RecentChanges

diff --git a/software/zfs.md b/software/zfs.md
index 68afc10f..83e625d8 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -108,6 +108,9 @@ with standard LUKS instead of ZFS encryption:
     documentation](https://www.truenas.com/docs/references/draidprimer/) doesn't recommend dRAID except in special
     circumstances.
 
+    [This guide](https://calomel.org/zfs_raid_speed_capacity.html) talks more about the different RAID types and
+    compares performance.
+
  5. Make an actual filesystem:
  
         zfs create -o mountpoint=/srv-zfs tank/srv

diff --git a/blog.mdwn b/blog.mdwn
index ea26f0b6..df76e9b4 100644
--- a/blog.mdwn
+++ b/blog.mdwn
@@ -97,6 +97,22 @@ more socially acceptable and less politically controversial.
 <!-- add it. yes, this is kind of silly. -->
 
 <!-- end copy-paste -->
+## 2025
+
+[[!inline pages="
+(
+  page(blog/*)
+  or tagged(blog)
+)
+and creation_year(2025)
+and !blog/*/*
+and !link(foo)
+and !tagged(draft)
+and !tagged(redirection)"
+archive=yes
+quick=yes
+]]
+
 ## 2024
 
 [[!inline pages="

diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 9706a905..a38c1afb 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -53,14 +53,10 @@ See [[services/backup]] for backup and drive replacement procedures.
 
 ## 2025 disk growth
 
-Added 2x8TiB drives.
-
-Issue with temperature warnings.
-
-Switched to ZFS for the new array because LVM was refusing to add a
-new RAID-1 array to the VG because of different block size (old disks
-are 512 logical / 4096 physical, new disks are 4k/4k). The actual
-error from `vgextend` was:
+Switched to ZFS on 2025-02-10 to add two new 8TiB drives because LVM
+was refusing to add a new RAID-1 array to the VG because of different
+block size (old disks are 512 logical / 4096 physical, new disks are
+4k/4k). The actual error from `vgextend` was:
 
 ```
 Devices have inconsistent logical block sizes (512 and 4096).
@@ -75,6 +71,31 @@ encryption.
 
 The `rsync` took 2d9 h40m, or 57h40m. Resync took 1h5m.
 
+Interestingly, zstd compression didn't give us any significant gain in
+disk capacity:
+
+```
+root@marcos:/home/anarcat# df   /mnt /srv
+Sys. de fichiers       blocs de 1K    Utilisé Disponible Uti% Monté sur
+/dev/mapper/vg_hdd-srv  7512681384 7276294760  161208316  98% /mnt
+tank/srv                7667172736 7240802944  426369792  95% /srv
+```
+
+But you'll note that the ZFS dataset gives us more room than ext4, for
+some reason:
+
+```
+root@marcos:/home/anarcat# df -h  /mnt /srv
+Sys. de fichiers       Taille Utilisé Dispo Uti% Monté sur
+/dev/mapper/vg_hdd-srv   7,0T    6,8T  154G  98% /mnt
+tank/srv                 7,2T    6,8T  407G  95% /srv
+```
+
+... 250GiGB! Note sure where that's coming from, but the capacity is larger.
+
+The old disk array wasn't yet added to the ZFS pool: for that the
+drives need to be reformatted, encrypted, and re-added to the pool.
+
 ## 2024 Fan replacement
 
 From the 2020 replacement, the server has always been away, either in
diff --git a/software/zfs.md b/software/zfs.md
index c67b324f..68afc10f 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -72,6 +72,42 @@ with standard LUKS instead of ZFS encryption:
             tank \
             mirror /dev/mapper/crypt_dev_sde1 /dev/mapper/crypt_dev_sdd1
 
+    That creatures a "mirror" pool with the two drives, which is
+    essentially a RAID-1 mirror. You could also do a RAID-Z pool, if
+    you have an odd number of drives, which is sort of like a RAID-5
+    array, except you have a flexible number of spares:
+    
+        zpool create \
+            -o ashift=12 \
+            -O acltype=posixacl -O xattr=sa -O dnodesize=auto \
+            -O compression=zstd \
+            -O relatime=on \
+            -O canmount=off \
+            -O mountpoint=none \
+            -f \
+            tank \
+            raidz sda1 sdb1 sdc1
+
+    To calculate the tradeoff, you can compute the final size of the
+    array with the formula `(N-P)*X`, where N is the number of drives,
+    P is the parity, and X is the size. 
+    
+    As a rule of thumb, with 1 spare, it's like RAID-5. Note that
+    RAID-Z cannot be resized, so in the above, you will be stuck with
+    3 drives in that array forever. It *can* be grown in *size* by
+    replacing the drives with bigger ones progressively, that said.
+    
+    Jim Salter [recommends mirrors instead of RAID-Z](https://jrs-s.net/2015/02/06/zfs-you-should-use-mirror-vdevs-not-raidz/), but the
+    [rsync.net people recommend RAID-Z3 with 12-15 drives joined in
+    3-4 vdev pools](https://news.ycombinator.com/item?id=25360013) (which would make ~20-36PiB arrays with 8TiB
+    drives, by the way). Note that this means *three* spares in a
+    12-15 drive array, or a 20-25% ratio.
+    
+    [dRAID](https://openzfs.github.io/openzfs-docs/Basic%20Concepts/dRAID%20Howto.html) is similar, except resilvering is faster, as the spare
+    is distributed among all the devices. The [TrueNAS
+    documentation](https://www.truenas.com/docs/references/draidprimer/) doesn't recommend dRAID except in special
+    circumstances.
+
  5. Make an actual filesystem:
  
         zfs create -o mountpoint=/srv-zfs tank/srv
@@ -211,6 +247,83 @@ IO statistics, every second:
 
     zpool iostat 1
 
+
+# Extending a pool
+
+Say you have a pool that's mirrored between two encrypted drives:
+
+```
+root@marcos:/home/anarcat# zpool status 
+  pool: tank
+ state: ONLINE
+  scan: scrub repaired 0B in 1 days 12:16:25 with 0 errors on Mon Feb 10 12:41:24 2025
+config:
+
+        NAME                STATE     READ WRITE CKSUM
+        tank                ONLINE       0     0     0
+          mirror-0          ONLINE       0     0     0
+            crypt_dev_sdb1  ONLINE       0     0     0
+            crypt_dev_sdc1  ONLINE       0     0     0
+```
+
+You want to grow this array with two more mirrored drives. 
+
+ 1. First, partition the drives:
+
+        for disk in /dev/sde /dev/sdd ; do
+          parted -s $disk mklabel gpt &&
+          parted -s $disk -a optimal mkpart primary 0% 100%
+        done
+
+ 2. Setup full disk encryption:
+ 
+        for disk in sde1 sdd1 ; do
+            cryptsetup luksFormat /dev/$disk
+            cryptsetup luksOpen /dev/$disk crypt_dev_$disk
+            echo crypt_dev_$disk UUID=$(lsblk -n -o UUID /dev/$disk | head -1) none luks,discard | tee -a /etc/crypttab &&
+        done
+
+    Use a `--keyfile` to avoid typing, while retaining the backup
+    recovery password:
+
+        for disk in sde1 sdd1 ; do
+            cryptsetup luksFormat /dev/$disk &&
+            cryptsetup luksOpen /dev/$disk crypt_dev_$disk &&
+            mkdir -p -m 0 /etc/luks &&
+            ( umask 077 && dd if=/dev/random bs=64 count=128 of=/etc/luks/crypt_dev_$disk ) &&
+            cryptsetup luksAddKey /dev/$disk /etc/luks/crypt_dev_$disk &&
+            echo crypt_dev_$disk UUID=$(lsblk -n -o UUID /dev/$disk | head -1) /etc/luks/crypt_dev_$disk luks,discard | tee -a /etc/crypttab
+        done
+
+    The above will ask you for the encryption key *four* times, but
+    will not require typing it on boot *while* simultaneously allowing
+    recovery without the key file.
+
+ 3. add the drives as a mirror vdev to the pool:
+
+        root@marcos:/home/anarcat# zpool add -n tank mirror /dev/sdb2 /dev/sdd2
+        would update 'tank' to the following configuration:
+        
+                tank
+                  mirror-0
+                    crypt_dev_sdb1
+                    crypt_dev_sdc1
+                  mirror
+                    sdb2
+                    sdd2
+
+    Notice how we use `-n` to simulate the result here. This adds another
+    mirror, essentially turning the pool in a RAID-10 mirror. See also
+    the notes about RAID-Z and dRAID in the pool creation above. 
+    
+    Note that this is likely *not* the right time to change the pool
+    layout: if you have a mirror layout, keep a mirror layout. If you
+    have a RAID-Z layout, keep that layout as well, just make a new
+    RAID-Z vdev instead.
+
+Note that you `zpool add`, you do *not* `zpool attach`: that would add
+a spare to a mirror, effectively.
+
 # Mounts
 
 ## Mounting

diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index e6cfbe87..9706a905 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -73,6 +73,8 @@ The [[software/zfs]] page has the goods on how the pool was created,
 with a normal LUKS encryption under it to avoid trouble with ZFS
 encryption.
 
+The `rsync` took 2d9 h40m, or 57h40m. Resync took 1h5m.
+
 ## 2024 Fan replacement
 
 From the 2020 replacement, the server has always been away, either in

diff --git a/software/zfs.md b/software/zfs.md
index e66a38dd..c67b324f 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -226,7 +226,7 @@ Note that it will mount the device in its pre-defined `mountpoint`
 property. In the above, it was `/boot`. If you want to change its
 mountpoint, it can be done on the fly with:
 
-    zfs set -o mountpoint=/mnt/boot bpool/ROOT/debian
+    zfs set mountpoint=/mnt/boot bpool/ROOT/debian
 
 If the dataset is already mounted, it will be *moved* to that new
 location immediately. Note that the parent pool's `altroot` property

diff --git a/blog/2025-02-08-qalculate-hacks.md b/blog/2025-02-08-qalculate-hacks.md
index 3012b1bd..04ae60cd 100644
--- a/blog/2025-02-08-qalculate-hacks.md
+++ b/blog/2025-02-08-qalculate-hacks.md
@@ -152,6 +152,10 @@ It has been 256 days since the exchange rates last were updated.
 Do you wish to update the exchange rates now? y
 ```
 
+As a [reader pointed out](https://en.osm.town/@mdione/113979012459360601), you can [set the refresh rate for
+currencies](https://qalculate.github.io/manual/qalculate-units.html#qalculate-currency), as [some countries](https://en.wikipedia.org/wiki/Economy_of_Argentina) will require way more frequent
+exchange rates.
+
 The graphical version has a little graphical indicator that, when you
 mouse over, tells you where the rate comes from.
 

diff --git a/blog/2025-02-09-one-failed-year.md b/blog/2025-02-09-one-failed-year.md
index 8392191b..44411c38 100644
--- a/blog/2025-02-09-one-failed-year.md
+++ b/blog/2025-02-09-one-failed-year.md
@@ -216,7 +216,28 @@ I will, of course, still read comments sent by email or IRC or social
 media, but please, be kind.
 
 You can also, of course, follow the latest changes on the [TPA
-wiki](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/). 
+wiki](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/). If you want to catch up with the last year, some of the
+"novellas" I wrote include:
+
+- [TPA-RFC-33: Monitoring](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-33-monitoring): Nagios to Prometheus conversion, see
+  also the extensive [Prometheus documentation](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/prometheus) we wrote
+- [TPA-RFC-45: email architecture](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-45-mail-architecture): draft of long-term email
+  services at `torproject.org`
+- [TPA-RFC-62: TPA password manager](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-62-tpa-password-manager): switch to password-store
+- [TPA-RFC-63: storage server budget](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-63-storage-server-budget): buy a new backup storage
+  server (5k$ + 100$/mth)
+- [TPA-RFC-65: PostgreSQL backups](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-65-postgresql-backups): switching from legacy to
+  pgBackRest for database backups
+- [TPA-RFC-68: Idle canary servers](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-68-idle-canary-servers): provision test servers that
+  sit idle to monitor infrastructure and stage deployments
+- [TPA-RFC-71: Emergency email deployments, phase B](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-71-emergency-email-deployments-round-2): deploy a new
+  sender-rewriting mail forwarder, migrate mailing lists off the
+  legacy server to a new machine, migrate the remaining Schleuder list
+  to the Tails server, upgrade eugeni.
+- [TPA-RFC-76: Puppet merge request workflow](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-76-puppet-merge-request-workflow): how to mirror our
+  private Puppet repo to GitLab safely
+- [TPA-RFC-79: General merge request workflows](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-79-general-merge-request-workflows): how to use merge
+  requests, assignees, reviewers, draft and threads on GitLab projects
 
 (Well, no, you can't actually follow changes on a GitLab wiki. But we
 have a [wiki-replica git repository](https://gitlab.torproject.org/tpo/tpa/wiki-replica/) where you can see the [latest

diff --git a/blog/2025-02-09-one-failed-year.md b/blog/2025-02-09-one-failed-year.md
index a04eba86..8392191b 100644
--- a/blog/2025-02-09-one-failed-year.md
+++ b/blog/2025-02-09-one-failed-year.md
@@ -15,7 +15,9 @@ analysis... Then I said, and I quote:
 > but things hold up pretty well for what we throw at it, and it's worth
 > sharing that with the world...
 
-What a pile of bollocks.
+What a load of bollocks.
+
+[[!toc]]
 
 # A bad year for this blog
 
@@ -33,7 +35,7 @@ I did write about my work though, detailing the [migration from
 Gitolite to GitLab we completed that year](https://anarc.at/blog/2024-05-01-gitolite-gitlab-migration/). But after August, total
 radio silence until now.
 
-# Lots of drafts
+# Loads of drafts
 
 It's not that I have nothing to say: I have no less than *five* drafts
 in my working tree here, not counting three *actual* drafts recorded
@@ -63,9 +65,9 @@ Another part of me wants to make those things *just right*. The
 links, far from being useful for anyone else than me, and even
 then.
 
-The `on-dying` article, in particular, is becoming my
-nemesis. I've been wanting to write that article for over 6 years now,
-I think. It's just too hard.
+The `on-dying` article, in particular, is becoming my nemesis. I've
+been wanting to write that article for over 6 years now, I think. It's
+just too hard.
 
 # Writing elsewhere
 
@@ -86,8 +88,8 @@ anarcat@angela:help.torproject.org$ git shortlog --numbered --summary --group="f
     17	groente
 ```
 
-... but that's a bit unfair, since I've been there forever. Here's the
-last year:
+... but that's a bit unfair, since I've been there half a
+decade. Here's the last year:
 
 ```
 anarcat@angela:help.torproject.org$ git shortlog --since=2024-01-01 --numbered --summary --group="format:%al" | head -10
@@ -103,8 +105,9 @@ anarcat@angela:help.torproject.org$ git shortlog --since=2024-01-01 --numbered -
      4	stephen.swift
 ```
 
-Still kind of massive! But to truly get a sense of the amount I wrote
-in there, we should count the number of lines:
+So I still write the most commits! But to truly get a sense of the
+amount I wrote in there, we should count actual changes. Here it is by
+number of lines (from [commandlinefu.com](https://www.commandlinefu.com/commands/view/3889/prints-per-line-contribution-per-author-for-a-git-repository)):
 
 ```
 anarcat@angela:help.torproject.org$ git ls-files | xargs -n1 git blame --line-porcelain | sed -n 's/^author //p' | sort -f | uniq -ic | sort -nr | head -10
@@ -140,11 +143,31 @@ anarcat@angela:help.torproject.org$ find [d-s]* -type f -mtime -365 | xargs -n1
 ```
 
 Pretty good! 75k lines. But those are the files that were modified in
-the last year. If we go a little more nuts, we find that I wrote
-126116 words in that wiki, only in the last year. I also *deleted* 37k
-words, so the final total is more like 89k words, but still: that's
-about *forty* (40!) articles of the average size (~2k) I wrote in
-2022.
+the last year. If we go a [little more nuts](https://gitlab.com/anarcat/scripts/-/blob/1a754448170387db4d70dad22d30a99b00ac58fc/git-count-words-range.py), we find that:
+
+```
+anarcat@angela:help.torproject.org$ $ git-count-words-range.py  | sort -k6 -nr | head -10
+parsing commits for words changes from command: git log '--since=1 year ago' '--format=%H %al'
+anarcat 126116 - 36932 = 89184
+zen 31774 - 5749 = 26025
+groente 9732 - 607 = 9125
+lelutin 10768 - 2578 = 8190
+jerome 6236 - 2586 = 3650
+gaba 3164 - 491 = 2673
+stephen.swift 2443 - 673 = 1770
+kez 1034 - 74 = 960
+micah 772 - 250 = 522
+weasel 410 - 0 = 410
+```
+
+I wrote 126,116 words in that wiki, only in the last year. I also
+*deleted* 37k words, so the final total is more like 89k words, but
+still: that's about *forty* (40!) articles of the average size (~2k) I
+wrote in 2022.
+
+(And yes, I did go nuts and write a new log parser, essentially from
+scratch, to figure out those word diffs. I did get the courage only
+after asking GPT-4o for an example first, I must admit.)
 
 Let's celebrate that again: I wrote 90 thousand words in that wiki
 in 2024. [According to Wikipedia](https://en.wikipedia.org/wiki/Book#Fiction), a "novella" is 17,500 to 40,000
@@ -201,5 +224,4 @@ commits](https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/commits/master), a
 
 See you there!
 
-[[!tag draft]]
-
+[[!tag debian-planet python-planet gloating meta stats]]

diff --git a/blog/2025-02-09-one-failed-year.md b/blog/2025-02-09-one-failed-year.md
index 7c152504..a04eba86 100644
--- a/blog/2025-02-09-one-failed-year.md
+++ b/blog/2025-02-09-one-failed-year.md
@@ -202,3 +202,4 @@ commits](https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/commits/master), a
 See you there!
 
 [[!tag draft]]
+

diff --git a/blog/2025-02-09-one-failed-year.md b/blog/2025-02-09-one-failed-year.md
index ddbf4883..7c152504 100644
--- a/blog/2025-02-09-one-failed-year.md
+++ b/blog/2025-02-09-one-failed-year.md
@@ -201,4 +201,4 @@ commits](https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/commits/master), a
 
 See you there!
 
-[[!tag debian-planet python-planet gloating meta stats]]
+[[!tag draft]]

diff --git a/blog/2025-02-08-qalculate-hacks.md b/blog/2025-02-08-qalculate-hacks.md
index 440f1836..3012b1bd 100644
--- a/blog/2025-02-08-qalculate-hacks.md
+++ b/blog/2025-02-08-qalculate-hacks.md
@@ -96,7 +96,7 @@ you count the number of possibilities in each entry (say, `[a-z]` is
 26 possibilities, "one word in a 8k dictionary" is 8000), extract the
 base-2 logarithm, multiplied by the number of entries.
 
-For example, an alphanumeric 14-character password is:
+For example, an alphabetic 14-character password is:
 
 ```
 > log2(26*2)*14
@@ -104,8 +104,8 @@ For example, an alphanumeric 14-character password is:
   log₂(26 × 2) × 14 ≈ 79.81
 ```
 
-... 80 bits of entropy. To get the equivalent in a diceware password
-with a 8000 word dictionary, you would need:
+... 80 bits of entropy. To get the equivalent in a [Diceware](https://en.wikipedia.org/wiki/Diceware)
+password with a 8000 word dictionary, you would need:
 
 ```
 > log2(8k)*x = 80
diff --git a/blog/2025-02-09-one-failed-year.md b/blog/2025-02-09-one-failed-year.md
new file mode 100644
index 00000000..ddbf4883
--- /dev/null
+++ b/blog/2025-02-09-one-failed-year.md
@@ -0,0 +1,204 @@
+[[!meta title="A slow blogging year"]]
+
+Well, 2024 will be remembered, won't it? I guess 2025 already wants to
+make its mark too, but let's not worry about that right now, and
+instead let's talk about me.
+
+A [[little over a year ago|2024-01-08-one-more-year]], I was gloating
+over how I had such a great blogging year in 2022, and was considering
+2023 to be average, then went on to gather more stats and traffic
+analysis... Then I said, and I quote:
+
+> I hope to write more next year. I've been thinking about a few posts I
+> could write for work, about how things work behind the scenes at Tor,
+> that could be informative for many people. We run a rather old setup,
+> but things hold up pretty well for what we throw at it, and it's worth
+> sharing that with the world...
+
+What a pile of bollocks.
+
+# A bad year for this blog
+
+2024 was the second worst year ever in my blogging history, tied with
+2009 at a measly 6 posts for the year:
+
+```
+anarcat@angela:anarc.at$ curl -sSL https://anarc.at/blog/ | grep 'href="\./' | grep -o 20[0-9][0-9] | sort | uniq -c | sort -nr | grep -v 2025 | tail -3
+      6 2024
+      6 2009
+      3 2014
+```
+
+I did write about my work though, detailing the [migration from
+Gitolite to GitLab we completed that year](https://anarc.at/blog/2024-05-01-gitolite-gitlab-migration/). But after August, total
+radio silence until now.
+
+# Lots of drafts
+
+It's not that I have nothing to say: I have no less than *five* drafts
+in my working tree here, not counting three *actual* drafts recorded
+in the Git repository here:
+
+```
+anarcat@angela:anarc.at$ git s blog
+## main...origin/main
+?? blog/bell-bot.md
+?? blog/fish.md
+?? blog/kensington.md
+?? blog/nixos.md
+?? blog/tmux.md
+anarcat@angela:anarc.at$ git grep -l '\!tag draft'
+blog/mobile-massive-gallery.md
+blog/on-dying.mdwn
+blog/secrets-recovery.md
+```
+
+I just don't have time to wrap those things up. I think part of me is
+disgusted by seeing my work [stolen by large corporations](https://arstechnica.com/tech-policy/2025/02/meta-torrented-over-81-7tb-of-pirated-books-to-train-ai-authors-say/) to build
+proprietary large language models while my [idols](https://en.wikipedia.org/wiki/Aaron_Swartz) have been pushed
+to suicide for trying to share science with the world.
+
+Another part of me wants to make those things *just right*. The
+"tagged drafts" above are nothing more than a huge pile of chaotic
+links, far from being useful for anyone else than me, and even
+then.
+
+The `on-dying` article, in particular, is becoming my
+nemesis. I've been wanting to write that article for over 6 years now,
+I think. It's just too hard.
+
+# Writing elsewhere
+
+There's also the fact that I write for work already. A lot. Here are
+the top-10 contributors to our team's wiki:
+
+```
+anarcat@angela:help.torproject.org$ git shortlog --numbered --summary --group="format:%al" | head -10
+  4272	anarcat
+   423	jerome
+   117	zen
+   116	lelutin
+   104	peter
+    58	kez
+    45	irl
+    43	hiro
+    18	gaba
+    17	groente
+```
+
+... but that's a bit unfair, since I've been there forever. Here's the
+last year:
+
+```
+anarcat@angela:help.torproject.org$ git shortlog --since=2024-01-01 --numbered --summary --group="format:%al" | head -10
+   827	anarcat
+   117	zen
+   116	lelutin
+    91	jerome
+    17	groente
+    10	gaba
+     8	micah
+     7	kez
+     5	jnewsome
+     4	stephen.swift
+```
+
+Still kind of massive! But to truly get a sense of the amount I wrote
+in there, we should count the number of lines:
+
+```
+anarcat@angela:help.torproject.org$ git ls-files | xargs -n1 git blame --line-porcelain | sed -n 's/^author //p' | sort -f | uniq -ic | sort -nr | head -10
+  99046 Antoine Beaupré
+   6900 Zen Fu
+   4784 Jérôme Charaoui
+   1446 Gabriel Filion
+   1146 Jerome Charaoui
+    837 groente
+    705 kez
+    569 Gaba
+    381 Matt Traudt
+    237 Stephen Swift
+```
+
+That, of course, is the entire history of the git repo, again. We
+should take only the last year into account, and probably ignore the
+`tails` directory, as sneaky Zen Fu imported the entire docs from
+another wiki there...
+
+```
+anarcat@angela:help.torproject.org$ find [d-s]* -type f -mtime -365 | xargs -n1 git blame --line-porcelain 2>/dev/null | sed -n 's/^author //p' | sort -f | uniq -ic | sort -nr | head -10
+  75037 Antoine Beaupré
+   2932 Jérôme Charaoui
+   1442 Gabriel Filion
+   1400 Zen Fu
+    929 Jerome Charaoui
+    837 groente
+    702 kez
+    569 Gaba
+    381 Matt Traudt
+    237 Stephen Swift
+```
+
+Pretty good! 75k lines. But those are the files that were modified in
+the last year. If we go a little more nuts, we find that I wrote
+126116 words in that wiki, only in the last year. I also *deleted* 37k
+words, so the final total is more like 89k words, but still: that's
+about *forty* (40!) articles of the average size (~2k) I wrote in
+2022.
+
+Let's celebrate that again: I wrote 90 thousand words in that wiki
+in 2024. [According to Wikipedia](https://en.wikipedia.org/wiki/Book#Fiction), a "novella" is 17,500 to 40,000
+words, which would mean I wrote about a novella and a novel, in the
+past year.
+
+But interestingly, if I look at the [repository analytics](https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/graphs/master?ref_type=heads). I
+certainly didn't write *that* much more in the past year. So that
+alone cannot explain the lull in my production here.
+
+# Arguments
+
+Another part of me is just tired of the bickering and arguing on the
+internet. I have at least two articles in there that I suspect is
+going to get me a lot of push-back (NixOS and Fish). I know how to
+deal with this: you need to write well, consider the controversy,
+spell it out, and defuse things before they happen. But that's hard
+work and, frankly, I don't really care that much about what people
+think anymore.
+
+I'm not writing here to convince people. I have stop evangelizing a
+long time ago. Now, I'm more into documenting, and teaching. And,
+while teaching, there's a two-way interaction: when you give out a

(Diff truncated)

diff --git a/blog/2025-02-08-qalculate-hacks.md b/blog/2025-02-08-qalculate-hacks.md
index 9e402b1e..440f1836 100644
--- a/blog/2025-02-08-qalculate-hacks.md
+++ b/blog/2025-02-08-qalculate-hacks.md
@@ -446,12 +446,15 @@ Qalculate can:
 I have a hard time finding things it *cannot* do. When I get there, I
 typically need to resort to programming code in Python, use a
 spreadsheet, and others will turn to more complete engines like
-[Maple](https://en.wikipedia.org/wiki/Maple_(software)), [Mathematica](https://en.wikipedia.org/wiki/Wolfram_Mathematica) or [R](https://en.wikipedia.org/wiki/R_(programming_language)).
+[Maple][], [Mathematica](https://en.wikipedia.org/wiki/Wolfram_Mathematica) or [R][].
 
 But for daily use, Qalculate is just fantastic.
 
 And it's pink! Use it!
 
+[Maple]: https://en.wikipedia.org/wiki/Maple_(software)
+[R]: https://en.wikipedia.org/wiki/R_(programming_language)
+
 # Further reading and installation
 
 This is just scratching the surface, the [fine manual](https://qalculate.github.io/manual/) has more

diff --git a/blog/2025-02-08-qalculate-hacks.md b/blog/2025-02-08-qalculate-hacks.md
index dcc58cef..9e402b1e 100644
--- a/blog/2025-02-08-qalculate-hacks.md
+++ b/blog/2025-02-08-qalculate-hacks.md
@@ -465,3 +465,5 @@ derivatives as well including a [web version](https://qalculator.xyz/) and an [A
 app](https://f-droid.org/en/packages/com.jherkenhoff.qalculate/).
 
 [[!tag debian-planet python-planet software review math]]
+
+[[!mastodon "https://kolektiva.social/@Anarcat/113971985775192655"]]

diff --git a/blog/2024-01-08-one-more-year.md b/blog/2024-01-08-one-more-year.md
index 3f43bacb..e6826bcd 100644
--- a/blog/2024-01-08-one-more-year.md
+++ b/blog/2024-01-08-one-more-year.md
@@ -19,8 +19,7 @@ The other thing that happened is that the one-liner I used to collect
 stats was broken (it counted folders and other unrelated files) and
 wildly overestimated 2022! Turns out I didn't write *that* much then:
 
-    anarc.at$ ls blog | grep '^[0-9][0-9][0-9][0-9].*.md' | se
-    d s/-.*// | sort | uniq -c  | sort -n -k2
+    anarc.at$ ls blog | grep '^[0-9][0-9][0-9][0-9].*.md' | sed s/-.*// | sort | uniq -c  | sort -n -k2
          57 2005
          43 2006
          20 2007
@@ -213,4 +212,4 @@ coming 2024 year...
 
 
 <!-- posted to the federation on 2024-01-09T15:38:17.848871 -->
-[[!mastodon "https://kolektiva.social/@Anarcat/111727915674900043"]]
\ No newline at end of file
+[[!mastodon "https://kolektiva.social/@Anarcat/111727915674900043"]]

diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 42bf28e8..e6cfbe87 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -51,6 +51,28 @@ with new hardware in 2020.
 
 See [[services/backup]] for backup and drive replacement procedures.
 
