RecentChanges

diff --git a/blog/2023-09-26-how-big-debian.md b/blog/2023-09-26-how-big-debian.md
index 738f290a..c9b4b397 100644
--- a/blog/2023-09-26-how-big-debian.md
+++ b/blog/2023-09-26-how-big-debian.md
@@ -82,10 +82,11 @@ here are the actual numbers from 2023!
    then, how many now? how can we even begin to tell, with Debian
    running on the space station?
 
- * > 1 000 000 000 lines of code: that, interestingly, has *also*
-   grown by an order of magnitude, from 100M to 1B lines of code,
-   again according to [sources.debian.org](https://sources.debian.org/stats/), woody shipped with 143M
-   lines of codes and bookworm with 1.3 *billion* lines of code
+ * 1 000 000 000+ (OVER ONE BILLION!) lines of code: that,
+   interestingly, has *also* grown by an order of magnitude, from 100M
+   to 1B lines of code, again according to [sources.debian.org](https://sources.debian.org/stats/),
+   woody shipped with 143M lines of codes and bookworm with 1.3
+   *billion* lines of code
 
 So it doesn't line up as nicely, but it looks something like this:
 

diff --git a/blog/2023-09-26-how-big-debian.md b/blog/2023-09-26-how-big-debian.md
index 9f6ad700..738f290a 100644
--- a/blog/2023-09-26-how-big-debian.md
+++ b/blog/2023-09-26-how-big-debian.md
@@ -127,3 +127,7 @@ next t-shirt. Otherwise I'm available for bar mitzvahs and children
 parties.
 
 [[!tag debian debian-planet python-planet]]
+
+
+<!-- posted to the federation on 2023-09-26T22:24:49.829276 -->
+[[!mastodon "https://kolektiva.social/@Anarcat/111134735705737208"]]
\ No newline at end of file

diff --git a/blog/2023-09-26-how-big-debian.md b/blog/2023-09-26-how-big-debian.md
new file mode 100644
index 00000000..9f6ad700
--- /dev/null
+++ b/blog/2023-09-26-how-big-debian.md
@@ -0,0 +1,129 @@
+[[!meta title="How big is Debian?"]]
+
+Now [this](https://gwolf.org/2023/09/debian-30-found-the-shirt-i-was-looking-for-last-month.html) was quite a tease! For those who haven't seen it, I
+encourage you to check it out, it has a nice photo of a Debian t-shirt
+I did not know about, to quote the Fine Article:
+
+> Today, when going through a box of old T-shirts, I found the shirt I
+> was looking for to bring to the occasion: [...]
+>
+> For the benefit of people who read this using a non-image-displaying
+> browser or RSS client, they are respectively:
+> 
+>        10 years
+>       100 countries
+>      1000 maintainers
+>     10000 packages
+> 
+> and
+> 
+>             1 project
+>            10 architectures
+>           100 countries
+>          1000 maintainers
+>         10000 packages
+>        100000 bugs fixed
+>       1000000 installations
+>      10000000 users
+>     100000000 lines of code
+> 
+> 20 years ago we celebrated eating grilled meat at J0rd1’s
+> house. This year, we had vegan tostadas in the menu. And maybe we
+> are no longer that young, but we are still very proud and happy of
+> our project!
+> 
+> Now… How would numbers line up today for Debian, 20 years later?
+> Have we managed to get the “bugs fixed” line increase by a factor of
+> 10? Quite probably, the lines of code we also have, and I can only
+> guess the number of users and installations, which was already just
+> a wild guess back then, might have multiplied by over 10, at least
+> if we count indirect users and installs as well…
+
+Now I don't know about you, but I *really* expected someone to come up
+with an answer to this, directly on [Debian Planet](https://planet.debian.org/)! I have
+patiently waited for such an answer but enough is enough, I'm a Debian
+member, surely I can cull all of this together. So, low and behold,
+here are the actual numbers from 2023!
+
+ * 1 project: unchanged, although we could count [129 derivatives in
+   the current census](https://wiki.debian.org/Derivatives/Census)
+ * ~10 architectures: number almost unchanged, but the actual
+   architectures are of course different ([woody released](https://www.debian.org/releases/woody/) with
+   `i386`, `m68k`, Alpha, SPARC, PowerPC, ARM, IA-64, `hppa`, `mips`,
+   `s390`; while [bookworm released](https://www.debian.org/releases/bookworm/) with actually 9 supported
+   architectures instead of 10: `i386`, `amd64`, `aarch64`, `armel`,
+   `armhf`, `mipsel`, `mips64el`, `ppc64el`, `s390x`)
+
+ * ~100 countries: actually 63 now, but I suspect we were generously
+   rounding up last time as well (extracted with `ldapsearch -b
+   ou=users,dc=debian,dc=org -D uid=anarcat,ou=users,dc=debian,dc=org
+   -ZZ -vLxW '(c=*)' c | grep ^c: | sort | uniq -c | sort -n | wc -l`
+   on `coccia`)
+
+ * ~1000 maintainers: amazingly, almost unchanged (according to the
+   last DPL vote, there were 831 DDs in 2003 and 996 in the last vote)
+
+ * 35000 packages: that number obviously increased quite a bit, but
+   according to [sources.debian.org](https://sources.debian.org/stats/), woody released with 5580
+   source packages and bookworm with 34782 source packages and
+   according to [UDD](https://wiki.debian.org/UltimateDebianDatabase), there are actually 200k+ *binary* packages (
+   `SELECT COUNT(DISTINCT package) FROM all_packages;` => 211151)
+
+ * 1 000 000+ (OVER ONE MILLION!) bugs fixed! now *that* number grew
+   by a whole order of magnitude, incredibly (934809 done, 16 fixed,
+   7595 forwarded, 82492 pending, 938 pending-fixed, according to UDD
+   again, `SELECT COUNT(id),status FROM all_bugs GROUP BY status;`)
+
+ * ~1 000 000 installations (?): that one is hard to call. [popcon](https://popcon.debian.org/)
+   has 225419 recorded installs, but it is likely an underestimate -
+   hard to count
+
+ * how many users? even harder, we were claiming ten million users
+   then, how many now? how can we even begin to tell, with Debian
+   running on the space station?
+
+ * > 1 000 000 000 lines of code: that, interestingly, has *also*
+   grown by an order of magnitude, from 100M to 1B lines of code,
+   again according to [sources.debian.org](https://sources.debian.org/stats/), woody shipped with 143M
+   lines of codes and bookworm with 1.3 *billion* lines of code
+
+So it doesn't line up as nicely, but it looks something like this:
+
+             1 project
+            10 architectures
+            30 years
+           100 countries (actually 63, but we'd like to have yours!)
+          1000 maintainers (yep, still there!)
+         35000 packages
+        211000 *binary* packages
+       1000000 bugs fixed
+    1000000000 lines of code
+     uncounted installations and users, we don't track you
+
+So maybe the the more accurate, rounding to the nearest logarithm,
+would look something like:
+
+             1 project
+            10 architectures
+           100 countries (actually 63, but we'd like to have yours!)
+          1000 maintainers (yep, still there!)
+        100000 packages
+       1000000 bugs fixed
+    1000000000 lines of code
+     uncounted installations and users, we don't track you
+
+I really like how the "packages" and "bugs fixed" still have an order
+of magnitude between them there, but that the "bugs fixed" vs "lines
+of code" have an extra order of magnitude, that is we have fixed ten
+times less bugs per line of code since we last did this count, 20
+years ago.
+
+Also, I am tempted to put `100 years` in there, but that would be
+rounding up too much. Let's give it another 30 years first.
+
+Hopefully, some real scientist is going to balk at this crude
+methodology and come up with some more interesting numbers for the
+next t-shirt. Otherwise I'm available for bar mitzvahs and children
+parties.
+
+[[!tag debian debian-planet python-planet]]

diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile
index d01920e7..973b6889 100644
--- a/.well-known/openpgpkey/Makefile
+++ b/.well-known/openpgpkey/Makefile
@@ -19,6 +19,7 @@ hu:
 
 upload:
 	gpg --keyserver keyring.debian.org --send-keys $(FINGERPRINT)
+	gpg --keyserver pgpkeys.eu --send-keys $(FINGERPRINT)
 	gpg --keyserver keys.openpgp.org --send-keys $(FINGERPRINT)
 	@echo "Not covered: GitLab and GitHub accounts:"
 	@echo "https://gitlab.torproject.org/-/profile/gpg_keys"

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 4eec1b0f..9379f5d3 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -780,7 +780,7 @@ as xss-lock and xsecurelock.
 That, unfortunately, does *not* include the fancy "hacks" provided by
 xscreensaver, and that is [unlikely to be implemented upstream][].
 
-Other alternatives include [gtklock][] and [waylock][] (zig), which
+Other alternatives include [gtklock][] ([RFP](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052418)) and [waylock][] (zig), which
 do not solve that problem either.
 
 It looks like [swaylock-plugin][], a swaylock fork, which at least

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index c1c66c7c..53a2accb 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -52,7 +52,7 @@ can log back in over a serial console or virtual terminal.
         : reset to the default locale
         export LC_ALL=C.UTF-8 &&
         : install some dependencies
-        sudo apt install ttyrec screen debconf-utils deborphan apt-forktracer &&
+        sudo apt install ttyrec screen debconf-utils deborphan &&
         : create ttyrec file with adequate permissions &&
         sudo touch /var/log/upgrade-bookworm.ttyrec &&
         sudo chmod 600 /var/log/upgrade-bookworm.ttyrec &&
@@ -101,7 +101,8 @@ can log back in over a serial console or virtual terminal.
         dpkg -l 'linux-image-*' &&
         : look for packages from backports, other suites or archives &&
         : if possible, switch to official packages by disabling third-party repositories &&
-        apt-forktracer | sort &&
+        apt list '?narrow(?installed, ?not(?origin(Debian)))' &&
+        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
         printf "End of Step 3\a\n"
 
  5. Check free space (see [this guide to free up space][]), disable
@@ -158,7 +159,8 @@ can log back in over a serial console or virtual terminal.
         # review and purge older kernel if the new one boots properly
         dpkg -l 'linux-image*'
         # review packages that are not in the new distribution
-        apt-forktracer | sort
+        apt purge '?obsolete'
+        apt list "?narrow(?installed, ?not(?codename($(lsb_release -c -s | tail -1))))" &&
         printf "All procedures completed\a\n" &&
 
 ## Conflicts resolution

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index 876e96bf..c1c66c7c 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -489,9 +489,14 @@ To remove those:
     apt purge '?obsolete'
 
 Those didn't catch the non-standard versions that `apt-show-versions`
-caught however, so this still needs work.
+caught however. This will:
 
-TODO: update above procedure
+    apt list '?narrow(?installed, ?not(?codename(bookworm)))'
+
+That effectively replaces the old `apt-show-versions | grep -v
+/bookworm` hack.
+
+TODO: update actual procedure with the above.
 
 # References
 

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index e71f6f07..09f7cde0 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -203,7 +203,9 @@ In Dell land, it seems the only option is to get *another* Ultrashap
 monitor, or a [Dell P2723QE](https://www.dell.com/en-ca/shop/dell-27-monitor-p2723qe/apd/210-bdlk/monitors-monitor-accessories) but both of those are pricier than the
 S series *and* ship their full complement of USB-hub, complete with a
 network adapter for the Ultrasharp, which feels overkill. 610$ on
-sale.
+sale. [Not on rtings](https://www.rtings.com/discussions/wuYrn9KsVPWpXfqv/review-updates-dell-p2723qe) but its bigger version, the [32", is
+reviewed](https://www.rtings.com/monitor/reviews/dell/p3223de) rather negatively ("slow response time, mediocre
+out-of-the-box accuracy, struggles in really bright rooms").
 
 I'm not sure what to do next. I could just live with a 1080p monitor
 to the right, it's effectively what I had with the LG Flatron.. But 4k
@@ -214,14 +216,17 @@ I'm considering the [Gigabyte M27U](https://www.gigabyte.com/Monitor/M27U) but i
 available at <https://memoryexpress.com>, Canada Computers, or Best
 Buy. Update: it's [B/O at Canada Computers](https://www.canadacomputers.com/product_info.php?cPath=22_700_1104&item_id=241276), 730$CAD. It's
 [available at B&H](https://www.bhphotovideo.com/c/product/1765698-REG/gigabyte_m27u_27_uhd_160hz_kvm.html) however, 530USD (~700+USD), and [NewEgg.ca](https://www.newegg.ca/p/N82E16824012061?Item=N82E16824012061),
-650$CAD. [PC parts picket listing](https://ca.pcpartpicker.com/product/dTJp99/gigabyte-m27u-sa-270-3840-x-2160-160-hz-monitor-m27u-sa).
+650$CAD. [PC parts picket listing](https://ca.pcpartpicker.com/product/dTJp99/gigabyte-m27u-sa-270-3840-x-2160-160-hz-monitor-m27u-sa). It's also a bit larger than the
+ultrasharp, 61.5 x 37.11cm vs 61.16 x 36.46cm, so about 5mm larger all
+around. Probably not a deal breaker.
 
 The other option is the [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b) but that's more expensive
 (800+), at which point I would just get another Ultrasharp.
 
 Also, the [Dell U2723QE][] discount is over and it's back at 1100$
 which makes it much less attractive. There is one on sale [at PC
-Canada](https://www.pc-canada.com/item/dell-ultrasharp-u2723qe-27-4k-uhd-lcd-monitor/dell-u2723qe) (820$). See the [PC parts picker listing](https://ca.pcpartpicker.com/product/CQkWGX/dell-u2723qe-270-3840x2160-60-hz-monitor-210-bdpf).
+Canada](https://www.pc-canada.com/item/dell-ultrasharp-u2723qe-27-4k-uhd-lcd-monitor/dell-u2723qe) (820$), see the [PC parts picker listing](https://ca.pcpartpicker.com/product/CQkWGX/dell-u2723qe-270-3840x2160-60-hz-monitor-210-bdpf), still a far
+cry from the 750$ sale at dell.com.
 
 For now, it's a cool-down period.
 
@@ -333,6 +338,17 @@ might be waiting for.
    * [800$ at memory express](https://www.memoryexpress.com/Products/MX00122893)
    * [850$ at canada computers](https://www.canadacomputers.com/product_info.php?cPath=22_700_1104&item_id=224899)
    * [good review at rtings](https://www.rtings.com/monitor/reviews/lg/27gn950-b)
+ * [Gigabyte M27U](https://www.gigabyte.com/Monitor/M27U)
+   * 615.67*371.15*60.3 mm (987mm for two)
+   * 3840 x 2160 @ 160Hz
+   * 1000:1
+   * 400 cd
+   * 95% DCI-P3/ 129% sRGB
+   * 1ms
+   * 2 HDMI 2.1, DP 1.4, 3 USB-A, 1 USB-C upstream 18W, 1 earphone
+     jack
+   * 28W
+   * [best mid-range 4k monitor at rtings](https://www.rtings.com/monitor/reviews/gigabyte/m27u)
 
 [Dell 27" 4k UHD Monitor S2722QC]: https://www.dell.com/en-ca/shop/dell-27-4k-uhd-usb-c-monitor-s2722qc/apd/210-bbqt/monitors-monitor-accessories
 [Dell 27" 4K UHD Monitor - S2721QS]: https://www.dell.com/en-ca/shop/dell-27-4k-uhd-monitor-s2721qs/apd/210-axlg/monitors-monitor-accessories#techspecs_section

diff --git a/blog/2022-10-28-vpn-considerations.md b/blog/2022-10-28-vpn-considerations.md
index 397276d7..ffe8ad68 100644
--- a/blog/2022-10-28-vpn-considerations.md
+++ b/blog/2022-10-28-vpn-considerations.md
@@ -297,6 +297,9 @@ warrant further examination in the future.
    supporting strong encryption, NAT traversal and a simple
    configuration", sounds interesting, not in Debian
 
+ * [wgautomesh](https://git.deuxfleurs.fr/Deuxfleurs/wgautomesh): "connect wireguard nodes together in a full mesh
+   topology", rust
+
  * [Yggdrasil](https://yggdrasil-network.github.io/): actually a pretty good match for my use case, but I
    didn't think of it when starting the experiments here; [packaged in
    Debian](https://tracker.debian.org/pkg/yggdrasil), with the [Golang version](https://github.com/yggdrasil-network/yggdrasil-go) [planned](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003985), [Puppet

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 34ba9cc3..e71f6f07 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -202,7 +202,8 @@ ordering the S2722QC.
 In Dell land, it seems the only option is to get *another* Ultrashap
 monitor, or a [Dell P2723QE](https://www.dell.com/en-ca/shop/dell-27-monitor-p2723qe/apd/210-bdlk/monitors-monitor-accessories) but both of those are pricier than the
 S series *and* ship their full complement of USB-hub, complete with a
-network adapter for the Ultrasharp, which feels overkill.
+network adapter for the Ultrasharp, which feels overkill. 610$ on
+sale.
 
 I'm not sure what to do next. I could just live with a 1080p monitor
 to the right, it's effectively what I had with the LG Flatron.. But 4k

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 2c4a853b..34ba9cc3 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -213,7 +213,7 @@ I'm considering the [Gigabyte M27U](https://www.gigabyte.com/Monitor/M27U) but i
 available at <https://memoryexpress.com>, Canada Computers, or Best
 Buy. Update: it's [B/O at Canada Computers](https://www.canadacomputers.com/product_info.php?cPath=22_700_1104&item_id=241276), 730$CAD. It's
 [available at B&H](https://www.bhphotovideo.com/c/product/1765698-REG/gigabyte_m27u_27_uhd_160hz_kvm.html) however, 530USD (~700+USD), and [NewEgg.ca](https://www.newegg.ca/p/N82E16824012061?Item=N82E16824012061),
-650$CAD.
+650$CAD. [PC parts picket listing](https://ca.pcpartpicker.com/product/dTJp99/gigabyte-m27u-sa-270-3840-x-2160-160-hz-monitor-m27u-sa).
 
 The other option is the [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b) but that's more expensive
 (800+), at which point I would just get another Ultrasharp.

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 23b46162..2c4a853b 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -188,12 +188,17 @@ squeeze in places and so on.
 
 I ended up buying two Dell monitors. I first ordered the [Dell 27" 4k
 UHD Monitor S2722QC][] but it couldn't daisy chain with the
-ultra-sharp, so I downgraded to the [Dell 27" 4K UHD Monitor -
+[Dell U2723QE][] , so I downgraded to the [Dell 27" 4K UHD Monitor -
 S2721QS][]. Dell had *excellent* support and gave me a return label to
 refund me the other monitor. But unfortunately, the S2722QC only
 supports DP1.2, not DP1.4, which means it's capped at 1080p. So I had
 to return that one as well.
 
+A key problem with the [Dell U2723QE][] is that it has no downstream
+USB-C port with DP support, so you *have* to use a DP cable to connect
+another monitor. This is what fundamentally led me astray when
+ordering the S2722QC.
+
 In Dell land, it seems the only option is to get *another* Ultrashap
 monitor, or a [Dell P2723QE](https://www.dell.com/en-ca/shop/dell-27-monitor-p2723qe/apd/210-bdlk/monitors-monitor-accessories) but both of those are pricier than the
 S series *and* ship their full complement of USB-hub, complete with a
@@ -204,11 +209,18 @@ to the right, it's effectively what I had with the LG Flatron.. But 4k
 really *is* nice, and I really like having the right side rotated as
 well.
 
-I'm considering the [Gigabyte M27U](https://www.rtings.com/monitor/reviews/gigabyte/m27u) but it's hard to find: it's not
+I'm considering the [Gigabyte M27U](https://www.gigabyte.com/Monitor/M27U) but it's hard to find: it's not
 available at <https://memoryexpress.com>, Canada Computers, or Best
-Buy. It's [available at B&H](https://www.bhphotovideo.com/c/product/1765698-REG/gigabyte_m27u_27_uhd_160hz_kvm.html) however, 530USD. The other option is
-the [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b) but that's more expensive (800+), at which point I
-would just get another Ultrasharp.
+Buy. Update: it's [B/O at Canada Computers](https://www.canadacomputers.com/product_info.php?cPath=22_700_1104&item_id=241276), 730$CAD. It's
+[available at B&H](https://www.bhphotovideo.com/c/product/1765698-REG/gigabyte_m27u_27_uhd_160hz_kvm.html) however, 530USD (~700+USD), and [NewEgg.ca](https://www.newegg.ca/p/N82E16824012061?Item=N82E16824012061),
+650$CAD.
+
+The other option is the [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b) but that's more expensive
+(800+), at which point I would just get another Ultrasharp.
+
+Also, the [Dell U2723QE][] discount is over and it's back at 1100$
+which makes it much less attractive. There is one on sale [at PC
+Canada](https://www.pc-canada.com/item/dell-ultrasharp-u2723qe-27-4k-uhd-lcd-monitor/dell-u2723qe) (820$). See the [PC parts picker listing](https://ca.pcpartpicker.com/product/CQkWGX/dell-u2723qe-270-3840x2160-60-hz-monitor-210-bdpf).
 
 For now, it's a cool-down period.
 

diff --git a/blog/2017-02-18-passwords-entropy.mdwn b/blog/2017-02-18-passwords-entropy.mdwn
index 9d781c7d..e3a3cef2 100644
--- a/blog/2017-02-18-passwords-entropy.mdwn
+++ b/blog/2017-02-18-passwords-entropy.mdwn
@@ -358,4 +358,13 @@ them to store secure tokens in password managers.
 [first appeared]: http://lwn.net/Articles/713806/
 [Linux Weekly News]: http://lwn.net/
 
+Possible updates:
+
+ * [diceware: how long should my password be](https://theworld.com/%7Ereinhold/dicewarefaq.html#howlong)
+ * [LastPass: How strong should your account password be?](https://blog.1password.com/cracking-challenge-update/)
+ * [cryptsetup: How long is a secure passphrase?](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#5-security-aspects)
+ * [Tom's Hardware: Google Launches AI Supercomputer Powered by Nvidia
+   H100 GPUs](https://www.tomshardware.com/news/google-a3-supercomputer-h100-googleio), "26 exaFlops"
+ * [Nvidia: Grace Hopper superchip](https://www.nvidia.com/en-us/data-center/grace-hopper-superchip/)
+
 [[!tag debian-planet debian passwords lwn geek security crypto]]

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 192ce2b7..23b46162 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -184,6 +184,34 @@ squeeze in places and so on.
 [Dell U2723QE]: https://www.dell.com/en-ca/shop/cty/apd/210-bdpf
 [Dell S2721QS]: https://www.dell.com/en-ca/shop/dell-27-4k-uhd-monitor-s2721qs/apd/210-axlg/
 
+## The great 4k dance
+
+I ended up buying two Dell monitors. I first ordered the [Dell 27" 4k
+UHD Monitor S2722QC][] but it couldn't daisy chain with the
+ultra-sharp, so I downgraded to the [Dell 27" 4K UHD Monitor -
+S2721QS][]. Dell had *excellent* support and gave me a return label to
+refund me the other monitor. But unfortunately, the S2722QC only
+supports DP1.2, not DP1.4, which means it's capped at 1080p. So I had
+to return that one as well.
+
+In Dell land, it seems the only option is to get *another* Ultrashap
+monitor, or a [Dell P2723QE](https://www.dell.com/en-ca/shop/dell-27-monitor-p2723qe/apd/210-bdlk/monitors-monitor-accessories) but both of those are pricier than the
+S series *and* ship their full complement of USB-hub, complete with a
+network adapter for the Ultrasharp, which feels overkill.
+
+I'm not sure what to do next. I could just live with a 1080p monitor
+to the right, it's effectively what I had with the LG Flatron.. But 4k
+really *is* nice, and I really like having the right side rotated as
+well.
+
+I'm considering the [Gigabyte M27U](https://www.rtings.com/monitor/reviews/gigabyte/m27u) but it's hard to find: it's not
+available at <https://memoryexpress.com>, Canada Computers, or Best
+Buy. It's [available at B&H](https://www.bhphotovideo.com/c/product/1765698-REG/gigabyte_m27u_27_uhd_160hz_kvm.html) however, 530USD. The other option is
+the [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b) but that's more expensive (800+), at which point I
+would just get another Ultrasharp.
+
+For now, it's a cool-down period.
+
 ## Retired
 
 Those monitors have problems and will be scrapped eventually:
@@ -236,12 +264,6 @@ faster refresh rate, HDR, low energy consumption) but no burn-in,
 which is really amazing. Not yet available for real monitors, but
 might be waiting for.
 
-Update, 2023-09-19: I ended up buying two Dell monitors. I first
-ordered the [Dell 27" 4k UHD Monitor S2722QC][] but it couldn't daisy
-chain with the ultra-sharp, so I downgraded to the [Dell 27" 4K UHD
-Monitor - S2721QS][]. Dell had *excellent* support and gave me a
-return label to refund me the other monitor.
-
 ## 2023 update
 
  * [Dell 27" 4K UHD Monitor - S2721QS][]:
@@ -285,9 +307,8 @@ return label to refund me the other monitor.
    * Linux support for dock features [unclear](https://community.frame.work/t/docking-station/14798/9?u=anarcat)
    * used to be the "[best mid-range 4k monitor](https://www.rtings.com/monitor/reviews/best/by-resolution/4k-ultra-hd-uhdu27) at rtings,
      displaced by the [Gigabyte M27U](https://www.rtings.com/monitor/reviews/gigabyte/m27u) in June 2023, still rated
-     [impressive](https://www.rtings.com/monitor/reviews/dell/s2722qc), I strangely cannot find the M27U on the Gigabyte
-     website, <memoryexpress.com>, best buy, and it's [back-ordered at
-     B&H](https://www.bhphotovideo.com/c/product/1765698-REG/gigabyte_m27u_27_uhd_160hz_kvm.html), rtings particularly complains about reflection handling
+     [impressive](https://www.rtings.com/monitor/reviews/dell/s2722qc), rtings particularly complains about reflection
+     handling
  * [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b)
    * 609.2x352.9mm (962mm for two)
    * 700:1 - 1000:1

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index c53167f3..192ce2b7 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -155,15 +155,13 @@ I somehow managed to collect a ridiculous pile of old monitors. Here's
 what works and doesn't, in descending order of (totally subjective)
 "quality":
 
-| Model                          | Resolution     | Size  | Contrast | Lat  | Connectors    | Notes                              | Status |
-|--------------------------------|----------------|-------|----------|------|---------------|------------------------------------|--------|
-| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz | 20"   | 2000:1   | 5ms  | VGA DVI       | looks great, one dead pixel        | angela |
-| [Dell 2208WFP][]               | 1680x1050@?Hz  | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB | looks organge-y, 20$ from recyborg | angela |
-| [Acer P186HV][]                | 1366x768@60Hz  | 18.5" | 5000:1   | 5ms  | VGA           | display looks dusty                | simon  |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB | square, rotating, flickering       | marcos |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB | square, rotating, flickering       | curie  |
-
-The LG takes a long time to return from sleep.
+| Model             | Resolution     | Size  | Contrast | Lat   | Connectors                                                    | Notes                        | Status |
+|-------------------|----------------|-------|----------|-------|---------------------------------------------------------------|------------------------------|--------|
+| [Dell U2723QE][]  | 3840x2160@60Hz | 27"   | 2000:1   | 5-8ms | HDMI DP DP-out 2xUSB-C up 90W 2xUSB-C 5x USB-A line-out RJ-45 | shiny                        | angela |
+| [Dell S2721QS][]  | 3840x2160@60Hz | 27"   | 1000:1   | 4-8ms | HDMI DP 1.2 line-out                                          | also new                     | angela |
+| [Acer P186HV][]   | 1366x768@60Hz  | 18.5" | 5000:1   | 5ms   | VGA                                                           | display looks dusty          | simon  |
+| [Dell 1704FPvt][] | 1280x1024@60Hz | 17"   | 1000:1   | 25ms  | VGA DVI 4xUSB                                                 | square, rotating, flickering | marcos |
+| [Dell 1704FPvt][] | 1280x1024@60Hz | 17"   | 1000:1   | 25ms  | VGA DVI 4xUSB                                                 | square, rotating, flickering | curie  |
 
 A note on the Dell 1704FPvt monitors: they can't be used for
 desktops. Their design resolution is 1280x1024 which is a little low,
@@ -174,11 +172,6 @@ right side, really strange. But for diagnostics on servers they are
 great because the stand can be removed easily so they're easy to
 squeeze in places and so on.
 
