To install it, pretty straightforward (NB: I’m using Ubuntu, should be the same on Debian; on Fedora should be the same but with yum):
apt-get install wipe

And then to run it, for basic use it will take ALMOST (see below the warning about wildcards) the same kind of options as “rm”:
myLaptop:/home/david$ wipe -r thisFolder
Okay to WIPE 1 directory ? (Yes/No) y
Please answer "Yes" or "No".
Okay to WIPE 1 directory ? (Yes/No) Yes
Wiping ubuntu-11.10-dvd-amd64.iso, pass 9 (12) [ 213 / 5994]

The default setting is 34 overwrite passes, which is huge and slow, but I guess helpful if you are paranoid. If you want fewer passes, use -Q [number of passes]. The manual might be an interesting read, too.

A very important warning about using wildcards: DO NOT use wipe -r .*. As reported there, this pattern matches .. so wipe will then browse around and erase the whole disk if you’re running it as root (and even if you’re not, it will likely get to places where you didn’t want it to go). This is not a bug, it’s actually a feature. rm not matching .. when you call it on .* is a safeguard, but when you’re using wipe chances are that it’s more of a problem to miss deletions than to do too many of them, thus this aggressive behavior. I didn’t try it but most likely this is true of wipe -r * too.

If you want to erase all the dot files in a folder, you can either use wipe .??* or move on level up and do wipe -r theFolder, like I did in my example.

Edit: actually, I did gave a shot at wipe -q -r .* on a virtual box, it didn’t wipe everything out, as can be seen from the output:
root@xxxxx:~# wipe -q -r .*
Okay to WIPE 9 regular files and 7 directories ? (Yes/No) Yes
Will not remove .
Will not remove ..
Operation finished.

Finally, I thought that could be useful on Windows so I checked out: unfortunately wipe is not available in Cygwin as of today.

So I discover a shiny Mac with apparently no central unit:
“- Mkay, where’s your central unit?
- My what?
- Well, nevermind. What’s that small thing, is this the [ISP-issued modem-router]?
- That is the computer.
- Oh” (Macs, eh…)

Then my summoner demonstrated the broken internet problem: open “Internet” (Safari + Google as start page), type a search, click any result => crash:
“- Look, Internet is broken
- Actually, it’s not Internet, it’s your browser.
- My what?
- Mkay, nervermind. I’m going to install a piece of software which should fix this.”

Then I went to getfirefox and got a weird page with no download link. After a bit of searching around, I finally find a useful message: “Your OS is too old to install Firefox 3.6″. (NB: that’s not a mistake, it was a few weeks ago, the current version of Fx was 9.0, still the website was telling me “too old for Fx 3.6″). Jeez, I didn’t know Fx had such high version requirements. Tried Chrome: same problem.

“- How old is your computer?
- I don’t know…”
(of course, why did I even ask)
I browsed around a bit, finally found the OS version: Mac OS 10.3.9. (c) Apple 19??-2004. It’s amazing how a Mac is able to _look_ recent while actually being an ancestor.
“- I guess you bought it like in 2004-2005?
- Sounds about right”

That looked like a dead-end: no way to upgrade the browser without first upgrading the system. Not sure how far that old Mac (512 MiB of RAM, if I remember well…) could even be upgraded, not to mention how much it would cost.

“- Maybe… you should get a new computer?
- What? Oh noes, it’s so recent!”
(come on, it’s 8 years old, finish it already!)
“- Okay, maybe I’ve got a workaround: I can replace Google with Scroogle.
- What?
- I can replace Google with another, plainer version. It gives the same results, but without the fancy look.
- Alright!”
(yeah, usually I don’t manage to convert people to Scroogle because “yuck, it’s ugly”, but suddenly when it can save a few hundred bucks, look doesn’t matter so much anymore)

So, I replaced Google with Scroogle SSL search French in the bookmarks and start page, explain that “yes the page – title and search button – is in English but the results will favor French pages”. I then offered my summoner to try for themselves: open “Internet” (Safari + Scroogle as start page), type a search, click any result =>
“- Google works, it’s a miracle!
- Actually, it’s not really Google, it’s Scroogle.
- It’s what?
- Nvm…”