+## 2025 disk growth
+
+Added 2x8TiB drives.
+
+Issue with temperature warnings.
+
+Switched to ZFS for the new array because LVM was refusing to add a
+new RAID-1 array to the VG because of different block size (old disks
+are 512 logical / 4096 physical, new disks are 4k/4k). The actual
+error from `vgextend` was:
+
+```
+Devices have inconsistent logical block sizes (512 and 4096).
+```
+
+There is apparently the solution of using `allow_mixed_block_sizes`
+but that seemed [really unsafe](https://unix.stackexchange.com/a/676537/30227)).
+
+The [[software/zfs]] page has the goods on how the pool was created,
+with a normal LUKS encryption under it to avoid trouble with ZFS
+encryption.
+
 ## 2024 Fan replacement
 
 From the 2020 replacement, the server has always been away, either in
diff --git a/software/zfs.md b/software/zfs.md
index 76ea279f..e66a38dd 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -12,6 +12,94 @@ instead.
  * [[Migration of a workstation to ZFS|blog/2022-11-17-zfs-migration]]
  * [[New server installation|hardware/tubman]]
 
+## New pool creation
+
+The above instructions are "full ZFS" setups, with even the root and
+boot partitions under ZFS, which is a little ... involved. A simpler
+setup is to use a normal install for the root and boot partitions, but
+ZFS for, say, `/srv`.
+
+Here we're assuming you're setting up a simple two-disk array, or
+"pool" in ZFS parlance, made of `/dev/sde` and `/dev/sdd`, encrypted
+with standard LUKS instead of ZFS encryption:
+
+ 1. Install requirements
+ 
+        apt install zfs-dkms zfsutils-linux
+        modprobe zfs
+
+ 2. Partition the disks:
+
+        for disk in /dev/sde /dev/sdd ; do
+          parted -s $disk mklabel gpt &&
+          parted -s $disk -a optimal mkpart primary 0% 100%
+        done
+
+ 3. Setup full disk encryption:
+ 
+        for disk in sde1 sdd1 ; do
+            cryptsetup luksFormat /dev/$disk
+            cryptsetup luksOpen /dev/$disk crypt_dev_$disk
+            echo crypt_dev_$disk UUID=$(lsblk -n -o UUID /dev/$disk | head -1) none luks,discard | tee -a /etc/crypttab &&
+        done
+
+    Use a `--keyfile` to avoid typing, while retaining the backup
+    recovery password:
+
+        for disk in sde1 sdd1 ; do
+            cryptsetup luksFormat /dev/$disk &&
+            cryptsetup luksOpen /dev/$disk crypt_dev_$disk &&
+            mkdir -p -m 0 /etc/luks &&
+            ( umask 077 && dd if=/dev/random bs=64 count=128 of=/etc/luks/crypt_dev_$disk ) &&
+            cryptsetup luksAddKey /dev/$disk /etc/luks/crypt_dev_$disk &&
+            echo crypt_dev_$disk UUID=$(lsblk -n -o UUID /dev/$disk | head -1) /etc/luks/crypt_dev_$disk luks,discard | tee -a /etc/crypttab
+        done
+
+    The above will ask you for the encryption key *four* times, but
+    will not require typing it on boot *while* simultaneously allowing
+    recovery without the key file.
+
+ 4. Create the pool:
+ 
+        zpool create \
+            -o ashift=12 \
+            -O acltype=posixacl -O xattr=sa -O dnodesize=auto \
+            -O compression=zstd \
+            -O relatime=on \
+            -O canmount=off \
+            -O mountpoint=none \
+            -f \
+            tank \
+            mirror /dev/mapper/crypt_dev_sde1 /dev/mapper/crypt_dev_sdd1
+
+ 5. Make an actual filesystem:
+ 
+        zfs create -o mountpoint=/srv-zfs tank/srv
+
+This should result in the following:
+
+```
+root@marcos:/etc/luks# zpool status
+  pool: tank
+ state: ONLINE
+config:
+
+        NAME                STATE     READ WRITE CKSUM
+        tank                ONLINE       0     0     0
+          mirror-0          ONLINE       0     0     0
+            crypt_dev_sdb1  ONLINE       0     0     0
+            crypt_dev_sdc1  ONLINE       0     0     0
+
+errors: No known data errors
+root@marcos:/etc/luks# zfs list
+NAME   USED  AVAIL     REFER  MOUNTPOINT
+tank   432K  7.14T       96K  none
+root@marcos:/etc/luks# zfs list
+NAME       USED  AVAIL     REFER  MOUNTPOINT
+tank       600K  7.14T       96K  none
+tank/srv    96K  7.14T       96K  /srv-zfs
+```
+
 ## Issues
 
 ### Swap

diff --git a/tag/math.mdwn b/tag/math.mdwn
new file mode 100644
index 00000000..f2c20b7b
--- /dev/null
+++ b/tag/math.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged math"]]
+
+[[!inline pages="tagged(math)" actions="no" archive="yes"
+feedshow=10]]

diff --git a/blog/2025-02-08-qalculate-hacks.md b/blog/2025-02-08-qalculate-hacks.md
index 6d29f4f9..dcc58cef 100644
--- a/blog/2025-02-08-qalculate-hacks.md
+++ b/blog/2025-02-08-qalculate-hacks.md
@@ -1,10 +1,13 @@
+[[!meta title="Qalculate hacks"]]
+
 This is going to be a controversial statement because some people are
 absolute nerds about this, but, I need to say it.
 
 [Qalculate](https://qalculate.github.io/) is the best calculator that has ever been made.
 
 I am not going to try to convince you of this, I just wanted to put
-out my bias out there before writing down those notes.
+out my bias out there before writing down those notes. I am a total
+fan.
 
 This page will collect my notes of cool hacks I do with
 Qalculate. Most examples are copy-pasted from the command-line
@@ -13,6 +16,8 @@ it's slightly better at displaying complex formulas. Discoverability
 is obviously also better for the cornucopia of features this fantastic
 application ships.
 
+[[!toc levels=3]]
+
 # Qalc commandline primer
 
 On Debian, Qalculate's CLI interface can be installed with:
@@ -458,3 +463,5 @@ Qalculate is packaged for [over 30 Linux distributions](https://repology.org/pro
 ships packages for Windows and MacOS. There are third-party
 derivatives as well including a [web version](https://qalculator.xyz/) and an [Android
 app](https://f-droid.org/en/packages/com.jherkenhoff.qalculate/).
+
+[[!tag debian-planet python-planet software review math]]

diff --git a/blog/2025-02-08-qalculate-hacks.md b/blog/2025-02-08-qalculate-hacks.md
new file mode 100644
index 00000000..6d29f4f9
--- /dev/null
+++ b/blog/2025-02-08-qalculate-hacks.md
@@ -0,0 +1,460 @@
+This is going to be a controversial statement because some people are
+absolute nerds about this, but, I need to say it.
+
+[Qalculate](https://qalculate.github.io/) is the best calculator that has ever been made.
+
+I am not going to try to convince you of this, I just wanted to put
+out my bias out there before writing down those notes.
+
+This page will collect my notes of cool hacks I do with
+Qalculate. Most examples are copy-pasted from the command-line
+interface (`qalc(1)`), but I typically use the graphical interface as
+it's slightly better at displaying complex formulas. Discoverability
+is obviously also better for the cornucopia of features this fantastic
+application ships.
+
+# Qalc commandline primer
+
+On Debian, Qalculate's CLI interface can be installed with:
+
+    apt install qalc
+
+Then you start it with the `qalc` command, and end up on a prompt:
+
+```
+anarcat@angela:~$ qalc
+> 
+```
+
+Then it's a normal calculator:
+
+```
+anarcat@angela:~$ qalc
+> 1+1
+
+  1 + 1 = 2
+
+> 1/7
+
+  1 / 7 ≈ 0.1429
+
+> pi
+
+  pi ≈ 3.142
+
+> 
+```
+
+There's a bunch of variables to control display, approximation, and so
+on:
+
+```
+> set precision 6
+> 1/7
+
+  1 / 7 ≈ 0.142857
+> set precision 20
+> pi
+
+  pi ≈ 3.1415926535897932385
+```
+
+When I need more, I typically browse around the menus. One big issue I
+have with Qalculate is there are a *lot* of menus and features. I had
+to fiddle quite a bit to figure out that `set precision` command
+above. I might add more examples here as I find them.
+
+# Bandwidth estimates
+
+I often use the data units to estimate bandwidths. For example, here's
+what 1 megabit per second is over a month ("about 300 GiB"):
+
+```
+> 1 megabit/s * 30 day to gibibyte 
+
+  (1 megabit/second) × (30 days) ≈ 301.7 GiB
+```
+
+Or, "how long will it take to download X", in this case, 1GiB over a
+100 mbps link:
+
+```
+> 1GiB/(100 megabit/s)
+
+  (1 gibibyte) / (100 megabits/second) ≈ 1 min + 25.90 s
+```
+
+# Password entropy
+
+To calculate how much entropy (in bits) a given password structure,
+you count the number of possibilities in each entry (say, `[a-z]` is
+26 possibilities, "one word in a 8k dictionary" is 8000), extract the
+base-2 logarithm, multiplied by the number of entries.
+
+For example, an alphanumeric 14-character password is:
+
+```
+> log2(26*2)*14
+
+  log₂(26 × 2) × 14 ≈ 79.81
+```
+
+... 80 bits of entropy. To get the equivalent in a diceware password
+with a 8000 word dictionary, you would need:
+
+```
+> log2(8k)*x = 80
+
+  (log₂(8 × 000) × x) = 80 ≈
+
+  x ≈ 6.170
+```
+
+... about 6 words, which gives you:
+
+```
+> log2(8k)*6
+
+  log₂(8 × 1000) × 6 ≈ 77.79
+```
+
+78 bits of entropy.
+
+# Exchange rates
+
+You can convert between currencies!
+
+```
+> 1 EUR to USD
+
+  1 EUR ≈ 1.038 USD
+```
+
+Even fake ones!
+
+```
+> 1 BTC to USD
+
+  1 BTC ≈ 96712 USD
+```
+
+This relies on a database pulled form the internet (typically the
+[central european bank rates](https://www.ecb.europa.eu/stats/eurofxref/eurofxref-daily.xml), see [the source](https://github.com/Qalculate/libqalculate/blob/4acd56ce0c2703af80d6a8857c963d4400f2091f/libqalculate/Calculator-definitions.cc#L3950-L3966)). It will prompt
+you if it's too old:
+
+```
+It has been 256 days since the exchange rates last were updated.
+Do you wish to update the exchange rates now? y
+```
+
+The graphical version has a little graphical indicator that, when you
+mouse over, tells you where the rate comes from.
+
+# Other conversions
+
+Here are other neat conversions extracted from my history
+
+```
+> teaspoon to ml
+
+  teaspoon = 5 mL
+
+> tablespoon to ml
+
+  tablespoon = 15 mL
+
+> 1 cup to ml 
+
+  1 cup ≈ 236.6 mL
+
+> 6 L/100km to mpg
+
+  (6 liters) / (100 kilometers) ≈ 39.20 mpg
+
+> 100 kph to mph
+
+  100 kph ≈ 62.14 mph
+
+> (108km - 72km) / 110km/h
+
+  ((108 kilometers) − (72 kilometers)) / (110 kilometers/hour) ≈
+  19 min + 38.18 s
+```
+
+# Completion time estimates
+
+This is a more involved example I often do.
+
+## Background
+
+Say you have started a long running copy job and you don't have the
+luxury of having a pipe you can insert pv(1) into to get a nice
+progress bar. For example, `rsync` or `cp -R` can have that problem
+(but not `tar`!).
+

(Diff truncated)

diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index 6d4c789e..50813067 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -399,6 +399,14 @@ it's worth giving them a try again, with the understanding it will
 
 Why can't we have nice things?
 
+## Pilet
+
+Raspi-based modular tablet: <https://soulscircuit.com/>
+
+crowdfunding: <https://www.kickstarter.com/projects/soulscircuit/pilet-opensource-modular-portable-mini-computer/>
+
+a bit too small (7").
+
 ## Star Labs
 
 https://ca.starlabs.systems/pages/starlite

diff --git a/hardware.mdwn b/hardware.mdwn
index 6ccc9bac..800f2c1d 100644
--- a/hardware.mdwn
+++ b/hardware.mdwn
@@ -18,6 +18,18 @@ Research
 
 Voir aussi mon [[historique|history]].
 
+Testing
+=========
+
+Ideas on how to test new hardware:
+
+- <https://blog.liw.fi/posts/2024/laptop-checklist/>
+- <https://wiki.debian.org/MycomputerbrandTemplate>
+- <https://wiki.debian.org/InstallingDebianOn/ComputerTemplate>
+- <https://feeding.cloud.geek.nz/posts/usual-server-setup/>
+- <https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/new-machine>
+- <https://stressant.readthedocs.io/>
+
 Toutes les pages
 ================
 

diff --git a/blog/2017-02-18-passwords-entropy.mdwn b/blog/2017-02-18-passwords-entropy.mdwn
index e3a3cef2..e2cb41ad 100644
--- a/blog/2017-02-18-passwords-entropy.mdwn
+++ b/blog/2017-02-18-passwords-entropy.mdwn
@@ -366,5 +366,6 @@ Possible updates:
  * [Tom's Hardware: Google Launches AI Supercomputer Powered by Nvidia
    H100 GPUs](https://www.tomshardware.com/news/google-a3-supercomputer-h100-googleio), "26 exaFlops"
  * [Nvidia: Grace Hopper superchip](https://www.nvidia.com/en-us/data-center/grace-hopper-superchip/)
+ * [Apple's password formats](https://rmondello.com/2024/10/07/apple-passwords-generated-strong-password-format/)
 
 [[!tag debian-planet debian passwords lwn geek security crypto]]

diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet.mdwn b/blog/2005-11-23-comment-la-tunisie-censure-linternet.mdwn
index e3d12535..7ef7b0f4 100644
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet.mdwn
+++ b/blog/2005-11-23-comment-la-tunisie-censure-linternet.mdwn
@@ -14,7 +14,7 @@ Donc, voilà pour le contexte politique. Le but de ce billet étant plus de dét
 
 Quand on est branché en Tunisie, la première chose que l'on remarque, évidemment, c'est que tous le traffic réseau passe par une agence gouvernementale:
 
-<code>
+```
 anarcat@ubuntu:~$ tracepath koumbit.net
  1:  192.168.2.3 (192.168.2.3)                              0.294ms pmtu 1500
  1:  . (192.168.2.1)                                        1.716ms 
@@ -35,11 +35,11 @@ anarcat@ubuntu:~$ tracepath koumbit.net
 16:  bgp-mtl-sora-gt.iweb.ca (66.38.187.202)              asymm 15 328.976ms 
 17:  pop.koumbit.org (209.172.32.46)                      asymm 14 343.124ms reached
       Resume: pmtu 1400 hops 17 back 14 
-</code>
+```
 
 On voit que les [hops](http://en.wikipedia.org/wiki/Hop_%28telecommunications%29) (en) 3 à 6 sont dans le bloc d'[IP](http://fr.wikipedia.org/wiki/Adresse_IP) 193.95.0.0/17, qui appartient à une agence gouvernementale:
 
-<code>
+```
 % Information related to '193.95.0.0 - 193.95.127.255'
 
 inetnum:      193.95.0.0 - 193.95.127.255
@@ -95,19 +95,19 @@ descr:        RIPE  LIR  for ISP's and Networks in Tunisia  -tn.ati-
 origin:       AS2609
 mnt-by:       ATI-MNT
 source:       RIPE # Filtered
-</code>
+```
 
 Le [DNS](http://fr.wikipedia.org/wiki/DNS) ne semble pas être trafiqué comme pour la [grande muraille de feu chinoise](http://en.wikipedia.org/wiki/Internet_censorship_in_China) (en):
 
-<code>
+```
 anarcat@ubuntu:~$ ping rsf.org
 PING rsf.org (80.67.162.3) 56(84) bytes of data.
 64 bytes from rsf.org (80.67.162.3): icmp_seq=1 ttl=49 time=258 ms
-</code>
+```
 
 Mais essayer de se connecter sur le port 80 sur rsf.org nous donne:
 
-<code>
+```
 anarcat@ubuntu:~$ telnet rsf.org 80
 Trying 80.67.162.3...
 Connected to rsf.org.
@@ -120,7 +120,7 @@ Date: Sat, 19 Nov 2005 01:32:53 GMT
 Content-Length: 1876
 Content-Type: text/html
 Server: NetCache appliance (NetApp/6.0.1)
-</code>
+```
 
 La page elle-même est une page d'erreur classique de [IIS](http://www.microsoft.com/WindowsServer2003/iis/default.mspx).  En faisant un ''reverse lookup'' de l'addresse, on trouve que c'est un serveur [AlternC](http://alternc.org/), [zola.netaktiv.com](http://zola.netaktiv.com/). On peut accéder à cette page correctement, ce n'est donc pas une restriction par IP, ce qui est un peu faible, si vous me demandez mon avis...
 
@@ -133,4 +133,4 @@ Références:
 * Les commanditaires du SMSI: [Genève](http://www.itu.int/wsis/funding/contributors1-fr.html), [Tunis](http://www.itu.int/wsis/funding/contributors2-fr.html). Notez que le [UIT](http://www.itu.int/) (un organisme de l'[ONU](http://un.org/)), a [plusieurs partenaires privés](http://www.itu.int/partners/partners.html), dont Microsoft. Voici [les jolis logos des partenaires](http://www.smsitunis2005.org/plateforme/detail.php?id=467) qui échappent à l'indexage de google..
 * Le [Comité d'organisation de haut niveau](http://www.itu.int/wsis/basic/list-hlsoc-fr.html) du SMSI. Notez bien la présence de l'infâme [Banque Mondiale](http://www.worldbank.org/) et de l'[OMC](http://www.wto.org/).
 
-[[!tag "vraie vie" "politique" "nouvelles" "monde" "geek" "censure" "vraie vie" "politique" "nouvelles" "monde" "geek" "censure" "vraie vie" "politique" "nouvelles" "monde" "geek" "censure"]]
\ No newline at end of file
+[[!tag "vraie vie" "politique" "nouvelles" "monde" "geek" "censure" "vraie vie" "politique" "nouvelles" "monde" "geek" "censure" "vraie vie" "politique" "nouvelles" "monde" "geek" "censure"]]

diff --git a/blog/on-dying.mdwn b/blog/on-dying.mdwn
index feeb9a02..064e9cc7 100644
--- a/blog/on-dying.mdwn
+++ b/blog/on-dying.mdwn
@@ -229,6 +229,12 @@ https://getyourshittogether.org/
 
 https://longnow.org/ideas/digital-avatars-and-our-refusal-to-die/
 
+# other advice
 
-[[!tag draft]]
+have someone responsible for taking all your electronics away,
+especially vintage/collection stuff, see a1584df8-55b5-4aa7-a991-55fc1f0f5e64@debian.org
+
+take care of reassigning copyright, see id:3c73defb03d3dc44df52aefa1655edf9@debian.org
 
+
+[[!tag draft]]

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index cbd6b561..b1da0ac0 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -785,14 +785,18 @@ Alternatives:
    `tracker-miner-fs-3.service` which I masked here to save I/O and
    battery, shows nothing even when enabled
  * [gwenview][]: KDE viewer, in Debian
- * [koko][]: KDE viewer, not in Debian?
+ * [koko][]: KDE viewer, in Debian
  * [imv][]: x11/wayland viewer, scriptable, [possible security issues
    and limited format support][], in Debian
+ * [loupe][]: Glib, Rust, nice basic viewer, no gallery, default
+   viewer in GNOME 45
  * [mvi][]: mpv-based image viewer
  * nomacs: basically abandoned upstream (no release since 2020), has
    an [unpatched][] [CVE-2020-23884][] since July 2020, does [bad
    vendoring][], and is in bad shape in Debian (4 minor releases
    behind).
+ * [oculante][]: Rust, not in Debian, flatpak, weird gaps around full
+   screen, built-in (custom) file browser has nice image previews
  * [pix][]: KDE/mobile viewer, large gap between images, confusing
    interface, seems designed for mobile, translates poorly on desktop,
    not in Debian, not to be confused with the [X-apps pix][]
@@ -805,11 +809,21 @@ Alternatives:
  * [qimgv][]: grid view, "fast", themes, shortcuts, copy/move images,
    basic editing (crop/rotate/resize), scripting, video support, in
    Debian
+ * [qview][]: C++, nice simple viewer, "fast" (not so much), no in
+   Debian, flatpak
  * [swayimg][]: overlay, in Debian
  * [tiny image finder][]: grid viewer, looks promising but Flatpak
    failed to render any image
  * [vimiv][]: vim-like keybindings, not in Debian
 
+Note that further tests have possibly shown a significant rendering
+pipeline issue that makes images look blurry in *all* image viewers
+except rare cases, see [this comment](https://todo.sr.ht/~whynothugo/shotman/11#event-404628) for a discussion. That was
+filed as a [bug against Sway in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093671) for now. There was also a
+[bug filed against grim for this](https://todo.sr.ht/~emersion/grim/98) and a [feature request in
+shotman](https://todo.sr.ht/~whynothugo/shotman/11), but of which seem to be misplaced: the screenshots are
+actually sharp, the problem is the image viewers!
+
 See also [this list][], [this X11 list][] and [that list][] for other
 list of image viewers, not necessarily ported to Wayland.
 
@@ -819,6 +833,7 @@ list of image viewers, not necessarily ported to Wayland.
 [koko]: https://invent.kde.org/graphics/koko
 [imv]: https://sr.ht/~exec64/imv/
 [possible security issues and limited format support]: https://lwn.net/Articles/908579/
+[loupe]: https://gitlab.gnome.org/GNOME/loupe
 [mvi]: https://github.com/occivink/mpv-image-viewer
 [pix]: https://invent.kde.org/maui/pix
 [swayimg]: https://github.com/artemsen/swayimg
@@ -835,6 +850,8 @@ list of image viewers, not necessarily ported to Wayland.
 [GNOME Photos]: https://wiki.gnome.org/Apps/Photos
 [X-apps pix]: https://github.com/linuxmint/pix/
 [qimgv]: https://github.com/easymodo/qimgv
+[oculante]: https://github.com/woelper/oculante
+[qview]: https://interversehq.com/qview/
 
 ## Media player: mpv, gmpc / sublime
 
@@ -932,10 +949,9 @@ geeqie), one key feature is that it must support the "copy image to
 clipboard" (not the path! the actual full image!) functionality,
 typically to paste to GitHub/GitLab issues, or Signal.
 
-Another problem I'm suffering from right now is that *all* tools
-supporting Wayland don't seem to properly support fractional
-scaling. In the case of grim, it means the [screenshot is
-blurry](https://todo.sr.ht/~emersion/grim/98). shotman has similar issues, but has [apparently a fix](https://todo.sr.ht/~whynothugo/shotman/11).
+I've also started testing [shotman](https://shotman.whynothugo.nl/) (part of Debian Trixie) which
+outlined that I might have an issue with fractional display and image
+viewers, see the geeqie discussion above.
 
 [maim]: https://github.com/naelstrof/maim
 [slop]: https://tracker.debian.org/pkg/slop

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 12a074cd..d84ab2c2 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -547,10 +547,49 @@ I'm using the USB-C docks built-in my [[hardware/monitor]]s, two [Dell
 U2723QE][]. The first monitor's USB ports are completely full, so I
 daisy-chained to the second monitor and, amazingly, that all works
 over a single USB-C cable. The only annoyance is that USB-C cable is
-rather short, so it's not as neatly tucked in as it should ne.
+rather short, so it's not as neatly tucked in as it should be.
 
 [Dell U2723QE]: https://www.dell.com/en-ca/shop/cty/apd/210-bdpf
 
+Here's what it looks like according to [cyme](https://github.com/tuna-f1sh/cyme).
+
+```
+anarcat@angela:~> cyme --headings --tree --mask-serials=hide                                                                      (main)
+  PPath         Name               HostController                        HostDevice                 
+● 1-0   xHCI Host Controller Linux 6.12.6-amd64 xhci-hcd Alder Lake-P Thunderbolt 4 USB Controller  
+
+  PPath         Name               HostController                        HostDevice                 
+● 2-0   xHCI Host Controller Linux 6.12.6-amd64 xhci-hcd Alder Lake-P Thunderbolt 4 USB Controller  
+
+  PPath         Name               HostController                        HostDevice                 
+● 3-0   xHCI Host Controller Linux 6.12.6-amd64 xhci-hcd Alder Lake PCH USB 3.2 xHCI Host Controller
+├──  I  #   VID    PID               Name                      Serial          Driver
+├──○    3 0x8087 0x0032 AX210 Bluetooth               -                       usb   
+├──○   38 0x0bda 0x5634 Laptop Camera                 ************            usb   
+├──○   68 0x27c6 0x609c Goodix Fingerprint USB Device *********************** usb   
+└──○   69 0x0bda 0x5483 4-Port USB 2.0 Hub            -                       usb   
+   ├──  I  #   VID    PID            Name           Serial Driver
+   ├──○   70 0x047d 0x1020 Kensington Expert Mouse -      usb   
+   ├──○   71 0x0bda 0x1100 USB2.0 HID              -      usb   
+   ├──○   72 0x0bda 0x5483 4-Port USB 2.0 Hub      -      usb   
+   │  ├──  I  #   VID    PID          Name           Serial        Driver      
+   │  ├──○   75 0x0bda 0x8153 USB 10/100/1000 LAN ********** r8152-cfgselector
+   │  └──○   78 0x0d8c 0x002b Antlion USB adapter ********   usb              
+   ├──○   73 0x0c45 0x7692 USB Keyboard            -      usb   
+   └──○   74 0x0424 0x4206 USB4206 Smart Hub       -      usb   
+      ├──  I  #   VID    PID          Name            Serial     Driver
+      ├──○   76 0x0424 0x4216 USB4216 Smart Hub   -             usb   
+      │  ├──  I  #   VID    PID          Name           Serial        Driver      
+      │  ├──○   80 0x0bda 0x8153 USB 10/100/1000 LAN ********** r8152-cfgselector
+      │  └──○   81 0x0424 0x7240 USB2 Controller Hub -          usb              
+      ├──○   77 0x0424 0x7260 USB2 Controller Hub -             usb   
+      ├──○   79 0x056a 0x0374 Intuos S            ************* usb   
+      └──○   86 0x1050 0x0406 YubiKey FIDO+CCID   -             usb   
+
+  PPath         Name               HostController                        HostDevice                 
+● 4-0   xHCI Host Controller Linux 6.12.6-amd64 xhci-hcd Alder Lake PCH USB 3.2 xHCI Host Controller
+```
+
 ## Power banks
 
 This has been spun out in another page, see [[hardware/battery]].
diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 6d7f2b7c..ac9b151d 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -656,6 +656,10 @@ The expansion ports *do* take up some power, even when idle. See the
 [power management](#power-management) section below, and particularly the [power usage
 tests](#detailed-power-usage-tests) for details.
 
+I ended up setting up my laptop hooking up to a pair of 4k monitors
+over a single USB-C cable, and everything works. It's awesome. See [[this blog
+post|blog/2023-02-10-usb-c]]
+
 ## USB-C charging
 
 One thing that is really a game changer for me is USB-C charging. It's
@@ -2026,7 +2030,7 @@ long road trip across the continental US.
 
 Note: I ended up buying a Cable Matters hub, and that didn't work so
 well, see this [[entire blog post about
-USB-C|blog/2023-02-10-usb-c]]. I'm considering a Dell
+USB-C|blog/2023-02-10-usb-c]]. I'm using a Dell
 [[hardware/monitor]] instead now.
 
 ## Mods

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 7f4187c1..9881bda5 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -155,8 +155,10 @@ can log back in over a serial console or virtual terminal.
         apt purge apt-forktracer &&
         echo purging removed packages &&
         apt purge '~c' && apt autopurge &&
-        apt purge $(deborphan --guess-dummy) &&
-        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done &&
+        echo try a deborphan replacement &&
+        apt-mark auto '~i !~M (~slibs|~soldlibs|~sintrospection)' &&
+        apt-mark auto $(apt search 'apt search 'transition(|n)($|ing|al|ary| package| purposes)' | grep '^[^ ].*\[installed' | sed 's,/.*,,') &&
+        apt-mark auto $(apt search dummy | grep '^[^ ].*\[installed' | sed 's,/.*,,')) &&
         apt autopurge &&
         echo review obsolete and odd packages &&
         apt purge '?obsolete' && apt autopurge &&
@@ -230,9 +232,9 @@ for a more up to date list.
 
 TODO
 
-- deborphan! ouch! [1065310](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065310)
+- deborphan! ouch! see below
 - cpufrequtils, presumably replaced by cpupowerutils, but not in
-  debian (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073079)
+  Debian ([1073079](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073079))
 
 See also the [noteworthy obsolete packages](https://www.debian.org/releases/testing/release-notes/issues.en.html#noteworthy-obsolete-packages) list.
 
