Mon Sep 1 16:34:57 UTC 2008

Author: anonym
Date: 2008-09-01 12:34:57 -0400 (Mon, 01 Sep 2008)
New Revision: 16717

Added:
   incognito/branches/hardened/portage.overlay/app-crypt/
   incognito/branches/hardened/portage.overlay/app-crypt/gnupg/
   incognito/branches/hardened/portage.overlay/app-crypt/gnupg/Manifest
   incognito/branches/hardened/portage.overlay/app-crypt/gnupg/files/
   incognito/branches/hardened/portage.overlay/app-crypt/gnupg/files/gnupg-2.0.9-gcc-4.3.patch
   incognito/branches/hardened/portage.overlay/app-crypt/gnupg/gnupg-2.0.9.ebuild
   incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.7.ebuild
   incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/
   incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/Manifest
   incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild
Removed:
   incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.6.ebuild
   incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/Manifest
   incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild
Modified:
   incognito/branches/hardened/arch/x86/livecd-stage1.spec
   incognito/branches/hardened/arch/x86/livecd-stage2.spec
   incognito/branches/hardened/fsscript.sh
   incognito/branches/hardened/portage.config/package.keywords
   incognito/branches/hardened/portage.overlay/net-misc/vidalia/Manifest
   incognito/branches/hardened/root_overlay/usr/sbin/create-homevol
   incognito/branches/hardened/root_overlay/usr/sbin/enable-persistent-vol
   incognito/branches/hardened/root_overlay/usr/sbin/mount-homevol
   incognito/branches/hardened/root_overlay/usr/share/incognito/docs.html
   incognito/branches/hardened/root_overlay/usr/share/incognito/walkthrough/walkthrough.html
   incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js
   incognito/branches/hardened/root_overlay/var/lib/kdesession/torkrc
Log:
Brought hardened branch up to speed with trunk to see if recent changes clash.


Modified: incognito/branches/hardened/arch/x86/livecd-stage1.spec
===================================================================

--- incognito/branches/hardened/arch/x86/livecd-stage1.spec	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/arch/x86/livecd-stage1.spec	2008-09-01 16:34:57 UTC (rev 16717)
@@ -180,6 +180,7 @@
 	mail-mta/mixminion
 	media-gfx/fbgrab
 	media-fonts/arphicfonts
+	media-fonts/font-misc-misc
 	media-fonts/kochi-substitute
 	media-video/kplayer
 	media-video/mplayer
@@ -223,6 +224,7 @@
 	net-wireless/iwl3945-ucode
 	net-wireless/iwl4965-ucode
 	net-wireless/kdebluetooth
+	net-wireless/madwifi-ng-tools
 	net-wireless/prism54-firmware
 	net-wireless/wireless-tools
 	net-wireless/wpa_supplicant
@@ -261,6 +263,7 @@
 	x11-plugins/enigmail-bin
 	x11-plugins/firefox-quick-locale-switcher
 	x11-plugins/firegpg
+	x11-plugins/forcehttps
 	x11-plugins/pidgin-otr
 	x11-plugins/purple-plugin_pack
 	x11-plugins/refcontrol

Modified: incognito/branches/hardened/arch/x86/livecd-stage2.spec
===================================================================
--- incognito/branches/hardened/arch/x86/livecd-stage2.spec	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/arch/x86/livecd-stage2.spec	2008-09-01 16:34:57 UTC (rev 16717)
@@ -99,9 +99,6 @@
 	net-wireless/at76c503a
 # Not installed for space
 #	net-wireless/fwlanusb
-	net-wireless/hostap-utils
-	net-wireless/madwifi-ng
-	net-wireless/madwifi-ng-tools
 # Broken on 2.6.23, in-kernel driver (with WPA!) in 2.6.25
 #	net-wireless/rtl8180
 	sys-apps/pcmciautils

Modified: incognito/branches/hardened/fsscript.sh
===================================================================
--- incognito/branches/hardened/fsscript.sh	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/fsscript.sh	2008-09-01 16:34:57 UTC (rev 16717)
@@ -237,10 +237,6 @@
 #echo "Removing dangling links"
 #symlinks -dr /
 
-# Make netstat SUID root so user programs such as TorK can monitor the network
-chmod u+s /bin/netstat
-ln -s /bin/netstat /bin/torknetstat
-
 # Seems re-merge of ncurses does not remove /usr/share/terminfo
 rm -rf /usr/share/terminfo
 ln -s /etc/terminfo /usr/share/terminfo

Modified: incognito/branches/hardened/portage.config/package.keywords
===================================================================
--- incognito/branches/hardened/portage.config/package.keywords	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/portage.config/package.keywords	2008-09-01 16:34:57 UTC (rev 16717)
@@ -84,4 +84,3 @@
 x11-libs/libsynaptics ~*
 x11-misc/xdialog ~*
 =x11-drivers/xf86-video-sis-0.9.4 ~*
-=media-gfx/splashutils-1.5.4.2 ~*

Added: incognito/branches/hardened/portage.overlay/app-crypt/gnupg/Manifest
===================================================================
--- incognito/branches/hardened/portage.overlay/app-crypt/gnupg/Manifest	                        (rev 0)
+++ incognito/branches/hardened/portage.overlay/app-crypt/gnupg/Manifest	2008-09-01 16:34:57 UTC (rev 16717)
@@ -0,0 +1,3 @@
+AUX gnupg-2.0.9-gcc-4.3.patch 437 RMD160 44717ceb9cec62b0962c0ee1a533bbf24a6e8658 SHA1 42531c856bd885c76683cfdb312f4a0985b94ea4 SHA256 5fda371998ebf521b57c36ac8b47d0f9069a9d43238850520370f8fab55fa171
+DIST gnupg-2.0.9.tar.bz2 3718925 RMD160 175f8d4e83dd6ae8e186b7c09bb8bdbb001a5799 SHA1 959bdb934e3a72d256bfbd0122d996a73adb5d1f SHA256 2dc124908a1dfa3b79d2b0a82aa1a31817128feb14e84a26226beaab13179686
+EBUILD gnupg-2.0.9.ebuild 2523 RMD160 ea715e347dacb4171ff1570e375ca705778e5107 SHA1 ddc680c643328dcb52480377ec033e56639d2021 SHA256 701946b90f4deb5d839cd35ff7e845015b4e3257ab7b0297dd0917bdbde4069d

Added: incognito/branches/hardened/portage.overlay/app-crypt/gnupg/files/gnupg-2.0.9-gcc-4.3.patch
===================================================================
--- incognito/branches/hardened/portage.overlay/app-crypt/gnupg/files/gnupg-2.0.9-gcc-4.3.patch	                        (rev 0)
+++ incognito/branches/hardened/portage.overlay/app-crypt/gnupg/files/gnupg-2.0.9-gcc-4.3.patch	2008-09-01 16:34:57 UTC (rev 16717)
@@ -0,0 +1,11 @@
+--- keyserver/gpgkeys_curl.c	2007-07-04 15:26:13.000000000 +0200
++++ keyserver/gpgkeys_curl.c.new	2008-04-16 22:14:52.000000000 +0200
+@@ -300,7 +300,7 @@
+       curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
+     }
+ 
+-  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,opt->flags.check_cert);
++  curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER, opt->flags.check_cert != 0);
+   curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
+ 
+   if(proxy)

Added: incognito/branches/hardened/portage.overlay/app-crypt/gnupg/gnupg-2.0.9.ebuild
===================================================================
--- incognito/branches/hardened/portage.overlay/app-crypt/gnupg/gnupg-2.0.9.ebuild	                        (rev 0)
+++ incognito/branches/hardened/portage.overlay/app-crypt/gnupg/gnupg-2.0.9.ebuild	2008-09-01 16:34:57 UTC (rev 16717)
@@ -0,0 +1,93 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-2.0.9.ebuild,v 1.9 2008/05/06 14:42:10 jer Exp $
+
+inherit flag-o-matic eutils toolchain-funcs
+
+DESCRIPTION="The GNU Privacy Guard, a GPL pgp replacement"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="mirror://gnupg/gnupg/${P}.tar.bz2"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="alpha amd64 ~arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"
+IUSE="bzip2 doc ldap nls openct pcsc-lite smartcard selinux"
+
+COMMON_DEPEND="
+	virtual/libc
+	>=dev-libs/pth-1.3.7
+	>=dev-libs/libgcrypt-1.2.2
+	>=dev-libs/libksba-1.0.2
+	>=dev-libs/libgpg-error-1.4
+	>=net-misc/curl-7.7.2
+	bzip2? ( app-arch/bzip2 )
+	pcsc-lite? ( >=sys-apps/pcsc-lite-1.3.0 )
+	openct? ( >=dev-libs/openct-0.5.0 )
+	ldap? ( net-nds/openldap )
+	app-crypt/pinentry"
+
+DEPEND="${COMMON_DEPEND}
+	>=dev-libs/libassuan-1.0.4
+	nls? ( sys-devel/gettext )
+	doc? ( sys-apps/texinfo )"
+
+RDEPEND="${COMMON_DEPEND}
+	!app-crypt/gpg-agent
+	!<=app-crypt/gnupg-2.0.1
+	virtual/mta
+	selinux? ( sec-policy/selinux-gnupg )
+	nls? ( virtual/libintl )"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}/${P}-gcc-4.3.patch"
+}
+
+src_compile() {
+	econf \
+		--libexecdir="/usr/libexec/gnupg" \
+		--docdir="/usr/share/doc/${PF}" \
+		--enable-symcryptrun \
+		--enable-gpg \
+		--enable-gpgsm \
+		--enable-agent \
+		$(use_enable bzip2) \
+		$(use_enable smartcard scdaemon) \
+		$(use_enable nls) \
+		$(use_enable ldap) \
+		--disable-capabilities \
+		CC_FOR_BUILD=$(tc-getBUILD_CC) \
+		|| die
+	emake || die
+	if use doc; then
+		cd doc
+		emake html || die
+	fi
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die
+	dodoc ChangeLog NEWS README THANKS TODO VERSION
+
+	mv "${D}/usr/share/gnupg"/{help*,faq*,FAQ} "${D}/usr/share/doc/${PF}"
+	prepalldocs
+
+	dosym gpg2 /usr/bin/gpg
+	dosym gpgv2 /usr/bin/gpgv
+	dosym gpg2keys_hkp /usr/libexec/gnupg/gpgkeys_hkp
+	dosym gpg2keys_finger /usr/libexec/gnupg/gpgkeys_finger
+	dosym gpg2keys_curl /usr/libexec/gnupg/gpgkeys_curl
+	use ldap && dosym gpg2keys_ldap /usr/libexec/gnupg/gpgkeys_ldap
+	echo ".so man1/gpg2.1" > "${D}/usr/share/man/man1/gpg.1"
+	echo ".so man1/gpgv2.1" > "${D}/usr/share/man/man1/gpgv.1"
+
+	use doc && dohtml doc/gnupg.html/* doc/*jpg doc/*png
+}
+
+pkg_postinst() {
+	elog "If you wish to view images emerge:"
+	elog "media-gfx/xloadimage, media-gfx/xli or any other viewer"
+	elog "Remember to use photo-viewer option in configuration file to activate"
+	elog "the right viewer"
+}

Modified: incognito/branches/hardened/portage.overlay/net-misc/vidalia/Manifest
===================================================================
--- incognito/branches/hardened/portage.overlay/net-misc/vidalia/Manifest	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/portage.overlay/net-misc/vidalia/Manifest	2008-09-01 16:34:57 UTC (rev 16717)
@@ -1,2 +1,2 @@
-DIST vidalia-0.1.6.tar.gz 2096145 RMD160 2a0ffb527af4e91642fe3b69ff1382bdf8e272c5 SHA1 7e2181dc998e4b1e99d64481c3984cd8a837120f SHA256 2824a9cf9fd53b1aad981202601713116744a3a3bc3f4ff265195c7093c9c33f
-EBUILD vidalia-0.1.6.ebuild 735 RMD160 0c11318147d921b1907fe1ac3588fba014541e6c SHA1 f72ed6553f1ba27a723f137fd979768ccc9408f3 SHA256 f2e3d72b94f8f73e7a92d883aeebf50991bd98814c96ab645f357ea55fab4532
+DIST vidalia-0.1.7.tar.gz 2123747 RMD160 85c77e755c56d56a4d039fb5ea5311d0afce62c6 SHA1 707885bf755e53e6a5269202238c451aaee525a3 SHA256 eaef8698f12ad56991acff04439dcc3bcd1d6087665237a184f2a4e8db4f5d69
+EBUILD vidalia-0.1.7.ebuild 1062 RMD160 ce9d05139a15e34ca6d8efe42e2c9928cf80b711 SHA1 9fddcd2032abfd256b3ee6ed2833af34658dbf84 SHA256 1a6820b074b4d8a37c95e7321053802ca9a2e9e2bd9ee587cbb2b5d7be2a50d8

Deleted: incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.6.ebuild
===================================================================
--- incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.6.ebuild	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.6.ebuild	2008-09-01 16:34:57 UTC (rev 16717)
@@ -1,28 +0,0 @@
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-inherit cmake-utils
-
-DESCRIPTION="Qt 4 front-end for Tor"
-HOMEPAGE="http://www.vidalia-project.net/"
-SRC_URI="http://www.vidalia-project.net/dist/${P}.tar.gz"
-
-LICENSE="GPL-2 GPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-IUSE="debug"
-
-DEPEND=">=x11-libs/qt-4.1
-	>=dev-util/cmake-2.4.0"
-RDEPEND=">=x11-libs/qt-4.1
-	>=net-misc/tor-0.1.2.18"
-
-DOCS="CHANGELOG CREDITS LICENSE README"
-
-pkg_setup() {
-	if use debug && ! built_with_use ">=x11-libs/qt-4.1" debug; then
-		eerror "In order to have debug support for Vidalia"
-		eerror "you need to compile Qt 4 with debug support too."
-		die "Qt 4 built without debug support"
-	fi
-}

