on USB drives retrieved from friends</h3>
-<div class="outline-text-3" id="text-5-2">
+<div id="outline-container-org08d572c" class="outline-3">
+<h3 id="org08d572c">You have a number of key fragments on USB drives retrieved from friends</h3>
+<div class="outline-text-3" id="text-org08d572c">
 <p>
-If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#sec-7">Keydrives</a>.
+If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#org5c56524">Keydrives</a>.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-5-3" class="outline-3">
-<h3 id="sec-5-3">You can specify some ssh login details for friends servers containing key fragments</h3>
-<div class="outline-text-3" id="text-5-3">
+<div id="outline-container-orgf13618c" class="outline-3">
+<h3 id="orgf13618c">You can specify some ssh login details for friends servers containing key fragments</h3>
+<div class="outline-text-3" id="text-orgf13618c">
 <p>
 Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.
 </p>
 </div>
 </div>
 </div>
-<div id="outline-container-sec-6" class="outline-2">
-<h2 id="sec-6">Final Setup</h2>
-<div class="outline-text-2" id="text-6">
+<div id="outline-container-orgc7f7e79" class="outline-2">
+<h2 id="orgc7f7e79">Final Setup</h2>
+<div class="outline-text-2" id="text-orgc7f7e79">
 <p>
 Any manual post-installation setup instructions or passwords can be found in /home/username/README.
 </p>
 
 
 <colgroup>
-<col  class="left" />
+<col  class="org-left" />
 
-<col  class="right" />
+<col  class="org-right" />
 </colgroup>
 <thead>
 <tr>
-<th scope="col" class="left">Service</th>
-<th scope="col" class="right">Ports</th>
+<th scope="col" class="org-left">Service</th>
+<th scope="col" class="org-right">Ports</th>
 </tr>
 </thead>
 <tbody>
 <tr>
-<td class="left">HTTP</td>
-<td class="right">80</td>
+<td class="org-left">HTTP</td>
+<td class="org-right">80</td>
 </tr>
 
 <tr>
-<td class="left">HTTPS</td>
-<td class="right">443</td>
+<td class="org-left">HTTPS</td>
+<td class="org-right">443</td>
 </tr>
 
 <tr>
-<td class="left">SSH</td>
-<td class="right">2222</td>
+<td class="org-left">SSH</td>
+<td class="org-right">2222</td>
 </tr>
 
 <tr>
-<td class="left">DLNA</td>
-<td class="right">1900</td>
+<td class="org-left">DLNA</td>
+<td class="org-right">1900</td>
 </tr>
 
 <tr>
-<td class="left">DLNA</td>
-<td class="right">8200</td>
+<td class="org-left">DLNA</td>
+<td class="org-right">8200</td>
 </tr>
 
 <tr>
-<td class="left">XMPP</td>
-<td class="right">5222..5223</td>
+<td class="org-left">XMPP</td>
+<td class="org-right">5222..5223</td>
 </tr>
 
 <tr>
-<td class="left">XMPP</td>
-<td class="right">5269</td>
+<td class="org-left">XMPP</td>
+<td class="org-right">5269</td>
 </tr>
 
 <tr>
-<td class="left">XMPP</td>
-<td class="right">5280..5281</td>
+<td class="org-left">XMPP</td>
+<td class="org-right">5280..5281</td>
 </tr>
 
 <tr>
-<td class="left">IRC</td>
-<td class="right">6697</td>
+<td class="org-left">IRC</td>
+<td class="org-right">6697</td>
 </tr>
 
 <tr>
-<td class="left">Git</td>
-<td class="right">9418</td>
+<td class="org-left">Git</td>
+<td class="org-right">9418</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">25</td>
+<td class="org-left">Email</td>
+<td class="org-right">25</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">587</td>
+<td class="org-left">Email</td>
+<td class="org-right">587</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">465</td>
+<td class="org-left">Email</td>
+<td class="org-right">465</td>
 </tr>
 
 <tr>
-<td class="left">Email</td>
-<td class="right">993</td>
+<td class="org-left">Email</td>
+<td class="org-right">993</td>
 </tr>
 
 <tr>
-<td class="left">VoIP</td>
-<td class="right">64738</td>
+<td class="org-left">VoIP</td>
+<td class="org-right">64738</td>
 </tr>
 
 <tr>
-<td class="left">VoIP</td>
-<td class="right">5060</td>
+<td class="org-left">VoIP</td>
+<td class="org-right">5060</td>
 </tr>
 
 <tr>
-<td class="left">Tox</td>
-<td class="right">33445</td>
+<td class="org-left">Tox</td>
+<td class="org-right">33445</td>
 </tr>
 
 <tr>
-<td class="left">Syncthing</td>
-<td class="right">22000</td>
+<td class="org-left">Syncthing</td>
+<td class="org-right">22000</td>
 </tr>
 </tbody>
 </table>
 </div>
 </div>
 