@@ -252,6 +254,82 @@ See also the official list of [known issues](https://www.debian.org/releases/tes
 - `nomacs` (needs an [update to latest upstream](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076763))
 - `raysession` (broken by a [FTBFS in a dependency](https://bugs.debian.org/1075409))
 
+### deborphan retirement
+
+The venerable `deborphan` package has been removed ([1065310](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065310))!
+That's a bit of a surprise, and kind of a big concern, because we were
+using it in our upgrade procedure, to cleanup things after
+upgrades. It's also part of the [official upgrade procedures](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#obsolete-packages), or
+at least it [was in bookworm](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#transitional-dummy-packages):
+
+> The package descriptions for transitional dummy packages usually
+> indicate their purpose. However, they are not uniform; in
+> particular, some "dummy" packages are designed to be kept installed,
+> in order to pull in a full software suite, or track the current
+> latest version of some program. You might also find deborphan with
+> the --guess-* options (e.g. --guess-dummy) useful to detect
+> transitional dummy packages on your system.
+
+So what do we use `deborphan` for? We were calling it like this:
+
+        apt purge $(deborphan --guess-dummy) &&
+        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done &&
+
+This, essentially, was doing two things:
+
+ 1. **remove "dummy" packages**: this was looking for the string
+    `dummy` in the `Description:` field, or the regex
+    `transition(|n)($|ing|al|ary| package| purposes)` (see
+    [pkg_info.c](https://sources.debian.org/src/deborphan/1.7.35/src/pkginfo.c/#L75-L88)) when the `--guess-dummy` option is passed
+
+ 2. **remove "obsolete" packages**: this is the primary function of
+    deborphan, which, according to the manual page, is:
+
+    > `deborphan` finds packages that have no packages depending on them.
+    > The default operation is to search within the `libs`, `oldlibs` and
+    > `introspection` sections to hunt down unused libraries.
+
+    Basically, this looks for leaf packages in the specified
+    sections. All sections can be checked with `--all` or packages can
+    be included based on their name with heuristics hardcoded in the
+    source code through commandline flags (e.g. `--guess-python` looks
+    for packages like `^python[[:digit:].]*-` or `--guess-perl` witll
+    do `^lib.*-perl$`) but we were not using those.
+
+    What we *were* doing is disabling the "nice mode" with `-n`
+    (which, in long form, is confusingly called `--nice-mode`  even
+    though it *disables* the nice mode). This stops considering
+    `Suggests` or `Recommends` in the list of dependencies for
+    packages that can be removed.
+
+To work around the removal, we used `apt-mark` to take care of the
+packages in libs/oldlibs:
+
+    apt-mark auto '~i !~M (~slibs|~soldlibs|~sintrospection)'
+
+Then we use the `apt search` interface, even though it warns us about
+the API, because we need to match for installed packages, which is not
+included in the `apt-cache` output. We look for packages matching a
+the "dummy" patterns and mark those as "auto" as well:
+
+    apt-mark auto $(apt search 'apt search 'transition(|n)($|ing|al|ary| package| purposes)' | grep '^[^ ].*\[installed' | sed 's,/.*,,') &&
+    apt-mark auto $(apt search dummy | grep '^[^ ].*\[installed' | sed 's,/.*,,')) &&
+
+Then we let the autopurge get rid of those packages automatically.
+
+One bit we're missing from the previous incantation is the recursive
+aspect. We were looping over `deborphan -n` until it was empty, and
+were often picking up more than one items in the chain. I'm not sure
+how to fix that without turning this into an even uglier shell
+pipeline.
+
+Note that this doesn't cover "obsolete" packages in the sense of
+"packages that are not in Debian anymore". This used to be done with
+`apt-forktracer`, and we're now relying on the `?obsolete` pattern
+from apt. We're also doing this horror:
+
+    apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
+
 ### Webcam sharing stopped working in Firefox
 
 Webcam isn't detected properly in Firefox. It works in guvcview and

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 9572fee5..7f4187c1 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -154,8 +154,7 @@ can log back in over a serial console or virtual terminal.
         apt-mark manual bind9-dnsutils &&
         apt purge apt-forktracer &&
         echo purging removed packages &&
-        apt purge $(dpkg -l | awk '/^rc/ { print $2 }') &&
-        apt autopurge &&
+        apt purge '~c' && apt autopurge &&
         apt purge $(deborphan --guess-dummy) &&
         while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done &&
         apt autopurge &&

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index 7bdbb884..30256e6d 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -4,23 +4,23 @@
 
 ### Marinade
 
-- 1 tasse de jus de pommes 
-- 1/4 de tasse de moutarde de Dijon
-- 2 c. à table d’huile d’olive
-- 1/4 de tasse de cassonade
-- 2 c. à table de miel liquide
-- 2 c. à table de romarin frais haché
+- 1 tasse (250mL) de jus de pommes
+- 1/4 de tasse (62.5mL) de moutarde de Dijon
+- 2 c. à table (30mL)d’huile d’olive
+- 1/4 de tasse (62.5mL) de cassonade
+- 2 c. à table (30mL) de miel liquide
+- 2 c. à table (30mL) de romarin frais haché
 - 4 gousses d’ail hachées finement
-- 1 c. à thé de poivre noir du moulin
-- 1 c. à thé de graines de moutarde
-- 1 livre de tofu en gros cubes
+- 1 c. à thé (5mL) de poivre noir du moulin
+- 1 c. à thé (5mL) de graines de moutarde
+- 1 livre (254g) de tofu taillés en cubes de 1 pouce
 
 ### Sauce
 
-- 1 c. à table d’échalotes hachées
-- 3 c. à table de porto
-- 2 c. à table de vinaigre balsamique
-- 1/4 de tasse d’huile d’olive
+- 1/4 de tasse (62.5mL) d’huile d’olive
+- 2 échalotes hachées
+- 3 c. à table (45mL) de porto
+- 2 c. à table (30mL) de vinaigre balsamique
 - romarin frais
 - sel
 

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index b6ff0eb7..cbd6b561 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -932,6 +932,11 @@ geeqie), one key feature is that it must support the "copy image to
 clipboard" (not the path! the actual full image!) functionality,
 typically to paste to GitHub/GitLab issues, or Signal.
 
+Another problem I'm suffering from right now is that *all* tools
+supporting Wayland don't seem to properly support fractional
+scaling. In the case of grim, it means the [screenshot is
+blurry](https://todo.sr.ht/~emersion/grim/98). shotman has similar issues, but has [apparently a fix](https://todo.sr.ht/~whynothugo/shotman/11).
+
 [maim]: https://github.com/naelstrof/maim
 [slop]: https://tracker.debian.org/pkg/slop
 [grim]: https://sr.ht/~emersion/grim/

diff --git a/software/desktop/wayland/sync.sh b/software/desktop/wayland/sync.sh
index 45f3f023..b6f055e1 100644
--- a/software/desktop/wayland/sync.sh
+++ b/software/desktop/wayland/sync.sh
@@ -2,7 +2,7 @@
 
 set -e
 
-for dir in sway foot fuzzel mako waybar swayidle swaylock swaync; do
+for dir in sway foot fuzzel mako waybar swayidle swaylock; do
     rsync -a ~/.config/$dir/ config/$dir/
 done
 

diff --git a/software/desktop/wayland/config/waybar/config b/software/desktop/wayland/config/waybar/config
index da4557d0..c4febdc1 100644
--- a/software/desktop/wayland/config/waybar/config
+++ b/software/desktop/wayland/config/waybar/config
@@ -33,7 +33,7 @@
     },
     "sway/language": {
         "format": " {shortDescription}",
-        "on-click": "swaymsg input type:keyboard xkb_switch_layout next",
+        "on-click": "exec swaymsg input type:keyboard xkb_switch_layout next",
     },
     "sway/window": {
        "rewrite": {
@@ -76,6 +76,8 @@
         "tooltip-format-disconnected": "MPD (disconnected)"
     },
     "idle_inhibitor": {
+        "tooltip-format-activated": "lock screen inhibited",
+        "tooltip-format-deactivated": "lock screen active",
         "format": "{icon}",
         "format-icons": {
             "activated": "",
@@ -92,29 +94,49 @@
         "on-click-right": "exec foot --hold ncal -C -y",
         "on-click-middle": "exec foot ikhal",
         "interval": 1,
+        "tooltip-format": "<tt><small>{calendar}</small></tt>",
+        "calendar": {
+            "mode"          : "year",
+            "mode-mon-col"  : 3,
+            "weeks-pos": "left",
+            "format": {
+                "months":     "<span color='#ff8700'><b>{}</b></span>",
+                "days":       "<span color='#fce8c3'><b>{}</b></span>",
+                "weeks":      "<span color='#68a8e4'><b>W{}</b></span>",
+                "weekdays":   "<span color='#fed06e'><b>{}</b></span>",
+                "today":      "<span color='#ef2f27'><b><u>{}</u></b></span>"
+            },
+        },
     },
     "clock#utc": {
-        "timezone": "UTC",
         "format": " {:%H:%M %Z}",
         "on-click": "exec foot --hold undertime --table --format simple --no-time-details",
+        "tooltip-format": "{tz_list}",
+        "timezones": [
+            "Etc/UTC",
+            "US/Pacific",
+            "America/Sao_Paulo",
+            "US/Eastern",
+            "Europe/Amsterdam",
+        ],
     },
     // has been split in 0.9.23
     // https://github.com/Alexays/Waybar/pull/2114
     "cpu": {
         "format": "{usage:3}% {avg_frequency:4}GHz ",
         "tooltip": false,
-        "on-click": "foot -e htop",
+        "on-click": "exec foot -e htop",
         "interval": 1,
     },
     "memory": {
-        "on-click": "foot -e btop",
+        "on-click": "exec foot -e btop",
         "format": "{}% "
     },
     "temperature": {
         // "thermal-zone": 2,
         // "hwmon-path": "/sys/class/hwmon/hwmon2/temp1_input",
         "critical-threshold": 80,
-        "on-click": "psensor",
+        "on-click": "exec psensor",
         // "format-critical": "{icon} {temperatureC}°C",
         "format": "{icon} {temperatureC}°C",
         "format-icons": ["","", "", "", ""]
@@ -130,7 +152,7 @@
             "warning": 30,
             "critical": 15
         },
-        "on-click": "gnome-power-statistics",
+        "on-click": "exec gnome-power-statistics",
         "format": "{icon} {capacity}%",
         "format-charging": "{capacity}% ",
         "format-plugged": "{capacity}% ",
@@ -144,7 +166,7 @@
     },
     // missing "hide-if-zero" from py3status
     "network": {
-        "on-click": "foot -e sudo iftop",
+        "on-click": "exec foot -e sudo iftop",
         "format": "{ifname} ↓{bandwidthDownBytes:>} ↑{bandwidthUpBytes:>} ",
         "format-disconnected": "Disconnected ⚠",
     },
@@ -172,14 +194,16 @@
     },
     "systemd-failed-units": {
         "format": "{nr_failed} failed units",
+        "hide-on-ok": true,
+        "on-click": "exec foot --hold systemd-summarize-failed",
     },
     "wireplumber": {
         "format": "{icon} {volume}%",
         "format-muted": "",
-        "on-click": "pavucontrol",
-        "on-click-right": "qpwgraph",
+        "on-click": "exec pavucontrol",
+        "on-click-right": "exec qpwgraph",
         "max-volume": 150,
-        "scroll-step": 0.2,
+        "scroll-step": 0.5,
         "format-icons": ["", ""]
     },
     "custom/dnd": {
@@ -188,10 +212,13 @@
         "format": "{}{icon}",
         "format-icons": {
             "default": "",
-            "dnd": ""
+            "do-not-disturb": ""
         },
-        "on-click": "makoctl mode | grep 'do-not-disturb' && makoctl mode -r do-not-disturb || makoctl mode -a do-not-disturb; pkill -RTMIN+11 waybar",
-        "exec": "printf '{\"alt\":\"%s\",\"tooltip\":\"mode: %s\"}' $(makoctl mode | grep -q 'do-not-disturb' && echo dnd || echo default) $(makoctl mode | tail -1)",
+        // this hack is from https://github.com/manjaro-sway/desktop-settings/pull/121
+        "on-click": "makoctl mode -t 'do-not-disturb' > /dev/null; pkill -RTMIN+11 waybar",
+        "on-click-middle": "exec foot -hold mako-waybar-history",
+        "on-click-right": "makoctl dismiss --all ; pkill -RTMIN+11 waybar",
+        "exec": "mako-waybar-output",
         "signal": 11
     },
     "custom/notification": {
diff --git a/software/desktop/wayland/config/waybar/style.css b/software/desktop/wayland/config/waybar/style.css
index 18736745..f920fc02 100644
--- a/software/desktop/wayland/config/waybar/style.css
+++ b/software/desktop/wayland/config/waybar/style.css
@@ -160,3 +160,9 @@ label:focus {
 #privacy-item.audio-out {
     background-color: @green;
 }
+#custom-dnd.active {
+    color: @orange;
+}
+#custom-dnd.do-not-disturb {
+    background-color: @yellow;
+}

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index e925979b..b6ff0eb7 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -250,6 +250,13 @@ I eventually fixed this by switching from [py3status][] to
 [waybar][], which was another yak horde shaving session, but
 ultimately, it worked.
 
+sfwbar is an alternative. It behaves well and has a more GUI-like
+feel, at the cost of taking up more real estate. After two minutes the
+CPU usage was 1.49s vs 1.39s for waybar, in a preliminary test, but
+that's without any resource tracking, so it *seems* waybar is
+generally more efficient. plus sfwbar doesn't seem to [support urgency
+hints](https://github.com/LBCrion/sfwbar/issues/305).
+
 [py3status]: https://py3status.readthedocs.io/
 [waybar]: https://github.com/Alexays/Waybar/
 

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index ff40898d..e925979b 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -1031,17 +1031,24 @@ how many things you were using are tightly bound to X.
    figure out something that does, like feh, a random shuffle.
    [swaybg][] just loads a *single* image, duh. [oguri][] might be a
    solution, but unmaintained, [used here][], not in
-   Debian. [wallutils][] is another option, also not in
+   Debian. [waypaper](https://github.com/anufrievroman/waypaper), [wpaperd](https://github.com/danyspin97/wpaperd), [wallutils][] and [swww](https://github.com/LGFae/swww) ([ITP](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084753)) are other option, also not in
    Debian. [azote][] is now in Debian and seems like a good
-   alternative. For now I just don't have a wallpaper, the background
-   is a solid gray, which is better than Xorg's default (which is
-   whatever crap was left around a buffer by the previous collection
-   of programs, basically)
+   alternative. [hyprpaper](https://wiki.hyprland.org/Hypr-Ecosystem/hyprpaper/) is in Debian and works in Sway, but has
+   a clunky configuration file, with only one image at a time. In
+   theory, it can load other images through IPC, but that only works
+   through hypr's IPC mechanism. 
+   
+   For now I just don't have a wallpaper, the background is a solid
+   gray, which is better than Xorg's default (which is whatever crap
+   was left around a buffer by the previous collection of programs,
+   basically)
 
  * notifications: previously [dunst][] in some places, which works
    well in both Xorg and Wayland, not a blocker, [fnott][], [salut][]
    (not in Debian) possible alternatives: damjan [uses
-   mako][]. Eventually migrated to [sway-nc][].
+   mako][]. Eventually migrated to [sway-nc][], but found it too
+   complicated for my needs. Ended up with a simple mako-based setup
+   with inhibition.
 
  * notification area: I had trouble making `nm-applet` work. based on
    [this nm-applet.service][], I found that you need to pass `--indicator`.  In

diff --git a/software/desktop/wayland/config/foot/foot.ini b/software/desktop/wayland/config/foot/foot.ini
index 963cb868..db2d1c2a 100644
--- a/software/desktop/wayland/config/foot/foot.ini
+++ b/software/desktop/wayland/config/foot/foot.ini
@@ -1,5 +1,5 @@
 [main]
-font=Fira mono:size=12
+font=Commit mono:size=12
 # a symlink to the current theme, flipped with scripts.git's dark/light
 include=/home/anarcat/.config/foot/theme.ini
 #include=/usr/share/foot/themes/gruvbox-light
diff --git a/software/desktop/wayland/config/fuzzel/fuzzel.ini b/software/desktop/wayland/config/fuzzel/fuzzel.ini
index 8db340dc..870e7a1b 100644
--- a/software/desktop/wayland/config/fuzzel/fuzzel.ini
+++ b/software/desktop/wayland/config/fuzzel/fuzzel.ini
@@ -1,5 +1,5 @@
 [main]
-font=Fira mono:size=12
+font=Commit mono:size=12
 show-actions=yes
 width=80
 lines=24
diff --git a/software/desktop/wayland/config/mako/config b/software/desktop/wayland/config/mako/config
new file mode 100644
index 00000000..30ea26cf
--- /dev/null
+++ b/software/desktop/wayland/config/mako/config
@@ -0,0 +1,23 @@
+font=Commit mono
+
+# blue
+background-color=#2c78bf
+# while
+progress-color=#baa67f
+# foreground
+text-color=#fce8c3
+# blueb
+border-color=#68a8e4
+
+[mode=do-not-disturb]
+invisible=1
+
+[urgency=critical]
+# red
+background-color=#ef2f27
+border-color=#f75341
+
+[urgency=low]
+# green
+background-color=#519f50
+border-color=#98bc37
diff --git a/software/desktop/wayland/config/sway/config b/software/desktop/wayland/config/sway/config
index eefc2afc..b9376a13 100644
--- a/software/desktop/wayland/config/sway/config
+++ b/software/desktop/wayland/config/sway/config
@@ -30,7 +30,7 @@ set $mod Mod4
 # is used in the bar {} block below.
 # This font is widely installed, provides lots of unicode glyphs, right-to-left
 # text rendering and scalability on retina/hidpi displays (thanks to pango).
-font pango:Fira mono 10
+font pango:Commit mono 10
 # Before i3 v4.8, we used to recommend this one as the default:
 # font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1
 # The font above is very space-efficient, that is, it looks good, sharp and
@@ -251,6 +251,7 @@ bindsym $mod+d exec systemd-run-wrap dmenu-bash-history
 bindsym $mod+F2 exec systemd-run-wrap dmenu-ssh.py
 # until mosh falls back to SSH (https://github.com/mobile-shell/mosh/issues/731)
 bindsym $mod+F3 exec systemd-run-wrap dmenu-ssh.py --ssh=mosh
+bindsym $mod+F4 exec systemd-run-wrap foot -e sudo -s
 bindsym $mod+g exec sway-window-menu
 bindsym $mod+p exec pass-dmenu
 bindsym $mod+Shift+p exec env TYPE_MODE=wtype pass-dmenu
@@ -284,13 +285,19 @@ bindsym --locked XF86MonBrightnessUp exec brightnessctl set 1%+
 for_window [app_id="qalculate"] floating enable
 for_window [app_id="Pavucontrol"] floating enable
 for_window [app_id="nm-connection-editor"] floating enable
-for_window [title="Picture-in-Picture"] floating enable
+for_window [title="Picture-in-Picture"] {
+  floating enable
+  sticky enable
+}
 # this is defined in ~/.config/systemd/user/wterminal.service which
 # starts (and restarts) a foot window with the "pop-up" title
 for_window [title="pop-up"] floating enable
 # more Vincent Bernat cargo-culting:
 # https://github.com/vincentbernat/i3wm-configuration/blob/master/config
 no_focus [window_type="splash"]
+for_window [app_id="pinentry-qt"] {
+	floating enable
+}
 
 # don't lock the screen when a window is in fullscreen
 for_window [class=".*"] inhibit_idle fullscreen
@@ -308,19 +315,40 @@ for_window [app_id=".*"] inhibit_idle fullscreen
 # ideally, of course, Firefox should just use the notification area
 # for this...
 #
-# this will:
+# this will just kill the damn window
+for_window [app_id="[fF]irefox(-esr)?" title="Firefox — Sharing Indicator"] {
+	kill
+}
+
+# workspace assignments
 #
-# set it floating (so it's not that absurdely big piece of shit)
-# make it sticky, so it's visible even if you switch workspaces
-# move it to my right monitor
-# move it to top left on that monitor
-# keep the window from stealing focus when starting
+# we restrict ourselves to startup things, and even that can be
+# relatively confusing, as for example new firefox windows will
+# *always* end up in workspace 3 here
 #
-# i would move it to top right, but that actually hides the window
-# unless we do some funky resolution vs window size calculations
-for_window [title="Firefox — Sharing Indicator"] floating enable, sticky enable, move to output right, move position 0 0
-no_focus [title="Firefox — Sharing Indicator"]
-
+# for that reason we don't assign terminals to WS 5 because we
+# sometimes bleed over 6, 7 and 8 and more...
+for_window [title="\*notmuch-hello\*"] {
+    move container to workspace 1
+}
+# xwayland
+for_window [class="Signal"] {
+    move container to workspace 2
+    fullscreen disable
+}
+for_window [app_id="Signal"] {
+    move container to workspace 2
+    fullscreen disable
+}
+for_window [app_id="[fF]irefox(-esr)?"] {
+    move container to workspace 3
+}
+#for_window [app_id="emacs"] {
+#    move container to workspace 4
+#}
+for_window [title="colortaillog"] {
+    move container to workspace 9
+}
 #exec --no-startup-id i3-load-layouts
 
 # color theme
@@ -403,7 +431,13 @@ include /etc/sway/config.d/*
 # properly startup. This is done with `systemd import-environment`,
 # it's unclear how that differs from the dbus command above.
 #
-# Finally, we notify systemd that sway is ready.
+# Finally, we notify systemd that sway is ready. That needs
+# NotifyAccess=all which is a problem, as any subprocess can now
+# notify systemd it's the main PID. Sway also refuses to fix this, see:
+# https://github.com/swaywm/sway/pull/7659
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039857
+#
+# latest attempt: https://github.com/swaywm/sway/pull/7904
 exec dbus-update-activation-environment --systemd XDG_CURRENT_DESKTOP=sway \
   && systemctl --user import-environment SWAYSOCK \
                                          DISPLAY \
@@ -411,11 +445,15 @@ exec dbus-update-activation-environment --systemd XDG_CURRENT_DESKTOP=sway \
                                          WAYLAND_DISPLAY \
                                          XCURSOR_SIZE \
                                          XCURSOR_THEME \
-  && true
+  && systemd-notify --ready
 exec_always systemctl --user reload kanshi
 
 seat seat0 xcursor_theme Posy_Cursor 24
 
+# set the background at startup, a systemd timer will run this
+# afterwards
+exec_always swaybgs
+
 # copied from keyboard-reconf
 # keyboard switch
 # ca,us - canadian, english keyboard
@@ -440,14 +478,9 @@ input * {
       tap_button_map lmr
 }
 
-# Framework built-in monitor
-#
-# default is to scale 2x, which is way too big. this (1.5x) still
-# looks sharp and works great.
-output "BOE 0x095F Unknown" scale 1.5
-output "Dell Inc. DELL U2723QE FN5C6P3" enable scale 2 position 1504 0 mode 3840x2160@59.997002Hz
-
+include ~/.config/sway/outputs
 # note that the above overlaps with the kanshi configuration, see ~/.config/kanshi/*
 #
 # also note that a sway reload will break the kanshi configuration, see:
 # https://todo.sr.ht/~emersion/kanshi/35
+include ~/.config/sway/workspaces
diff --git a/software/desktop/wayland/config/sway/outputs b/software/desktop/wayland/config/sway/outputs
new file mode 100644
index 00000000..4ae84293
--- /dev/null
+++ b/software/desktop/wayland/config/sway/outputs
@@ -0,0 +1,29 @@

(Diff truncated)

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index a09a0b7c..7bdbb884 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -2,7 +2,7 @@
 
 <span /><div class="nocount">
 
-# Marinade
+### Marinade
 
 - 1 tasse de jus de pommes 
 - 1/4 de tasse de moutarde de Dijon
@@ -15,7 +15,7 @@
 - 1 c. à thé de graines de moutarde
 - 1 livre de tofu en gros cubes
 
-# Sauce
+### Sauce
 
 - 1 c. à table d’échalotes hachées
 - 3 c. à table de porto

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index 2e7a9ae1..a09a0b7c 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -24,8 +24,6 @@
 - romarin frais
 - sel
 
-# Directions
-
 Dans un bol, à l’aide d’un fouet, mélanger la marinade, puis ajouter
 le tofu. S'assurer que le tofu est couvert par la marinade. Couvrir le
 plat d’une pellicule de plastique.

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index 3bcc8168..2e7a9ae1 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -27,18 +27,14 @@
 # Directions
 
 Dans un bol, à l’aide d’un fouet, mélanger la marinade, puis ajouter
-le tofu. S'assurer que le tofu est couvert par la marinade.
-
-Couvrir le plat d’une pellicule de plastique. 
+le tofu. S'assurer que le tofu est couvert par la marinade. Couvrir le
+plat d’une pellicule de plastique.
 
 Mariner au réfrigérateur au minimum 20 minutes ou jusqu’à 2 heures,
 voire 12-24h.
 
-Entre-temps, faire revenir les échalotes dans l'huile.
-
-Griller le tofu jusqu'à ce qu'il soit bien grillé, voire carbonisé,
-saler et poivrer.
-
-Déglacer avec le porto et vinaigre.
+Entre-temps, faire revenir les échalotes dans l'huile. Griller le tofu
+jusqu'à ce qu'il soit bien grillé, voire carbonisé, saler et poivrer.
 
-Tamiser la marinade, puis incorporer et réduire.
+Déglacer avec le porto et vinaigre. Tamiser la marinade, puis
+incorporer et réduire.

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index 2be3c449..3bcc8168 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -41,6 +41,4 @@ saler et poivrer.
 
 Déglacer avec le porto et vinaigre.
 
-Tamiser la marinade.
-
-Ajouter et réduire la marinade. 
+Tamiser la marinade, puis incorporer et réduire.

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index b1b4a47d..2be3c449 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -2,9 +2,8 @@
 
 <span /><div class="nocount">
 
-# Ingredients
+# Marinade
 
-- 1 livre de tofu en gros cubes
 - 1 tasse de jus de pommes 
 - 1/4 de tasse de moutarde de Dijon
 - 2 c. à table d’huile d’olive
@@ -14,6 +13,7 @@
 - 4 gousses d’ail hachées finement
 - 1 c. à thé de poivre noir du moulin
 - 1 c. à thé de graines de moutarde
+- 1 livre de tofu en gros cubes
 
 # Sauce
 
@@ -26,12 +26,8 @@
 
 # Directions
 
-Dans un bol, à l’aide d’un fouet, mélanger le jus de pomme, la moutarde
-de Dijon, l’huile d’olive, la cassonade, le miel, l’ail, le romarin, le
-poivre et les graines de moutarde.
-
-Placer le tofu dans un plat en verre peu profond et couvrir avec la
-marinade, bien enrober.
+Dans un bol, à l’aide d’un fouet, mélanger la marinade, puis ajouter
+le tofu. S'assurer que le tofu est couvert par la marinade.
 
 Couvrir le plat d’une pellicule de plastique. 
 

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index 83bf586a..b1b4a47d 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -2,7 +2,7 @@
 
 <span /><div class="nocount">
 
-## Ingredients
+# Ingredients
 
 - 1 livre de tofu en gros cubes
 - 1 tasse de jus de pommes 
@@ -15,7 +15,7 @@
 - 1 c. à thé de poivre noir du moulin
 - 1 c. à thé de graines de moutarde
 
-## Sauce
+# Sauce
 
 - 1 c. à table d’échalotes hachées
 - 3 c. à table de porto
@@ -24,7 +24,7 @@
 - romarin frais
 - sel
 
-## Directions
+# Directions
 
 Dans un bol, à l’aide d’un fouet, mélanger le jus de pomme, la moutarde
 de Dijon, l’huile d’olive, la cassonade, le miel, l’ail, le romarin, le

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index 7065cf6c..83bf586a 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -1,6 +1,6 @@
-<span /><div class="nocount">
+[[!meta title="Tofu au romarin et sauce au porto"]]
 
-# Tofu au romarin et sauce au porto 
+<span /><div class="nocount">
 
 ## Ingredients
 

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index e48b3e4f..7065cf6c 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -1,3 +1,5 @@
+<span /><div class="nocount">
+
 # Tofu au romarin et sauce au porto 
 
 ## Ingredients

diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
index d8a3d5dc..e48b3e4f 100644
--- a/recette/tofu-romarin-porto.md
+++ b/recette/tofu-romarin-porto.md
@@ -1,7 +1,3 @@
----
-geometry: margin=3cm
----
-
 # Tofu au romarin et sauce au porto 
 
 ## Ingredients
@@ -50,5 +46,3 @@ Déglacer avec le porto et vinaigre.
 Tamiser la marinade.
 
 Ajouter et réduire la marinade. 
-
-\pagebreak

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 3d878c88..9572fee5 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -231,6 +231,10 @@ for a more up to date list.
 
 TODO
 
+- deborphan! ouch! [1065310](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065310)
+- cpufrequtils, presumably replaced by cpupowerutils, but not in
+  debian (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073079)
+
 See also the [noteworthy obsolete packages](https://www.debian.org/releases/testing/release-notes/issues.en.html#noteworthy-obsolete-packages) list.
 
