Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

more elpa stuff
diff --git a/software/packages.yml b/software/packages.yml
index ef8e1c04..12915766 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -235,11 +235,13 @@
       - elpa-elpy
       - elpa-ledger
       - elpa-magit
+      - elpa-mailscripts
       - elpa-markdown-mode
       - elpa-py-autopep8
       - elpa-rainbow-mode
       - elpa-solarized-theme
       - elpa-use-package
+      - elpa-web-mode
       - elpa-writegood-mode
       - elpa-yaml-mode
       - elpa-yasnippet
@@ -251,6 +253,7 @@
       - fastboot
       - flake8
       - gdb
+      - gettext-el
       - git
       - git-annex
       - git-buildpackage

Added a comment: good advice
diff --git a/blog/2019-03-20-locking-down-registration-mail/comment_2_5af71a1a91bee75f8e815c7e13ebb51e._comment b/blog/2019-03-20-locking-down-registration-mail/comment_2_5af71a1a91bee75f8e815c7e13ebb51e._comment
new file mode 100644
index 00000000..f9dbc513
--- /dev/null
+++ b/blog/2019-03-20-locking-down-registration-mail/comment_2_5af71a1a91bee75f8e815c7e13ebb51e._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="good advice"
+ date="2019-03-21T15:44:16Z"
+ content="""
+That's good advice! As it turns out, the directory was already world/group unreadable, but that's always a good thing to check. :)
+
+Dovecot should definitely do the right thing here. If it doesn't, that's a serious bug, in my opinion. That folders *within* the `Maildir` folder are world-readable is problematic as well, but less so if the parent directory is not executable.
+
+It's possible backup/restore procedure mess with your permissions. Some software, like git for example, are quite bad at handling read-write permissions (git only tracks the executable bit). But stuff like tar and most other backup software should handle this correctly. rsync is an interesting exception in that, by default, it doesn't synchronize mode and you need to give it a flurry of flags (or just `-a` or is it `-aA` or maybe `-aAH`? ha ha! you never know!) to have it do the right thing.
+
+Finally, `mv` should be safe. While `cp` doesn't preserve mode by default (that's what `-p` is for), `mv` *does* preserve mode, even when moving across devices, strangely.
+"""]]

Added a comment: You said advice welcome, so
diff --git a/blog/2019-03-20-locking-down-registration-mail/comment_1_c3fc451b5abefeb2eb5215255e5a30d3._comment b/blog/2019-03-20-locking-down-registration-mail/comment_1_c3fc451b5abefeb2eb5215255e5a30d3._comment
new file mode 100644
index 00000000..d6459719
--- /dev/null
+++ b/blog/2019-03-20-locking-down-registration-mail/comment_1_c3fc451b5abefeb2eb5215255e5a30d3._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ ip="88.119.87.30"
+ claimedauthor="Marius Gedminas"
+ url="https://gedmin.as"
+ subject="You said advice welcome, so"
+ date="2019-03-21T15:23:26Z"
+ content="""
+I would suggest `chmod 0700 ~register/Maildir/`, assuming it wasn't already non-world-readable.
+
+(I checked my own mail server and saw that some subfolders inside my ~/Maildir were world-readable for some reason.  No idea why -- should I blame dovecot?  My own backup/restore procedures?  Anyway it's not too scary: the main ~/Maildir is 0700.  But that protection goes away when you `mv` it elsewhere.)
+"""]]

creating tag page tag/syncmaildir
diff --git a/tag/syncmaildir.mdwn b/tag/syncmaildir.mdwn
new file mode 100644
index 00000000..2f7f65a1
--- /dev/null
+++ b/tag/syncmaildir.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged syncmaildir"]]
+
+[[!inline pages="tagged(syncmaildir)" actions="no" archive="yes"
+feedshow=10]]

new blog post: email registration
diff --git a/blog/2019-03-20-locking-down-registration-mail.mdwn b/blog/2019-03-20-locking-down-registration-mail.mdwn
new file mode 100644
index 00000000..c55bc9c1
--- /dev/null
+++ b/blog/2019-03-20-locking-down-registration-mail.mdwn
@@ -0,0 +1,178 @@
+[[!meta title="Securing registration email"]]
+
+[[!toc levels=2]]
+
+I've been running my own email server basically forever. Recently,
+I've been thinking about possible attack vectors against my personal
+email. There's of course a lot of private information in that email
+address, and if someone manages to compromise my email account, they
+will see a lot of personal information. That's somewhat worrisome, but
+there are possibly more serious problems to worry about.
+
+TL;DR: if you can, create a second email address to register on
+websites and use stronger protections on that account from your
+regular mail.
+
+Hacking accounts through email
+==============================
+
+Strangely what keeps me up at night is more what kind of damage an
+attacker could do to *other* accounts I hold with that email
+address. Because basically *every* online service is backed by an
+email address, if someone controls my email address, they can do a
+password reset on *every* account I have online. In fact, some
+authentication systems just gave up on passwords algother and [use the
+email system itself for authentication](https://ikiwiki.info/todo/emailauth/), essentially using the
+"password reset" feature as the authentication mechanism.
+
+Some services have protections against this: for example, GitHub
+require a 2FA token when doing certain changes which the attacker
+hopefully wouldn't have (although [phishing attacks](https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/) have been
+getting better at bypassing those protections). Other services will
+warn you about the password change which might be useful, except the
+warning is usually sent... to the hacked email address, which doesn't
+help at all.
+
+The solution: a separate mailbox
+================================
+
+I had been using an extension (`anarcat+register@example.com`) to
+store registration mail in a separate folder for a while already. This
+allows me to bypass greylisting on the email address, for
+one. Greylisting is really annoying when you register on a service or
+do a password reset... The extension also allows me to sort those
+annoying emails in a separate folder automatically with a simple
+[Sieve](http://en.wikipedia.org/wiki/Sieve_%28mail_filtering_language%29) rule.
+
+More recently, I have been forced to use a completely different email
+alias (`register@example.com`) on some services that dislike having
+plus signs (`+`) in email address, even though they are perfectly
+valid. That got me thinking about the security problem again: if I
+have a different *alias* why not make it a completely separate
+*account* and harden *that* against intrusion. With a separate
+account, I could enforce things like SSH-only access or 2FA that would
+be inconvenient for my main email address when I travel, because I
+sometimes log into webmail for example. Because I don't frequently
+need access to registration mail, it seemed like a good tradeoff.
+
+So I created a second account, with a locked password and SSH-only
+authentication. That way the only way someone can compromise my
+"registration email" is by hacking my physical machine or the server
+directly, not by just bruteforcing a password.
+
+Now of course I need to figure out which sites I'm registered on with
+a "non-registration" email (`anarcat@example.com`): before I thought
+of using the `register@` alias, I sometimes used my normal address
+instead. So I'll have to track those down and reset those. But it
+seems I already blocked a large attack surface with a very simple
+change and that feels quite satisfying.
+
+Implementation details
+======================
+
+Using [syncmaildir](https://github.com/gares/syncmaildir/) (SMD) to sync my email, the change was fairly
+simple. First I need to create a second SMD profile:
+
+    if [ $(hostname) = "marcos" ]; then
+        exit 1
+    fi
+
+    SERVERNAME=smd-server-register
+    CLIENTNAME=$(hostname)-register
+    MAILBOX_LOCAL=Maildir/.register/
+    MAILBOX_REMOTE=Maildir
+    TRANSLATOR_LR="smd-translate -m move -d LR register"
+    TRANSLATOR_RL="smd-translate -m move -d RL register"
+    EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+
+Very similar to the normal profile, except mails get stored in the
+already existing `Maildir/.register/` and different SSH profile and
+translation rules are used. The new SSH profile is basically identical
+to the previous one:
+
+    # wrapper for smd
+    Host smd-server-register
+        Hostname imap.anarc.at
+        BatchMode yes
+        Compression yes
+        User register
+        IdentitiesOnly yes
+        IdentityFile ~/.ssh/id_ed25519_smd
+
+Then we need to ignore the register folder in the normal configuration:
+
+    diff --git a/.smd/config.default b/.smd/config.default
+    index c42e3d0..74a8b54 100644
+    --- a/.smd/config.default
+    +++ b/.smd/config.default
+    @@ -59,7 +59,7 @@ TRANSLATOR_RL="smd-translate -m move -d RL default"
+     # EXCLUDE_LOCAL="Mail/spam Mail/trash"
+     # EXCLUDE_REMOTE="OtherMail/with%20spaces"
+     #EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+    -EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+    +EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/* Maildir/.register/*"
+     #EXCLUDE_LOCAL="$MAILBOX_LOCAL/.notmuch/hooks/* $MAILBOX_LOCAL/.notmuch/xapian/*"
+     #EXCLUDE_REMOTE="$MAILBOX_REMOTE/.notmuch/hooks/* $MAILBOX_REMOTE/.notmuch/xapian/*"
+     #EXCLUDE_REMOTE="Maildir/Koumbit Maildir/Koumbit* Maildir/Koumbit/* Maildir/Koumbit.INBOX.Archives/ Maildir/Koumbit.INBOX.Archives.2012/ Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+
+And finally we add the new profile to the systemd services:
+
+    diff --git a/.config/systemd/user/smd-pull.service b/.config/systemd/user/smd-pull.service
+    index a841306..498391d 100644
+    --- a/.config/systemd/user/smd-pull.service
+    +++ b/.config/systemd/user/smd-pull.service
+    @@ -8,6 +8,7 @@ ConditionHost=!marcos
+     Type=oneshot
+     # --show-tags gives email counts
+     ExecStart=/usr/bin/smd-pull --show-tags
+    +ExecStart=/usr/bin/smd-pull --show-tags register
+     
+     [Install]
+     WantedBy=multi-user.target
+    diff --git a/.config/systemd/user/smd-push.service b/.config/systemd/user/smd-push.service
+    index 10d53c7..caa588e 100644
+    --- a/.config/systemd/user/smd-push.service
+    +++ b/.config/systemd/user/smd-push.service
+    @@ -8,6 +8,7 @@ ConditionHost=!marcos
+     Type=oneshot
+     # --show-tags gives email counts
+     ExecStart=/usr/bin/smd-push --show-tags
+    +ExecStart=/usr/bin/smd-push --show-tags register
+     
+     [Install]
+     WantedBy=multi-user.target
+
+That's about it on the client side. On the server, the user is created
+with a locked password the mailbox moved over:
+
+    adduser --disabled-password register
+    mv ~anarcat/Maildir/.register/ ~register/Maildir/
+    chown -R register:register Maildir/
+
+The SSH authentication key is added to `.ssh/authorized_keys`, and the
+alias is reversed:
+
+    --- a/aliases
+    +++ b/aliases
+    @@ -24,7 +24,7 @@ spamtrap: anarcat
+     spampd: anarcat
+     junk: anarcat
+     devnull: /dev/null
+    -register: anarcat+register
+    +anarcat+register: register
+     
+     # various sandboxes
+     anarcat-irc: anarcat
+
+... and the email is also added to
+`/etc/postgrey/whitelist_recipients`.
+
+That's it: I now have a hardened email service! Of course there are
+other ways to harden an email address. [On-disk encryption](https://0xacab.org/riseuplabs/trees) comes
+to mind but that only works with password-based authentication from
+what I understand, which is something I want to avoid to remove
+bruteforce attacks.
+
+Your advice and comments are of course very welcome, as usual
+
+[[!tag debian-planet security python-planet linux passwords hack sieve syncmaildir email]]

ménage kit électronique
diff --git a/pleinair/liste.mdwn b/pleinair/liste.mdwn
index 54e3d4f3..fc304d24 100644
--- a/pleinair/liste.mdwn
+++ b/pleinair/liste.mdwn
@@ -84,26 +84,31 @@ toujours retourner sur l'ordinateur.
 