-Note that the monitors are hooked up to angela through a USB-C /
-Thunderbolt dock from [Cable Matters](https://www.cablematters.com/), with the lovely name of
-[201053-SIL](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx). It has issues, see [[this blog
-post|blog/2023-02-10-usb-c]] for an in-depth discussion.
-
 [HP L2245wg]: https://support.hp.com/ca-en/product/hp-l2245wg-22-inch-widescreen-lcd-monitor/3758498/
 [Toshiba 19AV500U]: https://productz.com/en/toshiba-19av500u/p/eWMGr#full-specs
 [Dell 1704FPvt]: https://www.dell.com/downloads/global/products/monitors/en/spec_1704fp_en.pdf
@@ -188,15 +181,18 @@ post|blog/2023-02-10-usb-c]] for an in-depth discussion.
 [Samsung B2330H]: https://www.samsung.com/us/business/support/owners/product/b2330-series-b2330hd/
 [LG Flatron L1718S]: https://www.lg.com/us/support/product/lg-L1718S-BN.AUS
 [Dell 2208WFP]: https://www.dell.com/support/home/en-ca/product-support/product/dell-2208wfp/docs
+[Dell U2723QE]: https://www.dell.com/en-ca/shop/cty/apd/210-bdpf
+[Dell S2721QS]: https://www.dell.com/en-ca/shop/dell-27-4k-uhd-monitor-s2721qs/apd/210-axlg/
 
 ## Retired
 
 Those monitors have problems and will be scrapped eventually:
 
-| Model                          | Resolution     | Size  | Contrast | Lat  | Connectors              | Notes                            | Status |
-|--------------------------------|----------------|-------|----------|------|-------------------------|----------------------------------|--------|
-| [HP L2245wg][]                 | 1680x1050@60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W    | simon  |
-| [Acer X193w][]                 | 1440x900@75Hz  | 19"   | 2000:1   | 5ms  | VGA                     | flaky, top partially melted      | angela |
+| Model                          | Resolution     | Size | Contrast | Lat | Connectors    | Notes                              | Status    |
+|--------------------------------|----------------|------|----------|-----|---------------|------------------------------------|-----------|
+| [HP L2245wg][]                 | 1680x1050@60Hz | 22"  | 1000:1   | 5ms | VGA DVI 2xUSB | LCD TN Film, rotating, 45-65W      | simon     |
+| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz | 20"  | 2000:1   | 5ms | VGA DVI       | looks great, one dead pixel        | ex-angela |
+| [Dell 2208WFP][]               | 1680x1050@?Hz  | 22"  | 1000:1   | 5ms | VGA DVI 2xUSB | looks organge-y, 20$ from recyborg | ex-angela |
 
 The HP was retired because it was getting finicky: it would "short"
 and blank out, get all "fuzzy" and weird. The new monitor (the [LG
@@ -207,15 +203,23 @@ Extra specs for the HP: [upstream](https://support.hp.com/us-en/product/hp-l2245
 The Acer was retired because it had some flickering and would
 sometimes fail to return from sleep.
 
+The LG L204WTX-SF takes a long time to return from sleep.
+
+Note the two "ex-angela" monitors were hooked to angela through a
+USB-C / Thunderbolt dock from [Cable Matters](https://www.cablematters.com/), with the lovely name
+of [201053-SIL](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx). It has issues, see [[this blog
+post|blog/2023-02-10-usb-c]] for an in-depth discussion.
+
 ## Scrapped or lost
 
 Those monitors were either scrapped or lost:
 
-| Model                 | Resolution     | Size | Contrast | Lat | Connectors              | Notes                            | Status |
-|-----------------------|----------------|------|----------|-----|-------------------------|----------------------------------|--------|
-| [Toshiba 19AV500U][]  | 1440x900@?Hz   | 19"  | ?        | ?   | VGA HDMI component coax | it's a TV! not working in Linux? | lost?  |
-| [LG Flatron L1718S][] | 1280x1024@75Hz | 17"  | 700:1    | ?   | VGA                     | square, 35W                      | lost?  |
-| [Samsung B2330H][]    | 1920x1080@60Hz | 23"  | 70000:1  | 5ms | VGA HDMI DVI            | molten hole in the back          | alexis |
+| Model                 | Resolution     | Size | Contrast | Lat | Connectors              | Notes                            | Status    |
+|-----------------------|----------------|------|----------|-----|-------------------------|----------------------------------|-----------|
+| [Acer X193w][]        | 1440x900@75Hz  | 19"  | 2000:1   | 5ms | VGA                     | flaky, top partially melted      | ex-angela |
+| [Toshiba 19AV500U][]  | 1440x900@?Hz   | 19"  | ?        | ?   | VGA HDMI component coax | it's a TV! not working in Linux? | lost?     |
+| [LG Flatron L1718S][] | 1280x1024@75Hz | 17"  | 700:1    | ?   | VGA                     | square, 35W                      | lost?     |
+| [Samsung B2330H][]    | 1920x1080@60Hz | 23"  | 70000:1  | 5ms | VGA HDMI DVI            | molten hole in the back          | alexis    |
 
 This monitor did not power up at all:
 
@@ -232,9 +236,15 @@ faster refresh rate, HDR, low energy consumption) but no burn-in,
 which is really amazing. Not yet available for real monitors, but
 might be waiting for.
 
+Update, 2023-09-19: I ended up buying two Dell monitors. I first
+ordered the [Dell 27" 4k UHD Monitor S2722QC][] but it couldn't daisy
+chain with the ultra-sharp, so I downgraded to the [Dell 27" 4K UHD
+Monitor - S2721QS][]. Dell had *excellent* support and gave me a
+return label to refund me the other monitor.
+
 ## 2023 update
 
- * [Dell 27" 4K UHD Monitor - S2721QS](https://www.dell.com/en-ca/shop/dell-27-4k-uhd-monitor-s2721qs/apd/210-axlg/monitors-monitor-accessories#techspecs_section):
+ * [Dell 27" 4K UHD Monitor - S2721QS][]:
    * 946mm wide for two
    * 28.8W / 0.3W
    * HDMI / DP 1.2 / audio line out
@@ -246,7 +256,7 @@ might be waiting for.
    * 330$ at dell, [513$ at Bestbuy](https://www.bestbuy.ca/en-ca/product/dell-27-4k-ultra-hd-60hz-4ms-gtg-ips-led-freesync-gaming-monitor-s2721qs-black-open-box/15254414)
    * [best budget at toms hardware](https://www.tomshardware.com/best-picks/best-budget-4k-monitor)
  * Updated version of the above is the [Dell 27" 4k UHD Monitor
-   S2722QC]( https://www.dell.com/en-ca/shop/dell-27-4k-uhd-usb-c-monitor-s2722qc/apd/210-bbqt/monitors-monitor-accessories)
+   S2722QC][]
    * 61.16mm x 36.46mm (976mm for two)
    * 1000:1
    * 350cd
@@ -290,6 +300,9 @@ might be waiting for.
    * [850$ at canada computers](https://www.canadacomputers.com/product_info.php?cPath=22_700_1104&item_id=224899)
    * [good review at rtings](https://www.rtings.com/monitor/reviews/lg/27gn950-b)
 
+[Dell 27" 4k UHD Monitor S2722QC]: https://www.dell.com/en-ca/shop/dell-27-4k-uhd-usb-c-monitor-s2722qc/apd/210-bbqt/monitors-monitor-accessories
+[Dell 27" 4K UHD Monitor - S2721QS]: https://www.dell.com/en-ca/shop/dell-27-4k-uhd-monitor-s2721qs/apd/210-axlg/monitors-monitor-accessories#techspecs_section
+
 # Old research
 
 See also this discussion:

diff --git a/services/dns.mdwn b/services/dns.mdwn
index d92f22cb..bf7a692f 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -85,6 +85,37 @@ Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_i
 [RFC 7344]: https://tools.ietf.org/html/rfc7344
 [RFC 8078]: https://tools.ietf.org/html/rfc8078
 
+Update: Gandi ont encore monté leurs prix, et je quitte. Je teste
+présentement:
+
+ * infomaniak: échec. m'ont facturé le transfert qu'il fonctionne, a
+   bloqué sur une demande de vérification d'identité qui demande un
+   selfie avec un passeport, par leur application custom, rien de
+   moins... bypassé grâce à un contact à l'interne, mais ils m'ont
+   quand même facturé alors que le transfert a échoué (il a été fait
+   vers mythic-beasts), je considère demander un remboursement ou
+   simplement quitter / ignorer
+
+ * mythic-beasts: découvert que c'est un revendeur OpenSRS, donc moins
+   intéressant, coûteux, mais trusted... pour l'instant un seul
+   domaine là, à migrer vers OpenSRS?
+
+ * OpenSRS: reste ~70$USD de crédit, intéressant parce que très
+   puissant, mais pas sûr que je veux être revendeur, j'aurais
+   probablement jamais le débit (1000 *nouveaux* par an!) pour avoir
+   des rabais, mais somme toute assez bon: DNSSEC fonctionnel, API,
+   comptes revendeurs, etc, autre problème: pas de facturation
+   automatique sur VISA, il faut débiter manuellement
+
+À considérer, sinon:
+
+ * porkbun - pas cher, mais pas de .at... aussi, c'est un owner de
+   TLD, alors watch out les conflits d'intérêts
+
+ * namecheap / easydns / dnssimple - tous relativement équivalents,
+   plus chers, mais font aussi serveur DNS, namecheap a pas de .at et
+   easyDNS est très cher pour le .at
+
 Convention de noms
 ==================
 

diff --git a/services/dns.mdwn b/services/dns.mdwn
index ef6fcdd6..d92f22cb 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -71,6 +71,7 @@ n'y sont pas listés.
 | leaseweb.com      | 14.40USD | 16.20USD | 15.36EUR | 53.88EUR | 14.40EUR | 16.20USD | rebates for Debian developers                                   |
 | mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted, OpenSRS reseller        |
 | mythic-beasts.com | 18.09USD | 19.34USD | 20.59USD | 22.60USD | 22.60USD | 29.95USD | same, USD                                                       |
+| namecheap.com     | 16.06USD | 15.16USD | 15.16USD | 13.98USD | N/A      | 21.16USD | 3USD rebate with COUPONFCNC code                                |
 | namesilo.com      | 13.95USD | 10.79USD | 11.79USD | 9.99USD  | 11.99USD | 18.49USD |                                                                 |
 | nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                                 |
 | njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                         |

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 67d551d8..ef6fcdd6 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -74,7 +74,7 @@ n'y sont pas listés.
 | namesilo.com      | 13.95USD | 10.79USD | 11.79USD | 9.99USD  | 11.99USD | 18.49USD |                                                                 |
 | nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                                 |
 | njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                         |
-| opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing, 95$ sign up fee                         |
+| opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing, 95$ minimum                             |
 | porkbun.com       | 10.37USD | 10.72USD | 11.48USD | 9.20USD  | N/A      | 16.97USD |                                                                 |
 
 Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using).

diff --git a/services/archive/rescue.mdwn b/services/archive/rescue.mdwn
index c514cfc0..75c16211 100644
--- a/services/archive/rescue.mdwn
+++ b/services/archive/rescue.mdwn
@@ -98,6 +98,9 @@ Notice how both images show a typical "moire" pattern typical of
 rotating medium: a scratch will leave such a pattern on the
 data. Those results were obtained on a 16 year old CD-R disk.
 
+Also note that jmtd wrote a tool called [badiso](https://github.com/jmtd/badiso) to evaluate, based
+on the `ddrescue` output, which files are actually recoverable.
+
 Flash memory
 ============
 

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 1a3164d4..67d551d8 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -60,8 +60,8 @@ n'y sont pas listés.
 
 | Registry          | .com     | .org     | .net     | .ca      | .at      | .info    | Notes                                                           |
 |-------------------|----------|----------|----------|----------|----------|----------|-----------------------------------------------------------------|
-| cloudflare.com    | 9.77USD  | 10.11USD | 10.10USD | N/A      | N/A      | 16.18USD |                                                                 |
-| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting                                                    |
+| cloudflare.com    | 9.77USD  | 10.11USD | 10.10USD | N/A      | N/A      | 16.18USD | forces you to use their DNS servers                             |
+| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting, support for [RFC 8078][]                          |
 | dynadot.com       | 11.99USD | 10.99USD | 11.99USD | 9.99USD  | 13.25USD | 17.99USD | hosted wikileaks, blocked in india for cybersquatting           |
 | easydns.com       | 19.00USD | 19.00USD | 15.00USD | 12.53USD | 24.00USD | 26.00USD | 12.52USD = 15.00CAD, also hosting                               |
 | gandi.net         | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | pas de transfer lock .at, [vendus][], prix explosés             |

diff --git a/services/dns.mdwn b/services/dns.mdwn
index e3f9ca67..1a3164d4 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -58,24 +58,24 @@ Voici une comparaison des prix de renouvellement d'un domaine. Les
 chiffres viennent de <https://tldes.com/> sauf pour quelques uns qui
 n'y sont pas listés.
 
-| Registry          | .com     | .org     | .net     | .ca      | .at      | .info    | Notes                                                    |
-|-------------------|----------|----------|----------|----------|----------|----------|----------------------------------------------------------|
-| cloudflare.com    | 9.77USD  | 10.11USD | 10.10USD | N/A      | N/A      | 16.18USD |                                                          |
-| easydns.com       | 19.00USD | 19.00USD | 15.00USD | 12.53USD | 24.00USD | 26.00USD | 12.52USD = 15.00CAD, also hosting                        |
-| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting                                             |
-| dynadot.com       | 11.99USD | 10.99USD | 11.99USD | 9.99USD  | 13.25USD | 17.99USD | hosted wikileaks, blocked in india for cybersquatting    |
-| gandi.net         | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | pas de transfer lock .at, [vendus][], prix explosés      |
-| glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | 28.74USD | excellent API, support for [RFC 7344][] and [RFC 8078][] |
-| infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | 2,40 € / year extra for domain privacy                   |
-| joker.com         | 16.99USD | 16.88USD | 18.67USD | N/A      | 15.99USD | 28.80USD |                                                          |
-| leaseweb.com      | 14.40USD | 16.20USD | 15.36EUR | 53.88EUR | 14.40EUR | 16.20USD | rebates for Debian developers                            |
-| mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted, OpenSRS reseller |
-| mythic-beasts.com | 18.09USD | 19.34USD | 20.59USD | 22.60USD | 22.60USD | 29.95USD | same, USD                                                |
-| namesilo.com      | 13.95USD | 10.79USD | 11.79USD | 9.99USD  | 11.99USD | 18.49USD |                                                          |
-| nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                          |
-| njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                  |
-| opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing, 95$ sign up fee                  |
-| porkbun.com       | 10.37USD | 10.72USD | 11.48USD | 9.20USD  | N/A      | 16.97USD |                                                          |
+| Registry          | .com     | .org     | .net     | .ca      | .at      | .info    | Notes                                                           |
+|-------------------|----------|----------|----------|----------|----------|----------|-----------------------------------------------------------------|
+| cloudflare.com    | 9.77USD  | 10.11USD | 10.10USD | N/A      | N/A      | 16.18USD |                                                                 |
+| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting                                                    |
+| dynadot.com       | 11.99USD | 10.99USD | 11.99USD | 9.99USD  | 13.25USD | 17.99USD | hosted wikileaks, blocked in india for cybersquatting           |
+| easydns.com       | 19.00USD | 19.00USD | 15.00USD | 12.53USD | 24.00USD | 26.00USD | 12.52USD = 15.00CAD, also hosting                               |
+| gandi.net         | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | pas de transfer lock .at, [vendus][], prix explosés             |
+| glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | 28.74USD | excellent API, support for [RFC 7344][] and [RFC 8078][]        |
+| infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | 2,40 € / year extra for domain privacy, requires identity check |
+| joker.com         | 16.99USD | 16.88USD | 18.67USD | N/A      | 15.99USD | 28.80USD |                                                                 |
+| leaseweb.com      | 14.40USD | 16.20USD | 15.36EUR | 53.88EUR | 14.40EUR | 16.20USD | rebates for Debian developers                                   |
+| mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted, OpenSRS reseller        |
+| mythic-beasts.com | 18.09USD | 19.34USD | 20.59USD | 22.60USD | 22.60USD | 29.95USD | same, USD                                                       |
+| namesilo.com      | 13.95USD | 10.79USD | 11.79USD | 9.99USD  | 11.99USD | 18.49USD |                                                                 |
+| nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                                 |
+| njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                         |
+| opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing, 95$ sign up fee                         |
+| porkbun.com       | 10.37USD | 10.72USD | 11.48USD | 9.20USD  | N/A      | 16.97USD |                                                                 |
 
 Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using).
 

diff --git a/blog/2022-10-28-vpn-considerations.md b/blog/2022-10-28-vpn-considerations.md
index 0b915085..397276d7 100644
--- a/blog/2022-10-28-vpn-considerations.md
+++ b/blog/2022-10-28-vpn-considerations.md
@@ -265,6 +265,10 @@ others (basically [NetbBird](https://netbird.io/), [Firezone](https://www.firezo
 Those are options that came up *after* writing this post, and might
 warrant further examination in the future.
 
+ * [innernet](https://github.com/tonarino/innernet), a "private network system that uses WireGuard under
+   the hood", Rust-based web server, not in Debian, [.debs available
+   here](https://github.com/tommie/innernet-debian)
+
  * [Meshbird](https://meshbird.com/), a "distributed private networking" with little
    information about how it actually works other than "encrypted with
    strong AES-256"

diff --git a/services/dns.mdwn b/services/dns.mdwn
index a961e755..e3f9ca67 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -69,11 +69,12 @@ n'y sont pas listés.
 | infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | 2,40 € / year extra for domain privacy                   |
 | joker.com         | 16.99USD | 16.88USD | 18.67USD | N/A      | 15.99USD | 28.80USD |                                                          |
 | leaseweb.com      | 14.40USD | 16.20USD | 15.36EUR | 53.88EUR | 14.40EUR | 16.20USD | rebates for Debian developers                            |
-| mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted                   |
+| mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted, OpenSRS reseller |
+| mythic-beasts.com | 18.09USD | 19.34USD | 20.59USD | 22.60USD | 22.60USD | 29.95USD | same, USD                                                |
 | namesilo.com      | 13.95USD | 10.79USD | 11.79USD | 9.99USD  | 11.99USD | 18.49USD |                                                          |
 | nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                          |
 | njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                  |
-| opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing                                   |
+| opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing, 95$ sign up fee                  |
 | porkbun.com       | 10.37USD | 10.72USD | 11.48USD | 9.20USD  | N/A      | 16.97USD |                                                          |
 
 Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using).

diff --git a/services/dns.mdwn b/services/dns.mdwn
index badaf581..a961e755 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -66,7 +66,7 @@ n'y sont pas listés.
 | dynadot.com       | 11.99USD | 10.99USD | 11.99USD | 9.99USD  | 13.25USD | 17.99USD | hosted wikileaks, blocked in india for cybersquatting    |
 | gandi.net         | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | pas de transfer lock .at, [vendus][], prix explosés      |
 | glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | 28.74USD | excellent API, support for [RFC 7344][] and [RFC 8078][] |
-| infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | promo prices for first year                              |
+| infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | 2,40 € / year extra for domain privacy                   |
 | joker.com         | 16.99USD | 16.88USD | 18.67USD | N/A      | 15.99USD | 28.80USD |                                                          |
 | leaseweb.com      | 14.40USD | 16.20USD | 15.36EUR | 53.88EUR | 14.40EUR | 16.20USD | rebates for Debian developers                            |
 | mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted                   |

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index e43c99f8..4eec1b0f 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -181,6 +181,7 @@ See a copy of my full [[config/sway/config]] for details.
 Other options include:
 
  * [dwl][]: tiling, minimalist, dwm for Wayland, not in Debian
+ * [hikari][]: tiling/stacking, not in Debian
  * [Hyprland][]: tiling, fancy animations, not in Debian
  * [Qtile][]: tiling, extensible, in Python, not in Debian ([1015267][])
  * [river][]: Zig, stackable, tagging, not in Debian  ([1006593][])

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 478f362f..badaf581 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -63,12 +63,14 @@ n'y sont pas listés.
 | cloudflare.com    | 9.77USD  | 10.11USD | 10.10USD | N/A      | N/A      | 16.18USD |                                                          |
 | easydns.com       | 19.00USD | 19.00USD | 15.00USD | 12.53USD | 24.00USD | 26.00USD | 12.52USD = 15.00CAD, also hosting                        |
 | dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting                                             |
+| dynadot.com       | 11.99USD | 10.99USD | 11.99USD | 9.99USD  | 13.25USD | 17.99USD | hosted wikileaks, blocked in india for cybersquatting    |
 | gandi.net         | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | pas de transfer lock .at, [vendus][], prix explosés      |
 | glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | 28.74USD | excellent API, support for [RFC 7344][] and [RFC 8078][] |
 | infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | promo prices for first year                              |
 | joker.com         | 16.99USD | 16.88USD | 18.67USD | N/A      | 15.99USD | 28.80USD |                                                          |
 | leaseweb.com      | 14.40USD | 16.20USD | 15.36EUR | 53.88EUR | 14.40EUR | 16.20USD | rebates for Debian developers                            |
 | mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted                   |
+| namesilo.com      | 13.95USD | 10.79USD | 11.79USD | 9.99USD  | 11.99USD | 18.49USD |                                                          |
 | nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                          |
 | njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                  |
 | opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing                                   |

diff --git a/services/dns.mdwn b/services/dns.mdwn
index b377984d..478f362f 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -67,8 +67,9 @@ n'y sont pas listés.
 | glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | 28.74USD | excellent API, support for [RFC 7344][] and [RFC 8078][] |
 | infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | promo prices for first year                              |
 | joker.com         | 16.99USD | 16.88USD | 18.67USD | N/A      | 15.99USD | 28.80USD |                                                          |
+| leaseweb.com      | 14.40USD | 16.20USD | 15.36EUR | 53.88EUR | 14.40EUR | 16.20USD | rebates for Debian developers                            |
 | mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted                   |
-| nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR |          |                                                          |
+| nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR | N/A      |                                                          |
 | njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                  |
 | opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing                                   |
 | porkbun.com       | 10.37USD | 10.72USD | 11.48USD | 9.20USD  | N/A      | 16.97USD |                                                          |

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 1cbc2160..b377984d 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -60,7 +60,6 @@ n'y sont pas listés.
 
 | Registry          | .com     | .org     | .net     | .ca      | .at      | .info    | Notes                                                    |
 |-------------------|----------|----------|----------|----------|----------|----------|----------------------------------------------------------|
-| bookmyname.com    | 12.37USD | 14.10USD | 14.09USD | N/A      | 18.90USD | 20.61USD | à déterminer                                             |
 | cloudflare.com    | 9.77USD  | 10.11USD | 10.10USD | N/A      | N/A      | 16.18USD |                                                          |
 | easydns.com       | 19.00USD | 19.00USD | 15.00USD | 12.53USD | 24.00USD | 26.00USD | 12.52USD = 15.00CAD, also hosting                        |
 | dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting                                             |

diff --git a/services/dns.mdwn b/services/dns.mdwn
index fb700a50..1cbc2160 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -54,24 +54,27 @@ changer tous les contacts du domaine **même s'ils n'étaient pas dans
 la liste des contacts**. C'est assez inquiétant et m'indique qu'il
 n'est pas clair, dans l'interface, qui a accès à mes domaines.
 
-| Registry          | .com     | .org     | .net     | .ca      | .at      | Notes                                                    |
-|-------------------|----------|----------|----------|----------|----------|----------------------------------------------------------|
-| bookmyname.com    |          |          |          |          |          | à déterminer                                             |
-| cloudflare.com    | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                                                          |
-| easydns.com       | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting                                             |
-| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 25.00USD | also hosting                                             |
-| gandi.net         | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at                                 |
-| gandi.net (DD)    | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Debian, [vendus][]                                |
-| glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | excellent API, support for [RFC 7344][] and [RFC 8078][] |
-| infomaniak.com    | 11.40EUR | 13.70EUR | 12.45EUR | 13.85EUR | 13.70EUR | promo prices for first year                              |
-| joker.com         | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                                                          |
-| mythic-beasts.com | £15.00   | £17.50   | £18.50   | £20.50   | £20.50   | previously used by debian.org, trusted                   |
-| nic.at            | N/A      | N/A      | N/A      | N/A      | 30.00EUR |                                                          |
-| njal.la           | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme                                 |
-| opensrs.net       | 13.00USD | 15.00USD | 15.50USD | 15.00USD | 15.00USD | reseller, bulk pricing                                   |
-| porkbun.com       | 9.73USD  | 7.49USD  | 11.48USR | N/A      | N/A      |                                                          |
-
-Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using) et [ce site de comparaison de prix](https://tldes.com/).
+Voici une comparaison des prix de renouvellement d'un domaine. Les
+chiffres viennent de <https://tldes.com/> sauf pour quelques uns qui
+n'y sont pas listés.
+
+| Registry          | .com     | .org     | .net     | .ca      | .at      | .info    | Notes                                                    |
+|-------------------|----------|----------|----------|----------|----------|----------|----------------------------------------------------------|
+| bookmyname.com    | 12.37USD | 14.10USD | 14.09USD | N/A      | 18.90USD | 20.61USD | à déterminer                                             |
+| cloudflare.com    | 9.77USD  | 10.11USD | 10.10USD | N/A      | N/A      | 16.18USD |                                                          |
+| easydns.com       | 19.00USD | 19.00USD | 15.00USD | 12.53USD | 24.00USD | 26.00USD | 12.52USD = 15.00CAD, also hosting                        |
+| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting                                             |
+| gandi.net         | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | pas de transfer lock .at, [vendus][], prix explosés      |
+| glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | 28.74USD | excellent API, support for [RFC 7344][] and [RFC 8078][] |
+| infomaniak.com    | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | promo prices for first year                              |
+| joker.com         | 16.99USD | 16.88USD | 18.67USD | N/A      | 15.99USD | 28.80USD |                                                          |
+| mythic-beasts.com | £14.50   | £15.50   | £16.50   | £18.00   | £18.00   | £24.00   | previously used by debian.org, trusted                   |
+| nic.at            | N/A      | N/A      | N/A      | N/A      | 40.80EUR |          |                                                          |
+| njal.la           | 16.09USD | 16.09USD | 16.09USD | N/A      | N/A      | 32.19USD | 16.09USD=15EUR pas un registry, anonyme                  |
+| opensrs.net       | 13.75USD | 15.00USD | 15.50USD | 16.00USD | 17.00USD | 22.00USD | reseller, bulk pricing                                   |
+| porkbun.com       | 10.37USD | 10.72USD | 11.48USD | 9.20USD  | N/A      | 16.97USD |                                                          |
+
+Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using).
 
 [vendus]: https://news.gandi.net/en/2019/02/futureofgandi-the-adventure-continues/
 [bis]: https://amp-bourse.lefigaro.fr/fonds/montefiore-investment-cede-sa-participation-dans-gandi-a-total-webhosting-solutions-20230221

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 49ab7da7..63f7151b 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2028,6 +2028,7 @@ USB-C|blog/2023-02-10-usb-c]]. I'm considering a Dell
  * battery case (!), [the verge has extra photos of the mainboard
    and battery cases](https://www.theverge.com/2023/3/23/23652939/framework-cooler-master-sff-pc-case)
  * [tablet mod](https://www.instructables.com/Framework-Tablet-Assembly-Manual/) (kind of clunky, but works!)
+ * [gaming handheld mod](https://www.youtube.com/watch?v=zd6WtTUf-30) (!!!)
  * [keyboard mod](https://www.tindie.com/products/crimier/framework-input-cover-controller/) (i.e. turn the Framework keyboard, touch pad,
    fingerprint reader and power buttons into a "normal" USB keyboard
    and hub)

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 603ca5a3..e43c99f8 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -136,10 +136,8 @@ the current Xorg tool I am using for the task at hand. It also touches
 on other alternatives and how the tool was configured.
 
 Note that this list is based on the series of tools I use in
-[[software/desktop]].
-
-TODO: update [[software/desktop]] with the following when done,
-possibly moving old configs to a [[software/desktop/xorg]] archive.
+[[software/desktop]]. My old setup is kept in [[software/desktop/x11]]
+for historical purposes (and people hanging on to X11).
 