-<div id="outline-container-sec-7" class="outline-2">
-<h2 id="sec-7">Keydrives</h2>
-<div class="outline-text-2" id="text-7">
+<div id="outline-container-org5c56524" class="outline-2">
+<h2 id="org5c56524">Keydrives</h2>
+<div class="outline-text-2" id="text-org5c56524">
 <p>
 After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:
 </p>
 </div>
-<div id="outline-container-sec-7-1" class="outline-3">
-<h3 id="sec-7-1">Master Keydrive</h3>
-<div class="outline-text-3" id="text-7-1">
+<div id="outline-container-orga8df9a9" class="outline-3">
+<h3 id="orga8df9a9">Master Keydrive</h3>
+<div class="outline-text-3" id="text-orga8df9a9">
 <p>
 This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">done from the <i>Disk Utility</i> application</a>. Then plug it into the Freedombone system, then from your local machine run:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@mydomainname -p 2222
 </pre>
 </div>
 </p>
 </div>
 </div>
-<div id="outline-container-sec-7-2" class="outline-3">
-<h3 id="sec-7-2">Fragment keydrives</h3>
-<div class="outline-text-3" id="text-7-2">
+<div id="outline-container-orgfbd6e5b" class="outline-3">
+<h3 id="orgfbd6e5b">Fragment keydrives</h3>
+<div class="outline-text-3" id="text-orgfbd6e5b">
 <p>
 This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be done from the <i>Disk Utility</i> application</a>. Plug it into the Freedombone system then from your local machine run the following commands:
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@mydomainname -p 2222
 </pre>
 </div>
 </div>
 </div>
 </div>
-<div id="outline-container-sec-8" class="outline-2">
-<h2 id="sec-8">On Client Machines</h2>
-<div class="outline-text-2" id="text-8">
+<div id="outline-container-org27e42b6" class="outline-2">
+<h2 id="org27e42b6">On Client Machines</h2>
+<div class="outline-text-2" id="text-org27e42b6">
 <p>
 You can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo apt-get update
 sudo apt-get install git dialog haveged build-essential
 git clone https://github.com/bashrc/freedombone
-cd freedombone
+<span class="org-builtin">cd</span> freedombone
 git checkout stretch
 sudo make install
 freedombone-client
 </div>
 </div>
 
-<div id="outline-container-sec-9" class="outline-2">
-<h2 id="sec-9">Administering the system</h2>
-<div class="outline-text-2" id="text-9">
+<div id="outline-container-org24fb926" class="outline-2">
+<h2 id="org24fb926">Administering the system</h2>
+<div class="outline-text-2" id="text-org24fb926">
 <p>
 To administer the system after installation log in via ssh, become the root user and then launch the control panel.
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh myusername@freedombone.local -p 2222
 </pre>
 </div>
 Select <i>Administrator controls</i> then from there you will be able to perform various tasks, such as backups, adding and removing users and so on. You can also do this via commands, which are typically installed as /usr/local/bin/freedombone* and the corresponding manpages.
 </p>
 
-<div class="export">
-<p>
-&lt;center&gt;
-Return to the &lt;a href="index.html"&gt;home page&lt;/a&gt;
-&lt;/center&gt;
-</p>
-
-</div>
+<center>
+Return to the <a href="index.html">home page</a>
+</center>
 </div>
 </div>
 </div>

website/EN/mesh_capabilities.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 18:24 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone mesh network capabilities"
+<!-- 2018-04-22 Sun 10:31 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone mesh network capabilities"
  />
-<meta  name="keywords" content="freedombone, mesh" />
+<meta name="keywords" content="freedombone, mesh" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Mesh Network: Capabilities</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-org19c4251" class="outline-2">
+<h2 id="org19c4251">Mesh Network: Capabilities</h2>
+<div class="outline-text-2" id="text-org19c4251">
 <p>
 The mesh system has the following capabilities:
 </p>
 
 <ul class="org-ul">
-<li>Discovery of other users on the network
-</li>
-<li>Text based chat, one-to-one and in groups
-</li>
-<li>Voice chat (VoIP) and video calls
-</li>
-<li>Private and public sharing of files
-</li>
-<li>Blogging
-</li>
-<li>Collaborative editing of documents and presentations
-</li>
-<li>Creating and broadcasting audio media/podcasts
-</li>
-<li>Social network stream. Follow/unfollow other peers
-</li>
-<li>No network administration required
-</li>
-<li>No servers
-</li>
-<li>Internet connection is optional
-</li>
-<li>Works from bootable USB drives or microSD drives
-</li>
-<li>Data is mesh routed between systems
-</li>
-<li>Private communications is end-to-end secured and forward secret
-</li>
-<li>Publicly shared data is <i>content addressable</i>
-</li>
+<li>Discovery of other users on the network</li>
+<li>Text based chat, one-to-one and in groups</li>
+<li>Voice chat (VoIP) and video calls</li>
+<li>Private and public sharing of files</li>
+<li>Blogging</li>
+<li>Collaborative editing of documents and presentations</li>
+<li>Social network stream. Follow/unfollow other peers</li>
+<li>No network administration required</li>
+<li>No servers</li>
+<li>Internet connection is optional</li>
+<li>Works from bootable USB drives or microSD drives</li>
+<li>Data is mesh routed between systems</li>
+<li>Private communications is end-to-end secured and forward secret</li>
+<li>Publicly shared data is <i>content addressable</i></li>
 </ul>
 