Copied: incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.7.ebuild (from rev 16614, incognito/trunk/portage.overlay/net-misc/vidalia/vidalia-0.1.7.ebuild)
===================================================================
--- incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.7.ebuild	                        (rev 0)
+++ incognito/branches/hardened/portage.overlay/net-misc/vidalia/vidalia-0.1.7.ebuild	2008-09-01 16:34:57 UTC (rev 16717)
@@ -0,0 +1,34 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/vidalia/vidalia-0.1.7.ebuild,v 1.1 2008/08/11 23:11:29 yngwin Exp $
+
+EAPI="1"
+inherit eutils qt4 cmake-utils
+# cmake-utils needs to be last, so we get its src_compile()
+
+DESCRIPTION="Qt 4 front-end for Tor"
+HOMEPAGE="http://www.vidalia-project.net/"
+SRC_URI="http://www.vidalia-project.net/dist/${P}.tar.gz"
+
+LICENSE="|| ( GPL-3 GPL-2 ) openssl"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~sparc ~x86"
+IUSE="debug"
+
+DEPEND="|| ( x11-libs/qt-gui:4 =x11-libs/qt-4.3* )
+	dev-util/cmake"
+RDEPEND="|| ( x11-libs/qt-gui:4 =x11-libs/qt-4.3* )
+	net-misc/tor"
+
+use debug && QT4_BUILT_WITH_USE_CHECK="debug"
+
+DOCS="CHANGELOG CREDITS README"
+
+pkg_postinst() {
+	echo
+	ewarn "To have vidalia starting tor, you probably have to copy"
+	ewarn "/etc/tor/torrc.sample to the users ~/.tor/torrc and comment"
+	ewarn "the settings there and change the socks. Also, in vidalia"
+	ewarn "change the default user under which tor will run."
+	echo
+}

Copied: incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps (from rev 16614, incognito/trunk/portage.overlay/x11-plugins/forcehttps)

Deleted: incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/Manifest
===================================================================
--- incognito/trunk/portage.overlay/x11-plugins/forcehttps/Manifest	2008-08-20 23:12:25 UTC (rev 16614)
+++ incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/Manifest	2008-09-01 16:34:57 UTC (rev 16717)
@@ -1,2 +0,0 @@
-DIST forcehttps-0.4.3.xpi 16274 RMD160 c25ea95cd93359dedf425c2225e5c0de922b8acc SHA1 c52f0cd9431e4006261e6c1aafb47e301ceedd57 SHA256 611f732d9a2542d388a9de8e5fb63ac08541fa80a5b6aa34a8863e83f9b56edd
-EBUILD forcehttps-0.4.3.ebuild 1033 RMD160 4154ed604cab4bf91114e3ee8f4333cbca0c229f SHA1 60ee13c0fd2b05dcf65fd154ca7334a0b59083f4 SHA256 82a6163ee1eb6c86d3ef50c9eca6e1bccd751ff655d854e5d753c4d309529db5

Copied: incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/Manifest (from rev 16614, incognito/trunk/portage.overlay/x11-plugins/forcehttps/Manifest)
===================================================================
--- incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/Manifest	                        (rev 0)
+++ incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/Manifest	2008-09-01 16:34:57 UTC (rev 16717)
@@ -0,0 +1,2 @@
+DIST forcehttps-0.4.3.xpi 16274 RMD160 c25ea95cd93359dedf425c2225e5c0de922b8acc SHA1 c52f0cd9431e4006261e6c1aafb47e301ceedd57 SHA256 611f732d9a2542d388a9de8e5fb63ac08541fa80a5b6aa34a8863e83f9b56edd
+EBUILD forcehttps-0.4.3.ebuild 1033 RMD160 4154ed604cab4bf91114e3ee8f4333cbca0c229f SHA1 60ee13c0fd2b05dcf65fd154ca7334a0b59083f4 SHA256 82a6163ee1eb6c86d3ef50c9eca6e1bccd751ff655d854e5d753c4d309529db5

Deleted: incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild
===================================================================
--- incognito/trunk/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild	2008-08-20 23:12:25 UTC (rev 16614)
+++ incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild	2008-09-01 16:34:57 UTC (rev 16717)
@@ -1,40 +0,0 @@
-# Distributed under the terms of the GNU General Public License v2
-
-inherit mozextension multilib
-
-DESCRIPTION="Firefox extension that forces HTTPS whenever available."
-HOMEPAGE="https://crypto.stanford.edu/forcehttps/"
-SRC_URI="https://crypto.stanford.edu/forcehttps/${P}.xpi"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
-IUSE=""
-
-RDEPEND="|| (
-  >=www-client/mozilla-firefox-bin-1.5.0.7
-  >=www-client/mozilla-firefox-1.5.0.7
-)"
-
-DEPEND="${RDEPEND}"
-
-S=${WORKDIR}
-
-src_unpack() {
-	xpi_unpack "${P}.xpi"
-}
-
-src_install() {
-	declare MOZILLA_FIVE_HOME
-	if has_version '>=www-client/mozilla-firefox-1.5.0.7'; then
-		MOZILLA_FIVE_HOME="/usr/$(get_libdir)/mozilla-firefox"
-	elif has_version '>=www-client/mozilla-firefox-bin-1.5.0.7'; then
-		MOZILLA_FIVE_HOME="/opt/firefox"
-	fi
-
-	#xpi_install "${S}"/"${P}"
-	#workaround for a bug (?) in xpi_install?
-	cd "${S}/${P}"
-	insinto "${MOZILLA_FIVE_HOME}/extensions/forcehttps at stanford.edu"
-	doins -r "${S}/${P}"/* || die "failed to copy extension"
-}

Copied: incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild (from rev 16614, incognito/trunk/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild)
===================================================================
--- incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild	                        (rev 0)
+++ incognito/branches/hardened/portage.overlay/x11-plugins/forcehttps/forcehttps-0.4.3.ebuild	2008-09-01 16:34:57 UTC (rev 16717)
@@ -0,0 +1,40 @@
+# Distributed under the terms of the GNU General Public License v2
+
+inherit mozextension multilib
+
+DESCRIPTION="Firefox extension that forces HTTPS whenever available."
+HOMEPAGE="https://crypto.stanford.edu/forcehttps/"
+SRC_URI="https://crypto.stanford.edu/forcehttps/${P}.xpi"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
+IUSE=""
+
+RDEPEND="|| (
+  >=www-client/mozilla-firefox-bin-1.5.0.7
+  >=www-client/mozilla-firefox-1.5.0.7
+)"
+
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}
+
+src_unpack() {
+	xpi_unpack "${P}.xpi"
+}
+
+src_install() {
+	declare MOZILLA_FIVE_HOME
+	if has_version '>=www-client/mozilla-firefox-1.5.0.7'; then
+		MOZILLA_FIVE_HOME="/usr/$(get_libdir)/mozilla-firefox"
+	elif has_version '>=www-client/mozilla-firefox-bin-1.5.0.7'; then
+		MOZILLA_FIVE_HOME="/opt/firefox"
+	fi
+
+	#xpi_install "${S}"/"${P}"
+	#workaround for a bug (?) in xpi_install?
+	cd "${S}/${P}"
+	insinto "${MOZILLA_FIVE_HOME}/extensions/forcehttps at stanford.edu"
+	doins -r "${S}/${P}"/* || die "failed to copy extension"
+}

Modified: incognito/branches/hardened/root_overlay/usr/sbin/create-homevol
===================================================================
--- incognito/branches/hardened/root_overlay/usr/sbin/create-homevol	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/root_overlay/usr/sbin/create-homevol	2008-09-01 16:34:57 UTC (rev 16717)
@@ -13,22 +13,28 @@
 BACKTITLE="__INCOGNITO__"
 LOCK_FILE="${MEDIAROOT}/LOCK_NO_PERSISTENT"
 MIN_SIZE=$(( $(du -sk /home | awk '{print $1}') / 1024 + 30)) # add another 30 MB just to be sure it will work.
+
+# set the maximum size to the lowest for free space and 4095 MB, the latter
+# which is the maximum file size available on VFAT.
+# fixme: for some reason, 2047 MB seems to be the max...
 MAX_SIZE=$(( ${MEDIAFREE} / 1024 ))
+if [[ ${MAX_SIZE} -gt 2047 ]]; then
+	MAX_SIZE=2047
+fi 
+
 QUESTION_HOME_PART="Use the UP and DOWN arrowkeys, and TAB to navigate between different fields and buttons in this guide. You may press ESC/Escape at any time to exit this guide.
 
-Would you like to create a persistent home volume that will keep your data over __INCOGNITO__ sessions? This means that application settings and file changes in your home directory will persist through computer shutdowns which is not normally the case with __INCOGNITO__ (normally everything is reseted on a reboot)."
+Would you like to create a persistent home volume that will keep your data over __INCOGNITO__ sessions? This means that application settings and file changes in your home directory will persist through computer shutdowns. For more information, see the __INCOGNITO__ Walkthrough."
 QUESTION_DISABLE_PERSISTENT="Would you like to disable the previous prompt? That way the start sequence will not get interrupted when booting __INCOGNITO__ like it was this time.
 
-If you choose 'yes' here this can be undone by running \"Enable persistant home volume\" located in the Incognito section of the K-menu."
-QUESTION_SIZE="Enter the size in megabytes for the home volume. ${MIN_SIZE} MB is the smallest we allow, but it is strongly recommended to use more. There will be a recommended value in the input field which work for most users. The recommended value will utilize most space but save a little so that future upgrades of __INCOGNITO__ will fit. If you plan to store other files on the media you should take that into account and decrease the volume size appropriately."
+If you choose 'yes' here this can be undone by running \"Enable persistant home volume\" located in the __INCOGNITO__ section of the K-menu."
+QUESTION_SIZE="Enter the size in megabytes for the home volume. ${MIN_SIZE} MB is the smallest we allow, but it is strongly recommended to use more, but not more than ${MAX_SIZE} MB. There will be a recommended value in the input field which work for most users. The recommended value will utilize most space but save a little so that future upgrades of __INCOGNITO__ will fit. If you plan to store other files on the media you should take that into account and decrease the volume size appropriately."
 QUESTION_ENCRYPTION="Would you like to encrypt the home volume using TrueCrypt? This is strongly recommended as it will make your data unreadable for everyone that does not have the password you choose unless they can guess it. The only inconvenience added for this is that you will be prompted for the password at each start up."
 QUESTION_HIDDEN_VOLUME="Do you want to use a hidden home volume?
 
-A hidden volume offers you plausable deniability which is essential in case you live in a country where you must hand over encryption keys and passwords to the authorities when suspected for a crime (like in the UK). The hidden volume will reside in the free space of the normal volume, and you will have two different passwords; one that grants access to the normal volume and one that grants access to the hidden volume. When the password promt appears during the __INCOGNITO__ start sequence you simply choose which one of these to use. The password for the normal volume can be given away to the authorities when they so demand, and as long as you claim that this is the only password you have they cannot prove of the hidden volume's existence. This is why you get plausible deniability.
-
-If you choose to use a hidden volume you should do all your real work within your hidden volume, which you access with the hidden volume password. Only occasionally should you log in to the normal volume and do some \"normal\", innocent things (i.e. no illegal or otherwise sensitive activites) just so it looks like it is being used, otherwise the authorities might become suspicious when they discover that you have not touched it. But beware! When only entering the normal volume password to access the normal volume, you risk damaging the normal volume. However, the __INCOGNITO__ password prompt supports a safe way to access the normal volume by specifying both passwords. In this mode, changes that otherwise would damage the hidden volume are undone. Be sure to use this mode whenever you want to access the normal volume."
+A hidden volume offers you plausable deniability which is essential in case you live in a country where you must hand over encryption keys and passwords to the authorities when suspected for a crime (like in the UK). For more information, see the __INCOGNITO__ Walkthrough."
 QUESTION_HIDDEN_SIZE="How much of the normal home volume's capacity would you like the hidden home volume to use? The hidden volume is the one you should use for real work, so try to put as much as possible there. If you choose the maximum value (recommended), around ${MIN_SIZE} MB is left for the normal volume so it will work to some degree, but if you want it to work well (e.g. be able to do web browsing) you should leave even more space for the normal volume. Leaving 50 MB should be enough for most purposes."
-PASSWORD_RECOMMENDATION="REMEMBER TO USE STRONG PASSWORDS! Blank passwords are not accepted. To be safe it is recommended to use at least 12 characters including both upper and lower case letters, numbers and special characters, without any words from any language or other similar systems. It should be as random (and long) as your memory allows."
+PASSWORD_RECOMMENDATION="REMEMBER TO USE STRONG PASSWORDS! Blank passwords are not accepted. To be safe it is recommended to use AT LEAST 12 characters including both upper and lower case letters, numbers and special characters, without any words from any language or other similar systems. It should be as random (and long) as your memory allows."
 PASSWORD_NORMAL_VS_HIDDEN="As you will use a hidden volume, this password (i.e. for the normal volume) should be easy to remember and need not be particularly strong, just enough to fool the authorities. Only the hidden volume's password needs to be strong."
 QUESTION_NORMAL_PASSWORD="Please enter the password for the normal volume.
 

Modified: incognito/branches/hardened/root_overlay/usr/sbin/enable-persistent-vol
===================================================================
--- incognito/branches/hardened/root_overlay/usr/sbin/enable-persistent-vol	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/root_overlay/usr/sbin/enable-persistent-vol	2008-09-01 16:34:57 UTC (rev 16717)
@@ -14,7 +14,7 @@
 DIALOG="${DIALOG} --wrap --cr-wrap --left"          
 
 # there probably is a better way to determine if we run from CD or USB
-if [[ -e ${MEDIAROOT}/isolinux -a ! -e ${MEDIAROOT}/syslinux ]]; then
+if [[ -e ${MEDIAROOT}/isolinux ]] && [[ ! -e ${MEDIAROOT}/syslinux ]]; then
 	${DIALOG} --msgbox "You are running from CD. You need to run __INCOGNITO__ from USB in order to use a persistent home volume." 0 ${DEFAULT_WIDTH}
 	exit 1
 fi

Modified: incognito/branches/hardened/root_overlay/usr/sbin/mount-homevol
===================================================================
--- incognito/branches/hardened/root_overlay/usr/sbin/mount-homevol	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/root_overlay/usr/sbin/mount-homevol	2008-09-01 16:34:57 UTC (rev 16717)
@@ -6,13 +6,11 @@
 
 # dialog text for TC password prompt
 BACKTITLE="__INCOGNITO__"
-LABEL_PASSWORD="Password"
-LABEL_OPT_PWD="Optional password"
-QUESTION_PASSWORD="Please enter the password(s) for the home volume, or choose cancel to boot with default settings and no persistent storage. Use the UP and DOWN arrows to navigate between the password fields and TAB to switch between <OK> and <Cancel>.
+LABEL_PWD1="Password"
+LABEL_PWD2="Password"
+QUESTION_PASSWORD="Please enter the password(s) for the home volume(s) you want to access, or choose cancel to boot with default settings and no persistent storage. For more information, see the __INCOGNITO__ walktrhough.
 