 ## Window manager: i3 → sway
 
@@ -703,17 +701,17 @@ program and not care, it will "just work".
 
 [foot]: https://codeberg.org/dnkl/foot
 
-## Image viewers: geeqie → geeqie?
+## Image viewers: geeqie → geeqie
 
-I'm not very happy with geeqie in the first place, and I suspect the
-Wayland switch will just make add impossible things on top of the
-things I already find irritating (Geeqie doesn't support copy-pasting
-images). (Update: Geeqie now does, in bookworm!)
+I wasn't happy with geeqie because the UI is a little weird and it
+didn't support copy-pasting images (just their path). Thankfully, the
+latter was fixed!
 
-In practice, Geeqie doesn't seem to work so well under Wayland. The
-fonts are fuzzy and the thumbnail preview just doesn't work anymore
-(filed as [Debian bug 1024092][]). It seems it also has [problems
-with scaling][]. (Update: those are mostly solved.)
+At first, Geeqie seem to work so well under Wayland. The fonts were
+fuzzy and the thumbnail preview just didn't work anymore (filed as
+[Debian bug 1024092][]). It seems it also has [problems with
+scaling][]. All of those problems were solved and I'm now happily
+using Geeqie, although I still think the UI is weird.
 
 Alternatives:
 
@@ -722,6 +720,10 @@ Alternatives:
  * [imv][]: x11/wayland viewer, scriptable, [possible security issues
    and limited format support][], in Debian
  * [mvi][]: mpv-based image viewer
+ * nomacs: basically abandoned upstream (no release since 2020), has
+   an [unpatched][] [CVE-2020-23884][] since July 2020, does [bad
+   vendoring][], and is in bad shape in Debian (4 minor releases
+   behind).
  * [pix][]: KDE/mobile viewer, not in Debian
  * [swayimg][]: overlay, in Debian
  * [vimiv][]: vim-like keybindings, not in Debian
@@ -729,14 +731,6 @@ Alternatives:
 See also [this list][], [this X11 list][] and [that list][] for other
 list of image viewers, not necessarily ported to Wayland.
 
-TODO: pick an alternative to geeqie, nomacs would be gorgeous if it
-wouldn't be basically abandoned upstream (no release since 2020), has
-an [unpatched][] [CVE-2020-23884][] since July 2020, does [bad
-vendoring][], and is in bad shape in Debian (4 minor releases
-behind).
-
-So for now I'm still grumpily using Geeqie.
-
 [Debian bug 1024092]: https://bugs.debian.org/1024092
 [problems with scaling]: https://github.com/BestImageViewer/geeqie/issues/833
 [gwenview]: https://invent.kde.org/graphics/gwenview

diff --git a/software/desktop/wayland/sync.sh b/software/desktop/wayland/sync.sh
index ce3f0bf5..8e762e53 100644
--- a/software/desktop/wayland/sync.sh
+++ b/software/desktop/wayland/sync.sh
@@ -3,9 +3,9 @@
 set -e
 
 for dir in sway foot fuzzel waybar swayidle swaylock swaync; do
-    rsync -a ~/.config/$dir/ $dir/
+    rsync -a ~/.config/$dir/ config/$dir/
 done
 
 for unit in gammastep.service swayidle.service sway.service sway-session.target wcolortaillog.service  wterminal.service ; do
-    rsync ~/.config/systemd/user/$unit $unit
+    rsync ~/.config/systemd/user/$unit config/systemd/user/$unit
 done

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 1312ae63..603ca5a3 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -178,7 +178,7 @@ actually a lot) were *all* **Wayland-specific** changes, not
 *Sway-specific* changes. For example, use `brightnessctl` instead of
 `xbacklight` to change the backlight levels.
 
-See a copy of my full [[.config/sway/config]] for details.
+See a copy of my full [[config/sway/config]] for details.
 
 Other options include:
 
@@ -465,8 +465,8 @@ Sept. 2022) list the following alternatives:
  * [wl-gammaray][]: fork of gammastep, runs as a DBus service
  * [wlsunset][]: [WNPP][]
 
-I configured `gammastep` with a simple [[.config/systemd/user/gammastep.service]] file
-associated with the [[.config/systemd/user/sway-session.target]].
+I configured `gammastep` with a simple [[config/systemd/user/gammastep.service]] file
+associated with the [[config/systemd/user/sway-session.target]].
 
 [gammastep]: https://gitlab.com/chinstrap/gammastep
 [Srcery]: https://srcery-colors.github.io/
@@ -799,7 +799,7 @@ static image or just a black screen, which is fine by me.
 
 In the end, I am just using `swayidle` with a configuration based on
 [the systemd integration wiki page][] but with additional tweaks from
-[this service][], see the resulting [[.config/systemd/user/swayidle.service]] file.
+[this service][], see the resulting [[config/systemd/user/swayidle.service]] file.
 
 Interestingly, damjan also has a [service for swaylock][] itself,
 although it's not clear to me what its purpose is...
@@ -1122,20 +1122,20 @@ I have partly followed the wiki but also picked ideas from damjan's
 
 This is the config I have in `.config/systemd/user/`:
 
- * [[.config/systemd/user/sway.service]]
- * [[.config/systemd/user/sway-session.target]]
+ * [[config/systemd/user/sway.service]]
+ * [[config/systemd/user/sway-session.target]]
 
 I have also configured those services, but that's somewhat optional:
 
- * [[.config/systemd/user/gammastep.service]]
- * [[.config/systemd/user/swayidle.service]]
- * [[.config/systemd/user/wcolortaillog.service]]
- * [[.config/systemd/user/wterminal.service]]
+ * [[config/systemd/user/gammastep.service]]
+ * [[config/systemd/user/swayidle.service]]
+ * [[config/systemd/user/wcolortaillog.service]]
+ * [[config/systemd/user/wterminal.service]]
 
-You will also need at least part of my [[sway config|.config/sway/config]], which
+You will also need at least part of my [[sway config|config/sway/config]], which
 sends the systemd notification (because, no, Sway doesn't support any
 sort of readiness notification, that would be too easy). And you might
-like to see my [[swayidle config|.config/swayidle/config]] while you're there.
+like to see my [[swayidle config|config/swayidle/config]] while you're there.
 
 Finally, you need to hook this up somehow to the login manager. This
 is typically done with a desktop file, so drop
diff --git a/software/desktop/wayland/.config/foot/foot.ini b/software/desktop/wayland/config/foot/foot.ini
similarity index 100%
rename from software/desktop/wayland/.config/foot/foot.ini
rename to software/desktop/wayland/config/foot/foot.ini
diff --git a/software/desktop/wayland/.config/foot/srcery.ini b/software/desktop/wayland/config/foot/srcery.ini
similarity index 100%
rename from software/desktop/wayland/.config/foot/srcery.ini
rename to software/desktop/wayland/config/foot/srcery.ini
diff --git a/software/desktop/wayland/.config/foot/theme.ini b/software/desktop/wayland/config/foot/theme.ini
similarity index 100%
rename from software/desktop/wayland/.config/foot/theme.ini
rename to software/desktop/wayland/config/foot/theme.ini
diff --git a/software/desktop/wayland/.config/fuzzel/fuzzel.ini b/software/desktop/wayland/config/fuzzel/fuzzel.ini
similarity index 100%
rename from software/desktop/wayland/.config/fuzzel/fuzzel.ini
rename to software/desktop/wayland/config/fuzzel/fuzzel.ini
diff --git a/software/desktop/wayland/.config/sway/config b/software/desktop/wayland/config/sway/config
similarity index 100%
rename from software/desktop/wayland/.config/sway/config
rename to software/desktop/wayland/config/sway/config
diff --git a/software/desktop/wayland/.config/swayidle/config b/software/desktop/wayland/config/swayidle/config
similarity index 100%
rename from software/desktop/wayland/.config/swayidle/config
rename to software/desktop/wayland/config/swayidle/config
diff --git a/software/desktop/wayland/.config/swaylock/config b/software/desktop/wayland/config/swaylock/config
similarity index 100%
rename from software/desktop/wayland/.config/swaylock/config
rename to software/desktop/wayland/config/swaylock/config
diff --git a/software/desktop/wayland/.config/swaync/config.json b/software/desktop/wayland/config/swaync/config.json
similarity index 100%
rename from software/desktop/wayland/.config/swaync/config.json
rename to software/desktop/wayland/config/swaync/config.json
diff --git a/software/desktop/wayland/.config/swaync/style.css b/software/desktop/wayland/config/swaync/style.css
similarity index 100%
rename from software/desktop/wayland/.config/swaync/style.css
rename to software/desktop/wayland/config/swaync/style.css
diff --git a/software/desktop/wayland/.config/systemd/user/gammastep.service b/software/desktop/wayland/config/systemd/user/gammastep.service
similarity index 100%
rename from software/desktop/wayland/.config/systemd/user/gammastep.service
rename to software/desktop/wayland/config/systemd/user/gammastep.service
diff --git a/software/desktop/wayland/.config/systemd/user/sway-session.target b/software/desktop/wayland/config/systemd/user/sway-session.target
similarity index 100%
rename from software/desktop/wayland/.config/systemd/user/sway-session.target
rename to software/desktop/wayland/config/systemd/user/sway-session.target
diff --git a/software/desktop/wayland/.config/systemd/user/sway.service b/software/desktop/wayland/config/systemd/user/sway.service
similarity index 100%
rename from software/desktop/wayland/.config/systemd/user/sway.service
rename to software/desktop/wayland/config/systemd/user/sway.service
diff --git a/software/desktop/wayland/.config/systemd/user/swayidle.service b/software/desktop/wayland/config/systemd/user/swayidle.service
similarity index 100%
rename from software/desktop/wayland/.config/systemd/user/swayidle.service
rename to software/desktop/wayland/config/systemd/user/swayidle.service
diff --git a/software/desktop/wayland/.config/systemd/user/wcolortaillog.service b/software/desktop/wayland/config/systemd/user/wcolortaillog.service
similarity index 100%
rename from software/desktop/wayland/.config/systemd/user/wcolortaillog.service
rename to software/desktop/wayland/config/systemd/user/wcolortaillog.service
diff --git a/software/desktop/wayland/.config/systemd/user/wterminal.service b/software/desktop/wayland/config/systemd/user/wterminal.service
similarity index 100%
rename from software/desktop/wayland/.config/systemd/user/wterminal.service
rename to software/desktop/wayland/config/systemd/user/wterminal.service
diff --git a/software/desktop/wayland/.config/waybar/config b/software/desktop/wayland/config/waybar/config
similarity index 100%
rename from software/desktop/wayland/.config/waybar/config
rename to software/desktop/wayland/config/waybar/config
diff --git a/software/desktop/wayland/.config/waybar/srcery.css b/software/desktop/wayland/config/waybar/srcery.css
similarity index 100%
rename from software/desktop/wayland/.config/waybar/srcery.css
rename to software/desktop/wayland/config/waybar/srcery.css
diff --git a/software/desktop/wayland/.config/waybar/style.css b/software/desktop/wayland/config/waybar/style.css
similarity index 100%
rename from software/desktop/wayland/.config/waybar/style.css
rename to software/desktop/wayland/config/waybar/style.css

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 3d9dd569..1312ae63 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -178,7 +178,7 @@ actually a lot) were *all* **Wayland-specific** changes, not
 *Sway-specific* changes. For example, use `brightnessctl` instead of
 `xbacklight` to change the backlight levels.
 
-See a copy of my full [[sway/config]] for details.
+See a copy of my full [[.config/sway/config]] for details.
 
 Other options include:
 
@@ -465,8 +465,8 @@ Sept. 2022) list the following alternatives:
  * [wl-gammaray][]: fork of gammastep, runs as a DBus service
  * [wlsunset][]: [WNPP][]
 
-I configured `gammastep` with a simple [[gammastep.service]] file
-associated with the [[sway-session.target]].
+I configured `gammastep` with a simple [[.config/systemd/user/gammastep.service]] file
+associated with the [[.config/systemd/user/sway-session.target]].
 
 [gammastep]: https://gitlab.com/chinstrap/gammastep
 [Srcery]: https://srcery-colors.github.io/
@@ -799,7 +799,7 @@ static image or just a black screen, which is fine by me.
 
 In the end, I am just using `swayidle` with a configuration based on
 [the systemd integration wiki page][] but with additional tweaks from
-[this service][], see the resulting [[swayidle.service]] file.
+[this service][], see the resulting [[.config/systemd/user/swayidle.service]] file.
 
 Interestingly, damjan also has a [service for swaylock][] itself,
 although it's not clear to me what its purpose is...
@@ -1122,20 +1122,20 @@ I have partly followed the wiki but also picked ideas from damjan's
 
 This is the config I have in `.config/systemd/user/`:
 
- * [[sway.service]]
- * [[sway-session.target]]
+ * [[.config/systemd/user/sway.service]]
+ * [[.config/systemd/user/sway-session.target]]
 
 I have also configured those services, but that's somewhat optional:
 
- * [[gammastep.service]]
- * [[swayidle.service]]
- * [[wcolortaillog.service]]
- * [[wterminal.service]]
+ * [[.config/systemd/user/gammastep.service]]
+ * [[.config/systemd/user/swayidle.service]]
+ * [[.config/systemd/user/wcolortaillog.service]]
+ * [[.config/systemd/user/wterminal.service]]
 
-You will also need at least part of my [[sway config|sway/config]], which
+You will also need at least part of my [[sway config|.config/sway/config]], which
 sends the systemd notification (because, no, Sway doesn't support any
 sort of readiness notification, that would be too easy). And you might
-like to see my [[swayidle config|swayidle/config]] while you're there.
+like to see my [[swayidle config|.config/swayidle/config]] while you're there.
 
 Finally, you need to hook this up somehow to the login manager. This
 is typically done with a desktop file, so drop
diff --git a/software/desktop/wayland/foot/foot.ini b/software/desktop/wayland/.config/foot/foot.ini
similarity index 100%
rename from software/desktop/wayland/foot/foot.ini
rename to software/desktop/wayland/.config/foot/foot.ini
diff --git a/software/desktop/wayland/foot/srcery.ini b/software/desktop/wayland/.config/foot/srcery.ini
similarity index 100%
rename from software/desktop/wayland/foot/srcery.ini
rename to software/desktop/wayland/.config/foot/srcery.ini
diff --git a/software/desktop/wayland/foot/theme.ini b/software/desktop/wayland/.config/foot/theme.ini
similarity index 100%
rename from software/desktop/wayland/foot/theme.ini
rename to software/desktop/wayland/.config/foot/theme.ini
diff --git a/software/desktop/wayland/fuzzel/fuzzel.ini b/software/desktop/wayland/.config/fuzzel/fuzzel.ini
similarity index 100%
rename from software/desktop/wayland/fuzzel/fuzzel.ini
rename to software/desktop/wayland/.config/fuzzel/fuzzel.ini
diff --git a/software/desktop/wayland/sway/config b/software/desktop/wayland/.config/sway/config
similarity index 100%
rename from software/desktop/wayland/sway/config
rename to software/desktop/wayland/.config/sway/config
diff --git a/software/desktop/wayland/swayidle/config b/software/desktop/wayland/.config/swayidle/config
similarity index 100%
rename from software/desktop/wayland/swayidle/config
rename to software/desktop/wayland/.config/swayidle/config
diff --git a/software/desktop/wayland/swaylock/config b/software/desktop/wayland/.config/swaylock/config
similarity index 100%
rename from software/desktop/wayland/swaylock/config
rename to software/desktop/wayland/.config/swaylock/config
diff --git a/software/desktop/wayland/swaync/config.json b/software/desktop/wayland/.config/swaync/config.json
similarity index 100%
rename from software/desktop/wayland/swaync/config.json
rename to software/desktop/wayland/.config/swaync/config.json
diff --git a/software/desktop/wayland/swaync/style.css b/software/desktop/wayland/.config/swaync/style.css
similarity index 100%
rename from software/desktop/wayland/swaync/style.css
rename to software/desktop/wayland/.config/swaync/style.css
diff --git a/software/desktop/wayland/gammastep.service b/software/desktop/wayland/.config/systemd/user/gammastep.service
similarity index 100%
rename from software/desktop/wayland/gammastep.service
rename to software/desktop/wayland/.config/systemd/user/gammastep.service
diff --git a/software/desktop/wayland/sway-session.target b/software/desktop/wayland/.config/systemd/user/sway-session.target
similarity index 100%
rename from software/desktop/wayland/sway-session.target
rename to software/desktop/wayland/.config/systemd/user/sway-session.target
diff --git a/software/desktop/wayland/sway.service b/software/desktop/wayland/.config/systemd/user/sway.service
similarity index 100%
rename from software/desktop/wayland/sway.service
rename to software/desktop/wayland/.config/systemd/user/sway.service
diff --git a/software/desktop/wayland/swayidle.service b/software/desktop/wayland/.config/systemd/user/swayidle.service
similarity index 100%
rename from software/desktop/wayland/swayidle.service
rename to software/desktop/wayland/.config/systemd/user/swayidle.service
diff --git a/software/desktop/wayland/wcolortaillog.service b/software/desktop/wayland/.config/systemd/user/wcolortaillog.service
similarity index 100%
rename from software/desktop/wayland/wcolortaillog.service
rename to software/desktop/wayland/.config/systemd/user/wcolortaillog.service
diff --git a/software/desktop/wayland/wterminal.service b/software/desktop/wayland/.config/systemd/user/wterminal.service
similarity index 100%
rename from software/desktop/wayland/wterminal.service
rename to software/desktop/wayland/.config/systemd/user/wterminal.service
diff --git a/software/desktop/wayland/waybar/config b/software/desktop/wayland/.config/waybar/config
similarity index 100%
rename from software/desktop/wayland/waybar/config
rename to software/desktop/wayland/.config/waybar/config
diff --git a/software/desktop/wayland/waybar/srcery.css b/software/desktop/wayland/.config/waybar/srcery.css
similarity index 100%
rename from software/desktop/wayland/waybar/srcery.css
rename to software/desktop/wayland/.config/waybar/srcery.css
diff --git a/software/desktop/wayland/waybar/style.css b/software/desktop/wayland/.config/waybar/style.css
similarity index 100%
rename from software/desktop/wayland/waybar/style.css
rename to software/desktop/wayland/.config/waybar/style.css

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 33d175b6..3d9dd569 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -941,10 +941,10 @@ how many things you were using are tightly bound to X.
    crap was left around a buffer by the previous collection of
    programs, basically)
 
- * notifications: currently using [dunst][] in some places, which
-   works well in both Xorg and Wayland, not a blocker, [fnott][] ([not
-   in Debian](https://bugs.debian.org/997020)), [salut][] (not in Debian) possible alternatives,
-   damjan [uses mako][]. TODO: install dunst everywhere
+ * notifications: previously [dunst][] in some places, which works
+   well in both Xorg and Wayland, not a blocker, [fnott][] ([not in
+   Debian](https://bugs.debian.org/997020)), [salut][] (not in Debian) possible alternatives:
+   damjan [uses mako][]. Eventually migrated to [sway-nc][].
 
  * notification area: I had trouble making `nm-applet` work. based on
    [this nm-applet.service][], I found that you need to pass `--indicator`.  In
@@ -1435,9 +1435,21 @@ X11 in the end.
 
 ## Sound/brightness changes notifications
 
-TODO: [Avizo][] can display a pop-up to give feedback on volume and
-brightness changes. Not in Debian. Other alternatives include
-[SwayOSD][] and [sway-nc][], also not in Debian.
+The goal here is to display a pop-up to give feedback on volume or
+brightness changes, or other state changes.
+
+For now, I am testing [poweralertd](https://sr.ht/~kennylevinsen/poweralertd/) which monitors power sends
+standard notifications on state changes and [sway-nc][] (shipped with
+bookworm) that replaces dunst and also provides sliders for
+backlight. Default config is almost useless, good stuff in the
+[discussion forum](https://github.com/ErikReider/SwayNotificationCenter/discussions/183). Still very GUI-y and mouse driven, not enough
+text... e.g. we don't see the actual volume or brightness in
+percentage.
+
+Other alternatives:
+
+ * [Avizo][], not in Debian, requires keybinding wrapper
+ * [SwayOSD][], not in Debian, requires keybinding wrapper or libinput access
 
 [Avizo]: https://github.com/misterdanb/avizo
 [SwayOSD]: https://github.com/ErikReider/SwayOSD

diff --git a/software/desktop/wayland/foot/foot.ini b/software/desktop/wayland/foot/foot.ini
index e2ca0a16..f897899e 100644
--- a/software/desktop/wayland/foot/foot.ini
+++ b/software/desktop/wayland/foot/foot.ini
@@ -1,5 +1,10 @@
 [main]
 font=Fira mono:size=12
+# a symlink to the current theme, flipped with scripts.git's dark/light
+include=/home/anarcat/.config/foot/theme.ini
+#include=/usr/share/foot/themes/gruvbox-light
+#include=/usr/share/foot/themes/selenized-light
+#include=/usr/share/foot/themes/paper-color-light
 
 [bell]
 urgent=yes
@@ -15,31 +20,8 @@ color=002b36 fbb829
 
 [mouse]
 hide-when-typing=yes
-
-[colors]
-background= 1c1b19
-foreground= fce8c3
-regular0=   1c1b19
-regular1=   ef2f27
-regular2=   519f50
-regular3=   fbb829
-regular4=   2c78bf
-regular5=   e02c6d
-regular6=   0aaeb3
-regular7=   baa67f
-bright0=    918175
-bright1=    f75341
-bright2=    98bc37
-bright3=    fed06e
-bright4=    68a8e4
-bright5=    ff5c8f
-bright6=    2be4d0
-bright7=    fce8c3
-
-## Enable if prefer solarized colors instead of inverterd fg/bg for
-## highlighting (mouse selection)
-# selection-foreground=93a1a1
-# selection-background=073642
+# disable "mouse scroll sends arrow keys"
+alternate-scroll-mode=no
 
 [key-bindings]
 # local version of https://codeberg.org/dnkl/foot/pulls/1243
@@ -47,3 +29,8 @@ unicode-input=Control+Shift+u
 show-urls-launch=Control+Shift+o
 #show-urls-persistent=Control+Shift+u
 # another option is show-urls-copy
+
+# for some reason, shift-enter prints ";2;13~" in foot. it's unclear
+# why, but that fixes it
+[text-bindings]
+\x0d = Shift+Return
diff --git a/software/desktop/wayland/foot/srcery.ini b/software/desktop/wayland/foot/srcery.ini
new file mode 100644
index 00000000..54966707
--- /dev/null
+++ b/software/desktop/wayland/foot/srcery.ini
@@ -0,0 +1,26 @@
+# srcery
+
+[colors]
+background= 1c1b19
+foreground= fce8c3
+regular0=   1c1b19
+regular1=   ef2f27
+regular2=   519f50
+regular3=   fbb829
+regular4=   2c78bf
+regular5=   e02c6d
+regular6=   0aaeb3
+regular7=   baa67f
+bright0=    918175
+bright1=    f75341
+bright2=    98bc37
+bright3=    fed06e
+bright4=    68a8e4
+bright5=    ff5c8f
+bright6=    2be4d0
+bright7=    fce8c3
+
+## Enable if prefer solarized colors instead of inverterd fg/bg for
+## highlighting (mouse selection)
+# selection-foreground=93a1a1
+# selection-background=073642
diff --git a/software/desktop/wayland/foot/theme.ini b/software/desktop/wayland/foot/theme.ini
new file mode 120000
index 00000000..b6c711c1
--- /dev/null
+++ b/software/desktop/wayland/foot/theme.ini
@@ -0,0 +1 @@
+srcery.ini
\ No newline at end of file
diff --git a/software/desktop/wayland/gammastep.service b/software/desktop/wayland/gammastep.service
index b203527c..151f05dd 100644
--- a/software/desktop/wayland/gammastep.service
+++ b/software/desktop/wayland/gammastep.service
@@ -1,7 +1,6 @@
 [Unit]
 Description=gammastep: set temperature
 Documentation=gammastep(1)
-PartOf=graphical-session.target
 After=sway-session.target
 
 [Service]
diff --git a/software/desktop/wayland/sway.service b/software/desktop/wayland/sway.service
index 072b84b0..42b529ed 100644
--- a/software/desktop/wayland/sway.service
+++ b/software/desktop/wayland/sway.service
@@ -24,10 +24,12 @@ Before=sway-session.target
 # systemd that the unit is ready. that way other units get started
 # only at this anchor point.
 Type=notify
-NotifyAccess=all
+#NotifyAccess=all
 ExecStart=/usr/bin/sway
 Restart=on-failure
 RestartSec=1
 TimeoutStopSec=10
 # This line make you able to logout to dm and login into sway again
 ExecStopPost=/usr/bin/systemctl --user unset-environment SWAYSOCK DISPLAY I3SOCK WAYLAND_DISPLAY
+# don't crash the session when a subprocess OOM's
+OOMPolicy=continue
diff --git a/software/desktop/wayland/sway/config b/software/desktop/wayland/sway/config
index ef9835c3..fefbcc51 100644
--- a/software/desktop/wayland/sway/config
+++ b/software/desktop/wayland/sway/config
@@ -54,7 +54,11 @@ force_display_urgency_hint 500 ms
 default_border pixel 1
 
 # start a terminal
-bindsym $mod+Return exec foot
+#
+# we start it as a systemd unit on the fly otherwise podman takes over
+# the Main PID of the sway.service and container exits crash the whole
+# session
+bindsym $mod+Return exec systemd-run --user foot
 
 # kill focused window
 #bindsym $mod+Shift+q kill
@@ -128,6 +132,7 @@ bindsym $mod+a focus parent
 #bindsym $mod+d focus child
 
 # switch to workspace
+bindsym $mod+0 workspace 0
 bindsym $mod+1 workspace 1
 bindsym $mod+2 workspace 2
 bindsym $mod+3 workspace 3
@@ -137,9 +142,9 @@ bindsym $mod+6 workspace 6
 bindsym $mod+7 workspace 7
 bindsym $mod+8 workspace 8
 bindsym $mod+9 workspace 9
-bindsym $mod+0 workspace 10
 
 # move focused container to workspace
+bindsym $mod+Shift+0 move container to workspace 0
 bindsym $mod+Shift+1 move container to workspace 1
 bindsym $mod+Shift+2 move container to workspace 2
 bindsym $mod+Shift+3 move container to workspace 3
@@ -149,7 +154,6 @@ bindsym $mod+Shift+6 move container to workspace 6
 bindsym $mod+Shift+7 move container to workspace 7
 bindsym $mod+Shift+8 move container to workspace 8
 bindsym $mod+Shift+9 move container to workspace 9
-bindsym $mod+Shift+0 move container to workspace 10
 
 bindsym $mod+Right workspace next
 bindsym $mod+Left workspace prev
@@ -158,7 +162,9 @@ bindsym $mod+Escape workspace back_and_forth
 # https://i3wm.org/docs/userguide.html#move_to_outputs
 # mod-shift-right/left will also do this, but for a container
 bindsym $mod+Control+Right move workspace to output right
-bindsym $mod+Control+Left move workspace to output right
+bindsym $mod+Control+Left move workspace to output left
+bindsym $mod+Control+Up move workspace to output up
+bindsym $mod+Control+Down move workspace to output down
 
 bindsym $mod+i sticky toggle
 
@@ -173,7 +179,7 @@ bindsym $mod+i sticky toggle
 
 # all replaced by a dmenu-like single "power" menu
 # taken from https://faq.i3wm.org/question/1262/exiting-i3-without-mouse-click.1.html
-bindsym $mod+q exec sway-power-menu
+bindsym $mod+q exec systemd-run --user sway-power-menu
 
 # resize window (you can also use the mouse for that)
 mode "resize" {
@@ -208,7 +214,7 @@ bindsym $mod+Shift+minus move scratchpad
 bindsym $mod+minus scratchpad show
 
 # super-fast shortcuts of death everywhere
-bindsym $mod+y exec e
+bindsym $mod+y exec systemd-run --user e
 # should open the home directory with the preconfigured file
 # manager. now what *that* will be is mystery!

(Diff truncated)

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 435b2a98..33d175b6 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -178,7 +178,7 @@ actually a lot) were *all* **Wayland-specific** changes, not
 *Sway-specific* changes. For example, use `brightnessctl` instead of
 `xbacklight` to change the backlight levels.
 