 ## Électronique
 
- * Téléphone cellulaire + chargeur(s)
- * Radio CB/FM/HF/etc + Antenne + power
+ * Téléphone cellulaire et chargeur
+ * Radio CB/FM/HF/etc, antenne(s) et courant
+ * Adapteur SDR (software-defined Radio)
  * Adaptateurs électriques:
    * AC/AC universel (amerique/europe/etc)
    * DC/DC 12V-USB (allume-cigare)
    * AC/DC 120V-USB (wall wart)
    * DC/AC (onduleur)
  * Chargeur / batterie USB
- * Laptop
- * Acessoires laptop:
-   * Câble ethernet RJ45
+ * Laptop et chargeur
+ * Kit laptop #1:
+   * Mini-câble USB micro, USB mini, USB-C, USB-A, [Lightning](https://en.wikipedia.org/wiki/Lightning_(connector))
+   * Câble USB-A / USB-micro Nokia (2m)
+   * Clé USB 16GB Debian
+   * [Condom USB](https://en.wikipedia.org/wiki/USB_condom)
+   * USB charger (USB-A / [NEMA](https://en.wikipedia.org/wiki/NEMA_connector), 1A / 5V)
+ * Kit laptop #2:
+   * Câble ethernet RJ45 (1m)
+   * Câble vidéo HDMI (1.5m)
+   * Câble audio ⅛" (1.5m)
+   * "Splitter" audio ⅛"
    * Mini powerbar
-   * Video cable (HDMI)
-   * Speaker
- * Kit laptop (devrait être déjà dans un sac):
-   * Audio cable (mini 1/8)
-   * Adaptateurs USB/micro/mini/etc
-   * Écouteurs + Micro
-   * SDR
-
+   * Adaptateur mini-DisplayPort / HDMI
+ * Écouteurs avec micro
+ * Haut-parleur Bluetooth
 
 ## Équipement technique
 

small mixer and speaker research
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 628cc16a..c148169f 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -78,4 +78,27 @@ complicated:
    1222](https://www.bhphotovideo.com/c/product/927278-REG/behringer_qx1222usb_xenyx_x1222usb_16_input_usb.html) has USB, which could be a good solution. below 12
    channels, there's no slider which is annoying
 
+Mixers
+======
+
+Behringer had a bad reputation over a decade ago, and it seems that
+reputation is still around. They do provide a cheap alternative
+though. The [X1204USB](https://www.archambault.ca/instruments/console-12-entr%c3%a9es-usb-effets/behringer/x1204usb/) is an okay entry-level mixer with 4 XL jacks
+and 4 ¼ jacks for 290$ at Archambault.
+
+A better alternative might be the [Mackie PROFX12](https://musicredone.com/collections/mixers/products/mackie-profx12-v2) at Music Red One
+for 325$ (260$ with mail in rebate): 6 XLR jacks and 4 ¼ jacks.
+
+Both have USB outputs but it's unclear to me how the USB output will
+look like on a Linux system: a sound card with multiple inputs? Just a
+stereo input? Proprietary incompatible junk? To be researched
+
+Speakers
+========
+
+I tend to trust JBL on that one. Red One has a [JBL EON 610 for
+580$](https://musicredone.com/collections/speakers/products/jbl-eon610): 1000W active speaker that's interesting. Diplomate Musique
+has a JBL PRX710 pair for 1450$ that seems rather expensive and the
+setup is strange as each speaker seems to have a stero input.
+
 [[!tag research]]

show pgp diff correctly
diff --git a/.well-known/openpgpkey/hu/.gitattributes b/.well-known/openpgpkey/hu/.gitattributes
new file mode 100644
index 00000000..af7c7edc
--- /dev/null
+++ b/.well-known/openpgpkey/hu/.gitattributes
@@ -0,0 +1 @@
+* diff=gpg

add odroid
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 4f5d7e38..fe6fc247 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -214,6 +214,8 @@ requirements (8+GB):
  * [Espressobin](https://espressobin.net/), Marvell ARM Cortex A53, 2GB max
  * [Banana PI](http://www.banana-pi.org/index.html), IMX6 or MediaTek ARM, 1GB max
  * [PC Engines](https://pcengines.ch/apu2.htm), AMD, 4GB max
+ * [ODROID](https://www.hardkernel.com/), Intel and ARM, cheap and powerful
+ * [Macchiatobin](https://macchiatobin.net/product/macchiatobin-single-shot/)...
 
 The [Macchiatobin](https://macchiatobin.net/product/macchiatobin-single-shot/) is interesting because it has a DDR4 socket so
 it supports up to 16GB of ram, but has features I don't need for a

OpenPGP: add tor identity, renew until 2020, new signature
diff --git a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe
index 65ce1bb2..6e4e226c 100644
Binary files a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe and b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe differ

creating tag page tag/phone
diff --git a/tag/phone.mdwn b/tag/phone.mdwn
new file mode 100644
index 00000000..648aef5e
--- /dev/null
+++ b/tag/phone.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged phone"]]
+
+[[!inline pages="tagged(phone)" actions="no" archive="yes"
+feedshow=10]]

publish as a blog post
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 37a547ec..dfd794d1 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -428,3 +428,5 @@ Here are the various tweaks required for each app I currently use:
     its secret key
  8. contacts can be backed up with nextcloud on one device and
     restored on the other fairly easily
+
+[[!tag blog debian-planet documentation hardware phone hacking security linux kernel android]]

mention security issues with the fairphone, title
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 48b56429..37a547ec 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="Hands on with the Fairphone 2"]]
+
 [[!toc levels=2]]
 
 Project overview
@@ -74,6 +76,16 @@ file manager so I installed the [Simple File Manager](https://f-droid.org/en/pac
 because it also includes the basic text editor I needed to copy-paste
 passwords during setup.
 
+Unfortunately, in terms of software, the Fairphone is severely lagging
+behing. It has not shipped the January and February (very critical)
+[Android security bulletins](https://source.android.com/security/bulletin/) which include fixes for remote code
+execution, among other catastrophes. It also runs a completely
+outdated and unsupported Linux 3.4 kernel, which seems on par for the
+course of most Android phones these days, but I still figured I would
+make [some noise about this](https://forum.fairphone.com/t/where-are-the-monthly-security-releases-in-saibon/48994). Thankfully, some of those problems
+might be fixed by running LineageOS, but that would require wiping the
+phone...
+
 The MicroSD card socket is a little weird: there are two pins to keep
 the card from coming out (even though it's behind the plastic cover
 and unlikely to move) and that makes it difficult to swap out. I had
@@ -145,6 +157,10 @@ Cons:
  * bulky and thick
  * low screen/body size ratio
  * disappointing camera 
+ * poor support of the free software community, "source dumps" instead
+   of open development
+ * runs an unsupported Linux kernel (3.4.0) not mainline
+ * lagging behind security updates
 
 Specifications
 ==============

toc
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 45539cca..48b56429 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -1,3 +1,8 @@
+[[!toc levels=2]]
+
+Project overview
+================
+
 The [[!wikipedia Fairphone]] (FP) is a really important project. They
 have already shipped two versions of the phone (FP1 and [FP2](https://shop.fairphone.com/en/)) and
 a third one is at the [concept stage](https://twitter.com/Fairphone/status/1053232949225766912) ([more discussions](https://forum.fairphone.com/t/date-de-lancement-du-fairphone-3/41694/12)).

move first impressions up and complete
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index dab151c4..45539cca 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -24,10 +24,122 @@ ship. It's a guess: the Fairphone 3 (FP3) is [due to come out in
 2019](https://forum.fairphone.com/t/fairphone-3-interview-of-bas-from-frandroid/28529) but I was tired of hacking around really old, unsupported and
 so insecure, locked down phones I had lying around.
 
-Je m'attends à ce que les délais de livraison soient assez long: leur
-estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
-donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
-chez dx.com et compagnie...
+I expected really long delivery delays: packaging time estimate was
+2-4 weeks and 6-14 days delivery, which means between 3 and 6 weeks!
+But in the end, I order the phone on February 26 and had it delivered
+on March 8, which isn't that bad (~2 weeks). I did have to pay an
+extra 90$ in customs and fees to DHL, which made for a total price of
+about 630$CAD.
+
+First impressions
+=================
+
+The phone is huge  compared to the HTC One S, it's kind  of sad: I had
+gotten used  to the  older format.  I wish they  would make  a smaller
+phone,  especially since  that  would  mean it's  [easier  to use  for
+women](https://www.ledevoir.com/societe/549415/les-femmes-les-oubliees-du-design).  But its  size is  similar to  other modern  phones: it  is
+similar  to  the  LG  G3,  although   the  FP2  is  thicker.  And  the
+size-to-screen ratio isn't great: there's  a huge bezel all around the
+screen when compared to the LG G3, which came out a year earlier (2014
+vs 2015).
+
+The device also feels a little "plastiky" and brittle: you feel you
+could just break it in two if you applied enough strength. But that
+might just be a feeling: a friend said it felt sturdy and light.
+
+You need to tear out the back cover (and remove the battery!) to
+install the SIM card and that doesn't feel so great: lots of cracking
+noises. One of the corners already doesn't quite fit right. But this
+is a known weakness of the FP2 that I expected: it used to come with a
+transparent back, but they [stopped shipping it because it was even
+more brittle](https://www.fairphone.com/en/2018/10/08/what-happened-with-our-transparent-cases/).
+
+The device was delivered with an almost empty battery (~5%) which made
+the initial setup challenging: I had to keep it plugged in and even
+had to switch chargers (from my computer to a wall plug) because it
+wouldn't actually charge fast enough to compensate from the huge power
+drain imposed by the many applications being installed and
+synchronizing gigabytes of data over wifi.
+
+It's really nice to have TWRP and root out of the box. I don't think
+any other phone gives you such awesome power. It also ships with
+Firefox Klar instead of Google Chrome, a nice touch although I still
+installed [Fennec F-Droid](https://f-droid.org/en/packages/org.mozilla.fennec_fdroid) instead. Surprisingly, Fairphone OS lacks a
+file manager so I installed the [Simple File Manager](https://f-droid.org/en/packages/com.simplemobiletools.filemanager.pro) instead,
+because it also includes the basic text editor I needed to copy-paste
+passwords during setup.
+
+The MicroSD card socket is a little weird: there are two pins to keep
+the card from coming out (even though it's behind the plastic cover
+and unlikely to move) and that makes it difficult to swap out. I had
+to use a pair of tweezers to get the darn thing out. I also had to
+reboot for the SD card to be detected.
+
+Coincidentally, it told me my SD card was corrupt, which was strange
+but unsurprising: I had trouble with the SD card before on the
+previous phone. I formatted it as "portable" as I will store music and
+maps there. "Portable" [means](https://help.republicwireless.com/hc/en-us/articles/360000156767-What-is-the-Difference-Between-Portable-Storage-and-Internal-Storage-) "non-encrypted", basically.
+
+Battery life is not the best: after moderate use (2 regular phone
+calls, two Signal/wifi calls, wifi on all the time, daily flashcard
+exercises), I'm at 50% battery used after 21 hours, and it estimates
+another 20 hours left, which pegs battery life at 41 hours. Not great,
+but not bad.
+
+The device itself is fast and responsive, and the speaker sounds
+loud. The camera is not great: pretty bad low light performance and
+not very detailed, and that's after an upgrade from the 8 megapixel
+camera, now at 12 MP.
+
+I found the documentation provided with the phone to be slightly
+incomplete: the phone ships with plastic covers on the camera and
+screen and that's undocumented in the papers. I was really distressed
+of the blue tint in pictures before a friend noticed the plastic
+cover. And I had to [ask on the forum for help](https://forum.fairphone.com/t/new-fairphone-2-is-that-a-plastic-screen-cover/48919) to figure out how
+to remove the plastic cover on the screen.
+
+But overall I'm happy: this is the Fair phone. Well, it's not
+*perfectly* fair, but they're trying. And this is the *only* phone
+that I know of that ships with a free OS and is fully repairable.
+
+This is the best we can do.
+
+And as such, it's the state of the art for me. I don't care that Apple
+can make a shiny tiny little iPhone that can recognize my face if I
+can't get inside it and fix it when it breaks. I don't care if
+Samsung's screens go around back and [fold in the middle](https://www.theverge.com/2019/2/20/18231249/samsung-galaxy-fold-folding-phone-features-screen-photos-size-announcement) if I
+can't hack it. That's all junk that'll end up in landfills and that
+spies on you. And as long as we build *and buy* crap like that, we'll
+be part of the problem, not the solution.
+
+So a shout out to the Fairphone people: you're doing an awesome job,
+and I just wish you keep going at it. My wishlist is: make it smaller,
+better camera, and better battery, while keeping everything else the
+same. :)
+
+TL;DR
+-----
+
+Pros:
+
+ * almost fully open: a few binary blobs
+ * comes with [TWRP](https://twrp.me/) rescue pre-installed
+ * comes with Fairphone OS pre-installed, easy to switch to the
+   free-er version
+ * very easy to repair
+ * removable battery
+ * fair-ish
+ * fast and responsive UI
+ * large builtin storage (32GB) with SD card expansion
+ * lightweight
+ * good speaker
+
+Cons:
+
+ * feels brittle
+ * bulky and thick
+ * low screen/body size ratio
+ * disappointing camera 
 
 Specifications
 ==============
@@ -295,40 +407,3 @@ Here are the various tweaks required for each app I currently use:
     its secret key
  8. contacts can be backed up with nextcloud on one device and
     restored on the other fairly easily
-
-First impressions
-=================
-
-The phone is so huge compared to the HTC One S, it's kind of sad. I
-wish they would make a smaller phone, especially since that would mean
-it's [easier to use for women](https://www.ledevoir.com/societe/549415/les-femmes-les-oubliees-du-design).
-
-The device also feels a little "plastiky": you need to tear out the
-back cover (and remove the battery!) to install the SIM card and that
-doesn't feel so great. One of the corners already doesn't quite fit
-right.
-
-Device was delivered with an almost empty battery (~5%) which made the
-initial setup challenging: I had to keep it plugged in and even had to
-switch chargers (from my laptop to a wall plug) because it wouldn't
-actually charge fast enough to compensate from the huge power usage of
-me doing everything at once.
-
-It's really nice to have TWRP and root out of the box. I don't think
-any other phone gives you such awesome power. It also ships with
-Firefox Klar instead of Google Chrome which is a nice touch. Fairphone
-OS surprisingly lacks a file manager so I installed the Simple File
-Manager instead.
-
-The MicroSD card socket is a little weird: there are two pins to keep
-the card from coming out (even though it's behind the plastic cover
-and unlikely to move) and that makes it difficult to swap out. I had
-to use a pair of tweezers to get the damn thing out. I also had to
-reboot for the SD card to be detected. (Incidentally, it told me my SD
-card was corrupt, which is strange. I formatted it as "portable" as I
-will store music and maps there. "Portable" [means](https://help.republicwireless.com/hc/en-us/articles/360000156767-What-is-the-Difference-Between-Portable-Storage-and-Internal-Storage-) "non-encrypted",
-basically.)
-
-The device itself is fast and responsive, and the speaker sounds loud.
-
-Todo cross-reference with, and add stuff from, [this post](https://forum.fairphone.com/t/hockey-canadian-fairphoners/17991/61).

yolo2
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index a0a6acba..dab151c4 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -330,3 +330,5 @@ will store music and maps there. "Portable" [means](https://help.republicwireles
 basically.)
 