-To get standard access to a volume, enter the appropriate password in the '${LABEL_PASSWORD}' field and leave the ${LABEL_OPT_PWD} blank. For example, if you do NOT have a hidden volume, you should always simply enter your single password in the '${LABEL_PASSWORD}' field. If you have a hidden volume and want to access it you instead enter the hidden volume password in the '${LABEL_PASSWORD}' field.
-
-If you have a hidden volume but want to access the normal volume safely, enter the normal volume password in the '${LABEL_PASSWORD}' field and the hidden volume password in the '${LABEL_OPT_PWD}' field. If you enter the normal volume password without entering the hidden volume password in this way you risk corrupting the hidden volume and make it inaccessible."
+Use the UP and DOWN arrows to navigate between the password fields and TAB to switch between <OK> and <Cancel>."
 QUESTION_ERROR="An error occurred opening the volume, see above. Hit ENTER/RETURN to try again"
 TITLE="Open Persistent Home Volume"
 
@@ -40,7 +38,7 @@
 if [[ ${TYPE} == "TC" ]]; then
 	# Ask for truecrypt password, use password from creating (hidden volume preferred) if available
 	while true; do
-		dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_PASSWORD}" 0 0 0 "${LABEL_PASSWORD}" 1 0 "" 2 0 40 1024 "${LABEL_OPT_PWD}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
+		dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_PASSWORD}" 0 0 0 "${LABEL_PWD1}" 1 0 "" 2 0 40 1024 "${LABEL_PWD2}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
 		if [[ $? -ne 0 ]]; then
 			clear
 			rm /tmp/dialog
@@ -53,14 +51,28 @@
 		TRUECRYPT_PW2="$( tail -n 1 /tmp/dialog )"	
 		shred -u /tmp/dialog
 
-		# if we got both passwords, try mounting the normal volume safely, otherwise mount normally
-		if [[ -z ${TRUECRYPT_PW2} ]]; then
+		# if we got both passwords, try mounting the normal volume safely, otherwise mount normally, but don't accept empty passwords
+		if [[ -z ${TRUECRYPT_PW1} ]] && [[ -z ${TRUECRYPT_PW2} ]]; then
+			continue
+		else if [[ -z ${TRUECRYPT_PW1} ]]; then
+			truecrypt -t --non-interactive --protect-hidden=no --filesystem=ext3 --keyfiles="" --password="${TRUECRYPT_PW2}" "${HOMEPART}" /home
+			RET=$?
+		else if [[ -z ${TRUECRYPT_PW2} ]]; then
 			truecrypt -t --non-interactive --protect-hidden=no --filesystem=ext3 --keyfiles="" --password="${TRUECRYPT_PW1}" "${HOMEPART}" /home
+			RET=$?
 		else
+			# we got two password, first try one way...
 			truecrypt -t --non-interactive --protect-hidden=yes --filesystem=ext3 --keyfiles="" --protection-keyfiles="" --password="${TRUECRYPT_PW1}" --protection-password="${TRUECRYPT_PW2}" "${HOMEPART}" /home
+
+			# and if it fails, try the other
+			if [[ $? -ne 0 ]]; then
+				truecrypt -t --non-interactive --protect-hidden=yes --filesystem=ext3 --keyfiles="" --protection-keyfiles="" --password="${TRUECRYPT_PW2}" --protection-password="${TRUECRYPT_PW1}" "${HOMEPART}" /home
+			fi
+			RET=$?
 		fi
-		
-		if [[ $? -eq 0 ]]; then
+
+		# On success, we're done
+		if [[ ${RET} -eq 0 ]]; then
 			touch /var/state/boot-media-home
 			break
 		fi

Modified: incognito/branches/hardened/root_overlay/usr/share/incognito/docs.html
===================================================================
--- incognito/branches/hardened/root_overlay/usr/share/incognito/docs.html	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/root_overlay/usr/share/incognito/docs.html	2008-09-01 16:34:57 UTC (rev 16717)
@@ -9,417 +9,569 @@
 
 <h2>Contents</h2>
 <ul>
-<li><a href="#intent">Intent and goals</a></li>
-<li><a href="#download">Download</a></li>
-<li><a href="#contact">Contact</a></li>
-<li><a href="#approach">Approach</a></li>
-<li><a href="#impl">Implementation</a></li>
+  <li><a href="#intro">1 Introduction</a></li>
+  <li><a href="#spec">2 Privacy Enhancing LiveDistro Specification</a></li>
+  <ul>
+    <li><a href="#intent">2.1 Intent</a></li>
+    <li><a href="#threat">2.2 Threat model</a></li>
+    <li><a href="#dist">2.3 Distribution</a></li>
+    <li><a href="#operation">2.4 Operational requirements</a></li>
+    <li><a href="#kernel">2.5 Kernel requirements</a></li>
+    <li><a href="#net">2.6 Network requirements</a></li>
+    <li><a href="#apps">2.7 User interface and applications</a></li>
+    <li><a href="#usability">2.8 Usability</a></li>
+    <li><a href="#other">2.9 Other considerations</a>
+  </ul>
+  <li><a href="#impl">3 Implementation</a></li>
+  <ul>
+    <li><a href="#download">3.1 Download</a></li>
+    <li><a href="#software">3.2 Software</a></li>
+    <li><a href="#inter">3.3 Internationalization</a></li>
+    <li><a href="#conf">3.4 Configuration</a></li>
+    <li><a href="#vm">3.5 Running __INCOGNITO__ in virtual machine</a></li>
+    <li><a href="#windows">3.6 Running __INCOGNITO__ inside a Windows session<</a></li>
+    <li><a href="#usb">3.7 Persistent User Settings for a USB drive</a></li>
+    <li><a href="#hidden">3.8 Hidden services</a></li>
+    <li><a href="#build">3.9 Build process and maintenance</a></li>
+    <li><a href="#caveats">3.10 Caveats</a></li>
+  </ul>
+  <li><a href="#security">4. Security analysis</a></li>
+</ul>
+
+<h2><a name="intro">1 Introduction</h2>
+<p>In this document we present a specification of a Privacy Enhancing LiveDistro as well as an actual implementation of it called __INCOGNITO__.</p>
+
+
+<h2><a name="spec">2 Anonymity LiveDistro Specification</h2>
+
+
+<h3><a name="intent">2.1 Intent</h3>
+
+<p>The Privacy Enhancing LiveDistro (or PELD for short) aims at providing a software solution presenting the user with the technological means for using popular Internet technologies while maintaining the privacy of the user, in particular with respect to anonymity. While there are different techniques and services providing that functionality, this specification will assume the usage of <a href="https://www.torproject.org">The Tor&trade; Project</a>'s state-of-the-art anonymizing overlay network Tor.</p>
+
+<p>The PELD is supposed to be self-contained and portable (literally, not necessarily with respect to code portability), and thus possible to run in as many computing environments as possible fot the same single distribution. In addition, while the PELD's main objective indeed is to act as a traditional LiveDistro (i.e. a LiveCD or LiveUSB) it should also be compatible with popular virtual machine technologies for users that simply want a sandboxed environment within their normal operating system.</p>
+
+<p>The PELD's target user is the average user in terms of computer literacy, and who is using a computer of which he or she not necessarily have full control of. Examples would be a public computer in a library, coffee shop, university or a residence. The target user is assumed to not want to do any of the configurations (at least with respect to security and anonymity) of the various applications and tools used themselves, either because of insufficient knowledge, lack of interest or other reasons. The PELD should provide strong anonymity with no need of advanced configuration whatsoever. It should be made as difficult as possible for the user to unknowingly compromise anonymity.</p>
+
+<p>In short, the PELD aims at providing privacy on the Internet for anyone anywhere.</p>
+
+
+<h3><a name="threat"></a>2.2 Threat model</h3>
+
+<p>The goal of staying anonymous and keeping sensitive information protected stands in direct conflict with the gols of several entities &quot;present&quot; on the Internet. The following threat model is meant to describe the intentions and capabilities of such hypothetical attackers:</p>
+
+<h4>2.2.1 The goal of the attacker</h4>
+
 <ul>
-  <li><a href="#software">Software</a></li>
-  <li><a href="#inter">Internationalization</a></li>
-  <li><a href="#conf">Configuration</a></li>
-  <li><a href="#usb">Persistent User Settings for a USB drive</a></li>
-  <li><a href="#hidden">Hidden services</a></li>
+  <li><b>Identify the user's activities on the Internet</b></li>
+  <p>Information such as user-agent, locale and (especially) IP address can all be used in various degrees to identify the user.</p>
+  <li><b>Eavesdrop on sensitive data</b></li>
+  <p>Sensitive data sent through the Tor network will only be untraceable (with respect to Tor's threat model) and thus will be at least as likely to be eavesdropped.</p>
 </ul>
-<li><a href="#maintenance">Maintenance</a></li>
-<li><a href="#caveats">Caveats</a></li>
-<li><a href="#security">Security</a></li>
+
+<h4>2.2.2 Capabilities, methods and other means of the attacker</h4>
+<ul>
+  <li><b>Eavesdropping</b></li>
+  <p>It is assumed that the attacker can observe any traffic that exits the Tor network.</p>
+  <li><b>Bypass attacks</b></li>
+  <p>It is conceivable for attackers to mount attacks which bypass the proxy and DNS setup in the applications which could then be used to identify the user, either by injecting data or social engineering.</p>
+  <li><b>Explot software vulnerabilities</b></li>
+  <p>The attacker might be able to run arbitrary code by exploiting unpatched vulnerabilities present in any of the software packages installed.</p>
+  <li><b>Application level attacks</b></li>
+  <p>The attacker can utilize certain applications' services and features to get identifying information. Examples are JavaScript and Java applets in web browsers, CTCP queries in IRC clients, etc.</p>
 </ul>
 
-<p><strong>NOTICE</strong>: This distribution is provided as-is with no warranty of fitness for a particular purpose, including total anonymity. Anonymity depends not only on the software but also on the user understanding the risks involved and how to overcome those risks.</p>
 
-<h2><a name="intent">Intent and goals</h2>
-<blockquote>What are we trying to do?</blockquote>
+<h3><a name="dist"></a>2.3 Distribution</h3>
 
-<p>This CD provides a software solution for using various Internet technologies while staying anonymous. It is based primarily on <a href="https://www.torproject.org">Tor</a> while including supporting applications. The target use case is that of using a public computer, such as in a library, securely, or a home computer for easy setup. This distribution may is designed as a LiveCD, but may also be copied to a USB drive to provide persisted user settings, or run from virtual machines such as QEMU, VMWare and VirtualBox.</p>
+<p>The PELD should be distributed in a common format that can easily be used to install the PELD on the selected medium. For instance, if distributed as an ISO 9660 compatible image file it can be burned to a CD with almost any CD recording software available.</p>
 
 
-<dl>
+<h3><a name="operation"></a>2.4 Operational requirements</h3>
 
-<dt>Target User Base</dt>
-<dd>
-The target user is one who is using a computer that does not necessarily have full control of said computer and desires to access Internet services anonymously. Examples would be a public computer in a library, coffee shop, university or a residence. Also, users not wanting to bother with configuring all applications appropriately (with respect to anonymity) could use __INCOGNITO__ on their home computers for easy setup. The implementation should provide strong anonymity with no configuration. It should be difficult or impossible, for the user to unknowingly compromise anonymity. Users requiring more precise control over the application and network configuration may be disappointed.
-</dd>
+<p>This section handles mostly the criteria that the PELD should be portable and able to run in as many environments as possible. It also deals with issues such as virus infections and leaving traces.</p>
 
-<dt>Required Internet Services</dt>
-<dd>
-At minimum the following Internet services should be supported: WWW, E-Mail, IRC.
-</dd>
+<h4>2.4.1 Platform</h4>
 
-<dt>Recommended Internet Services</dt>
-<dd>
-The following Internet services are recommended to be supported: Instant Messaging, SSH, Remote desktop control, P2P file-sharing.
-</dd>
+<p>The binaries should all be executable on the most common computer hardware architecture(s). As of 2008, the x86 computer architecture seems to be the obvious choice as the vast majority of personal computers in use is compatible with it.</p>
 
-<dt>Supported Instant Messaging Protocols</dt>
-<dd>
-The following instant messaging protocols should be supported based on the constraint that the protocol itself does not require information that compromises anonymity: (TODO)
-</dd>
+<h4>2.4.2 Media</h4>
 
-<dt>Discouraged Instant Messaging Protocols</dt>
-<dd>
-The following instant messaging protocols should NOT be supported based on the constraint that the protocol itself requiress information that compromises anonymity: (TODO)
-</dd>
+<p>The PELD should be able to boot and run from either CD or a USB drive. While running the PELD in that mode it should be completely independent from the host operating system and all other storage media on the host computer unless the user explicitly tries to access any of them.</p>
 
-<dt>Maintainable</dt>
-<dd>
-The procedure to update the CD should not be prohibitive to provide timely software updates to address issues related to security or anonymity.
-</dd>
+<p>In all circumstances, binaries, dynamic libraries and other executable code susceptible to virus infections and similar should always be completely write-protected, even when running from a writeable USB medium. Such files should not even be modifiable temporarily, which could be the case even when running from CD if the filesystem is loaded into memory (e.g. tmpfs).</p>
 
-<dt>Media</dt>
-<dd>
-The implementation should be able to run off either CD or a USB bootable drive. The media must be bootable and not run from the host operating system, although the latter may be available for those willing to take risks.
-</dd>
+<p>Configuration files, temporary files, user home directories and similar files that most likely need to be modifiable during operation should only be saved temporarily in memory (e.g. by use of something like tmpfs or unionfs).</p>
 
-<dt>Persisted User Settings on USB Drive</dt>
-<dd>
-User settings and files should be persisted when using a USB drive. The user should have the option to store these settings and files encrypted.
-</dd>
+<p>It is tempting to utilize the possibility to write back data when running from USB as that could be used to allow user settings to be persistent. If this is considered, this feature should be optional and offer the possibility to use string encryption for the persistent storage.</p>
 
-</dl>
+<h4>2.4.3 Virtual machines</h4>
 
+<p>As an alternative to running the PELD natively from a CD or USB, it should also be possible to run from virtual machines. This is useful in situations where the user might not have the possibility to run the PELD natively, which often can be the case with public computers. Additionally, many users seem to prefer this mode of operation, and that alone is a reason for making sure it works.</p>
 