-See a copy of my full [[sway/config|config]] for details.
+See a copy of my full [[sway/config]] for details.
 
 Other options include:
 
@@ -1132,10 +1132,10 @@ I have also configured those services, but that's somewhat optional:
  * [[wcolortaillog.service]]
  * [[wterminal.service]]
 
-You will also need at least part of my [[sway/config|config]], which
+You will also need at least part of my [[sway config|sway/config]], which
 sends the systemd notification (because, no, Sway doesn't support any
 sort of readiness notification, that would be too easy). And you might
-like to see my [[swayidle-config]] while you're there.
+like to see my [[swayidle config|swayidle/config]] while you're there.
 
 Finally, you need to hook this up somehow to the login manager. This
 is typically done with a desktop file, so drop
diff --git a/software/desktop/wayland/foot.ini b/software/desktop/wayland/foot/foot.ini
similarity index 100%
rename from software/desktop/wayland/foot.ini
rename to software/desktop/wayland/foot/foot.ini
diff --git a/software/desktop/wayland/fuzzel.ini b/software/desktop/wayland/fuzzel/fuzzel.ini
similarity index 100%
rename from software/desktop/wayland/fuzzel.ini
rename to software/desktop/wayland/fuzzel/fuzzel.ini
diff --git a/software/desktop/wayland/config b/software/desktop/wayland/sway/config
similarity index 100%
rename from software/desktop/wayland/config
rename to software/desktop/wayland/sway/config
diff --git a/software/desktop/wayland/swayidle-config b/software/desktop/wayland/swayidle/config
similarity index 100%
rename from software/desktop/wayland/swayidle-config
rename to software/desktop/wayland/swayidle/config

diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index 39c534a2..7bd262de 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -64,7 +64,7 @@ Possible alternatives to zotero and/or wallabag include:
 
  * [i librarian](https://i-librarian.net/)
  * [jabref](http://www.jabref.org/)
- * [lesana](https://lesana.trueelena.org/)
+ * [lesana](https://lesana.trueelena.org/), includes a [GTK](https://git.sr.ht/~fabrixxm/Collector) and [web interface](https://git.sr.ht/~fabrixxm/lesanaweb)
  * [papis](https://github.com/papis/papis)
  * [pubs](https://github.com/pubs/pubs)
  * [xapers](https://finestructure.net/xapers/)

diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index f91e2477..39c534a2 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -64,6 +64,7 @@ Possible alternatives to zotero and/or wallabag include:
 
  * [i librarian](https://i-librarian.net/)
  * [jabref](http://www.jabref.org/)
+ * [lesana](https://lesana.trueelena.org/)
  * [papis](https://github.com/papis/papis)
  * [pubs](https://github.com/pubs/pubs)
  * [xapers](https://finestructure.net/xapers/)

diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 355a9226..202b5e90 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -9,10 +9,11 @@ TL;DR: I'm considering replacing those various [Calibre][] compnents with...
  * ebook viewer: [koreader][] on e-readers, [Atril][] on the desktop,
    testing [sioyek][] as a more powerful, keyboard-driven alternative
  * ebook editor: [Sigil][]
- * file converter: no good alternative
+ * file converter: no good alternative, not really used anymore
  * collection browser: [Liber][] or [trantor][]? see also [[services/bookmarks]]
  * ebook web server: [Liber][]? [calibre-web][]?
- * metadata editor: no good alternative
+ * metadata editor: no good alternative, importing books with
+   `calibredb` now at least
  * device synchronisation: [[Syncthing|hardware/tablet/kobo-clara-hd/#install-syncthing]]
  * RSS reader: [feed2exec][] then [wallabako][] to [koreader][]
 
@@ -433,6 +434,32 @@ miss a way to regroup books by collections sometimes, but can't help
 but think this could be done by folder / book naming or some out of
 band metadata.
 
+I have recently figured out that my Calibre workflow could be simply:
+
+    calibredb add <file> ...
+
+... to add multiple files to the library automatically, as separate
+books. Or, to add multiple formats of the same book:
+
+    calibredb add -1 <directory>
+
+The flag `-1` being a shortcut to `--one-book-per-directory`. 
+
+The `fetch-ebook-metadata` command can also be used to pull metadata
+from online servers, particularly interesting for its `--cover` option
+if the above files don't have proper covers, but it can also pull
+everything else. Downside: that doesn't get saved to Calibre's
+database, but it can save a OPF file that can then be fed into
+`calibredb set_metadata <book_id> <opf_file>`.
+
+I also started implementing my own importer in [import-book](https://gitlab.com/anarcat/scripts/-/blob/31917056d89a66832848326ec16110975451676f/import-book) but
+it's just a bad first prototype, probably to be discarded if we're
+serious about this. It could start by being a wrapper for Calibre's
+above function, progressively replacing each of them by our own code
+until we're satisfied.
+
+Or we can just keep using Calibre.
+
 [work Peter Keel did]: https://seegras.discordia.ch/Blog/life-with-calibre/
 [epub-tools]: https://sourceforge.net/projects/ebook-tools/
 [Thunar]: https://docs.xfce.org/xfce/thunar/start

diff --git a/blog/2022-06-17-matrix-notes.md b/blog/2022-06-17-matrix-notes.md
index 5fa92b1f..95f2be80 100644
--- a/blog/2022-06-17-matrix-notes.md
+++ b/blog/2022-06-17-matrix-notes.md
@@ -79,6 +79,16 @@ There is a mechanism to expire entries in Synapse, but it is [not
 enabled by default](https://github.com/matrix-org/synapse/blob/28989cb301fecf5a669a634c09bc2b73f97fec5d/docs/sample_config.yaml#L559). So one should generally assume that a message
 sent on Matrix is never expired.
 
+Update: one key thing with Matrix is that it's not a linear storage of
+discussions like IRC or email. It's actually an directed acyclic graph
+that servers try to continuously merged. And as such it's actually
+*really hard* to delete past history. Even with expiration enabled,
+that's advisory for other servers *and* some room parameters (like
+join/part/bans) *must* be kept forever. See [this lengthy discussion
+for details][why-not-matrix].
+
+[why-not-matrix]: https://telegra.ph/why-not-matrix-08-07
+
 ## GDPR in the federation
 
 But even if that setting was enabled by default, how do you control
@@ -248,7 +258,9 @@ Overall, I would worry much more about a Matrix home server seizure
 than a IRC or Signal server seizure. [Signal does get subpoenas](https://signal.org/blog/looking-back-as-the-world-moves-forward/),
 and they can only give out a tiny bit of information about their
 users: their phone number, and their registration, and last connection
-date. Matrix carries a *lot* more information in its database.
+date. Matrix carries a *lot* more information in its database, and
+a lot of that information is carried permanently, think
+"blockchain-level" permanence.
 
 ## Amplification attacks on URL previews
 
@@ -332,6 +344,12 @@ rejoin the room from another server. This is why spam is such a
 problem in Email, and why IRC networks have stopped federating ages
 ago (see [the IRC history](https://en.wikipedia.org/wiki/Internet_Relay_Chat#History) for that fascinating story).
 
+Update: it's much worse than I imagined. Abuse is *really* easy on
+Matrix, with simple attacks like flood-joining permanently crippling
+rooms. According to [Why Not Matrix][why-not-matrix] this is a problem that's been
+known for years, a fundamental design flaw that's barely acknowledged,
+but usually swept under the rug by Matrix people.
+
 ## The mjolnir bot
 
 The [mjolnir moderation bot](https://github.com/matrix-org/mjolnir) is designed to help with some of those
@@ -879,9 +897,9 @@ encryption or room discovery, never mind voice or spaces...
 Overall, Matrix is somehow in the space XMPP was a few years ago. It
 has a *ton* of features, pretty good clients, and a large
 community. It seems to have gained some of the momentum that XMPP has
-lost. It may have the most potential to replace Signal if something
-bad would happen to it (like, I don't know, [getting banned](https://signal.org/blog/earn-it/) or
-[going nuts with cryptocurrency](https://signal.org/blog/update-on-beta-testing-payments/))...
+lost. It could be seen as having the most potential to replace Signal
+if something bad would happen to it (like, I don't know, [getting
+banned](https://signal.org/blog/earn-it/) or [going nuts with cryptocurrency](https://signal.org/blog/update-on-beta-testing-payments/))...
 
 But it's really not there yet, and I don't see Matrix trying to get
 there either, which is a bit worrisome.
@@ -1009,9 +1027,13 @@ vicious cycles?
 
 # Updates
 
+## Other discussions
+
 This generated some discussions on [lobste.rs](https://lobste.rs/s/ixa4vr/matrix_notes) and [Hacker
 News](https://news.ycombinator.com/item?id=31782717).
 
+## External research on Matrix privacy, exhibit A
+
 I have also found a [research on Matrix's privacy](https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org) which touches on
 some of the issues outlined here. Unfortunately, it seems that
 research is rather heavily biased; it was written by the
@@ -1042,7 +1064,24 @@ to it as well.
 Not that people read articles thoroughly before commenting anyways, of
 course.
 
-[[!tag matrix irc history debian-planet python-planet review internet]]
+## External research on Matrix, exhibit B
+
+This one is more damning and makes me reconsider using Matrix at
+all. I encourage anyone who is planning to do anything serious with
+Matrix to take a long, deep look at [why not matrix][].
+
+It certainly gave me food for thought. As a basic example: I have sent
+myself an attachment over FluffyChat from my phone, in a (failed)
+attempt at dumping a file from my phone to "the internet" at a print
+shop. (It didn't work: I couldn't find the link to share.) But the
+file *did* get posted on the homeserver, so there *was* a
+link. Problem though: when I deleted the message from FluffyChat, the
+attachment was still there, and will presumably be present forever.
+
+Ouch. Watch out what you upload to Matrix.
+
+[[!tag matrix irc history debian-planet python-planet review
+internet]]
 
 [^1]: [According to Wikipedia](https://en.wikipedia.org/wiki/Internet_Relay_Chat#Modern_IRC), there are currently about 500
       distinct IRC *networks* operating, on about 1,000 servers,

diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index bb9416a1..355a9226 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -237,7 +237,11 @@ pristine copies of ePUB books than fight with the converter.
 
 There are, however, no alternatives to Calibre for this functionality,
 unfortunately.
- 
+
+Update: someone courageously took it upon themselves to take the best
+out of Calibre's `ebook-convert`, rip out all the un-needed stuff, and
+make it shine. See the [ebook-converter](https://github.com/gryf/ebook-converter) project, untested.
+
 ## Collection browser
 
 This is the main functionality I would miss from Calibre. I am

diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index df83fb2d..bb9416a1 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -154,6 +154,8 @@ replace Calibre here:
    engine and doesn't find my books (and instead lots of other
    garbage). it's been described as "basic" and "the least mature" in
    [this OMG Ubuntu review][]
+ * [kavita][] is a web based collections browser with a built-in ePUB
+   and manga reader
  * [koreader][] is a good alternative reader for the Kobo devices and
    now also has builds for Debian, but no Debian package
  * [lucidor][] is a Firefox extension that can read an organize books,
@@ -205,6 +207,7 @@ See also the [pdf-viewer metapackage](https://packages.debian.org/sid/pdf-viewer
 [baca]: https://github.com/wustho/baca
 [arianna]: https://apps.kde.org/arianna/
 [Peruse]: https://peruse.kde.org/
+[kavita]: https://github.com/Kareadita/Kavita
 
 ## ebook editor
 
@@ -285,6 +288,8 @@ either.
 And this of course overlaps with another functionality that Calibre
 provide, which is that it's also... a web server!
 
+See below for web-based collection browsers.
+
 ## ebook web server
 
 Calibre can indeed also act as a web server, presenting your entire ebook
@@ -305,7 +310,7 @@ the database using SQLAlchemy. It does use calibre components to
 convert books but it might be an interesting alternative to the web
 interface shipped with Calibre.
 
-[readarr][] ("arr" stands for "aaargh C#/Windows!") and [Ubooquity][]
+[kavita][], [readarr][] ("arr" stands for "aaargh C#/Windows!") and [Ubooquity][]
 (... Java) are things as well, neither of which are packaged in Debian.
 
 [readarr]: https://readarr.com/

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 0f274eb6..fb700a50 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -71,7 +71,7 @@ n'est pas clair, dans l'interface, qui a accès à mes domaines.
 | opensrs.net       | 13.00USD | 15.00USD | 15.50USD | 15.00USD | 15.00USD | reseller, bulk pricing                                   |
 | porkbun.com       | 9.73USD  | 7.49USD  | 11.48USR | N/A      | N/A      |                                                          |
 
-Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using).
+Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using) et [ce site de comparaison de prix](https://tldes.com/).
 
 [vendus]: https://news.gandi.net/en/2019/02/futureofgandi-the-adventure-continues/
 [bis]: https://amp-bourse.lefigaro.fr/fonds/montefiore-investment-cede-sa-participation-dans-gandi-a-total-webhosting-solutions-20230221

diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 46f41434..515b4639 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -360,7 +360,7 @@ Interesting if you can afford the noise.
 
 ## Moergo
 
-https://www.moergo.com/
+<https://www.moergo.com/>
 
 split, ergonomic keyboard.
 
@@ -369,7 +369,7 @@ split, ergonomic keyboard.
 Open-hardware split ergonomic keyboard, with OLED displays, haptic
 feedback, trackballs.
 
-https://github.com/GEIGEIGEIST/KLOR
+<https://github.com/GEIGEIGEIST/KLOR>
 
 ## Vortex
 

diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index a549a5bd..46f41434 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -371,6 +371,11 @@ feedback, trackballs.
 
 https://github.com/GEIGEIGEIST/KLOR
 
+## Vortex
+
+This is a pretty TKL keyboard, the [Multics](https://vortexgear.store/en-ca/products/multix?variant=43056025993379). Not sure about the Fn
+key on the right though.
+
 # Reviews
 
 * [rtings](https://www.rtings.com/keyboard) has a keyboards section

diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 5cb19a09..a549a5bd 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -358,6 +358,19 @@ including split and TKL, and an open firmware (QMK and others):
 
 Interesting if you can afford the noise.
 
+## Moergo
+
+https://www.moergo.com/
+
+split, ergonomic keyboard.
+
+## KLOR
+
+Open-hardware split ergonomic keyboard, with OLED displays, haptic
+feedback, trackballs.
+
+https://github.com/GEIGEIGEIST/KLOR
+
 # Reviews
 
 * [rtings](https://www.rtings.com/keyboard) has a keyboards section

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 07d5a44a..0f274eb6 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -54,26 +54,29 @@ changer tous les contacts du domaine **même s'ils n'étaient pas dans
 la liste des contacts**. C'est assez inquiétant et m'indique qu'il
 n'est pas clair, dans l'interface, qui a accès à mes domaines.
 
-| Registry          | .com     | .org     | .net     | .ca      | .at      | Notes                                  |
-|-------------------|----------|----------|----------|----------|----------|----------------------------------------|
-| bookmyname.com    |          |          |          |          |          | à déterminer                           |
-| cloudflare.com    | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                                        |
-| easydns.com       | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting                           |
-| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 25.00USD | also hosting                           |
-| gandi.net         | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at               |
-| gandi.net (DD)    | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Debian, [vendus][]              |
-| infomaniak.com    | 11.40EUR | 13.70EUR | 12.45EUR | 13.85EUR | 13.70EUR | promo prices for first year            |
-| joker.com         | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                                        |
-| mythic-beasts.com | £15.00   | £17.50   | £18.50   | £20.50   | £20.50   | previously used by debian.org, trusted |
-| nic.at            | N/A      | N/A      | N/A      | N/A      | 30.00EUR |                                        |
-| njal.la           | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme               |
-| opensrs.net       | 13.00USD | 15.00USD | 15.50USD | 15.00USD | 15.00USD | reseller, bulk pricing                 |
-| porkbun.com       | 9.73USD  | 7.49USD  | 11.48USR | N/A      | N/A      |                                        |
+| Registry          | .com     | .org     | .net     | .ca      | .at      | Notes                                                    |
+|-------------------|----------|----------|----------|----------|----------|----------------------------------------------------------|
+| bookmyname.com    |          |          |          |          |          | à déterminer                                             |
+| cloudflare.com    | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                                                          |
+| easydns.com       | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting                                             |
+| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 25.00USD | also hosting                                             |
+| gandi.net         | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at                                 |
+| gandi.net (DD)    | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Debian, [vendus][]                                |
+| glauca.digital    | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | excellent API, support for [RFC 7344][] and [RFC 8078][] |
+| infomaniak.com    | 11.40EUR | 13.70EUR | 12.45EUR | 13.85EUR | 13.70EUR | promo prices for first year                              |
+| joker.com         | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                                                          |
+| mythic-beasts.com | £15.00   | £17.50   | £18.50   | £20.50   | £20.50   | previously used by debian.org, trusted                   |
+| nic.at            | N/A      | N/A      | N/A      | N/A      | 30.00EUR |                                                          |
+| njal.la           | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme                                 |
+| opensrs.net       | 13.00USD | 15.00USD | 15.50USD | 15.00USD | 15.00USD | reseller, bulk pricing                                   |
+| porkbun.com       | 9.73USD  | 7.49USD  | 11.48USR | N/A      | N/A      |                                                          |
 
 Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using).
 
 [vendus]: https://news.gandi.net/en/2019/02/futureofgandi-the-adventure-continues/
 [bis]: https://amp-bourse.lefigaro.fr/fonds/montefiore-investment-cede-sa-participation-dans-gandi-a-total-webhosting-solutions-20230221
+[RFC 7344]: https://tools.ietf.org/html/rfc7344
+[RFC 8078]: https://tools.ietf.org/html/rfc8078
 
 Convention de noms
 ==================

diff --git a/blog/2020-03-10-font-changes.mdwn b/blog/2020-03-10-font-changes.mdwn
index a1834578..0769bfae 100644
--- a/blog/2020-03-10-font-changes.mdwn
+++ b/blog/2020-03-10-font-changes.mdwn
@@ -279,4 +279,9 @@ out a little better:
 
 2023-05-29: Intel made a monospace font, [Intel One Mono](https://github.com/intel/intel-one-mono/).
 
+2023-09-02: a new font just came out, inspired by Fira Mono / Code:
+[Commit Mono](https://commitmono.com/). Really pretty, I like how the bar on the "f" aligns
+with the other top of letters, something in Fira mono that really
+annoys me now that I've noticed it (it's not aligned!).
+
 [[!tag debian-planet python-planet typography meta ikiwiki theming usability]]

diff --git a/services/wifi.mdwn b/services/wifi.mdwn
index 5aa1bfb1..19e12df5 100644
--- a/services/wifi.mdwn
+++ b/services/wifi.mdwn
@@ -34,8 +34,9 @@ should probably be followed when setting up the new APs.
    [Switch Lite 8 PoE](https://ca.store.ui.com/ca/en/collections/unifi-network-switching/products/usw-lite-8-poe) (desk-mount, 52W, 145$CAD, [266$ for 16
    ports](https://ca.store.ui.com/ca/en/collections/unifi-network-switching/products/usw-lite-16-poe), 45W), or a rack-mount [16-port PoE switch](https://ca.store.ui.com/ca/en/collections/unifi-network-switching/products/usw-16-poe) (400$,
    42W). They also have a [neat toolless rack](https://store.ui.com/collections/unifi-accessories-racks/products/toolless-mini-rack) but only 6U
-   ([400$CAD](https://ca.store.ui.com/ca/en/collections/unifi-accessories-racks/products/toolless-mini-rack)). Be warned that SNMP support in Ubiquiti is
-   [spotty](https://community.ui.com/questions/Unifi-Switch-16-POE-gen2-not-supporting-SNMP-v3-and-snmp-v2c-appear-bugged/7f2cb538-8186-4e9c-9dd8-d72e6400db4e) [at best](https://community.ui.com/questions/SNMP-information-from-AP/ccd327f9-916b-4483-949e-9d9c0dc3a5d4)...
+   ([400$CAD](https://ca.store.ui.com/ca/en/collections/unifi-accessories-racks/products/toolless-mini-rack)) and a [blank 24-port keystone patch panel](https://ca.store.ui.com/ca/en/pro/category/accessories-rack-mount/products/uacc-rack-panel-patch-blank-24) for
+   25$. Be warned that SNMP support in Ubiquiti is [spotty](https://community.ui.com/questions/Unifi-Switch-16-POE-gen2-not-supporting-SNMP-v3-and-snmp-v2c-appear-bugged/7f2cb538-8186-4e9c-9dd8-d72e6400db4e) [at
+   best](https://community.ui.com/questions/SNMP-information-from-AP/ccd327f9-916b-4483-949e-9d9c0dc3a5d4)...
 
  * [TP-Link EAP245v3](https://www.tp-link.com/en/business-networking/omada-sdn-access-point/eap245/v3/#overview), [openwrt page](https://openwrt.org/toh/tp-link/eap245_v3), [100$ at Canada
    Computers](https://www.canadacomputers.com/product_info.php?cPath=27_1056&item_id=135916), [105$CAD at Staples](https://www.staples.ca/products/2946195-en-tp-link-eap245-v3-ac1750-wireless-mu-mimo-gigabit-ceiling-mount-access-point), [102$ at BestBuy with
@@ -48,7 +49,10 @@ should probably be followed when setting up the new APs.
    that this switch will fill up quick as each EAP245 takes its own
    12.3W of power and the switch can only provide 60W, so only 5 of
    the 8 ports are actually usable in that sense. **Update: ordered
-   this from Staples!** (On sale at 90$.)
+   this from Staples!** (On sale at 90$.) (WARNING: not an actual v3,
+   Staples shipped me a v4. Filed a negative review and asked for
+   refund. Canada Computers price matched and are now out of stock,
+   BestBuy also B/O as of 2023-08-31.)
 
  * [Zyxel NWA50AX](https://www.zyxel.com/us/en-us/products/wireless/802-11ax-wifi-6-dual-radio-poe-access-point-nwa50ax/overview) was [recommended on reddit](https://old.reddit.com/r/openwrt/comments/1398t1b/power_over_ethernet_small_hotspot_recommendation/jj2vx2k/), [supported](https://openwrt.org/toh/hwdata/zyxel/zyxel_nwa50ax),
    with [antenna radiation patterns](https://download.zyxel.com/NWA50AX/antenna_specification_matrix/NWA50AX_1.pdf), mounting bracket, Wifi 6, NO
@@ -63,6 +67,13 @@ should probably be followed when setting up the new APs.
    shipping](https://www.amazon.com/AX1800-Wireless-Seamless-WPA3-PSK-Management/dp/B09924QS1T). WARNING: Zyxel routers recently had a serious
    security issue that [led to thousands of routers joining a botnet](https://arstechnica.com/information-technology/2023/05/researchers-tell-owners-to-assume-compromise-of-unpatched-zyxel-firewalls/).
 
+Update: got the tplink, bigger than expected but otherwise nice. Ships
+with an injector and seems like it can feed PoE for the next device as
+well but this must be enabled in the GUI. Support for that in OpenWRT
+undetermined. No bridge capability seems built in the stock firmware,
+so needs to be flashed with OpenWRT. Appropriate name: Valentina
+(first women in space)?
+
 ### Discarded
 
  * [TP-Link EAP690](https://www.tp-link.com/uk/business-networking/ceiling-mount-ap/eap690e-hd/) also interesting (10gbit port!) but not in sale
@@ -81,7 +92,7 @@ should probably be followed when setting up the new APs.
    extra 45$... i already have one of those so i guess i could just
    buy the PoE adapter... but i find their thing a little confusing
 
-## Other racks:
+## Other racks and hardware
 
  * [deploydepot.ca has racks and shelves](https://www.deploydepot.ca/rack-equipment-1/), this [10" shelf could
    hold routers](https://www.deploydepot.ca/startech-com-1u-server-rack-cabinet-shelf-fixed-10-deep-cantilever-rackmount-tray-for-19-data-av-network-enclosure-w-cage-nuts-screws-cabshelf1u10/) (44lbs, 48$), and [this 2U shelf could hold
@@ -91,8 +102,13 @@ should probably be followed when setting up the new APs.
    the most interesting, e.g. this [3u vented shelf](https://lextec.com/shop/racks-brackets-shelves/shelves-racks-brackets-shelves/vented/19-inch-front-mount-vented-shelf-3u/) might work for
    marcos (20" depth is just 0.9" short of the machine's depth
    (20.9"), 93.92$, and this [7" short shelf](https://lextec.com/shop/racks-brackets-shelves/shelves-racks-brackets-shelves/solid/rasu190107ubk1-hammond-1u-cantilever-solid-shelf-7/) could hold router and
-   other small equipment
- * [Monoprice has racks](https://www.monoprice.com/category/networking/network-racks-&-cabinets) but not a great selection
+   other small equipment. Bewarned that their [16-port "keystone"
+   patch panel](https://lextec.com/shop/network-products/patch-panels/blank/16-port-1u-keystone-jack-snap-in-blank-patch-panel/) (15.25$) is *not* compatible with standard keystone
+   modules at all. I asked for a refund.
+ * [Monoprice has racks](https://www.monoprice.com/category/networking/network-racks-&-cabinets) but not a great selection. be warned that
+   their [Cat6a 24-port patch panel](https://www.monoprice.com/product?p_id=39752) is crap as their plastic
+   sockets are too small for a standard 110 punch down tool. I got
+   credit from them for this.
  * [Canada Computers also has racks and shelves](https://www.canadacomputers.com/index.php?cPath=38_944), [this 2U one
    might do it](https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=219884) for marcos (102$) but barely, this [cheap shelf
    (45$)](https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=066549) could hold the routers, but is back-ordered, so maybe

diff --git a/services/dns.mdwn b/services/dns.mdwn
index d3be5760..07d5a44a 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -169,7 +169,7 @@ Space women:
  * Svetlana Savitskaya - première femme à marcher dans l'espace
  * Mae Jemison - première femme noire dans l'espace
  * Eileen Collins - première femme commandante de bord et pilote de la
-   navette spaciale
+   navette spatiale
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index d7cbcb9a..49ab7da7 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2014,6 +2014,11 @@ long road trip across the continental US.
    "USB-C" as the latter don't necessarily include the former,
    recommending [CalDigit docks](https://www.caldigit.com/docks/)
 
+Note: I ended up buying a Cable Matters hub, and that didn't work so
+well, see this [[entire blog post about
+USB-C|blog/2023-02-10-usb-c]]. I'm considering a Dell
+[[hardware/monitor]] instead now.
+
 ## Mods
 
  * [desktop mod](https://github.com/whatthefilament/Frame-WorkStation) (from [this discussion](https://www.reddit.com/r/framework/comments/wvzw0m/has_anyone_taken_a_framework_motherboard_and_made/)), also a [normal

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index e8f8396e..d7cbcb9a 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2033,7 +2033,7 @@ long road trip across the continental US.
 ## Expansion port modules
 
  * [empty drawer](https://community.frame.work/t/the-snack-drawer-v2-back-in-snacktion/18442) and (probably a joke) [cup holder](https://www.printables.com/model/467332-framework-laptop-cupholder-expansion-card)
- * [dual USB-C](https://community.frame.work/t/dual-usb-c-expansion-card-mockup/2325) (mockup only), [expansion hub](https://community.frame.work/t/project-idea-expansion-card-hub/10988/2) (just an idea,
+ * [dual USB-C](https://community.frame.work/t/dual-usb-c-expansion-card-mockup/2325) (prototype stage), [expansion hub](https://community.frame.work/t/project-idea-expansion-card-hub/10988/2) (just an idea,
    references other discussions), actually [seriously considered by
    Framework](https://community.frame.work/t/what-new-expansion-card-types-do-you-want-to-see-released/193/3?u=anarcat), limited by existing chipsets for now
  * [full-size SD card reader](https://community.frame.work/t/i-found-an-sd-card-reader-that-fits/9910)
@@ -2048,6 +2048,13 @@ long road trip across the continental US.
  * [LTE modem card](https://community.frame.work/t/lte-cat-4-cell-modem-card/9454) (design stage)
  * [ESP32-S3 expansion card](https://spacehuhn.store/products/framework-esp32-s3-expansion-card) ([source](https://github.com/SpacehuhnTech/framework), [video](https://www.youtube.com/watch?v=IML9c_MsyQU))
  * [UART adapter](https://www.tindie.com/products/i2c-labs/uart-expansion-card/)
+ * [USB-A-ugment expansion card](https://www.tindie.com/products/crimier/framework-laptop-usb-a-ugment-expansion-card/), hard to describe, but features an
+   internal USB-A port on top of the external one, two extra USB
+   pinouts that can mount *another* mini-expansion card inside the
+   expansion card, which in turn can be a MicroSD card reader, a USB-C
+   (USB2 only) port, a USB-UART debugging card, or a [QWIIC](https://www.sparkfun.com/qwiic)
+   pinout, no 3D-printed shell yet
+ * [spring-loaded expansion card](https://community.frame.work/t/spring-loaded-expansion-card/36013) (probably also a joke)
  * check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those
 
 ## Upstream resources

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 2864988e..e8f8396e 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -121,28 +121,6 @@ and camera are crap, clapping seems to be from whatever staff they
 managed to get together in a room, decor is bizarre, colors are
 shit. It's amazing.
 