 ## Other improvements

diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index a63f80ea..6d4c789e 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -362,6 +362,8 @@ available ([Supernote Nomad](https://supernote.com/products/supernote-nomad)) fo
 - pen is an extra 60-90$USD depending on model
 - 50-70$ extra for case
 
+Seems repairable, see [this teardown video from the company](https://www.youtube.com/watch?v=d2X0c3MprAM).
+
 # Tablets
 
 Tablets are basically like ebook-readers, except they use a normal,

diff --git a/hardware/radio.mdwn b/hardware/radio.mdwn
index e66679e9..669a1d3d 100644
--- a/hardware/radio.mdwn
+++ b/hardware/radio.mdwn
@@ -50,6 +50,12 @@ Stuff to buy next
 * [Call those guys?](http://www.paratonnerres.qc.ca/produits.html)
 * <del>J146/440 - dual band VHF/UHF antenna (2m-70cm) [40$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_191_193&products_id=886)</del> /!\ backorder
 * <del>MFJ-260C - 300W dummy load  0-150Mhz dry [50$ at radiowrodl](http://radioworld.ca/product_info.php?products_id=8098)</del> built into the tuner now
+- [(tr)uSDX](https://dl2man.de/), example [portable kit](https://imgur.com/gallery/ultralightish-tr-usdx-sota-shack-box-kit-QPuv1d9)
+- [kv4p](https://www.kv4p.com/)
+- UV-K5, [custom firmware](https://github.com/nikant/kamilsss655-uv-k5-firmware-custom-nkk?tab=readme-ov-file), [also](https://whosmatt.github.io/uvmod/)
+- [QMX](https://qrp-labs.com/qmx.html)
+- [uBITX v6](https://www.hfsignals.com/index.php/ubitx-v6/)
+- [sBITX](https://www.sbitx.net/)
 
 There's a [great guide](https://www.tothewoods.net/Comms-Yaesu-817-818-Manpack-Mobile-QRP-Ham-Radio-Kit.php) on how to setup a mobile HF rig that I
 could reuse with my FT-100d. It seems I am missing:

diff --git a/recette/make.sh b/recette/make.sh
new file mode 100644
index 00000000..84b10496
--- /dev/null
+++ b/recette/make.sh
@@ -0,0 +1 @@
+pandoc tofu-romarin-porto.md -o tofu-romarin-porto.pdf  && open tofu-romarin-porto.pdf
diff --git a/recette/porc-romarin-porto.md b/recette/porc-romarin-porto.md
new file mode 100644
index 00000000..6c36601e
--- /dev/null
+++ b/recette/porc-romarin-porto.md
@@ -0,0 +1,101 @@
+---
+geometry: margin=3cm
+---
+
+# Filets de porc au romarin et sauce au porto 
+
+## Ingredients
+
+- 1 tasse de jus de pommes 
+- 1/4 de tasse de moutarde de Dijon
+- 2 c. à table d’huile d’olive
+- 1/4 de tasse de cassonade
+- 2 c. à table de miel liquide
+- 2 c. à table de romarin frais haché
+- 4 gousses d’ail hachées finement
+- 1 c. à thé de poivre noir du moulin
+- 1 c. à thé de graines de moutarde
+
+## Sauce
+
+- 1 c. à table d’échalotes hachées
+- 3 c. à table de porto
+- 2 c. à table de vinaigre balsamique
+- 1/4 de tasse d’huile d’olive
+- romarin frais
+- sel
+
+## Directions
+
+Dans un bol, à l’aide d’un fouet, mélanger le jus de pomme, la moutarde
+de Dijon, l’huile d’olive, la cassonade, le miel, l’ail, le romarin, le
+poivre et les graines de moutarde.
+
+Placer les filets de porc dans un plat en verre peu profond.
+
+Verser la marinade sur les filets de porc et les retourner pour bien
+les enrober.
+
+Couvrir le plat d’une pellicule de plastique. 
+
+Mariner au réfrigérateur au minimum 20 minutes ou jusqu’à 2 heures.
+
+Entre-temps, faire revenir les échalotes dans l'huile.
+
+Ajoutez le porto et vinaigre.
+
+Saler, poivrer et réserver après avoir chauffé.
+
+Ajouter la marinade. 
+
+Faire réduire. 
+
+Passer au tamis.
+
+Cuire à 350°F sur la grille du four ou de 12 à 16 minutes sur le BBQ.
+
+Après avoir mariné, couper les filets de porc en tranches d’un pouce.
+
+Ajouter le jus dans la sauce Porto. 
+
+Arroser de sauce.
+
+\pagebreak
+
+## Tofu addendum
+
+```
+Antoine Beaupré <anarcat@orangeseeds.org> (2024-01-07) (inbox sent)
+Date: Sun, 07 Jan 2024 16:07:25 -0500
+From: Antoine Beaupré <anarcat@orangeseeds.org>
+To: Nick Ackerley <ea610@ncf.ca>
+Subject: Re: Tofu
+
+On 2024-01-06 10:49:00, Nick Ackerley wrote:
+> Hi Antoine!
+>
+> Can you share your amazing not-pork-tofu recipe with me?
+>
+> Sad you weren't able to visit with Rachel et al., this time. Maybe next?
+
+It would have been great to hang out indeed! But I took a rain check and
+visited other friends up north, but really mostly alone, taking a break
+from the family has been kind of great, to be frank. :) Hopefully we can
+make this ride soon enough again, now that it seems the boys handle it
+much better!
+
+Here's the pork-based recipe, from my mom. Replace tofu with pork,
+obviously, but after the marinade, i kind of just wing it: if you can
+fry the tofu on a BBQ that's good, oven can be good as well, best would
+probably be an air frier. For heapmas, i just fried the green onions
+with oil, fried the tofu until it's almost charred, then deglazed with
+the port and vineager, then added all the marinade and reduced until it
+was yum yummy.
+
+-- 
+The odds are greatly against you being immensely smarter than everyone\
+else in the field. If your analysis says your terminal velocity is
+twice the speed of light, you may have invented warp drive, but the
+chances are a lot better that you've screwed up.
+- Akin's Laws of Spacecraft Design
+```
diff --git a/recette/tofu-romarin-porto.md b/recette/tofu-romarin-porto.md
new file mode 100644
index 00000000..d8a3d5dc
--- /dev/null
+++ b/recette/tofu-romarin-porto.md
@@ -0,0 +1,54 @@
+---
+geometry: margin=3cm
+---
+
+# Tofu au romarin et sauce au porto 
+
+## Ingredients
+
+- 1 livre de tofu en gros cubes
+- 1 tasse de jus de pommes 
+- 1/4 de tasse de moutarde de Dijon
+- 2 c. à table d’huile d’olive
+- 1/4 de tasse de cassonade
+- 2 c. à table de miel liquide
+- 2 c. à table de romarin frais haché
+- 4 gousses d’ail hachées finement
+- 1 c. à thé de poivre noir du moulin
+- 1 c. à thé de graines de moutarde
+
+## Sauce
+
+- 1 c. à table d’échalotes hachées
+- 3 c. à table de porto
+- 2 c. à table de vinaigre balsamique
+- 1/4 de tasse d’huile d’olive
+- romarin frais
+- sel
+
+## Directions
+
+Dans un bol, à l’aide d’un fouet, mélanger le jus de pomme, la moutarde
+de Dijon, l’huile d’olive, la cassonade, le miel, l’ail, le romarin, le
+poivre et les graines de moutarde.
+
+Placer le tofu dans un plat en verre peu profond et couvrir avec la
+marinade, bien enrober.
+
+Couvrir le plat d’une pellicule de plastique. 
+
+Mariner au réfrigérateur au minimum 20 minutes ou jusqu’à 2 heures,
+voire 12-24h.
+
+Entre-temps, faire revenir les échalotes dans l'huile.
+
+Griller le tofu jusqu'à ce qu'il soit bien grillé, voire carbonisé,
+saler et poivrer.
+
+Déglacer avec le porto et vinaigre.
+
+Tamiser la marinade.
+
+Ajouter et réduire la marinade. 
+
+\pagebreak
diff --git a/recette/tofu-romarin-porto.pdf b/recette/tofu-romarin-porto.pdf
new file mode 100644
index 00000000..f17a66b7
Binary files /dev/null and b/recette/tofu-romarin-porto.pdf differ

diff --git a/blog/2019-10-16-bus-factor.mdwn b/blog/2019-10-16-bus-factor.mdwn
index 409de6d2..af35c843 100644
--- a/blog/2019-10-16-bus-factor.mdwn
+++ b/blog/2019-10-16-bus-factor.mdwn
@@ -85,4 +85,60 @@ spaghetti code before it even has time to [get flooded over][].
 [Aegir]: https://www.aegirproject.org/
 [AlternC]: https://alternc.org/
 
+# Update: actual research exists
+
+Someone actually did [research this](https://www.scannedinavian.com/the-github-plugin-my-coworkers-asked-me-not-to-write.html). 
+
+The term they use is "truck factor". Their definition "relies on a
+coverage assumption: a system will face serious delays or will be
+likely discontinued if its current set of authors covers less than 50%
+of the current set of files in the system".
+
+It doesn't directly confirm or infirm my theory
+(`avg(bus_factor)==1`), but it certainly seems like 1 is the "[most
+common value](https://en.wikipedia.org/wiki/Mode_(statistics))". If I parse [their data](https://mclare.blog/_file/posts/the-bus-factor/results.4c687f4f.json), I end up with an
+average truck factor of 4.9, but this covers only 133 projects! 
+
+And what's worse, the [original paper](https://arxiv.org/pdf/1604.06766) (from which this project
+list is based on) selected based on most popular GitHub projects:
+
+> To select a target set of subjects, we follow a procedure similar to
+> other studies investigating GitHub [12]–[15]. First, we query the
+> programming languages with the largest number of repositories in
+> GitHub. [...] We then select the 100-top most popular repositories
+> within each target language. [...] Considering only the most popular
+> projects in a given language (S`), we remove the systems in the
+> first quartile (Q1) of the distribution of three metrics, namely
+> number of developers (nd), number of commits (nc), and number of
+> files (nf ). After filtering out subjects in Q1, we compute the
+> intersection of the remaining sets.
+
+So they explicitly target large projects with large numbers of
+developers:
+
+> [...] 133 subjects (T 2), which represent the most important systems per
+> language in GitHub, implemented by teams with a considerable number
+> of active developers and with a considerable number of files
+
+Note that their final list does not include foundational projects like
+OpenSSL, GCC, xz (!) but it does include others like git, Linux, or
+less. So their data is likely skewed towards larger, healthier
+projects than what actually matters.
+
+I would be curious, for example, to see this exercise ran against all
+of Debian `main` or [required](https://www.debian.org/doc/debian-policy/ch-archive.html#s-priorities) packages, if we'd have to pick a
+subset. I suspect the bus factor for those would be *much* smaller,
+and maintain my original theory that it converges towards 1.
+
+I'll also note that the original paper concludes that:
+
+> We show that 87 systems (65%) have TF ≤ 2
+
+... which is *pretty close* (off by one!) to my original theory, which
+I should probably rephrase as "most projects have a bus factor of one"
+(the above paper says it's two).
+
+The new research also implies that the trend is getting worse, with
+the kernel moving from 57 to 12, for example.
+
 [[!tag debian-planet python-planet python software debian]]

diff --git a/software/desktop/emacs.mdwn b/software/desktop/emacs.mdwn
index df7466ca..969e0ede 100644
--- a/software/desktop/emacs.mdwn
+++ b/software/desktop/emacs.mdwn
@@ -57,7 +57,7 @@ Here's the list of packages I currently use.
 | puppet-mode | [0.4](https://stable.melpa.org/#/puppet-mode) | [0.4.post5](https://tracker.debian.org/elpa-puppet-mode)| Major mode for Puppet manifests |
 | rainbow-mode | N/A | [1.0.6.post2](https://tracker.debian.org/elpa-rainbow-mode)| None |
 | recentf | N/A | N/A| None |
-| ripgrep | [0.4.0](https://stable.melpa.org/#/ripgrep) | [2.3.0.post4](https://tracker.debian.org/elpa-rg)| Front-end for ripgrep, a command line search tool |
+| rg | [2.3.0](https://stable.melpa.org/#/rg) | [2.3.0.post4](https://tracker.debian.org/elpa-rg)| A search tool based on ripgrep |
 | shift-number | [0.1](https://stable.melpa.org/#/shift-number) | N/A| Increase/decrease the number at point |
 | smart-mode-line | [2.14](https://stable.melpa.org/#/smart-mode-line) | [2.14.post2](https://tracker.debian.org/elpa-smart-mode-line)| A color coded smart mode-line |
 | srcery-theme | [20240220.805](https://melpa.org/#/srcery-theme) | N/A| Dark color theme |

diff --git a/software/desktop/emacs.mdwn b/software/desktop/emacs.mdwn
index 5a6f3fa3..df7466ca 100644
--- a/software/desktop/emacs.mdwn
+++ b/software/desktop/emacs.mdwn
@@ -57,7 +57,7 @@ Here's the list of packages I currently use.
 | puppet-mode | [0.4](https://stable.melpa.org/#/puppet-mode) | [0.4.post5](https://tracker.debian.org/elpa-puppet-mode)| Major mode for Puppet manifests |
 | rainbow-mode | N/A | [1.0.6.post2](https://tracker.debian.org/elpa-rainbow-mode)| None |
 | recentf | N/A | N/A| None |
-| ripgrep | [0.4.0](https://stable.melpa.org/#/ripgrep) | [#976297](https://bugs.debian.org/976297)| Front-end for ripgrep, a command line search tool |
+| ripgrep | [0.4.0](https://stable.melpa.org/#/ripgrep) | [2.3.0.post4](https://tracker.debian.org/elpa-rg)| Front-end for ripgrep, a command line search tool |
 | shift-number | [0.1](https://stable.melpa.org/#/shift-number) | N/A| Increase/decrease the number at point |
 | smart-mode-line | [2.14](https://stable.melpa.org/#/smart-mode-line) | [2.14.post2](https://tracker.debian.org/elpa-smart-mode-line)| A color coded smart mode-line |
 | srcery-theme | [20240220.805](https://melpa.org/#/srcery-theme) | N/A| Dark color theme |

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index 83befc1a..17aa8264 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -107,7 +107,7 @@ Those are packages that *are* in Debian stable (Bookworm) already, but
 that are somewhat lacking and could benefit from an upgrade.
 
 - [firmware-iwlwifi](https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git): out of date, can install from unstable
-- [fuzzel][]: [log level noises][A],, paste support
+- [fuzzel][]: [log level noises][A], paste support
   and my [scripts](https://gitlab.com/anarcat/scripts/) in `~/bin` should be patched to use `--cache`
 - [foot][]: [log level noises][B], [quotes selection][], [keyboard
   selection mode](https://codeberg.org/dnkl/foot/issues/419)

diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index a82a7831..8ccb1a24 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -384,6 +384,24 @@ sound and design of the keyboards.
 They have QMK-compatible firmware and pretty designs, with slim and
 TKL keyboards.
 
+I have found a second hand Air75 at some Amazon overflow thing here,
+and it is *really* nice. It's really slim, I (surprisingly) like the
+short travel and the sound is exquisite, even with red switches. It's
+nice to have the combo Bluetooth / USB-C setup, and there's even a
+"2.4GHz transmitter" in there for non-BT operation, but somehow the
+adapter for that was missing from the case.
+
+Two major downsides:
+
+- it's a bit on the heavy side, which would otherwise make this an
+  incredible travel keyboard
+- the TKL layout is a bit too narrow for me, i can't get used to the
+  vertical pgup/pgdown pad
+
+I have also heard first-hand reports of a full USB controller failure
+and a failure of support to provide proper followup, so that's a bit
+concerning.
+
 rtings reviewed [five models](https://www.rtings.com/keyboard/tools/table/141136) and outlined:
 
  * [Halo75 v2](https://nuphy.com/collections/keyboards/products/halo75-v2-qmk-via-wireless-custom-mechanical-keyboard): "[Best Mid-Range Mechanical Keyboard](https://www.rtings.com/keyboard/reviews/best/mechanical)" ([full review](https://www.rtings.com/keyboard/reviews/nuphy/air75-v2-air60-v2-air96-v2))
@@ -398,6 +416,11 @@ rtings reviewed [five models](https://www.rtings.com/keyboard/tools/table/141136
    the Halo96 v2 and Halo75 v2
  * [Field75](https://nuphy.com/collections/keyboards/products/field75): not best in anything ([full review](https://www.rtings.com/keyboard/reviews/nuphy/field75))
 
+## Divinikey
+
+A friend built a [Neo80 keyboard](https://divinikey.com/collections/neo80-keyboard-kit-and-components/products/qwertykeys-neo80-case) by buying a PCB presoldered with
+Gazzew Boba U4 switches, and [earth tone keycaps](https://www.deskhero.ca/products/gmk-earth-tones-keycaps?variant=40347274805314) and likes it.
+
 # Mini / travel keyboards
 
 Those are useful for the media station or traveling on the road with a

diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index 9f2beaec..a63f80ea 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -99,7 +99,8 @@ also have a neat [community forum][]. They are based in China so
 products will ship from there.
 
 Update: they seem to actually have significant GPL-compliance issues,
-from what I've read on hacker news.
+from what I've read on hacker news. See also [this Linux Tech Tips
+forum post](https://linustechtips.com/topic/1331748-shortcircuit-showcases-boox-a-product-that-violates-gpl2/).
 
 [Onyx]: https://en.wikipedia.org/wiki/Onyx_Boox
 [community forum]: http://bbs.onyx-international.com/

diff --git a/software/desktop/emacs.mdwn b/software/desktop/emacs.mdwn
index f131f89b..5a6f3fa3 100644
--- a/software/desktop/emacs.mdwn
+++ b/software/desktop/emacs.mdwn
@@ -25,50 +25,50 @@ Here's the list of packages I currently use.
 
 | Package | Emacs | Debian | Description |
 | ------- | ----- | ------ | ----------- |
-| anzu | [20240929.201](https://melpa.org/#/anzu) | [0.67.post1](https://tracker.debian.org/elpa-anzu)| Show number of matches in mode-line while searching |
-| auto-dictionary | [20150410.1610](https://melpa.org/#/auto-dictionary) | [1.1.post1](https://tracker.debian.org/elpa-auto-dictionary)| Automatic dictionary switcher for flyspell |
-| cape | [20241211.1804](https://melpa.org/#/cape) | [#728729](https://bugs.debian.org/728729)| Completion At Point Extensions |
-| consult | [20241210.1313](https://melpa.org/#/consult) | [1.8.post1](https://tracker.debian.org/elpa-consult)| Consulting completing-read |
-| corfu | [20241208.2242](https://melpa.org/#/corfu) | [1.5.post1](https://tracker.debian.org/elpa-corfu)| COmpletion in Region FUnction |
-| crux | [20240401.1136](https://melpa.org/#/crux) | [#909337](https://bugs.debian.org/909337)| A Collection of Ridiculously Useful eXtensions |
+| anzu | [0.67](https://stable.melpa.org/#/anzu) | [0.67.post1](https://tracker.debian.org/elpa-anzu)| Show number of matches in mode-line while searching |
+| auto-dictionary | [1.1](https://stable.melpa.org/#/auto-dictionary) | [1.1.post1](https://tracker.debian.org/elpa-auto-dictionary)| Automatic dictionary switcher for flyspell |
+| cape | [1.7](https://stable.melpa.org/#/cape) | [#728729](https://bugs.debian.org/728729)| Completion At Point Extensions |
+| consult | [1.8](https://stable.melpa.org/#/consult) | [1.8.post1](https://tracker.debian.org/elpa-consult)| Consulting completing-read |
+| corfu | [1.5](https://stable.melpa.org/#/corfu) | [1.5.post1](https://tracker.debian.org/elpa-corfu)| COmpletion in Region FUnction |
+| crux | [0.5.0](https://stable.melpa.org/#/crux) | [#909337](https://bugs.debian.org/909337)| A Collection of Ridiculously Useful eXtensions |
 | dabbrev | N/A | N/A| None |
 | devdocs | [20241113.1341](https://melpa.org/#/devdocs) | N/A| Emacs viewer for DevDocs |
-| dimmer | [20220817.122](https://melpa.org/#/dimmer) | [0.4.2+repack20220817.a5b6975.3](https://tracker.debian.org/elpa-dimmer)| Visually highlight the selected buffer |
-| dockerfile-mode | [20240914.1549](https://melpa.org/#/dockerfile-mode) | [1.9.post3](https://tracker.debian.org/elpa-dockerfile-mode)| Major mode for editing Docker's Dockerfiles |
+| dimmer | [0.4.2](https://stable.melpa.org/#/dimmer) | [0.4.2+repack20220817.a5b6975.3](https://tracker.debian.org/elpa-dimmer)| Visually highlight the selected buffer |
+| dockerfile-mode | [1.9](https://stable.melpa.org/#/dockerfile-mode) | [1.9.post3](https://tracker.debian.org/elpa-dockerfile-mode)| Major mode for editing Docker's Dockerfiles |
 | eglot | N/A | [1.15.post3](https://tracker.debian.org/elpa-eglot)| None |
-| embark | [20241003.1953](https://melpa.org/#/embark) | [1.1.post2](https://tracker.debian.org/elpa-embark)| Conveniently act on minibuffer completions |
-| embark-consult | [20240919.1831](https://melpa.org/#/embark-consult) | N/A| Consult integration for Embark |
-| flycheck | [20241130.1502](https://melpa.org/#/flycheck) | [34.1.post2](https://tracker.debian.org/elpa-flycheck)| On-the-fly syntax checking |
+| embark | [1.1](https://stable.melpa.org/#/embark) | [1.1.post2](https://tracker.debian.org/elpa-embark)| Conveniently act on minibuffer completions |
+| embark-consult | [1.1](https://stable.melpa.org/#/embark-consult) | N/A| Consult integration for Embark |
+| flycheck | [34.1](https://stable.melpa.org/#/flycheck) | [34.1.post2](https://tracker.debian.org/elpa-flycheck)| On-the-fly syntax checking |
 | flymake | N/A | N/A| None |
-| format-all | [20241126.829](https://melpa.org/#/format-all) | [0.6.0.post2](https://tracker.debian.org/elpa-format-all)| Auto-format C, C++, JS, Python, Ruby and 50 other languages |
-| frames-only-mode | [20241201.1533](https://melpa.org/#/frames-only-mode) | N/A| Use frames instead of Emacs windows |
+| format-all | [0.6.0](https://stable.melpa.org/#/format-all) | [0.6.0.post2](https://tracker.debian.org/elpa-format-all)| Auto-format C, C++, JS, Python, Ruby and 50 other languages |
+| frames-only-mode | [1.0.0](https://stable.melpa.org/#/frames-only-mode) | N/A| Use frames instead of Emacs windows |
 | gnus-alias | [20230818.1830](https://melpa.org/#/gnus-alias) | N/A| An alternative to gnus-posting-styles |
-| go-mode | [20240620.1948](https://melpa.org/#/go-mode) | N/A| Major mode for the Go programming language |
-| gptel | [20241216.411](https://melpa.org/#/gptel) | N/A| Interact with ChatGPT or other LLMs |
-| hl-todo | [20240805.1444](https://melpa.org/#/hl-todo) | [3.8.1.post1](https://tracker.debian.org/elpa-hl-todo)| Highlight TODO and similar keywords |
+| go-mode | [1.6.0](https://stable.melpa.org/#/go-mode) | N/A| Major mode for the Go programming language |
+| gptel | [0.9.7](https://stable.melpa.org/#/gptel) | N/A| Interact with ChatGPT or other LLMs |
+| hl-todo | [3.8.1](https://stable.melpa.org/#/hl-todo) | [3.8.1.post1](https://tracker.debian.org/elpa-hl-todo)| Highlight TODO and similar keywords |
 | ledger | N/A | [4.0.0.post2](https://tracker.debian.org/elpa-ledger)| None |
-| magit | [20241209.933](https://melpa.org/#/magit) | [4.1.3.post1](https://tracker.debian.org/elpa-magit)| A Git porcelain inside Emacs |
-| marginalia | [20241124.1138](https://melpa.org/#/marginalia) | [1.7.post1](https://tracker.debian.org/elpa-marginalia)| Enrich existing commands with completion annotations |
-| markdown-mode | [20241117.1510](https://melpa.org/#/markdown-mode) | [2.6.post2](https://tracker.debian.org/elpa-markdown-mode)| Major mode for Markdown-formatted text |
-| multiple-cursors | [20241201.1841](https://melpa.org/#/multiple-cursors) | [#861127](https://bugs.debian.org/861127)| Multiple cursors for Emacs |
-| notmuch | [20240816.2039](https://melpa.org/#/notmuch) | [0.38.3.post3](https://tracker.debian.org/elpa-notmuch)| Run notmuch within emacs |
+| magit | [4.1.3](https://stable.melpa.org/#/magit) | [4.1.3.post1](https://tracker.debian.org/elpa-magit)| A Git porcelain inside Emacs |
+| marginalia | [1.7](https://stable.melpa.org/#/marginalia) | [1.7.post1](https://tracker.debian.org/elpa-marginalia)| Enrich existing commands with completion annotations |
+| markdown-mode | [2.6](https://stable.melpa.org/#/markdown-mode) | [2.6.post2](https://tracker.debian.org/elpa-markdown-mode)| Major mode for Markdown-formatted text |
+| multiple-cursors | [1.4.0](https://stable.melpa.org/#/multiple-cursors) | [#861127](https://bugs.debian.org/861127)| Multiple cursors for Emacs |
+| notmuch | [0.38.3](https://stable.melpa.org/#/notmuch) | [0.38.3.post3](https://tracker.debian.org/elpa-notmuch)| Run notmuch within emacs |
 | org | N/A | [9.7.16+dfsg.1](https://tracker.debian.org/elpa-org)| None |
-| pdf-tools | [20240429.407](https://melpa.org/#/pdf-tools) | [1.1.0.post3](https://tracker.debian.org/elpa-pdf-tools)| Support library for PDF documents |
-| puppet-mode | [20210305.645](https://melpa.org/#/puppet-mode) | [0.4.post5](https://tracker.debian.org/elpa-puppet-mode)| Major mode for Puppet manifests |
+| pdf-tools | [1.1.0](https://stable.melpa.org/#/pdf-tools) | [1.1.0.post3](https://tracker.debian.org/elpa-pdf-tools)| Support library for PDF documents |
+| puppet-mode | [0.4](https://stable.melpa.org/#/puppet-mode) | [0.4.post5](https://tracker.debian.org/elpa-puppet-mode)| Major mode for Puppet manifests |
 | rainbow-mode | N/A | [1.0.6.post2](https://tracker.debian.org/elpa-rainbow-mode)| None |
 | recentf | N/A | N/A| None |
-| ripgrep | [20220520.1410](https://melpa.org/#/ripgrep) | [#976297](https://bugs.debian.org/976297)| Front-end for ripgrep, a command line search tool |
-| shift-number | [20170301.1459](https://melpa.org/#/shift-number) | N/A| Increase/decrease the number at point |
-| smart-mode-line | [20240924.2322](https://melpa.org/#/smart-mode-line) | [2.14.post2](https://tracker.debian.org/elpa-smart-mode-line)| A color coded smart mode-line |
+| ripgrep | [0.4.0](https://stable.melpa.org/#/ripgrep) | [#976297](https://bugs.debian.org/976297)| Front-end for ripgrep, a command line search tool |
+| shift-number | [0.1](https://stable.melpa.org/#/shift-number) | N/A| Increase/decrease the number at point |
+| smart-mode-line | [2.14](https://stable.melpa.org/#/smart-mode-line) | [2.14.post2](https://tracker.debian.org/elpa-smart-mode-line)| A color coded smart mode-line |
 | srcery-theme | [20240220.805](https://melpa.org/#/srcery-theme) | N/A| Dark color theme |
-| vertico | [20241208.2233](https://melpa.org/#/vertico) | [1.9.post1](https://tracker.debian.org/elpa-vertico)| VERTical Interactive COmpletion |
+| vertico | [1.9](https://stable.melpa.org/#/vertico) | [1.9.post1](https://tracker.debian.org/elpa-vertico)| VERTical Interactive COmpletion |
 | visual-fill-column-mode | N/A | N/A| None |
-| wc-mode | [20210418.47](https://melpa.org/#/wc-mode) | [1.4.post2](https://tracker.debian.org/elpa-wc-mode)| Running word count with goals (minor mode) |
-| which-key | [20240620.2145](https://melpa.org/#/which-key) | [3.6.0.post2](https://tracker.debian.org/elpa-which-key)| Display available keybindings in popup |
-| writegood-mode | [20220511.2109](https://melpa.org/#/writegood-mode) | [2.2.0.post3](https://tracker.debian.org/elpa-writegood-mode)| Polish up poor writing on the fly |
-| writeroom-mode | [20231103.931](https://melpa.org/#/writeroom-mode) | [3.11.post3](https://tracker.debian.org/elpa-writeroom-mode)| Minor mode for distraction-free writing |
-| ws-butler | [20241107.519](https://melpa.org/#/ws-butler) | [0.6.post5](https://tracker.debian.org/elpa-ws-butler)| Unobtrusively remove trailing whitespace |
-| yasnippet | [20241013.1557](https://melpa.org/#/yasnippet) | [0.14.0+git20230912.76e1eee6.2](https://tracker.debian.org/elpa-yasnippet)| Yet another snippet extension for Emacs |
+| wc-mode | [1.4.1](https://stable.melpa.org/#/wc-mode) | [1.4.post2](https://tracker.debian.org/elpa-wc-mode)| Running word count with goals (minor mode) |
+| which-key | [3.6.0](https://stable.melpa.org/#/which-key) | [3.6.0.post2](https://tracker.debian.org/elpa-which-key)| Display available keybindings in popup |
+| writegood-mode | [2.2.0](https://stable.melpa.org/#/writegood-mode) | [2.2.0.post3](https://tracker.debian.org/elpa-writegood-mode)| Polish up poor writing on the fly |
+| writeroom-mode | [3.11](https://stable.melpa.org/#/writeroom-mode) | [3.11.post3](https://tracker.debian.org/elpa-writeroom-mode)| Minor mode for distraction-free writing |
+| ws-butler | [0.7](https://stable.melpa.org/#/ws-butler) | [0.6.post5](https://tracker.debian.org/elpa-ws-butler)| Unobtrusively remove trailing whitespace |
+| yasnippet | [0.14.0](https://stable.melpa.org/#/yasnippet) | [0.14.0+git20230912.76e1eee6.2](https://tracker.debian.org/elpa-yasnippet)| Yet another snippet extension for Emacs |
 
 The above was automatically generated using [check-emacs-packages](https://gitlab.com/anarcat/scripts/blob/main/check-emacs-packages)
 with some manual modifications for packages on the main ELPA archive

diff --git a/software/desktop/emacs.mdwn b/software/desktop/emacs.mdwn
index e995c141..f131f89b 100644
--- a/software/desktop/emacs.mdwn
+++ b/software/desktop/emacs.mdwn
@@ -78,16 +78,3 @@ packages into the script, I used this mighty pipeline:
     check-emacs-packages $( ( grep '^(use-package' ~/.emacs.d/init.el | sed 's/.* //' ; \
     grep -A2 packages ~/.emacs.d/custom.el  | tail -1 | sed 's/[()]//g;s/ /\n/g' ) \
     | sort -u ) 2>/dev/null
-
-Some packages are edited by hand:
-
- * `dictionary-el` does not follow the emacs team naming convention
- * `ein` has a false positive in WNPP
- * `gnus-alias` is not in stable MELPA
- * `org-mode` is not on any archive?
- * `rainbow-mode` is in GNU ELPA, not MELPA
- * `vc` is part of Emacs even though I load it with use-package so it
-   is not listed here
-
-This might be part of an override file instead of having to hand-craft
-this...

diff --git a/software/desktop/emacs.mdwn b/software/desktop/emacs.mdwn
index d1c02f61..e995c141 100644
--- a/software/desktop/emacs.mdwn
+++ b/software/desktop/emacs.mdwn
@@ -23,52 +23,52 @@ those packages.
 