 The device itself is fast and responsive, and the speaker sounds loud.
+
+Todo cross-reference with, and add stuff from, [this post](https://forum.fairphone.com/t/hockey-canadian-fairphoners/17991/61).

yolo
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 996d0173..a0a6acba 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -308,5 +308,25 @@ back cover (and remove the battery!) to install the SIM card and that
 doesn't feel so great. One of the corners already doesn't quite fit
 right.
 
-But otherwise the device itself is fast and responsive, and the
-speaker sounds loud.
+Device was delivered with an almost empty battery (~5%) which made the
+initial setup challenging: I had to keep it plugged in and even had to
+switch chargers (from my laptop to a wall plug) because it wouldn't
+actually charge fast enough to compensate from the huge power usage of
+me doing everything at once.
+
+It's really nice to have TWRP and root out of the box. I don't think
+any other phone gives you such awesome power. It also ships with
+Firefox Klar instead of Google Chrome which is a nice touch. Fairphone
+OS surprisingly lacks a file manager so I installed the Simple File
+Manager instead.
+
+The MicroSD card socket is a little weird: there are two pins to keep
+the card from coming out (even though it's behind the plastic cover
+and unlikely to move) and that makes it difficult to swap out. I had
+to use a pair of tweezers to get the damn thing out. I also had to
+reboot for the SD card to be detected. (Incidentally, it told me my SD
+card was corrupt, which is strange. I formatted it as "portable" as I
+will store music and maps there. "Portable" [means](https://help.republicwireless.com/hc/en-us/articles/360000156767-What-is-the-Difference-Between-Portable-Storage-and-Internal-Storage-) "non-encrypted",
+basically.)
+
+The device itself is fast and responsive, and the speaker sounds loud.

first impressions and docs of the FP2
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 99081ad0..996d0173 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -72,3 +72,241 @@ history](https://en.wikipedia.org/wiki/Android_version_history) for the larger c
 
 There are [more OSes ported to the FP2](https://forum.fairphone.com/t/operating-systems-for-fairphones/11425/1) including Ubuntu Touch and
 Sailfish.
+
+Flashing with Saibon
+====================
+
+The default OS that comes with the Fairphone is, like many Android
+distributions, full of Google tracking software. I dislike those, so I
+installed [Saibon](https://code.fairphone.com/projects/fp-osos/index.html), also known as "Fairphone Open". I followed the
+[installation instructions](https://code.fairphone.com/projects/fp-osos/user/fairphone-open-source-os-installation-instructions.html) to download and install the new version
+which involves running an arbitrary bash script (which I quickly
+reviewd) that basically runs a bunch of `fastboot` commands to flash
+the phone through the USB port.
+
+    anarcat@curie:fp2-sibon-19.02.1-manual-switcher(master)$ sh flash-for-unix.sh
+    ** Fairphone OS 19.02.1 Manual Flashing Script **
+
+    WARNING: Flashing this image wipes all user data and settings on the phone.
+
+    Validating files...
+    Validation complete.
+
+    One Fairphone 2 in fastboot mode found (serial number: [REDACTED]).
+
+    Are you sure you want to wipe all user data and settings on the phone?
+      Type "Yes" to continue: Yes
+
+    Proceeding to flash the device.
+
+    target reported max download size of 536870912 bytes
+    sending 'rpm' (186 KB)...
+    OKAY [  0.009s]
+    writing 'rpm'...
+    OKAY [  0.011s]
+    finished. total time: 0.021s
+    target reported max download size of 536870912 bytes
+    sending 'sbl1' (274 KB)...
+    OKAY [  0.013s]
+    writing 'sbl1'...
+    OKAY [  0.008s]
+    finished. total time: 0.020s
+    target reported max download size of 536870912 bytes
+    sending 'tz' (334 KB)...
+    OKAY [  0.015s]
+    writing 'tz'...
+    OKAY [  0.008s]
+    finished. total time: 0.023s
+    target reported max download size of 536870912 bytes
+    sending 'modem' (57585 KB)...
+    OKAY [  2.052s]
+    writing 'modem'...
+    OKAY [  0.626s]
+    finished. total time: 2.678s
+    target reported max download size of 536870912 bytes
+    sending 'splash' (6075 KB)...
+    OKAY [  0.214s]
+    writing 'splash'...
+    OKAY [  0.073s]
+    finished. total time: 0.287s
+    target reported max download size of 536870912 bytes
+    sending 'aboot' (536 KB)...
+    OKAY [  0.020s]
+    writing 'aboot'...
+    OKAY [  0.016s]
+    finished. total time: 0.036s
+    target reported max download size of 536870912 bytes
+    sending 'boot' (11708 KB)...
+    OKAY [  0.422s]
+    writing 'boot'...
+    OKAY [  0.127s]
+    finished. total time: 0.549s
+    target reported max download size of 536870912 bytes
+    sending 'recovery' (13834 KB)...
+    OKAY [  0.487s]
+    writing 'recovery'...
+    OKAY [  0.159s]
+    finished. total time: 0.646s
+    target reported max download size of 536870912 bytes
+    erasing 'system'...
+    OKAY [  0.379s]
+    sending sparse 'system' 1/2 (520913 KB)...
+    OKAY [ 18.988s]
+    writing 'system' 1/2...
+    OKAY [  8.905s]
+    sending sparse 'system' 2/2 (48631 KB)...
+    OKAY [  1.752s]
+    writing 'system' 2/2...
+    OKAY [  0.794s]
+    finished. total time: 30.817s
+    target reported max download size of 536870912 bytes
+    erasing 'userdata'...
+    OKAY [  3.226s]
+    sending 'userdata' (138997 KB)...
+    OKAY [  4.723s]
+    writing 'userdata'...
+    OKAY [  1.830s]
+    finished. total time: 9.780s
+    target reported max download size of 536870912 bytes
+    erasing 'cache'...
+    OKAY [  0.023s]
+    sending 'cache' (12520 KB)...
+    OKAY [  0.450s]
+    writing 'cache'...
+    OKAY [  0.216s]
+    finished. total time: 0.689s
+
+    Flashing successful!
+    Your Fairphone 2 will now run **Fairphone OS 19.02.1**.
+
+    Press Enter to reboot the device and complete the installation...
+    rebooting...
+
+    finished. total time: 0.052s
+
+That worked pretty well, I must say: it's nice to have support for a
+real OS from the phone manufacturer! Once that's done, the phone
+reboots and takes a while to resume (a minute or two).
+
+Android configuration
+=====================
+
+This is copied from [[htc-one-s]].
+
+Those are things to do when I flash the device, which I seem to
+screwup so often that I actually had to note this down.
+
+ 1. Check for updates and install: there's an "updater" app in
+    Fairephon Open
+ 2. encrypt the phone (takes ~10 minutes, needs power), see below
+ 3. set lock code (PIN)
+ 4. go through prefs to tweak everything
+   * enable privacy guard, including on builtin apps
+   * browser: disable a bunch of stuff, enable utf8
+ 5. install f-droid using sideloading (see below)
+ 5. install and configure [apps](apps.html) (see below)
+ 6. import contacts from backups (see below)
+ 7. <del>setup fake GCM</del> screw google
+ 8. configure all installed apps (see below)
+ 9. backup the phone (!) todo!
+
+Some of those steps are documented more explicitly below.
+
+Upgrading recovery
+------------------
+
+A recovery (TWRP) is already installed on the phone, but it might have
+trouble sideloading apps. I had to upgrade TWRP using the [LineageOS
+docs](https://wiki.lineageos.org/devices/FP2/install):
+
+    gpg --verify twrp-3.2.3-0-FP2.img.asc
+    adb reboot bootloader
+    fastboot flash recovery twrp-3.2.3-0-FP2.img
+
+Once recovery is flashed, **hold the volume UP button** then hit:
+
+    fastboot reboot
+
+This will make sure the phone will reboot in recovery. Otherwise the
+phone will reboot to system which will overwrite the recovery image.
+
+Another method is to boot to recovery (it's already installed!) and
+install a new TWRP image on the phone:
+
+    adb push twrp-3.2.3-0-FP2.img /sdcard
+    adb reboot recovery
+
+And install it from the `Install` menu.
+
+Installing the F-Droid privileged extension
+-------------------------------------------
+
+From TWRP, flash the priviledged F-Droid app, which allows you to turn
+of that "allow untrusted sources" checkbox and enables automated
+upgrades, see the [privileged extension project page][] for more
+information.
+
+[privileged extension project page]: https://gitlab.com/fdroid/privileged-extension
+
+First, download the `.zip` file from the [privileged extension site][]
+and sideload by picking `Advanced` -> `Sideload`, then swipe. TRWP
+will wait then run this on the computer:
+
+    adb sideload org.fdroid.fdroid.privileged.ota_2000.zip
+
+Then swipe to reboot.
+
+If this fails with "Zip signature verification failed", it's because
+you don't have a recent enough version of TWRP. Reflash the recovery,
+and make sure to return to recovery after flashing it.
+
+[privileged extension site]: https://f-droid.org/repository/browse/?fdid=org.fdroid.fdroid.privileged.ota
+
+Apps install and synchronization
+--------------------------------

(Diff truncated)
explain the current workaround as well
diff --git a/services/hosting.mdwn b/services/hosting.mdwn
index 0e3dc71d..9aa93349 100644
--- a/services/hosting.mdwn
+++ b/services/hosting.mdwn
@@ -330,6 +330,10 @@ container. The correct incantation turns out to be:
 
     docker run --name=grafana --user=grafana --env="GF_METRICS_ENABLED=true" --env="GF_ANALYTICS_REPORTING_ENABLED=false" --env="GF_USERS_ALLOW_SIGN_UP=false" --env="GF_ALTERTING_ENABLED=false" --volume="grafana-storage:/var/lib/grafana" -p 3000:3000 --restart=unless-stopped grafana/grafana
 
+For now I'm storing the canonical commandline in a "start-$image"
+script (e.g. `start-airsonic`, `start-grafana`) but that seems
+suboptimal.
+
 Rocket
 ------
 

trick to restart containers
diff --git a/services/hosting.mdwn b/services/hosting.mdwn
index 4d3664db..0e3dc71d 100644
--- a/services/hosting.mdwn
+++ b/services/hosting.mdwn
@@ -310,6 +310,26 @@ Containers are basically a directory stored in
 To restart a container on reboot, use `--restart=unless-stopped` or
 `--restart=always`, as [documented](https://docs.docker.com/engine/admin/start-containers-automatically/).
 
+### Restarting containers
+
+A common problem I have is I forget how I started a given
+container. When it's stopped or crashed or upgraded, I don't know how
+to restart it with the same arguments. There's `docker inspect` that
+will tell me the arguments passed to the container, but not flags like
+environment variables, mountpoints. Those can be *deduced* from the
+JSON output, but it's unclear what's default and what was actually
+specified by hand.
+
+For this, the [runlike](https://github.com/lavie/runlike) tool is useful:
+
+    # docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike grafana
+    docker run --name=grafana --hostname=dd2130c9306c --user=grafana --env="GF_METRICS_ENABLED=true" --env="GF_ANALYTICS_REPORTING_ENABLED=false" --env="GF_USERS_ALLOW_SIGN_UP=false" --env="GF_ALTERTING_ENABLED=false" --env="PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" --env="GF_PATHS_CONFIG=/etc/grafana/grafana.ini" --env="GF_PATHS_DATA=/var/lib/grafana" --env="GF_PATHS_HOME=/usr/share/grafana" --env="GF_PATHS_LOGS=/var/log/grafana" --env="GF_PATHS_PLUGINS=/var/lib/grafana/plugins" --env="GF_PATHS_PROVISIONING=/etc/grafana/provisioning" --volume="grafana-storage:/var/lib/grafana" -p 3000:3000 --restart=unless-stopped --detach=true grafana/grafana
+
+It may be a little verbose, but it's a good basis to restart a
+container. The correct incantation turns out to be:
+
+    docker run --name=grafana --user=grafana --env="GF_METRICS_ENABLED=true" --env="GF_ANALYTICS_REPORTING_ENABLED=false" --env="GF_USERS_ALLOW_SIGN_UP=false" --env="GF_ALTERTING_ENABLED=false" --volume="grafana-storage:/var/lib/grafana" -p 3000:3000 --restart=unless-stopped grafana/grafana
+
 Rocket
 ------
 

new quote, from twitter
diff --git a/fortunes.txt b/fortunes.txt
index bebe767f..c3c3129a 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1101,3 +1101,7 @@ government and peace without violence.
 The ultimate test of your knowledge is your capacity to convey it to
 another.
                         - Richard Feynman
+%
+There is no programming language–no matter how structured–that will
+prevent programmers from making bad programs.
+                        - Larry Flon

fix isis case
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
index 9f768aaf..92ae6d85 100644
--- a/blog/2019-03-05-report.mdwn
+++ b/blog/2019-03-05-report.mdwn
@@ -73,7 +73,7 @@ wrapped up for whoever picks this up next.
 Following a new vulnerability (CVE-2019-6690) disclosed in the
 python-gnupg library, I have [expressed concerns][] at the security
 reliability of the project in future updates, referring to wider issues
-identified by Isis Lovecroft in [this post][]. 
+identified by isis lovecroft in [this post][]. 
 