-Reviews:
-
- * [The Verge: Framework Laptop 13 review: a DIY dream come true](https://www.theverge.com/23725039/framework-laptop-13-2023-intel-review ):
-   "Framework fixed the biggest complaint I had about its laptop last
-   year. The battery life used to be bad. And reader, now it is good"
-
- * [The Verge: The Framework Laptop 16 is trying to bring back snap-on
-   removable batteries](https://www.theverge.com/2023/3/30/23612467/framework-laptop-16-battery-parts-games): also showcases possible keyboard mods
-   Framework is experimenting with
-
- * [The Verge: I nearly bought a Framework Laptop, but logistical
-   realities got in the way](https://www.theverge.com/2023/3/24/23655616/framework-laptop-battery-i5-ryzen-5-higher-price): "Framework CEO Nirav Patel explains
-   why you can’t easily pick an entry-level CPU with his
-   longer-lasting battery"
-
- * [Linus Tech Tips: I Made a Bad Decision – Framework Investment
-   Update](https://www.youtube.com/watch?v=UeCdBVHYa_8), note that Linus is now an investor in Framework and his
-   opinions should therefore be taken with a grain of salt (well, more
-   than usually)
-
- * [rtings: great for business use](https://www.rtings.com/laptop/reviews/framework/laptop-2022)
-
 # Specifications
 
 Those are the specifications of the 12th gen, in general terms. Your
@@ -2021,75 +1999,99 @@ long road trip across the continental US.
 
 # Other resources
 
- * dock questions:
+## Dock questions
  
-   * [list of compatible USB-C docks](https://community.frame.work/t/usb-c-thunderbolt-dock-megathread/1460) but beware of the above
-     compatibility problems on the 12th gen
+ * [list of compatible USB-C docks](https://community.frame.work/t/usb-c-thunderbolt-dock-megathread/1460) but beware of the above
+   compatibility problems on the 12th gen
 
-   * see also [this comprehensive post on USB/TB/DP/docks](https://stderr.nl/Blog/Hardware/Thunderbolt/TechnologyOverview.html) which has
-     a section on the Framework specifically
+ * see also [this comprehensive post on USB/TB/DP/docks](https://stderr.nl/Blog/Hardware/Thunderbolt/TechnologyOverview.html) which has
+   a section on the Framework specifically
 
-   * anelki recommended the [OWC docks](https://eshop.macsales.com/shop/docks) which primarily target
-     Macs but apparently "make really good ones"
+ * anelki recommended the [OWC docks](https://eshop.macsales.com/shop/docks) which primarily target
+   Macs but apparently "make really good ones"
  
-   * someone else recommended buying "Thunderbolt" docks instead of
-     "USB-C" as the latter don't necessarily include the former,
-     recommending [CalDigit docks](https://www.caldigit.com/docks/)
-
- * mods:
-   * [desktop mod](https://github.com/whatthefilament/Frame-WorkStation) (from [this discussion](https://www.reddit.com/r/framework/comments/wvzw0m/has_anyone_taken_a_framework_motherboard_and_made/)), also a [normal
-     desktop adapter](https://github.com/whatthefilament/Framework-Desktop-Adapter) to reuse an existing case (from [this
-     thread](https://community.frame.work/t/framework-desktop-case-adapter/19126))
-   * [mainboard case](https://frame.work/products/cooler-master-mainboard-case) (official!)
-   * battery case (!), [the verge has extra photos of the mainboard
-     and battery cases](https://www.theverge.com/2023/3/23/23652939/framework-cooler-master-sff-pc-case)
-   * [tablet mod](https://www.instructables.com/Framework-Tablet-Assembly-Manual/) (kind of clunky, but works!)
-   * [keyboard mod](https://www.tindie.com/products/crimier/framework-input-cover-controller/) (i.e. turn the Framework keyboard, touch pad,
-     fingerprint reader and power buttons into a "normal" USB keyboard
-     and hub)
-   * [triple screen laptop mod](https://diyperks.com/diy-perks-triple-screen-laptop/) ([video](https://www.youtube.com/watch?v=aUKpY0o5tMo))
-   * [Thinkpad 701C transplant](https://community.frame.work/t/thinkpad-701c-with-a-framework-brain-transplant-work-in-progress/27409)
-   * [Braille laptop](https://www.orbitresearch.com/product/optima/)
-
- * [Debian installation report](https://wiki.debian.org/InstallingDebianOn/FrameWork/12thGen), has good tips on the firmware
-   hacks necessary
+ * someone else recommended buying "Thunderbolt" docks instead of
+   "USB-C" as the latter don't necessarily include the former,
+   recommending [CalDigit docks](https://www.caldigit.com/docks/)
+
+## Mods
+
+ * [desktop mod](https://github.com/whatthefilament/Frame-WorkStation) (from [this discussion](https://www.reddit.com/r/framework/comments/wvzw0m/has_anyone_taken_a_framework_motherboard_and_made/)), also a [normal
+   desktop adapter](https://github.com/whatthefilament/Framework-Desktop-Adapter) to reuse an existing case (from [this
+   thread](https://community.frame.work/t/framework-desktop-case-adapter/19126))
+ * [mainboard case](https://frame.work/products/cooler-master-mainboard-case) (official!)
+ * battery case (!), [the verge has extra photos of the mainboard
+   and battery cases](https://www.theverge.com/2023/3/23/23652939/framework-cooler-master-sff-pc-case)
+ * [tablet mod](https://www.instructables.com/Framework-Tablet-Assembly-Manual/) (kind of clunky, but works!)
+ * [keyboard mod](https://www.tindie.com/products/crimier/framework-input-cover-controller/) (i.e. turn the Framework keyboard, touch pad,
+   fingerprint reader and power buttons into a "normal" USB keyboard
+   and hub)
+ * [triple screen laptop mod](https://diyperks.com/diy-perks-triple-screen-laptop/) ([video](https://www.youtube.com/watch?v=aUKpY0o5tMo))
+ * [Thinkpad 701C transplant](https://community.frame.work/t/thinkpad-701c-with-a-framework-brain-transplant-work-in-progress/27409)
+ * [Braille laptop](https://www.orbitresearch.com/product/optima/)
+
+## Expansion port modules
+
+ * [empty drawer](https://community.frame.work/t/the-snack-drawer-v2-back-in-snacktion/18442) and (probably a joke) [cup holder](https://www.printables.com/model/467332-framework-laptop-cupholder-expansion-card)
+ * [dual USB-C](https://community.frame.work/t/dual-usb-c-expansion-card-mockup/2325) (mockup only), [expansion hub](https://community.frame.work/t/project-idea-expansion-card-hub/10988/2) (just an idea,
+   references other discussions), actually [seriously considered by
+   Framework](https://community.frame.work/t/what-new-expansion-card-types-do-you-want-to-see-released/193/3?u=anarcat), limited by existing chipsets for now
+ * [full-size SD card reader](https://community.frame.work/t/i-found-an-sd-card-reader-that-fits/9910)
+ * [magnetic charger](https://community.frame.work/t/full-power-magnetic-charging-card/10113)
+ * [Yubikey 5 case](https://community.frame.work/t/yubikey-5c-adapter/23157) and [solokey case](https://community.frame.work/t/solokeys-solo2-expansion-card/24120?_escaped_fragment_=)
+ * [screwdriver](https://community.frame.work/t/screwdriver-expansion-card/16145)
+ * [Ethernet](https://frame.work/ca/en/products/ethernet-expansion-card) (official, [back-order](https://twitter.com/FrameworkPuter/status/1569859445991292928) as of 2022-09-13,
+   now shipping as of 2023)
+ * [votes seem to go towards Ethernet and full-sized SD card
+   reader](https://community.frame.work/t/what-new-expansion-card-types-do-you-want-to-see-released/193)
+ * [3D printed expansion card holder](https://www.printables.com/model/328421-framework-laptop-expansion-card-holder)
+ * [LTE modem card](https://community.frame.work/t/lte-cat-4-cell-modem-card/9454) (design stage)
+ * [ESP32-S3 expansion card](https://spacehuhn.store/products/framework-esp32-s3-expansion-card) ([source](https://github.com/SpacehuhnTech/framework), [video](https://www.youtube.com/watch?v=IML9c_MsyQU))
+ * [UART adapter](https://www.tindie.com/products/i2c-labs/uart-expansion-card/)
+ * check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those
+
+## Upstream resources
+
+ * [community forum](https://community.frame.work/), lots of information, much support, wow!
+ * [knowledge base](https://frame.work/support)
+ * [repair guides](https://guides.frame.work/)
+ * [Linux-specific guides](https://frame.work/linux)
+ * [blog](https://frame.work/blog) ([RSS](https://frame.work/blog.rss))
+ * [chat is on Discord](https://community.frame.work/t/official-discord/14209/), but [bridged with Matrix](https://matrix.to/#/#framework-space:matrix.org), there's
+   [talk of bridging it with IRC as well](https://community.frame.work/t/official-discord/14209/13), for now there's a
+   handful of us in `#framework` on <https://libera.chat/>
+ * [GitHub organization](https://github.com/FrameworkComputer/), interesting repositories include the
+   [Expansion Cards](https://github.com/FrameworkComputer/ExpansionCards), [Input Modules](https://github.com/FrameworkComputer/InputModules), [Expansion Bay](https://github.com/FrameworkComputer/ExpansionBay),
+   [mainboard](https://github.com/FrameworkComputer/Mainboard), [EmbeddedController](https://github.com/FrameworkComputer/EmbeddedController)
+
+## Reviews
+
+ * [The Verge: Framework Laptop 13 review: a DIY dream come true](https://www.theverge.com/23725039/framework-laptop-13-2023-intel-review ):
+   "Framework fixed the biggest complaint I had about its laptop last
+   year. The battery life used to be bad. And reader, now it is good"
+
+ * [The Verge: The Framework Laptop 16 is trying to bring back snap-on
+   removable batteries](https://www.theverge.com/2023/3/30/23612467/framework-laptop-16-battery-parts-games): also showcases possible keyboard mods
+   Framework is experimenting with
+
+ * [The Verge: I nearly bought a Framework Laptop, but logistical
+   realities got in the way](https://www.theverge.com/2023/3/24/23655616/framework-laptop-battery-i5-ryzen-5-higher-price): "Framework CEO Nirav Patel explains
+   why you can’t easily pick an entry-level CPU with his
+   longer-lasting battery"
+
+ * [Linus Tech Tips: I Made a Bad Decision – Framework Investment
+   Update](https://www.youtube.com/watch?v=UeCdBVHYa_8), note that Linus is now an investor in Framework and his
+   opinions should therefore be taken with a grain of salt (well, more
+   than usually)
+
+ * [rtings: great for business use](https://www.rtings.com/laptop/reviews/framework/laptop-2022)
 
  * [Excellent 12th gen review from an Arch Linux user](https://github.com/lhl/linuxlaptops/wiki/2022-Framework-Laptop-DIY-Edition-12th-Gen-Intel-Batch-1)
  
- * cool expansion port mods:
-   * [empty drawer](https://community.frame.work/t/the-snack-drawer-v2-back-in-snacktion/18442) and (probably a joke) [cup holder](https://www.printables.com/model/467332-framework-laptop-cupholder-expansion-card)
-   * [dual USB-C](https://community.frame.work/t/dual-usb-c-expansion-card-mockup/2325) (mockup only), [expansion hub](https://community.frame.work/t/project-idea-expansion-card-hub/10988/2) (just an idea,
-     references other discussions), actually [seriously considered by
-     Framework](https://community.frame.work/t/what-new-expansion-card-types-do-you-want-to-see-released/193/3?u=anarcat), limited by existing chipsets for now
-   * [full-size SD card reader](https://community.frame.work/t/i-found-an-sd-card-reader-that-fits/9910)
-   * [magnetic charger](https://community.frame.work/t/full-power-magnetic-charging-card/10113)
-   * [Yubikey 5 case](https://community.frame.work/t/yubikey-5c-adapter/23157) and [solokey case](https://community.frame.work/t/solokeys-solo2-expansion-card/24120?_escaped_fragment_=)
-   * [screwdriver](https://community.frame.work/t/screwdriver-expansion-card/16145)
-   * [Ethernet](https://frame.work/ca/en/products/ethernet-expansion-card) (official, [back-order](https://twitter.com/FrameworkPuter/status/1569859445991292928) as of 2022-09-13,
-     now shipping as of 2023)
-   * [votes seem to go towards Ethernet and full-sized SD card
-     reader](https://community.frame.work/t/what-new-expansion-card-types-do-you-want-to-see-released/193)
-   * [3D printed expansion card holder](https://www.printables.com/model/328421-framework-laptop-expansion-card-holder)
-   * [LTE modem card](https://community.frame.work/t/lte-cat-4-cell-modem-card/9454) (design stage)
-   * [ESP32-S3 expansion card](https://spacehuhn.store/products/framework-esp32-s3-expansion-card) ([source](https://github.com/SpacehuhnTech/framework), [video](https://www.youtube.com/watch?v=IML9c_MsyQU))
-   * [UART adapter](https://www.tindie.com/products/i2c-labs/uart-expansion-card/)
-   * check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those
-
- * upstream resources:
-   * [community forum](https://community.frame.work/), lots of information, much support, wow!
-   * [knowledge base](https://frame.work/support)
-   * [repair guides](https://guides.frame.work/)
-   * [Linux-specific guides](https://frame.work/linux)
-   * [blog](https://frame.work/blog) ([RSS](https://frame.work/blog.rss))
-   * [chat is on Discord](https://community.frame.work/t/official-discord/14209/), but [bridged with Matrix](https://matrix.to/#/#framework-space:matrix.org), there's
-     [talk of bridging it with IRC as well](https://community.frame.work/t/official-discord/14209/13), for now there's a
-     handful of us in `#framework` on <https://libera.chat/>
-   * [GitHub organization](https://github.com/FrameworkComputer/), interesting repositories include the
-     [Expansion Cards](https://github.com/FrameworkComputer/ExpansionCards), [Input Modules](https://github.com/FrameworkComputer/InputModules), [Expansion Bay](https://github.com/FrameworkComputer/ExpansionBay),
-     [mainboard](https://github.com/FrameworkComputer/Mainboard), [EmbeddedController](https://github.com/FrameworkComputer/EmbeddedController)
+ * [Debian wiki installation report](https://wiki.debian.org/InstallingDebianOn/FrameWork/12thGen), has good tips on the firmware
+   hacks necessary, in part by yours truly
 
 [[!tag blog debian-planet laptop hardware review debian]]
 
-
 <!-- posted to the federation on 2023-03-12T23:37:07.116407 -->
 [[!mastodon "https://kolektiva.social/@Anarcat/110013882492956555"]]

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index fa961711..435b2a98 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -701,6 +701,8 @@ scripts. I wrote the following:
 With those, I can basically use fuzzel or any other `dmenu`-compatible
 program and not care, it will "just work".
 
+[foot]: https://codeberg.org/dnkl/foot
+
 ## Image viewers: geeqie → geeqie?
 
 I'm not very happy with geeqie in the first place, and I suspect the

diff --git a/services/wifi.mdwn b/services/wifi.mdwn
index af78ab19..5aa1bfb1 100644
--- a/services/wifi.mdwn
+++ b/services/wifi.mdwn
@@ -5,6 +5,9 @@
 [Discussed on reddit](https://www.reddit.com/r/openwrt/comments/1398t1b/power_over_ethernet_small_hotspot_recommendation/). The plan is to have three hotspots in the
 house, one for the whole second floor and two in the first floor.
 
+Note that my [[wifi tuning procedures|blog/2022-04-13-wifi-tuning]]
+should probably be followed when setting up the new APs.
+
 ## Requirements
 
  * small footprint

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index bf36fd08..c53167f3 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -256,9 +256,12 @@ might be waiting for.
    * 2 HDMI, USB-C/DP 1.4 with 65W charging, not HDMI 2.1
    * outputs: 2xUSB-A, audio line out
    * 24.8W
-   * 520$ at Dell
+   * 520$CAD at Dell, [starting price according to pcpartpicker](https://ca.pcpartpicker.com/product/yXKKHx/dell-s2722qc-270-3840x2160-60-hz-monitor-210-bbqt)
    * [Best Lower Mid-Range 4k Monitor](https://www.rtings.com/monitor/reviews/best/by-resolution/4k-ultra-hd-uhd) at rtings, rated better at
      reflection handling than the higher end Dell below
+   * [recommended by PC Monitor](https://pcmonitors.info/reviews/dell-s2722qc/), "a modern and sturdily designed
+     monitor with good feature set and good all-round performance for
+     content consumption"
  * Higher end from dell is the [Dell UltraSharp 27" 4k U2723QE](https://www.dell.com/en-ca/shop/dell-ultrasharp-27-4k-usb-c-hub-monitor-u2723qe/apd/210-bdpf/monitors-monitor-accessories)
    * 61.14cm x 35.30cm (964.4mm for two)
    * 2000:1 but rtings reports "disappointing black uniformity"

diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index d9aa1a4c..fc1f8480 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -112,6 +112,10 @@ consider:
  * [Blue audio Yeticaster](https://www.bluemic.com/en-us/products/yeticaster/) ([200$USD B&H](https://www.bhphotovideo.com/c/product/1385877-REG/blue_yeticaster_prodessional_broadcast_bundle.html?fromDisList=y)), includes boom, cable
    management, and excellent audio, [recommended by jvoisin](https://dustri.org/b/my-writing-code-from-home-setup.html)
 
+## Other reviews
+
+ * [rtings headphones section](https://www.rtings.com/headphones)
+
 # XLR jacks and recording
 
 I have thought of getting a Shure SM58 as a mike and plug it in, but
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index c97c8f5c..5cb19a09 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -316,6 +316,8 @@ fingers to adapt to, but it does look gorgeous.
 > the problem of having a properly functioning keyboard that simply
 > works when you plug it in, has been thoroughly solved by 2021.
 
+[Best mechanical keyboard at rtings](https://www.rtings.com/keyboard/reviews/best/mechanical)
+
 ## Cannon Keys
 
 After reading that [New Yorker magazine article](https://www.newyorker.com/tech/annals-of-technology/the-obsessive-pleasures-of-mechanical-keyboard-tinkerers), I found this:
@@ -356,4 +358,8 @@ including split and TKL, and an open firmware (QMK and others):
 
 Interesting if you can afford the noise.
 
+# Reviews
+
+* [rtings](https://www.rtings.com/keyboard) has a keyboards section
+
 [[!tag research]]
diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 8fb2eb51..2864988e 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -141,6 +141,8 @@ Reviews:
    opinions should therefore be taken with a grain of salt (well, more
    than usually)
 
+ * [rtings: great for business use](https://www.rtings.com/laptop/reviews/framework/laptop-2022)
+
 # Specifications
 
 Those are the specifications of the 12th gen, in general terms. Your

diff --git a/blog/2022-02-10-mpow-m12-reset-procedures.md b/blog/2022-02-10-mpow-m12-reset-procedures.md
index 203ecdfd..833cc073 100644
--- a/blog/2022-02-10-mpow-m12-reset-procedures.md
+++ b/blog/2022-02-10-mpow-m12-reset-procedures.md
@@ -1,4 +1,4 @@
-[[!meta title="Mpowe M12 Bluetooth ear buds reset procedures"]]
+[[!meta title="Mpow M12 Bluetooth ear buds reset procedures"]]
 
 TL;DR: if your M12 earbuds play only from one ear and show up as two
 devices, go to the very end of this post and try to follow

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 8f79a949..bf36fd08 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -117,13 +117,13 @@ side of things, as we don't physically bash on the keyboard to
 generate those keypresses. In other words, assuming a 2ms latency in
 the monitor and 5ms in Emacs, what we actually have is:
 
-| Source | Latency | Notes |
-| ------ | ------- | ----- |
-| Input  | 14 ms   | Fatin, section 2.1, avergge |
-| Emacs  | 5 ms    | Anarcat, section 1, rounded mean |
-| Screen refresh | 8 ms | Fatin, section 2.3, average with 60Hz monitor |
-| Pixel response | 2 ms | Assumption, above |
-| Total  | 29 ms |
+| Source         | Latency | Notes                                         |
+|----------------|---------|-----------------------------------------------|
+| Input          | 14 ms   | Fatin, section 2.1, avergge                   |
+| Emacs          | 5 ms    | Anarcat, section 1, rounded mean              |
+| Screen refresh | 8 ms    | Fatin, section 2.3, average with 60Hz monitor |
+| Pixel response | 2 ms    | Assumption, above                             |
+| Total          | 29 ms   |                                               |
 
 So *in theory*, with a 2ms monitor and best conditions in Emacs, we
 should rival the Apple IIe input latency. In practice, considering
@@ -245,6 +245,36 @@ might be waiting for.
    * 4-8ms
    * 330$ at dell, [513$ at Bestbuy](https://www.bestbuy.ca/en-ca/product/dell-27-4k-ultra-hd-60hz-4ms-gtg-ips-led-freesync-gaming-monitor-s2721qs-black-open-box/15254414)
    * [best budget at toms hardware](https://www.tomshardware.com/best-picks/best-budget-4k-monitor)
+ * Updated version of the above is the [Dell 27" 4k UHD Monitor
+   S2722QC]( https://www.dell.com/en-ca/shop/dell-27-4k-uhd-usb-c-monitor-s2722qc/apd/210-bbqt/monitors-monitor-accessories)
+   * 61.16mm x 36.46mm (976mm for two)
+   * 1000:1
+   * 350cd
+   * 4ms, tested at 8.3ms at rtings
+   * 99% sRGB
+   * 3W stereo speakers
+   * 2 HDMI, USB-C/DP 1.4 with 65W charging, not HDMI 2.1
+   * outputs: 2xUSB-A, audio line out
+   * 24.8W
+   * 520$ at Dell
+   * [Best Lower Mid-Range 4k Monitor](https://www.rtings.com/monitor/reviews/best/by-resolution/4k-ultra-hd-uhd) at rtings, rated better at
+     reflection handling than the higher end Dell below
+ * Higher end from dell is the [Dell UltraSharp 27" 4k U2723QE](https://www.dell.com/en-ca/shop/dell-ultrasharp-27-4k-usb-c-hub-monitor-u2723qe/apd/210-bdpf/monitors-monitor-accessories)
+   * 61.14cm x 35.30cm (964.4mm for two)
+   * 2000:1 but rtings reports "disappointing black uniformity"
+   * 400cd
+   * 5-8ms, called "slow" in rtings testing (tested 8.6ms)
+   * 100% Rec 709, 100% sRGB, 98% DCI-P3
+   * 25.9W
+   * inputs: HDMI 2.2, DP 1.4, USB-C
+   * outputs: DP, USB-C, 5 x USB A 3.2, RJ-45, audio line-out
+   * built-in KVM switch, complete with [ddcutil support](https://www.dell.com/community/en/conversations/monitors/u2723qe-kvm-using-a-keyboard-shortcut-to-switch-in-linux/647fa06af4ccf8a8de56ccc8)
+   * Linux support for dock features [unclear](https://community.frame.work/t/docking-station/14798/9?u=anarcat)
+   * used to be the "[best mid-range 4k monitor](https://www.rtings.com/monitor/reviews/best/by-resolution/4k-ultra-hd-uhdu27) at rtings,
+     displaced by the [Gigabyte M27U](https://www.rtings.com/monitor/reviews/gigabyte/m27u) in June 2023, still rated
+     [impressive](https://www.rtings.com/monitor/reviews/dell/s2722qc), I strangely cannot find the M27U on the Gigabyte
+     website, <memoryexpress.com>, best buy, and it's [back-ordered at
+     B&H](https://www.bhphotovideo.com/c/product/1765698-REG/gigabyte_m27u_27_uhd_160hz_kvm.html), rtings particularly complains about reflection handling
  * [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b)
    * 609.2x352.9mm (962mm for two)
    * 700:1 - 1000:1

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index bb2befa3..8f79a949 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -29,7 +29,7 @@ TL;DR:
  * "4k" (3840 × 2160, UHD)
  * 27" or smaller, ~38" side-by-side with one in portrait mode (977mm
    or roughly 1m)
- * budget less than 1k$CAD per monitor
+ * budget less than 1k$CAD per monitor, ideally 500$CAD each
  * 1-2ms latency
  * gamut: 100% sRGB, 100% Adobe RGB and DPI3 a bonus
  * HDMI, DisplayPort or USB-C
@@ -90,7 +90,9 @@ hardware every 5 year to get the "best new thing", which is why I'm
 still using decades old monitors (although I have disposed of my old
 CRT monitors a while back, I must admit).
 
-I guess I'm expecting to spend less than 2k$ CAD on this.
+I guess I'm expecting to spend less than 2k$ CAD on this. Looks like
+prices currently range from 300$ to 1000$CAD for 4k monitors, so
+that's my bracket, lower the better.
 
 ## Latency
 

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index e1daba5d..bb2befa3 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -147,8 +147,7 @@ level](https://emersion.fr/blog/2023/hdr-hackfest-wrap-up/). The support from mo
 made significant progress in that space, but [Mini LED monitors](https://arstechnica.com/gadgets/2023/04/oled-is-great-but-where-are-all-the-mini-led-laptops/)
 are not yet commercialized. So I'd classify this as a nice to have.
 
-Monitor inventory
-=================
+# Monitor inventory
 
 I somehow managed to collect a ridiculous pile of old monitors. Here's
 what works and doesn't, in descending order of (totally subjective)
@@ -220,12 +219,7 @@ This monitor did not power up at all:
 
  * Philips 170B
 
-Possible monitors
-=================
-
-See also this discussion:
-
-<https://forums.puri.sm/t/suitable-external-monitor-for-librem-13/5627>
+# Possible monitors
 
 See the selector: https://www.tftcentral.co.uk/selector.htm
 
@@ -261,13 +255,19 @@ might be waiting for.
    * [850$ at canada computers](https://www.canadacomputers.com/product_info.php?cPath=22_700_1104&item_id=224899)
    * [good review at rtings](https://www.rtings.com/monitor/reviews/lg/27gn950-b)
 
-Full gamut
-----------
+# Old research
+
+See also this discussion:
+
+<https://forums.puri.sm/t/suitable-external-monitor-for-librem-13/5627>
+
+Note that none of those links work anymore, just a few years later.
+
+## Full gamut
 
  * Dell UP2516D (25") and UP2716D (27"), [1200$ bestbuy](https://m.bestbuy.ca/en-ca/product/dell-monitors-up2716d-27-in-screen-led-lit-monitor/11200611)
 
-Normal
-------
+## Normal
 
  * [Viewsonic VP2768 27" WQHD 14ms GTG](https://www.viewsonic.com/us/monitors/shop/professional-monitors/vp2768.html#specs)
  * [Dell 27" WQHD 144Hz 1ms GTG TN LED G-SYNC Gaming Monitor

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 225fd136..e1daba5d 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -27,7 +27,8 @@ definitely be able to do 4k now, even dual 4k, thanks to the
 TL;DR:
 
  * "4k" (3840 × 2160, UHD)
- * 27" or smaller
+ * 27" or smaller, ~38" side-by-side with one in portrait mode (977mm
+   or roughly 1m)
  * budget less than 1k$CAD per monitor
  * 1-2ms latency
  * gamut: 100% sRGB, 100% Adobe RGB and DPI3 a bonus
@@ -64,8 +65,8 @@ monitor](https://desklabmonitor.com/products/touchscreen-portable-monitor?varian
 My current displays are 20" and 22" with a 16:10 aspect ratio, along
 with the weird exception of the Framework 3:2 "2k" display. They take
 18.35" and 20.13" in width respectively, for a total of about 38"
-inches width. That's pretty much the room I have to work with, in fact
-I would like that to be narrower.
+inches wide (977mm or roughly one meter). That's pretty much the room
+I have to work with, in fact I would like that to be narrower.
 