 <p>

website/EN/mesh_images.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-15 Sun 18:25 -->
+<!-- 2018-04-21 Sat 14:59 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 </p>
 </div>
 
-<div id="outline-container-orgd03cecc" class="outline-2">
-<h2 id="orgd03cecc">Mesh Network: Images</h2>
+<div id="outline-container-org86cebe1" class="outline-2">
+<h2 id="org86cebe1">Mesh Network: Images</h2>
 </div>
 
-<div id="outline-container-org2613bbd" class="outline-2">
-<h2 id="org2613bbd">Pre-built Disk Images</h2>
-<div class="outline-text-2" id="text-org2613bbd">
+<div id="outline-container-org144a10d" class="outline-2">
+<h2 id="org144a10d">Pre-built Disk Images</h2>
+<div class="outline-text-2" id="text-org144a10d">
 </div>
-<div id="outline-container-org3cdda6d" class="outline-3">
-<h3 id="org3cdda6d">Writing many images quickly</h3>
-<div class="outline-text-3" id="text-org3cdda6d">
+<div id="outline-container-org4231464" class="outline-3">
+<h3 id="org4231464">Writing many images quickly</h3>
+<div class="outline-text-3" id="text-org4231464">
 <p>
 There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
 </p>
 </p>
 </div>
 </div>
-<div id="outline-container-org41f717a" class="outline-3">
-<h3 id="org41f717a">Client images</h3>
-<div class="outline-text-3" id="text-org41f717a">
+<div id="outline-container-org47d0e94" class="outline-3">
+<h3 id="org47d0e94">Client images</h3>
+<div class="outline-text-3" id="text-org47d0e94">
 
 <div class="figure">
 <p><img src="images/mesh_netbook.jpg" alt="mesh_netbook.jpg" width="100%" align="center" />
 wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.sig
 gpg --verify freedombone-meshclient-i386.img.xz.sig
 unxz freedombone-meshclient-i386.img.xz
-sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-meshclient-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.img.xz.sig
 gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
 unxz freedombone-meshclient-insecure-i386.img.xz
-sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-meshclient-insecure-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-insecure-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-orgbe3f97e" class="outline-3">
-<h3 id="orgbe3f97e">Router images</h3>
-<div class="outline-text-3" id="text-orgbe3f97e">
+<div id="outline-container-orge2c765f" class="outline-3">
+<h3 id="orge2c765f">Router images</h3>
+<div class="outline-text-3" id="text-orge2c765f">
 <p>
 Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
 </p>
 </div>
-<div id="outline-container-org1859392" class="outline-4">
-<h4 id="org1859392">Beaglebone Black</h4>
-<div class="outline-text-4" id="text-org1859392">
+<div id="outline-container-org0194fde" class="outline-4">
+<h4 id="org0194fde">Beaglebone Black</h4>
+<div class="outline-text-4" id="text-org0194fde">
 
 <div class="figure">
 <p><img src="images/mesh_router.jpg" alt="mesh_router.jpg" width="50%" align="center" />
 sha256sum freedombone-mesh_beaglebone-armhf.img.xz
 ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
 unxz freedombone-mesh_beaglebone-armhf.img.xz
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-mesh_beaglebone-armhf.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-mesh_beaglebone-armhf.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 </div>
 </div>
 
-<div id="outline-container-orgf16e84d" class="outline-2">
-<h2 id="orgf16e84d">Building Disk Images</h2>
-<div class="outline-text-2" id="text-orgf16e84d">
+<div id="outline-container-orgfcd1440" class="outline-2">
+<h2 id="orgfcd1440">Building Disk Images</h2>
+<div class="outline-text-2" id="text-orgfcd1440">
 <p>
 It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
 </p>
 </p>
 
 <div class="org-src-container">
-<pre class="src src-bash">sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+<pre class="src src-bash">sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 

website/EN/mobile.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 18:25 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Freedombone mobile setup"
+<!-- 2018-04-24 Tue 16:29 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Freedombone mobile setup"
  />
-<meta  name="keywords" content="freedombone, mobile" />
+<meta name="keywords" content="freedombone, mobile" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/logo.png" alt="logo.png" width="80%" height="10%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Mobile</h2>
-<div class="outline-text-2" id="text-1">
 <p>
 Mobile phones are insecure devices, but they're regarded as being so essential to modern life that telling people not to use them isn't a viable option. Here are some recommendations on setting up a mobile phone (aka "smartphone") to work with Freedombone.
 </p>
 
