Cover Image

Pi-Hole on Freedombone

October 23, 2018 - Reading time: ~1 minute

The ad blocking system called pi-hole has now been integrated with the new web based user interface of Freedombone. This blocks ads at the DNS level on your home network. It's not perfect and doesn't block all ads, but it does help to improve the user experience and speed of browsing the web. One thing I notice in particular is that it doesn't block ads on YouTube, and that Google has been adopting devious ways to avoid ad blocking by using randomly generated subdomains to serve advertising content from.

For a long time I didn't really care about ads and the internet didn't depend highly upon them. Then I distinctly remember the occasion in 2007 when my web browsing experience went from having discreet banner ads which I didn't care about to having actually offensive ads shoved in my face in a highly disrespectful manner. From that time onwards I started using browser based ad blockers, and then eventually pi-hole.

Pi-hole has its own web based user interface, but I've made no attempt to integrate that into the Freedombone web UI. That's because it requires logging, and from both a security and a performance perspective I'd rather avoid any additional unnecessary logging. If you're running on a microSD card then writing the minimum amount of things to disk is important because I/O bandwidth is low and the disk itself wears out eventually.


Continuously Integrating

October 12, 2018 - Reading time: 2 minutes

I've now set up a continuous integration (CI) system for making image builds for the Freedombone system. This is something I had been wanting to do for a while, because building images by hand is laborious and not always reliable. If during a build a repo fails or a certificate expires somewhere on the internets then you have to start again. The details of the new system can be found here.

In compressed format Freedombone images are typically just over 3GB in size. Even on a fast multi-core machine builds can take an hour or more, because it's creating a minimal Debian operating system and then installing and configuring many things on top of that. In the past, and even now, I don't have a spare laptop or desktop machine to dedicate to continuous builds which would be powerful enough to make multi-gigabyte images within a reasonable amount of time. But ARM SBCs are getting good enough for this task, with a combination of a fast CPU and also the ability to run from an SSD which gives I/O performance which is an order of magnitude better than EMMC or microSD.

Various CI systems exist, but I thought I'd do the traditional thing which is to make one out of a bash script. In the old days, before the now well known CI systems existed, hackers would just create some scripts to compile overnight and report the results back by email which could be viewed in the morning. My CI system, called BirbCI is not a lot different from that except that the results are reported on a web page. Originally it was 80 lines of bash. It has grown a little, and is now a few hundred lines, but it's not all that complicated and is very general such that any type of build in whatever language you choose could be supported. The web page on which results appear can also be customized.

So in future it should be easier to do releases, since at any point in time there will be a bunch of ready made images. It will also be easier to know if anything I do with the source code breaks the build.


Proxying email

October 4, 2018 - Reading time: 2 minutes

Continuing on email integration with the web interface of Freedombone an email proxying screen has been added. This only applies to clearnet installs, so if you're running an onion version then you don't need to be concerned with this.

Why would you need to proxy your email? Well, the current state of email systems on the internet - as you may already be aware - is quite dire and heavily favours a few giant companies. If you're running an independent email server, as is the case with Freedombone, then it's highly likely that any emails you send will be blocked by other servers and you'll get a "delivery failed" type of message perhaps accompanied by a difficult to parse error. Even just a few years ago this wasn't always the case, and this aspect of the internet has been becoming increasingly closed to independents. Email blocking today is highly indiscriminate, with entire IP address ranges or countries being blocked by some systems. There doesn't need to be any actual evidence that you were sending out spam and in most cases you're just discriminated against by default because you're not one of the big companies. It is possible to get around this via proxying your emails through an SMTP server run by your ISP or another email service providing company. It's a less than ideal situation, but can make the difference between being in control of your own email or becoming a SaaS slave.

The email proxy screen can be accessed via the Mail icon by selecting the logo at the top of the webmail login screen. It looks like this:

Once you've entered the SMTP proxy server details then select Update and you'll then be ready to send out emails through it. That's all there is to it.

If you're sending to onion based email addresses then the proxying doesn't apply because it gets routed through the Tor network instead.


Making email easier

September 29, 2018 - Reading time: 3 minutes

Mailpile has existed as an app within Freedombone for a couple of years, and it's a nice webmail client, but for a more mass market type of approach it's not ideal. The reason is that the setup is quite non-intuitive and assumes that you know what acronyms like SMTP, IMAP and GPG mean. It's highly doubtful that the average shopper knows about any of that, and chances are they just use Gmail because that's what they were instructed to do by the initial setup process when they first got an Android phone. Gmail didn't ask them for an IMAP domain.

On Freedombone an email server is part of the base install and it has the capability to send and receive messages using onion addresses. I thought it would be nice to have a webmail client which doesn't need any post-installation configuration and which can be used with noscript or with javascript turned off. At first I thought I might need to write something like that because every modern webmail client appears to make extensive use of javascript, but the prospect of writing a usable email system is definitely a non-trivial undertaking so I wanted to avoid doing that if possible.

The only non-javascript solution I found was Squirrelmail. Squirrelmail is an old system by technology standards, although not as old as the kernel. It pre-dates smartphones, and it's certainly not the most glamorous web software you've ever seen but it's functional and customizable to some extent.

So I added a customized version of squirrelmail to the web interface of Freedombone.

The login has been changed to a new logo, and it's linked up to themes and languages such that if you change that on the settings screen the webmail system also changes accordingly. Testing it on mobile in the vertical orientation it looks odd but in horizontal orientation its ok and quite usable. I made a couple of themes called freedom_light and freedom_dark using the same colors as the main web interface so that it looks somewhat consistent. And you can use it to send between onion or clearnet email addresses without much hassle.

So despite its age and smartphone agnosticism Squirrelmail still appears to be quite a good addition.

Apart from the usual advantages of onion addresses the biggest one here is that you don't need to be using GPG to still have fairly good communications security. It's not end-to-end in the strictest sense, but a lot more secure than email usually is. You can also use it via a Tor browser with the security level cranked up to the max if you want to.


Changes to the mesh

September 28, 2018 - Reading time: ~1 minute

Prepping the post-Brexit apocalypse bunker with a "dig for victory" poster and a newspaper cutout of Theresa May on the wall for darts practice during electrical blackouts we also have the Freedombone mesh. The mesh system is a bootable USB version of Debian which can be used with laptops, and there's also an image which can be used with the Beaglebone Black to increase wifi network coverage. Even if the internet is unavailable the mesh network can carry on providing a local communications system.

Recently I've improved the internet functionality so that if you plug a mesh system into your internet router with an ethernet cable then it just automatically becomes a gateway for any other peers in the network. This avoids needing to do any manual network restarts and so makes things more convenient.

I've also removed the Patchwork SSB client because it was difficult to maintain the installation of that on a 32bit version of Debian. I'm still using 32bit images for the mesh, because if you're up against it then any old hardware could be requisitioned at short notice to build a mesh and there may still be old 32bit laptops stashed at the back of closets.


Cover Image

New icons

September 26, 2018 - Reading time: ~1 minute

Some new icons and a new logo have been submitted to the Freedombone project. These were created by Rashid Mhar, and give the interface and website a much nicer look.

There are also now light and dark themes for the web interface, and the ability to edit translations. I've added some automated translations by default, and no doubt these will need changing to some extent.