-<h2><a name="download">Download</h2>
 
+<h3><a name="kernel"></a>2.5 Kernel requirements</h3>
+
+<p>The role of the kernel is mainly to provide support for the features required elsewhere in this specification. This includes:</p>
+
+<ul>
+  <li><b>Good hardware support</b></li>
+  <p>&quot;Good&quot; is a sketchy word in a specification. The general idea is to include as much drivers for relevant hardware as possible, in particular for network cards (wire and wireless), video card and other things necessary for basic operation.</p>
+  <li><b>Support for a stateful firewall with packet filtering capabilities</b></li>
+  <p>It must be able to separate between traffic some how for the functionality of the transparent proxying mentioned in the <a href="#net">network section</a> to work. Similarly, it must be able to identify and drop non TCP traffic destined to the Internet.</p>
+  <li><b>Security features</b></li>
+  <p>With the dangers of exploitable vulnerabilities in any code running, attempts to mitigate these on the kernel level is a good idea. Executable space protection with the NX bit, address space layout randomization and similar techniques are all interesting in this respect. Access control in the form of Mandatory Access Control, Role-Based Access control and so on should also be considered.</p>
+</ul>
+
+
+<h3><a name="net"></a>2.6 Network requirements</h3>
+
+<p>In order to prevent accidental leaks of information, proxy bypass attacks on Tor and similar, the access to the Internet should be heavily restricted by a firewall:</p>
+
+<ul>
+  <li>All non-TCP protocols (except DNS) should be dropped as they are not supported by the Tor network.</li>
+  <li>All TCP traffic not explicitly targeting Tor should be redirected to the transparent proxy (i.e. to the TransPort as set in torrc).</li>
+  <li>All DNS lookups should be made through the Tor network (i.e. redirected to DNSPort as set in torrc).
+</ul>
+
+<p>Note that the above is not necessary (or desirable) for local network addresses.</p>
+
+
+<h3><a name="apps"></a>2.7 User interface and applications</h3>
+
+<h4>2.7.1 General user interface</h4>
+
+<p>The user should be able to do all relevant things with easy to use graphical interfaces. As such it should be presented a solid, user-friendly desktop environment with all the expected features (file managing, change system settings, support applications etc.) after booting.</p>
+
+<h4>2.7.2 Internet applications</h4>
+
+<p>At minimum, clients for the following Internet activities must be supported:</p>
+
+<ul>
+  <li><b>Web browsing</b></li>
+  <p>In the case of web browsing we really encourage the use of Mozilla Firefox as the Tor Project itself has an extension, Torbutton, specifically designed for mitigating the risks with non-HTTP features, such as JavaScript.</p>
+  <li><b>Emailing</b></li>
+  <p>Support for PGP or S/MIME is highly recommended. Also, beware that the EHLO/HELO sent to the SMTP-server will contain the host's IP address in many email clients</p>
+  <li><b>IRC and Instant messaging</b></li>
+  <p></p>
+</ul>
+
+<p>Other recommended client for Internet activities includes:</p>
+
+<ul>
+  <li><b>Bittorrent and/or other type(s) of P2P file-sharing</b></li>
+  <p>Note, however, that large scale file-sharing activity in general is frowned upon in the Tor community as it consumes extreme amounts of bandwidth compared to other kinds of services.</p>
+  <li><b>Remote desktop</b></li>
+  <li><b>SSH</b></li>
+</ul>
+
+<p>Given that these applications will be the user's interface to the Internet, these should be chosen with care and security in mind, and also configured in such a way. In general, as little information as possible should leak about the user, the applications used and the system settings.</p>
+
+<h4>2.7.3 Tor</h4>
+
+<p>Tor should be setup to use its DNS server (DNSPort) and transparent proxy (TransPort, TransListen) so the functionality specified in the <a href="#net">network</a> section is covered. Since Tor really is at the core of the PELD only stable releases should be considered. Also, while there are many other interesting configurations to consider in the Tor manual, none of them that impairs anonymity or security should be set.</p>
+
+<p>A GUI Tor controller application such as Vidalia or TorK is highly recommended. However, this requires opening the control port in Tor, and thus some means of authentication will be required (CookieAuthentication preferably) to hinder attacks on the Tor software.</p>
+
+<h4>2.7.4 Hardened tool chain and compiling</h4>
+
+<p>As an addition to the security against exploitable vulnerabilities <a href="#kernel">provided by the kernel</a>, compiling software with stack smashing protection, address space layout randomization and similar compiler security enhancements is recommended. Note that in some circumstances compiler level stuff is necessary for utilizing the kernel security features. Because of this it is recommended to compile essentially all software from sources to take benefit from these security features.</p>
+
+<h4>2.7.5 Cryptographic tools</h4>
+
+<p>Tools for securely signing, verifying, encrypting and decrypting files and messages should be available. In particular some implementation of OpenPGP should be included as it in practice is the de-facto standard when it comes to these things. GUIs for managing keys and performing the relevant cryptographic tasks should be available. Tools for creating encrypted storage containers are also recommended.</p>
+
+<h3><a name="usability"></a>2.8 Usability</h3>
+
+<p>Security is usually hard to get. Therefore steps need to be taken in order to make the user more comfortable with the PELD, and also to educate the user about the specific risks and quirks with respect to anonymity on the Internet.</p>
+
+<h4>2.8.1 Internationalization</h4>
+
+<p>The user should be able to easily select his of her language of preference. User applications should be localized to fit this preference, as should system settings such as keyboard layout.</p>
+
+<h4>2.8.2 Education and user help</h4>
+
+<p>The PELD should include an easily read document explaining how to use it and its software securely. The user should be assumed to only have the knowledge of you average computer user, so there will be required some explaining of general security concepts.</p>
+
+
+<h3><a name="other"></a>2.9 Other considerations</h3>
+
+<h4>2.9.1 Maintainability</h4>
+
+<p>The procedure to update the PELD should not be prohibitive to provide timely software updates to address issues related to security or anonymity. A scripted, automatic build procedure is greatly preferred to manually setting up things.</p>
+
+<h4>2.9.2 Open-source transparency</h4>
+
+<p>For the sake of transparency the use of open-source software is encouraged. Binary blobs should only be used when no good alternatives exist, which could be the case with certain hardware drivers or driver firmwares.</p>
+
+<p>Similarly, it is recommended that the PELD itself is open-source, and that it is well documented to help security analysis by third-parties.</p>
+
+
+<h2><a name="impl"></a>3 Implementation</h2>
+<p>The __INCOGNITO__ LiveDistro is an implementation the <a href="#spec">PELD specification</a> above. It is licensed under the GNU GPL version 2.</p>
+
+<p><b>NOTICE</b>: This distribution is provided as-is with no warranty of fitness for a particular purpose, including total anonymity. Anonymity depends not only on the software but also on the user understanding the risks involved and how to overcome those risks.</p>
+
+<h3><a name="download">3.1 Download</h3>
+
 <p>See the <a href="http://www.browseanonymouslyanywhere.com/incognito/index.php?option=com_content&task=view&id=26&Itemid=39">download section</a> on <a href="http://www.browseanonymouslyanywhere.com/incognito">__INCOGNITO__'s main site</a> for download information. Various development files (portage snapshot and stage3 tarball) as well as the current version of __INCOGNITO__ can be found at <a href="http://files1.cjb.net/incognito/">http://files1.cjb.net/incognito/</a>.</p>
 
-<p>The latest version of this document for the current relesase can be found <a href="http://www.anonymityanywhere.com/incognito/index.php?option=com_content&task=view&id=26&Itemid=39">here</a>. The development version of this document can be found at Incognito's subversion repository <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/share/incognito/docs.html">here</a>, although it should be noted that some information which is added dynamically at build will not be present (has mostly to do with information about which software packages that are installed).</p>
+<p>The sources are stored in a <a href="http://subversion.tigris.org">Subversion</a> repository. It can be viewed or checked out at <a href="https://tor-svn.freehaven.net/svn/incognito/">https://tor-svn.freehaven.net/svn/incognito/</a>.</p>
 
-<p>The build root for the CD is stored in a <a href="http://subversion.tigris.org">Subversion</a> repository. It can be viewed or checked out at <a href="https://tor-svn.freehaven.net/svn/incognito/">https://tor-svn.freehaven.net/svn/incognito/</a>.</p>
+<p>The latest version of this document for the current release can be found <a href="http://www.anonymityanywhere.com/incognito/index.php?option=com_content&task=view&id=26&Itemid=39">here</a>. The development version of this document can be found at __INCOGNITO__'s subversion repository <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/share/incognito/docs.html">here</a>, although it should be noted that some information which is added dynamically at build will not be present.</p>
 
 
-<h2><a name="contact">Contact</h2>
+<h3><a name="software">3.2 Software</h3>
 
-<p>As of november 2007, the maintainace of this distribution has passed from the founder, Pat Double, to anonym, who can be contacted through anonym (at) lavabit (dot) com. Please do not contact Pat for anything relating to the current development of __INCOGNITO__. Feature requests and (especially) bug reports are welcome and should be sent to anonym, and please include "__INCOGNITO__" in the subject line to ease mail sorting. Also, please be considerate of any major technology choices, such as <a href="http://www.gentoo.org/proj/en/releng/catalyst">Catalyst</a> and <a href="http://www.gentoo.org">Gentoo Linux</a>, <a href="http://www.kde.org">KDE</a>, etc. These have been chosen because of the developers' familiarity with them and will likely not change ever. If someone would like to maintain a parallell version with, say, Gnome instead of KDE or similar that would probably work just fine. However, since the whole development process is centered around Gentoo Linux' Catalyst, neither of them are negotiable.</p>
+<p>The following software is used in __INCOGNITO__. This list is not complete, but only contains packages deemed as important for whatever reason. The complete list of the packages is included in the distribution at /usr/share/packages.txt but note that this package list currently will contain a few false positives of packages that get uninstalled in order to conserve space.</p>
 
 
-<h2><a name="approach">Approach</h2>
-<blockquote>What is needed to reach our goals?</blockquote>
+<h4>3.2.1 __INCOGNITO__ core</h4>
 
+<ul>
+  <li><a href="http://www.gentoo.org">Gentoo Linux</a> (using <a href="<!-- #homepage(sys-kernel/hardened-sources) -->">hardened-sources</a> <!-- #version(sys-kernel/hardened-sources) --> as the system kernel)</li>
+  <p>The base operating system, provides hardware detection, infrastructure. Please note that the Gentoo Foundation does not provide or endorse this software distribution.</p>
 
-<h2><a name="impl">Implementation</h2>
-<blockquote>How did we implement our approach in order to reach our goals.</blockquote>
+  <li><a href="<!-- #homepage(net-misc/tor) -->">Tor</a> <!-- #version(net-misc/tor) --></li>
+  <p><!-- #description(net-misc/tor) -->. Our intention is to always use the latest stable version.</p>
 
+  <li><a href="<!-- #homepage(net-proxy/polipo) -->">polipo</a> <!-- #version(net-proxy/polipo) --></li>
+  <p><!-- #description(net-proxy/polipo) --></p>
 
-<h3><a name="software">Software</h3>
+  <li><a href="<!-- #homepage(net-analyzer/macchanger) -->">macchanger</a> <!-- #version(net-analyzer/macchanger) --></li>
+  <p><!-- #description(net-analyzer/macchanger) --></p>
 
-<p>The following software is used in __INCOGNITO__. The version of the packages is included on the CD at /usr/share/packages.txt but note that this package list currently will contain a few package that are not already installed as it is generated before catalyst unmerges them in the last stage.</p>
+  <li><a href="<!-- #homepage(www-servers/lighttpd) -->">lighthttpd</a> <!-- #version(www-servers/lighttpd) --> (for hidden services)</li>
+  <p><!-- #description(www-servers/lighttpd) --></p>
 
-<dl>
+  <li><a href="<!-- #homepage(net-proxy/3proxy) -->">3proxy</a> <!-- #version(net-proxy/3proxy) --></li>
+  <p><!-- #description(net-proxy/3proxy) --></p>
 
-<dt><a href="http://www.gentoo.org">Gentoo Linux</a> (<a href="http://www.kernel.org">kernel 2.6</a> <!-- #version(sys-kernel/gentoo-sources) -->)</dt>
-<dd>The base operating system, provides hardware detection, infrastructure. Please note that the Gentoo Foundation does not provide or endorse this software distribution.</dd>
+  <li><a href="<!-- #homepage(mail-mta/mixminion) -->">Mixminion</a> <!-- #version(mail-mta/mixminion) --></li>
+  <p><!-- #description(mail-mta/mixminion) --></p>
 
-<dt><a href="<!-- #homepage(net-misc/tor) -->">Tor</a> <!-- #version(net-misc/tor) --></dt>
-<dd><!-- #description(net-misc/tor) -->. Our intention is to always use the latest stable version.</dd>
+  <li><a href="<!-- #homepage(net-dns/pdnsd) -->">pdnsd</a> <!-- #version(net-dns/pdnsd) --></li>
+  <p><!-- #description(net-dns/pdnsd) -->. Configured to do lookups through Tor.</p>
 
-<dt><a href="<!-- #homepage(net-proxy/polipo) -->">polipo</a> <!-- #version(net-proxy/polipo) --></dt>
-<dd><!-- #description(net-proxy/polipo) --></dd>
+  <li><a href="<!-- #homepage(app-crypt/truecrypt) -->">TrueCrypt</a> <!-- #version(app-crypt/truecrypt) --></li>
+  <p><!-- #description(app-crypt/truecrypt) -->. This is what is used for encrypting the <a href="#usb">persistent home partition while running on USB</a>. It also has a GUI for general usage.</p>
 
-<dt><a href="<!-- #homepage(www-client/mozilla-firefox-bin) -->">Firefox</a> <!-- #version(www-client/mozilla-firefox-bin) --></dt>
-<dd><!-- #description(www-client/mozilla-firefox-bin) --></dd>
 
-<dt><a href="<!-- #homepage(x11-plugins/torbutton-bin) -->">Torbutton</a> <!-- #version(x11-plugins/torbutton-bin) --></dt>
-<dd><!-- #description(x11-plugins/torbutton-bin) --></dd>
+</ul>
 
-<dt><a href="<!-- #homepage(x11-plugins/firegpg) -->">FireGPG</a> <!-- #version(x11-plugins/firegpg) --></dt>
-<dd><!-- #description(x11-plugins/firegpg) --></dd>
+<h4>4.2.2 Internet applications</h4>
 
-<dt><a href="<!-- #homepage(x11-plugins/refcontrol) -->">refcontrol</a> <!-- #version(x11-plugins/refcontrol) --></dt>
-<dd><!-- #description(x11-plugins/refcontrol) --></dd>
+<ul>
+  <li><a href="<!-- #homepage(www-client/mozilla-firefox) -->">Firefox</a> <!-- #version(www-client/mozilla-firefox-bin) --></li>
+  <p><!-- #description(www-client/mozilla-firefox-bin) -->. In addition, the following extensions are installed for security and usability reasons:</p>
+  <ul>
+    <li><a href="<!-- #homepage(x11-plugins/torbutton-bin) -->">Torbutton</a> <!-- #version(x11-plugins/torbutton-bin) --></li>
+    <p><!-- #description(x11-plugins/torbutton-bin) -->. It also provides protections against several attacks possible due to Firefox's non-HTTP features.</p>
 
-<dt><a href="<!-- #homepage(x11-plugins/adblock_plus) -->">Adblock Plus</a> <!-- #version(x11-plugins/adblock_plus) --></dt>
-<dd><!-- #description(x11-plugins/adblock_plus) --></dd>
+    <li><a href="<!-- #homepage(x11-plugins/firegpg) -->">FireGPG</a> <!-- #version(x11-plugins/firegpg) --></li>
+    <p><!-- #description(x11-plugins/firegpg) --></p>
 