 One option is to have one monitor in landscape mode and the other in
 portrait, that way one can be used to read longer things (hello logs
@@ -235,6 +236,31 @@ faster refresh rate, HDR, low energy consumption) but no burn-in,
 which is really amazing. Not yet available for real monitors, but
 might be waiting for.
 
+## 2023 update
+
+ * [Dell 27" 4K UHD Monitor - S2721QS](https://www.dell.com/en-ca/shop/dell-27-4k-uhd-monitor-s2721qs/apd/210-axlg/monitors-monitor-accessories#techspecs_section):
+   * 946mm wide for two
+   * 28.8W / 0.3W
+   * HDMI / DP 1.2 / audio line out
+   * 3W stereo speakers
+   * 99% sRGB
+   * 350cd
+   * 1000:1
+   * 4-8ms
+   * 330$ at dell, [513$ at Bestbuy](https://www.bestbuy.ca/en-ca/product/dell-27-4k-ultra-hd-60hz-4ms-gtg-ips-led-freesync-gaming-monitor-s2721qs-black-open-box/15254414)
+   * [best budget at toms hardware](https://www.tomshardware.com/best-picks/best-budget-4k-monitor)
+ * [LG 27GN95R](https://www.lg.com/ca_en/business/monitors/lg-27gn95r-b)
+   * 609.2x352.9mm (962mm for two)
+   * 700:1 - 1000:1
+   * 400cd
+   * DCI-P3 90% (CIE1976)
+   * 1ms
+   * 2 HDMI, DP 1.4, 1 USB
+   * 65-95W
+   * [800$ at memory express](https://www.memoryexpress.com/Products/MX00122893)
+   * [850$ at canada computers](https://www.canadacomputers.com/product_info.php?cPath=22_700_1104&item_id=224899)
+   * [good review at rtings](https://www.rtings.com/monitor/reviews/lg/27gn950-b)
+
 Full gamut
 ----------
 

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 2c298eb7..225fd136 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -17,6 +17,135 @@ can't quite be 4k yet, according to [this comment](https://forums.puri.sm/t/suit
 be capped at "1440p at 60Hz", which I assume is 2560×1440 or
 [QuadHD](https://en.wikipedia.org/wiki/Graphics_display_resolution#2560_%C3%97_1440_(QHD,_WQHD)), which is already pretty good.
 
+Update: I [[ditched the Purism laptop
+completely|blog/2022-08-25-one-dead-purism-laptop]] and should
+definitely be able to do 4k now, even dual 4k, thanks to the
+[[awesome Framework laptop|hardware/laptop/framework-12th-gen]].
+
+# Specifications
+
+TL;DR:
+
+ * "4k" (3840 × 2160, UHD)
+ * 27" or smaller
+ * budget less than 1k$CAD per monitor
+ * 1-2ms latency
+ * gamut: 100% sRGB, 100% Adobe RGB and DPI3 a bonus
+ * HDMI, DisplayPort or USB-C
+ * possibly chaining or integrated USB hub, but watch out for
+   DisplayLink, [not working with Sway](https://gitlab.freedesktop.org/wlroots/wlroots/-/issues/1823)
+
+## Resolution
+
+Apparently, 4k is a life-changer. I haven't really felt the need for
+this, but it does feel pretty amazing to go back on the Framework
+laptop with its 2k displays, and it's kind of a shame to work on crap
+monitors next to that.
+
+So let's aim for at least one 4k monitor in there. Aspect ratio
+doesn't matter much to me, here's a [list of common resolutions](https://en.wikipedia.org/wiki/List_of_common_resolutions)
+from Wikipedia including a nice graphic with all resolutions
+overlapping. See also the [Display aspect ratio](https://en.wikipedia.org/wiki/Display_aspect_ratio) and [Graphics
+display resolution](https://en.wikipedia.org/wiki/Graphics_display_resolution) Wikipedia pages.
+
+It *looks* like the "standard" 4k display is "4K UHD" which is *not*
+really "4k" (as in 4096) but rather 3840 × 2160. See also the [4k
+resolution](https://en.wikipedia.org/wiki/4K_resolution) page.
+
+## Monitor size
+
+At first I wanted the monitor to be small as possible: it seems like
+4k monitor prices go up quite a bit below 27", in fact even on their
+main website [Asus don't list any 4k monitor below 27"](https://www.asus.com/us/displays-desktops/monitors/gaming/filter?Category=23-26-9).
+
+There are however "portable monitors" like this [USB-C 4k 16"
+monitor](https://desklabmonitor.com/products/touchscreen-portable-monitor?variant=31478784557196), but that might actually be *too small*.
+
+My current displays are 20" and 22" with a 16:10 aspect ratio, along
+with the weird exception of the Framework 3:2 "2k" display. They take
+18.35" and 20.13" in width respectively, for a total of about 38"
+inches width. That's pretty much the room I have to work with, in fact
+I would like that to be narrower.
+
+One option is to have one monitor in landscape mode and the other in
+portrait, that way one can be used to read longer things (hello logs
+and stupidly long articles like this) and the other be "normal", while
+still saving space.
+
+So, in short, 38" width total. This *may* be accomplished by two 27"
+4k monitors side by side, one in landscape mode. For example this
+[28" Asus VP28UQGL monitor](https://www.asus.com/us/displays-desktops/monitors/gaming/vp28uqgl/techspec/) is 26" wide and 15" tall, which adds up
+to 41" total. A tad too wide. This [27" Asus pa279cv
+monitor](https://www.asus.com/us/displays-desktops/monitors/proart/proart-display-pa279cv/techspec/) is 24" wide and 14.5" tall, which is only half an inch
+wider than the current setup.
+
+So it seems the target size would be a 27" monitor.
+
+## Budget
+
+I'm neither rich or broke, and dislike spending lots of money on
+computer hardware. I especially do not like the tendency of scrapping
+hardware every 5 year to get the "best new thing", which is why I'm
+still using decades old monitors (although I have disposed of my old
+CRT monitors a while back, I must admit).
+
+I guess I'm expecting to spend less than 2k$ CAD on this.
+
+## Latency
+
+Latency might seem like a trivial concern for a non-gamer, but it
+actually matters. In their [Typing with pleasure](https://pavelfatin.com/typing-with-pleasure/#output-latency) article, Pavel
+Fatin explains that even 1ms delays matter. In my [[terminal emulators
+review|blog/2018-05-04-terminal-emulators-2/#latency]], I argue that
+we should follow the GNOME HIG that sets the bar at 10ms. Considering
+that my main work tool (Emacs) has a mean *input* latency of around
+5ms, adding 5ms latency to the *output*, just through the monitor, is
+unacceptable.
+
+So I'll set the bar, arbitrarily, at 2ms, but ideal this would be 1ms
+or below. 
+
+Keep in mind that the best total input latency for a computer is
+currently at 30, with the Apple IIe, [according to Dan Luu](https://danluu.com/input-lag/). But
+that takes into account the entire processing cycle, which includes
+input, processing and output, if we adhere to Fatin's vocabulary. The
+benchmarks I performed in my blog post concern only the *processing*
+side of things, as we don't physically bash on the keyboard to
+generate those keypresses. In other words, assuming a 2ms latency in
+the monitor and 5ms in Emacs, what we actually have is:
+
+| Source | Latency | Notes |
+| ------ | ------- | ----- |
+| Input  | 14 ms   | Fatin, section 2.1, avergge |
+| Emacs  | 5 ms    | Anarcat, section 1, rounded mean |
+| Screen refresh | 8 ms | Fatin, section 2.3, average with 60Hz monitor |
+| Pixel response | 2 ms | Assumption, above |
+| Total  | 29 ms |
+
+So *in theory*, with a 2ms monitor and best conditions in Emacs, we
+should rival the Apple IIe input latency. In practice, considering
+Luu's results, it's very likely that I'm missing some numbers here and
+latency is actually much higher.
+
+In any case, that's way beyond the 10ms objective, so it makes sense
+to reduce the monitor latency if possible. In fact, when looking at
+this, one has to wonder if the [[keyboard]] would be a better place to
+look for latency improvements. After all 7 ms spent in debouncing
+seems pretty horrible...
+
+## Gamut and HDR
+
+I don't do much photography these days, but I would love to get back
+into it and for that, a wider than normal gamut is a must. Minimum is
+of course 100% sRGB, but having significant coverage of [Adobe RGB](https://en.wikipedia.org/wiki/Adobe_RGB_color_space)
+and [DCI-P3](https://en.wikipedia.org/wiki/DCI-P3) would be nice.
+
+HDR is another beast. It's not well supported by Linux at all at this
+point, as of 2023, work was [just starting](https://www.phoronix.com/news/Valve-HDR-Linux-Gaming-Begins), [hackfest
+level](https://emersion.fr/blog/2023/hdr-hackfest-wrap-up/). The support from monitors is also far ranging: Apple has
+made significant progress in that space, but [Mini LED monitors](https://arstechnica.com/gadgets/2023/04/oled-is-great-but-where-are-all-the-mini-led-laptops/)
+are not yet commercialized. So I'd classify this as a nice to have.
+
 Monitor inventory
 =================
 
@@ -131,49 +260,6 @@ Normal
 
 Another idea: a [USB C monitor](https://etbe.coker.com.au/2020/07/02/desklab-portable-usb-c-monitor/)
 
-Note on latency
----------------
-
-Latency might seem like a trivial concern for a non-gamer, but it
-actually matters. In their [Typing with pleasure](https://pavelfatin.com/typing-with-pleasure/#output-latency) article, Pavel
-Fatin explains that even 1ms delays matter. In my [[terminal emulators
-review|blog/2018-05-04-terminal-emulators-2/#latency]], I argue that
-we should follow the GNOME HIG that sets the bar at 10ms. Considering
-that my main work tool (Emacs) has a mean *input* latency of around
-5ms, adding 5ms latency to the *output*, just through the monitor, is
-unacceptable.
-
-So I'll set the bar, arbitrarily, at 2ms, but ideal this would be 1ms
-or below. 
-
-Keep in mind that the best total input latency for a computer is
-currently at 30, with the Apple IIe, [according to Dan Luu](https://danluu.com/input-lag/). But
-that takes into account the entire processing cycle, which includes
-input, processing and output, if we adhere to Fatin's vocabulary. The
-benchmarks I performed in my blog post concern only the *processing*
-side of things, as we don't physically bash on the keyboard to
-generate those keypresses. In other words, assuming a 2ms latency in
-the monitor and 5ms in Emacs, what we actually have is:
-
-| Source | Latency | Notes |
-| ------ | ------- | ----- |
-| Input  | 14 ms   | Fatin, section 2.1, avergge |
-| Emacs  | 5 ms    | Anarcat, section 1, rounded mean |
-| Screen refresh | 8 ms | Fatin, section 2.3, average with 60Hz monitor |
-| Pixel response | 2 ms | Assumption, above |
-| Total  | 29 ms |
-
-So *in theory*, with a 2ms monitor and best conditions in Emacs, we
-should rival the Apple IIe input latency. In practice, considering
-Luu's results, it's very likely that I'm missing some numbers here and
-latency is actually much higher.
-
-In any case, that's way beyond the 10ms objective, so it makes sense
-to reduce the monitor latency if possible. In fact, when looking at
-this, one has to wonder if the [[keyboard]] would be a better place to
-look for latency improvements. After all 7 ms spent in debouncing
-seems pretty horrible...
-
 Mounts
 ======
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 872c39e1..4a19e4eb 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -83,6 +83,7 @@ The spec here is at least 65W USB-C with international plugs.
   links and free stuff, to which I have said (basically) sure, send me
   stuff and then they said "oh canada we don't ship there",
   interesting gear nevertheless)
+* StarLabs have a [65W USB-C charger](https://ca.starlabs.systems/collections/power-cables/products/65w-gan-usb-c-power-adapter) with detachable plugs
 
 ### TOFU power station
 
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index ae832c70..08e9f8a6 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -338,6 +338,15 @@ direct sunlight. It's also not good for your eyes and your sleep, but
 those are generally cheaper and more powerful than ebook readers
 because the technology is more common.
 
+## Star Labs
+
+https://ca.starlabs.systems/pages/starlite
+
+Linux tablet, fanless, 3k display, attached magnetic keyboard, micro
+HDMI, 2x USB-C, micro SD, headphone jack, secure boot, LVFS, coreboot,
+512GB - 2TB SSD, 16GB DDR5, 2x 2k camera, 12h battery life, ubuntu
+supported out of the box, 600-900$, not yet available.
+
 ## Sony
 
 Sony has a [Xperia Z2 tablet](https://en.wikipedia.org/wiki/Sony_Xperia_Z2_tablet) that was recommended on the `#tech`

diff --git a/services/wifi.mdwn b/services/wifi.mdwn
index 1b6e380d..af78ab19 100644
--- a/services/wifi.mdwn
+++ b/services/wifi.mdwn
@@ -80,14 +80,22 @@ house, one for the whole second floor and two in the first floor.
 
 ## Other racks:
 
- * <https://www.deploydepot.ca/rack-equipment-1/>
- * <https://lextec.com/product-category/racks-brackets-shelves/>
- * <https://www.monoprice.com/category/networking/network-racks-&-cabinets>
- * <https://www.canadacomputers.com/index.php?cPath=38_944> and
-   particularly
-   <https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=166475>
- * <https://recyborg.com/?s=rack&post_type=product&type_aws=true>
- * <https://recyborg.com/?s=gigabit&post_type=product&type_aws=true>
+ * [deploydepot.ca has racks and shelves](https://www.deploydepot.ca/rack-equipment-1/), this [10" shelf could
+   hold routers](https://www.deploydepot.ca/startech-com-1u-server-rack-cabinet-shelf-fixed-10-deep-cantilever-rackmount-tray-for-19-data-av-network-enclosure-w-cage-nuts-screws-cabshelf1u10/) (44lbs, 48$), and [this 2U shelf could hold
+   marcos](https://www.deploydepot.ca/startech-com-2u-rack-mount-cantilever-2-post-shelf-mid-center-mount-server-rack-cabinet-shelf-150lbs-68kg-cabshf2post/) (100$, 150lbs, back-ordered), and they have this [2-post
+   12U rack](https://www.deploydepot.ca/startech-com-heavy-duty-2-post-rack-open-frame-server-rack-12u-2postrack12/) (195$)
+ * [LexTec has racks and shelves](https://lextec.com/product-category/racks-brackets-shelves/) but their [shelves section](https://lextec.com/product-category/racks-brackets-shelves/shelves-racks-brackets-shelves/solid/) is
+   the most interesting, e.g. this [3u vented shelf](https://lextec.com/shop/racks-brackets-shelves/shelves-racks-brackets-shelves/vented/19-inch-front-mount-vented-shelf-3u/) might work for
+   marcos (20" depth is just 0.9" short of the machine's depth
+   (20.9"), 93.92$, and this [7" short shelf](https://lextec.com/shop/racks-brackets-shelves/shelves-racks-brackets-shelves/solid/rasu190107ubk1-hammond-1u-cantilever-solid-shelf-7/) could hold router and
+   other small equipment
+ * [Monoprice has racks](https://www.monoprice.com/category/networking/network-racks-&-cabinets) but not a great selection
+ * [Canada Computers also has racks and shelves](https://www.canadacomputers.com/index.php?cPath=38_944), [this 2U one
+   might do it](https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=219884) for marcos (102$) but barely, this [cheap shelf
+   (45$)](https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=066549) could hold the routers, but is back-ordered, so maybe
+   [this deeper shelf](https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=144628) (16" 44lbs) could do it, and this [18U
+   rack](https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=166475) is quite interesting, 385$
+ * [recyborg sometimes has racks](https://recyborg.com/?s=rack&post_type=product&type_aws=true) and [gigabit switches](https://recyborg.com/?s=gigabit&post_type=product&type_aws=true)
 
 ## Why OpenWRT
 

diff --git a/services/wifi.mdwn b/services/wifi.mdwn
index 739f5d3b..1b6e380d 100644
--- a/services/wifi.mdwn
+++ b/services/wifi.mdwn
@@ -80,14 +80,14 @@ house, one for the whole second floor and two in the first floor.
 
 ## Other racks:
 
- * https://www.deploydepot.ca/rack-equipment-1/
- * https://lextec.com/product-category/racks-brackets-shelves/
- * https://www.monoprice.com/category/networking/network-racks-&-cabinets
- * https://www.canadacomputers.com/index.php?cPath=38_944 and
+ * <https://www.deploydepot.ca/rack-equipment-1/>
+ * <https://lextec.com/product-category/racks-brackets-shelves/>
+ * <https://www.monoprice.com/category/networking/network-racks-&-cabinets>
+ * <https://www.canadacomputers.com/index.php?cPath=38_944> and
    particularly
-   https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=166475
- * https://recyborg.com/?s=rack&post_type=product&type_aws=true
- * https://recyborg.com/?s=gigabit&post_type=product&type_aws=true
+   <https://www.canadacomputers.com/product_info.php?cPath=38_944&item_id=166475>
+ * <https://recyborg.com/?s=rack&post_type=product&type_aws=true>
+ * <https://recyborg.com/?s=gigabit&post_type=product&type_aws=true>
 
 ## Why OpenWRT
 

diff --git a/software/zfs.md b/software/zfs.md
index fa9f07aa..2434e5ad 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -4,6 +4,9 @@
 
 # Installation
 
+The installation itself is not documented here, see below for examples
+instead.
+
 ## Example installations
 
  * [[Migration of a workstation to ZFS|blog/2022-11-17-zfs-migration]]
@@ -47,7 +50,12 @@ some metadata about the filesystem. Deduplication is limited to the
 dataset level.
 
 Therefore, it might be better to use LUKS encryption underneath ZFS to
-configure fully encrypted systems, although I haven't tested this directly.
+configure fully encrypted systems, although I haven't tested this
+directly.
+
+Note that I use `dropbear-initramfs` alongside `zfs-initramfs` to
+unlock the partitions remotely. This requires the key in
+`/etc/dropbear/authorized_keys` as normal.
 
 ## TRIM
 

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 6a14b1f5..8fb2eb51 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -1564,7 +1564,15 @@ either.
 
 Even worse, the USB-A ports now sometimes [fails to resume after
 suspend](https://community.frame.work/t/responded-usb-a-expansion-card-stops-working-until-unplugged/26579?u=anarcat), which is pretty annoying. This is a [known problem](https://community.frame.work/t/12th-gen-intel-core-bios-3-06-beta/25726/109?u=anarcat)
-that will hopefully get fixed in the final release.
+that will hopefully get fixed in the final release. Update: I have
+since then [[replaced my
+YubiKey|blog/2023-08-09-openpgp-key-transition]] and the problem
+doesn't occur anymore. It is actually quite possible the old Yubikey
+was at fault.
+
+Note that there are now [2nd gen DisplayPort](https://frame.work/products/displayport-2nd-gen-expansion-card) and [2nd gen HDMI](https://frame.work/products/hdmi-expansion-card-3rd-gen)
+that supposedly help with those power management issues. They are
+untested for now.
 
 ### Battery wear protection
 

diff --git a/services/wifi.mdwn b/services/wifi.mdwn
index beb0903a..739f5d3b 100644
--- a/services/wifi.mdwn
+++ b/services/wifi.mdwn
@@ -44,7 +44,8 @@ house, one for the whole second floor and two in the first floor.
    bad, [170$ at Canada Computers](https://www.canadacomputers.com/product_info.php?cPath=27_1045&item_id=086410), [177$CAD at CDW](https://www.cdw.ca/product/tp-link-tl-sg2210p-8-port-gigabit-smart-poe-switch-with-2-sfp-slots-switc/3693751?enkwrd=SG2210P), watch out
    that this switch will fill up quick as each EAP245 takes its own
    12.3W of power and the switch can only provide 60W, so only 5 of
-   the 8 ports are actually usable in that sense
+   the 8 ports are actually usable in that sense. **Update: ordered
+   this from Staples!** (On sale at 90$.)
 
  * [Zyxel NWA50AX](https://www.zyxel.com/us/en-us/products/wireless/802-11ax-wifi-6-dual-radio-poe-access-point-nwa50ax/overview) was [recommended on reddit](https://old.reddit.com/r/openwrt/comments/1398t1b/power_over_ethernet_small_hotspot_recommendation/jj2vx2k/), [supported](https://openwrt.org/toh/hwdata/zyxel/zyxel_nwa50ax),
    with [antenna radiation patterns](https://download.zyxel.com/NWA50AX/antenna_specification_matrix/NWA50AX_1.pdf), mounting bracket, Wifi 6, NO

diff --git a/blog/mobile-massive-gallery.md b/blog/mobile-massive-gallery.md
index 003b900f..f4e7ae49 100644
--- a/blog/mobile-massive-gallery.md
+++ b/blog/mobile-massive-gallery.md
@@ -127,10 +127,12 @@ thumbnails...
 
 
 photoprism it is... compose-photoprism.yml in my home, new app in
-f-droid works
-excellently. https://f-droid.org/en/packages/ua.com.radiokot.photoprism/
-([source code](https://github.com/Radiokot/photoprism-android-client)
+f-droid works somewhat okay. https://f-droid.org/en/packages/ua.com.radiokot.photoprism/
+([source code](https://github.com/Radiokot/photoprism-android-client)) problems are mostly images that don't load and
+there are performance issues. there's no offline mode either.
 
 consider tls client certs.
 
+update: https://apps.nextcloud.com/apps/memories seems to do what we need
+
 [[!tag draft]]

diff --git a/services/wifi.mdwn b/services/wifi.mdwn
index eb5b0487..beb0903a 100644
--- a/services/wifi.mdwn
+++ b/services/wifi.mdwn
@@ -1,4 +1,6 @@
-# Hotspot reviews
+[[!toc levels=3]]
+
+# Wifi replacement project
 
 [Discussed on reddit](https://www.reddit.com/r/openwrt/comments/1398t1b/power_over_ethernet_small_hotspot_recommendation/). The plan is to have three hotspots in the
 house, one for the whole second floor and two in the first floor.

diff --git a/services/wifi.mdwn b/services/wifi.mdwn
index 4585224c..eb5b0487 100644
--- a/services/wifi.mdwn
+++ b/services/wifi.mdwn
@@ -3,7 +3,7 @@
 [Discussed on reddit](https://www.reddit.com/r/openwrt/comments/1398t1b/power_over_ethernet_small_hotspot_recommendation/). The plan is to have three hotspots in the
 house, one for the whole second floor and two in the first floor.
 
-Specification:
+## Requirements
 
  * small footprint
  * ceiling mount, ideally with a nice socket for easier installation
@@ -14,7 +14,7 @@ Specification:
  * must run OpenWRT and still be supported
  * can be bought in Canada, ideally
 
-Possible models:
+## Possible models
 
  * [Ubiquiti Access Point U6 Lite](https://store.ui.com/products/u6-lite-us): 100$, [132$CAD at .ca store,
    backorder](https://ca.store.ui.com/ca/en/collections/unifi-network-wireless/products/u6-lite), [150$CAD at convertbit.ca](https://converbit.ca/u6-lite-wifi-6-ap-unifi-pas-de-poe-48v-inclus/), [144$ at
@@ -57,7 +57,7 @@ Possible models:
    shipping](https://www.amazon.com/AX1800-Wireless-Seamless-WPA3-PSK-Management/dp/B09924QS1T). WARNING: Zyxel routers recently had a serious
    security issue that [led to thousands of routers joining a botnet](https://arstechnica.com/information-technology/2023/05/researchers-tell-owners-to-assume-compromise-of-unpatched-zyxel-firewalls/).
 
-Discarded:
+### Discarded
 
  * [TP-Link EAP690](https://www.tp-link.com/uk/business-networking/ceiling-mount-ap/eap690e-hd/) also interesting (10gbit port!) but not in sale
    locally and not supported (6GHz), [EPA620](https://www.tp-link.com/en/business-networking/omada-sdn-access-point/eap620-hd/) also interesting and
@@ -75,7 +75,7 @@ Discarded:
    extra 45$... i already have one of those so i guess i could just
    buy the PoE adapter... but i find their thing a little confusing
 
-Other racks:
+## Other racks:
 
  * https://www.deploydepot.ca/rack-equipment-1/
  * https://lextec.com/product-category/racks-brackets-shelves/
@@ -86,6 +86,8 @@ Other racks:
  * https://recyborg.com/?s=rack&post_type=product&type_aws=true
  * https://recyborg.com/?s=gigabit&post_type=product&type_aws=true
 
+## Why OpenWRT
+
 The point of running OpenWRT on the APs is to get monitoring about
 traffic on each node, which can be done with the Prometheus node
 exporter that can be installed in OpenWRT.
@@ -101,6 +103,15 @@ fallback to OpenWRT if we don't like the basic system. It also allows
 us to run a heterogeneous environment and not be forced to use a
 single solution for all networking hardware.
 
+## Current inventory
+
+ * [[hardware/atwood]]: Turris MOX 5GHz, location and configuration
+   unknown (bridge?)
+ * [[hardware/server/plastik]]: bridge, in office storage, TP-LINK
+   TL-WR1043ND v1.x
+ * [[hardware/rosa]]: bridge, in office storage, TP-Link AC1750 v5
+ * [[hardware/octavia]]: router, in home storage, Turris Omnia
+
 # AP public (désuet)
 
 J'ai depuis longtemps un point d'accès ouvert mais maintenant contrôlé pour donner accès publiquement à internet.

diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 7923aa27..c97c8f5c 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -347,4 +347,13 @@ https://next.wooting.io/wooting-60he
  * modular keyboard (can fit in other cases)
  * spill resistant
 
+## Model F labs
+
+A rebuild of the model F keyboard from IBM, but with different layouts
+including split and TKL, and an open firmware (QMK and others):
+
+<https://www.modelfkeyboards.com/>
+
+Interesting if you can afford the noise.
+
 [[!tag research]]

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 47193800..6a14b1f5 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2062,6 +2062,7 @@ long road trip across the continental US.
    * [3D printed expansion card holder](https://www.printables.com/model/328421-framework-laptop-expansion-card-holder)
    * [LTE modem card](https://community.frame.work/t/lte-cat-4-cell-modem-card/9454) (design stage)
    * [ESP32-S3 expansion card](https://spacehuhn.store/products/framework-esp32-s3-expansion-card) ([source](https://github.com/SpacehuhnTech/framework), [video](https://www.youtube.com/watch?v=IML9c_MsyQU))
+   * [UART adapter](https://www.tindie.com/products/i2c-labs/uart-expansion-card/)
    * check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those
 
  * upstream resources:

diff --git a/blog/2023-08-09-openpgp-key-transition.md b/blog/2023-08-09-openpgp-key-transition.md
index 8ad97350..722442c4 100644
--- a/blog/2023-08-09-openpgp-key-transition.md
+++ b/blog/2023-08-09-openpgp-key-transition.md
@@ -69,7 +69,10 @@ it keeps surprising me with evilness and oddities.
 I have high hopes that the [Sequoia project](https://sequoia-pgp.org/) can bring some sanity
 into this space, and I also hope that [RFC4880bis](https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis-10) can eventually
 get somewhere so we have a more solid specification with more robust
-crypto. It's kind of a shame that this has dragged on for so long, but
+crypto. <del>It's kind of a shame that this has dragged on for so
+long, but</del> Update: there's a *separate* draft called
+[openpgp-crypto-refresh](https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh) that might actually be adopted as the
+"OpenPGP RFC" soon! And
 it doesn't keep real work from happening in Sequoia and other
 implementations. Thunderbird rewrote their OpenPGP implementation with
 [RNP](https://www.rnpgp.org/) (which was, granted, a bumpy road because it lost

diff --git a/blog/2023-08-09-openpgp-key-transition.md b/blog/2023-08-09-openpgp-key-transition.md
index 319cf133..8ad97350 100644
--- a/blog/2023-08-09-openpgp-key-transition.md
+++ b/blog/2023-08-09-openpgp-key-transition.md
@@ -89,6 +89,5 @@ mistakes our community has done in the past at least...
 