-<div class="export">
-<p>
- &lt;center&gt;
- &lt;table style="width:80%; border:0"&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Open&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Use a free and open source operating system. Open means more trustworthy&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Remove&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;If there are any proprietary apps then remove or deactivate them&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Encrypt&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Make sure your phone is encrypted with a password which isn't easy to guess&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Apps&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Use F-droid to install new apps&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Lock&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Enable a lock screen with a maximum number of password guesses&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Onion&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Onion route your connections to avoid bulk metadata collection&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Email&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Access webmail in a browser&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Services&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Connect to the Freedombone services&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-  &lt;tr&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Battery&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Avoid battery-eating apps and disable some optimisations&lt;/center&gt;&lt;/td&gt;
-    &lt;td&gt;&lt;center&gt;&lt;b&gt;&lt;h3&gt;Block&lt;/h3&gt;&lt;/b&gt;&lt;br&gt;Prevent access to know bad domains&lt;/center&gt;&lt;/td&gt;
-  &lt;/tr&gt;
-&lt;/table&gt;
-&lt;/center&gt;
-</p>
-
-</div>
-</div>
-</div>
-
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">Open</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-orgc9f2368" class="outline-2">
+<h2 id="orgc9f2368">Open</h2>
+<div class="outline-text-2" id="text-orgc9f2368">
 <p>
 Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">Remove</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-org1da5240" class="outline-2">
+<h2 id="org1da5240">Remove</h2>
+<div class="outline-text-2" id="text-org1da5240">
 <p>
 So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of <i>surveillance capital</i>. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-4" class="outline-2">
-<h2 id="sec-4">Encrypt</h2>
-<div class="outline-text-2" id="text-4">
+<div id="outline-container-orge6cd0f0" class="outline-2">
+<h2 id="orge6cd0f0">Encrypt</h2>
+<div class="outline-text-2" id="text-orge6cd0f0">
 <p>
 Encrypt your phone. This can usually be done via <b>Settings/Security</b> and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-5" class="outline-2">
-<h2 id="sec-5">Apps</h2>
-<div class="outline-text-2" id="text-5">
+<div id="outline-container-org149be87" class="outline-2">
+<h2 id="org149be87">Apps</h2>
+<div class="outline-text-2" id="text-org149be87">
 <p>
 Installing <b>F-droid</b> and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-6" class="outline-2">
-<h2 id="sec-6">Lock</h2>
-<div class="outline-text-2" id="text-6">
+<div id="outline-container-orgd1ea4fa" class="outline-2">
+<h2 id="orgd1ea4fa">Lock</h2>
+<div class="outline-text-2" id="text-orgd1ea4fa">
 <p>
 Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called <b>Locker</b>, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-7" class="outline-2">
-<h2 id="sec-7">Onion</h2>
-<div class="outline-text-2" id="text-7">
+<div id="outline-container-org98e33e6" class="outline-2">
+<h2 id="org98e33e6">Onion</h2>
+<div class="outline-text-2" id="text-org98e33e6">
 <p>
 Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not <i>theoretically</i> impossible but at least <i>very hard</i> for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-8" class="outline-2">
-<h2 id="sec-8">Email</h2>
-<div class="outline-text-2" id="text-8">
+<div id="outline-container-org0b855a4" class="outline-2">
+<h2 id="org0b855a4">Email</h2>
+<div class="outline-text-2" id="text-org0b855a4">
 <p>
 The easiest way to access email is by installing the <a href="./app_mailpile.html">Mailpile</a> app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-9" class="outline-2">
-<h2 id="sec-9">Services</h2>
-<div class="outline-text-2" id="text-9">
+<div id="outline-container-org4eecc0f" class="outline-2">
+<h2 id="org4eecc0f">Services</h2>
+<div class="outline-text-2" id="text-org4eecc0f">
 <p>
 For information on configuring various apps to work with Freedombone see the <a href="./apps.html">apps section</a>. Also see advice on chat apps in the <a href="./faq.html">FAQ</a>.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-10" class="outline-2">
-<h2 id="sec-10">Battery</h2>
-<div class="outline-text-2" id="text-10">
+<div id="outline-container-org0f96cf1" class="outline-2">
+<h2 id="org0f96cf1">Battery</h2>
+<div class="outline-text-2" id="text-org0f96cf1">
 <p>
 Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.
 </p>
 </div>
 </div>
 
-<div id="outline-container-sec-11" class="outline-2">
-<h2 id="sec-11">Blocking bad domains</h2>
-<div class="outline-text-2" id="text-11">
+<div id="outline-container-orgb6d0da7" class="outline-2">
+<h2 id="orgb6d0da7">Blocking bad domains</h2>
+<div class="outline-text-2" id="text-orgb6d0da7">
 <p>
 You can block known bad domains by editing the <b>/system/etc/hosts</b> file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
 </p>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">sudo pacman -S android-tools
 </pre>
 </div>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">adb root
 adb remount
 adb pull /system/etc/hosts
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">127.0.0.1       www.facebook.com
 127.0.0.1       facebook.com
 127.0.0.1       static.ak.fbcdn.net
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">adb push hosts /system/etc/hosts
 </pre>
 </div>
 Once that's done you may want to set <b>Root access</b> on the device back to <b>Disabled</b> and turn <b>Android debugging</b> off.
 </p>
 