They then tried a few other searches, and at some point went to Wikipedia:
“- Wait a minute, does it look normal to you?
- What do you mean? Yeah it works great!”
Honestly, the page was a wreck. To give you an idea, if you have the technical knowledge (if you don’t, just imagine): try loading Wikipedia without the stylesheets. No wonder eventually some AJAX-intensive site managed to crash that middle-age Safari…

Anyway, the official version is I “fixed Internet”, and as a bonus I withdrew someone from BigBrother’s reach. Half an hour well spent

Installing Java

The main turn off with Freenet for me is that it’s written in Java. Once you’ve installed it you’ll see for yourself how CPU-intensive it actually is – much more than Tor (which on the opposite isn’t too demanding). Anyway, installing Java is now a bit trickier than before, because Oracle got their reference implementation removed from official distribution repositories, but OpenJDK works just as well so that’s what we’ll pick.
apt-get install openjdk-6-jdk
(that will be about 170 MiB of stuff to install)

Installing Freenet

Even though the headless server instructions there are a bit scary, I found them quite sufficient. It’s not that complicated to install after all (also, maybe after getting warmed up by Tor’s installation I’m a little biased, too ), so I’ll just list the commands you need to type (obviously, edit the pathes), and they should be pretty self-explanatory:
cd /where/you/want/to/install/it
mkdir someFolder
cd someFolder
wget https://downloads.freenetproject.org/alpha/installer/freenet07.tar.gz --no-check-certificate
tar xzf freenet07.tar.gz
Now we need to create a user for Freenet, give it a password and assign them the freenet folder:
useradd someUserName
passwd someUserName
[enter the password twice]
chown someUserName freenet -R

First Freenet launch, configuration

Connect to the machine where you just installed Freenet as this someUserName, go to the freenet folder and run run.sh:
cd /where/you/want/to/install/it/someFolder/freenet
./run.sh
FYI (actually, more for my personal archives ^^), here’s the output:

Enabling the auto-update feature
Detecting tcp-ports availability...
Downloading update.sh
Downloading wrapper_Linux.zip
Downloading freenet-stable-latest.jar
Downloading freenet-ext.jar
Downloading the JSTUN plugin
Downloading the UPnP plugin
Downloading seednodes.fref
Installing cron job to start Freenet on reboot...
Installed cron job.
Starting Freenet 0.7...
Please visit http://127.0.0.1:8888/ to configure your node
Finished

Now, you need to connect to http://127.0.0.1:8888 to configure Freenet. If, as is likely since you’re reading this tutorial on console-based installation, it’s not on the same computer as where you are now, you have 2 options:
- follow this to allow external IPs (preferably, just a specific one: yours ) to connect to your Freenet node
- create an SSH tunnel to your machine (see the second half of this old post), and then when your browser is configured to use it (NB: don’t forget to remove “127.0.0.1″ from the exclusion list, in Firefox called “no proxy for”), going to http://127.0.0.1:8888 will actually go to your server.

Well, that’s pretty much it, now just configure it from the GUI as you wish. Here are a few hints, though:

• You should increase the RAM available to Freenet. By default it’s 128, it would be a good idea to at least double it. Actually 512 MiB would be even nicer. Note that you’ll have to restart Freenet in order for the change to be applied. The RAM can also be configured manually in wrapper.conf:
  wrapper.java.initmemory=60
wrapper.java.maxmemory=512
• You’ll probably want to review input and output bandwidth settings (although you already had the opportunity to do so during the first launch wizard)
• You’ll want to increase the datastore size (this helps the network) and the client cache (this helps you ), because during the first launch wizard you aren’t really given much choice for some reason… Respectively 50GiB and 25GiB could be fine for instance, although of course you can increase that much more. Note however that whenever you change those settings Freenet will rebuild its database, which means it will be somewhat slower for a while.
• Finally, it’s probably a good idea to install some social plugins such as WebOfTrust and Freetalk (both are official plugins), which will give you access to discussion boards. Other plugins of interest: Sone (kind of a social network), Library (search engine), Freenet Search (search engine too).