 [[!tag openpgp gnupg meta debian-planet debian python-planet]]
 
-
 <!-- posted to the federation on 2023-08-09T14:19:30.030130 -->
-[[!mastodon "https://kolektiva.social/@Anarcat/110861036203087473"]]
\ No newline at end of file
+[[!mastodon "https://kolektiva.social/@Anarcat/110861036203087473"]]

diff --git a/blog/2023-08-09-openpgp-key-transition.md b/blog/2023-08-09-openpgp-key-transition.md
index 81c9278b..319cf133 100644
--- a/blog/2023-08-09-openpgp-key-transition.md
+++ b/blog/2023-08-09-openpgp-key-transition.md
@@ -88,3 +88,7 @@ anyway, just more slowly. If they do, let's hope they avoid the
 mistakes our community has done in the past at least...
 
 [[!tag openpgp gnupg meta debian-planet debian python-planet]]
+
+
+<!-- posted to the federation on 2023-08-09T14:19:30.030130 -->
+[[!mastodon "https://kolektiva.social/@Anarcat/110861036203087473"]]
\ No newline at end of file

diff --git a/blog/2023-06-01-openpgp-key-transition.md b/blog/2023-08-09-openpgp-key-transition.md
similarity index 98%
rename from blog/2023-06-01-openpgp-key-transition.md
rename to blog/2023-08-09-openpgp-key-transition.md
index a461526b..81c9278b 100644
--- a/blog/2023-06-01-openpgp-key-transition.md
+++ b/blog/2023-08-09-openpgp-key-transition.md
@@ -22,8 +22,7 @@ precautions to take](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/yu
 
 I am toying with the idea of writing an article specifically about
 disaster recovery for secrets and backups, dealing specifically with
-cases of death or disabilities. This is one of many drafts I am
-thinking of right now...
+cases of death or disabilities.
 
 # Autocrypt changes
 
@@ -59,7 +58,7 @@ script](https://gitlab.com/anarcat/scripts/-/blob/main/autocrypt-key-import?ref_
 While some have [claimed OpenPGP's death](https://www.wired.co.uk/article/efail-pgp-vulnerability-outlook-thunderbird-smime), I believe those are
 overstated. Maybe it's just me, but I still use OpenPGP for my
 password management, to authenticate users and messages, and it's the
-interface to my YubiKey for authenticating to SSH servers.
+interface to my YubiKey for authenticating with SSH servers.
 
 I understand people feel that OpenPGP is possibly insecure,
 counter-intuitive and full of problems, but I think most of those
@@ -88,4 +87,4 @@ replace it, but I suspect they will end up rebuilding most of OpenPGP
 anyway, just more slowly. If they do, let's hope they avoid the
 mistakes our community has done in the past at least...
 
-[[!tag draft]]
+[[!tag openpgp gnupg meta debian-planet debian python-planet]]

diff --git a/blog/2023-06-01-openpgp-key-transition.md b/blog/2023-06-01-openpgp-key-transition.md
new file mode 100644
index 00000000..a461526b
--- /dev/null
+++ b/blog/2023-06-01-openpgp-key-transition.md
@@ -0,0 +1,91 @@
+[[!meta title="OpenPGP key transition"]]
+
+This is a short announcement to say that I have changed my main
+OpenPGP key. A [signed statement](https://anarc.at/openpgp-transition-2023.txt) is available with the
+cryptographic details but, in short, the reason is that I stopped
+using my old YubiKey NEO that I have worn on my keyring [[since
+2015|blog/2017-10-26-comparison-cryptographic-keycards]]. 
+
+I now have a YubiKey 5 which supports ED25519 which features much
+shorter keys and faster decryption. It allowed me to move all my
+secret subkeys on the key (including encryption keys) while retaining
+reasonable performance.
+
+I have written [extensive documentation on how to do that OpenPGP key
+rotation](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/openpgp#rotating-keys) and also [YubiKey OpenPGP operations](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/yubikey#openpgp-operations).
+
+# Warning on storing encryption keys on a YubiKey
+
+People wishing to move their private encryption keys to such a
+security token should be very careful as there are [special
+precautions to take](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/yubikey#special-considerations-for-storing-encryption-keys) for disaster recovery.
+
+I am toying with the idea of writing an article specifically about
+disaster recovery for secrets and backups, dealing specifically with
+cases of death or disabilities. This is one of many drafts I am
+thinking of right now...
+
+# Autocrypt changes
+
+One nice change is the impact on [Autocrypt](https://autocrypt.org/) headers, which are
+considerably shorter.
+
+Before, the header didn't even fit on a single line in an email, it
+overflowed to *five* lines:
+
+    Autocrypt: addr=anarcat@torproject.org; prefer-encrypt=nopreference;
+     keydata=xsFNBEogKJ4BEADHRk8dXcT3VmnEZQQdiAaNw8pmnoRG2QkoAvv42q9Ua+DRVe/yAEUd03EOXbMJl++YKWpVuzSFr7IlZ+/lJHOCqDeSsBD6LKBSx/7uH2EOIDizGwfZNF3u7X+gVBMy2V7rTClDJM1eT9QuLMfMakpZkIe2PpGE4g5zbGZixn9er+wEmzk2mt20RImMeLK3jyd6vPb1/Ph9+bTEuEXi6/WDxJ6+b5peWydKOdY1tSbkWZgdi+Bup72DLUGZATE3+Ju5+rFXtb/1/po5dZirhaSRZjZA6sQhyFM/ZhIj92mUM8JJrhkeAC0iJejn4SW8ps2NoPm0kAfVu6apgVACaNmFb4nBAb2k1KWru+UMQnV+VxDVdxhpV628Tn9+8oDg6c+dO3RCCmw+nUUPjeGU0k19S6fNIbNPRlElS31QGL4H0IazZqnE+kw6ojn4Q44h8u7iOfpeanVumtp0lJs6dE2nRw0EdAlt535iQbxHIOy2x5m9IdJ6q1wWFFQDskG+ybN2Qy7SZMQtjjOqM+CmdeAnQGVwxowSDPbHfFpYeCEb+Wzya337Jy9yJwkfa+V7e7Lkv9/OysEsV4hJrOh8YXu9a4qBWZvZHnIO7zRbz7cqVBKmdrL2iGqpEUv/x5onjNQwpjSVX5S+ZRBZTzah0w186IpXVxsU8dSk0yeQskblrwARAQABzSlBbnRvaW5lIEJlYXVwcsOpIDxhbmFyY2F0QHRvcnByb2plY3Qub3JnPsLBlAQTAQgAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5kFGwEitUPu3khUlJ7dZIeBQJihnFIBQkacFLiAAoJEHkhUlJ7dZIeXNAP/RsX+27l9K5uGspEaMH6jabAFTQVWD8Ch1om9YvrBgfYtq2k/m4WlkMh9IpT89Ahmlf0eq+V1Vph4wwXBS5McK0dzoFuHXJa1WHThNMaexgHhqJOs
+     S60bWyLH4QnGxNaOoQvuAXiCYV4amKl7hSuDVZEn/9etDgm/UhGn2KS3yg0XFsqI7V/3RopHiDT+k7+zpAKd3st2V74w6ht+EFp2Gj0sNTBoCdbmIkRhiLyH9S4B+0Z5dUCUEopGIKKOSbQwyD5jILXEi7VTZhN0CrwIcCuqNo7OXI6e8gJd8McymqK4JrVoCipJbLzyOLxZMxGz8Ki0b9O844/DTzwcYcg9I1qogCsGmZfgVze2XtGxY+9zwSpeCLeef6QOPQ0uxsEYSfVgS+onCesSRCgwAPmppPiva+UlGuIMun87gPpQpV2fqFg/V8zBxRvs6YTGcfcQjfMoBHmZTGb+jk1//QAgnXMO7fGG38YH7iQSSzkmodrH2s27ZKgUTHVxpBL85ptftuRqbR7MzIKXZsKdA88kjIKKXwMmez9L1VbJkM4k+1Kzc5KdVydwi+ujpNegF6ZU8KDNFiN9TbDOlRxK5R+AjwdS8ZOIa4nci77KbNF9OZuO3l/FZwiKp8IFJ1nK7uiKUjmCukL0od/6X2rJtAzJmO5Co93ZVrd5r48oqUvjklzzsBNBFmeC3oBCADEV28RKzbv3dEbOocOsJQWr1R0EHUcbS270CrQZfb9VCZWkFlQ/1ypqFFQSjmmUGbNX2CG5mivVsW6Vgm7gg8HEnVCqzL02BPY4OmylskYMFI5Bra2wRNNQBgjg39L9XU4866q3BQzJp3r0fLRVH8gHM54Jf0FVmTyHotR/Xiw5YavNy2qaQXesqqUv8HBIha0rFblbuYI/cFwOtJ47gu0QmgrU0ytDjlnmDNx4rfsNylwTIHS0Oc7Pezp7MzLmZxnTM9b5VMprAXnQr4rewXCOUKBSto+j4rD5/77DzXw96bbueNruaupb2Iy2OHXNGkB0vKFD3xHsXE2x75NBovtABEBAAHCwqwEGAEIACAWIQSNyQHOZBRsBIrVD7t5IVJSe3WSHgUCWZ4LegIbAgFACRB5IV
+     JSe3WSHsB0IAQZAQgAHRYhBHsWQgTQlnI7AZY1qz6h3d2yYdl7BQJZngt6AAoJED6h3d2yYdl7CowH/Rp7GHEoPZTSUK8Ss7crwRmuAIDGBbSPkZbGmm4bOTaNs/gealc2tsVYpoMx7aYgqUW+t+84XciKHT+bjRv8uBnHescKZgDaomDuDKc2JVyx6samGFYuYPcGFReRcdmH0FOoPCn7bMW5mTPztV/wIA80LZD9kPKIXanfUyI3HLP0BPwZG4WTpKzJaalR1BNwu2oF6kEK0ymH3LfDiJ5Sr6emI2jrm4gH+/19ux/x+ST4tvm2PmH3BSQOPzgiqDiFd7RZoAIhmwr3FW4epsK9LtSxsi9gZ2vATBKO1oKtb6olW/keQT6uQCjqPSGojwzGRT2thEANH+5t6Vh0oDPZhrKUXRAAxHMBNHEaoo/M0sjZo+5OF3Ig1rMnI6XbKskLv6hu13cCymW0w/5E4XuYnyQ1cNC3pLvqDQbDx5mAPfBVHuqxJdRLQ3yDM/D2QIsxnkzQwi0FsJuni4vuJzWK/NHHDCvxMCh0YmSgbptUtgW8/niatd2Y6MbfRGxUHoctKtzqzivC8hKMTFrj4AbZhg/e9QVCsh5zSXtpWP0qFDJsxRMx0/432n9d4XUiy4U672r9Q09SsynB3QN6nTaCTWCIxGxjIb+8kJrRqTGwy/PElHX6kF0vQUWZNf2ITV1sd6LK/s/7sH+x4rzgUEHrsKr/qPvY3rUY/dQLd+owXesY83ANOu6oMWhSJnPMksbNa4tIKKbjmw3CFIOfoYHOWf3FtnydHNXoXfj4nBX8oSnkfhLILTJgf6JDFXfw6mTsv/jMzIfDs7PO1LK2oMK0+prSvSoM8bP9dmVEGIurzsTGjhTOBcb0zgyCmYVD3S48vZlTgHszAes1zwaCyt3/tOwrzU5JsRJVns+B/TUYaR/u3oIDMDygvE5ObWxXaFVnCC59r+zl0FazZ0ouyk2AYIR
+     zHf+n1n98HCngRO4FRel2yzGDYO2rLPkXRm+NHCRvUA/i4zGkJs2AV0hsKK9/x8uMkBjHAdAheXhY+CsizGzsKjjfwvgqf84LwAzSDdZqLVE2yGTOwU0ESiArJwEQAJhtnC6pScWjzvvQ6rCTGAai6hrRiN6VLVVFLIMaMnlUp92EtgVSNpw6kANtRTpKXUB5fIPZVUrVdfEN06t96/6LE42tgifDAFyFTZY5FdHHri1GG/Cr39MpW2VqCDCtTTPVWHTUlU1ZG631BJ+9NB+ce58TmLr6wBTQrT+W367eRFBC54EsLNb7zQAspCn9pw1xf1XNHOGnrAQ4r9BXhOW5B8CzRd4nLRQwVgtw/c5M/bjemAOoq2WkwN+0mfJe4TSfHwFUozXuN274X+0Gr10fhp8xEDYuQM0qu6W3aDXMBBwIu0jTNudEELsTzhKUbqpsBc9WjwNMCZoCuSw/RTpFBV35mXbqQoQgbcU7uWZslLl9Wvv/C6rjXgd+GeX8SGBjTqq1ZkTv5UXLHTNQzPnbkNEExzqToi/QdSjFMIACnakeOSxc0ckfnsd9pfGv1PUyPyiwrHiqWFzBijzGIZEHxhNGFxAkXwTJR7Pd40a7RDxwbO6p/TSIIum41JtteehLHwTRDdQNMoyfLxuNLEtNYS0uR2jYI1EPQfCNWXCdT2ZK/l6GVP6jyB/olHBIOr+oVXqJh+48ki8cATPczhq3fUr7UivmguGwD67/4omZ4PCKtz1hNndnyYFS9QldEGo+AsB3AoUpVIA0XfQVkxD9IZr+Zu6aJ6nWq4M2bsoxABEBAAHCwXYEGAEIACACGwwWIQSNyQHOZBRsBIrVD7t5IVJSe3WSHgUCWPerZAAKCRB5IVJSe3WSHkIgEACTpxdn/FKrwH0/LDpZDTKWEWm4416l13RjhSt9CUhZ/Gm2GNfXcVTfoF/jKXXgjHcV1DHjfLUPmPVwMdqlf5ACOiFqIUM2ag/OEARh356w
+     YG7YEobMjX0CThKe6AV2118XNzRBw/S2IO1LWnL5qaGYPZONUa9Pj0OaErdKIk/V1wge8Zoav2fQPautBcRLW5VA33PH1ggoqKQ4ES1hc9HC6SYKzTCGixu97mu/vjOa8DYgM+33TosLyNy+bCzw62zJkMf89X0tTSdaJSj5Op0SrRvfgjbC2YpJOnXxHr9qaXFbBZQhLjemZi6zRzUNeJ6A3Nzs+gIc4H7s/bYBtcd4ugPEhDeCGffdS3TppH9PnvRXfoa5zj5bsKFgjqjWolCyAmEvd15tXz5yNXtvrpgDhjF5ozPiNp/1EeWX4DxbH2i17drVu4fXwauFZ6lcsAcJxnvCA28RlQlmEQu/gFOx1axVXf6GIuXnQSjQN6qJbByUYrdc/cFCxPO2/lGuUxnufN9Tvb51Qh54laPgGLrlD2huQeSD9Sxa0MNUjNY0qLqaReT99Ygb2LPYGSLoFVx9iZz6sZNt07LqCx9qNgsJwsdmwYsNpMuFbc7nkWjtlEqzsXZHTvYN654p43S+hcAhmmOzQZcew6h71fAJLciiqsPBnCEdgCGFAWhZZdPkMA==
+
+After the change, the entire key fits on a single line, neat!
+
+    Autocrypt: addr=anarcat@torproject.org; prefer-encrypt=nopreference;
+     keydata=xjMEZHZPzhYJKwYBBAHaRw8BAQdAWdVzOFRW6FYVpeVaDo3sC4aJ2kUW4ukdEZ36UJLAHd7NKUFudG9pbmUgQmVhdXByw6kgPGFuYXJjYXRAdG9ycHJvamVjdC5vcmc+wpUEExYIAD4WIQS7ts1MmNdOE1inUqYCKTpvpOU0cwUCZHZgvwIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRACKTpvpOU0c47SAPdEqfeHtFDx9UPhElZf7nSM69KyvPWXMocu9Kcu/sw1AQD5QkPzK5oxierims6/KUkIKDHdt8UcNp234V+UdD/ZB844BGR2UM4SCisGAQQBl1UBBQEBB0CYZha2IMY54WFXMG4S9/Smef54Pgon99LJ/hJ885p0ZAMBCAfCdwQYFggAIBYhBLu2zUyY104TWKdSpgIpOm+k5TRzBQJkdlDOAhsMAAoJEAIpOm+k5TRzBg0A+IbcsZhLx6FRIqBJCdfYMo7qovEo+vX0HZsUPRlq4HkBAIctCzmH3WyfOD/aUTeOF3tY+tIGUxxjQLGsNQZeGrQI
+
+Note that I have implemented my own kind of ridiculous Autocrypt
+support for the [Notmuch](https://notmuchmail.org/) [Emacs](https://notmuchmail.org/notmuch-emacs/) email client I use, see [this
+elisp code](https://gitlab.com/anarcat/emacs-d/-/blob/main/notmuch-config.el?ref_type=heads#L14-33). To import keys, I pipe the message into [this
+script](https://gitlab.com/anarcat/scripts/-/blob/main/autocrypt-key-import?ref_type=heads) which is basically just:
+
+    sq autocrypt decode | gpg --import
+
+... thanks to [Sequoia](https://sequoia-pgp.org/) best-of-class Autocrypt support.
+
+# Note on OpenPGP usage
+
+While some have [claimed OpenPGP's death](https://www.wired.co.uk/article/efail-pgp-vulnerability-outlook-thunderbird-smime), I believe those are
+overstated. Maybe it's just me, but I still use OpenPGP for my
+password management, to authenticate users and messages, and it's the
+interface to my YubiKey for authenticating to SSH servers.
+
+I understand people feel that OpenPGP is possibly insecure,
+counter-intuitive and full of problems, but I think most of those
+problems should instead be attributed to its current flagship
+implementation, GnuPG. I have tried to work with GnuPG for years, and
+it keeps surprising me with evilness and oddities.
+
+I have high hopes that the [Sequoia project](https://sequoia-pgp.org/) can bring some sanity
+into this space, and I also hope that [RFC4880bis](https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis-10) can eventually
+get somewhere so we have a more solid specification with more robust
+crypto. It's kind of a shame that this has dragged on for so long, but
+it doesn't keep real work from happening in Sequoia and other
+implementations. Thunderbird rewrote their OpenPGP implementation with
+[RNP](https://www.rnpgp.org/) (which was, granted, a bumpy road because it lost
+compatibility with GnuPG) and Sequoia now has a [certificate store
+with trust management](https://sequoia-pgp.org/blog/2023/04/08/sequoia-sq/) (but still no secret storage), [preliminary
+OpenPGP card support](https://gitlab.com/openpgp-card/openpgp-card) and even a [basic GnuPG compatibility
+layer](https://sequoia-pgp.org/blog/2022/12/19/202212-chameleon-0.1/). I'm also curious to try out the [OpenPGP CA
+capabilities](https://sequoia-pgp.org/blog/2021/05/12/202105-hello-openpgp-ca/).
+
+So maybe it's just because I'm becoming an old fart that doesn't want
+to change tools, but so far I haven't seen a good incentive in
+switching away from OpenPGP, and haven't found a good set of tools
+that completely replace it. Maybe OpenSSH's keys and CA can eventually
+replace it, but I suspect they will end up rebuilding most of OpenPGP
+anyway, just more slowly. If they do, let's hope they avoid the
+mistakes our community has done in the past at least...
+
+[[!tag draft]]
diff --git a/contact.mdwn b/contact.mdwn
index b057ac43..58dc8460 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -7,7 +7,7 @@ l'adresse: [anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
 
 Vous pouvez également encrypter vos messages avec cette
 [clef PGP](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe). Notez que
-[j'ai changé de clef](../pgp_transition.txt) en 2009.
+[j'ai changé de clef](../openpgp-transition-2023.txt) en 2023.
 
 > Note: vous pouvez également retrouver ma clé avec le protocole WKD:
 >
@@ -32,7 +32,7 @@ The best way to reach me is by email, use the address:
 
 You can also encrypt your messages with this [PGP key](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe), also
 available on key servers and the [Web Key Discover protocol](https://keyserver.mattrude.com/guides/web-key-directory/)
-(WKD). Note that I [changed key](../pgp_transition.txt) in 2009.
+(WKD). Note that I [changed key](../openpgp-transition-2023.txt) in 2023.
 
 > Note: this uses the WKD protocol, so you can also fetch my key with:
 >

diff --git a/blog/secrets-recovery.md b/blog/secrets-recovery.md
index 297376aa..fd5afeb2 100644
--- a/blog/secrets-recovery.md
+++ b/blog/secrets-recovery.md
@@ -13,9 +13,12 @@ like [qr-backup](https://github.com/za3k/qr-backup).
 include text: https://github.com/za3k/qr-backup/issues/48
 remove imagemagick dep: https://github.com/za3k/qr-backup/issues/47
 
-qr-backup just fails to print:
+qr-backup just fails to print, because of missing margins:
 https://github.com/za3k/qr-backup/issues/49
 
+https://github.com/za3k/qr-backup/issues?q=involves%3Aanarcat+sort%3Aupdated-desc
+monospace: https://github.com/za3k/qr-backup/pull/51
+
 https://github.com/jmlemetayer/gpg2qr only does pgp, less interesting.
 
 https://github.com/intra2net/paperbackup is interesting as well, as it
@@ -37,4 +40,13 @@ nmu'd python-qrencode
 
 https://github.com/intra2net/paperbackup/pull/18
 
+printed first batch with paperbackup, mostly because of #49
+
+... but could not actually recover, so going back to qr-backup.
+
+https://sites.google.com/view/chewkeanho/guides/gnupg/delete-primary-key-master-key#h.p_N3yQQH0lmXxd
+
 [[!tag draft]]
+
+17:53:28 <diederik> TIL you can specify a successor in GH account settings for when you die :-O
+qr-backup ITP https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021089

diff --git a/services/backup.mdwn b/services/backup.mdwn
index 7690857f..d5f81e1e 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -53,7 +53,13 @@ those drives in a single cohesive unit, as a NAS for example. See
    `git-annex` archive, previously `/srv`, but stripped of private
    data - see [this post about reinit](http://git-annex.branchable.com/todo/reinit_should_work_without_arguments/) - git-annex
    `incrementalbackup`
- * `toutatis`: 8TB Seagate Ironwolf drive on an offsite server
+ * `tubman`: 8TB ZFS storage offsite, LUKS-encrypted
+
+A shared server called `toutatis` was previously used to backup
+personal photo and video collections using git-annex encrypted
+remotes. This server has been replaced with a dedicated server called
+`tubman` and git-annex encryption was removed, see [encrypted
+remotes](#encrypted-remotes).
 
 ## Offsite (squirrel mode)
 
@@ -524,6 +530,21 @@ repositories, unfortunately.
 
 ## Encrypted remotes
 
+Note: this approach was abandoned as it was too clunky and
+error-prone. It also suffered from performance limitations and was
+generally just too had to figure out.
+
+One example of a screw up is that it seems I somehow managed to mix
+the gcrypt remote content with the git-annex encrypted contents. For
+some reason, I believe those two repos had to be separate and I must
+have interchanged them at some point, so some files ended up being in
+one repo or the other. Confusing.
+
+The rest of this section documents how this was setup, and is kept for
+historical purposes.
+
+----
+
 To setup the encrypted for pictures remotes, first the git-annex
 objects:
 

diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index ff73692e..7923aa27 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -92,6 +92,20 @@ Update: apparently, this is moot if the keyboard connects with a
 high-speed USB protocol. See [this video](https://www.youtube.com/watch?v=wdgULBpRoXk) from [Ben
 Eater](https://eater.net/), which shows a high-speed keyboard with 1ms latency.
 
+Also, Stapelberg made a lot of research on keyboard design and
+specifically did [human latency perception trials](https://michael.stapelberg.ch/posts/2018-04-17-kinx-latency-measurement/#input-latency-perception). It seems that
+most acute users can recognize 15ms latency and everyone can recognize
+100ms latency. His conclusion:
+
+> Reducing input latency still seems worthwhile to me: even if the
+> reduction happens under the threshold at which you can perceive
+> differences in input latency, it buys you more leeway in the entire
+> stack. In other words, you might now be able to turn on an expensive
+> editor feature which previously slowed down typing too much.
+
+His experiments showed ≈ 763 μs end-to-end latency in Emacs / Xorg
+with his KinX keyboard firmware, on average.
+
 ## Open firmware
 
 We now live in a world where every device has its own little computer,

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 9668fb25..fa961711 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -253,6 +253,7 @@ Other alternatives include:
  * [hybridbar](https://github.com/hcsubser/hybridbar)
  * [HybridBar](https://github.com/vars1ty/HybridBar) (yes, another)
  * [rootbar](https://hg.sr.ht/~scoopta/rootbar)
+ * [sandbar](https://github.com/kolunmi/sandbar)
  * [sfwbar](https://github.com/LBCrion/sfwbar)
  * [yambar](https://codeberg.org/dnkl/yambar)
 
@@ -609,6 +610,7 @@ profusion of options:
 | [sirula][]              | no             | `.desktop` based app launcher                                            |
 | [Ulauncher][]           | [ITP 949358][] | generic launcher like Onagre/rofi/alfred, might be overkill              |
 | [tofi][]                | yes, bookworm+ | dmenu/drun replacement, C                                                |
+| [wlr-which-key][]       | no             | key-driven, limited but simple launcher, inspired by which-key.nvim      |
 | [wmenu][]               | no             | fork of dmenu-wl, but mostly a rewrite                                   |
 | [Wofi][]                | yes            | dmenu/drun replacement, not actively maintained                          |
 | [yofi][]                | no             | dmenu/drun replacement, Rust                                             |
@@ -673,6 +675,7 @@ Note that [wlogout][] could be a partial replacement (just for the
 [two-line patch]: https://gitlab.com/anarcat/scripts/-/commit/3e8925e7f4257b44eb527bf7cb8f6d8687e9ed3b
 [wlogout]: https://github.com/ArtsyMacaw/wlogout
 [wofi-pass]: https://github.com/TinfoilSubmarine/wofi-pass
+[wlr-which-key]: https://github.com/MaxVerevkin/wlr-which-key
 
 ### Fuzzel
 

diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index 46579b1c..77102343 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -198,4 +198,17 @@ a look as well:
 
 Those have not been reviewed by myself in any shape or form.
 
+## Updates
+
+I had a nightmare time trying to convince bell to give me their sweet
+3gbps symmetric fiber link for 60$ / mth. I spent hours on the phone
+being bounced back between incompetence and hilarity, and eventually
+got a robo-call survey at the end. Awesome. They refuse to offer me
+service.
+
+Most reasonable deal I could find was Ebox, 120/20 for 55$/mth. That
+probably won't allow me to host the server there, but I have to get
+*something* moving, and I've heard you get notified when fiber does
+land, so I have hope.
+
 [[!tag debian-planet internet neutrality québec sysadmin diy montreal]]

diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index 9f15da76..46579b1c 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -86,6 +86,12 @@ I have *not* contacted those providers:
    Prices were quoted as 3gbps symmetric at 65$/mth (normally
    80$/mth), then 1, 1.5 or 2.5gbps at 60$/mth.
 
+   Update 2: turns out I don't have to break my vow after all. They
+   were *supposed* to call me back and (of course) didn't. When I
+   called back, they told me the line couldn't be qualified, so it
+   seems like Bell insists on offering crap old copper in a central
+   Montreal area in 2023.
+
  * Videotron: I know for a fact they do not allow servers on their
    network, and their [IPv6 has been in beta](https://support.videotron.com/residential/internet/monitor-usage/ipv6) [for so long](http://web.archive.org/web/20110713003117/http://soutien.videotron.com/residentiel/internet/ipv6) it
    has become somewhat of a joke now

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 3b4bb42d..9668fb25 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -698,17 +698,17 @@ scripts. I wrote the following:
 With those, I can basically use fuzzel or any other `dmenu`-compatible
 program and not care, it will "just work".
 
-## Image viewers: geeqie → ?
+## Image viewers: geeqie → geeqie?
 
 I'm not very happy with geeqie in the first place, and I suspect the
 Wayland switch will just make add impossible things on top of the
 things I already find irritating (Geeqie doesn't support copy-pasting
-images).
+images). (Update: Geeqie now does, in bookworm!)
 
 In practice, Geeqie doesn't seem to work so well under Wayland. The
 fonts are fuzzy and the thumbnail preview just doesn't work anymore
 (filed as [Debian bug 1024092][]). It seems it also has [problems
-with scaling][].
+with scaling][]. (Update: those are mostly solved.)
 