-<div class="export">
-<p>
-&lt;center&gt;
-Return to the &lt;a href="index.html"&gt;home page&lt;/a&gt;
-&lt;/center&gt;
-</p>
-
-</div>
+<center>
+Return to the <a href="index.html">home page</a>
+</center>
 
 
 

website/EN/release3.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<title></title>
-<!-- 2018-04-12 Thu 13:25 -->
-<meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<meta  name="generator" content="Org-mode" />
-<meta  name="author" content="Bob Mottram" />
-<meta  name="description" content="Version 3"
+<!-- 2018-04-21 Sat 14:59 -->
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>&lrm;</title>
+<meta name="generator" content="Org mode" />
+<meta name="author" content="Bob Mottram" />
+<meta name="description" content="Version 3"
  />
-<meta  name="keywords" content="freedombone" />
+<meta name="keywords" content="freedombone" />
 <style type="text/css">
  <!--/*--><![CDATA[/*><!--*/
-  .title  { text-align: center; }
+  .title  { text-align: center;
+             margin-bottom: .2em; }
+  .subtitle { text-align: center;
+              font-size: medium;
+              font-weight: bold;
+              margin-top:0; }
   .todo   { font-family: monospace; color: red; }
-  .done   { color: green; }
+  .done   { font-family: monospace; color: green; }
+  .priority { font-family: monospace; color: orange; }
   .tag    { background-color: #eee; font-family: monospace;
             padding: 2px; font-size: 80%; font-weight: normal; }
   .timestamp { color: #bebebe; }
   .timestamp-kwd { color: #5f9ea0; }
-  .right  { margin-left: auto; margin-right: 0px;  text-align: right; }
-  .left   { margin-left: 0px;  margin-right: auto; text-align: left; }
-  .center { margin-left: auto; margin-right: auto; text-align: center; }
+  .org-right  { margin-left: auto; margin-right: 0px;  text-align: right; }
+  .org-left   { margin-left: 0px;  margin-right: auto; text-align: left; }
+  .org-center { margin-left: auto; margin-right: auto; text-align: center; }
   .underline { text-decoration: underline; }
   #postamble p, #preamble p { font-size: 90%; margin: .2em; }
   p.verse { margin-left: 3%; }
     border: 1px solid black;
   }
   pre.src:hover:before { display: inline;}
-  pre.src-sh:before    { content: 'sh'; }
-  pre.src-bash:before  { content: 'sh'; }
+  /* Languages per Org manual */
+  pre.src-asymptote:before { content: 'Asymptote'; }
+  pre.src-awk:before { content: 'Awk'; }
+  pre.src-C:before { content: 'C'; }
+  /* pre.src-C++ doesn't work in CSS */
+  pre.src-clojure:before { content: 'Clojure'; }
+  pre.src-css:before { content: 'CSS'; }
+  pre.src-D:before { content: 'D'; }
+  pre.src-ditaa:before { content: 'ditaa'; }
+  pre.src-dot:before { content: 'Graphviz'; }
+  pre.src-calc:before { content: 'Emacs Calc'; }
   pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
-  pre.src-R:before     { content: 'R'; }
-  pre.src-perl:before  { content: 'Perl'; }
-  pre.src-java:before  { content: 'Java'; }
-  pre.src-sql:before   { content: 'SQL'; }
+  pre.src-fortran:before { content: 'Fortran'; }
+  pre.src-gnuplot:before { content: 'gnuplot'; }
+  pre.src-haskell:before { content: 'Haskell'; }
+  pre.src-hledger:before { content: 'hledger'; }
+  pre.src-java:before { content: 'Java'; }
+  pre.src-js:before { content: 'Javascript'; }
+  pre.src-latex:before { content: 'LaTeX'; }
+  pre.src-ledger:before { content: 'Ledger'; }
+  pre.src-lisp:before { content: 'Lisp'; }
+  pre.src-lilypond:before { content: 'Lilypond'; }
+  pre.src-lua:before { content: 'Lua'; }
+  pre.src-matlab:before { content: 'MATLAB'; }
+  pre.src-mscgen:before { content: 'Mscgen'; }
+  pre.src-ocaml:before { content: 'Objective Caml'; }
+  pre.src-octave:before { content: 'Octave'; }
+  pre.src-org:before { content: 'Org mode'; }
+  pre.src-oz:before { content: 'OZ'; }
+  pre.src-plantuml:before { content: 'Plantuml'; }
+  pre.src-processing:before { content: 'Processing.js'; }
+  pre.src-python:before { content: 'Python'; }
+  pre.src-R:before { content: 'R'; }
+  pre.src-ruby:before { content: 'Ruby'; }
+  pre.src-sass:before { content: 'Sass'; }
+  pre.src-scheme:before { content: 'Scheme'; }
+  pre.src-screen:before { content: 'Gnu Screen'; }
+  pre.src-sed:before { content: 'Sed'; }
+  pre.src-sh:before { content: 'shell'; }
+  pre.src-sql:before { content: 'SQL'; }
+  pre.src-sqlite:before { content: 'SQLite'; }
+  /* additional languages in org.el's org-babel-load-languages alist */
+  pre.src-forth:before { content: 'Forth'; }
+  pre.src-io:before { content: 'IO'; }
+  pre.src-J:before { content: 'J'; }
+  pre.src-makefile:before { content: 'Makefile'; }
+  pre.src-maxima:before { content: 'Maxima'; }
+  pre.src-perl:before { content: 'Perl'; }
+  pre.src-picolisp:before { content: 'Pico Lisp'; }
+  pre.src-scala:before { content: 'Scala'; }
+  pre.src-shell:before { content: 'Shell Script'; }
+  pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
+  /* additional language identifiers per "defun org-babel-execute"
+       in ob-*.el */
+  pre.src-cpp:before  { content: 'C++'; }
+  pre.src-abc:before  { content: 'ABC'; }
+  pre.src-coq:before  { content: 'Coq'; }
+  pre.src-groovy:before  { content: 'Groovy'; }
+  /* additional language identifiers from org-babel-shell-names in
+     ob-shell.el: ob-shell is the only babel language using a lambda to put
+     the execution function name together. */
+  pre.src-bash:before  { content: 'bash'; }
+  pre.src-csh:before  { content: 'csh'; }
+  pre.src-ash:before  { content: 'ash'; }
+  pre.src-dash:before  { content: 'dash'; }
+  pre.src-ksh:before  { content: 'ksh'; }
+  pre.src-mksh:before  { content: 'mksh'; }
+  pre.src-posh:before  { content: 'posh'; }
+  /* Additional Emacs modes also supported by the LaTeX listings package */
+  pre.src-ada:before { content: 'Ada'; }
+  pre.src-asm:before { content: 'Assembler'; }
+  pre.src-caml:before { content: 'Caml'; }
+  pre.src-delphi:before { content: 'Delphi'; }
+  pre.src-html:before { content: 'HTML'; }
+  pre.src-idl:before { content: 'IDL'; }
+  pre.src-mercury:before { content: 'Mercury'; }
+  pre.src-metapost:before { content: 'MetaPost'; }
+  pre.src-modula-2:before { content: 'Modula-2'; }
+  pre.src-pascal:before { content: 'Pascal'; }
+  pre.src-ps:before { content: 'PostScript'; }
+  pre.src-prolog:before { content: 'Prolog'; }
+  pre.src-simula:before { content: 'Simula'; }
+  pre.src-tcl:before { content: 'tcl'; }
+  pre.src-tex:before { content: 'TeX'; }
+  pre.src-plain-tex:before { content: 'Plain TeX'; }
+  pre.src-verilog:before { content: 'Verilog'; }
+  pre.src-vhdl:before { content: 'VHDL'; }
+  pre.src-xml:before { content: 'XML'; }
+  pre.src-nxml:before { content: 'XML'; }
+  /* add a generic configuration mode; LaTeX export needs an additional
+     (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
+  pre.src-conf:before { content: 'Configuration File'; }
 