 Here's the list of packages I currently use.
 
-Package | Emacs | Debian | Description
-------- | ----- | ------ | -----------
-anzu | [20240929.201](https://melpa.org/#/anzu) | [0.67.post1](https://tracker.debian.org/elpa-anzu)| Show number of matches in mode-line while searching
-auto-dictionary | [20150410.1610](https://melpa.org/#/auto-dictionary) | [1.1.post1](https://tracker.debian.org/elpa-auto-dictionary)| Automatic dictionary switcher for flyspell
-cape | [20241211.1804](https://melpa.org/#/cape) | [#728729](https://bugs.debian.org/728729)| Completion At Point Extensions
-consult | [20241210.1313](https://melpa.org/#/consult) | [1.8.post1](https://tracker.debian.org/elpa-consult)| Consulting completing-read
-corfu | [20241208.2242](https://melpa.org/#/corfu) | [1.5.post1](https://tracker.debian.org/elpa-corfu)| COmpletion in Region FUnction
-crux | [20240401.1136](https://melpa.org/#/crux) | [#909337](https://bugs.debian.org/909337)| A Collection of Ridiculously Useful eXtensions
-dabbrev | N/A | N/A| None
-devdocs | [20241113.1341](https://melpa.org/#/devdocs) | N/A| Emacs viewer for DevDocs
-dimmer | [20220817.122](https://melpa.org/#/dimmer) | [0.4.2+repack20220817.a5b6975.3](https://tracker.debian.org/elpa-dimmer)| Visually highlight the selected buffer
-dockerfile-mode | [20240914.1549](https://melpa.org/#/dockerfile-mode) | [1.9.post3](https://tracker.debian.org/elpa-dockerfile-mode)| Major mode for editing Docker's Dockerfiles
-eglot | N/A | [1.15.post3](https://tracker.debian.org/elpa-eglot)| None
-embark | [20241003.1953](https://melpa.org/#/embark) | [1.1.post2](https://tracker.debian.org/elpa-embark)| Conveniently act on minibuffer completions
-embark-consult | [20240919.1831](https://melpa.org/#/embark-consult) | N/A| Consult integration for Embark
-flycheck | [20241130.1502](https://melpa.org/#/flycheck) | [34.1.post2](https://tracker.debian.org/elpa-flycheck)| On-the-fly syntax checking
-flymake | N/A | N/A| None
-format-all | [20241126.829](https://melpa.org/#/format-all) | [0.6.0.post2](https://tracker.debian.org/elpa-format-all)| Auto-format C, C++, JS, Python, Ruby and 50 other languages
-frames-only-mode | [20241201.1533](https://melpa.org/#/frames-only-mode) | N/A| Use frames instead of Emacs windows
-gnus-alias | [20230818.1830](https://melpa.org/#/gnus-alias) | N/A| An alternative to gnus-posting-styles
-go-mode | [20240620.1948](https://melpa.org/#/go-mode) | N/A| Major mode for the Go programming language
-gptel | [20241216.411](https://melpa.org/#/gptel) | N/A| Interact with ChatGPT or other LLMs
-hl-todo | [20240805.1444](https://melpa.org/#/hl-todo) | [3.8.1.post1](https://tracker.debian.org/elpa-hl-todo)| Highlight TODO and similar keywords
-ledger | N/A | [4.0.0.post2](https://tracker.debian.org/elpa-ledger)| None
-magit | [20241209.933](https://melpa.org/#/magit) | [4.1.3.post1](https://tracker.debian.org/elpa-magit)| A Git porcelain inside Emacs
-marginalia | [20241124.1138](https://melpa.org/#/marginalia) | [1.7.post1](https://tracker.debian.org/elpa-marginalia)| Enrich existing commands with completion annotations
-markdown-mode | [20241117.1510](https://melpa.org/#/markdown-mode) | [2.6.post2](https://tracker.debian.org/elpa-markdown-mode)| Major mode for Markdown-formatted text
-multiple-cursors | [20241201.1841](https://melpa.org/#/multiple-cursors) | [#861127](https://bugs.debian.org/861127)| Multiple cursors for Emacs
-notmuch | [20240816.2039](https://melpa.org/#/notmuch) | [0.38.3.post3](https://tracker.debian.org/elpa-notmuch)| Run notmuch within emacs
-org | N/A | [9.7.16+dfsg.1](https://tracker.debian.org/elpa-org)| None
-pdf-tools | [20240429.407](https://melpa.org/#/pdf-tools) | [1.1.0.post3](https://tracker.debian.org/elpa-pdf-tools)| Support library for PDF documents
-puppet-mode | [20210305.645](https://melpa.org/#/puppet-mode) | [0.4.post5](https://tracker.debian.org/elpa-puppet-mode)| Major mode for Puppet manifests
-rainbow-mode | N/A | [1.0.6.post2](https://tracker.debian.org/elpa-rainbow-mode)| None
-recentf | N/A | N/A| None
-ripgrep | [20220520.1410](https://melpa.org/#/ripgrep) | [#976297](https://bugs.debian.org/976297)| Front-end for ripgrep, a command line search tool
-shift-number | [20170301.1459](https://melpa.org/#/shift-number) | N/A| Increase/decrease the number at point
-smart-mode-line | [20240924.2322](https://melpa.org/#/smart-mode-line) | [2.14.post2](https://tracker.debian.org/elpa-smart-mode-line)| A color coded smart mode-line
-srcery-theme | [20240220.805](https://melpa.org/#/srcery-theme) | N/A| Dark color theme
-vertico | [20241208.2233](https://melpa.org/#/vertico) | [1.9.post1](https://tracker.debian.org/elpa-vertico)| VERTical Interactive COmpletion
-visual-fill-column-mode | N/A | N/A| None
-wc-mode | [20210418.47](https://melpa.org/#/wc-mode) | [1.4.post2](https://tracker.debian.org/elpa-wc-mode)| Running word count with goals (minor mode)
-which-key | [20240620.2145](https://melpa.org/#/which-key) | [3.6.0.post2](https://tracker.debian.org/elpa-which-key)| Display available keybindings in popup
-writegood-mode | [20220511.2109](https://melpa.org/#/writegood-mode) | [2.2.0.post3](https://tracker.debian.org/elpa-writegood-mode)| Polish up poor writing on the fly
-writeroom-mode | [20231103.931](https://melpa.org/#/writeroom-mode) | [3.11.post3](https://tracker.debian.org/elpa-writeroom-mode)| Minor mode for distraction-free writing
-ws-butler | [20241107.519](https://melpa.org/#/ws-butler) | [0.6.post5](https://tracker.debian.org/elpa-ws-butler)| Unobtrusively remove trailing whitespace
-yasnippet | [20241013.1557](https://melpa.org/#/yasnippet) | [0.14.0+git20230912.76e1eee6.2](https://tracker.debian.org/elpa-yasnippet)| Yet another snippet extension for Emacs
+| Package | Emacs | Debian | Description |
+| ------- | ----- | ------ | ----------- |
+| anzu | [20240929.201](https://melpa.org/#/anzu) | [0.67.post1](https://tracker.debian.org/elpa-anzu)| Show number of matches in mode-line while searching |
+| auto-dictionary | [20150410.1610](https://melpa.org/#/auto-dictionary) | [1.1.post1](https://tracker.debian.org/elpa-auto-dictionary)| Automatic dictionary switcher for flyspell |
+| cape | [20241211.1804](https://melpa.org/#/cape) | [#728729](https://bugs.debian.org/728729)| Completion At Point Extensions |
+| consult | [20241210.1313](https://melpa.org/#/consult) | [1.8.post1](https://tracker.debian.org/elpa-consult)| Consulting completing-read |
+| corfu | [20241208.2242](https://melpa.org/#/corfu) | [1.5.post1](https://tracker.debian.org/elpa-corfu)| COmpletion in Region FUnction |
+| crux | [20240401.1136](https://melpa.org/#/crux) | [#909337](https://bugs.debian.org/909337)| A Collection of Ridiculously Useful eXtensions |
+| dabbrev | N/A | N/A| None |
+| devdocs | [20241113.1341](https://melpa.org/#/devdocs) | N/A| Emacs viewer for DevDocs |
+| dimmer | [20220817.122](https://melpa.org/#/dimmer) | [0.4.2+repack20220817.a5b6975.3](https://tracker.debian.org/elpa-dimmer)| Visually highlight the selected buffer |
+| dockerfile-mode | [20240914.1549](https://melpa.org/#/dockerfile-mode) | [1.9.post3](https://tracker.debian.org/elpa-dockerfile-mode)| Major mode for editing Docker's Dockerfiles |
+| eglot | N/A | [1.15.post3](https://tracker.debian.org/elpa-eglot)| None |
+| embark | [20241003.1953](https://melpa.org/#/embark) | [1.1.post2](https://tracker.debian.org/elpa-embark)| Conveniently act on minibuffer completions |
+| embark-consult | [20240919.1831](https://melpa.org/#/embark-consult) | N/A| Consult integration for Embark |
+| flycheck | [20241130.1502](https://melpa.org/#/flycheck) | [34.1.post2](https://tracker.debian.org/elpa-flycheck)| On-the-fly syntax checking |
+| flymake | N/A | N/A| None |
+| format-all | [20241126.829](https://melpa.org/#/format-all) | [0.6.0.post2](https://tracker.debian.org/elpa-format-all)| Auto-format C, C++, JS, Python, Ruby and 50 other languages |
+| frames-only-mode | [20241201.1533](https://melpa.org/#/frames-only-mode) | N/A| Use frames instead of Emacs windows |
+| gnus-alias | [20230818.1830](https://melpa.org/#/gnus-alias) | N/A| An alternative to gnus-posting-styles |
+| go-mode | [20240620.1948](https://melpa.org/#/go-mode) | N/A| Major mode for the Go programming language |
+| gptel | [20241216.411](https://melpa.org/#/gptel) | N/A| Interact with ChatGPT or other LLMs |
+| hl-todo | [20240805.1444](https://melpa.org/#/hl-todo) | [3.8.1.post1](https://tracker.debian.org/elpa-hl-todo)| Highlight TODO and similar keywords |
+| ledger | N/A | [4.0.0.post2](https://tracker.debian.org/elpa-ledger)| None |
+| magit | [20241209.933](https://melpa.org/#/magit) | [4.1.3.post1](https://tracker.debian.org/elpa-magit)| A Git porcelain inside Emacs |
+| marginalia | [20241124.1138](https://melpa.org/#/marginalia) | [1.7.post1](https://tracker.debian.org/elpa-marginalia)| Enrich existing commands with completion annotations |
+| markdown-mode | [20241117.1510](https://melpa.org/#/markdown-mode) | [2.6.post2](https://tracker.debian.org/elpa-markdown-mode)| Major mode for Markdown-formatted text |
+| multiple-cursors | [20241201.1841](https://melpa.org/#/multiple-cursors) | [#861127](https://bugs.debian.org/861127)| Multiple cursors for Emacs |
+| notmuch | [20240816.2039](https://melpa.org/#/notmuch) | [0.38.3.post3](https://tracker.debian.org/elpa-notmuch)| Run notmuch within emacs |
+| org | N/A | [9.7.16+dfsg.1](https://tracker.debian.org/elpa-org)| None |
+| pdf-tools | [20240429.407](https://melpa.org/#/pdf-tools) | [1.1.0.post3](https://tracker.debian.org/elpa-pdf-tools)| Support library for PDF documents |
+| puppet-mode | [20210305.645](https://melpa.org/#/puppet-mode) | [0.4.post5](https://tracker.debian.org/elpa-puppet-mode)| Major mode for Puppet manifests |
+| rainbow-mode | N/A | [1.0.6.post2](https://tracker.debian.org/elpa-rainbow-mode)| None |
+| recentf | N/A | N/A| None |
+| ripgrep | [20220520.1410](https://melpa.org/#/ripgrep) | [#976297](https://bugs.debian.org/976297)| Front-end for ripgrep, a command line search tool |
+| shift-number | [20170301.1459](https://melpa.org/#/shift-number) | N/A| Increase/decrease the number at point |
+| smart-mode-line | [20240924.2322](https://melpa.org/#/smart-mode-line) | [2.14.post2](https://tracker.debian.org/elpa-smart-mode-line)| A color coded smart mode-line |
+| srcery-theme | [20240220.805](https://melpa.org/#/srcery-theme) | N/A| Dark color theme |
+| vertico | [20241208.2233](https://melpa.org/#/vertico) | [1.9.post1](https://tracker.debian.org/elpa-vertico)| VERTical Interactive COmpletion |
+| visual-fill-column-mode | N/A | N/A| None |
+| wc-mode | [20210418.47](https://melpa.org/#/wc-mode) | [1.4.post2](https://tracker.debian.org/elpa-wc-mode)| Running word count with goals (minor mode) |
+| which-key | [20240620.2145](https://melpa.org/#/which-key) | [3.6.0.post2](https://tracker.debian.org/elpa-which-key)| Display available keybindings in popup |
+| writegood-mode | [20220511.2109](https://melpa.org/#/writegood-mode) | [2.2.0.post3](https://tracker.debian.org/elpa-writegood-mode)| Polish up poor writing on the fly |
+| writeroom-mode | [20231103.931](https://melpa.org/#/writeroom-mode) | [3.11.post3](https://tracker.debian.org/elpa-writeroom-mode)| Minor mode for distraction-free writing |
+| ws-butler | [20241107.519](https://melpa.org/#/ws-butler) | [0.6.post5](https://tracker.debian.org/elpa-ws-butler)| Unobtrusively remove trailing whitespace |
+| yasnippet | [20241013.1557](https://melpa.org/#/yasnippet) | [0.14.0+git20230912.76e1eee6.2](https://tracker.debian.org/elpa-yasnippet)| Yet another snippet extension for Emacs |
 
 The above was automatically generated using [check-emacs-packages](https://gitlab.com/anarcat/scripts/blob/main/check-emacs-packages)
 with some manual modifications for packages on the main ELPA archive

diff --git a/software/desktop/emacs.mdwn b/software/desktop/emacs.mdwn
index 4c5f17c0..d1c02f61 100644
--- a/software/desktop/emacs.mdwn
+++ b/software/desktop/emacs.mdwn
@@ -25,40 +25,59 @@ Here's the list of packages I currently use.
 
 Package | Emacs | Debian | Description
 ------- | ----- | ------ | -----------
-anzu | [0.62](https://stable.melpa.org/#/anzu) | [0.62-2](https://tracker.debian.org/elpa-anzu) | Show number of matches in mode-line while searching
-atomic-chrome | [2.0.0](https://stable.melpa.org/#/atomic-chrome) | [#909336](http://bugs.debian.org/909336) | Edit Chrome text area with Emacs using Atomic Chrome
-auto-dictionary | [1.1](https://stable.melpa.org/#/auto-dictionary) | [1.1-1](https://tracker.debian.org/elpa-auto-dictionary) | automatic dictionary switcher for flyspell
-company | [0.9.6](https://stable.melpa.org/#/company) | [0.9.6-1](https://tracker.debian.org/elpa-company) | Modular text completion framework
-company-go | [20170907](https://stable.melpa.org/#/company-go) | [20170907-3](https://tracker.debian.org/elpa-company-go) | company-mode backend for Go (using gocode)
-crux | [0.3.0](https://stable.melpa.org/#/crux) | [#909337](http://bugs.debian.org/909337) | A Collection of Ridiculously Useful eXtensions
-dictionary | [1.10](https://stable.melpa.org/#/dictionary) | [1.10-3](https://tracker.debian.org/pkg/dictionary-el) | Client for rfc2229 dictionary servers
-ein | [0.14.1](https://stable.melpa.org/#/ein) | [None](https://bugs.debian.org/) | Emacs IPython Notebook
-elpy | [1.24.0](https://stable.melpa.org/#/elpy) | [1.24.0-1](https://tracker.debian.org/elpa-elpy) | Emacs Python Development Environment
-gnus-alias | [20150316.42](https://melpa.org/#/gnus-alias) | [None](https://bugs.debian.org/) | an alternative to gnus-posting-styles
-go-mode | [1.5.0](https://stable.melpa.org/#/go-mode) | [3:1.5.0-2](https://tracker.debian.org/elpa-go-mode) | Major mode for the Go programming language
-ledger | [20180826.243](https://melpa.org/#/ledger-mode) | [3.1.2~pre1+g3a00e1c+dfsg1-5](https://tracker.debian.org/elpa-ledger) | command-line double-entry accounting program (emacs interface)
-magit | [2.13.0](https://stable.melpa.org/#/magit) | [2.13.0-3](https://tracker.debian.org/elpa-magit) | A Git porcelain inside Emacs.
-markdown-mode | [2.3](https://stable.melpa.org/#/markdown-mode) | [2.3+154-1](https://tracker.debian.org/elpa-markdown-mode) | Major mode for Markdown-formatted text
-markdown-toc | [0.1.2](https://stable.melpa.org/#/markdown-toc) | [#861128](http://bugs.debian.org/861128) | A simple TOC generator for markdown file
-multiple-cursors | [1.4.0](https://stable.melpa.org/#/multiple-cursors) | [#861127](http://bugs.debian.org/861127) | Multiple cursors for Emacs.
-notmuch | [0.27](https://stable.melpa.org/#/notmuch) | [0.27-3](https://tracker.debian.org/elpa-notmuch) | run notmuch within emacs
-org | [None](https://github.com/melpa/melpa/blob/master/CONTRIBUTING.org) | [9.1.14+dfsg-3](https://tracker.debian.org/elpa-org) | Keep notes, maintain ToDo lists, and do project planning in emacs
-rainbow-mode | [1.0.1](https://elpa.gnu.org/packages/rainbow-mode.html) | [1.0.1-1](https://tracker.debian.org/elpa-rainbow-mode) | Colorize color names in buffers
-solarized-theme | [1.2.2](https://stable.melpa.org/#/solarized-theme) | [1.2.2-3](https://tracker.debian.org/elpa-solarized-theme) | The Solarized color theme, ported to Emacs.
-use-package | [2.3](https://stable.melpa.org/#/use-package) | [2.3+repack-2](https://tracker.debian.org/elpa-use-package) | A use-package declaration for simplifying your .emacs
-webpaste | [2.1.0](https://stable.melpa.org/#/webpaste) | [None](https://bugs.debian.org/) | Paste to pastebin-like services
-writegood-mode | [2.0.3](https://stable.melpa.org/#/writegood-mode) | [2.0.3-1](https://tracker.debian.org/elpa-writegood-mode) | Polish up poor writing on the fly
-writeroom-mode | [3.7](https://stable.melpa.org/#/writeroom-mode) | [#861124](http://bugs.debian.org/861124) | Minor mode for distraction-free writing
-yasnippet | [0.13.0](https://stable.melpa.org/#/yasnippet) | [0.13.0-2](https://tracker.debian.org/elpa-yasnippet) | Yet another snippet extension for Emacs.
+anzu | [20240929.201](https://melpa.org/#/anzu) | [0.67.post1](https://tracker.debian.org/elpa-anzu)| Show number of matches in mode-line while searching
+auto-dictionary | [20150410.1610](https://melpa.org/#/auto-dictionary) | [1.1.post1](https://tracker.debian.org/elpa-auto-dictionary)| Automatic dictionary switcher for flyspell
+cape | [20241211.1804](https://melpa.org/#/cape) | [#728729](https://bugs.debian.org/728729)| Completion At Point Extensions
+consult | [20241210.1313](https://melpa.org/#/consult) | [1.8.post1](https://tracker.debian.org/elpa-consult)| Consulting completing-read
+corfu | [20241208.2242](https://melpa.org/#/corfu) | [1.5.post1](https://tracker.debian.org/elpa-corfu)| COmpletion in Region FUnction
+crux | [20240401.1136](https://melpa.org/#/crux) | [#909337](https://bugs.debian.org/909337)| A Collection of Ridiculously Useful eXtensions
+dabbrev | N/A | N/A| None
+devdocs | [20241113.1341](https://melpa.org/#/devdocs) | N/A| Emacs viewer for DevDocs
+dimmer | [20220817.122](https://melpa.org/#/dimmer) | [0.4.2+repack20220817.a5b6975.3](https://tracker.debian.org/elpa-dimmer)| Visually highlight the selected buffer
+dockerfile-mode | [20240914.1549](https://melpa.org/#/dockerfile-mode) | [1.9.post3](https://tracker.debian.org/elpa-dockerfile-mode)| Major mode for editing Docker's Dockerfiles
+eglot | N/A | [1.15.post3](https://tracker.debian.org/elpa-eglot)| None
+embark | [20241003.1953](https://melpa.org/#/embark) | [1.1.post2](https://tracker.debian.org/elpa-embark)| Conveniently act on minibuffer completions
+embark-consult | [20240919.1831](https://melpa.org/#/embark-consult) | N/A| Consult integration for Embark
+flycheck | [20241130.1502](https://melpa.org/#/flycheck) | [34.1.post2](https://tracker.debian.org/elpa-flycheck)| On-the-fly syntax checking
+flymake | N/A | N/A| None
+format-all | [20241126.829](https://melpa.org/#/format-all) | [0.6.0.post2](https://tracker.debian.org/elpa-format-all)| Auto-format C, C++, JS, Python, Ruby and 50 other languages
+frames-only-mode | [20241201.1533](https://melpa.org/#/frames-only-mode) | N/A| Use frames instead of Emacs windows
+gnus-alias | [20230818.1830](https://melpa.org/#/gnus-alias) | N/A| An alternative to gnus-posting-styles
+go-mode | [20240620.1948](https://melpa.org/#/go-mode) | N/A| Major mode for the Go programming language
+gptel | [20241216.411](https://melpa.org/#/gptel) | N/A| Interact with ChatGPT or other LLMs
+hl-todo | [20240805.1444](https://melpa.org/#/hl-todo) | [3.8.1.post1](https://tracker.debian.org/elpa-hl-todo)| Highlight TODO and similar keywords
+ledger | N/A | [4.0.0.post2](https://tracker.debian.org/elpa-ledger)| None
+magit | [20241209.933](https://melpa.org/#/magit) | [4.1.3.post1](https://tracker.debian.org/elpa-magit)| A Git porcelain inside Emacs
+marginalia | [20241124.1138](https://melpa.org/#/marginalia) | [1.7.post1](https://tracker.debian.org/elpa-marginalia)| Enrich existing commands with completion annotations
+markdown-mode | [20241117.1510](https://melpa.org/#/markdown-mode) | [2.6.post2](https://tracker.debian.org/elpa-markdown-mode)| Major mode for Markdown-formatted text
+multiple-cursors | [20241201.1841](https://melpa.org/#/multiple-cursors) | [#861127](https://bugs.debian.org/861127)| Multiple cursors for Emacs
+notmuch | [20240816.2039](https://melpa.org/#/notmuch) | [0.38.3.post3](https://tracker.debian.org/elpa-notmuch)| Run notmuch within emacs
+org | N/A | [9.7.16+dfsg.1](https://tracker.debian.org/elpa-org)| None
+pdf-tools | [20240429.407](https://melpa.org/#/pdf-tools) | [1.1.0.post3](https://tracker.debian.org/elpa-pdf-tools)| Support library for PDF documents
+puppet-mode | [20210305.645](https://melpa.org/#/puppet-mode) | [0.4.post5](https://tracker.debian.org/elpa-puppet-mode)| Major mode for Puppet manifests
+rainbow-mode | N/A | [1.0.6.post2](https://tracker.debian.org/elpa-rainbow-mode)| None
+recentf | N/A | N/A| None
+ripgrep | [20220520.1410](https://melpa.org/#/ripgrep) | [#976297](https://bugs.debian.org/976297)| Front-end for ripgrep, a command line search tool
+shift-number | [20170301.1459](https://melpa.org/#/shift-number) | N/A| Increase/decrease the number at point
+smart-mode-line | [20240924.2322](https://melpa.org/#/smart-mode-line) | [2.14.post2](https://tracker.debian.org/elpa-smart-mode-line)| A color coded smart mode-line
+srcery-theme | [20240220.805](https://melpa.org/#/srcery-theme) | N/A| Dark color theme
+vertico | [20241208.2233](https://melpa.org/#/vertico) | [1.9.post1](https://tracker.debian.org/elpa-vertico)| VERTical Interactive COmpletion
+visual-fill-column-mode | N/A | N/A| None
+wc-mode | [20210418.47](https://melpa.org/#/wc-mode) | [1.4.post2](https://tracker.debian.org/elpa-wc-mode)| Running word count with goals (minor mode)
+which-key | [20240620.2145](https://melpa.org/#/which-key) | [3.6.0.post2](https://tracker.debian.org/elpa-which-key)| Display available keybindings in popup
+writegood-mode | [20220511.2109](https://melpa.org/#/writegood-mode) | [2.2.0.post3](https://tracker.debian.org/elpa-writegood-mode)| Polish up poor writing on the fly
+writeroom-mode | [20231103.931](https://melpa.org/#/writeroom-mode) | [3.11.post3](https://tracker.debian.org/elpa-writeroom-mode)| Minor mode for distraction-free writing
+ws-butler | [20241107.519](https://melpa.org/#/ws-butler) | [0.6.post5](https://tracker.debian.org/elpa-ws-butler)| Unobtrusively remove trailing whitespace
+yasnippet | [20241013.1557](https://melpa.org/#/yasnippet) | [0.14.0+git20230912.76e1eee6.2](https://tracker.debian.org/elpa-yasnippet)| Yet another snippet extension for Emacs
 
 The above was automatically generated using [check-emacs-packages](https://gitlab.com/anarcat/scripts/blob/main/check-emacs-packages)
 with some manual modifications for packages on the main ELPA archive
 (as opposed to MELPA, which is surprisingly rare). To feed the list of
 packages into the script, I used this mighty pipeline:
 
-    check-emacs-packages $( ( grep '^(use-package' ~/.emacs | sed 's/.* //' ; \
-    grep -A2 packages ~/.emacs-custom  | tail -1 | sed 's/[()]//g;s/ /\n/g' ) \
-    | sort -u )
+    check-emacs-packages $( ( grep '^(use-package' ~/.emacs.d/init.el | sed 's/.* //' ; \
+    grep -A2 packages ~/.emacs.d/custom.el  | tail -1 | sed 's/[()]//g;s/ /\n/g' ) \
+    | sort -u ) 2>/dev/null
 
 Some packages are edited by hand:
 

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index 335b2863..23e38d40 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -49,9 +49,9 @@ can log back in over a serial console or virtual terminal.
 
  1. Preparation:
 
-        echo reset to the default locale
+        echo reset to the default locale &&
         export LC_ALL=C.UTF-8 &&
-        echo install some dependencies
+        echo install some dependencies &&
         sudo apt install ttyrec screen debconf-utils deborphan apt-forktracer &&
         echo create ttyrec file with adequate permissions &&
         sudo touch /var/log/upgrade-bookworm.ttyrec &&

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 8c74e575..3d878c88 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -233,14 +233,143 @@ TODO
 
 See also the [noteworthy obsolete packages](https://www.debian.org/releases/testing/release-notes/issues.en.html#noteworthy-obsolete-packages) list.
 
+## Other improvements
+
+- pinentry-qt now has Wayland support
+- Signal Desktop seems to work properly in Wayland
+
 # Issues
 
 See also the official list of [known issues](https://www.debian.org/releases/testing/release-notes/issues.en.html#known-severe-bugs).
 