 I suggested we should simply drop security support for the project,
 citing it didn't have many reverse dependencies. But it seems that

link to a server
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index c3b50cce..4f5d7e38 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -196,7 +196,9 @@ the [721Tq](https://www.supermicro.com/products/chassis/tower/721/SC721TQ-250B)
 and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard backend
 ([235$CAD](http://www.atic.ca/index.php?page=details&psku=122205) at ATIC). It would require building a whole new server
 since marcos is [microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good
-because it fits well with SoC boards (see below).
+because it fits well with SoC boards (see below). A friend
+specifically looked at [this atom server](http://www.atic.ca/index.php?page=details&psku=164534) which has a nice price
+tag (618$CAD).
 
 Supermicro also has what they call [mobile racks](https://www.supermicro.com/products/chassis/mobileRack/) that can fit
 multiple drives in a 5.25" bays.

formatting, again
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
index 38927455..9f768aaf 100644
--- a/blog/2019-03-05-report.mdwn
+++ b/blog/2019-03-05-report.mdwn
@@ -405,14 +405,14 @@ to read it in full, but I'll quote the first post here for posterity:
 > mimetype for email, and remembering it was all backwards and weird and I
 > can't find the reference anymore. If some lazyweb magic person could
 > forward the link to me I would be grateful.
-> [1]: one of so many: https://www.georgedillon.com/web/html_email_is_evil_still.shtml
-> [2]: https://en.wikipedia.org/wiki/Netscape_Communicator
-> [3]: yes my age is showing
-> [4]: to be fair, this article encouraged me quite a bit:
-> https://blog.chaddickerson.com/2019/01/09/replacing-facebook/
-> [5]: not the bass guitar one, unfortunately
-> [6]: https://en.wikipedia.org/wiki/HTML_email#Adoption
-> [7]: https://trey-jackson.blogspot.com/2008/01/emacs-tip-8-markdown.html
+>
+>      [1]: one of so many: https://www.georgedillon.com/web/html_email_is_evil_still.shtml
+>      [2]: https://en.wikipedia.org/wiki/Netscape_Communicator
+>      [3]: yes my age is showing
+>      [4]: to be fair, this article encouraged me quite a bit: https://blog.chaddickerson.com/2019/01/09/replacing-facebook/
+>      [5]: not the bass guitar one, unfortunately
+>      [6]: https://en.wikipedia.org/wiki/HTML_email#Adoption
+>      [7]: https://trey-jackson.blogspot.com/2008/01/emacs-tip-8-markdown.html
 
 I edited the original message to include the latest version of the
 script, which (unfortunately) lives in my private `dotfiles` git

fix formatting error
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
index fe6051dc..38927455 100644
--- a/blog/2019-03-05-report.mdwn
+++ b/blog/2019-03-05-report.mdwn
@@ -177,7 +177,9 @@ start a full time job either, so this might possibly be my last report
 for a while.
 
 Debian work before the freeze
---------------------- uploaded new versions of bitlbee-mastodon ([1.4.1-1](https://tracker.debian.org/news/1030798/accepted-bitlbee-mastodon-141-1-source-into-unstable/)), sopel
+-----------------------------
+
+I uploaded new versions of bitlbee-mastodon ([1.4.1-1](https://tracker.debian.org/news/1030798/accepted-bitlbee-mastodon-141-1-source-into-unstable/)), sopel
 ([6.6.3-1](https://tracker.debian.org/news/1030572/accepted-sopel-663-1-source-into-unstable/) and [6.6.3-2](https://tracker.debian.org/news/1030670/accepted-sopel-663-2-source-all-into-unstable/)) and dateparser ([0.7.1-1](https://tracker.debian.org/news/1030437/accepted-dateparser-071-1-source-into-unstable/)). I've
 also sponsored new uploads of smokeping and tuptime.
 
@@ -373,7 +375,7 @@ to read it in full, but I'll quote the first post here for posterity:
 >  4. inject the HTML version in the HTML part
 > 
 > There's some nasty business with formatting the signature correctly by
-> wrapping it in a <pre> that's going on there - I took that from
+> wrapping it in a `<pre>` that's going on there - I took that from
 > Thunderbird as well.
 > 
 > (For those who *do* read elisp for breakfast, improvements and comments

creating tag page tag/calendes
diff --git a/tag/calendes.mdwn b/tag/calendes.mdwn
new file mode 100644
index 00000000..47f7ec6c
--- /dev/null
+++ b/tag/calendes.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged calendes"]]
+
+[[!inline pages="tagged(calendes)" actions="no" archive="yes"
+feedshow=10]]

new (last?) report
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
new file mode 100644
index 00000000..fe6051dc
--- /dev/null
+++ b/blog/2019-03-05-report.mdwn
@@ -0,0 +1,480 @@
+[[!meta title="February 2019 report: LTS, HTML mail, new phone and new job"]]
+
+[[!toc levels=2]]
+
+Debian Long Term Support (LTS)
+==============================
+
+This is my monthly [Debian LTS][] report. 
+
+[Debian LTS]: https://www.freexian.com/services/debian-lts.html
+
+This is my final LTS report. I have found other work and will
+unfortunately not be able to continue working on the LTS project in
+the foreseeable future. I will continue my volunteer work on Debian
+and might even contribute to LTS in my normal job, but not directly
+part of the LTS team.
+
+It is too bad because that team is doing essential work, and needs
+more help. Security is, at best, lacking everywhere and I do not
+believe the current approach of "minimal viable product, move fast,
+then break things" is sustainable. The people working on Linux
+distributions and also the LTS people are doing hard, dirty work of
+maintaining free software in the long term. It's thankless but I
+believe it's one of the most important jobs out there right now. And I
+suspect there will be only more of it as time goes by.
+
+Legacy systems are not going anywhere: this is the next generation's
+"y2k bug": old, forgotten software no one understands or cares to work
+with that suddenly break or have a critical vulnerability that needs
+patching. Moving faster will not help us fix this problem: it only
+piles up more crap to deal with for real systems running in
+production.
+
+> The survival of humans and other species on planet Earth in my view can
+> only be guaranteed via a timely transition towards a stationary
+> state, a world economy without growth.
+> 
+> -- Peter Custers
+
+## Website work
+
+I again worked on the website this month, doing one more mass import
+([MR 53][]) which was finally merged by Holger Levsen, after I [fixed
+an issue with PGP signatures][] showing up on the website.
+
+[fixed an issue with PGP signatures]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/51
+
+I also polished the misnamed "audit" script that checks for missing
+announcements on the website and published it as [MR 1][] on the
+"cron" project of the webmaster team. It's still a "work in progress"
+because it is still too noisy: there are a few DLAs missing already
+and we haven't published the latest DLAs on the website.
+
+[MR 1]: https://salsa.debian.org/webmaster-team/cron/merge_requests/1
+[MR 53]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/53
+
+The remaining work here is to automate the import of new announcements
+on the website ([bug #859123][]). I've done what is hopefully the
+[last mass import][] and updated the workflow in the wiki.
+
+Finally, I have also done a bit of [cleanup][] on the website that
+was necessary after the mass import which also required [rewrite
+rules][] at the server level. Hopefully, I will have this fairly well
+wrapped up for whoever picks this up next.
+
+[rewrite rules]: https://salsa.debian.org/anarcat/dsa-puppet/merge_requests/1
+[cleanup]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/55
+[last mass import]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/58
+[bug #859123]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123
+
+## Python GPG concerns
+
+Following a new vulnerability (CVE-2019-6690) disclosed in the
+python-gnupg library, I have [expressed concerns][] at the security
+reliability of the project in future updates, referring to wider issues
+identified by Isis Lovecroft in [this post][]. 
+
+I suggested we should simply drop security support for the project,
+citing it didn't have many reverse dependencies. But it seems that
+wasn't practical and the [response][] was that it was actually
+possible to keep on maintaining it an such an update was issued for
+jessie.
+
+[response]: https://lists.debian.org/20190209103913.e45eqo3gax5g33op@manillaroad.local.home.trueelena.org
+[this post]: https://blog.patternsinthevoid.net/pretty-bad-protocolpeople.html
+[expressed concerns]: https://lists.debian.org/87r2cj4kg2.fsf@curie.anarc.at
+
+## Golang concerns
+
+Similarly, I have [expressed more concerns][] about the maintenance of
+Golang packages following the disclosure of a vulnerability
+(CVE-2019-6486) regarding elliptic curve implementations in the core
+Golang libraries. An update (DLA-1664-1) was issued for the core, but
+because Golang is statically compiled, I was worried the update wasn't
+sufficient: we also needed to upload updates for any build dependency
+using the affected code as well.
+
+[expressed more concerns]: https://lists.debian.org/87sgx0czxg.fsf@curie.anarc.at
+
+Holger asked the golang team for help and i also asked on
+irc. Apparently, all the non-dev packages (with some exceptions) were
+binNMU'd in stretch but the process needs to be clarified.
+
+I also wondered if this maintenance problem could be resolved in the
+long term by switching to dynamic linking. Ubuntu tried to switch to
+dynamic linking but abandoned the effort, so it seems Golang will be
+quite difficult to maintain for security updates in the foreseeable
+future.
+
+## Libarchive updates
+
+I have reproduced the problem described in CVE-2019-1000020 and
+CVE-2019-1000019 in jessie. I published a fix as [DLA-1668-1][]. I had
+to build the update without sbuild's overlay system (in a tar chroot)
+otherwise the cpio tests fail.
+
+[DLA-1668-1]: https://lists.debian.org/20190207192754.GA14483@curie.anarc.at
+
+## Netmask updates
+
+This one was minimal: a patch was [sent by the maintainer][] so I only
+wrote and sent [DLA 1665-1][]. Interestingly, I didn't have access to
+the `.changes` file which made writing the DLA a little harder, as my
+workflow normally involves calling `gen-DLA --save` with the .changes
+file which autopopulates a template. I learned that `.changes` files
+are normally archived on `coccia.debian.org` (specifically in
+`/srv/ftp-master.debian.org/queue/done/`), but not in the case of
+security uploads.
+
+[DLA 1665-1]: https://lists.debian.org/20190206222753.GA28901@curie.anarc.at
+[sent by the maintainer]: https://lists.debian.org/20190206005958.GA7780@debian.org
+
+## Libreoffice
+
+I once again tried to tackle an issue (CVE-2018-16858) with
+Libreoffice. The [last time][] I tried to work on LibreOffice, the
+test suite was failing and the linker was *crashing* after hours of
+compilation and I never got anywhere. But that was wheezy, so I
+figured jessie might be in better shape.
+
+[last time]: https://anarc.at/blog/2017-11-30-free-software-activities-november-2017
+    
+I quickly got into trouble with sbuild: I ran out of space on *both*
+`/` and `/home` so I moved all my photos to external drive (!). The
+patch ended up being trivial. I could reproduce with a simple proof of
+concept, but could not quite get code execution going. It might just
+be I haven't found the right Python module to load, so I assumed the
+code was vulnerable and, given the patch was simple, it was worth
+doing an update.
+
+The build ended up taking close to nine hours and 35GiB of disk
+space. I published [DLA-1669-1][] as a result. 
+
+I also opened a [bug report against dput-ng][] against dput-ng because
+it still doesn't warn users about uploads to security-master the same
+way dput does.
+
+[bug report against dput-ng]: https://bugs.debian.org/921750
+[DLA-1669-1]: https://lists.debian.org/20190208212911.GA10095@curie.anarc.at
+
+## Enigmail
+
+Finally, Enigmail was finally taken off the official support list in
+jessie when the debian-security-support proposed update was
+[approved][].
+
+[approved]: https://lists.debian.org/81f630a358a5c6da6b3a02c3a2c18712@mail.adam-barratt.org.uk
+
+Other free software work
+========================
+
+Since I was going to start that new job in March, I figured I would
+try to take some time off before work starts. I therefore mostly tried
+to wrap things up and didn't do as much volunteer work as I usually
+do. I'm unsure I'll be able to do as much volunteer work now that I
+start a full time job either, so this might possibly be my last report
+for a while.
+
+Debian work before the freeze
+--------------------- uploaded new versions of bitlbee-mastodon ([1.4.1-1](https://tracker.debian.org/news/1030798/accepted-bitlbee-mastodon-141-1-source-into-unstable/)), sopel
+([6.6.3-1](https://tracker.debian.org/news/1030572/accepted-sopel-663-1-source-into-unstable/) and [6.6.3-2](https://tracker.debian.org/news/1030670/accepted-sopel-663-2-source-all-into-unstable/)) and dateparser ([0.7.1-1](https://tracker.debian.org/news/1030437/accepted-dateparser-071-1-source-into-unstable/)). I've
+also sponsored new uploads of smokeping and tuptime.
+
+I also uploaded [convertdate to NEW](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922335) as it was a (missing but
+optional) dependency of dateparser. Unfortunately, it didn't make it
+through NEW in time for the freeze so dateparser won't be totally
+fixed in buster.
+
+I also made two new releases of [feed2exec](https://gitlab.com/anarcat/feed2exec), my programmable feed
+reader, to [fix date parsing on broken feeds](https://github.com/kurtmckee/feedparser/issues/159), add a JSON output
+plugin, and fix an issue with the `ikiwiki_recentchanges` plugin.
+
+New phone
+---------