   table { border-collapse:collapse; }
   caption.t-above { caption-side: top; }
   caption.t-bottom { caption-side: bottom; }
   td, th { vertical-align:top;  }
-  th.right  { text-align: center;  }
-  th.left   { text-align: center;   }
-  th.center { text-align: center; }
-  td.right  { text-align: right;  }
-  td.left   { text-align: left;   }
-  td.center { text-align: center; }
+  th.org-right  { text-align: center;  }
+  th.org-left   { text-align: center;   }
+  th.org-center { text-align: center; }
+  td.org-right  { text-align: right;  }
+  td.org-left   { text-align: left;   }
+  td.org-center { text-align: center; }
   dt { font-weight: bold; }
-  .footpara:nth-child(2) { display: inline; }
-  .footpara { display: block; }
+  .footpara { display: inline; }
   .footdef  { margin-bottom: 1em; }
   .figure { padding: 1em; }
   .figure p { text-align: center; }
     { font-size: 10px; font-weight: bold; white-space: nowrap; }
   .org-info-js_search-highlight
     { background-color: #ffff00; color: #000000; font-weight: bold; }
+  .org-svg { width: 90%; }
   /*]]>*/-->
 </style>
 <link rel="stylesheet" type="text/css" href="freedombone.css" />
 @licstart  The following is the entire license notice for the
 JavaScript code in this tag.
 
-Copyright (C) 2012-2013 Free Software Foundation, Inc.
+Copyright (C) 2012-2017 Free Software Foundation, Inc.
 