 ## Pending
 
+### Removed packages
+
+- `nomacs` (needs an [update to latest upstream](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076763))
+- `raysession` (broken by a [FTBFS in a dependency](https://bugs.debian.org/1075409))
+
+### Webcam sharing stopped working in Firefox
+
+Webcam isn't detected properly in Firefox. It works in guvcview and
+chrome, so it's not an issue with the webcam per se, seems specific to
+Firefox.
+
+Screen sharing still works.
+
 ## Resolved
 
+### Fluffychat fails to start
+
+After the upgrade, Fluffychat completely failed to start with an error
+like:
+
+    flutter: [Matrix] !!!CRITICAL!!! Unable to construct database! - SqfliteFfiException(sqlite_error: 26, , SqliteException(26): while selecting from statement, file is not a database, file is not a database (code 26)
+
+It was quite hard to parse in the UI, and after restarting, the error
+message went away, but it was as if the configuration was entirely
+reset. Looking at my logs, it seems the problem is with the keyring
+support:
+
+    fluffychat[228136]: libsecret_error: Failed to unlock the keyring
+    flutter: [Matrix] Unable to init database encryption - PlatformException(Libsecret error, Failed to unlock the keyring, null, null)
+
+I switched to gomuks, but they are [rewriting it in web](https://github.com/tulir/gomuks/issues/476) which,
+ugh. So I also tested [ement.el](https://github.com/alphapapa/ement.el), an Emacs (!) client, which works
+well: OIDC and image support, but it's lacking E2EE.
+
+This might be unrelated to the upgrade, and more likely because I
+started using [keyring_pass](https://github.com/nazarewk/keyring_pass).
+
+Thankfully, just logging in again and entering the recovery key mostly
+brought back Fluffychat in good working order.
+
+### gpg-agent / SSH failure
+
+After a reboot, GCR (GNOME Keyring?) took over the `SSH_AUTH_SOCK`
+environment (set to `/run/user/1000/gcr/ssh` instead of
+`/run/user/1000/gnupg/S.gpg-agent.ssh`). That's somewhat easily worked
+around by hardcoding the environment in a shell, but even without
+that, SSH still fails, as scdaemon fails to talk with the YubiKey:
+
+    scdaemon[16500]: pcsc_connect failed: sharing violation (0x8010000b)
+
+Restarting `gpg-agent.service` and disconnecting the YubiKey fixed
+the latter.
+
+Purging `gcr4` fixed the former.
+
+### In-upgrade issues
+
+During the upgrade, magit started misbehaving, gpg-agent wouldn't
+authenticate to remove SSH servers or decrypt emails either. The
+problem is the `pinentry` program:
+
+    Cannot mix incompatible Qt library (5.15.15) with this library (5.15.8)
+
+... and bash completion would fail with:
+
+    _comp_initialize: command not found
+
+All of those issues fixed themselves after the upgrade was completed.
+
+### Out of space in /boot
+
+The `/boot` has, again, become too small, which is getting a bit
+ridiculous. I had to jump through a couple hoops to make the upgrade
+complete:
+
+1. `MODULES=dep` in `/etc/initramfs-tools/initramfs.conf`
+2. cleaning up old kernels preemptively
+3. regenerate the current initramfs with `update-initramfs -u`
+4. rerun `apt upgrade`
+
+After the upgrade, with two initramfs compressed with zstd and
+`MODULES=dep`, I get:
+
+    root@angela:/var/tmp# df -h  /boot
+    Filesystem      Size  Used Avail Use% Mounted on
+    /dev/nvme0n1p2  456M  264M  167M  62% /boot
+
+... which is a bit bizarre because `du -schx /boot` reports 88M
+used. After a reboot, however, free space returns properly:
+
+    Filesystem      Size  Used Avail Use% Mounted on
+    /dev/nvme0n1p2  456M   88M  344M  21% /boot
+
+### Packages not upgradable
+
+The packages `libboost-dev` and `source-extractor` were marked as "not
+upgrading". Both packages were not directly used and just purged.
+
+### Pinentry reverted to GNOME
+
+After a reboot, for some reason pinentry switched from `pinentry-qt`
+to `pinentry-gnome3` which *works* but that I find kind of ugly. A
+simple fix is to:
+
+    update-alternatives --config pinentry
+
+Removing `pinentry-gnome3` also fixes this.
+
+### Puppet catalog fails
+
+Puppet in trixie fails with:
+
+    Error while evaluating a Function Call, Unsupported OS family:  (file: /etc/puppet/code/production/modules/augeas/manifests/params.pp, line: 46, column: 17) on node angela.anarc.at
+
+There were *lots* of issues like this, as Puppet 8 deprecated a ton of
+things. Adding `include_legacy_facts=true` to `puppet.conf` on the
+agent helped a lot, but ultimately I just upgraded all the modules
+that were failing, one at a time.
+
+### Removed packages
+
+- `gnuradio` (reinstalled)
+- `python3-yubikey-manager` (now called `python3-ykman`, normal transition)
+- `tlp` (replaced with `power-profiles-daemon` during the upgrade,
+  restored by Puppet)
+
 # Troubleshooting
 
 ## Upgrade failures

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index bf51df60..83befc1a 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -36,6 +36,7 @@ interesting enough to list here.
 - [dasel](https://github.com/tomwright/dasel): JSON/YML/XML/CSV parser, similar to jq, but different
   syntax, not sure I'd grow into it, but often need to parse YML like
   JSON and failing
+- [gomuks](https://github.com/tulir/gomuks/) and [ement.el](https://github.com/alphapapa/ement.el): new Matrix clients
 - [fyi](https://codeberg.org/dnkl/fyi): notify-send replacement
 - [git-subrepo](https://github.com/ingydotnet/git-subrepo): git-submodule replacement I am considering
 - [gpg-from-sq](https://packages.debian.org/unstable/gpg-from-sq): Sequoia (Rust!) wrapper for GnuPG, might be able
@@ -60,7 +61,8 @@ interesting enough to list here.
 - [sfwbar](https://github.com/LBCrion/sfwbar): pretty status bar, may replace waybar, which i am
   somewhat unhappy with (my UTC clock disappears randomly)
 - [shoutidjc](https://idjc.sourceforge.io/index.html): streaming workstation, currently using [butt](https://tracker.debian.org/pkg/butt) but
-  it doesn't support HTTPS correctly
+  it doesn't support HTTPS correctly (update: not so exciting, no GUI,
+  no great error reporting - failed to fail with incorrect password)
 - [spytrap-adb](https://github.com/spytrap-org/spytrap-adb): cool spy gear
 - [syslog-summary](https://github.com/shtrom/syslog-summary): log summarizer, one of many of the kind, but
   made by Lars, so it must be good

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index 7c90037e..bf51df60 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -90,8 +90,9 @@ that can just be installed from unstable:
 - [asn](https://github.com/nitefood/asn/): IP address forensics
 - [diffr](https://github.com/mookid/diffr): improved git diffs - i typically have this in magit, but
   this is useful when calling `git diff` directly in a shell, which i
-  still do sometimes - [riff](https://github.com/walles/riff) is similar but not in Debian, and
-  there's also [git-delta](https://github.com/dandavison/delta) that's only in trixie
+  still do sometimes - [riff](https://github.com/walles/riff) is similar but not in Debian.
+  there's also [git-delta](https://github.com/dandavison/delta) that's only in trixie, but it also
+  [supports ripgrep](https://dandavison.github.io/delta/grep.html) which is pretty cool
 - [markdownlint](https://github.com/markdownlint/markdownlint): markdown linter, I use that *a lot*
 - [poweralertd](https://sr.ht/~kennylevinsen/poweralertd): pops up "your battery is almost empty" messages
 - [sway-notification-center](https://github.com/ErikReider/SwayNotificationCenter): used as part of my status bar, yet another status bar
diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 20baf3f8..8c74e575 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -39,9 +39,9 @@ can log back in over a serial console or virtual terminal.
 
  1. Preparation:
 
-        echo reset to the default locale
+        echo reset to the default locale &&
         export LC_ALL=C.UTF-8 &&
-        echo install some dependencies
+        echo install some dependencies &&
         sudo apt install ttyrec screen debconf-utils deborphan &&
         echo create ttyrec file with adequate permissions &&
         sudo touch /var/log/upgrade-trixie.ttyrec &&
@@ -86,13 +86,15 @@ can log back in over a serial console or virtual terminal.
         rm -f /etc/apt/sources.list.d/testing.list &&
         echo purge removed packages &&
         apt purge $(dpkg -l | awk '/^rc/ { print $2 }') &&
+        echo purge obsolete packages &&
         apt purge '?obsolete' &&
+        echo autoremove packages &&
         apt autoremove -y --purge &&
         echo possibly clean up old kernels &&
         dpkg -l 'linux-image-*' &&
         echo look for packages from backports, other suites or archives &&
         echo if possible, switch to official packages by disabling third-party repositories &&
-        apt list "?narrow(?installed, ?not(?version(CURRENT)))" &&
+        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
         printf "End of Step 3\a\n"
 
  4. Check free space (see [this guide to free up space][]), disable
@@ -159,7 +161,7 @@ can log back in over a serial console or virtual terminal.
         apt autopurge &&
         echo review obsolete and odd packages &&
         apt purge '?obsolete' && apt autopurge &&
-        apt list "?narrow(?installed, ?not(?version(CURRENT)))" &&
+        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
         apt clean &&
         echo review installed kernels: &&
         dpkg -l 'linux-image*' | less &&

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index d80a3124..7c90037e 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -91,7 +91,7 @@ that can just be installed from unstable:
 - [diffr](https://github.com/mookid/diffr): improved git diffs - i typically have this in magit, but
   this is useful when calling `git diff` directly in a shell, which i
   still do sometimes - [riff](https://github.com/walles/riff) is similar but not in Debian, and
-  there's probably another one i forgot about
+  there's also [git-delta](https://github.com/dandavison/delta) that's only in trixie
 - [markdownlint](https://github.com/markdownlint/markdownlint): markdown linter, I use that *a lot*
 - [poweralertd](https://sr.ht/~kennylevinsen/poweralertd): pops up "your battery is almost empty" messages
 - [sway-notification-center](https://github.com/ErikReider/SwayNotificationCenter): used as part of my status bar, yet another status bar

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index 0857a253..d80a3124 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -88,6 +88,10 @@ Those are packages I already use regularly, which have backports or
 that can just be installed from unstable:
 
 - [asn](https://github.com/nitefood/asn/): IP address forensics
+- [diffr](https://github.com/mookid/diffr): improved git diffs - i typically have this in magit, but
+  this is useful when calling `git diff` directly in a shell, which i
+  still do sometimes - [riff](https://github.com/walles/riff) is similar but not in Debian, and
+  there's probably another one i forgot about
 - [markdownlint](https://github.com/markdownlint/markdownlint): markdown linter, I use that *a lot*
 - [poweralertd](https://sr.ht/~kennylevinsen/poweralertd): pops up "your battery is almost empty" messages
 - [sway-notification-center](https://github.com/ErikReider/SwayNotificationCenter): used as part of my status bar, yet another status bar

diff --git a/hardware/rosa.mdwn b/hardware/rosa.mdwn
index fb0276f0..d1d66448 100644
--- a/hardware/rosa.mdwn
+++ b/hardware/rosa.mdwn
@@ -24,6 +24,11 @@ configured similarly to [[hardware/server/plastik]], with a fresh
 OpenWRT (19.07.3) setup (see the [OpenWRT hardware page](https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_c7_v5)), using
 the `factory.bin` image from the TP-Link stock firmware web interface.
 
+Update, 2024-11-20: the device was given to a family looking for a
+more powerful router. It was upgraded to 23.07 and
+factory-reset. Location and passwords still available in password
+manager.
+
 Benchmarks
 ==========
 

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index bc177dd5..335b2863 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -508,7 +508,8 @@ caught however. This will:
 That effectively replaces the old `apt-show-versions | grep -v
 /bookworm` hack.
 
-TODO: update actual procedure with the above.
+Note that the [[trixie]] procedure has a new `apt list` query that we
+consider complete.
 
 # References
 

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index 9acfac83..bc177dd5 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -85,9 +85,9 @@ can log back in over a serial console or virtual terminal.
         rm -f /etc/apt/preferences /etc/apt/preferences.d/* &&
         rm -f /etc/apt/sources.list.d/backports.debian.org.list &&
         rm -f /etc/apt/sources.list.d/backports.list &&
+        rm -f /etc/apt/sources.list.d/*-backports.list &&
         rm -f /etc/apt/sources.list.d/bookworm.list &&
         rm -f /etc/apt/sources.list.d/bullseye.list &&
-        rm -f /etc/apt/sources.list.d/buster-backports.list &&
         rm -f /etc/apt/sources.list.d/experimental.list &&
         rm -f /etc/apt/sources.list.d/incoming.list &&
         rm -f /etc/apt/sources.list.d/proposed-updates.list &&
@@ -104,7 +104,7 @@ can log back in over a serial console or virtual terminal.
         apt-forktracer &&
         printf "End of Step 3\a\n"
 
- 5. Check free space (see [this guide to free up space][]), disable
+ 4. Check free space (see [this guide to free up space][]), disable
     auto-upgrades, and download packages:
 
         systemctl stop apt-daily.timer &&
@@ -115,6 +115,7 @@ can log back in over a serial console or virtual terminal.
         apt -y -d upgrade &&
         apt -y -d dist-upgrade &&
         df -h &&
+        echo make sure host is silenced in monitoring &&
         printf "End of Step 4\a\n"
 
  5. Actual upgrade run:
@@ -515,7 +516,7 @@ TODO: update actual procedure with the above.
  * [Release notes](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-whats-new.en.html)
  * [Koumbit guide](https://wiki.koumbit.net/BookwormUpgrade) (checked 2024-11-27, changes ported to trixie procedure)
  * [DSA guide](https://dsa.debian.org/howto/upgrade-to-bullseye/) (checked 2024-11-27, changes ported to trixie procedure)
- * [TPA guide][] (merged 2024-11-27)
+ * [TPA guide][] (merged 2024-11-27, changes also ported to trixie procedure)
  * [Solution proposal to automate this](https://wiki.debian.org/AutomatedUpgrade)
 
 [TPA guide]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye
diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index fa1d685d..20baf3f8 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -39,16 +39,16 @@ can log back in over a serial console or virtual terminal.
 
  1. Preparation:
 
-        : reset to the default locale
+        echo reset to the default locale
         export LC_ALL=C.UTF-8 &&
-        : install some dependencies
+        echo install some dependencies
         sudo apt install ttyrec screen debconf-utils deborphan &&
-        : create ttyrec file with adequate permissions &&
+        echo create ttyrec file with adequate permissions &&
         sudo touch /var/log/upgrade-trixie.ttyrec &&
         sudo chmod 600 /var/log/upgrade-trixie.ttyrec &&
         sudo ttyrec -a -e screen /var/log/upgrade-trixie.ttyrec
 
- 2. Backups, stop monitoring, and checks:
+ 2. Backups and checks:
 
         ( 
           umask 0077 &&
@@ -59,11 +59,11 @@ can log back in over a serial console or virtual terminal.
         ( puppet agent --test || true )&&
         apt-mark showhold &&
         dpkg --audit &&
-        : look for dkms packages and make sure they are relevant, if not, purge. &&
+        echo look for dkms packages and make sure they are relevant, if not, purge. &&
         ( dpkg -l '*dkms' || true ) &&
-        : look for leftover config files &&
+        echo look for leftover config files &&
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
-        : run backups &&
+        echo run backups &&
         /home/anarcat/bin/backup-$(hostname) &&
         printf "End of Step 2\a\n"
 
@@ -71,7 +71,7 @@ can log back in over a serial console or virtual terminal.
 
         puppet agent --disable "running major upgrade" &&
         apt update && apt -y upgrade &&
-        : Check for pinned, on hold, packages, and possibly disable &&
+        echo Check for pinned, on hold, packages, and possibly disable &&
         rm -f /etc/apt/preferences /etc/apt/preferences.d/* &&
         rm -f /etc/apt/sources.list.d/backports.debian.org.list &&
         rm -f /etc/apt/sources.list.d/backports.list &&
@@ -84,15 +84,15 @@ can log back in over a serial console or virtual terminal.
         rm -f /etc/apt/sources.list.d/proposed-updates.list &&
         rm -f /etc/apt/sources.list.d/sid.list &&
         rm -f /etc/apt/sources.list.d/testing.list &&
-        : purge removed packages &&
+        echo purge removed packages &&
         apt purge $(dpkg -l | awk '/^rc/ { print $2 }') &&
         apt purge '?obsolete' &&
         apt autoremove -y --purge &&
-        : possibly clean up old kernels &&
+        echo possibly clean up old kernels &&
         dpkg -l 'linux-image-*' &&
-        : look for packages from backports, other suites or archives &&
-        : if possible, switch to official packages by disabling third-party repositories &&
-        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
+        echo look for packages from backports, other suites or archives &&
+        echo if possible, switch to official packages by disabling third-party repositories &&
+        apt list "?narrow(?installed, ?not(?version(CURRENT)))" &&
         printf "End of Step 3\a\n"
 
  4. Check free space (see [this guide to free up space][]), disable
@@ -106,12 +106,10 @@ can log back in over a serial console or virtual terminal.
         apt -y -d upgrade &&
         apt -y -d dist-upgrade &&
         df -h &&
-        : make sure host is silenced in monitoring &&
+        echo make sure host is silenced in monitoring &&
         printf "End of Step 4\a\n"
 
-[this guide to free up space]: https://www.debian.org/releases/testing/release-notes/upgrading.en.html#make-sure-you-have-sufficient-space-for-the-upgrade
-
- 5. Actual upgrade step.
+ 5. Actual upgrade step. Put server in maintenance here.
 
     Optional, minimal upgrade run (avoids new installs or removals):
 
@@ -134,32 +132,41 @@ can log back in over a serial console or virtual terminal.
         printf "Press enter to continue, Ctrl-C to abort." &&
         read -r _ &&
         (puppet agent -t || true) &&
-        : rm -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-dist /etc/ca-certificates.conf.dpkg-old /etc/cron.daily/bsdmainutils.dpkg-remove /etc/default/prometheus-apache-exporter.dpkg-dist /etc/default/prometheus-node-exporter.dpkg-dist /etc/logrotate.d/apache2.dpkg-dist /etc/nagios/nrpe.cfg.dpkg-dist /etc/ssh/ssh_config.dpkg-dist /etc/ssh/sshd_config.ucf-dist /etc/unbound/unbound.conf.dpkg-dist &&
+        echo deploy upgrades after possible Puppet sources.list changes &&
+        apt update && apt upgrade -y &&
+        echo rm -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-dist /etc/ca-certificates.conf.dpkg-old /etc/cron.daily/bsdmainutils.dpkg-remove /etc/default/prometheus-apache-exporter.dpkg-dist /etc/default/prometheus-node-exporter.dpkg-dist /etc/logrotate.d/apache2.dpkg-dist /etc/nagios/nrpe.cfg.dpkg-dist /etc/ssh/ssh_config.dpkg-dist /etc/ssh/sshd_config.ucf-dist /etc/unbound/unbound.conf.dpkg-dist &&
         printf "\a" &&
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
         systemctl start apt-daily.timer &&
+        rm /etc/nologin &&
         printf "End of Step 6\a\n" &&
-        shutdown -r +1 "rebooting to get rid of old kernel image..."
+        shutdown -r +1 "major upgrade step 6: removing old kernel image"
 
- 7. Post-upgrade checks:
+ 7. Post-upgrade cleanup:
 
         export LC_ALL=C.UTF-8 &&
         sudo ttyrec -a -e screen /var/log/upgrade-trixie.ttyrec
 
-        apt-mark manual bind9-dnsutils puppet-agent
-        apt purge gcc-9-base gcc-10-base apt-forktracer
-        apt purge $(dpkg -l | awk '/^rc/ { print $2 }') # purge removed packages
-        apt autoremove -y --purge
-        apt purge $(deborphan --guess-dummy)
-        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done
-        apt autoremove -y --purge
-        apt clean
-        # review and purge older kernel if the new one boots properly
-        dpkg -l 'linux-image*'
-        # review packages that are not in the new distribution
-        apt purge '?obsolete'
-        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
-        printf "All procedures completed\a\n" &&
+        echo consider apt-mark minimize-manual
+
+        apt-mark manual bind9-dnsutils &&
+        apt purge apt-forktracer &&
+        echo purging removed packages &&
+        apt purge $(dpkg -l | awk '/^rc/ { print $2 }') &&
+        apt autopurge &&
+        apt purge $(deborphan --guess-dummy) &&
+        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done &&
+        apt autopurge &&
+        echo review obsolete and odd packages &&
+        apt purge '?obsolete' && apt autopurge &&
+        apt list "?narrow(?installed, ?not(?version(CURRENT)))" &&
+        apt clean &&
+        echo review installed kernels: &&
+        dpkg -l 'linux-image*' | less &&
+        printf "End of Step 8\a\n" &&
+        shutdown -r +1 "last major upgrade step: testing reboots one final time"
+
+[this guide to free up space]: https://www.debian.org/releases/testing/release-notes/upgrading.en.html#make-sure-you-have-sufficient-space-for-the-upgrade
 
 ## Conflicts resolution
 

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index a1324b16..9acfac83 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -117,8 +117,6 @@ can log back in over a serial console or virtual terminal.
         df -h &&
         printf "End of Step 4\a\n"
 
-[this guide to free up space]: http://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#sufficient-space
-
  5. Actual upgrade run:
 
         echo put server in maintenance &&
@@ -135,32 +133,44 @@ can log back in over a serial console or virtual terminal.
         printf "Press enter to continue, Ctrl-C to abort." &&
         read -r _ &&
         (puppet agent -t || true) &&
+        echo deploy upgrades after possible Puppet sources.list changes &&
+        apt update && apt upgrade -y &&
         echo rm -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-dist /etc/ca-certificates.conf.dpkg-old /etc/cron.daily/bsdmainutils.dpkg-remove /etc/default/prometheus-apache-exporter.dpkg-dist /etc/default/prometheus-node-exporter.dpkg-dist /etc/logrotate.d/apache2.dpkg-dist /etc/nagios/nrpe.cfg.dpkg-dist /etc/ssh/ssh_config.dpkg-dist /etc/ssh/sshd_config.ucf-dist /etc/unbound/unbound.conf.dpkg-dist &&
         printf "\a" &&
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
         systemctl start apt-daily.timer &&
+        rm /etc/nologin &&
         printf "End of Step 6\a\n" &&
-        shutdown -r +1 "rebooting to get rid of old kernel image..."
+        shutdown -r +1 "bookworm upgrade step 6: removing old kernel image"
 
- 7. Post-upgrade checks:
+ 7. Post-upgrade cleanup:
 
         export LC_ALL=C.UTF-8 &&
         sudo ttyrec -a -e screen /var/log/upgrade-bookworm.ttyrec
 
-        apt-mark manual bind9-dnsutils puppet-agent
-        apt purge gcc-9-base gcc-10-base apt-forktracer
-        apt purge $(dpkg -l | awk '/^rc/ { print $2 }') # purge removed packages
-        apt autoremove -y --purge
-        apt purge $(deborphan --guess-dummy)
-        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done
-        apt autoremove -y --purge
-        apt clean
-        # review and purge older kernel if the new one boots properly
-        dpkg -l 'linux-image*'
-        # review packages that are not in the new distribution
-        apt purge '?obsolete'
+        apt-mark manual bind9-dnsutils puppet-agent &&
+        apt purge apt-forktracer &&
+        echo purging removed packages &&
+        apt purge $(dpkg -l | awk '/^rc/ { print $2 }') &&
+        apt autopurge &&
+        apt purge $(deborphan --guess-dummy) &&
+        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done &&
+        apt autopurge &&
+        echo review obsolete and odd packages &&
+        apt purge '?obsolete' && apt autopurge &&
         apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
-        printf "All procedures completed\a\n" &&
+        apt clean &&
+        echo review installed kernels: &&
+        dpkg -l 'linux-image*' | less &&
+        printf "End of Step 8\a\n" &&
+        shutdown -r +1 "bookworm upgrade step 9: testing reboots one final time"
+
+IMPORTANT: make sure you test the services at this point, or at least
+notify the admins responsible for the service so they do so. This will
+allow new problems that developed due to the upgrade to be found
+earlier.
+
+[this guide to free up space]: http://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#sufficient-space
 
 ## Conflicts resolution
 
@@ -505,7 +515,7 @@ TODO: update actual procedure with the above.
  * [Release notes](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-whats-new.en.html)
  * [Koumbit guide](https://wiki.koumbit.net/BookwormUpgrade) (checked 2024-11-27, changes ported to trixie procedure)
  * [DSA guide](https://dsa.debian.org/howto/upgrade-to-bullseye/) (checked 2024-11-27, changes ported to trixie procedure)
- * [TPA guide][] (WIP, last checked 2023-06-05)
+ * [TPA guide][] (merged 2024-11-27)
  * [Solution proposal to automate this](https://wiki.debian.org/AutomatedUpgrade)
 
 [TPA guide]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/bullseye

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index 75b21a14..a1324b16 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -49,11 +49,11 @@ can log back in over a serial console or virtual terminal.
 
  1. Preparation:
 
-        : reset to the default locale
+        echo reset to the default locale
         export LC_ALL=C.UTF-8 &&
-        : install some dependencies
+        echo install some dependencies
         sudo apt install ttyrec screen debconf-utils deborphan apt-forktracer &&
-        : create ttyrec file with adequate permissions &&
+        echo create ttyrec file with adequate permissions &&
         sudo touch /var/log/upgrade-bookworm.ttyrec &&
         sudo chmod 600 /var/log/upgrade-bookworm.ttyrec &&
         sudo ttyrec -a -e screen /var/log/upgrade-bookworm.ttyrec
@@ -69,11 +69,11 @@ can log back in over a serial console or virtual terminal.
         ( puppet agent --test || true )&&
         apt-mark showhold &&
         dpkg --audit &&
-        : look for dkms packages and make sure they are relevant, if not, purge. &&
+        echo look for dkms packages and make sure they are relevant, if not, purge. &&
         ( dpkg -l '*dkms' || true ) &&
-        : look for leftover config files &&
+        echo look for leftover config files &&
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
-        : run backups &&
+        echo run backups &&
         /home/anarcat/bin/backup-$(hostname) &&
         printf "End of Step 2\a\n"
 
@@ -81,7 +81,7 @@ can log back in over a serial console or virtual terminal.
 
         puppet agent --disable "running major upgrade" &&
         apt update && apt -y upgrade &&
-        : Check for pinned, on hold, packages, and possibly disable &&
+        echo Check for pinned, on hold, packages, and possibly disable &&
         rm -f /etc/apt/preferences /etc/apt/preferences.d/* &&
         rm -f /etc/apt/sources.list.d/backports.debian.org.list &&
         rm -f /etc/apt/sources.list.d/backports.list &&
@@ -93,14 +93,14 @@ can log back in over a serial console or virtual terminal.
         rm -f /etc/apt/sources.list.d/proposed-updates.list &&
         rm -f /etc/apt/sources.list.d/sid.list &&
         rm -f /etc/apt/sources.list.d/testing.list &&
-        : purge removed packages &&
+        echo purge removed packages &&
         apt purge $(dpkg -l | awk '/^rc/ { print $2 }') &&
         apt purge '?obsolete' &&
         apt autoremove -y --purge &&
-        : possibly clean up old kernels &&
+        echo possibly clean up old kernels &&
         dpkg -l 'linux-image-*' &&
-        : look for packages from backports, other suites or archives &&
-        : if possible, switch to official packages by disabling third-party repositories &&
+        echo look for packages from backports, other suites or archives &&
+        echo if possible, switch to official packages by disabling third-party repositories &&
         apt-forktracer &&
         printf "End of Step 3\a\n"
 
@@ -121,7 +121,7 @@ can log back in over a serial console or virtual terminal.
 
  5. Actual upgrade run:
 
-        : put server in maintenance &&
+        echo put server in maintenance &&
         sudo touch /etc/nologin &&
         env DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none APT_LISTBUGS_FRONTEND=none UCF_FORCE_CONFFOLD=y \
             apt full-upgrade -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' &&
@@ -135,7 +135,7 @@ can log back in over a serial console or virtual terminal.
         printf "Press enter to continue, Ctrl-C to abort." &&
         read -r _ &&
         (puppet agent -t || true) &&
-        : rm -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-dist /etc/ca-certificates.conf.dpkg-old /etc/cron.daily/bsdmainutils.dpkg-remove /etc/default/prometheus-apache-exporter.dpkg-dist /etc/default/prometheus-node-exporter.dpkg-dist /etc/logrotate.d/apache2.dpkg-dist /etc/nagios/nrpe.cfg.dpkg-dist /etc/ssh/ssh_config.dpkg-dist /etc/ssh/sshd_config.ucf-dist /etc/unbound/unbound.conf.dpkg-dist &&
+        echo rm -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-dist /etc/ca-certificates.conf.dpkg-old /etc/cron.daily/bsdmainutils.dpkg-remove /etc/default/prometheus-apache-exporter.dpkg-dist /etc/default/prometheus-node-exporter.dpkg-dist /etc/logrotate.d/apache2.dpkg-dist /etc/nagios/nrpe.cfg.dpkg-dist /etc/ssh/ssh_config.dpkg-dist /etc/ssh/sshd_config.ucf-dist /etc/unbound/unbound.conf.dpkg-dist &&
         printf "\a" &&
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
         systemctl start apt-daily.timer &&
@@ -503,8 +503,8 @@ TODO: update actual procedure with the above.
 