-<dt><a href="<!-- #homepage(net-irc/xchat) -->">XChat</a> <!-- #version(net-irc/xchat) --></dt>
-<dd><!-- #description(net-irc/xchat) --></dd>
+    <li><a href="<!-- #homepage(x11-plugins/refcontrol) -->">refcontrol</a> <!-- #version(x11-plugins/refcontrol) --></li>
+    <p><!-- #description(x11-plugins/refcontrol) --></p>
 
-<dt><a href="<!-- #homepage(app-crypt/truecrypt) -->">TrueCrypt</a> <!-- #version(app-crypt/truecrypt) --></dt>
-<dd><!-- #description(app-crypt/truecrypt) --></dd>
+    <li><a href="<!-- #homepage(x11-plugins/adblock_plus) -->">Adblock Plus</a> <!-- #version(x11-plugins/adblock_plus) --></li>
+    <p><!-- #description(x11-plugins/adblock_plus) --></p>
 
-<dt><a href="<!-- #homepage(net-misc/openssh) -->">ssh</a> <!-- #version(net-misc/openssh) --></dt>
-<dd><!-- #description(net-misc/openssh) --></dd>
+    <li><a href="<!-- #homepage(x11-plugins/firefox-quick-locale-switcher) -->">Firefox Quick Locale Switcher</a> <!-- #version(x11-plugins/firefox-quick-locale-switcher) --></li>
+    <p><!-- #description(x11-plugins/firefox-quick-locale-switcher) --></p>
+  </ul>
 
-<dt><a href="<!-- #homepage(net-analyzer/macchanger) -->">macchanger</a> <!-- #version(net-analyzer/macchanger) --></dt>
-<dd><!-- #description(net-analyzer/macchanger) --></dd>
+  <li><a href="<!-- #homepage(mail-client/mozilla-thunderbird-bin) -->">Thunderbird</a> <!-- #version(mail-client/mozilla-thunderbird-bin) --></li>
+  <p><!-- #description(mail-client/mozilla-thunderbird-bin) -->. In addition, the following extensions are installed for security and usability reasons:</p>
+  <ul>
+    <li><a href="<!-- #homepage(x11-plugins/enigmail-bin) -->">Thunderbird OpenPGP (enigmail)</a> <!-- #version(x11-plugins/enigmail-bin) --></li>
+    <p><!-- #description(x11-plugins/enigmail-bin) --></p>
 
-<dt><a href="<!-- #homepage(www-servers/lighttpd) -->">lighthttpd</a> <!-- #version(www-servers/lighttpd) --> for hidden services</dt>
-<dd><!-- #description(www-servers/lighttpd) --></dd>
+    <li><a href="<!-- #homepage(x11-plugins/thunderplunger) -->">Thunder Plunger</a> <!-- #version(x11-plugins/thunderplunger) --></li>
+    <p><!-- #description(x11-plugins/thunderplunger) --></p>
+  </ul>
 
-<dt><a href="<!-- #homepage(net-proxy/3proxy) -->">3proxy</a> <!-- #version(net-proxy/3proxy) --></dt>
-<dd><!-- #description(net-proxy/3proxy) --></dd>
+  <li><a href="<!-- #homepage(net-irc/xchat) -->">XChat</a> <!-- #version(net-irc/xchat) --></li>
+  <p><!-- #description(net-irc/xchat) --></p>
 
-<dt><a href="<!-- #homepage(mail-mta/mixminion) -->">Mixminion</a> <!-- #version(mail-mta/mixminion) --></dt>
-<dd><!-- #description(mail-mta/mixminion) --></dd>
+  <li><a href="<!-- #homepage(net-misc/openssh) -->">ssh</a> <!-- #version(net-misc/openssh) --></li>
+  <p><!-- #description(net-misc/openssh) --></p>
 
-<dt><a href="<!-- #homepage(mail-client/mozilla-thunderbird-bin) -->">Thunderbird</a> <!-- #version(mail-client/mozilla-thunderbird-bin) --></dt>
-<dd><!-- #description(mail-client/mozilla-thunderbird-bin) --></dd>
+  <li><a href="<!-- #homepage(www-client/links) -->">links</a> <!-- #version(www-client/links) --></li>
+  <p><!-- #description(www-client/links) --></p>
 
-<dt><a href="<!-- #homepage(x11-plugins/enigmail-bin) -->">Thunderbird OpenPGP (enigmail)</a> <!-- #version(x11-plugins/enigmail-bin) --></dt>
-<dd><!-- #description(x11-plugins/enigmail-bin) --></dd>
+  <li><a href="<!-- #homepage(net-misc/openvpn) -->">OpenVPN</a> <!-- #version(net-misc/openvpn) --></li>
+  <p><!-- #description(net-misc/openvpn) -->. Can operate over TCP or UDP. Due to limitations of the Tor software only TCP is anonymized. UDP is currently blocked.</p>
 
-<dt><a href="<!-- #homepage(x11-plugins/thunderplunger) -->">Thunder Plunger</a> <!-- #version(x11-plugins/thunderplunger) --></dt>
-<dd><!-- #description(x11-plugins/thunderplunger) --></dd>
+</ul>
 
-<dt><a href="<!-- #homepage(net-dns/pdnsd) -->">pdnsd</a> <!-- #version(net-dns/pdnsd) --></dt>
-<dd><!-- #description(net-dns/pdnsd) -->. Configured to do lookups through Tor.</dd>
+<h4>3.2.3 Other GUI applications</h4>
 
-<dt><a href="<!-- #homepage(net-misc/vidalia) -->">Vidalia</a> <!-- #version(net-misc/vidalia) --></dt>
-<dd><!-- #description(net-misc/vidalia) --></dd>
+<ul>
+  <li><a href="<!-- #homepage(net-misc/vidalia) -->">Vidalia</a> <!-- #version(net-misc/vidalia) --></li>
+  <p><!-- #description(net-misc/vidalia) --></p>
 
-<dt><a href="<!-- #homepage(app-crypt/gnupg) --><">GnuPG</a> <!-- #version(app-crypt/gnupg) --></dt>
-<dd><!-- #description(app-crypt/gnupg) --></dd>
+  <li><a href="<!-- #homepage(app-crypt/gpa) -->">GPA</a> <!-- #version(app-crypt/gpa) --></li>
+  <p><!-- #description(app-crypt/gpa) --></p>
 
-<dt><a href="<!-- #homepage(app-admin/keepassx) --><">KeePassX</a> <!-- #version(app-admin/keepassx) --></dt>
-<dd><!-- #description(app-admin/keepassx) --></dd>
+  <li><a href="<!-- #homepage(app-admin/keepassx) --><">KeePassX</a> <!-- #version(app-admin/keepassx) --></li>
+  <p><!-- #description(app-admin/keepassx) --></p>
 
-<dt><a href="<!-- #homepage(net-analyzer/thcrut) -->">thcrut</a> <!-- #version(net-analyzer/thcrut) --></dt>
-<dd><!-- #description(net-analyzer/thcrut) --></dd>
+  <li><a href="http://www.kde.org">KDE 3.5</a></li>
+  <p>K Desktop Environment, a reduced install with parts that could be useful on an anonymity CD.</p>
 
-<dt><a href="<!-- #homepage(net-analyzer/nmap) -->">nmap</a> <!-- #version(net-analyzer/nmap) --></dt>
-<dd><!-- #description(net-analyzer/nmap) --></dd>
+  <li><a href="<!-- #homepage(kde-base/konqueror) -->">KDE - Konqueror </a> <!-- #version(kde-base/konqueror) --></li>
+  <p><!-- #description(kde-base/konqueror) --></p>
 
-<dt><a href="<!-- #homepage(net-wireless/airsnort) -->">airsnort</a> <!-- #version(net-wireless/airsnort) --></dt>
-<dd><!-- #description(net-wireless/airsnort) --></dd>
+  <li><a href="<!-- #homepage(kde-misc/tork) -->">TorK</a> <!-- #version(kde-misc/tork) --></li>
+  <p><!-- #description(kde-misc/tork) --></p>
 
-<dt><a href="<!-- #homepage(app-misc/screen) -->">screen</a> <!-- #version(app-misc/screen) --></dt>
-<dd><!-- #description(app-misc/screen) --></dd>
+  <li><a href="<!-- #homepage(kde-base/kontact) -->">KDE - Kontact</a> <!-- #version(kde-base/kontact) --></li>
+  <p><!-- #description(kde-base/kontact) --></p>
 
-<dt><a href="<!-- #homepage(net-misc/openvpn) -->">OpenVPN</a> <!-- #version(net-misc/openvpn) --></dt>
-<dd><!-- #description(net-misc/openvpn) -->. Can operate over TCP or UDP. Due to limitations of the Tor software only TCP is anonymized. UDP is currently blocked.</dd>
+  <li><a href="<!-- #homepage(kde-base/ksnapshot) -->">KDE - KSnapShot</a> <!-- #version(kde-base/ksnapshot) --></li>
+  <p><!-- #description(kde-base/ksnapshot) --></p>
 
-<dt><a href="<!-- #homepage(net-misc/vpnc) -->">vpnc</a> <!-- #version(net-misc/vpnc) --></dt>
-<dd><!-- #description(net-misc/vpnc) --></dd>
+  <li><a href="<!-- #homepage(kde-base/akregator) -->">KDE - Akregator</a> <!-- #version(kde-base/akregator) --></li>
+  <p><!-- #description(kde-base/akregator) --></p>
 
-<dt><a href="<!-- #homepage(net-misc/netkit-telnetd) -->">telnet</a> <!-- #version(net-misc/netkit-telnetd) --></dt>
-<dd><!-- #description(net-misc/netkit-telnetd) --></dd>
+  <li><a href="<!-- #homepage(kde-base/krfb) -->">KDE - krfb</a> <!-- #version(kde-base/krfb) --></li>
+  <p><!-- #description(kde-base/krfb) --></p>
 
-<dt><a href="<!-- #homepage(net-misc/socat) -->">socat</a> <!-- #version(net-misc/socat) --></dt>
-<dd><!-- #description(net-misc/socat) --></dd>
+  <li><a href="<!-- #homepage(net-p2p/ktorrent) -->">KDE - KTorrent</a> <!-- #version(net-p2p/ktorrent) --></li>
+  <p><!-- #description(net-p2p/ktorrent) --></p>
 
-<dt><a href="<!-- #homepage(www-client/links) -->">links</a> <!-- #version(www-client/links) --></dt>
-<dd><!-- #description(www-client/links) --></dd>
+  <li><a href="<!-- #homepage(kde-base/kgpg) -->">KDE - KPGP</a> <!-- #version(kde-base/kgpg) --></li>
+  <p><!-- #description(kde-base/kgpg) --></p>
 
-<dt><a href="http://www.kde.org">KDE 3.5</a></dt>
-<dd>K Desktop Environment, a reduced install with parts that could be useful on an anonymity CD.</dd>
+  <li><a href="<!-- #homepage(net-misc/kvpnc) -->">KDE - kvpnc</a> <!-- #version(net-misc/kvpnc) --></li>
+  <p><!-- #description(net-misc/kvpnc) --></p>
 
-<dt><a href="<!-- #homepage(kde-base/konqueror) -->">KDE - Konqueror </a> <!-- #version(kde-base/konqueror) --></dt>
-<dd><!-- #description(kde-base/konqueror) --></dd>
+</ul>
 
-<dt><a href="<!-- #homepage(kde-misc/tork) -->">TorK</a> <!-- #version(kde-misc/tork) --></dt>
-<dd><!-- #description(kde-misc/tork) --></dd>
+<h4>3.2.4 Miscellaneous software</h4>
 
-<dt><a href="<!-- #homepage(kde-base/kontact) -->">KDE - Kontact</a> <!-- #version(kde-base/kontact) --></dt>
-<dd><!-- #description(kde-base/kontact) --></dd>
+<ul>
+  <li><a href="<!-- #homepage(app-crypt/gnupg) --><">GnuPG</a> <!-- #version(app-crypt/gnupg) --></li>
+  <p><!-- #description(app-crypt/gnupg) --></p>
 
-<dt><a href="<!-- #homepage(kde-base/ksnapshot) -->">KDE - KSnapShot</a> <!-- #version(kde-base/ksnapshot) --></dt>
-<dd><!-- #description(kde-base/ksnapshot) --></dd>
 
-<dt><a href="<!-- #homepage(kde-base/akregator) -->">KDE - Akregator</a> <!-- #version(kde-base/akregator) --></dt>
-<dd><!-- #description(kde-base/akregator) --></dd>
+  <li><a href="<!-- #homepage(net-analyzer/thcrut) -->">thcrut</a> <!-- #version(net-analyzer/thcrut) --></li>
+  <p><!-- #description(net-analyzer/thcrut) --></p>
 
-<dt><a href="<!-- #homepage(kde-base/krfb) -->">KDE - krfb</a> <!-- #version(kde-base/krfb) --></dt>
-<dd><!-- #description(kde-base/krfb) --></dd>
+  <li><a href="<!-- #homepage(net-analyzer/nmap) -->">nmap</a> <!-- #version(net-analyzer/nmap) --></li>
+  <p><!-- #description(net-analyzer/nmap) --></p>
 
-<dt><a href="<!-- #homepage(net-p2p/ktorrent) -->">KDE - KTorrent</a> <!-- #version(net-p2p/ktorrent) --></dt>
-<dd><!-- #description(net-p2p/ktorrent) --></dd>
+  <li><a href="<!-- #homepage(net-wireless/airsnort) -->">airsnort</a> <!-- #version(net-wireless/airsnort) --></li>
+  <p><!-- #description(net-wireless/airsnort) --></p>
 
-</dl></p>
+  <li><a href="<!-- #homepage(app-misc/screen) -->">screen</a> <!-- #version(app-misc/screen) --></li>
+  <p><!-- #description(app-misc/screen) --></p>
 
+  <li><a href="<!-- #homepage(net-misc/netkit-telnetd) -->">telnet</a> <!-- #version(net-misc/netkit-telnetd) --></li>
+  <p><!-- #description(net-misc/netkit-telnetd) --></p>
 
-<h3><a name="inter">Internationalization</h3>
+  <li><a href="<!-- #homepage(net-misc/socat) -->">socat</a> <!-- #version(net-misc/socat) --></li>
+  <p><!-- #description(net-misc/socat) --></p>
 
+</ul>
+
+
+<h3><a name="inter">3.3 Internationalization</h3>
+
 <p>The following locales are installed. If you'd like to see another locale, please let us know.</p>
 
 <ul>
-
-<li>ar_EG (Egyptian Arabic)</li>
-<li>de_DE (German)</li>
-<li>el_GR (Greek)</li>
-<li>en_GB (British English)</li>
-<li>en_US (American English)</li>
-<li>es_ES (Spanish)</li>
-<li>fa_IR (Persian)</li>
-<li>fr_FR (French)</li>
-<li>he_IL (Hebrew)</li>
-<li>it_IT (Italian)</li>
-<li>ja_JP (Japanese)</li>
-<li>pt_PT (Portugese)</li>
-<li>ru_RU (Russian)</li>
-<li>sv_SE (Swedish)</li>
-<li>zh_CN (Chinese)</li>
+  <li>ar_EG (Egyptian Arabic)</li>
+  <li>de_DE (German)</li>
+  <li>el_GR (Greek)</li>
+  <li>en_GB (British English)</li>
+  <li>en_US (American English)</li>
+  <li>es_ES (Spanish)</li>
+  <li>fa_IR (Persian)</li>
+  <li>fr_FR (French)</li>
+  <li>he_IL (Hebrew)</li>
+  <li>it_IT (Italian)</li>
+  <li>ja_JP (Japanese)</li>
+  <li>pt_PT (Portugese)</li>
+  <li>ru_RU (Russian)</li>
+  <li>sv_SE (Swedish)</li>
+  <li>zh_CN (Chinese)</li>
 </ul>
 
 See <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/locale.gen">/etc/locale.gen</a> for the selected languages. See <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a> for how this configuration is applied.
 