 The JavaScript code in this tag is free software: you can
 redistribute it and/or modify it under the terms of the GNU
 <a name="top" id="top"></a>
 </div>
 <div id="content">
-<h1 class="title"></h1>
 
 <div class="figure">
 <p><img src="images/release3.jpg" alt="release3.jpg" width="100%" align="center" />
 </p>
 </div>
 
-<div id="outline-container-sec-1" class="outline-2">
-<h2 id="sec-1">Building an internet run by the users, for the users</h2>
-<div class="outline-text-2" id="text-1">
+<div id="outline-container-org9121f8f" class="outline-2">
+<h2 id="org9121f8f">Building an internet run by the users, for the users</h2>
+<div class="outline-text-2" id="text-org9121f8f">
 <p>
 The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries.
 </p>
 </p>
 
 <ul class="org-ul">
-<li>Faster initial setup
-</li>
-<li>More <a href="./apps.html">installable apps</a>, including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb
-</li>
-<li>Automated <a href="https://github.com/hardenedlinux/STIG-4-Debian">security tests</a>
-</li>
-<li>Improved XMPP configuration for support of the <a href="https://conversations.im">Conversations</a> app features
-</li>
-<li>Improved blocking controls for a better federated network experience
-</li>
-<li>Uses <a href="https://en.wikipedia.org/wiki/EdDSA">elliptic curve</a> based GPG keys for better performance on low power single board computers
-</li>
-<li>Pre-downloaded repos distributed within images for faster and more autonomous app installs
-</li>
+<li>Faster initial setup</li>
+<li>More <a href="./apps.html">installable apps</a>, including CryptPad, Koel, NextCloud, PostActiv, Friendica and Matrix/RiotWeb</li>
+<li>Automated <a href="https://github.com/hardenedlinux/STIG-4-Debian">security tests</a></li>
+<li>Improved XMPP configuration for support of the <a href="https://conversations.im">Conversations</a> app features</li>
+<li>Improved blocking controls for a better federated network experience</li>
+<li>Uses <a href="https://en.wikipedia.org/wiki/EdDSA">elliptic curve</a> based GPG keys for better performance on low power single board computers</li>
+<li>Pre-downloaded repos distributed within images for faster and more autonomous app installs</li>
 </ul>
 </div>
 </div>
 
-<div id="outline-container-sec-2" class="outline-2">
-<h2 id="sec-2">Installation</h2>
-<div class="outline-text-2" id="text-2">
+<div id="outline-container-org68d06a3" class="outline-2">
+<h2 id="org68d06a3">Installation</h2>
+<div class="outline-text-2" id="text-org68d06a3">
 <p>
 The simplest way to install is from a pre-made disk image. Images can be <a href="https://freedombone.net/downloads/v3">downloaded here</a>. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
 </p>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">unxz downloadedimagefile.img.xz
-dd bs=1M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
+dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">username: fbone
 password: freedombone
 </pre>
 </p>
 
 <div class="org-src-container">
-
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
 </div>
 </div>
 </div>
 
-<div id="outline-container-sec-3" class="outline-2">
-<h2 id="sec-3">Upgrading from a previous install</h2>
-<div class="outline-text-2" id="text-3">
+<div id="outline-container-org976059e" class="outline-2">
+<h2 id="org976059e">Upgrading from a previous install</h2>
+<div class="outline-text-2" id="text-org976059e">
 <p>
 To upgrade from the Debian Jessie version first create a master keydrive. Go to the <b>Administrator control panel</b> and select <b>Backup and restore</b> then <b>Backup GPG key to USB (master keydrive)</b>. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting <b>Backup data to USB drive</b> and using another LUKS encrypted USB drive.
 </p>

website/EN/release31.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-15 Sun 19:01 -->
+<!-- 2018-04-21 Sat 15:00 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 </p>
 </div>
 
-<div id="outline-container-org996a8d0" class="outline-2">
-<h2 id="org996a8d0"><b>Version 3.1, 2018-04-15</b></h2>
-<div class="outline-text-2" id="text-org996a8d0">
+<div id="outline-container-org562f1b2" class="outline-2">
+<h2 id="org562f1b2"><b>Version 3.1, 2018-04-15</b></h2>
+<div class="outline-text-2" id="text-org562f1b2">
 <p>
 Newer and shinier than before, <a href="./index.html">Freedombone</a> 3.1 rests upon the solid foundation of Debian stable and delivers major new self-hosted apps, improved mesh networking and a new logo. It supports version 3 onion addresses and the ability to use <a href="./usage_email.html">email with onion and I2P addresses</a>. New apps are:
 </p>
 </div>
 </div>
 
-<div id="outline-container-org811872a" class="outline-2">
-<h2 id="org811872a">Installation</h2>
-<div class="outline-text-2" id="text-org811872a">
+<div id="outline-container-org0f2b77a" class="outline-2">
+<h2 id="org0f2b77a">Installation</h2>
+<div class="outline-text-2" id="text-org0f2b77a">
 <p>
 The simplest way to install is from a pre-made disk image. Images can be <a href="https://freedombone.net/downloads/v31">downloaded here</a>. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere. Or if you don't need clearnet domains and will be using Tor compatible browsers then you can use the "onion only" images where apps will be accessible via an onion address.
 </p>
 
 <div class="org-src-container">
 <pre class="src src-bash">unxz downloadedimagefile.img.xz
-dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 </div>
 </div>
 