  * [Official guide](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html)
  * [Release notes](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-whats-new.en.html)
- * [Koumbit guide](https://wiki.koumbit.net/BookwormUpgrade) (N/A, last checked 2023-06-05)
- * [DSA guide](https://dsa.debian.org/howto/upgrade-to-bullseye/) (N/A, last checked 2023-06-05)
+ * [Koumbit guide](https://wiki.koumbit.net/BookwormUpgrade) (checked 2024-11-27, changes ported to trixie procedure)
+ * [DSA guide](https://dsa.debian.org/howto/upgrade-to-bullseye/) (checked 2024-11-27, changes ported to trixie procedure)
  * [TPA guide][] (WIP, last checked 2023-06-05)
  * [Solution proposal to automate this](https://wiki.debian.org/AutomatedUpgrade)
 

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index e47febd7..fa1d685d 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -65,7 +65,6 @@ can log back in over a serial console or virtual terminal.
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
         : run backups &&
         /home/anarcat/bin/backup-$(hostname) &&
-        : make sure host is silenced in monitoring &&
         printf "End of Step 2\a\n"
 
  3. Perform any pending upgrade and clear out old pins:
@@ -96,7 +95,7 @@ can log back in over a serial console or virtual terminal.
         apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
         printf "End of Step 3\a\n"
 
- 5. Check free space (see [this guide to free up space][]), disable
+ 4. Check free space (see [this guide to free up space][]), disable
     auto-upgrades, and download packages:
 
         systemctl stop apt-daily.timer &&
@@ -107,13 +106,21 @@ can log back in over a serial console or virtual terminal.
         apt -y -d upgrade &&
         apt -y -d dist-upgrade &&
         df -h &&
+        : make sure host is silenced in monitoring &&
         printf "End of Step 4\a\n"
 
 [this guide to free up space]: https://www.debian.org/releases/testing/release-notes/upgrading.en.html#make-sure-you-have-sufficient-space-for-the-upgrade
 
- 5. Actual upgrade run:
+ 5. Actual upgrade step.
+
+    Optional, minimal upgrade run (avoids new installs or removals):
+
+        sudo touch /etc/nologin &&
+        env DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none APT_LISTBUGS_FRONTEND=none UCF_FORCE_CONFFOLD=y \
+            apt upgrade --without-new-pkgs -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' &&
+
+    Full upgrade:
 
-        : put server in maintenance &&
         sudo touch /etc/nologin &&
         env DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none APT_LISTBUGS_FRONTEND=none UCF_FORCE_CONFFOLD=y \
             apt full-upgrade -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' &&

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index ddeb576b..e47febd7 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -93,7 +93,7 @@ can log back in over a serial console or virtual terminal.
         dpkg -l 'linux-image-*' &&
         : look for packages from backports, other suites or archives &&
         : if possible, switch to official packages by disabling third-party repositories &&
-        apt-forktracer &&
+        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
         printf "End of Step 3\a\n"
 
  5. Check free space (see [this guide to free up space][]), disable

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index a0e14638..0857a253 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -29,6 +29,7 @@ Trixie (testing) already that I am not using yet, but I find
 interesting enough to list here.
 
 - [backdown](https://github.com/Canop/backdown/): clever file deduplicator
+- [broot](https://dystroy.org/broot/): a TUI file manager with `ncdu` and `magit`-like features
 - [codesearch](https://code.google.com/p/codesearch/): search all of Debian's source code (tens of
   thousands of packages) from the commandline! (see also [dcs-cli](https://github.com/jwilk/dcs-cli),
   not in Debian)

diff --git a/software/debian-development.mdwn b/software/debian-development.mdwn
index 39278fbd..96f3e1a3 100644
--- a/software/debian-development.mdwn
+++ b/software/debian-development.mdwn
@@ -627,6 +627,50 @@ A few handy `qemu` related commands:
    it above.
 """]]
 
+### unshare configuration
+
+Everyone seems to be switching to unshare as a schroot backend,
+[including the official debian.org builders](https://lists.debian.org/debian-devel-announce/2024/11/msg00002.html). The [official sbuild
+instructions](https://wiki.debian.org/sbuild) also use unshare now, this is my take.
+
+ 1. install necessary packages
+ 
+        sudo apt install sbuild mmdebstrap uidmap
+
+ 2. create directory to store images
+
+        mkdir -p ~/.cache/sbuild
+
+    Note that jumped around quite a lot for me. It used to be in
+    `/srv/sbuild` for qemu, but this was bind-mounted to
+    `/home/sbuild`, which begs the question of why it can't just be in
+    `~/.cache` after all, although I have Puppet managing `/srv`.
+
+ 3. create an unstable image:
+ 
+        mmdebstrap --include=ca-certificates --skip=output/dev --variant=buildd unstable ~/.cache/sbuild/unstable-amd64.tar.zst https://deb.debian.org/debian
+
+    This install took 42 seconds in my experience.
+
+ 4. tweak `.sbuildrc`:
+ 
+        $chroot_mode = 'unshare';
+
+    Remove any `$piuparts_opts`, `$autopkgtest_virt_server_options`,
+    or `$autopkgtest_opts`
+
+The guide argues against running this, but you can update the tarballs
+with:
+
+    sbuild-update --chroot-mode=unshare --update --upgrade --dist-upgrade --autoremove oldstable stable unstable
+
+This takes 6 seconds in my tests, much faster than rebuilding from
+scratch.
+
+Note that we don't care about doing overlayfs or fancy copy-on-write
+stuff, the tarballs apparently take only two seconds to
+decompresss. See also [this discussion](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960950).
+
 ### Building with sbuild
 
 Now that a sbuild backend is setup, I can build packages in one of

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 84a10c06..ddeb576b 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -48,7 +48,7 @@ can log back in over a serial console or virtual terminal.
         sudo chmod 600 /var/log/upgrade-trixie.ttyrec &&
         sudo ttyrec -a -e screen /var/log/upgrade-trixie.ttyrec
 
- 2. Backups and checks:
+ 2. Backups, stop monitoring, and checks:
 
         ( 
           umask 0077 &&
@@ -65,6 +65,7 @@ can log back in over a serial console or virtual terminal.
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
         : run backups &&
         /home/anarcat/bin/backup-$(hostname) &&
+        : make sure host is silenced in monitoring &&
         printf "End of Step 2\a\n"
 
  3. Perform any pending upgrade and clear out old pins:

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index b3ba5bd1..84a10c06 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -28,9 +28,8 @@ upgrade at more or less random times). Then those changes get applied
 after a reboot. And yes, that's even more dangerous.
 
 IMPORTANT: if you are doing this procedure over SSH (I had the
-privilege of having a console), you may want to [upgrade SSH first](https://www.debian.org/releases/trixie/amd64/release-notes/ch-information.en.html#ssh-not-available)
-as it has a longer downtime period, especially if you are on a flaky
-connection.
+privilege of having a console), you may want to upgrade SSH first,
+especially if you are on a flaky connection.
 
 Make sure you read the [conflicts resolution section below](#conflicts-resolution) for how
 to handle `clean_conflicts` output.
@@ -109,7 +108,7 @@ can log back in over a serial console or virtual terminal.
         df -h &&
         printf "End of Step 4\a\n"
 
-[this guide to free up space]: http://www.debian.org/releases/trixie/amd64/release-notes/ch-upgrading.en.html#sufficient-space
+[this guide to free up space]: https://www.debian.org/releases/testing/release-notes/upgrading.en.html#make-sure-you-have-sufficient-space-for-the-upgrade
 
  5. Actual upgrade run:
 
@@ -208,18 +207,18 @@ This table summarizes package version changes I find interesting.
 
 Note that this table may not be up to date with the current
 release. See the [official release
-notes](https://www.debian.org/releases/trixie/amd64/release-notes/ch-whats-new.en.html#newdistro)
+notes](https://www.debian.org/releases/testing/release-notes/whats-new.en.html#desktops-and-well-known-packages)
 for a more up to date list.
 
 ## Removed packages
 
 TODO
 
-See also the [noteworthy obsolete packages](https://www.debian.org/releases/trixie/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages) list.
+See also the [noteworthy obsolete packages](https://www.debian.org/releases/testing/release-notes/issues.en.html#noteworthy-obsolete-packages) list.
 
 # Issues
 
-See also the official list of [known issues](https://www.debian.org/releases/trixie/amd64/release-notes/ch-information.en.html).
+See also the official list of [known issues](https://www.debian.org/releases/testing/release-notes/issues.en.html#known-severe-bugs).
 
 ## Pending
 
@@ -230,21 +229,24 @@ See also the official list of [known issues](https://www.debian.org/releases/tri
 ## Upgrade failures
 
 Instructions on errors during upgrades can be found in [the release
-notes troubleshooting section](https://www.debian.org/releases/trixie/amd64/release-notes/ch-upgrading.en.html#trouble).
+notes "possible issues" section](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#possible-issues-during-upgrade).
 
 ## Reboot failures
 
 If there's any trouble during reboots, you should use some recovery
 system. The [release notes actually have good documentation on
-that](https://www.debian.org/releases/trixie/amd64/release-notes/ch-upgrading.en.html#recovery), on top of "use a live filesystem".
+that](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#prepare-for-recovery), on top of "use a live filesystem".
 
 # References
 
- * [Official guide](https://www.debian.org/releases/trixie/amd64/release-notes/ch-upgrading.en.html)
- * [Release notes](https://www.debian.org/releases/trixie/amd64/release-notes/ch-whats-new.en.html)
+ * [Official guide](https://www.debian.org/releases/testing/release-notes/upgrading.en.html)
+ * [Release notes](https://www.debian.org/releases/testing/release-notes/whats-new.en.html)
  * [Koumbit guide](https://wiki.koumbit.net/TrixieUpgrade) (N/A, last checked 2024-11-27
  * [DSA guide](https://dsa.debian.org/howto/upgrade-to-trixie/) (N/A, last checked 2024-11-27)
  * [TPA guide][] (N/A, last checked 2024-11-27)
  * [Solution proposal to automate this](https://wiki.debian.org/AutomatedUpgrade)
 
 [TPA guide]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/trixie
+
+TODO: replace `releases/testing` with `releases/trixie` after the
+release notes are published.

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 44d54f91..b3ba5bd1 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -1 +1,250 @@
-Before doing the "new in" stuff, look at blog/2024-08-15-why-trixie
+[[!meta title="Trixie upgrade"]]
+
+[[!toc levels=3]]
+
+This document contains my upgrade procedure, notable changes in the
+new version, issues I have stumbled upon (and possibly fixed), and
+troubleshooting instructions.
+
+It does not hope to replace the official documentation: it is a
+personal, living document that I have started keeping back when I
+upgraded to [[jessie]]. The other documents can be found in the parent
+[[upgrades]] page.
+
+# Procedure
+
+This procedure is designed to be applied, in batch, on multiple
+servers. Do NOT follow this procedure unless you are familiar with the
+command line and the Debian upgrade process. It has been crafted by
+and for experienced system administrators that have dozens if not
+hundreds of servers to upgrade.
+
+In particular, it runs almost completely unattended: configuration
+changes are not prompted during the upgrade, and just not applied at
+all, which *will* break services in many cases. I use a
+[clean-conflicts](https://gitlab.com/anarcat/koumbit-scripts/-/blob/master/vps/clean_conflicts) script to do this all in one shot to shorten the
+upgrade process (without it, configuration file changes stop the
+upgrade at more or less random times). Then those changes get applied
+after a reboot. And yes, that's even more dangerous.
+
+IMPORTANT: if you are doing this procedure over SSH (I had the
+privilege of having a console), you may want to [upgrade SSH first](https://www.debian.org/releases/trixie/amd64/release-notes/ch-information.en.html#ssh-not-available)
+as it has a longer downtime period, especially if you are on a flaky
+connection.
+
+Make sure you read the [conflicts resolution section below](#conflicts-resolution) for how
+to handle `clean_conflicts` output.
+
+This procedure *may* kill your graphical session, so make sure you
+can log back in over a serial console or virtual terminal.
+
+ 1. Preparation:
+
+        : reset to the default locale
+        export LC_ALL=C.UTF-8 &&
+        : install some dependencies
+        sudo apt install ttyrec screen debconf-utils deborphan &&
+        : create ttyrec file with adequate permissions &&
+        sudo touch /var/log/upgrade-trixie.ttyrec &&
+        sudo chmod 600 /var/log/upgrade-trixie.ttyrec &&
+        sudo ttyrec -a -e screen /var/log/upgrade-trixie.ttyrec
+
+ 2. Backups and checks:
+
+        ( 
+          umask 0077 &&
+          tar cfz /var/backups/pre-trixie-backup.tgz /etc /var/lib/dpkg /var/lib/apt/extended_states /var/cache/debconf $( [ -e /var/lib/aptitude/pkgstates ] && echo /var/lib/aptitude/pkgstates ) &&
+          dpkg --get-selections "*" > /var/backups/dpkg-selections-pre-trixie.txt &&
+          debconf-get-selections > /var/backups/debconf-selections-pre-trixie.txt
+        ) &&
+        ( puppet agent --test || true )&&
+        apt-mark showhold &&
+        dpkg --audit &&
+        : look for dkms packages and make sure they are relevant, if not, purge. &&
+        ( dpkg -l '*dkms' || true ) &&
+        : look for leftover config files &&
+        /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
+        : run backups &&
+        /home/anarcat/bin/backup-$(hostname) &&
+        printf "End of Step 2\a\n"
+
+ 3. Perform any pending upgrade and clear out old pins:
+
+        puppet agent --disable "running major upgrade" &&
+        apt update && apt -y upgrade &&
+        : Check for pinned, on hold, packages, and possibly disable &&
+        rm -f /etc/apt/preferences /etc/apt/preferences.d/* &&
+        rm -f /etc/apt/sources.list.d/backports.debian.org.list &&
+        rm -f /etc/apt/sources.list.d/backports.list &&
+        rm -f /etc/apt/sources.list.d/*-backports.list &&
+        rm -f /etc/apt/sources.list.d/trixie.list &&
+        rm -f /etc/apt/sources.list.d/bookworm.list &&
+        rm -f /etc/apt/sources.list.d/bullseye.list &&
+        rm -f /etc/apt/sources.list.d/experimental.list &&
+        rm -f /etc/apt/sources.list.d/incoming.list &&
+        rm -f /etc/apt/sources.list.d/proposed-updates.list &&
+        rm -f /etc/apt/sources.list.d/sid.list &&
+        rm -f /etc/apt/sources.list.d/testing.list &&
+        : purge removed packages &&
+        apt purge $(dpkg -l | awk '/^rc/ { print $2 }') &&
+        apt purge '?obsolete' &&
+        apt autoremove -y --purge &&
+        : possibly clean up old kernels &&
+        dpkg -l 'linux-image-*' &&
+        : look for packages from backports, other suites or archives &&
+        : if possible, switch to official packages by disabling third-party repositories &&
+        apt-forktracer &&
+        printf "End of Step 3\a\n"
+
+ 5. Check free space (see [this guide to free up space][]), disable
+    auto-upgrades, and download packages:
+
+        systemctl stop apt-daily.timer &&
+        sed -i 's#bookworm-security#trixie-security#' $(ls /etc/apt/sources.list /etc/apt/sources.list.d/*) &&
+        sed -i 's/bookworm/trixie/g' $(ls /etc/apt/sources.list /etc/apt/sources.list.d/*) &&
+        apt update &&
+        apt -y -d full-upgrade &&
+        apt -y -d upgrade &&
+        apt -y -d dist-upgrade &&
+        df -h &&
+        printf "End of Step 4\a\n"
+
+[this guide to free up space]: http://www.debian.org/releases/trixie/amd64/release-notes/ch-upgrading.en.html#sufficient-space
+
+ 5. Actual upgrade run:
+
+        : put server in maintenance &&
+        sudo touch /etc/nologin &&
+        env DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none APT_LISTBUGS_FRONTEND=none UCF_FORCE_CONFFOLD=y \
+            apt full-upgrade -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' &&
+        printf "End of Step 5\a\n"
+
+ 6. Post-upgrade procedures:
+
+        apt-get update --allow-releaseinfo-change &&
+        puppet agent --enable &&
+        puppet agent -t --noop &&
+        printf "Press enter to continue, Ctrl-C to abort." &&
+        read -r _ &&
+        (puppet agent -t || true) &&
+        : rm -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-dist /etc/ca-certificates.conf.dpkg-old /etc/cron.daily/bsdmainutils.dpkg-remove /etc/default/prometheus-apache-exporter.dpkg-dist /etc/default/prometheus-node-exporter.dpkg-dist /etc/logrotate.d/apache2.dpkg-dist /etc/nagios/nrpe.cfg.dpkg-dist /etc/ssh/ssh_config.dpkg-dist /etc/ssh/sshd_config.ucf-dist /etc/unbound/unbound.conf.dpkg-dist &&
+        printf "\a" &&
+        /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
+        systemctl start apt-daily.timer &&
+        printf "End of Step 6\a\n" &&
+        shutdown -r +1 "rebooting to get rid of old kernel image..."
+
+ 7. Post-upgrade checks:
+
+        export LC_ALL=C.UTF-8 &&
+        sudo ttyrec -a -e screen /var/log/upgrade-trixie.ttyrec
+
+        apt-mark manual bind9-dnsutils puppet-agent
+        apt purge gcc-9-base gcc-10-base apt-forktracer
+        apt purge $(dpkg -l | awk '/^rc/ { print $2 }') # purge removed packages
+        apt autoremove -y --purge
+        apt purge $(deborphan --guess-dummy)
+        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done
+        apt autoremove -y --purge
+        apt clean
+        # review and purge older kernel if the new one boots properly
+        dpkg -l 'linux-image*'
+        # review packages that are not in the new distribution
+        apt purge '?obsolete'
+        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
+        printf "All procedures completed\a\n" &&
+
+## Conflicts resolution
+
+When the `clean_conflicts` script gets run, it asks you to check each
+configuration file that was modified locally but that the Debian
+package upgrade wants to overwrite. You need to make a decision on
+each file. This section aims to provide guidance on how to handle
+those prompts.
+
+Those config files should be manually checked on each host:
+
+         /etc/default/grub.dpkg-dist
+         /etc/initramfs-tools/initramfs.conf.dpkg-dist
+
+If other files come up, they should be added in the above decision
+list, or in an operation in step 2 or 7 of the above procedure, before
+the `clean_conflicts` call.
+
+Files that should be updated in Puppet are mentioned in the Issues
+section below as well.
+
+# Notable changes
+
+Here are some packages with notable version changes that I
+noticed.
+
+TODO: merge or point at blog/2024-08-15-why-trixie
+
+See also the [wiki page about trixie](https://wiki.debian.org/NewInTrixie) for another list.
+
+## New packages
+
+This is a curated list of packages that were introduced in
+trixie. There are actually *thousands* of new packages in the new
+Debian release, but this is a small selection of projects I found
+particularly interesting:
+
+TODO
+

(Diff truncated)

diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 428eb6b7..f8adfb78 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -82,6 +82,7 @@ Review:
  * [Tom's hardware](https://www.tomshardware.com/news/amd-7040-framework-laptop-mainboard-transfer-performance-test-review), AMD - "Switching from one platform to the
    other was easy"
  * [Phoronix](https://www.phoronix.com/review/framework-13-amd/6), AMD - "fantastic choice for Linux users"
+ * [rtings](https://www.rtings.com/laptop/reviews/framework/laptop-13-2023)
 
 ### Framework 16
 
@@ -94,6 +95,7 @@ Reviews:
 
  * [Ars Technica](https://arstechnica.com/gadgets/2024/01/review-frameworks-laptop-16-is-unique-laudable-fascinating-and-flawed/): "unique, laudable, fascinating, and flawed"
  * [Upstream's review index](https://frame.work/ca/en/blog/framework-laptop-16-reviews-are-live)
+ * [ifixit teardown](https://www.youtube.com/watch?v=Y8uv8fajOrc) (10/10)
 
 ## GPD pocket
 
diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index ad7683fb..6d7f2b7c 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2097,6 +2097,13 @@ In retrospect, I might consider buying a hard shell next time. The
 Smatree 13.5 looks pretty cool, but it's [not clear if it actually
 fits](https://community.frame.work/t/hard-case-compatibility/13016/4?u=anarcat). [This one comment points at one case that does fit](https://community.frame.work/t/suggestions-on-carry-bag-or-sleeve/3763/131?u=anarcat)
 
+### Card holders
+
+ * [travel case for 2 modules](https://community.frame.work/t/travel-expansion-card-holder-with-lid/49662)
+ * [flat case for 5 modules including ethernet](https://www.printables.com/model/548864-framework-expansion-card-holder)
+
+See also the [carrying case discussion](https://community.frame.work/t/expansion-card-carrying-case/5432).
+
 ## Upstream resources
 
  * [community forum](https://community.frame.work/), lots of information, much support, wow!

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index 5ec0b8c1..a0e14638 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -38,7 +38,10 @@ interesting enough to list here.
 - [fyi](https://codeberg.org/dnkl/fyi): notify-send replacement
 - [git-subrepo](https://github.com/ingydotnet/git-subrepo): git-submodule replacement I am considering
 - [gpg-from-sq](https://packages.debian.org/unstable/gpg-from-sq): Sequoia (Rust!) wrapper for GnuPG, might be able
-  to replace everything but `gpg-agent`!
+  to replace everything but `gpg-agent`! currently at least missing
+  [send-keys](https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues/91), [card-status](https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues/100), [performance improvements on
+  key listings](https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues/83), and [quick-gen-key](https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg/-/issues/82), but those can all be
+  accessed through the `gpg-from-gpg`, and all work in progress
 - [gtklock](https://github.com/jovanlanik/gtklock): swaylock replacement with bells and whistles,
   particularly interested in showing time, battery and so on
 - [hyprland](https://hyprland.org): possible Sway replacement, but there are [rumors of a

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index 53a2accb..75b21a14 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -52,7 +52,7 @@ can log back in over a serial console or virtual terminal.
         : reset to the default locale
         export LC_ALL=C.UTF-8 &&
         : install some dependencies
-        sudo apt install ttyrec screen debconf-utils deborphan &&
+        sudo apt install ttyrec screen debconf-utils deborphan apt-forktracer &&
         : create ttyrec file with adequate permissions &&
         sudo touch /var/log/upgrade-bookworm.ttyrec &&
         sudo chmod 600 /var/log/upgrade-bookworm.ttyrec &&
@@ -101,8 +101,7 @@ can log back in over a serial console or virtual terminal.
         dpkg -l 'linux-image-*' &&
         : look for packages from backports, other suites or archives &&
         : if possible, switch to official packages by disabling third-party repositories &&
-        apt list '?narrow(?installed, ?not(?origin(Debian)))' &&
-        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
+        apt-forktracer &&
         printf "End of Step 3\a\n"
 
  5. Check free space (see [this guide to free up space][]), disable
@@ -149,7 +148,7 @@ can log back in over a serial console or virtual terminal.
         sudo ttyrec -a -e screen /var/log/upgrade-bookworm.ttyrec
 
         apt-mark manual bind9-dnsutils puppet-agent
-        apt purge gcc-9-base gcc-10-base
+        apt purge gcc-9-base gcc-10-base apt-forktracer
         apt purge $(dpkg -l | awk '/^rc/ { print $2 }') # purge removed packages
         apt autoremove -y --purge
         apt purge $(deborphan --guess-dummy)

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index b912a355..5ec0b8c1 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -37,6 +37,8 @@ interesting enough to list here.
   JSON and failing
 - [fyi](https://codeberg.org/dnkl/fyi): notify-send replacement
 - [git-subrepo](https://github.com/ingydotnet/git-subrepo): git-submodule replacement I am considering
+- [gpg-from-sq](https://packages.debian.org/unstable/gpg-from-sq): Sequoia (Rust!) wrapper for GnuPG, might be able
+  to replace everything but `gpg-agent`!
 - [gtklock](https://github.com/jovanlanik/gtklock): swaylock replacement with bells and whistles,
   particularly interested in showing time, battery and so on
 - [hyprland](https://hyprland.org): possible Sway replacement, but there are [rumors of a
@@ -56,6 +58,8 @@ interesting enough to list here.
 - [shoutidjc](https://idjc.sourceforge.io/index.html): streaming workstation, currently using [butt](https://tracker.debian.org/pkg/butt) but
   it doesn't support HTTPS correctly
 - [spytrap-adb](https://github.com/spytrap-org/spytrap-adb): cool spy gear
+- [syslog-summary](https://github.com/shtrom/syslog-summary): log summarizer, one of many of the kind, but
+  made by Lars, so it must be good
 - [trippy](https://github.com/fujiapple852/trippy): trippy network analysis tool, kind of an improved MTR
 - [yubikey-touch-detector](https://github.com/maximbaz/yubikey-touch-detector): notifications for when I need to touch
   my YubiKey

diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
new file mode 100644
index 00000000..44d54f91
--- /dev/null
+++ b/services/upgrades/trixie.md
@@ -0,0 +1 @@
+Before doing the "new in" stuff, look at blog/2024-08-15-why-trixie

diff --git a/services/radio.mdwn b/services/radio.mdwn
index 7934696f..83c201a6 100644
--- a/services/radio.mdwn
+++ b/services/radio.mdwn
@@ -544,7 +544,13 @@ If I start using liquidsoap again, i'll setup [prometheus
 metrics](https://www.liquidsoap.info/doc-2.2.3/prometheus.html). For now I'm using butt, but it [doesn't support HTTPS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087129)
 either. At least it gives a nice user interface which shows the
 listener count. I configure it in "pipewire" mode and use raysession
-to dispatch sources.
+to dispatch sources. Butt also has this weird behavior that audio
+quality takes a huge drop whenever it's started: I lose all bass and
+things get pretty bad.
+
+In fact, it seems I have a bug in my pipewire setup where any time I
+plug the microphone into *any* part of the graph, my entire audio
+stack drops to mono.
 