 
-<h3><a name="conf">Configuration</h3>
+<h3><a name="conf">3.4 Configuration</h3>
 
+<p>In this section we briefly present the setup of several key software packages and system settings of __INCOGNITO__ with respect to security and anonymity. There are of course other minor tweaks here and there, but those are mainly for usability issues and similar.</p>
 
-<h4>The Tor&trade; software</h4>
+<h4>3.4.1 The Tor&trade; software</h4>
 
 <p>The Tor software is currently configured as a client only. The client listens on SOCKS port 9050 with a control port 9051 (using cookie authentication), as a transparent proxy on port 9040 and as a DNS server on port 8853. Only connections from localhost are accepted. It can be argued that running a server would increase your anonymity for a number for reasons but we still feel that most users probably would not want this due to the added consumption of bandwidth.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
 </ul>
 
 
-<h4>Mixminion</h4>
+<h4>3.4.2 Mixminion</h4>
 
 <p>Mixminion cannot be configured as a server as these servers need to be very reliable. As a client the default configuration seems to be acceptable. Note that TorK has built-in support for Mixminion with an easy to use interface (lacking PGP support, unfortunately).</p>
 
 
-<h4>DNS</h4>
+<h4>3.4.3 DNS</h4>
 
 <p>DNS leaks are controlled by using a local caching DNS server, pdnsd, that in turn performs its DNS lookups through the Tor network. pdnsd is the server configured in /etc/resolv.conf, listening on localhost. There is a security concern that some application could attempt to do its own DNS resolution without consulting /etc/resolv.conf, and therefore UDP packets are blocked in order to prevent leaks. Another solution may be to use the Linux network filter to forward UDP lookups to the local DNS server.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/resolv.conf">/etc/resolv.conf</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/pdnsd">/etc/conf.d/pdnsd</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/net">/etc/conf.d/net</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/resolv.conf">/etc/resolv.conf</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/pdnsd">/etc/conf.d/pdnsd</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/conf.d/net">/etc/conf.d/net</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
 </ul>
 
 
-<h4>HTTP Proxy</h4>
+<h4>3.4.4 HTTP Proxy</h4>
 
-<p>Polipo provides with caching HTTP proxy funtionality. It contacts the Tor software via SOCKS5 to make the real connections.</p>
+<p>Polipo provides with caching HTTP proxy functionality. It contacts the Tor software via SOCKS5 to make the real connections.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/polipo/config">/etc/polipo/config</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/env.d/99proxy">/etc/env.d/99proxy</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc">/var/lib/kdesession/kioslaverc</a> (copied to /home/__INCOGNITO_USER__/.kde/... during build)</li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/polipo/config">/etc/polipo/config</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/env.d/99proxy">/etc/env.d/99proxy</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/kdesession/kioslaverc">/var/lib/kdesession/kioslaverc</a> (copied to /home/__INCOGNITO_USER__/.kde/... during build)</li>
 </ul>
 
 
-<h4>SOCKS libraries</h4>
+<h4>3.4.5 SOCKS libraries</h4>
 
-<p>tsocks (patched for Tor usage as per the ebuild's tordns USE flag) and dante are installed. Note that it is unnecessary with the Linux network filter (see below) and the local DNS server to socksify or torify apps. This is done at a lower level. These libraries are here due to dependencies and configured for completeness.</p>
+<p>tsocks (patched for Tor usage as per the ebuild's tordns USE flag) and dante are installed. Note that it is unnecessary with the Linux network filter (see below) and the local DNS server to socksify or torify applications. This is done at a lower level. These libraries are here due to dependencies and configured for completeness.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/socks/">/etc/socks/</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/env.d/99proxy">/etc/env.d/99proxy</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/socks/">/etc/socks/</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/env.d/99proxy">/etc/env.d/99proxy</a></li>
 </ul>
 
 
-<h4>Network Filter</h4>
+<h4>3.4.6 Network Filter</h4>
 
 <p>One serious security issue is that we don't know what software will attempt to contact the network and whether their proxy settings are setup to use the Tor SOCKS proxy or polipo HTTP(s) proxy correctly. This is solved by forwarding all direct TCP connections through Tor's transparent proxy. Linux has a kernel level network filter that accomplishes this.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save">/var/lib/iptables/rules-save</a> (loaded by the standard Gentoo /etc/init.d/iptables service)</li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/tor/torrc">/etc/tor/torrc</a></li>
 </ul>
 
 
-<h4>Random MAC Address</h4>
+<h4>3.4.7 Random MAC Address</h4>
 
 <p>The macchanger program can be used to change the network card MAC addresses to a random value. Gentoo has direct support for macchanger so all we need to do is configure it. The configuration is set to "random-ending" which is equivalent to "macchanger -e", meaning the vendor and media type are not changed. This is done to not draw attention to the changed MAC address in case someone is watching. Using a random MAC address may improve anonymity with respect to the LAN and prevent mapping the user to a specific physical location.</p>
 
 <p>This functionality is not enabled by default as some DHCP servers may be configured with specific MAC addresses. In the boot menu there is an "Enable/Disable MAC changer" option that can be set before a language is chosen and the system starts booting.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/macchanger">/etc/init.d/macchanger</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/macchanger">/etc/init.d/macchanger</a></li>
 </ul>
 
 
-<h4>Mozilla Firefox</h4>
+<h4>3.4.8 Mozilla Firefox</h4>
 
-<p>Firefox uses Torbutton in order to prevent attacks using JavaScript, plugins and other non-HTTP features. It is configured to always be enabled on Firefox start and uses polipo as HTTP(s) proxy and Tor as SOCKS proxy. SOCKS is configured to perform name resolution through the proxy. Firefox is also configured to not cache (mainly to reduce memory usage for CD users as disk writes will be stored there), history (just in case) and many other things. The Firefox config is pretty heavily commented, so any other relevant settings may be invastigated by looking in it.</p>
+<p>Firefox uses Torbutton in order to prevent attacks using JavaScript, plugins and other non-HTTP features. It is configured to always be enabled on Firefox start and uses polipo as HTTP(s) proxy and Tor as SOCKS proxy. SOCKS is configured to perform name resolution through the proxy. Firefox is also configured to not cache (mainly to reduce memory usage for CD users as disk writes will be stored there), history (just in case) and many other things. The Firefox config is pretty heavily commented, so any other relevant settings may be investigated by looking in it.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/">/var/lib/firefox-config/</a> (copied to /home/__INCOGNITO_USER__/.mozilla during build)</li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js">Firefox config</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/">/var/lib/firefox-config/</a> (copied to /home/__INCOGNITO_USER__/.mozilla during build)</li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js">Firefox config</a></li>
 </ul>
 
 
-<h4>Mozilla Thunderbird</h4>
+<h4>3.4.9 Mozilla Thunderbird</h4>
 
 <p>Thunderbird's proxy settings are set up to use Tor. An old version of Torbutton (1.0.4.01, when it still supported Thunderbird) is installed solely for the purpose of scrubbing the <em>real</em> IP address and hostname from the EHLO/HELO messages which otherwise would be sent in the clear to the SMTP server. Furthermore, the first ten or so accounts that a user will create are pre-configured to not use HTML as that otherwise may break PGP usage. See the comments in the Thunderbird config for more settings.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config/">/var/lib/thunderbird-config/</a> (copied to /home/__INCOGNITO_USER__/.thunderbird during build)</li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config/rhy4kriw.default/prefs.js">Thunderbird config</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config/">/var/lib/thunderbird-config/</a> (copied to /home/__INCOGNITO_USER__/.thunderbird during build)</li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/thunderbird-config/rhy4kriw.default/prefs.js">Thunderbird config</a></li>
 </ul>
 
 
-<h4>Bookmarks</h4>
+<h4>3.4.10 Bookmarks</h4>
 
 <p>Firefox have preset bookmarks related to anonymity.</p>
 
 <ul>
-<li>Firefox: <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default%20User/bookmarks.html">bookmarks.html</a></li>
+  <li>Firefox: <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/firefox-config/firefox/m7m1jk79.Default%20User/bookmarks.html">bookmarks.html</a></li>
 </ul>
 
 
-<h4>XChat</h4>
+<h4>3.4.11 XChat</h4>
 
 <p>XChat is configured to use the Tor software as a SOCKS5 proxy. It will pass the hostname through SOCKS5 so that the exit node does the DNS resolution. In addition all ctcp responses except PING are disabled as they otherwise could disclose useragent, system time and other information.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/xchat-config">xchat-config</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/ctcpreply.conf">ctcpreply.conf</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/xchat-config">/var/lib/xchat-config</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/ctcpreply.conf">/var/lib/ctcpreply.conf</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
 </ul>
 
 
-<h4>Pidgin</h4>
+<h4>3.4.12 Pidgin</h4>
 
-<p>Pidgin is configured to not log anything and to use the Tor SOCKS proxy. Additionally the Off-the-record Messaging plugin and two IRC enhancing plugins are loaded automatically. The IRC More plugin is patched to not report useragent and to use empty part/quit messages to prevent fingerprinting.</p>
+<p>Pidgin is configured to not log anything and to use the Tor SOCKS proxy. Additionally the Off-the-record Messaging plug-in and two IRC enhancing plugins are loaded automatically. The IRC More plug-in is patched to not report useragent and to use empty part/quit messages to prevent fingerprinting.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/pidgin-config/prefs.xml">Pidgin config</a></li>
-<li>a href="https://tor-svn.freehaven.net/svn/incognito/trunk/portage.overlay/x11-plugins/purple-plugin_pack/files/hide-stuff.patch">hide-stuff.patch</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/lib/pidgin-config/prefs.xml">/var/lib/pidgin-config/prefs.xml</a></li>
+  <li>a href="https://tor-svn.freehaven.net/svn/incognito/trunk/portage.overlay/x11-plugins/purple-plugin_pack/files/hide-stuff.patch">hide-stuff.patch</a></li>
 </ul>
 
 
-<h4>Host system RAM</h4>
+<h4>3.4.13 Host system RAM</h4>
 
-<p>When shutting down the system RAM is securely wiped. RAM can actually be read after the machine shuts off with the right equipment. The software doing this is smem, part of the <a href="http://www.thc.org/">secure-delete</a> package. This process can take a while. If you are booting from a CD it should eject, and if you are booting from a USB drive you can remove the drive once prompted. In either case you can leave the computer and let it finish on its own, or simply turn it off if you are not worrie about this attack.</p>
+<p>When shutting down the system RAM is securely wiped. RAM can actually be read after the machine shuts off with the right equipment. The software doing this is smem, part of the <a href="http://www.thc.org/">secure-delete</a> package. This process can take a while. If you are booting from a CD it should eject, and if you are booting from a USB drive you can remove the drive once prompted. In either case you can leave the computer and let it finish on its own, or simply turn it off if you are not worried about this attack.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/patches/secure_halt.patch">/var/patches/secure_halt.patch</a> (applied during build)</li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/var/patches/secure_halt.patch">/var/patches/secure_halt.patch</a> (applied during build)</li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
 </ul>
 
-<h4>Passwords</h4>
+<h4>3.4.14 Passwords</h4>
 
 <p>There are two users that are intended to be used for logins, '__INCOGNITO_USER__' and 'root'. Since this is a CD/USB the passwords are empty. This should not be a security concern because the user will remove the CD/USB when done and there should be no services allowing logins from the network. Suggestions for better solutions are welcome, though.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/fsscript.sh">fsscript.sh</a></li>
 </ul>
 
-<h4>Running __INCOGNITO__ in virtual machines</h4>
+<h3><a name="vm">3.5 Running __INCOGNITO__ in virtual machines</h3>
 
 <p>__INCOGNITO__ may of course be run in virtual machines. Due to the popularity of <a href="http://www.vmware.com/">VMWare</a> we include <a href="http://open-vm-tools.sourceforge.net/">open-vm-tools</a> (an open-source alternative to VMware tools) as well as special video and input divers for an improved user experience in that environment. Due to the closed-source nature of VMWare we try to encourage users of open VMs, like <a href="http://virtualbox.org/">VirtualBox</a> and <a href="http://fabrice.bellard.free.fr/qemu/">QEMU</a>, by making sure that these also work. In the case of VirtualBox both video and input drivers are included.</p>
 
 <p>Security concerns for all VMs are a keyloggers, viruses and other malware in the host OS which a guest OS like __INCOGNITO__ cannot defend against.</p>
 
-<h4>Running __INCOGNITO__ inside a Windows session</h4>
+<h3><a name="windows">3.6 Running __INCOGNITO__ inside a Windows session</h3>
 
 <p><a href="http://fabrice.bellard.free.fr/qemu/">QEMU</a> for Microsoft Window ships with __INCOGNITO__ and is used to run the CD/USB in a virtual machine whenever native boot is impossible or not desirable. Note that this will work for Windows 2000/XP or greater only.</p>
 
 
-<h3><a name="usb">Persistent User Settings for a USB drive</h3>
+<h3><a name="usb">3.7 Persistent User Settings for a USB drive</h3>
 
 <p>The CD may be copied to a USB drive. Why do that? USB drives are easier to carry, harder to break, offer file storage and persistent user settings between sessions. There is a script provided that will copy the CD to a USB drive and make the drive bootable. Note the script depends on the Gentoo LiveCD structure, it probably won't work when run on another LiveCD setup.</p>
 