-<div id="outline-container-orgba24030" class="outline-2">
-<h2 id="orgba24030">Upgrading from a previous install</h2>
-<div class="outline-text-2" id="text-orgba24030">
+<div id="outline-container-orgf8d3f00" class="outline-2">
+<h2 id="orgf8d3f00">Upgrading from a previous install</h2>
+<div class="outline-text-2" id="text-orgf8d3f00">
 <p>
 To upgrade from version 3 just go to the <b>administrator control panel</b> and select <b>check for updates</b>.
 </p>

website/EN/socialinstance.html

 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-04-15 Sun 18:26 -->
+<!-- 2018-04-21 Sat 15:00 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
 </p>
 </div>
 
-<div id="outline-container-org3a57e54" class="outline-2">
-<h2 id="org3a57e54">Social Instance</h2>
-<div class="outline-text-2" id="text-org3a57e54">
+<div id="outline-container-org7227583" class="outline-2">
+<h2 id="org7227583">Social Instance</h2>
+<div class="outline-text-2" id="text-org7227583">
 <p>
 A social instance image allows you to easily set up a fediverse server, which federates using the OStatus or ActivityPub protocol. You will need:
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgb2f2066" class="outline-2">
-<h2 id="orgb2f2066">Copy the image to the USB drive</h2>
-<div class="outline-text-2" id="text-orgb2f2066">
+<div id="outline-container-org1d12ef2" class="outline-2">
+<h2 id="org1d12ef2">Copy the image to the USB drive</h2>
+<div class="outline-text-2" id="text-org1d12ef2">
 <p>
 Substitute <b>sdX</b> with the device name for your USB drive.
 </p>
 wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
 gpg --verify freedombone-pleroma-amd64.img.xz.sig
 unxz freedombone-pleroma-amd64.img.xz
-sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">count</span>=8
-sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-name">if</span>=freedombone-pleroma-amd64.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
+sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
+sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-pleroma-amd64.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
 </pre>
 </div>
 
 </div>
 </div>
 
-<div id="outline-container-orgb12b5ef" class="outline-2">
-<h2 id="orgb12b5ef">Connect the laptop to your internet router</h2>
-<div class="outline-text-2" id="text-orgb12b5ef">
+<div id="outline-container-org1acc3f8" class="outline-2">
+<h2 id="org1acc3f8">Connect the laptop to your internet router</h2>
+<div class="outline-text-2" id="text-org1acc3f8">
 <p>
 Plug the USB drive into the laptop and connect it to your internet router with the ethernet cable.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org32addf2" class="outline-2">
-<h2 id="org32addf2">Boot the laptop from the USB drive</h2>
-<div class="outline-text-2" id="text-org32addf2">
+<div id="outline-container-orgc06c32b" class="outline-2">
+<h2 id="orgc06c32b">Boot the laptop from the USB drive</h2>
+<div class="outline-text-2" id="text-orgc06c32b">
 <p>
 You may need to alter the BIOS settings to get this to work reliably.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org6417b90" class="outline-2">
-<h2 id="org6417b90">Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop</h2>
-<div class="outline-text-2" id="text-org6417b90">
+<div id="outline-container-orgbe57b0d" class="outline-2">
+<h2 id="orgbe57b0d">Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop</h2>
+<div class="outline-text-2" id="text-orgbe57b0d">
 <p>
 Log into your internet router using a non-Tor browser (usually it's on an address like 192.168.1.1 or 192.168.1.254). Often port forwarding settings are together with firewall settings.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orga1248fc" class="outline-2">
-<h2 id="orga1248fc">From another machine ssh into the laptop</h2>
-<div class="outline-text-2" id="text-orga1248fc">
+<div id="outline-container-org61c8baa" class="outline-2">
+<h2 id="org61c8baa">From another machine ssh into the laptop</h2>
+<div class="outline-text-2" id="text-org61c8baa">
 <div class="org-src-container">
 <pre class="src src-bash">ssh fbone@freedombone.local -p 2222
 </pre>
 </div>
 </div>
 
-<div id="outline-container-orge7dea9e" class="outline-2">
-<h2 id="orge7dea9e">Follow the setup procedure</h2>
-<div class="outline-text-2" id="text-orge7dea9e">
+<div id="outline-container-orgaaaf930" class="outline-2">
+<h2 id="orgaaaf930">Follow the setup procedure</h2>
+<div class="outline-text-2" id="text-orgaaaf930">
 <p>
 Enter your user details, domain name and dynamic DNS settings.
 </p>
 </div>
 </div>
 
-<div id="outline-container-orgde5ef18" class="outline-2">
-<h2 id="orgde5ef18">When installation is complete</h2>
-<div class="outline-text-2" id="text-orgde5ef18">
+<div id="outline-container-orgbd9fe95" class="outline-2">
+<h2 id="orgbd9fe95">When installation is complete</h2>
+<div class="outline-text-2" id="text-orgbd9fe95">
 <p>
 Navigate to your domain and register a new user.
 </p>