 RTP streaming attempts
 ----------------------

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index c7261743..b912a355 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -46,6 +46,7 @@ interesting enough to list here.
   using `wf-recorder` which is a more.. minimalist option
 - [linescroll](https://www.usenix.org.uk/content/linescroll.html): rate graphs on live logs, mostly useful on servers
   though
+- [memray](https://bloomberg.github.io/memray/): Python memory profiler
 - [ruff](https://github.com/charliermarsh/ruff/): faster Python formatter and linter, flake8/black/isort
   replacement, alas not mypy/LSP unfortunately, designed to be ran
   *alongside* such a tool, which is [not possible in Emacs eglot right

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 3bacfb61..ff40898d 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -1536,6 +1536,11 @@ configurations I used to have in Xmonad or Awesome, see:
 [autotiling]: https://github.com/nwg-piotr/autotiling
 [swaymonad]: https://github.com/nicolasavru/swaymonad
 
+Inversely, some people find i3 is actually a *regression* on some
+things, namely the way multiple monitors are managed. I actually got
+used to this, but people missing the way [AwesomeWM](https://awesomewm.org/) did that
+should look at [swaysome](https://gitlab.com/hyask/swaysome).
+
 ## Display latency tweaks
 
 TODO: You can tweak the display latency in wlroots compositors with the

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index d6ce6b19..c7261743 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -52,6 +52,8 @@ interesting enough to list here.
   now](https://github.com/joaotavora/eglot/discussions/1429#discussioncomment-10149990), but [is possible in lsp-mode](https://github.com/emacs-lsp/lsp-mode/pull/469)
 - [sfwbar](https://github.com/LBCrion/sfwbar): pretty status bar, may replace waybar, which i am
   somewhat unhappy with (my UTC clock disappears randomly)
+- [shoutidjc](https://idjc.sourceforge.io/index.html): streaming workstation, currently using [butt](https://tracker.debian.org/pkg/butt) but
+  it doesn't support HTTPS correctly
 - [spytrap-adb](https://github.com/spytrap-org/spytrap-adb): cool spy gear
 - [trippy](https://github.com/fujiapple852/trippy): trippy network analysis tool, kind of an improved MTR
 - [yubikey-touch-detector](https://github.com/maximbaz/yubikey-touch-detector): notifications for when I need to touch
diff --git a/services/radio.mdwn b/services/radio.mdwn
index c020160a..7934696f 100644
--- a/services/radio.mdwn
+++ b/services/radio.mdwn
@@ -522,6 +522,30 @@ from stdin, and has the advantage of not requiring any config file.
 [idjc]: http://packages.debian.org/idjc
 [ezstream]: http://packages.debian.org/ezstream
 
+## Other tools
+
+I have tried streaming to my HTTPS icecast server with those tools,
+and it failed in various ways:
+
+- obs-studio: requires [serious hackery](https://epir.at/2018/03/08/obs-icecast-streaming/) to work over icecast,
+  strongly leaning towards video
+- darkice: crashed after streaming JACK for a while
+- ezstream: no support for a plain open JACK port, requires a playlist
+  or stdin
+- glassgui: didn't work, crashes
+- mixxx: can't work over HTTPS, steep learning curve
+- [muse](https://dyne.org/software/muse/): couldn't find debian package, seems dead
+- libretime: [not packaged](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888687)
+- [shoutidjc](https://idjc.sourceforge.io/index.html): promising, not in stable
+- liquidsoap itself, in theory, can stream from JACK to Icecast, but
+  the Debian build is [lacking HTTPS support](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087134)
+
+If I start using liquidsoap again, i'll setup [prometheus
+metrics](https://www.liquidsoap.info/doc-2.2.3/prometheus.html). For now I'm using butt, but it [doesn't support HTTPS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087129)
+either. At least it gives a nice user interface which shows the
+listener count. I configure it in "pipewire" mode and use raysession
+to dispatch sources.
+
 RTP streaming attempts
 ----------------------
 

diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 50555b24..302bc2ab 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -83,6 +83,17 @@ I am testing those and they might make it to the top list once I'm happy:
    [Hide/Show container more accessible (#755)](https://github.com/mozilla/multi-account-containers/issues/755), [Show only this
    container option (#1662)](https://github.com/mozilla/multi-account-containers/issues/1662), and [Some options are hard to access
    from the container list (#2089)](https://github.com/mozilla/multi-account-containers/issues/2089).
+   Containers are rendered mostly irrelevant by the "first party
+   isolation" features shipped with Firefox 87 (also known as [total
+   cookie protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/)), my primary use case for those containers is
+   to have tab groups (e.g. "work", "play") that i can hide easily. 
+   Containers are not actually required for *that*, although I do like
+   the "temporary container" feature to test sites..
+   Mozilla is working on native tab groups (alpha available with
+   `browser.tabs.groups.enabled` in nightly as of 2024-11-01, but
+   lacking lots of UX), which might make all of this moot as well.
+   Also tested [sideberry](https://addons.mozilla.org/en-US/firefox/addon/sidebery/) (overkill, no support for hiding tabs)
+   and [simple tab groups](https://addons.mozilla.org/en-US/firefox/addon/simple-tab-groups/) (all but simple, not as usable as tabarray)
  * [Greasemonkey](https://addons.mozilla.org/firefox/addon/greasemonkey/) (no deb, [source](https://github.com/greasemonkey/greasemonkey/)) - mostly for [this one hack
    for Nextcloud Calendar to show UTC times alongside local](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/nextcloud#showing-utc-times-in-weekly-calendar-view)
  * [Link hints][] (no deb, [source](https://github.com/lydell/LinkHints/)) - nice and simple alternative

diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 95bb4216..50555b24 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -65,28 +65,32 @@ I am testing those and they might make it to the top list once I'm happy:
  * [Auto Tab Discard](https://addons.mozilla.org/en-US/firefox/addon/auto-tab-discard/) (no deb, [source](https://github.com/rNeomy/auto-tab-discard)), like the old,
    [dead](https://github.com/greatsuspender/thegreatsuspender/issues/1263) Great Suspender. I was specifically looking for a feature
    to suspend ("discard") a specific time taking up too much CPU (but
-   not close it), [all tabs helper](https://addons.mozilla.org/en-US/firefox/addon/all-tabs-helper/) can also do this and manage
+   not close it). [all tabs helper](https://addons.mozilla.org/en-US/firefox/addon/all-tabs-helper/) can also do this and manage
    tabs as well, but seems to overlap with the tab menu, Auto Tab
-   Discard is also [recommended](https://support.mozilla.org/en-US/kb/add-on-badges)
+   Discard is also [recommended](https://support.mozilla.org/en-US/kb/add-on-badges). I previously used [Snooze
+   tabs](https://addons.mozilla.org/en-US/firefox/addon/snoozetabs/) (no deb, [source](https://github.com/bwinton/SnoozeTabs#readme)) for this as well.
  * [Clean URLs](https://docs.clearurls.xyz/) (no deb, [source](https://github.com/ClearURLs/Addon)) - remove garbage in URLs
- * [Dark Background and Light Text](https://addons.mozilla.org/en-GB/firefox/addon/dark-background-light-text/) (no deb, [source](https://github.com/m-khvoinitsky/dark-background-light-text-extension)) - Mozilla
-   also recommends [Midnight Lizard](https://addons.mozilla.org/addon/midnight-lizard-quantum/) for Android which I couldn't
-   figure out how to disable by default (and only enable on some
-   sites), and I also tested [dark reader](https://addons.mozilla.org/addon/darkreader/), which seem a bit
-   overkill.
- * [display anchors](https://addons.mozilla.org/en-US/firefox/addon/display-_anchors/) (no deb, [source](https://github.com/Rob--W/display-anchors))
+ * [Display anchors](https://addons.mozilla.org/en-US/firefox/addon/display-_anchors/) (no deb, [source](https://github.com/Rob--W/display-anchors))
+ * Firefox [Multi-account containers][] (no deb, [source](https://github.com/mozilla/multi-account-containers/)) - kind of
+   useful to separate work/private stuff and generally keep cross-site
+   surveillance under control. I was also using "Container Tab Groups"
+   (AKA "TabArray") but this had [data loss issues](https://github.com/menhera-org/TabArray/issues/457). That extension
+   was very useful to "hide a container", but the builtin extension
+   also provides that feature, just with a bunch more clicks. 
+   - builtin: extension button -> click ">" on the right container -> "Hide this
+   container"
+   - tabarray: right-click on tab and "hide this container" See
+   [Hide/Show container more accessible (#755)](https://github.com/mozilla/multi-account-containers/issues/755), [Show only this
+   container option (#1662)](https://github.com/mozilla/multi-account-containers/issues/1662), and [Some options are hard to access
+   from the container list (#2089)](https://github.com/mozilla/multi-account-containers/issues/2089).
  * [Greasemonkey](https://addons.mozilla.org/firefox/addon/greasemonkey/) (no deb, [source](https://github.com/greasemonkey/greasemonkey/)) - mostly for [this one hack
    for Nextcloud Calendar to show UTC times alongside local](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/nextcloud#showing-utc-times-in-weekly-calendar-view)
- * [link hints][] (no deb, [source](https://github.com/lydell/LinkHints/)) - nice and simple alternative
+ * [Link hints][] (no deb, [source](https://github.com/lydell/LinkHints/)) - nice and simple alternative
    to full-scale keyboard driven interface like [tridactyl][], see the
    [keybindings](#keybindings) section below
  * [Popup window](https://addons.mozilla.org/en-US/firefox/addon/popup-window/) (no deb, [source](https://github.com/ettoolong/PopupWindow)) - open the link in a
    pop-up, useful to have an "app-like" window for a website (I use
    this for videoconferencing in a second tab)
- * [redirector](https://addons.mozilla.org/en-US/firefox/addon/redirector/) (no deb, [homepage](https://einaregilsson.com/redirector/), [source](https://github.com/einaregilsson/Redirector)) - mainly to
-   redirect to `old.reddit.com`, really ([alternative just for reddit](https://addons.mozilla.org/en-US/firefox/addon/old-reddit-redirect/)
- * [translations](https://addons.mozilla.org/en-GB/firefox/addon/firefox-translations/) (no deb, [source](https://github.com/mozilla/firefox-translations)) - native LLM translation,
-   [soon to be directly in Firefox](https://bugzilla.mozilla.org/show_bug.cgi?id=971044), [models also available](https://github.com/mozilla/firefox-translations-models/)
 
 [tridactyl]: https://github.com/tridactyl/tridactyl
 [builtin Firefox shortcuts]: https://support.mozilla.org/en-US/kb/keyboard-shortcuts-perform-firefox-tasks-quickly
@@ -100,11 +104,12 @@ the top list.
 Those were in testing for a while, then installed, but then I got
 tired of them...
 
- * Firefox [Multi-account containers][] (no deb, [source](https://github.com/mozilla/multi-account-containers/)) - kind of
-   useful, but also a bit strange: impossible to assign an existing
-   tab to a container, UI is very clikety (can't open a
-   container-specific tab from the keyboard), etc. need to click-hold
-   on the "+" tab button to choose container.
+ * [Dark Background and Light Text](https://addons.mozilla.org/en-GB/firefox/addon/dark-background-light-text/) (no deb, [source](https://github.com/m-khvoinitsky/dark-background-light-text-extension)) - Mozilla
+   also recommends [Midnight Lizard](https://addons.mozilla.org/addon/midnight-lizard-quantum/) for Android which I couldn't
+   figure out how to disable by default (and only enable on some
+   sites). I also tested [dark reader](https://addons.mozilla.org/addon/darkreader/), which seem a bit
+   overkill. Nowadays I just use `browser.in-content.dark-mode`, see
+   below.
  * [GhostText][] (no debian package, [#910289](https://bugs.debian.org/910289), [source](https://github.com/GhostText/GhostText))- "It's
    all text" replacement, allowed me to edit text areas with my
    favorite text editor (Emacs), worried about security implications
@@ -118,6 +123,8 @@ tired of them...
    rules](https://news.ycombinator.com/item?id=26120168)) - replaced by uBlock cosmetic rules
  * [Open in Browser](https://addons.mozilla.org/en-US/firefox/addon/open-in-browser/) (no deb, [source](https://github.com/Rob--W/open-in-browser)) - reopen the file in the
    browser instead of downloading - not really used that much
+ * [redirector](https://addons.mozilla.org/en-US/firefox/addon/redirector/) (no deb, [homepage](https://einaregilsson.com/redirector/), [source](https://github.com/einaregilsson/Redirector)) - mainly to
+   redirect to `old.reddit.com`, really ([alternative just for reddit](https://addons.mozilla.org/en-US/firefox/addon/old-reddit-redirect/)
  * [Switch container](https://addons.mozilla.org/en-US/firefox/addon/switch-container/) (no deb, [source](https://gitlab.com/mjanetmars/switch-container)) - fixes *one* of the
    issues with multi-account containers (ie. moving tab to another
    container)
@@ -171,9 +178,9 @@ hard to use or simply irrelevant.
    details. Nowadays, I just don't need any extension: I enable
    [HTTPS-only mode](https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/) (AKA `dom.security.https_only_mode`). The EFF
    even [deprecated HTTPS everywhere](https://www.eff.org/https-everywhere/set-https-default-your-browser) because of this.
- * [Snooze tabs](https://addons.mozilla.org/en-US/firefox/addon/snoozetabs/) (no deb, [source](https://github.com/bwinton/SnoozeTabs#readme)) - another way to deal with
-   tab explosion. never really used it seriously, i have an agenda and
-   Wallabag for that kind of stuff
+ * [translations](https://addons.mozilla.org/en-GB/firefox/addon/firefox-translations/) (no deb, [source](https://github.com/mozilla/firefox-translations)) - native LLM translation,
+   now available natively through `browser.translations.enable`, now
+   default. [models also available](https://github.com/mozilla/firefox-translations-models/)
  * [U2F Support](https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/), is now unnecessary as it is builtin, starting
    with FF 57 (see [issue #59](https://github.com/prefiks/u2f4moz/issues/59#issuecomment-325768286)). the upstream issue
    was [#1065729](https://bugzilla.mozilla.org/show_bug.cgi?id=1065729)

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index f165f75c..3bacfb61 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -1562,10 +1562,16 @@ Other alternatives:
  * [Avizo][], not in Debian, requires keybinding wrapper
  * [SwayOSD][], [entered Debian NEW, hopefully in trixie](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057301), requires
    keybinding wrapper or libinput access, [sample sway config](https://codeberg.org/werdahias/graffe/src/commit/76c109b2ead688fad2ab5ddbe81419d5acbf270e/.config/sway/config#L58-L67)
+ * [wayout][], also provides a way to write stuff on the display, but
+   is too rudimentary for our needs
+ * [wob][], packaged in Debian, just a generic progress bar overlay,
+   requires [more elaborate wrappers](https://github.com/francma/wob/blob/729e5c68215547eb8939c4c1778f58cca36b2bc0/contrib/README.md)
 
 [Avizo]: https://github.com/misterdanb/avizo
 [SwayOSD]: https://github.com/ErikReider/SwayOSD
 [sway-nc]: https://github.com/ErikReider/SwayNotificationCenter
+[wob]: https://github.com/francma/wob
+[wayout]: https://git.sr.ht/~proycon/wayout
 
 # Debugging tricks
 

diff --git a/services/mail.mdwn b/services/mail.mdwn
index 1730c6cf..2023e662 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -1438,6 +1438,10 @@ the complexity of this thing. Bravo!
 
 # Mailing lists
 
+NOTE: this is mostly moot. I have uninstalled Mailman 3 locally, but
+ended up reusing those docs to update the torproject.org mailman 2
+server instead, see [the TPA lists documentation instead](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/lists).
+
 I naively thought I could [go old school and replace Facebook with
 email](https://blog.chaddickerson.com/2019/01/09/replacing-facebook/) (even though I actually never used Facebook). I figured,
 heck, mailing lists, I know that, I'll just install Mailman 3 in
@@ -1575,8 +1579,6 @@ Other issues:
 
  * code linting issues in Mailman core made my other MR fail ([MR #444](https://gitlab.com/mailman/mailman/merge_requests/444))
 
-## Remaining issues
-
  * no "invite" subscription mechanism ([mailman bug #510](https://gitlab.com/mailman/mailman/issues/510)) -
    workaround: [custom API script](https://gitlab.com/anarcat/scripts/blob/main/mm3-invite-user.py) to invite users seem to
    work. usage:
@@ -1584,10 +1586,14 @@ Other issues:
          export MAILMAN_PASSWORD=$(sed -n '/^admin_pass:/{s/.*: //;p}' mailman.cfg)
         mm3-invite-user.py test@lists.anarc.at anarcat@example.com
 
+   Update: [fixed in MR 678][] (3.3.2 and later)
+
  * confirmation mail subject is not translatable, subjects are not
    templatable ([mailman bug #541](https://gitlab.com/mailman/mailman/issues/541)). workaround: patch to make
    Mailman not send the email so we can do it ourselves ([mailman MR
    452](https://gitlab.com/mailman/mailman/merge_requests/452)))
+   
+   Update: [fixed in MR 678][] (3.3.2 and later)
 
  * translated french templates are missing ([mailman bug #540](https://gitlab.com/mailman/mailman/issues/540)) -
    workaround: add french templates as needed through the web GUI
@@ -1604,10 +1610,8 @@ Other issues:
    is `/usr/lib/python3/dist-packages/mailman/`. This means templates
    can be created on the filesystem for individual lists without going
    through the GUI. updates are shipped upstream in [MR #446](https://gitlab.com/mailman/mailman/merge_requests/446).
-
- * UI french translation is missing - workaround: partial translation
-   started, with `.pot` file but still missing compiling and shipping
-   the `.mo` file ([MR 453](https://gitlab.com/mailman/mailman/merge_requests/453))
+   
+   Update: fixed.
 
  * unicode templates gets mangled ([mailman bug #542](https://gitlab.com/mailman/mailman/issues/542)) -
    workaround: switch French to utf-8 ([MR #443](https://gitlab.com/mailman/mailman/merge_requests/443)), change default
@@ -1620,6 +1624,16 @@ Other issues:
         >>> m.preferred_language = 'fr'
         >>> commit()
 
+   Update: probably fixed?
+
+## Remaining issues
+
+ * UI french translation is missing - workaround: partial translation
+   started, with `.pot` file but still missing compiling and shipping
+   the `.mo` file ([MR 453](https://gitlab.com/mailman/mailman/merge_requests/453))
+
+[fixed in MR 678]: https://gitlab.com/mailman/mailman/-/merge_requests/678
+
 ## Tested
 
  * delivery

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index 9b382d3d..d6ce6b19 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -54,6 +54,8 @@ interesting enough to list here.
   somewhat unhappy with (my UTC clock disappears randomly)
 - [spytrap-adb](https://github.com/spytrap-org/spytrap-adb): cool spy gear
 - [trippy](https://github.com/fujiapple852/trippy): trippy network analysis tool, kind of an improved MTR
+- [yubikey-touch-detector](https://github.com/maximbaz/yubikey-touch-detector): notifications for when I need to touch
+  my YubiKey
 
 # New packages I won't use
 

diff --git a/services/archive/rescue.mdwn b/services/archive/rescue.mdwn
index 75c16211..9a5db6f7 100644
--- a/services/archive/rescue.mdwn
+++ b/services/archive/rescue.mdwn
@@ -563,6 +563,10 @@ here is a summary of what's in the box.
 | **total** | 69 | |
 | **not processed** | ~100 | visual estimate |
 
+Note that this might be poor storage on my part, others have had more
+luck with their CDs, see [this report from a fellow Debian
+developer](https://k1024.org/posts/2024/2024-10-15-optical-media-lifetime/) for example.
+
 References
 ==========
 

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index d5653cc8..ad7683fb 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2042,6 +2042,9 @@ USB-C|blog/2023-02-10-usb-c]]. I'm considering a Dell
  * [gaming handheld mod](https://www.youtube.com/watch?v=zd6WtTUf-30) (!!!)
  * [cyberdeck](https://github.com/BenMakesEverything/cyberdeck/), [video](https://www.youtube.com/watch?v=qzEd50uzdF0)
  * [Framedeck](https://community.frame.work/t/my-open-source-framework-powered-handheld/43151), [video part 1](https://www.youtube.com/watch?v=XlbybcZxy6A&t=4s), [part 2](https://www.youtube.com/watch?v=zO6Jn7tTwc8), [GitHub](https://github.com/redglitch2/FrameDeck)
+ * [Cyberdock](https://www.printables.com/model/976685-project-cyberdock), pelican case kit with tool storage, power bar, hub,
+   etc, similar to the [recovery kit](https://www.doscher.com/recovery-kit-version-2/), but missing a battery,
+   network hub, and keyboard
  * [keyboard mod](https://www.tindie.com/products/crimier/framework-input-cover-controller/) (i.e. turn the Framework keyboard, touch pad,
    fingerprint reader and power buttons into a "normal" USB keyboard
    and hub)
@@ -2078,7 +2081,9 @@ USB-C|blog/2023-02-10-usb-c]]. I'm considering a Dell
  * [RTL SDR](https://community.frame.work/t/rtl-sdr-expansion-card/37098)
  * [joystick](https://community.frame.work/t/framework-joystick-modules-turning-your-frame-work-13-into-an-handheld-coming-soon/39011)
  * [logitech dongle hider with USB-A output](https://github.com/LeoDJ/FW-EC-DongleHiderPlus)
-* check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those
+ * [lego brick expansion card](https://www.printables.com/model/1031374-brick-system-expansion-card)
+
+Check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those.
 
 ## Sleeves and cases
 

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index 6ece53b9..9b382d3d 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -87,9 +87,10 @@ Those are packages that *are* in Debian stable (Bookworm) already, but
 that are somewhat lacking and could benefit from an upgrade.
 
 - [firmware-iwlwifi](https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git): out of date, can install from unstable
-- [fuzzel][] / [foot][]: log level noises [A][], [B][], fuzzel [fix
-  not in debian yet][], and if we get to 1.11, my [scripts](https://gitlab.com/anarcat/scripts/) in `~/bin`
-  should be patched to use `--cache`
+- [fuzzel][]: [log level noises][A],, paste support
+  and my [scripts](https://gitlab.com/anarcat/scripts/) in `~/bin` should be patched to use `--cache`
+- [foot][]: [log level noises][B], [quotes selection][], [keyboard
+  selection mode](https://codeberg.org/dnkl/foot/issues/419)
 - nomacs: non-trivial backport, out of date version in sid
 - [pandoc](https://pandoc.org/): [3.0](https://github.com/jgm/pandoc/releases/tag/3.0) is ridiculously huge, but particularly [remove
   spaces after list marker](https://github.com/jgm/pandoc/issues/7172)
@@ -103,7 +104,7 @@ that are somewhat lacking and could benefit from an upgrade.
 [foot]: https://codeberg.org/dnkl/foot
 [A]: https://codeberg.org/dnkl/fuzzel/pulls/266
 [B]: https://codeberg.org/dnkl/foot/pulls/1215
-[fix not in debian yet]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078784
+[quotes selection]: https://codeberg.org/dnkl/foot/issues/1364
 
 # Last words
 

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 9a1a94ad..16a7a01b 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -190,13 +190,14 @@ squeeze in places and so on.
 ## The great 4k dance
 
 I ended up buying <del>two</del> <del>three</del> *four* Dell
-monitors. I first ordered the [Dell 27" 4k
-UHD Monitor S2722QC][] but it couldn't daisy chain with the
-[Dell U2723QE][] , so I downgraded to the [Dell 27" 4K UHD Monitor -
-S2721QS][]. Dell had *excellent* support and gave me a return label to
-refund me the other monitor. But unfortunately, the S2722QC only
-supports DP1.2, not DP1.4, which means it's capped at 1080p. So I had
-to return that one as well.
+monitors. I first ordered the [Dell 27" 4k UHD Monitor S2722QC][] but
+it couldn't daisy chain with the [Dell U2723QE][], as the latter
+doesn't have an outgoing DisplayPort USB-C port. So I downgraded to
+the [Dell 27" 4K UHD Monitor - S2721QS][], on their advice. Dell had
+*excellent* support and gave me a return label to refund me the other
+monitor. But unfortunately, the S2721QS only supports DP1.2, not
+DP1.4, which means it's capped at 1080p. So I had to return that one
+as well.
 
 A key problem with the [Dell U2723QE][] is that it has no downstream
 USB-C port with DP support, so you *have* to use a DP cable to connect

diff --git a/blog/2022-06-17-matrix-notes.md b/blog/2022-06-17-matrix-notes.md
index 40a306ef..f76c5178 100644
--- a/blog/2022-06-17-matrix-notes.md
+++ b/blog/2022-06-17-matrix-notes.md
@@ -835,6 +835,15 @@ system.
 Update: I'm now (2024) using FluffyChat on desktop (through Flatpak)
 and Android (through F-Droid).
 
+Other interesting clients:
+
+ - [ement.el](https://github.com/alphapapa/ement.el): Emacs clietn
+ - [gomuks][]: TUI, golang, E2E
+ - [iamb](https://iamb.chat/): TUI, threads, spaces, E2E, image previews, bell
+   notification, message redaction, multiple profiles, vim keybindings
+
+[gomuks]: https://github.com/tulir/gomuks/
+
 ## Bots
 
 This falls a little aside the "usability" section, but I didn't know
@@ -846,7 +855,10 @@ there's still a good variety:
 
  * [maubot](https://github.com/maubot/maubot): generic bot with tons of usual plugins like sed, dice,
    karma, xkcd, echo, rss, reminder, translate, react, exec,
-   gitlab/github webhook receivers, weather, etc
+   gitlab/github webhook receivers, weather, etc, see [this huge
+   list](https://plugins.mau.bot/), related bots:
+   - [mautrix-telegram](https://github.com/mautrix/telegram): [recommended by sergiodj](https://blog.sergiodj.net/posts/chatting-21st-century/)
+   - [gitlab](https://github.com/maubot/gitlab): same
  * [matrix-nio](https://github.com/poljar/matrix-nio): another framework, used to build [lots more
    bots](https://matrix-nio.readthedocs.io/en/latest/examples.html) like:
    * [hemppa](https://github.com/vranki/hemppa): generic bot with various functionality like weather,
@@ -867,6 +879,7 @@ there's still a good variety:
  * [hookshot](https://github.com/Half-Shot/matrix-hookshot): bridge with GitLab/GitHub
  * [matrix-monitor-bot](https://github.com/turt2live/matrix-monitor-bot): latency monitor
  * [matrix-debate-bot](https://gitlab.com/imbev/matrix-debate-bot): simple timer
+ * [nimb](https://github.com/susam/nimb): NIMB IRC Matrix Bridge, sock puppet
  * [gh-bot](https://git.sr.ht/~jae/gh-bot): GitHub, GitLab, Gitea webhook processor
  * [buscarron](https://gitlab.com/etke.cc/buscarron): web form (HTTP POST) to Matrix
  * [honoroit](https://gitlab.com/etke.cc/honoroit): help desk bot
diff --git a/blog/2024-05-29-playing-with-fonts-again.md b/blog/2024-05-29-playing-with-fonts-again.md
index bb07ab91..2f55ca62 100644
--- a/blog/2024-05-29-playing-with-fonts-again.md
+++ b/blog/2024-05-29-playing-with-fonts-again.md
@@ -235,6 +235,8 @@ I'm not using them:
   rendering box drawing, em dash bigger than en dash, packaged as
   [fonts-mononoki](https://tracker.debian.org/fonts-mononoki)
 
+- [Server mono](https://servermono.com/): no ligatures, italics, old school
+
 - [Source Code Pro](http://adobe-fonts.github.io/source-code-pro/): italics, looks good, but dash metrics look
   whacky, [not in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736681)
 
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index e2ae6e5e..2abed170 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -175,6 +175,7 @@ replace Calibre here:
  * [sioyek][] is a powerful, extensible and keyboard-driven PDF (and
    ePUB!) viewer mostly aimed at academic paper review, but it has all
    sorts of nice features like highlights, bookmarks, and more
+ * [Thorium][], OPDS, ePUBs, Electron thing
  * [xreader][] GTK-only viewer based on Atril, [not in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958981)
  * [zathura][] supports ePUBs with the [MuPDF][] [backend][], but that
    backend is [not in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731447)
@@ -211,6 +212,7 @@ See also the [pdf-viewer metapackage](https://packages.debian.org/sid/pdf-viewer
 [Peruse]: https://peruse.kde.org/
 [kavita]: https://github.com/Kareadita/Kavita
 [flow]: https://www.flowoss.com/
+[Thorium]: https://github.com/edrlab/thorium-reader
 
 ## ebook editor
 

diff --git a/blog/2024-08-15-why-trixie.md b/blog/2024-08-15-why-trixie.md
index c0962c29..6ece53b9 100644
--- a/blog/2024-08-15-why-trixie.md
+++ b/blog/2024-08-15-why-trixie.md
@@ -53,6 +53,7 @@ interesting enough to list here.
 - [sfwbar](https://github.com/LBCrion/sfwbar): pretty status bar, may replace waybar, which i am
   somewhat unhappy with (my UTC clock disappears randomly)
 - [spytrap-adb](https://github.com/spytrap-org/spytrap-adb): cool spy gear
+- [trippy](https://github.com/fujiapple852/trippy): trippy network analysis tool, kind of an improved MTR
 
 # New packages I won't use
 

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 6f29afb0..efc5b78a 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -76,6 +76,7 @@ n'y sont pas listés.
 | namesilo.com      | 13.95USD | 10.79USD | 11.79USD | 9.99USD  | 11.99USD | 18.49USD |                                                                 |
 | nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                                 |
 | njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                         |
+| openprovider.com  | 16.98USD | 19.99USD | 19.99USD | 20.10USD | 21.03USD | 32.20USD | has a "member" price, suggested by a coworker                   |
 | opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing, 95$ minimum                             |
 | porkbun.com       | 10.37USD | 10.72USD | 11.48USD | 9.20USD  | N/A      | 16.97USD |                                                                 |
 

diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 931de629..95bb4216 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -304,7 +304,8 @@ that I version-control into git:
    1 (no third-party cookies)
  * `browser.in-content.dark-mode`: true (prefer dark CSS, see [this
    discussion](https://css-tricks.com/dark-modes-with-css/), [new in FF 67](https://blog.logrocket.com/whats-new-in-firefox-67-prefers-color-scheme-and-more-195be81df03f/)), also set
-   `ui.systemUsesDarkTheme` to `1`. see [this doc](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme)
+   `ui.systemUsesDarkTheme` to `1`. see [this doc](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme), also set
+   "theme" to be "dark", flipping to "automatic" when i need "light"
  * `privacy.resistFingerprinting`: true (helps with
    [fingerprinting](https://www.bitestring.com/posts/2023-03-19-web-fingerprinting-is-worse-than-I-thought.html5), but [breaks dark mode](https://bugzilla.mozilla.org/show_bug.cgi?id=1535189), see also [this TB
    bug](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40337))

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 92f8bf80..f165f75c 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -1555,13 +1555,13 @@ bookworm) that replaces dunst and also provides sliders for
 backlight. Default config is almost useless, good stuff in the
 [discussion forum](https://github.com/ErikReider/SwayNotificationCenter/discussions/183). Still very GUI-y and mouse driven, not enough
 text... e.g. we don't see the actual volume or brightness in
-percentage.
+percentage, so i still have a brightness module in waybar.
 
 Other alternatives:
 
  * [Avizo][], not in Debian, requires keybinding wrapper
- * [SwayOSD][], [entered Debian in Trixie](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057301), requires keybinding
-   wrapper or libinput access
+ * [SwayOSD][], [entered Debian NEW, hopefully in trixie](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057301), requires
+   keybinding wrapper or libinput access, [sample sway config](https://codeberg.org/werdahias/graffe/src/commit/76c109b2ead688fad2ab5ddbe81419d5acbf270e/.config/sway/config#L58-L67)
 
 [Avizo]: https://github.com/misterdanb/avizo
 [SwayOSD]: https://github.com/ErikReider/SwayOSD

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 70d0954b..92f8bf80 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -1560,7 +1560,8 @@ percentage.
 Other alternatives:
 
  * [Avizo][], not in Debian, requires keybinding wrapper
- * [SwayOSD][], [not in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057301), requires keybinding wrapper or libinput access
+ * [SwayOSD][], [entered Debian in Trixie](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057301), requires keybinding
+   wrapper or libinput access
 
 [Avizo]: https://github.com/misterdanb/avizo
 [SwayOSD]: https://github.com/ErikReider/SwayOSD

diff --git a/blog/2024-05-29-playing-with-fonts-again.md b/blog/2024-05-29-playing-with-fonts-again.md
index 9357f2e7..bb07ab91 100644
--- a/blog/2024-05-29-playing-with-fonts-again.md
+++ b/blog/2024-05-29-playing-with-fonts-again.md
@@ -173,6 +173,8 @@ My requirements are:
 - *no* ligatures: yes, in the previous post, I *wanted* ligatures but
   I have changed my mind. after testing this, I find them distracting,
   confusing, and they often break the monospace nature of the display
+  (note that some folks wrote [emacs code to selectively enable
+  ligatures](https://github.com/mickeynp/ligature.el) which is an interesting compromise)z
 - monospace: this is to display code
 - italics: often used when writing Markdown, where I do make use of
   italics... Emacs falls back to underlining text when lacking italics
@@ -267,6 +269,10 @@ Fonts](fonts.google.com/), amazingly. Other such tools:
  * [Google Fonts](fonts.google.com/)
  * [Programming fonts](https://www.programmingfonts.org/)
 
+Also note that there is now a package in Debian called [fnt](https://github.com/alexmyczko/fnt) to
+manage fonts like this locally, including in-line previews (that don't
+work in bookworm but should be improved in trixie and later).
+
 [[!tag debian-planet python-planet typography meta theming usability]]
 
 <!-- posted to the federation on 2024-05-29T17:44:57.933852 -->