-<p>The persistent home volume can be stored as a <a href="http://www.truecrypt.org">TrueCrypt</a> volume or unencrypted. For the Un*x savvy, the unencrypted volume is stored as an ext3 file on the USB drive. The file home.tc (TrueCrypt) or home.ext3.img (unencrypted) on the USB drive and can be removed to reset to the CD defaults or copied elsewhere for a backup. You will need to do a clean shutdown to make sure your settings are saved. When booting from a writable media and there is no home volume you will be prompted to create one, you may choose not to do so and to disable the feature altogether with the possibility to enable it again from within the GUI.</p>
+<p>The persistent home volume can be stored as a <a href="http://www.truecrypt.org">TrueCrypt</a> volume or unencrypted. For the Un*x savvy, the unencrypted volume is stored as an ext3 file on the USB drive. The file home.tc (TrueCrypt) or home.ext3.img (unencrypted) on the USB drive and can be removed to reset to the CD defaults or copied elsewhere for a backup. You will need to do a clean shut-down to make sure your settings are saved. When booting from a writeable medium and there is no home volume you will be prompted to create one, you may choose not to do so and to disable the feature altogether with the possibility to enable it again from within the GUI.</p>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/external-config-setup">/etc/init.d/external-config-setup</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-usb">/usr/sbin/create-usb</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-homevol">/usr/sbin/create-homevol</a></li>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/enable-persistent">/usr/sbin/enable-persistent</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/external-config-setup">/etc/init.d/external-config-setup</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-usb">/usr/sbin/create-usb</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/create-homevol">/usr/sbin/create-homevol</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/usr/sbin/enable-persistent">/usr/sbin/enable-persistent</a></li>
 </ul>
 
-<h3>Configuration copied from USB drive</h3>
+<h4>Configuration copied from USB drive</h4>
 
-<p>Certain configurations are copied from the USB drive on boot if no persistent drive is mounted. The following table lists the configuration, where it should exist on the USB drive and where it is copied into.</p>
+<p>Certain configurations are copied from the USB drive on boot if no persistent drive is mounted. Note that this feature is pretty secret at the moment. A more elaborate and general filesystem overlaying thing is in the works as a replacement.</p>
 
+<p>The following table lists the configuration, where it should exist on the USB drive and where it is copied into.</p>
+
 <table border="1">
 <tr><th align=left>Software</th><th align=left>USB drive location</th><th align=left>Destination</th></tr>
 <tr><td>OpenVPN</td><td>/keys/openvpn</td><td>/etc/openvpn</td>
@@ -427,26 +579,26 @@
 </table>
 
 <ul>
-<li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/external-config-setup">/etc/init.d/external-config-setup</a></li>
+  <li><a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/external-config-setup">/etc/init.d/external-config-setup</a></li>
 </ul>
 
 
-<h3><a name="hidden">Hidden Services</h3>
+<h3><a name="hidden">3.8 Hidden Services</h3>
 
 <p>Hidden HTML content may be served if running from an USB drive. Content is limited to static HTML pages. The content is stored in the home directory and so takes advantage of TrueCrypt encryption. The directory structure follows.</p>
 
-<dl>
-<dt>/home/hidden/[name]</dt>
-<dd>Base directory for hidden content where [name] can be anything (sane) that you'd like.</dd>
-<dt>/home/hidden/[name]/conf</dt>
-<dd>Configuration directory mostly used for Tor hidden service information. It will include the hostname and private key, keep it safe, i.e. don't copy it over to your buddy's USB drive.</dd>
-<dt>/home/hidden/[name]/conf/port</dt>
-<dd>Optional port for the hidden service. This is what you'd give out to others. If you will have multiple services it is best to specify the port. The default is 80, increasing from there for each additional service.</dd>
-<dt>/home/hidden/[name]/conf/torrc</dt>
-<dd>Optional config to append to /etc/tor/torrc after the hidden service description. An example would be a HiddenServiceNodes directive, etc.</dd>
-<dt>/home/hidden/[name]/www</dt>
-<dd>The HTML content. Use index.html for your default page.</dd>
-</dl>
+<ul>
+<li>/home/hidden/[name]</li>
+<p>Base directory for hidden content where [name] can be anything (sane) that you'd like.</p>
+<li>/home/hidden/[name]/conf</li>
+<p>Configuration directory mostly used for Tor hidden service information. It will include the hostname and private key, keep it safe, i.e. don't copy it over to your buddy's USB drive.</p>
+<li>/home/hidden/[name]/conf/port</li>
+<p>Optional port for the hidden service. This is what you'd give out to others. If you will have multiple services it is best to specify the port. The default is 80, increasing from there for each additional service.</p>
+<li>/home/hidden/[name]/conf/torrc</li>
+<p>Optional config to append to /etc/tor/torrc after the hidden service description. An example would be a HiddenServiceNodes directive, etc.</p>
+<li>/home/hidden/[name]/www</li>
+<p>The HTML content. Use index.html for your default page.</p>
+</ul>
 
 <p>The <a href="<!-- #homepage(www-servers/lighttpd) -->">lighttpd</a> server is used to serve the content. Configuration of the server is done at boot time in the <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/init.d/hidden-service">/etc/init.d/hidden-service</a> init script.</p>
 <p>The host name to use for the hidden service can be found in the /home/hidden/[name]/conf/hostname file for that service. This file is created by the Tor software when configuring the hidden service. The host name will be the same across sessions and machines as it and the private key are stored in the /home/hidden/[name]/conf directory.</p>
@@ -460,37 +612,37 @@
 </ul>
 
 
-<h2><a name="maintenance">Maintenance</h2>
-<blockquote>(How to keep the implementation current for anonymity, security and usefulness.)</blockquote>
+<h3><a name="build">3.9 Build process and maintenance</h3>
 
-<p>The Gentoo Catalyst release build tool is used to build the CD. This tool is designed to make the CD easy to maintain. For an update of only the Tor software it takes a simple version bump and 30 minutes for the tiny CD, two hours for the full version. Human effort is minimal, Catalyst does most of the work. A full update of all software takes several hours to compile, but this is seldom done or needed and again generally requires little human effort. Adding or removing software to/from the CD is also generally trivial.</p>
+<p>The Gentoo Catalyst release build tool is used to build __INCOGNITO__. This tool is designed automate the build process of the target distribution, which also make them easy to maintain. Since essentially everything is compiled from sources, building __INCOGNITO__ from scratch takes several hours or even a few days to complete. But this is seldom done or needed and catalyst makes it possible to cache already built packages so they need not be compiled again. Adding or removing software to/from the distribution is also generally trivial but might require altering the ebuild or writing new ones.</p>
 
+<p>For detailed instructions on how to build and modify __INCOGNITO__, see <code>building.html</code> and <code>hacking.html</code> in the source root.</p>
+
 <p>The following applications are kept up to date as soon as possible. Others may be updated sooner if a major security problem occurs (Firefox, Thunderbird etc.)</p>
 
 <ul>
-<li>Tor</li>
-<li>TorK</li>
-<li>Vidalia</li>
-<li>Polipo</li>
-<li>Mixminion</li>
+  <li>Tor (stable releases only)</li>
+  <li>TorK</li>
+  <li>Vidalia</li>
+  <li>Polipo</li>
+  <li>Mixminion</li>
 </ul>
 
 <p>Remaining applications, including the base system, will be updated to whatever Portage deems is stable in each new release. It takes a long time to compile everything from scratch and sometimes there are problems that need to be addressed. Most of the packages are marked stable by Gentoo so there are not many problems.</p>
 
 
-<h2><a name="caveats">Caveats</h2>
-<blockquote>Side effects of the implementation that may be undesirable.</blockquote>
+<h3><a name="caveats">3.10 Caveats</h3>
 
-<p>UDP is a problem. The Tor software does not provide anonymity using UDP yet. Outgoing UDP packets are dropped altogether.</p>
+<p>UDP is a problem. The Tor network does not support UDP yet, only TCP. Outgoing UDP packets are dropped altogether by netfilter for this reason.</p>
 
 <p>When using a USB drive your user settings are stored on the drive unsecured. If any personal information is stored by the applications you use then you must keep your drive secure from potential threats, for example by using the optional encryption and a strong passphrase.</p>
 
 
-<h2><a name="security">Security</h2>
-<blockquote>Agreements and disagreements with our approach or implementation.</blockquote>
+<h2><a name="security">4 Security</h2>
 
 <p>(It would be great to have links to peer reviews here.)</p>
 
+
 </body>
 
 </html>

Modified: incognito/branches/hardened/root_overlay/usr/share/incognito/walkthrough/walkthrough.html
===================================================================
--- incognito/branches/hardened/root_overlay/usr/share/incognito/walkthrough/walkthrough.html	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/root_overlay/usr/share/incognito/walkthrough/walkthrough.html	2008-09-01 16:34:57 UTC (rev 16717)
@@ -27,6 +27,7 @@
 		<li><a href="#misc">Other applications</a>
 		<li><a href="#macchanger">Enabling MAC changer</a>
 		<li><a href="#usb">Running __INCOGNITO__ from USB</a>
+		<li><a href="#persistent">Persistent home directory</a>
 		<li><a href="#cold">Protection against cold boot attacks</a>
 		<li><a href="#vm">__INCOGNITO__ and Virtualization</a>
 		<li><a href="#windows">Running __INCOGNITO__ from within Microsoft Windows</a>
@@ -48,7 +49,7 @@
 	character; the state of being in disguise or not recognized.
 </ol>
 
-<p>__INCOGNITO__ is an open source <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro</a> based on <a href="http://www.gentoo.org/">Gentoo Linux</a> assisting you to securely and anonymously use the Internet almost anywhere you go, e.g. your home, work, university, favourite Internet caf&eacute; or local library. __INCOGNITO__ is designed to be used from either a CD or a <a href="#usb">USB drive</a> and has several Internet applications (Web browser, IRC client, Mail client, Instant messenger, etc.) pre-configured with security in mind, and all Internet traffic will be anonymized. To use it, you simply insert the CD or USB that you have installed __INCOGNITO__ on in a computer and restart it. __INCOGNITO__ should then start as an independent operating system instead of Microsoft Windows or whatever operating system you have installed. It is also possible to run __INCOGNITO__ as a guest operating system inside Microsoft Windows by simply inserting the media while Windows is running which should present you with a menu.</p>
+<p>__INCOGNITO__ is an open source <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro</a> based on <a href="http://www.gentoo.org/">Gentoo Linux</a> assisting you to securely and anonymously use the Internet almost anywhere you go, e.g. your home, work, university, favourite Internet caf&eacute; or local library. __INCOGNITO__ is designed to be used from either a CD or a <a href="#usb">USB drive</a> and has several Internet applications (Web browser, IRC client, Mail client, Instant messenger, etc.) pre-configured with security in mind, and all Internet traffic will be anonymized. To use it, you simply insert the CD or USBdrive that you have installed __INCOGNITO__ on in a computer and restart it. __INCOGNITO__ should then start as an independent operating system instead of Microsoft Windows or whatever operating system you have installed. It is also possible to run __INCOGNITO__ as a guest operating system inside Microsoft Windows by simply inserting the media while Windows is running which should present you with a menu.</p>
 
 <p>__INCOGNITO__ is Free Software released under the GNU/GPL (version 2).</p>
 
@@ -83,7 +84,7 @@
 
 <p>In the lower right corner you will find something referred to as the system tray, or simply systray, that has a couple of icons in it, each which offers an interface for some running application. One of them helps you keep an eye on the battery level if you run from a laptop, one allows to instantly change the keyboard layout, and one helps you control the network settings, for instance. You are encouraged to check them out, but we will say more about some of them later on in this article. You will also see a clock showing the time in UTC (Greenwich Mean Time) which might not be appropriate for your location. To make it show your local time, right-click it and choose &quot;Show timezone&quot; and either choose one of the timezones available there or add a new one with the &quot;Configure timezones...&quot; option.</p>
 
-<p>Some other important things that need to be understood before proceeding are the concepts of <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro, LiveCD and LiveUSB</a>. In essence a LiveDistro is an operating system (like Windows or Mac OS X, although __INCOGNITO__ uses Linux) that is run from some removable media like a CD or USB memory stick. Most likely you are running __INCOGNITO__ from a CD, which makes it into a LiveCD, and this brings some limitations to its operation. Most importantly, since the CD is a read-only medium once it has been burned by your CD recording software no changes persist through reboots. So, if you download a file or make some application settings they will be gone once you shut-down. This is both good and bad &ndash; on the plus side, if you screw up anything or get a virus, the system will be restored once you have restarted it. But not being able to save stuff is of course inconvenient in some cases. If you find it frustrating you might want to run __INCOGNITO__ from and USB memory stick instead, making it into a LiveUSB. Since a USB memory stick is writeable medium it is possible to make it so that the changes persist through reboots. You can read more about this and its implications <a href="#usb">later</a> in this walkthrough.</p>
+<p>Some other important things that need to be understood before proceeding are the concepts of <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro, LiveCD and LiveUSB</a>. In essence a LiveDistro is an operating system (like Windows or Mac OS X, although __INCOGNITO__ uses Linux) that is run from some removable media like a CD or USB drive. Most likely you are running __INCOGNITO__ from a CD, which makes it into a LiveCD, and this brings some limitations to its operation. Most importantly, since the CD is a read-only medium once it has been burned by your CD recording software no changes persist through reboots. So, if you download a file or make some application settings they will be gone once you shut-down. This is both good and bad &ndash; on the plus side, if you screw up anything or get a virus, the system will be restored once you have restarted it. But not being able to save stuff is of course inconvenient in some cases. If you find it frustrating you might want to run __INCOGNITO__ from a USB drive instead, making it into a LiveUSB. Since a USB drive is writeable medium it is possible to make it so that the changes persist through reboots. You can read more about this and its implications <a href="#usb">later</a> <a href="#persistent">on</a> in this walkthrough.</p>
 
 
 <h3><a name="nm"></a>Networking with NetworkManager</h3>
@@ -239,24 +240,51 @@
 
 <h3><a name="usb"></a>Running __INCOGNITO__ from USB</h3>
 
-<p>Running __INCOGNITO__ from a CD has its virtues but it certainly also have its limitations. While CDs are portable they usually do not fit in your pocket in a comfortable manner. But a USB memory stick certainly fits any pocket or your key ring. In addition, CDs are read-only and thus no data can be saved to them, but that is, again, not the case with USB memory sticks. However, storing sensitive data on a USB memory stick could be dangerous if it got into the wrong hands. Similarly, if we get a virus or manages to damage the system in other ways, the system is tainted or unusable from that point and all consecutive boots, either with or without your knowledge. Clearly that is not good.</p>
+<p>Running __INCOGNITO__ from a CD has its virtues but it certainly also have its limitations. While CDs are portable they usually do not fit in your pocket in a comfortable manner. But a USB memory stick certainly fits any pocket or your key ring. In addition, CDs are read-only and thus no data can be saved to them, but that is, again, not the case with USB drives. However, storing sensitive data on writeable media could be dangerous if it got into the wrong hands. Similarly, if we get a virus or manages to damage the system in other ways, the system is tainted or unusable from that point and all consecutive boots, either with or without your knowledge. Clearly that is not good.</p>
 
