Flesh out help

src/main/resources/help-index.html

@@ -1,5 +1,12 @@
-<html>
+<!DOCTYPE html>
+<html lang="en">
   <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+    <title>Numbers Station Help</title>
+
+    <link rel="stylesheet" href="style.css">
   </head>
   <body>
     <h1>Numbers Station Help</h1>
@@ -10,16 +17,216 @@
 
     <img src="overview.png"/>
 
+    <h2 class="caution">Caution</h2>
+      <p>
+        This application assumes you will be using your own encryption scheme where the encrypted messages are made up of digits 0-9. Typically these will be one-time pad messages such as described <a href="https://nathanmcrae.name/blog/practical-one-time-pad.html">here</a>. This application performs no encryption of it's own and should not be trusted with unencrypted messages.
+      </p>
+
     <h2>Quick Start</h2>
 
     <p>
-      Do it!
+      Before you start, you'll need to have a method of encrypting messages. Unencrypted messages should never be entered into the application. For a method to securely encrypt messages, see <a href="https://nathanmcrae.name/blog/practical-one-time-pad.html">here</a>.
+    </p>
+
+    <p>
+      For the sake of example, this will walk you through setting up a wordpress blog and creating a numbers station which will periodically post to it. There are also other options for uploading posts.
+    </p>
+
+    <h3>Start a Wordpress.com Blog</h3>
+
+    <p>
+      Wordpress is free blogging software, and one of the most popular at that. Many web hosts provide wordpress blogs for free and Wordpress.com is just one of those hosts, but that's the one we're going to use for this example since it's fairly straightforward.
+    </p>
+
+    <ol>
+      <li>
+        Go to <a href="https://wordpress.com/start/free">wordpress.com</a>
+      </li>
+      <li>
+        Create an account using whatever method you prefer
+        <ul>
+          <li>It will prompt you to search for a domain to rent, but you don't need one. To skip that, start a domain search and at the bottom select the 'Choose my domain later'</li>
+        </ul>
+      </li>
+      <li>
+        For 'What would you like to create?' at the bottom, press 'Skip to dashboard'
+        <ul>
+          <li>You should now have a basic wordpress site</li>
+        </ul>
+      </li>
+      <li>
+        You will need a password in order to allow the Numbers Station application to post for you. Go you your Wordpress.com account settings and under Security, set a password.
+        <ul>
+          <li>You may need to verify you email in order to post</li>
+        </ul>
+      </li>
+    </ol>
+
+    <h3>Set up a Numbers Station</h3>
+
+    <img src="station-settings.png"/>
+
+    <p>
+      Now that you have a blog to post to, you will need to set up your numbers station settings.
+    </p>
+
+    <ol>
+      <li>
+        <a href="https://git.nathanmcrae.name/nathanmcrae/numbers-station">Download</a>, install, and run the Numbers Station application
+      </li>
+      <li>
+        Select or create your desired station in the 'Select Station' dialog
+      </li>
+      <li>Open 'Station Settings'</li>
+      <li>Set connection information
+        <ol>
+          <li>
+            Choose the 'Wordpress option'
+          </li>
+          <li>
+            Enter your blog address (which can be found by selecting 'Visit Site' from the Wordpress.com dashboard) ending with <code>/xmlrpc.php</code>
+            <ul>
+              <li>So if your Wordpress.com site is <code>example.wordpress.com</code>, then the address to enter would be <code>https://example.wordpress.com/xmlrpc.php</code></li>
+              <li>Note that other wordpress instances may need XML-RPC to be enabled for this to work. Please see documentation for your instance.</li>
+            </ul>
+          </li>
+          <li>
+            Enter your Wordpress.com username (your email address if you registered with email) and password
+            <p class="caution">Your password is stored in your user files. Anyone with access to your user files would also be able to post to the blog</p>
+          </li>
+          <li>
+            Press the 'Test connection' button
+          </li>
+        </ol>
+      </li>
+      <li>
+        Set schedule
+        <ul>
+          <li>Your schedule will start at the given date and time, and will publish a message to the station on the given period (daily, weekly, monthly)</li>
+        </ul>
+      </li>
+      <li>
+        Set other options (See application reference for details)
+      </li>
+      <li>TODO: test post</li>
+    </ol>
+
+    <h3>
+      Set a message for delivery
+    </h3>
+
+    <p>
+      Once you save your station settings, the application should now run on the given schedule and upload messages. Each time it runs it will generate a random message to be sent next time. Whenever you would like to send a real message, all you need to do is replace the stored one with the real message.
+    </p>
+
+    <ol>
+      <li>
+        Open the application and select the station you want to send a message via
+      </li>
+      <li>
+        The main window will show the current message which will be sent next. To replace it, simply type in the real message (which should already be encrypted).
+      </li>
+      <li>
+        Press 'Set as next message'
+      </li>
+    </ol>
+
+    <p>
+      Now the real message is saved and will be sent at the next appointed time.
     </p>
 