(Diff truncated)
quote atic
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 2324c409..c3b50cce 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -193,10 +193,10 @@ gnubee (more powerful, among other things).
 Supermicro sells cases as well as motherboards, and some of those
 might be interesting for a home server / NAS solution. For example,
 the [721Tq](https://www.supermicro.com/products/chassis/tower/721/SC721TQ-250B) has four hot-swappable 3.5" bays for SATA hard drives
-and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard
-backend. It would require building a whole new server since marcos is
-[microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good because it fits
-well with SoC boards (see below).
+and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard backend
+([235$CAD](http://www.atic.ca/index.php?page=details&psku=122205) at ATIC). It would require building a whole new server
+since marcos is [microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good
+because it fits well with SoC boards (see below).
 
 Supermicro also has what they call [mobile racks](https://www.supermicro.com/products/chassis/mobileRack/) that can fit
 multiple drives in a 5.25" bays.

mention supermicro
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 804fdc94..2324c409 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -188,6 +188,19 @@ the cluster, as 6 drives going full spin will generate a lot of I/O.
 In pre-order: https://kobol.io/helios4/ Interesting alternative to the
 gnubee (more powerful, among other things).
 
+## Supermicro
+
+Supermicro sells cases as well as motherboards, and some of those
+might be interesting for a home server / NAS solution. For example,
+the [721Tq](https://www.supermicro.com/products/chassis/tower/721/SC721TQ-250B) has four hot-swappable 3.5" bays for SATA hard drives
+and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard
+backend. It would require building a whole new server since marcos is
+[microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good because it fits
+well with SoC boards (see below).
+
+Supermicro also has what they call [mobile racks](https://www.supermicro.com/products/chassis/mobileRack/) that can fit
+multiple drives in a 5.25" bays.
+
 ## Other SoC boards
 
 There are many SoC boards that could be used to create a device from

meilleure docu de l'imprimante
diff --git a/services/print.mdwn b/services/print.mdwn
index 23e95ac0..03878183 100644
--- a/services/print.mdwn
+++ b/services/print.mdwn
@@ -18,3 +18,14 @@ n'ont pas fonctionné alors j'ai partagé l'imprimante sur ma machine,
 ce qui semble, pour l'instant, fonctionner.
 
 [p910n]: https://openwrt.org/docs/guide-user/services/print_server/p910ndprinterserver
+
+Configurer l'imprimante sur une nouvelle machine devrait être
+automatique: elle devrait auto-détecter l'imprimante partagée sur
+`curie`.
+
+Pour configurer `curie`, il faut ajouter une nouvelle imprimante de
+type "AppSocket/HP JetDirect" avec l'URL
+`socket://plastik.anarc.at:9100`. On entre ensuite le nom de
+l'imprimante (`HP-LaserJet-1012`) et on la partage, puis on choisit le
+driver `HP LaserJet 1012 hpijs`, qui est disponible dans le [package
+printer-driver-hpijs](https://tracker.debian.org/printer-driver-hpijs).

consider the librem 13, add size/weight stats to x220 for comparison
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 10a38ecb..b80770fd 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -172,6 +172,7 @@ X220
 <http://thinkwiki.de/X220>
 
  * 12.5" TFT
+ * 305.0mm x 206.5mm x 19-34.6mm, 1.3kg
  * i3-i7
  * 16GB max
  * 2 minipci (incl possible mSATA)
@@ -232,6 +233,33 @@ https://puri.sm/products/
 1500 - 1700$USD... trop cher. mais vraiment intéressant parce qu'ils
 semblent vraiment libérer le matériel.
 
+### Librem 13
+
+https://puri.sm/products/librem-13/
+
+ * Operating system: PureOS
+ * TPM: Included
+ * Battery life: Roughly 7 to 9 hours
+ * Processor: Core i7 7500U (Kabylake)
+ * Display: 13.3"
+ * Graphics: Intel HD Graphics 620
+ * Memory: Up to 16GB, DDR4 at 2133 MHz
+ * Storage: Configurable
+ * Chassis: Black anodized aluminium
+ * Webcam: 720p 1.0 megapixel
+ * Dimensions: 325×219×18mm
+ * Weight: 1.4kg
+ * Wireless: Atheros 802.11n w/ Two Antenna
+ * Radio hardware killswitch: Yes
+ * Mic and cam killswitches: Yes
+ * Audio port: 1 headphone/line output jack
+ * USB ports: 2 USB 3.0 Ports (1 type C),
+ * External monitor output: 1 HDMI Port (4K capable)
+ * Card reader: Yes, 2-in-1 SD/MMC
+ * Backlit keyboard: Yes
+ * Touch interface: Elantech Multitouch Trackpad
+ * Thermal design: Low noise fan
+
 Dell
 ----
 

got the phone finally unlocked
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index e36b8c8f..a60ed375 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1148,7 +1148,10 @@ claim to be able to unlock the phone within "5-90 minutes" but the
 unlocking process actually took a little over 8 hours and was finally
 shipped at 19:50:43 after being delayed an hour by graylisting. The
 code, unfortunately, was not working: the unlock failed with "SIM
-network unlock request unsuccessful".
+network unlock request unsuccessful". The reason for this is unlocking
+works only on stock firmware, so I had to dig the original firmware
+out of my backups and reflash the whole thing (twice) to actually
+unlock the phone. But a day later, it's done!
 
 Future work
 ===========

yolo: switched to new phone, yay
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index 1aaed17e..e36b8c8f 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -56,6 +56,11 @@ uploaded the most recent [snapshots][] and [nightlies on Archive.org][].
 [snapshots]: https://archive.org/details/cmarchive_snapshots
 [nightlies on Archive.org]: https://archive.org/details/cmarchive_nighlies
 [those Reddit folks]: https://www.reddit.com/r/cyanogenmod/comments/5kas0h/complete_cm_snapshots_and_nightlies_archive_xpost/
+
+There's also an [unofficial build](https://forum.xda-developers.com/htc-one-s/development/7-1-lineage14-1-htc-one-s-ville-t3540981) labeled
+`lineage-14.1-20180820-UNOFFICIAL-ville.zip` which is probably much
+better than running a 2 years older build, but it "only works with the
+S4" so I haven't tried it yet.
 """]]
 
 [latest nightly]: https://archive.org/download/cmarchive_nighlies/cm-12.1-20160822-NIGHTLY-ville.zip
@@ -230,6 +235,11 @@ seconds and then release the `Power` button while keeping `Volume
 down` pressed until the bootload comes up (~5-10s?). From there I
 return to TWRP and sideload again the part that failed.
 
+This is also a good time to load other privileged extensions, like
+F-Droid:
+
+    sudo adb sideload org.fdroid.fdroid.privileged.ota_2040.zip
+
 Once the sideloading is complete, you need to flash the `boot.img`
 file in place, by rebooting in the bootloader. Use `Reboot`,
 `Bootloader` from the main menu, not the `Reboot` button from the
@@ -259,23 +269,60 @@ My android configuration
 Those are things to do when I flash the device, which I seem to
 screwup so often that I actually had to note this down.
 
- 1. Check for updates and install: `About phone`, `CyanogenMod
-    updates` if not done automatically
+ 1. <del>Check for updates and install: `About phone`, `CyanogenMod
+    updates` if not done automatically</del> There are no updates
+    anymore, tough luck.
  1. encrypt the phone (takes ~10 minutes, needs power), see below
  2. set lock code (PIN)
  3. go through prefs to tweak everything
    * enable privacy guard, including on builtin apps
    * browser: disable a bunch of stuff, enable utf8
- 4. install f-droid
- 5. install and configure [apps](apps.html)
- 6. import contacts from backups
- 7. setup fake GCM
+ 4. <del>install f-droid</del> done during sideloading, refresh repos
+    and upgrade instead
+ 5. install and configure [apps](apps.html) - note: this can be more easily
+    done by syncing apps with another phone through F-Droid's "nearby"
+    feature
+ 6. import contacts from backups - can be done with nextcloud
+ 7. <del>setup fake GCM</del> screw google
  8. configure all installed apps above
  9. backup the phone
- 10. reimport music using git-annex
- 
+ 10. <del>reimport music using git-annex</del> using Subsonic instead
+
 Some of those steps are documented more explicitly below.
 
+Apps install and synchronization
+--------------------------------
+
+Apps often keep their state only on the phone and don't sync up to
+servers online, which means we need to backup/restore some things
+around.
+
+F-Droid has a very nice interface to install "nearby" apps. The "app
+list" is totally useless in comparison, as the "HTML list" version is
+unusable: the links are broken and formatting is all out of whack.
+
+Here are the various tweaks required for each app I currently use:
+
+ 1. anikdroid: syncs easily with central server
+ 2. antenna pod: syncs with gpodder, but better export/import database
+    through syncthing
+ 3. dSub, lichess, Nextcloud, Wallabag, Linphone and VoIP.SMS all need
+    to have their passwords re-set which is annoying, although the
+    latter two are relevant only for "non-GSM" phones
+ 4. OSMand also doesn't have such a good import/export story - all
+    those little settings need to be redone by hand if there's no
+    backup
+ 5. Signal is, of course, a [frigging catastrophe](https://community.signalusers.org/t/i-lost-my-phone-or-changing-the-master-device-in-signal/1200) as well,
+    althought here is an actually good way to [transfer between two
+    phones](https://support.signal.org/hc/en-us/articles/360007059752) so the story isn't that bad either
+ 7. syncthing takes care of the rest, namely installing Signal from
+    the [APK URL](https://signal.org/android/apk/), my Stellarium backup and so on. it also useful
+    for "copy-pasting" (so to speak) passwords around instead of
+    tapping those stupid strings out, including the Signal backup and
+    its secret key
+ 8. contacts can be backed up with nextcloud on one device and
+    restored on the other fairly easily
+
 Backing up phone
 ----------------
 
@@ -997,6 +1044,11 @@ Boot into TWRP, and push the backup at exactly the right location:
 
     adb push -p HT26PW407343 /sdcard/TWRP/BACKUPS/HT26PW407343
 
+This can also be done with the OTG cable. The backup is in a directory
+called `Stock ROM 2016-03-17--19-17-35` and was last seen on `curie`,
+copied over from the `calyx` external drive, itself moved over from
+`angela`.
+
 Go into Restore and select all options to restore from backup.
 
 Reboot into bootloader and flash the old boot sector backup:
@@ -1010,6 +1062,10 @@ Reboot into bootloader and flash the old boot sector backup:
 
 Reboot.
 
+Update: 
+
+The [HTC dev center](https://www.htcdev.com/devcenter/downloads) only has source code, not official rom files.
+
 Developping for Android
 =======================
 
@@ -1070,27 +1126,8 @@ this phone is Cyanogenmod and that project has died, replaced with
 [LineageOS](https://lineageos.org/) which barely supports *any* HTC device whatsoever. But
 it beats having no phone at all.
 
-I've found nice ways of copying data between the two phones:
-
- 1. anikdroid: syncs easily with central server
- 2. antenna pod: syncs with gpodder, but better export/import database
-    through syncthing
- 3. dSub, lichess, Nextcloud, Wallabag, Linphone and VoIP.SMS all need
-    to have their passwords re-set which is annoying, although the
-    latter two are relevant only for "non-GSM" phones
- 4. OSMand also doesn't have such a good import/export story - all
-    those little settings need to be redone by hand if there's no
-    backup
- 5. Signal is, of course, a [frigging catastrophe](https://community.signalusers.org/t/i-lost-my-phone-or-changing-the-master-device-in-signal/1200) as well
- 6. apps list: f-droid has a very nice interface to install "nearby"
-    apps - the "app list" is totally useless in comparison, as the
-    "HTML list" version is unusable as the formatting is broken
- 7. syncthing takes care of the rest, namely installing Signal from
-    the [APK URL](https://signal.org/android/apk/), my Stellarium backup and so on. it also useful
-    for "copy-pasting" (so to speak) passwords around instead of
-    tapping those stupid strings out
- 8. contacts can be backed up with nextcloud on one device and
-    restored on the other fairly easily
+I've found nice ways of copying data between the two phones, and I
+updated the install procedure above accordingly.
 