Bonus: solving the “There isn’t enough entropy available on your system… Freenet won’t start until it can gather enough.” error

Freenet seems to have massive needs for entropy, and if you happen to run out of it, it might take some time to spontaneously replenish. A quick way to boost this is to generate lots of disk access. I saw the suggestion of running find / >/dev/null, but it didn’t help a lot for me, maybe because my HD isn’t that filled. What worked great was to either copy a big directory, or even simpler, to download some large file, like: wget ftp://ftp.free.fr/mirrors/ftp.ubuntu.com/dvd/current/precise-dvd-amd64.iso

Bonus 2: restarting/stopping the node without using the web GUI

The ./run.sh script can be run with arguments, such as ./run.sh restart or ./run.sh stop

Dealing with package manager stuff

The first step is to configure the package manager to use Tor’s repository, because distribution repositories are, as you know, always outdated. On this part, the Tor project documentation (for Ubuntu and Debian) is good enough (NB: here is the page for Fedora / CentOS / SUSE). Basically:
nano /etc/apt/sources.list
and at the bottom, add (for Ubuntu 11.10):
deb http://deb.torproject.org/torproject.org oneiric main
You can now proceed to installation:
apt-get install tor tor-geoipdb

Editing the configuration file (torrc)

Installing Tor this way also starts it, but the default configuration is not to relay any traffic. We now need to configure is as a relay. The configuration file to edit is usually, as mentioned there, /etc/tor/torrc:
nano /etc/tor/torrc
In this file, the settings you’ll want to look at are:

• uncomment Log notice file /var/log/tor/notices.log if you want to avoid a notice in ARM (see below for what ARM is)
• uncomment ControlPort 9051 so that ARM can be used to control and monitor Tor
• uncomment ORPort and (optionally but recommended, I guess) change its value to some random available port. That’s the port that will be used by other nodes to connect to yours
• optionally uncomment Nickname and give a name to your node
• set RelayBandwidthRate and RelayBandwidthBurst. Those are the maximum bandwidth that can be used by Tor constantly and in burst, respectively. For instance:

  RelayBandwidthRate 5000 KB  # Throttle traffic to 100KB/s (800Kbps)
  RelayBandwidthBurst 7000 KB # But allow bursts up to 200KB/s (1600Kbps)

  Beware those values are in Bytes, not bits.

• if you have a traffic quota (and don’t want to blow it), you’ll want to configure AccountingMax and AccountingStart
• optionally, you can put your name and (spam protected) e-mail, or even your GPG fingerprint, in ContactInfo. According to the comments it can be used to contact you in case your node goes wild or something.
• optionally, you can also configure DirPort to mirror directory information on this port.
• finally, the most important part: choose whether you want to be just a relay or an exit node. To be just a relay, set:
  ExitPolicy reject *:*
  To be an exit node, you can either leave at is, or replace the default exit policy (in order to do the later, do read the instructions carefully). Note that being an exit can bring you trouble because there’s always a risk of abuse, so at least do check your country’s law, the law of your host’s country, and your host’s TOS. But I guess you’re already aware of that anyway.

Additionally, if you want to remotely use your node to enter the Tor network to surf yourself, well, I suppose it can be configured using SocksPort, SocksListenAddress, SocksPolicy accept and SocksPolicy reject, but I haven’t figured out how to do that yet :/

ARM: a terminal-friendly GUI

Last step, let’s install a nice piece of helper software called ARM (for “anonymizing relay monitor”), which is basically a nice console-based GUI to monitor and have some control over Tor. On Ubuntu 11.10 it’s as simple as:
apt-get install tor-arm

In order to use ARM, you’ll have to enable Tor control port first. You already entered it in the configuration file (if you followed the guide properly, at least), so we just need to apply the configuration:
/etc/init.d/tor reload

Now you can just type arm to launch ARM and view some neat information about your node, like the traffic graph, inbound and outbound nodes, etc.