-<p>It is actually possible to get the best out of these two worlds at the same time. When running __INCOGNITO__ from a USB memory stick you have the option to create an encrypted container wherein your home directory is stored so that any files stored and settings made are saved persistently. If you use a good password this deals with the dangers of storing sensitive data on it. But what about virus threats and the like? Well, when running from a USB memory stick, the system files are still set up to not be persistently writeable. It is only your home directory which will be persistent.</p>
+<p>It is actually possible to get the best out of these two worlds at the same time. When running __INCOGNITO__ from a USB drive you have the option to create an encrypted container wherein your home directory is stored so that any files stored and settings made are saved persistently. If you use a good password this deals with the dangers of storing sensitive data on it. For more information on this, see the section on using a <a href="#persistent">persistent home directory</a>. But what about virus threats and the like? Well, when running from a USB drive, the system files are still set up to not be persistently writeable. It is only your home directory which will be persistent.</p>
 
-<p>In order to get __INCOGNITO__ running on USB you currently have to get the usual LiveCD installation first. Once __INCOGNITO__ has started up from CD you will find a short cut to an installation guide in the &quot;__INCOGNITO__&quot; section of the K menu, aptly called &quot;Install __INCOGNITO__ to USB&quot;. The guide will tell you about your options and is self contained, and in most cases you only need to insert a USB memory stick and hit the OK button to get it done. Then you restart the computer without the CD in, but with the USB memory stick connected instead. __INCOGNITO__ will start to boot just like from the CD but at a certain point a guide will start asking about if you want a persistent home directory or not. The encryption we mentioned earlier is optional but definitely recommended.</p>
+<p>In order to get __INCOGNITO__ running from USB you currently have to get the usual LiveCD installation first. Once __INCOGNITO__ has started up from CD you will find a short cut to an installation guide in the &quot;__INCOGNITO__&quot; section of the K menu, aptly called &quot;Install __INCOGNITO__ to USB&quot;. The guide will tell you about your options and is self contained, and in most cases you only need to insert a USB drive and hit the OK button to get it done. Then you restart the computer without the CD in, but with the USB drive connected instead, and __INCOGNITO__ shouöd start to boot just like from the CD.</p>
 
-<p>The encryption is protected with a password, so it is very important to choose a strong password. But what is a strong password? Of course, there are many different opinions on that. What can be said is that to utilize the encryption algorithm used to its full extent you will need a password consisting of 40 randomly chosen characters of those available on the standard (western) keyboard layout, which have around 90 different characters. Such a password should remain uncrackable for the remainder of this universe's life span and the same goes for the actual encryption. Of course, such a password is almost impossible to memorize, so you will probably have to go for something shorter. 20 random characters is probably more than enough. It can also help to device mnemonics to help remember them but stay away from dictionary words of any language you know. Be creative! If you need help with generating the passwords you should check out <a href="#keepassx">KeePassX</a>'s built-in password generator.</p>
+<h3><a name="persistent"></a>Persistent home directory</h3>
 
+<p>At a certain point when <a href="#usb">booting __INCOGNITO__ from USB</a> you will be prompted with the question if you want a persistent home directory or not. As mentioned elsewhere in this document, that will allow you to save files and applications settings between shutdowns, which is not normally the case. Naturally, saving sensitive stuff could be dangerious if it got into the wrong hands, so the use of encryption i highly recommended.</p>
 
+<p>As you progress through the guided setup of the persistent home directory you will be asked as few questions and given some simple instructions, and some of these might need to be commented a bit:</p>
+
+<h4>Size</h4>
+
+<p>Early on you will be asked for the size of the &quot;home volume&quot;, which will be a file stored on the USB drive that in turn will store you files. There are a few constraints on this size, like a minimum size necessary to fit the initial application settings and files that are part of __INCOGNITO_USER__ users's home directory. There is also a maximum size, which is the lowest of the space available on the drive, and 4 GB (this is because of technical reasons &ndash; files larger than 4 GB will not work).</p>
+
+<h4>Encryption</h4>
+
+<p>It cannot be emphasized enough; use encryption! The encryption is protected with a password, so it is very important to also choose a strong password. But what is a strong password? Of course, there are many different opinions on that. What can be said is that to utilize the encryption algorithm used to its full extent you will need a password consisting of 40 randomly chosen characters of those available on the standard (western) keyboard layout, which have around 90 different characters. Such a password should remain uncrackable for the remainder of this universe's life span and the same goes for the actual encryption. Of course, such a password is almost impossible to memorize, so you will probably have to go for something shorter. 20 random characters is probably enough. It can also help to device mnemonics to help remember them but stay away from dictionary words of any language you know. Be creative! If you need help with generating the passwords you should check out <a href="#keepassx">KeePassX</a>'s built-in password generator.</p>
+
+<p>If you use encryption (which you should) you will be prompted for the password during boot. One thing that might strike you as odd is that it is possible to enter two passwords. The reason for that will be clarified in the next section, but normally you just type in your password in one of them (which one doesn't matter) and press ENTER to continue.</p>
+
+<h4>Hidden volumes</h4>
+
+<p>In certain countries you may be legally forced to hand over encryption keys or passwords, or otherwise facing penal charges. Clearly this might defeat the whole purpose of using encryption, but luckily there is a solution based on <a href="http://en.wikipedia.org/wiki/Plausible_deniability">plausible deniability</a>.</p>
+
+<p>The idea is to create a so called hidden volume which resides in the free space of the normal (or outer) volume, and using two different passwords to access either of them; the normal password grants access only to the normal volume and the hidden password grants access only to the hidden volume. Given the normal password there is no way to tell whether the hidden volume exists or not &ndash; the hidden password is required for that. The point of all this is that you may hand over the normal password to the authorities and keep the hidden password secret, and they will not be able to tell whether you are fooling them or not. Hence you get plausible deniability.</p>
+
+<p>Setting up the hidden volume using the guided setup is pretty straight forward. You will be asked how large it should be, and since it is stored within the normal volume it must be smaller, but it is important that you leave some additional in order to make room on the normal volume. You will need to use the normal volume sometomes to do innocent things so that it looks used, otherwise the authorities will not believe you. However, when you do that by just specifying the normal password you may damage the hidden volume as it resides in the free space. Luckily you can supply both passwords at the same time, which will open the normal volume but make it aware of the hidden volume so you cannot damage it. So, whenever you are using the normal volume to make it look used, enter both passwords (one in each field at the password prompt, and order doesn't matter).</p>
+
+<p> Naturally, you will also be asked for an additional password for the hidden volume, and as always you should choose a good, strong password. However, for the normal volume you can choose may choose a weaker password that's easier to remember &ndash; it only needs to be good enough to fool the authoroties that it is the real password. But remember to <b>never</b> give the hidden password to anyone else, or even mention to anybody that you are using a hidden volume or have two passwords.</p>
+
+
 <h3><a name="cold"></a>Protection against cold boot attacks</h3>
 
 <p>What happens if the police knocks on your door when you are running __INCOGNITO__? This is a tough one to deal with, and there is not that much that can be done actually. If you are really unlucky they have brought with them freeze spray and other equipment which can be used to mount a <a href="http://en.wikipedia.org/wiki/Cold_boot_attack">cold boot attack</a>. This is done in order to get the contents of your RAM. Due to how modern computing works, basically everything that you have been doing for a good whike is stored in the RAM, so all information &ndash; including passwords, encryption keys and the secret plans you wrote in a text editor but then erased &ndash; may be stored in it in plain text. The more resent the activity, the more likely it is that it is still in the RAM.</p>
 
-<p>RAM is usually considered to be extremely volatile, meaning that the data it stores starts to disintegrate rapidly once power is removed. However, it has been shown that the data might be recoverable for seconds or even minutes after this happens, and apparently freeze spray can be used to increase that period significantly. Once the power is restored the RAM state will keep getting refreshed, so if the power supply is portable the removed RAM modules' contents are in the hands of the attacker. Alternatively the computer can simply be reset (i.e. switched off and back on quickly), which barely even affects the power. Then a tiny LiveCD system is loaded with the ability to dump the RAM to some writeable media. In both cases the RAM contents can be analysed in a computer forensics laboratory which might turn into a major disaster depending on what they find.</p>
+<p>RAM is usually considered to be extremely volatile, meaning that the data itstores starts to disintegrate rapidly once power is removed. However, it has been shown that the data might be recoverable for seconds or even minutes after this happens, and apparently freeze spray can be used to increase that period significantly. Once the power is restored the RAM state will keep getting refreshed, so if the power supply is portable the removed RAM modules' contents are in the hands of the attacker. Alternatively the computer can simply be reset (i.e. switched off and back on quickly), which barely even affects the power. Then a tiny LiveCD system is loaded with the ability to dump the RAM to some writeable media. In both cases the RAM contents can be analysed in a computer forensics laboratory which might turn into a major disaster depending on what they find.</p>
 
-<p>So, what should you do when you hear them knocking? You should calmly make a clean shut-down of __INCOGNITO__ using the &quot;Log out&quot; option in the K menu, then selecting &quot;Turn off computer&quot; in the window that appears. Then you wait, possibly trying to buy valuable time by barricading your door. The reason for this is that one of the last things __INCOGNITO__ does before shutting down completely is filling the RAM with random junk, thus erasing everything that was stored there before. Unfortunately this might take a couple of minutes depending on the speed of your processor and the amount of RAM installed, so while this clearly is not a perfect solution it seems it might be the best thing to do.</p>
+<p>So, what should you do when you hear them knocking? You should calmly make a clean shut-down of __INCOGNITO__ using the &quot;Log out&quot; option in the K menu, then selecting &quot;Turn off computer&quot; in the window that appears. Then you wait, possibly trying to buy valuable time by barricading your door. There are two reasons for this:<p>
 
-<p>In general this is of equal concern to both CD and USB users, but there is one exception. If you run from USB and use an encrypted home partition you are not safe any longer. The key will be stored in RAM if you did not have time to shut-down __INCOGNITO__ cleanly. As such, a cold boot attack against a system with mounted encrypted partitions is very severe as it likely gives the attackers access to all data stored on them.</p>
+<ol>
+  <li>If you are using an encrypted persistent home partition, the master encryption key will be cleared from RAM, preventing the intruders from getting it.</li>
+  <li>One of the last things __INCOGNITO__ does before shutting down completely is filling the RAM with random junk, thus erasing everything that was stored there before. Unfortunately this might take a couple of minutes depending on the speed of your processor and the amount of RAM installed, so while this clearly is not a perfect solution it seems it might be the best thing to do.</li>
+</ol>
 
 <p>As far as the authors know cold boot attacks are not standard procedure within law enforcements and similar organisations anywhere in the world yet, but it might still be good to be prepared and stay on the safe side.</p>
 

Modified: incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js
===================================================================
--- incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js	2008-09-01 16:34:57 UTC (rev 16717)
@@ -62,6 +62,7 @@
 user_pref("app.update.auto", false);
 
 /* Disable extension updates. */
+user_pref("extensions.blocklist.enabled", false);
 user_pref("extensions.update.enabled", false);
 user_pref("extensions.update.notifyUser", false);
 
@@ -70,7 +71,9 @@
 user_pref("network.http.max-persistent-connections-per-proxy", 16);
 user_pref("network.http.pipelining", true);
 user_pref("network.http.pipelining.maxrequests", 8);
+user_pref("network.http.proxy.keep-alive", true);
 user_pref("network.http.proxy.pipelining", true);
+user_pref("network.prefetch-next", false);
 
 /* No should be used for local addresses (not even the transparent proxy) */
 user_pref("network.proxy.no_proxies_on", "localhost, 10.0.0.0/8,  172.16.0.0/12, 192.168.0.0/16,  127.0.0.0/9, 127.128.0.0/10");

Modified: incognito/branches/hardened/root_overlay/var/lib/kdesession/torkrc
===================================================================
--- incognito/branches/hardened/root_overlay/var/lib/kdesession/torkrc	2008-09-01 16:32:38 UTC (rev 16716)
+++ incognito/branches/hardened/root_overlay/var/lib/kdesession/torkrc	2008-09-01 16:34:57 UTC (rev 16717)
@@ -1,71 +1,15 @@
-[FirewallEvasion]
-ReachableAddresses=
-
-[MainWindow]
-Height 1024=649
-Width 1280=790
-
-[MainWindow Toolbar MoreToolBar]
-Hidden=true
-IconText=IconOnly
-Index=2
-Offset=-1
-
-[MainWindow Toolbar TorToolBar]
-IconText=IconOnly
-Index=1
-
-[MainWindow Toolbar mainToolBar]
-Index=0
-
-[MyServer]
-NickName=TorKServer
-
 [RunningNormal]
 DataDirectory=/var/lib/tor/
 Group=tor
 User=__INCOGNITO_USER__
 
-[Servers]
-MapAddress=
-
-[TipOfDay]
-TipLastShown=
-
-[TorKOSD Position]
-Position=1000,700
-Screen=0
-
 [Usability]
 CookieAuthentication=true
-LongLivedPorts=5190,21,5222,5050,22,23
-TrackHostExits=
 
 [UsedDirectly]
 AvailablePrograms=
-BandwidthSlots=
-CurrentEntryNodes=
-CurrentExcludeNodes=
-CurrentExitNodes=
-DefaultRunningNormalOptions=false
-FilterRules=button_ok%:%Route all DNS TCP Requests to Tor. %:% iptables -t nat -I OUTPUT -o ! lo -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.1:9040 -m comment --comment "Redirect TCP DNS Requests to Tor" ,button_ok%:%Route all DNS UDP Requests to Tor. %:% iptables -t nat -I OUTPUT -o ! lo -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:9999 -m comment --comment "Redirect UDP DNS Requests to Tor"
-KonqFtpProxy=127.0.0.1
-KonqFtpProxyPort=8118
-KonqHttpProxy=127.0.0.1
-KonqHttpProxyPort=3128
-KonqHttpsProxy=127.0.0.1
-KonqHttpsProxyPort=3128
-LogNonTorTraffic=true
+LogNonTorTraffic=false
 LogTorTraffic=true
-NetstatLocation=torknetstat
-OriginalCookies=false
-OriginalEnableJava=false
-OriginalEnableJavascript=false
-OriginalEnablePlugins=false
-OriginalFtpProxy=127.0.0.1
-OriginalHttpProxy=http://127.0.0.1:3128
-OriginalHttpsProxy=http://127.0.0.1:3128
-OriginalProxyType=1
 QuickConfigure=7
 ShowApplySettingsQuestions=false
 ShowDNSLeaks=false
@@ -73,7 +17,3 @@
 SystemProxy=true
 TorLocation=/usr/bin/tor
 TorkProxy=false
-
-[UsingTor]
-SOCKSBindAddressMany=
-SOCKSPolicy=