 Only problem is the Transit app is not compatible with this older
 Android release.

fix link
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index 89e23858..1aaed17e 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1101,7 +1101,7 @@ online, so I picked some random one ([canadaunlocking.com](https://canadaunlocki
 in a startpage search for "android sim unlock") and paid them 10$USD
 via Paypal for some semblance of security. Worst thing is they have my
 IMEI number mapped to my Paypal account I guess and/or they steal my
-money. Other such sites include [unlockradar.com](and they se) ([suggested by
+money. Other such sites include [unlockradar.com](http://www.unlockradar.com/) ([suggested by
 Quora](https://www.quora.com/What-is-a-Sim-Network-Unlock-Pin?share=1)) and [unlockriver.com](http://unlockriver.com/) (found in [this youtube
 video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
 

update: unlock failed.
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index c09b4c03..89e23858 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1107,7 +1107,11 @@ video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
 
 As of 2019-02-26T11:50:00EST, no mail had arrived from
 canadaunlocking.com. Paypal payment was confirmed on 11:39:26EST. They
-claim to be able to unlock the phone within "5-90 minutes".
+claim to be able to unlock the phone within "5-90 minutes" but the
+unlocking process actually took a little over 8 hours and was finally
+shipped at 19:50:43 after being delayed an hour by graylisting. The
+code, unfortunately, was not working: the unlock failed with "SIM
+network unlock request unsuccessful".
 
 Future work
 ===========

move the fairphone stuff in a subpage
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 52bf873c..25ce0154 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -134,55 +134,13 @@ sont mauvais sur XDA...
 Ceci dit, j'ai découvert que le FP2 est possiblement en vente au
 Canada (voir ci-bas) et j'ai fait une [demande](https://forum.fairphone.com/t/buying-a-fairphone-2-in-canada/48483) pour un usagé.
 
-Update: j'ai acheté un Fairphone 2 chez Ecosto, pour 543.24$CAD. Je
-m'attends à ce que les délais de livraison soient assez long: leur
-estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
-donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
-chez dx.com et compagnie...
+Update: j'ai acheté un Fairphone 2 chez Ecosto, pour ~500$CAD, voir
+[[fairphone2]] pour les détails.
 
 Fairphone 2
 -----------
 
-The [[!wikipedia Fairphone]] (FP) is a really important project. They
-have already shipped two versions of the phone (FP1 and [FP2](https://shop.fairphone.com/en/)) and
-a third one is at the [concept stage](https://twitter.com/Fairphone/status/1053232949225766912) ([more discussions](https://forum.fairphone.com/t/date-de-lancement-du-fairphone-3/41694/12)).
-
-The key with the FP project, is to avoid major human rights issues in
-the source of components and the production of the device, something
-that's way too often overlooked. Many minerals involved in the
-fabrication of modern electronics come from conflict zones or involve
-horrible (child) labour conditions. Fixing those issues should be our
-priority, maybe even before hardware or software freedom.
-
-Even without addressing completely those issues, the fact that it
-scored a [perfect 10][] in iFixit's reparibility score is incredible.
-It seems parts are difficult to find, even in Europe. The phone
-doesn't ship to the Americas from the original website, which makes it
-difficult to buy, but *some* shops *do* ship to Canada, like
-[Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/). So it might still be relevant.
-
-[perfect 10]: https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523
-
-Specs:
-
- * Android 7, [supported in LOS](https://wiki.lineageos.org/devices/FP2) 15.1, will likely be [ported to
-   LOS 16](https://forum.fairphone.com/t/lineage-os-16-x/44213)
- * [perfect 10][] in iFixit repairability
- * 2GB RAM
- * CPU: Quad-core Krait 400 2.26 GHz (Qualcomm MSM8974AB-AB Snapdragon 801)
- * Network: 2G bands: 850 900 1800 1900, 3G bands: 8(900) 2(1900)
-   1(2100), 4G bands: 3(1800) 7(2600) 20(800)
- * Storage: 32GB
- * SD card < 128GB
- * Dual SIM
- * GPS, A-GPS, Glonass
- * compass, FM receiver, etc
- * BT <= 4.0
- * Camera: 12 MP f/2.2
- * 3.5mm audio jack
- * Micro-USB 2.0
- * 5" screen, 143 mm x 73 mm x 11 mm, gorilla glass 3
- * Battery: 2420 mAh at 3.8V (9.2 Wh) - REMOVABLE!!
+Moved to [[fairphone2]].
 
 Purism Librem 5
 ---------------
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
new file mode 100644
index 00000000..99081ad0
--- /dev/null
+++ b/hardware/phone/fairphone2.mdwn
@@ -0,0 +1,74 @@
+The [[!wikipedia Fairphone]] (FP) is a really important project. They
+have already shipped two versions of the phone (FP1 and [FP2](https://shop.fairphone.com/en/)) and
+a third one is at the [concept stage](https://twitter.com/Fairphone/status/1053232949225766912) ([more discussions](https://forum.fairphone.com/t/date-de-lancement-du-fairphone-3/41694/12)).
+
+The key with the FP project, is to avoid major human rights issues in
+the source of components and the production of the device, something
+that's way too often overlooked. Many minerals involved in the
+fabrication of modern electronics come from conflict zones or involve
+horrible (child) labour conditions. Fixing those issues should be our
+priority, maybe even before hardware or software freedom.
+
+Even without addressing completely those issues, the fact that it
+scored a [perfect 10][] in iFixit's reparibility score is incredible.
+It seems parts are difficult to find, even in Europe. The phone
+doesn't ship to the Americas from the original website, which makes it
+difficult to buy, but *some* shops *do* ship to Canada, like
+[Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/).
+
+[perfect 10]: https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523
+
+I bought a [Fairphone 2]() (FP2) after the [price came down](https://forum.fairphone.com/t/fp2-price-at-399-24-discount-it-contains-24mg-of-gold/45562) for
+~500$CAD at [Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/) and I'm waiting for the actual device to
+ship. It's a guess: the Fairphone 3 (FP3) is [due to come out in
+2019](https://forum.fairphone.com/t/fairphone-3-interview-of-bas-from-frandroid/28529) but I was tired of hacking around really old, unsupported and
+so insecure, locked down phones I had lying around.
+
+Je m'attends à ce que les délais de livraison soient assez long: leur
+estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
+donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
+chez dx.com et compagnie...
+
+Specifications
+==============
+
+ * Android 7, [supported in LOS](https://wiki.lineageos.org/devices/FP2) 15.1, will likely be [ported to
+   LOS 16](https://forum.fairphone.com/t/lineage-os-16-x/44213)
+ * [perfect 10][] in iFixit repairability
+ * CPU: Quad-core Krait 400 2.26 GHz (Qualcomm MSM8974AB-AB Snapdragon 801)
+ * 2GB RAM
+ * Network: 2G bands: 850 900 1800 1900, 3G bands: 8(900) 2(1900)
+   1(2100), 4G bands: 3(1800) 7(2600) 20(800)
+ * Storage: 32GB
+ * SD card < 128GB
+ * Dual SIM
+ * GPS, A-GPS, Glonass
+ * compass, FM receiver, etc
+ * BT <= 4.0
+ * Camera: 12 MP f/2.2
+ * 3.5mm audio jack
+ * Micro-USB 2.0
+ * 5" screen, 143 mm x 73 mm x 11 mm, gorilla glass 3
+ * Battery: 2420 mAh at 3.8V (9.2 Wh) - REMOVABLE!!
+
+Operating system
+================
+
+Fairphone comes with "[Fairphone OS](https://code.fairphone.com/projects/fp-osos/#fairphone-os)" a version of Android
+specifically built for the Fairphone. It ships with Google apps and
+all the usual Android nastiness, so there's also a [Fairphone Open](https://code.fairphone.com/projects/fp-osos/#id2)
+(also known as "Sibon") version that consists only of free software
+(minus, naturally, the [proprietary firmware](https://code.fairphone.com/projects/fp-osos/dev/fp2-blobs-download-page.html) required to run the
+hardware).
+
+I will probably [install Fairphone Open](https://code.fairphone.com/projects/fp-osos/user/fairphone-open-source-os-installation-instructions.html) once I get a hold of the
+device. LineageOS (LOS) is [also supported](https://download.lineageos.org/FP2) (see also [this
+discussion](https://forum.fairphone.com/t/you-should-switch-to-open-os-now-why-how/25511)). One advantage LOS has over Fairphone OS (FOS) is it's
+more recent: LOS 15.1 is the latest supported version (which
+[corresponds to Android 8.1](https://en.wikipedia.org/wiki/LineageOS#Version_history)) and it's [being ported to 16](https://forum.fairphone.com/t/lineage-os-16-x/44213)
+(which corresponds to Android 9), while FOS has [just been ported to
+Android 7](https://forum.fairphone.com/t/investing-in-long-lasting-design-android-7-for-the-fairphone-2/44728) (see the [errata](https://forum.fairphone.com/t/android-7-update-most-annoying-bugs-faq-etc/45706)). See also [Android version
+history](https://en.wikipedia.org/wiki/Android_version_history) for the larger context.
+
+There are [more OSes ported to the FP2](https://forum.fairphone.com/t/operating-systems-for-fairphones/11425/1) including Ubuntu Touch and
+Sailfish.

explain when the unlocking was ordered
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index 9b5bc452..c09b4c03 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1106,8 +1106,8 @@ Quora](https://www.quora.com/What-is-a-Sim-Network-Unlock-Pin?share=1)) and [unl
 video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
 
 As of 2019-02-26T11:50:00EST, no mail had arrived from
-canadaunlocking.com. They claim to be able to unlock the phone within
-"5-90 minutes".
+canadaunlocking.com. Paypal payment was confirmed on 11:39:26EST. They
+claim to be able to unlock the phone within "5-90 minutes".
 
 Future work
 ===========

commandé le fairphone
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 3dc271f3..52bf873c 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -134,6 +134,12 @@ sont mauvais sur XDA...
 Ceci dit, j'ai découvert que le FP2 est possiblement en vente au
 Canada (voir ci-bas) et j'ai fait une [demande](https://forum.fairphone.com/t/buying-a-fairphone-2-in-canada/48483) pour un usagé.
 
+Update: j'ai acheté un Fairphone 2 chez Ecosto, pour 543.24$CAD. Je
+m'attends à ce que les délais de livraison soient assez long: leur
+estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
+donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
+chez dx.com et compagnie...
+
 Fairphone 2
 -----------
 

update: worked on that stupid htc one S phone again
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index e7a56271..9b5bc452 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1051,6 +1051,64 @@ Note that I have had better experience with the `fdroidserver` package, but it
 still depends on the Android APK to do anything, so I could only do
 some formatting and cleanup on the pull request.
 
+Update: back from the dead
+==========================
+
+Update: this is back from the dead! I was able to restore wifi
+somehow. The reset procedure was simple, as detailed below:
+
+    sudo fastboot devices
+    sudo adb reboot recovery
+    sudo adb sideload cm-12.1-20160822-NIGHTLY-ville.zip
+    unzip cm-12.1-20160822-NIGHTLY-ville.zip boot.img
+    sudo fastboot flash boot boot.img
+
+Not sure why I couldn't make this work last I tried. Now, of course,
+I'm running an old version of Android that's probably
+insecure. There's no way around this: the last "mod" that supported
+this phone is Cyanogenmod and that project has died, replaced with
+[LineageOS](https://lineageos.org/) which barely supports *any* HTC device whatsoever. But
+it beats having no phone at all.
+
+I've found nice ways of copying data between the two phones:
+
+ 1. anikdroid: syncs easily with central server
+ 2. antenna pod: syncs with gpodder, but better export/import database
+    through syncthing
+ 3. dSub, lichess, Nextcloud, Wallabag, Linphone and VoIP.SMS all need
+    to have their passwords re-set which is annoying, although the
+    latter two are relevant only for "non-GSM" phones
+ 4. OSMand also doesn't have such a good import/export story - all
+    those little settings need to be redone by hand if there's no
+    backup
+ 5. Signal is, of course, a [frigging catastrophe](https://community.signalusers.org/t/i-lost-my-phone-or-changing-the-master-device-in-signal/1200) as well
+ 6. apps list: f-droid has a very nice interface to install "nearby"
+    apps - the "app list" is totally useless in comparison, as the
+    "HTML list" version is unusable as the formatting is broken
+ 7. syncthing takes care of the rest, namely installing Signal from
+    the [APK URL](https://signal.org/android/apk/), my Stellarium backup and so on. it also useful
+    for "copy-pasting" (so to speak) passwords around instead of
+    tapping those stupid strings out
+ 8. contacts can be backed up with nextcloud on one device and
+    restored on the other fairly easily
+
+Only problem is the Transit app is not compatible with this older
+Android release.
+
+Another problem is the phone is actually locked to Telus, so I had to
+do the stupid "network unlock" dance. There are many sites doing this
+online, so I picked some random one ([canadaunlocking.com](https://canadaunlocking.com/), found
+in a startpage search for "android sim unlock") and paid them 10$USD
+via Paypal for some semblance of security. Worst thing is they have my
+IMEI number mapped to my Paypal account I guess and/or they steal my
+money. Other such sites include [unlockradar.com](and they se) ([suggested by
+Quora](https://www.quora.com/What-is-a-Sim-Network-Unlock-Pin?share=1)) and [unlockriver.com](http://unlockriver.com/) (found in [this youtube
+video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
+
+As of 2019-02-26T11:50:00EST, no mail had arrived from
+canadaunlocking.com. They claim to be able to unlock the phone within
+"5-90 minutes".
+
 Future work
 ===========
 