 Alternatives:
 

diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index d560218b..c99c7fbd 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -190,6 +190,10 @@ README file accompanying the Kubecon rant presentation][]. TL;DR:
 "makes me want to scream" and "yet another unsolved problem space,
 sigh" (refering to "display images full-screen" specifically).
 
+See also [this X11 list][] and [this Wayland list][].
+
+[this X11 list]: https://anarc.at/software/desktop/x11#image-viewer-geeqie-eog
+[this Wayland list]: https://anarc.at/software/desktop/wayland#image-viewers-geeqie-geeqie
 [the README file accompanying the Kubecon rant presentation]: https://gitlab.com/anarcat/presentation-ethics/-/blob/master/README.md
 
 [[!tag debian-planet python-planet software review]]
diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 0f60998d..3b4bb42d 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -721,8 +721,8 @@ Alternatives:
  * [swayimg][]: overlay, in Debian
  * [vimiv][]: vim-like keybindings, not in Debian
 
-See also [this list][] and [that list][] for other list of image
-viewers, not necessarily ported to Wayland.
+See also [this list][], [this X11 list][] and [that list][] for other
+list of image viewers, not necessarily ported to Wayland.
 
 TODO: pick an alternative to geeqie, nomacs would be gorgeous if it
 wouldn't be basically abandoned upstream (no release since 2020), has
@@ -747,6 +747,7 @@ So for now I'm still grumpily using Geeqie.
 [unpatched]: https://github.com/nomacs/nomacs/issues/516
 [CVE-2020-23884]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014124
 [bad vendoring]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974616
+[this X11 list]: https://anarc.at/software/desktop/x11#image-viewer-geeqie-eog
 
 ## Media player: mpv, gmpc / sublime
 
diff --git a/software/desktop/x11.md b/software/desktop/x11.md
index 089026d9..82a27606 100644
--- a/software/desktop/x11.md
+++ b/software/desktop/x11.md
@@ -190,12 +190,21 @@ Other alternatives I have considered or used in the past:
    exiv](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974616), [unfixed CVE](https://github.com/nomacs/nomacs/issues/516) ([CVE-2020-23884](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014124)), no release in 2
    years (as of 2022)
  * [pho](http://shallowsky.com/software/pho/): streamlined, minimal, batch operations, not in Debian
+ * [plio][]: sxiv rewrite, with sorting capacities
  * [sxiv](https://github.com/muennich/sxiv): abandoned upstream
  * [qview](https://interversehq.com/qview/): minimalist, relatively new (2018), promising
 
+[plio]: https://codeberg.org/klartext/plio
+
 I'm also using RPD and Darktable for my photography work, see
 [[communication/photo]] for details.
 
+See also [this Wayland list][], [this list][], or [that list][].
+
+[that list]: https://gitlab.com/anarcat/presentation-ethics/-/blob/master/README.md
+[this list]: https://anarc.at/blog/2020-09-30-presentation-tools/#other-options
+[this Wayland list]: https://anarc.at/software/desktop/wayland#image-viewers-geeqie-geeqie
+
 ## Screensaver: xsecurelock
 
 I used to use [xscreensaver](http://www.jwz.org/xscreensaver/), I recently (2022) switched to

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index ad39d9bb..0f60998d 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -855,7 +855,9 @@ security" that Wayland promises, however... Would installing such a
 program make my system less secure?
 
 Many other options are available, see the [awesome Wayland
-screencasting list][].
+screencasting list][]. In particular, see [wl-screenrec][] which has
+hardware encoding and much better performance, not in Debian (see
+[1040786][]).
 
 [peek]: https://github.com/phw/peek
 [simplescreenrecorder]: https://www.maartenbaert.be/simplescreenrecorder/
@@ -863,6 +865,8 @@ screencasting list][].
 [fork with Wayland support]: https://github.com/foxcpp/ssr-wlroots
 [wf-recorder]: https://github.com/ammen99/wf-recorder
 [awesome Wayland screencasting list]: https://github.com/natpen/awesome-wayland#screencasting
+[wl-screenrec]: https://github.com/russelltg/wl-screenrec
+[1040786]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040786
 
 ## RSI: workrave → nothing?
 

diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index b1d8e1c3..9f15da76 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -174,6 +174,10 @@ on 2022-02-25T10:29:30-0500, response within the hour:
 So this might be a good provider for a regular client, but not for my
 use case.
 
+Update: Oxio was [sold to](https://oxio.ca/en/blog/articles/why-sell-to-cogeco) [Cogeco](https://www.cogeco.ca/en), so much for the independent
+player... Prices are currently unchanged. Cogeco, interestingly,
+doesn't offer services to my location at all.
+
 ## Others
 
 Friends from the `debian-quebec` community came up with a bunch of

diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index 0d52d0f6..b1d8e1c3 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -74,6 +74,18 @@ I have *not* contacted those providers:
    all telcos in Canada and I want to give them as little money as
    possible.
 
+   Update: ironically, I'm now considering Bell again, possibly
+   breaking my vow. It's quite unfortunate, but they are the only ones
+   offering fiber in the neighborhood and while they probably won't
+   allow me to run a server or anything, they have cut-throat prices
+   currently. Their [package page](https://www.bell.ca/Bell_Internet/Internet_access) actually varies by location, but
+   on the phone (1-866-558-0708 is the magic, undocumented number to
+   call, don't try their online chat, it's useless) they can qualify
+   your line (apparently) within 24-48h and call you back.
+
+   Prices were quoted as 3gbps symmetric at 65$/mth (normally
+   80$/mth), then 1, 1.5 or 2.5gbps at 60$/mth.
+
  * Videotron: I know for a fact they do not allow servers on their
    network, and their [IPv6 has been in beta](https://support.videotron.com/residential/internet/monitor-usage/ipv6) [for so long](http://web.archive.org/web/20110713003117/http://soutien.videotron.com/residentiel/internet/ipv6) it
    has become somewhat of a joke now

diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index e53e80a3..1550f956 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -147,6 +147,9 @@ Fairphone 3
 
 Moved to [[fairphone3]].
 
+Note that the Fairphone 4 has come out and recently has teamed up with
+[Murena](https://murena.com/) (PKA /e/) to [ship phones in the US](https://arstechnica.com/gadgets/2023/07/fairphone-is-coming-to-america/).
+
 Purism Librem 5
 ---------------
 

diff --git a/blog/2023-06-28-using-signal-cli-to-unregister.md b/blog/2023-06-28-using-signal-cli-to-unregister.md
index abdce9f0..7c96d735 100644
--- a/blog/2023-06-28-using-signal-cli-to-unregister.md
+++ b/blog/2023-06-28-using-signal-cli-to-unregister.md
@@ -90,6 +90,11 @@ step is, of course, to register with Signal.
 > that would do this for you, but hey, I guess that's only reserved for
 > elite hackers who want to <del>screw people over</del>, I mean close
 > their accounts. Mere mortals don't get access to such beauties.
+>
+> Update: a friend reminded me there *used* to be such a page at
+> <https://signal.org/signal/unregister/> but it's mysteriously gone
+> from the web, but [still available on the wayback machine](https://web.archive.org/web/20210217025218/https://signal.org/signal/unregister/)
+> although surely that doesn't work anymore. Untested.
 
 To register an account with `signal-cli`, you first need to [pass a
 CAPTCHA](https://github.com/AsamK/signal-cli/wiki/Registration-with-captcha). Those are the funky images generated by deep neural

diff --git a/blog/2023-06-28-using-signal-cli-to-unregister.md b/blog/2023-06-28-using-signal-cli-to-unregister.md
index 31d46583..abdce9f0 100644
--- a/blog/2023-06-28-using-signal-cli-to-unregister.md
+++ b/blog/2023-06-28-using-signal-cli-to-unregister.md
@@ -118,11 +118,21 @@ So the *actual* command you need to run now is:
 
     signal-cli -a +18002677468 register --captcha signalcaptcha://signal-hcaptcha.$UUID.registration.$THIRTYTWOKILOBYTESOFGARBAGE
 
-This will send a text message (SMS) to that phone number with a
-verification code. If you don't have access to SMS on that number, you
-can try again with the `--voice` option.
+To confirm the registration, Signal will send a text message (SMS) to
+that phone number with a verification code. (Fun fact: it's actually
+[Twilio](https://en.wikipedia.org/wiki/Twilio) relaying that message for Signal and that is... [not
+great](https://support.signal.org/hc/en-us/articles/4850133017242-Twilio-Incident-What-Signal-Users-Need-to-Know-).)
 
-Then, once you've received the verification code, you use it with:
+If you don't have access to SMS on that number, you can try again with
+the `--voice` option, which will do the same thing with a actual phone
+call. I wish it would say "Ok boomer" when it calls, but it doesn't.
+
+If you don't have access to either, you're screwed. You may be able to
+[port your phone number](https://en.wikipedia.org/wiki/Local_number_portability) to another provider to gain control of the
+phone number again that said, but at that point it's a whole different
+ball game.
+
+With any luck now you've received the verification code. You use it with:
 
     signal-cli -a +18002677468 verify 131213
 

diff --git a/blog/2023-06-28-using-signal-cli-to-unregister.md b/blog/2023-06-28-using-signal-cli-to-unregister.md
index 3f2cc17f..31d46583 100644
--- a/blog/2023-06-28-using-signal-cli-to-unregister.md
+++ b/blog/2023-06-28-using-signal-cli-to-unregister.md
@@ -10,7 +10,7 @@ rather unhelpfully tell you that, literally:
 > Until you have access to your phone number, there is nothing that
 > can be done with Signal.
 
-To be fair, I guess that makes sort of sense: Signal relies heavily on
+To be fair, I guess that sort of makes sense: Signal relies heavily on
 phone numbers for identity. It's how you register to the service and
 how you recover after losing your phone number. If you have your PIN
 ready, you don't even change safety numbers!
@@ -56,7 +56,7 @@ This is surely perfectly safe.
 > (Insert long digression on supply chain security here and how Podman
 > is so much superior to Docker. Feel free to dive deep into how
 > [RedHat sold out](https://lwn.net/Articles/936405/) [to the nazis](https://en.wikipedia.org/wiki/IBM_and_World_War_II) or how this is just me
-> ranting about something I don't understand again. I'm not going to
+> ranting about something I don't understand, again. I'm not going to
 > do all the work for you.)
 
 Anyway.
@@ -75,7 +75,7 @@ won't be using `signal-cli`'s "daemon mode" here, this is a one-shot
 thing. But I'll probably be reusing those instructions later on, so I
 figured it might be a safe addition. Besides, it's what [the
 instructions told me to do](https://packaging.gitlab.io/signal-cli/installation/docker/) so I'm blindly slamming my head in the
-bash pipe as trained.
+bash pipe, as trained.
 
 Also, you're going to have the `signal-cli` configuration persist in
 `~/.config/signal-cli` there. Again, totally unnecessary.
@@ -86,7 +86,7 @@ Back to our original plan of canceling our Signal account. The next
 step is, of course, to register with Signal.
 
 > Yes, this is a little counter-intuitive and you'd think there would
-> be a "I want off this boat" button on <https://signal.org> button
+> be a "I want off this boat" button on <https://signal.org> 
 > that would do this for you, but hey, I guess that's only reserved for
 > elite hackers who want to <del>screw people over</del>, I mean close
 > their accounts. Mere mortals don't get access to such beauties.
@@ -109,7 +109,7 @@ again][], use `view-source:` or [butterflies](https://www.explainxkcd.com/wiki/i
 
 You will also need the phone number you want to unregister here,
 obviously. We're going to take a not quite random phone number as an
-example, [+18002677468](https://www.youtube.com/watch?v=IWsUZT1YHno&pp=ygUSZGVhZCBwcmV6IGNvcCBzaG90). 
+example, [+18002677468](https://www.youtube.com/watch?v=IWsUZT1YHno). 
 
 > Don't do this at home kids! Use the actual number and don't
 > copy-paste examples from random websites!
@@ -156,6 +156,5 @@ Optionally, cleanup the mess you left on this computer:
 
 [[!tag debian-planet signal security phone hacking]]
 
-
 <!-- posted to the federation on 2023-06-29T00:41:33.507097 -->
-[[!mastodon "https://kolektiva.social/@Anarcat/110625665400013564"]]
\ No newline at end of file
+[[!mastodon "https://kolektiva.social/@Anarcat/110625665400013564"]]

diff --git a/blog/2023-06-28-using-signal-cli-to-unregister.md b/blog/2023-06-28-using-signal-cli-to-unregister.md
index 226699b4..3f2cc17f 100644
--- a/blog/2023-06-28-using-signal-cli-to-unregister.md
+++ b/blog/2023-06-28-using-signal-cli-to-unregister.md
@@ -155,3 +155,7 @@ Optionally, cleanup the mess you left on this computer:
     podman image rm registry.gitlab.com/packaging/signal-cli/signal-cli-jre
 
 [[!tag debian-planet signal security phone hacking]]
+
+
+<!-- posted to the federation on 2023-06-29T00:41:33.507097 -->
+[[!mastodon "https://kolektiva.social/@Anarcat/110625665400013564"]]
\ No newline at end of file

diff --git a/blog/2023-06-28-using-signal-cli-to-unregister.md b/blog/2023-06-28-using-signal-cli-to-unregister.md
index 7227cd4c..226699b4 100644
--- a/blog/2023-06-28-using-signal-cli-to-unregister.md
+++ b/blog/2023-06-28-using-signal-cli-to-unregister.md
@@ -23,10 +23,9 @@ tell people to stop trying to contact me over that thing (which wasn't
 really working in the first place anyway because I wasn't using the
 tablet that much, but I digress).
 
-So. How do you do it? You *could* do what the above "lost my phone"
-guide suggests and try to get a new Android or iOS phone to register
-on Signal again, but that's pretty dumb: I don't want another phone, I
-already have one.
+So. What do you do? You *could* follow the above "lost my phone" guide
+and get a new Android or iOS phone to register on Signal again, but
+that's pretty dumb: I don't want another phone, I already have one.
 
 Lo and behold, [signal-cli](https://github.com/AsamK/signal-cli) to the rescue!
 
@@ -56,9 +55,9 @@ This is surely perfectly safe.
 
 > (Insert long digression on supply chain security here and how Podman
 > is so much superior to Docker. Feel free to dive deep into how
-> RedHat sold out its [sold to the nazis](https://en.wikipedia.org/wiki/IBM_and_World_War_II) or how that's all
-> completely ranty and irrelevant. I'm not going to do all the hard
-> work for you here, come on Hacker News.)
+> [RedHat sold out](https://lwn.net/Articles/936405/) [to the nazis](https://en.wikipedia.org/wiki/IBM_and_World_War_II) or how this is just me
+> ranting about something I don't understand again. I'm not going to
+> do all the work for you.)
 
 Anyway.
 
@@ -66,16 +65,17 @@ The magic command is:
 
     mkdir .config/signal-cli
     podman pull registry.gitlab.com/packaging/signal-cli/signal-cli-jre:latest
-    alias signal-cli="podman run --rm --publish 7583:7583 --volume .config/signal-cli:/var/lib/signal-cli   --tmpfs /tmp:exec   registry.gitlab.com/packaging/signal-cli/signal-cli-jre:latest --config /var/lib/signal-cli"--publish 7583:7583
+    # lightly hit computer with magic supply chain verification wand
+    alias signal-cli="podman run --rm --publish 7583:7583 --volume .config/signal-cli:/var/lib/signal-cli --tmpfs /tmp:exec   registry.gitlab.com/packaging/signal-cli/signal-cli-jre:latest --config /var/lib/signal-cli"
     
 At this point, you have a `signal-cli` alias that should more or less
 behave as per [upstream documentation](https://github.com/AsamK/signal-cli/wiki/Quickstart). Note that it sets up a
 network service on port `7583` which is unnecessary because you likely
 won't be using `signal-cli`'s "daemon mode" here, this is a one-shot
 thing. But I'll probably be reusing those instructions later on, so I
-figured it might be a safe addition, and it's what [the instructions
-told me to do](https://packaging.gitlab.io/signal-cli/installation/docker/) so I'm blindly slamming my head in the bash pipe as
-trained.
+figured it might be a safe addition. Besides, it's what [the
+instructions told me to do](https://packaging.gitlab.io/signal-cli/installation/docker/) so I'm blindly slamming my head in the
+bash pipe as trained.
 
 Also, you're going to have the `signal-cli` configuration persist in
 `~/.config/signal-cli` there. Again, totally unnecessary.
@@ -87,11 +87,11 @@ step is, of course, to register with Signal.
 
 > Yes, this is a little counter-intuitive and you'd think there would
 > be a "I want off this boat" button on <https://signal.org> button
-> that would do this for you, but hey, I guess that's only reserved to
+> that would do this for you, but hey, I guess that's only reserved for
 > elite hackers who want to <del>screw people over</del>, I mean close
 > their accounts. Mere mortals don't get access to such beauties.
 
-Do register an account with `signal-cli`, you first need to [pass a
+To register an account with `signal-cli`, you first need to [pass a
 CAPTCHA](https://github.com/AsamK/signal-cli/wiki/Registration-with-captcha). Those are the funky images generated by deep neural
 networks that try to fool humans into thinking other neural networks
 can't break them, and generally annoy the hell out of people. This
@@ -109,10 +109,10 @@ again][], use `view-source:` or [butterflies](https://www.explainxkcd.com/wiki/i
 
 You will also need the phone number you want to unregister here,
 obviously. We're going to take a not quite random phone number as an
-example, [+18002677468](https://www.nyc.gov/site/nypd/about/about-nypd/contact-us.page). 
+example, [+18002677468](https://www.youtube.com/watch?v=IWsUZT1YHno&pp=ygUSZGVhZCBwcmV6IGNvcCBzaG90). 
 
 > Don't do this at home kids! Use the actual number and don't
-> copy-paste examples from random websites FFS!
+> copy-paste examples from random websites!
 
 So the *actual* command you need to run now is:
 
@@ -127,23 +127,31 @@ Then, once you've received the verification code, you use it with:
     signal-cli -a +18002677468 verify 131213
 
 If you want to make sure this worked, you can try writing to another
-number, it should Just Work:
+[not random number at all](https://web.archive.org/web/20170625102110/http://www1.nyc.gov/site/nypd/about/about-nypd/contact-us.page), it should Just Work:
 
     signal-cli -a +18002677468 send -mtest +18005778477
 
-> And almost without any warning on the other end too, which says
+> This is almost without any warning on the other end too, which says
 > something amazing about Signal's usability and something horrible
 > about its security.
 
 # Unregistering the number
 
 Now we get to the final conclusion, the climax. Can you feel it? I'll
-try to refrain from further rants. It's pretty simple and fast, just
-call:
+try to refrain from further rants, I promise.
+
+It's pretty simple and fast, just call:
 
     signal-cli -a +18002677468 unregister
 
 That's it! Your peers will now see an "Invite to Signal" button
 instead of a text field to send a text message.
 
-[[!tag draft]]
+# Cleanup
+
+Optionally, cleanup the mess you left on this computer:
+
+    rm -r ~/.config/signal-cli
+    podman image rm registry.gitlab.com/packaging/signal-cli/signal-cli-jre
+
+[[!tag debian-planet signal security phone hacking]]

diff --git a/blog/2023-06-28-using-signal-cli-to-unregister.md b/blog/2023-06-28-using-signal-cli-to-unregister.md
new file mode 100644
index 00000000..7227cd4c
--- /dev/null
+++ b/blog/2023-06-28-using-signal-cli-to-unregister.md
@@ -0,0 +1,149 @@
+[[!meta title="Using signal-cli to cancel your Signal account"]]
+
+For [[obscure reasons|hardware/tablet/gts4lvwifi]], I have found
+myself with a phone number registered with Signal but without any
+device associated with it.
+
+This is the [I lost my phone](https://support.signal.org/hc/en-us/articles/360007062452-What-do-I-do-if-my-phone-is-lost-or-stolen-) section in Signal support, which
+rather unhelpfully tell you that, literally:
+
+> Until you have access to your phone number, there is nothing that
+> can be done with Signal.
+
+To be fair, I guess that makes sort of sense: Signal relies heavily on
+phone numbers for identity. It's how you register to the service and
+how you recover after losing your phone number. If you have your PIN
+ready, you don't even change safety numbers!
+
+But my case is different: this phone number was a test number,
+associated with my tablet, because you [can't link multiple Android
+device to the same phone number](https://community.signalusers.org/t/allow-android-ios-devices-e-g-tablets-but-also-phones-to-be-linked-to-the-primary-device-i-e-used-as-secondary-device-like-the-desktop-app/2884). And now that I brilliantly
+[[bricked that tablet|hardware/tablet/gts4lvwifi]], I just need to
+tell people to stop trying to contact me over that thing (which wasn't
+really working in the first place anyway because I wasn't using the
+tablet that much, but I digress).
+
+So. How do you do it? You *could* do what the above "lost my phone"
+guide suggests and try to get a new Android or iOS phone to register
+on Signal again, but that's pretty dumb: I don't want another phone, I
+already have one.
+
+Lo and behold, [signal-cli](https://github.com/AsamK/signal-cli) to the rescue!
+
+# Disclaimer: no warranty or liability
+
+Before following this guide, make sure you remember the
+[[license|meta/license]] of this website, which specifically has a
+**Section 5 – Disclaimer of Warranties and Limitation of Liability.**
+
+If you follow this guide literally, you might actually get into
+trouble.
+
+You have been warned. All Cats Are Beautiful.
+
+# Installing in Docker
+
+Because [signal-cli is not packaged in Debian](https://bugs.debian.org/926807) (but really should
+be), I need to bend over backwards to install it. The installation
+instructions suggest [building from source](https://github.com/AsamK/signal-cli#building) (what is this,
+GentooBSD?) or [installing binary files](https://github.com/AsamK/signal-cli/releases/latest) (what is this,
+Debiandows?), that's all so last millennium. I want something fresh
+and fancy, so I went with the extremely legit [Docker registry](https://gitlab.com/packaging/signal-cli/container_registry) ran
+by the not-shady-at-all [gitlab.com/packaging group](https://gitlab.com/packaging) which is
+suspiciously [not owned by any GitLab.com person I know of](https://gitlab.com/packaging/signal-cli/-/project_members). 
+
+This is surely perfectly safe.
+
+> (Insert long digression on supply chain security here and how Podman
+> is so much superior to Docker. Feel free to dive deep into how
+> RedHat sold out its [sold to the nazis](https://en.wikipedia.org/wiki/IBM_and_World_War_II) or how that's all
+> completely ranty and irrelevant. I'm not going to do all the hard
+> work for you here, come on Hacker News.)
+
+Anyway.
+
+The magic command is:
+
+    mkdir .config/signal-cli
+    podman pull registry.gitlab.com/packaging/signal-cli/signal-cli-jre:latest
+    alias signal-cli="podman run --rm --publish 7583:7583 --volume .config/signal-cli:/var/lib/signal-cli   --tmpfs /tmp:exec   registry.gitlab.com/packaging/signal-cli/signal-cli-jre:latest --config /var/lib/signal-cli"--publish 7583:7583
+    
+At this point, you have a `signal-cli` alias that should more or less
+behave as per [upstream documentation](https://github.com/AsamK/signal-cli/wiki/Quickstart). Note that it sets up a
+network service on port `7583` which is unnecessary because you likely
+won't be using `signal-cli`'s "daemon mode" here, this is a one-shot
+thing. But I'll probably be reusing those instructions later on, so I
+figured it might be a safe addition, and it's what [the instructions
+told me to do](https://packaging.gitlab.io/signal-cli/installation/docker/) so I'm blindly slamming my head in the bash pipe as
+trained.
+
+Also, you're going to have the `signal-cli` configuration persist in
+`~/.config/signal-cli` there. Again, totally unnecessary.
+
+# Re-registering the number
+
+Back to our original plan of canceling our Signal account. The next
+step is, of course, to register with Signal.
+
+> Yes, this is a little counter-intuitive and you'd think there would
+> be a "I want off this boat" button on <https://signal.org> button
+> that would do this for you, but hey, I guess that's only reserved to
+> elite hackers who want to <del>screw people over</del>, I mean close
+> their accounts. Mere mortals don't get access to such beauties.
+
+Do register an account with `signal-cli`, you first need to [pass a
+CAPTCHA](https://github.com/AsamK/signal-cli/wiki/Registration-with-captcha). Those are the funky images generated by deep neural
+networks that try to fool humans into thinking other neural networks
+can't break them, and generally annoy the hell out of people. This
+will generate a URL that looks like:
+
+    signalcaptcha://signal-hcaptcha.$UUID.registration.$THIRTYTWOKILOBYTESOFGARBAGE
+
+Yes, it's a very long URL. Yes, you need the entire thing.
+
+The URL is hidden behind the `Open Signal` link, you can right-click
+on the link to copy it or, if you want to feel like it's [1988
+again][], use `view-source:` or [butterflies](https://www.explainxkcd.com/wiki/index.php/378:_Real_Programmers) or something.
+
+[1988 again]: https://en.wikipedia.org/wiki/Hackers_(film)
+
+You will also need the phone number you want to unregister here,
+obviously. We're going to take a not quite random phone number as an
+example, [+18002677468](https://www.nyc.gov/site/nypd/about/about-nypd/contact-us.page). 
+
+> Don't do this at home kids! Use the actual number and don't
+> copy-paste examples from random websites FFS!
+
+So the *actual* command you need to run now is:
+
+    signal-cli -a +18002677468 register --captcha signalcaptcha://signal-hcaptcha.$UUID.registration.$THIRTYTWOKILOBYTESOFGARBAGE
+
+This will send a text message (SMS) to that phone number with a
+verification code. If you don't have access to SMS on that number, you
+can try again with the `--voice` option.
+
+Then, once you've received the verification code, you use it with:
+
+    signal-cli -a +18002677468 verify 131213
+
+If you want to make sure this worked, you can try writing to another
+number, it should Just Work:
+
+    signal-cli -a +18002677468 send -mtest +18005778477
+
+> And almost without any warning on the other end too, which says
+> something amazing about Signal's usability and something horrible
+> about its security.
+
+# Unregistering the number
+
+Now we get to the final conclusion, the climax. Can you feel it? I'll
+try to refrain from further rants. It's pretty simple and fast, just
+call:
+
+    signal-cli -a +18002677468 unregister
+
+That's it! Your peers will now see an "Invite to Signal" button
+instead of a text field to send a text message.
+
+[[!tag draft]]

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index bea2fc49..47193800 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2061,6 +2061,7 @@ long road trip across the continental US.
      reader](https://community.frame.work/t/what-new-expansion-card-types-do-you-want-to-see-released/193)
    * [3D printed expansion card holder](https://www.printables.com/model/328421-framework-laptop-expansion-card-holder)
    * [LTE modem card](https://community.frame.work/t/lte-cat-4-cell-modem-card/9454) (design stage)
+   * [ESP32-S3 expansion card](https://spacehuhn.store/products/framework-esp32-s3-expansion-card) ([source](https://github.com/SpacehuhnTech/framework), [video](https://www.youtube.com/watch?v=IML9c_MsyQU))
    * check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those
 
  * upstream resources:

diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index c0030ec8..ff73692e 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -302,7 +302,6 @@ fingers to adapt to, but it does look gorgeous.
 > the problem of having a properly functioning keyboard that simply
 > works when you plug it in, has been thoroughly solved by 2021.
 
-[[!tag research]]
 ## Cannon Keys
 
 After reading that [New Yorker magazine article](https://www.newyorker.com/tech/annals-of-technology/the-obsessive-pleasures-of-mechanical-keyboard-tinkerers), I found this:
@@ -317,6 +316,12 @@ keyboard enthusiasts. Maybe I'm not one of them.
 In the same vein as Cannon Keys...
 
 <https://modedesigns.com/>
+
+## Tex
+
+[Tex](https://tex.com.tw/) is producing retro keyboards that look like Thinkpad
+keyboards with mechanical keyswitch and a trackpoint, [review](https://veronneau.org/new-keyboard-who-this.html).
+
 ## Wooting
 
 https://next.wooting.io/wooting-60he
@@ -327,3 +332,5 @@ https://next.wooting.io/wooting-60he
  * [TKL keyboard discontinued](https://wooting.io/wootingone), only full-size or 60% keyboards now
  * modular keyboard (can fit in other cases)
  * spill resistant
+
+[[!tag research]]