Bonus: what’s a stable node, what’s a guard node?

A little bonus, because that’s something that puzzled me for a while: on some Tor node listings, you can see that servers have flags, notably some servers are flagged as “guard” and some are flagged as “stable”. If you’re curious about what it means, here it is, right from the specification:

"Guard" -- A router is a possible 'Guard' if its Weighted Fractional
Uptime is at least the median for "familiar" active routers, and if
its bandwidth is at least median or at least 250KB/s.

	To calculate weighted fractional uptime, compute the fraction
	of time that the router is up in any given day, weighting so that
	downtime and uptime in the past counts less.

	A node is 'familiar' if 1/8 of all active nodes have appeared more
	recently than it, OR it has been around for a few weeks.

"Stable" -- A router is 'Stable' if it is active, and either its Weighted
MTBF is at least the median for known active routers or its Weighted MTBF
corresponds to at least 7 days. Routers are never called Stable if they are
running a version of Tor known to drop circuits stupidly.  (0.1.1.10-alpha
through 0.1.1.16-rc are stupid this way.)

	To calculate weighted MTBF, compute the weighted mean of the lengths
	of all intervals when the router was observed to be up, weighting
	intervals by $\alpha^n$, where $n$ is the amount of time that has
	passed since the interval ended, and $\alpha$ is chosen so that
	measurements over approximately one month old no longer influence the
	weighted MTBF much.

	[XXXX what happens when we have less than 4 days of MTBF info.]

Sources (other than those already mentioned in the text):

• Tor – Community Ubuntu Documentation
• Ubuntu howto for CLI install of Tor relay?
• Torstatus: What does stable server mean?

So, here are a few listings that seems to be regularly updated (as of today, at least):

• http://torstatus.all.de/index.php?SR=Bandwidth&SO=Desc: has lots of details (notably, they do make the difference between exit nodes and simple relays), but is probably not trivial to parse automatically. NB: if you’re on Firefox, beware that it will slow down the browser massively for a few seconds. It’s fine on Iron, though.
• http://torstatus.blutmagie.de/index.php?SR=Bandwidth&SO=Desc: pretty much the same as the previous one (still a Fx killer, notably!), but hosted elsewhere.
• http://torstatus.rueckgr.at/index.php: and the same again, somewhere else.
• http://www.ircproxy.net/torlist/: just a list of IPs, probably great to parse. Also mention the update date, even though I guess it’s not a guarantee.
• http://files.sabmx.net/pg2/tor_block.txt: also just a list of IP, indicated as IP ranges.
• http://teksimple.com/tornodes.txt: that’s probably the easiest one to parse: just a text list, one IP per line, update date and time on first line.

Note however that it seems pretty much impossible to perform a DDoS attack from the Tor network (limitation #1 being it doesn’t really have that much bandwidth available), so there’s no reason to be a jackass like Daniel Austin MBCS and ban all traffic from Tor nodes. Particularly, blocking traffic from non-exit nodes altogether is seriously retarded. Purely banning all traffic from Tor also means you’d simply play along SOPA and alike. You might want instead to maybe just make the spam filter harsher, or systematically manual, on contents coming from Tor.
Well, anyway, you got the list now act smart with it.

Changelog:

• Fixed a bug with character encoding and encrypting. Not really sure of what happens when people on the other side send you encrypted message in a different charset though – bottomline is: if you don’t want mojibake, don’t use funky characters. Maybe eventually character encoding will be a configurable setting.
• Added automated line-breaking when sending an unencrypted signed message. This is because buggy webmails tend to break long lines themselves, corrupting the signature in the process. Once again, this should become a configurable thing in the end.
• Bumped version number a little, too many leading zeros was a bit hard to follow
• Added a comment line about VisualGPG in the PGP block.

The download link remains the same: VisualGPG-latest (0.1.2)