creating tag page tag/disk
diff --git a/tag/disk.mdwn b/tag/disk.mdwn
new file mode 100644
index 00000000..d5388be6
--- /dev/null
+++ b/tag/disk.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged disk"]]
+
+[[!inline pages="tagged(disk)" actions="no" archive="yes"
+feedshow=10]]

new article
diff --git a/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn b/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn
new file mode 100644
index 00000000..4f1ffc10
--- /dev/null
+++ b/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn
@@ -0,0 +1,217 @@
+[[!meta title="New large hard drive and 8-year old server anniversary"]]
+
+It's the "installation birthday" of my home server on February 22nd:
+
+    /etc/cron.daily/installation-birthday:
+
+                      0   0
+                      |   |
+                  ____|___|____
+               0  |~ ~ ~ ~ ~ ~|   0
+               |  |           |   |
+            ___|__|___________|___|__
+            |/\/\/\/\/\/\/\/\/\/\/\/|
+        0   |       H a p p y       |   0
+        |   |/\/\/\/\/\/\/\/\/\/\/\/|   |
+       _|___|_______________________|___|__
+      |/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/|
+      |                                   |
+      |         B i r t h d a y! ! !      |
+      | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ |
+      |___________________________________|
+
+    Congratulations, your Debian system "marcos" was installed
+    8 year(s) ago today!
+
+    Best wishes,
+
+    Your local system administrator
+
+I can't believe this machine I built 8 years ago has been running
+continuously all that time. That is far, far beyond the usual 3 or 5
+year depreciation period set in most organizations. It goes to show
+how *some* hardware can be reliable in the long term.
+
+I bought yet another new drive to deal with my ever-increasing disk
+use. I got a [Seagate IronWolf 8TB ST8000VN0022][] at Canada Computers
+(CC) for 290$CAD. I also bought a new enclosure as well, a
+[transparent Orico enclosure][] which is kind of neat. I previously
+bought [this thing][] instead,  it was really hard to fit the hard
+drive in because the bottom was mis-aligned: you had to lift the drive
+slightly to fit it in the SATA connector. Even the salesman at CC
+couldn't figure it out. The new enclosure is a bit better, but also
+doesn't quite close correctly when a hard drive is present.
+
+# Compatibility and reliability
+
+[Seagate IronWolf 8TB ST8000VN0022]: https://www.seagate.com/www-content/product-content/ironwolf/en-us/docs/100807039b.pdf
+
+The first 8TB drive I got last week was [DOA][] (no, not [that
+DOA][]): it was "clicking" and wasn't detected by the kernel. CC took
+it back without questions, after they were able to plug it into
+*something*. I'm not sure that's a good sign for the reliability of
+that drive, but I have another running in a backup server and it has
+worked well so far.
+
+[that DOA]: https://en.wikipedia.org/wiki/D.O.A._(band)
+[DOA]: https://en.wikipedia.org/wiki/Dead_on_arrival
+[this thing]: https://www.canadacomputers.com/product_info.php?cPath=14_203&item_id=100730
+[transparent Orico enclosure]: https://www.canadacomputers.com/product_info.php?cPath=14_203&item_id=108319
+[Seagate IronWolf 8TB ]: https://www.canadacomputers.com/product_info.php?cPath=15_1086_210_212&item_id=100889
+
+I was happily surprised to see the new drive works with my old [Asus
+P5G410-M motherboard][]. My previous attempt at connecting this huge
+drive into older equipment failed in a strange way: when connected in
+a Thermaltake USB-SATA dock, it would only be recognized as 4TB. I
+don't remember if I tried to connect it inside the server, but I do
+remember connecting it to [[hardware/curie]] instead which was kind of
+a mess. So I'm quite happy to see the drive works even on an old SATA
+controller, a testament to the backwards-compatibility requirements of
+the standard.
+
+[Asus P5G410-M motherboard]: https://www.asus.com/Motherboards/P5G41M/specifications/
+
+# Setup
+
+Of course, I used a GUID Partition Table [GPT][] because [MBR][]
+(Master Boot Record) partition tables are limited to 2TiB. I have
+learned about `parted --align optimal` to silence the warnings when
+creating the device:
+
+    parted /dev/sdc mklabel gpt
+    parted -a optimal /dev/sdc mkpart primary 0% 8MB
+    parted -a optimal /dev/sdc mkpart primary 8MB 100%
+
+I have come to like to call `parted` without going into its
+shell. It's clean and easy to copy paste. It also makes me wonder why
+the Debian installer bothers with that complicated partition editor
+after all...
+
+[MBR]: https://en.wikipedia.org/wiki/Master_boot_record
+[GPT]: https://en.wikipedia.org/wiki/GUID_Partition_Table
+
+I have encrypted the drive using Debian stretch's LUKS default, but I
+have given special attention to the filesystem settings, given the
+drive is so big. Here's the commandline I ended using:
+
+    mkfs -t ext4 -j -T largefile -i 65536 -m 1 /dev/mapper/8tb_crypt
+
+Here are the details of each bit:
+
+ * `ext4` - I still don't trust BTRFS enough, and I don't need the
+   extra features
+
+ * `-j` - journaling, probably default, but just in case
+
+ * `-T largefile` - this is where things get interesting. the [mkfs
+   manpage][] says that `-b -1` is supposed to tweak the block size
+   according to the filesystem size, but `mkfs` refuses to parse this,
+   so I had to use the `-T` setting. but it turns out that didn't
+   change the block size anyways, which is still at the eternal 4KiB
+
+ * `-i 65536` ("64 KiB per inode" ratio) - the default mkfs setting
+   would have allowed for around five hundred million (488 281 250)
+   inodes on this disk. given that I have less than a million files to
+   store on there so far, that seemed totally overkill, so I bumped it
+   up.
+
+ * `-m ` - don't reserve as much space for root, as default (5%) would
+   have reserved 400GB. 1% is still too big (80GB), but I can reclaim
+   the space later with `tune2fs -m 0.001 /dev/mapper/8tb_crypt`. it
+   gives me a good "heads up" before it's time to change the drive
+   again. besides, it's not possible to pass lower, non-zero values to
+   mkfs, strangely
+
+[mkfs manpage]: https://manpages.debian.org/mkfs
+
+# Benchmarks
+
+I performed a few benchmarks. It looks like the disk can easily
+saturate the SATA bus, which is limited to 150MB/s (1.5Gbit/s
+unencoded):
+
+    root@marcos:~# dd bs=1M count=512 conv=fdatasync if=/dev/zero of=/mnt/testfile
+    512+0 enregistrements lus
+    512+0 enregistrements écrits
+    536870912 bytes (537 MB, 512 MiB) copied, 3,4296 s, 157 MB/s
+    root@marcos:~# dd bs=1M count=512 if=/mnt/testfile of=/dev/null
+    512+0 enregistrements lus
+    512+0 enregistrements écrits
+    536870912 bytes (537 MB, 512 MiB) copied, 0,367484 s, 1,5 GB/s
+    root@marcos:~# hdparm -Tt /dev/sdc
+
+    /dev/sdc:
+     Timing cached reads:   2514 MB in  2.00 seconds = 1257.62 MB/sec
+     Timing buffered disk reads: 660 MB in  3.00 seconds = 219.98 MB/sec
+
+A SMART test succeeded after 20 hours. Transferring the files over
+from the older disk took even longer: at 3.5TiB used, it's quite a lot
+of data and the older disk does not yield the same performance as the
+new one. `rsync` seems to show numbers between 40 and 50MB/s (or
+MiB/s?), which means the entire transfer takes more than a day to
+complete.
+
+I have considered setting up the new drive as a degraded RAID-1 array
+to facilitate those transfers but it doesn't seem to be worth the
+trouble: this will yield warnings in a few place, adds some overhead
+(including scrubbing, for example) and might make me freak out for
+nothing in the future. This is a single drive, and will probably stay
+that way for the foreseeable future.
+
+The sync is therefore made with good old `rsync`:
+
+    rsync -aAvP /srv/ /mnt/
+
+Some more elaborate tests performed with `fio` also show that random
+read/write performance is somewhat poor (<1MB/s):
+
+    root@marcos:/srv# fio --name=stressant --group_reporting --directory=test --size=100M --readwrite=randrw --direct=1 --numjobs=4
+    stressant: (g=0): rw=randrw, bs=4K-4K/4K-4K/4K-4K, ioengine=psync, iodepth=1
+    ...
+    fio-2.16
+    Starting 4 processes
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    Jobs: 2 (f=2): [_(2),m(2)] [99.4% done] [1097KB/1305KB/0KB /s] [274/326/0 iops] [eta 00m:02s]
+    stressant: (groupid=0, jobs=4): err= 0: pid=10161: Mon Feb 25 12:51:21 2019
+      read : io=205352KB, bw=586756B/s, iops=143, runt=358378msec
+        clat (usec): min=145, max=367185, avg=23237.22, stdev=24300.33
+         lat (usec): min=145, max=367186, avg=23238.42, stdev=24300.31
+        clat percentiles (usec):
+         |  1.00th=[  450],  5.00th=[ 3792], 10.00th=[ 6816], 20.00th=[ 9408],
+         | 30.00th=[12608], 40.00th=[14912], 50.00th=[17280], 60.00th=[19328],
+         | 70.00th=[22656], 80.00th=[27264], 90.00th=[46848], 95.00th=[69120],
+         | 99.00th=[123392], 99.50th=[148480], 99.90th=[238592], 99.95th=[272384],
+         | 99.99th=[329728]
+      write: io=204248KB, bw=583601B/s, iops=142, runt=358378msec
+        clat (usec): min=164, max=322970, avg=4646.01, stdev=10840.13
+         lat (usec): min=165, max=322971, avg=4647.36, stdev=10840.16
+        clat percentiles (usec):
+         |  1.00th=[  195],  5.00th=[  227], 10.00th=[  251], 20.00th=[  310],
+         | 30.00th=[  378], 40.00th=[  494], 50.00th=[  596], 60.00th=[ 2832],
+         | 70.00th=[ 6176], 80.00th=[ 8896], 90.00th=[12480], 95.00th=[15552],

(Diff truncated)
add mandatory protocol file, specifying a version just for kicks
diff --git a/.well-known/openpgpkey/policy b/.well-known/openpgpkey/policy
new file mode 100644
index 00000000..e925bd36
--- /dev/null
+++ b/.well-known/openpgpkey/policy
@@ -0,0 +1 @@
+protocol-version: 7

switch to WKD to publish my OpenPGP key
diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile
new file mode 100644
index 00000000..370059b5
--- /dev/null
+++ b/.well-known/openpgpkey/Makefile
@@ -0,0 +1,6 @@
+.PHONY: hu
+
+ADDRESS=anarcat@debian.org
+
+hu:
+	generate-openpgpkey-hu-3 --address $(ADDRESS) --exist-ok
diff --git a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe
new file mode 100644
index 00000000..65ce1bb2
Binary files /dev/null and b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe differ
diff --git a/contact.mdwn b/contact.mdwn
index 6e78df80..031b399d 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -20,9 +20,9 @@ The best way to reach me is by email, use the address:
 
 [anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
 
-You can also encrypt your messages with this
-[[PGP key|pubkey.asc]]. Note that I
-[[changed key|pgp_transition.txt]] in 2009.
+You can also encrypt your messages with this [PGP key](.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe), also
+available on key servers and the [Web Key Discover protocol](https://keyserver.mattrude.com/guides/web-key-directory/)
+(WKD). Note that I [changed key](pgp_transition.txt) in 2009.
 