     <h2>Motivation</h2>
 
     <p>
-      Because it's fun
+      Suppose you have secret messages you are sending. Even if you are able to encrypt your messages perfectly, an adversary will still be able to tell <i>when</i> messages are sent which can reveal important information.
+    </p>
+    <p>
+      Suppose you are planning a protest and send many messages in the days leading up to the protest. For someone monitoring your communication, even if they don't know the content of the messages they can guess that you were somehow involved in the protest.
+    </p>
+    <p>
+      The solution to this problem is to send messages regularly. The messages can just be dummies most of the time, but then when you need to send a real message, an adversary won't be able to tell that anything is different.
+    </p>
+    <p>
+      This is the technique used by <a href="https://en.wikipedia.org/wiki/Numbers_station">numbers stations</a>, which are radio stations suspected to be run by governments to send messages to their spies abroad. The reason they are so mysterious is also the reason they are so effective: you have no idea if or when they are sending a real message.
+    </p>
+ <p>
+      --
+
+      The main requirement is that the messages which you do send are indistinguishable from random messages because otherwise an adversary could tell the real and fake messages apart.
+    </p>
+
+    <h2>Application Reference</h2>
+
+    <h3>Main Window</h3>
+
+    <img src="main-window-labelled.png"/>
+
+    <p>
+      The main window shows a label for the current station name (1) and a button to open the station selection window (2). The 'Settings' button (3) opens application settings, while the 'Station Settings' (5) button opens settings specific to the current selected station. The 'Help' button (4) should open this help document.
+    </p>
+
+    <p>
+      The message display area (6) shows the contents of the message which will be sent at the next scheduled time. This message can be edited, and then saved via (7).
+    </p>
+
+    <h3>Station Selection Window</h3>
+
+    <img src="station-selection-window.png"/>
+
+    <h3>Station Settings Window</h3>
+
+    The station name can be edited as well as group size used to break up messages for display.
+
+    Choosing the message length is important. You should aim to use a message length longer than the longest message you will send via the station. Ideally you should never have to adjust the message length after a station has started regular usage.
+
+    <h4>Upload Settings</h4>
+
+    <p class="caution">
+      The username an password entered here are stored unencrypted. Anyone with access to your computer account would be able to access the resources accessible via the credentials.
+    </p>
+
+    <p>
+      Currently two method of upload are supported: SFTP and wordpress.
+    </p>
+
+    <p>
+      SFTP uploads the file to the specified server as <code>www/message.txt</code>. It also generates an atom feed file and uploads it as <code>www/feed.xml</code> (subsequent runs will add to the feed file instead of overwriting it).
+    </p>
+
+    <p>
+      Wordpress will upload the message directly to the specified wordpress blog using XML-RPC. XML-RPC should be available on most wordpress installations, though it may need to be enabled.
+    </p>
+
+    <p>
+      Alternatively you can opt to run an external program to handle the message. The external program/script will recieve the path to message file as an argument. You could use this to run the message through a blog generator such as Pelican (Note that the external program will have to handle uploading the message as well).
+    </p>
+
+    <h4>Prefixes</h4>
+
+    <p>
+      Prefixes provide a way for the randomly generated messages to avoid using valid message identifiers. To do this, simply add message identifiers to the prefix list, dummy messages will subsequently be generated ensuring they don't start with the listed prefixes.
+    </p>
+
+    <p>
+      For background, one-time pad cypers typically use a message identifier as the first part of the message. This allows the recipient to determine which one-time pad to use for decryption. If a dummy message generated randomly accidentally starts with a valid message identifier, then the recipient might try to decrypt a nonsense message resulting in confusion.
+    </p>
+
+    <p>
+      The downside of storing the prefixes on the computer is that anyone with access to the computer (e.g. via malware) would be able to tell when a real message was sent (vs. otherwise they might only know <b>that</b> secret messages are likely being sent).
+    </p>
+
+    <p>
+      The alternative to providing prefixes is to use one-time pads with long enough message identifiers that the odds of a random message colliding with them is negligible.
+    </p>
+
+    <h4>Message Schedule</h4>
+
+    <p>
+      From the given start date and time, each station is run on the specified period. This means that it will upload the stored message according to the upload settings, then a new dummy message will be generated for the next time the station is run.
+    </p>
+
+    <p>
+      If the "Manage schedule externally" checkbox is ticked, then the Numbers Station application won't schedule the station to run. Instead, an external scheduler (e.g. Windows Task Scheduler, or cron for *nix systems) can be used. The station can be triggered by running <code>{numbers station executable} --station "{station name}"</code>. The application executable path can be found in the about screen.
     </p>
   </body>
 </html>

src/main/resources/style.css

@@ -0,0 +1,46 @@
+.caution {
+    background-color: #fff3cd;
+    border-color: #ffeeba;
+    color: #856404;
+    border: 1px solid transparent;
+    border-radius: 4px;
+    padding: 1rem;
+    margin: 20px 0;
+}
+
+.caution::before {
+    content: "⚠ ";
+    Cautio
+    margin-right: 8px;
+}
+
+body {
+    font-family: system-ui, -apple-system, sans-serif;
+    line-height: 1.6;
+    color: #333;
+    max-width: 800px;
+    margin: 0 auto;
+    padding: 20px;
+}
+
+code {
+    background-color: #f5f5f5;
+    border-radius: 4px;
+    overflow-x: auto;
+    font-family: monospace;
+    margin: 20px 0;
+}
+
+h1, h2, h3 {
+    color: #222;
+    margin-bottom: 1rem;
+}
+
+img {
+    width: 100%;
+    max-width: 30em;
+}
+
+p {
+    margin-bottom: 1rem;
+}