 Blog articles accept comments, but are subjected to moderation and
 anti-spam filtering.
diff --git a/pubkey.asc b/pubkey.asc
deleted file mode 100644
index 5e5aeae2..00000000
--- a/pubkey.asc
+++ /dev/null
@@ -1,218 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBEogKJ4BEADHRk8dXcT3VmnEZQQdiAaNw8pmnoRG2QkoAvv42q9Ua+DRVe/y
-AEUd03EOXbMJl++YKWpVuzSFr7IlZ+/lJHOCqDeSsBD6LKBSx/7uH2EOIDizGwfZ
-NF3u7X+gVBMy2V7rTClDJM1eT9QuLMfMakpZkIe2PpGE4g5zbGZixn9er+wEmzk2
-mt20RImMeLK3jyd6vPb1/Ph9+bTEuEXi6/WDxJ6+b5peWydKOdY1tSbkWZgdi+Bu
-p72DLUGZATE3+Ju5+rFXtb/1/po5dZirhaSRZjZA6sQhyFM/ZhIj92mUM8JJrhke
-AC0iJejn4SW8ps2NoPm0kAfVu6apgVACaNmFb4nBAb2k1KWru+UMQnV+VxDVdxhp
-V628Tn9+8oDg6c+dO3RCCmw+nUUPjeGU0k19S6fNIbNPRlElS31QGL4H0IazZqnE
-+kw6ojn4Q44h8u7iOfpeanVumtp0lJs6dE2nRw0EdAlt535iQbxHIOy2x5m9IdJ6
-q1wWFFQDskG+ybN2Qy7SZMQtjjOqM+CmdeAnQGVwxowSDPbHfFpYeCEb+Wzya337
-Jy9yJwkfa+V7e7Lkv9/OysEsV4hJrOh8YXu9a4qBWZvZHnIO7zRbz7cqVBKmdrL2
-iGqpEUv/x5onjNQwpjSVX5S+ZRBZTzah0w186IpXVxsU8dSk0yeQskblrwARAQAB
-tCNBbnRvaW5lIEJlYXVwcsOpIDxhbmFyY2F0QGFuYXJjLmF0PokCVAQTAQgAPgIb
-AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5kFGwEitUPu3khUlJ7dZIe
-BQJazWjGBQkS1vYoAAoJEHkhUlJ7dZIepK8P+gJCwRKwKoXAzVtwyHR8H6YbM2gw
-RU/OrDMOqYF53NMPgsPkYvR8kUXL0PZtHdJdNQdTc8J2tQdxkZrlUwgpILvktEkT
-R9dwlip8jJ0ucIg9X10ICyACM4XuW+kNuUCPs3PrSVicrSX7iAyopSZoueQF4VaA
-s+HwSUjYA1n4oGnBmnblWi59CepCM1yAJPLIQjvs/qq2Iuz2cOpsajEAyCsklNgj
-/irO8a8PxcKN5u7TiWmC7IKB850USi9cIi7wg4XjdRE5nPSkjToKwS5ejMfpm/LZ
-0tQ4BepBp8+cq/T33lps1m0Kc2rkwCp4BVnWq/e6ve/wevl58L94A9jQF/I4nMqL
-+7al+hXDu5Ejwb7sEbo509cIj9i+Qpze/nQ++am3tDxCs2kmeX1wwdvq3QKDtTHy
-mYSn/ByVz33UuThfV23B4xghz7L2K4OqmO2B2o5WqdDIFx88kDFLJrAsT+DNzo1d
-JFKI46etVJbg8fV7B6PX4Y9iAqy1s/2IBLJ9VtT75v7fhrDdwhCRbl6OaahxvnZc
-vtWIv//QF/xoJ+l6iFF/631bUijqWK0inAoVXSjrQs8CILV5byhfPHlJOjSm37k0
-kvHkhpKNNM7d/IB9HOYCGB98esGcOWJp+OE+vkK0Wn2nVQiFC0S1ncSXPyibngOx
-mqXdw31bW38TtM5FtCZBbnRvaW5lIEJlYXVwcsOpIDxhbmFyY2F0QGtvdW1iaXQu
-b3JnPokCVAQTAQgAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5k
-FGwEitUPu3khUlJ7dZIeBQJazWjIBQkS1vYoAAoJEHkhUlJ7dZIeNsMP/jOq7Dz0
-QouK+XfIGQd5y8c8DPipx45KTGPDt9YW7q55MC7+7YBZ/pgk0B5NWErtzxQP00O2
-chk2EZ48iF5QW4pO9J4ZYIBgf+u4KQ2GnikjrtpotdVtwkAKnzFmH29Y1kzqnGjf
-/qStLmvip2xcMWgTPNHZWjNZD7vEmIsswgHnQis55NldlfB/qqvAF+4LAAtJY6hj
-GsJuxJ/0KtkKKGat9+NNNWmPtGhVlAB1xWQSULSJdUghFZRuebVSW9d6jK3dcYMo
-7XN8cdziDQ6E9pnkr1qOJ0dP20pf80P+DlizzD7ywWxqeSZz+bzHA4xCqW0CACeh
-WftXtmLSXRITh/EL4BK17U1wfT1361siuH3Gr93RJKGloa4HJsQQ8q1un2EHsTUL
-aoioG05xXu/ykCr/dPZTcoj5dQoLN1SG0CKxzALBpkodsE1uHy1EFPYRGWmolZcq
-ozzElKwIzqemRyRzbUNCPLPQotZfPtjs0hYIIwfQtGUwIEttZrXf2zF/A9yJankf
-bpvpR+WjdZDVdmAsZNsfbeq5sc8EOKCmPe6/4IpNL44cI1yS8CTlUa0MKcdf417r
-HEISPAn0PcFUi5LVsngekRbWenkK3jWMQ1iM0uvmI24yLmzNbbOoc9U4mGBoIk1x
-saXqfJUKBIeMNtP1EpLXiGUxLJ9A4UxssUCctCpBbnRvaW5lIEJlYXVwcsOpIDxh
-bmFyY2F0QG9yYW5nZXNlZWRzLm9yZz6JAlQEEwEIAD4CGwMFCwkIBwMFFQoJCAsF
-FgIDAQACHgECF4AWIQSNyQHOZBRsBIrVD7t5IVJSe3WSHgUCWs1oyAUJEtb2KAAK
-CRB5IVJSe3WSHh+DEACzlorp/RzyaI2QPOgxxqUBIiLK6V2KEEjDpTWe7VUWZpe7
-i50otpbxFTfHqz0dh7LFsgUyj2VybpOk759oxKpZ/wRJx6+G47NLW1PEV3NfBJDh
-xQvt5DCcUjRYcgSkqCgfQzK9ZOqqsZKXX5vgI6p+4G17y64jvxFTW+wnHjyDOw1n
-zOwlLRGtHXOScVzKrZycZ/GUH6z6IjywxK5SYZI0hUw5JO2HL4tjE6TA4dZsrq4U
-RVmJnrw8Y1rg/dqeMU4iPOaD/UNtQ5bcMSKWPnVkD+F8K6OoiUVCsGYLGFfVweEJ
-5KtCNJhGRj1D17uhC3QX7oxhTE6Czf1DYNPNzbQpsgLipo43QU806muhUbaYnpqF
-l5D/IWZDiG2Jmx6SH+4A1B2JiIc2j0K8+jwfQOmzLSlOIdpGfDgEReTno2FXSal3
-+r1HHAnMHPxTzfJFGYcJazZ07buosbHhpcd0Exx3yi1cbJE8Y/dREezNH5jwovM+
-6vGbZWHEJ8wN+ZeB9zhLybwa6CnyXLU8dnFG3ZQ9SW0mgo0f4a1MabLJk0ljLyBo
-m+DdzAt+yRQfnbTnraM9XZS6zDVY5Uq6YuK6EtCQvx6q8obypGYApJRSs04/gM8Q
-LTLyuv7b18f+OltYPzJcclZ1u/gOm3RJm8WnfYdUMMTnoifq4efwQUNopKnRq7Ql
-QW50b2luZSBCZWF1cHLDqSA8YW5hcmNhdEBkZWJpYW4ub3JnPokCVAQTAQgAPgIb
-AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5kFGwEitUPu3khUlJ7dZIe
-BQJazWjIBQkS1vYoAAoJEHkhUlJ7dZIe3IUP/3G/keDpoV5OwBct1K3TLNMAZSIC
-cy4Nh+NT6/XQZlsT2FtSZn3zESsw9IaHE/4nUJOW2C6WcJo85h/obDsnsEGl9KfC
-t84jXMeJZQg3o3O26dRLDNZQVSO8iliNzHX6/V8NYtWulZ/x9Hqthhg8HcM9Tor7
-uKuQbNSE5M8SzsNH4cb9aSeKeIqMoOY2OS41eTS4uHyaogCBRpnnj+AAhuv7eUeU
-wzrfkQkzPtq/2y0O6L7Ce8K9u0BPL4ywBFe6zqBafeevTo1kCCLf+95Af42nl/bW
-lbAyCnFPegEkPWqj74wSqFQMHrkYx+er2FykPoI0WYaunq1LZlolk/v95+U5WsNr
-f7uwz7UmyDKADM69x7DTFUEZ1PoExPM1Zo+w5RTXFqfWR5uroKJhw5UkGhYrqg1T
-RSeqbB14DLWnQFZYztdVgTDqDM5g0PJpaA1+COMH5PpyhdRg1UfWET32LZDpbnqx
-6ntiq/AfHQeHp+Ibugu/PO/qD8T+kAs3GVXDzJd+rS8quxLekkKiiQp1S5ZIzCsI
-Tp2fVOqIgTszjlVy/ypGUkLnbDQE/tu22faaksdd6jpzgbupbZUOPSPaywUUVOEA
-jb+EwZPFQWIAzbbTflGY8L10leez1X0HYfcC95hRSEobdBlK9iWtS/7grN/o85RT
-iuuQgoul178m+VnotC1BbnRvaW5lIEJlYXVwcsOpICh3b3JrKSA8YW5hcmNhdEBr
-b3VtYml0Lm9yZz6JAjYEMAEIACAFAlPOcNsZHSByZW1vdmluZyBjb21tZW50IGZp
-ZWxkcwAKCRB5IVJSe3WSHvC/D/sH8ak9X0dom7HTDWyDb9fO4g95jP4MOOGuTL2I
-P7SPn3OoXZtAVaHihgvp+6H7Z0C4S+JiNL8XagcZmv7xZ6cbXyfCWAU6JEd6rTDo
-ZUYC8KJ69eExBZOp2AQMPEM4H3tZ4MV635k1ahwW4aLWXzbyWCzkFBLSBpeOoLn5
-5aa1aQhzlmhCjQhTh158AUlEiCqCB2DllQfCJ0Q5C3dpzIWkDWoMZ3Hgw9Yg+rrL
-p2oFRkijmRFoYmBB9hoP/LgLzhXZCQujhFBmL7FHSWxG07V98PEJK9NZ/xVLf+zw
-J4IDIHI0hrBDkS1Gd82lp7UK7kICZ9ognB2L8m3ObACzg1+9cOsqRLiedjsvGTxT
-sARpgFbzRhB97fuudZG1pK0PWqexIWzsmMzNlm/q+aCj+rYZVg6L+gnIs85bHqh5
-vhW71SfhbljYJBJVNcxJF+2pOtaE71TqvNbICK4UIiCubUtts9ydL/fMHmpternc
-ftxzqT0rSWI3rhywRb6ZiY9OVrbIQ+A0UPcJf5yozEpLyK57eK3U5MNMvtuI5JKs
-On1eZOV30df+70mWVgniTpL4m6Qb5kEVDhFRjk6X2PW2CzwCLGQvfaNI6NwHB0bT
-Dpxhva+pSKyTzwKn7w8L026QGs1NAufaNTZRbPiBSgJ3QIkSR/zN5ubzmoJLovGk
-GdAGNLQuQW50b2luZSBCZWF1cHLDqSAoRGViaWFuKSA8YW5hcmNhdEBkZWJpYW4u
-b3JnPokCNgQwAQgAIAUCU85w3RkdIHJlbW92aW5nIGNvbW1lbnQgZmllbGRzAAoJ
-EHkhUlJ7dZIeXEQP/RXsCNGrjNHcp7pRApNmi1fq9W2xZmy8rrQcCiGoy1pTHOpD
-ixx2vBUtn1W/tscdYiBi8+zWn+rr4+2QqIkRUIrfRK5e+qwHA0bf+YHJvEqVZU1+
-ythNKGzZ+OVezglWsWvCGyE3+4GxSJobCLnwwTLl9UVntYxMwnqJ9octslNAzc9y
-DBhhH77RYUpR/umURv/UH2uszkYu/dPPZ8v5FyfxyY+sbz4un6F3HAgMD8EEwC3K
-X0+E4vGBZkKjsxbLDWC89yAtCOMPEoairhRxFPF5zBnjxxvjLLSceLkZuskAPxe7
-eSHuc8DhOYVjlkg47kp1LmVvIO889ZYlmQyxoEY7PFrv5fqu1uLUdyIHJztSHAOx
-fpb0Hs22prs3iXHIFZXEaifzh3GCXgUrcyrpI8ZITt7bSwHUliHqT2B3OcPASQip
-XWMBBU9wXRBGuHTtOv4HHB7TVblNr4PEbfEJeqttQpQxGK3hrP7jx4XJk17H8VuN
-Iv75+sGZxAVdumOe5a1YFHlShs12t5BLlEzDomDgg0cVQNeTRwPy3zcJ/zNEA8cr
-7bSspkjPBo5Oy9EcLlhOjbI6gUuEmFU0QrfzVrrE2k837FpkxxEYlal8/0hsCOCf
-/mJ9K+0WQnc40c002GCRXQbEBc22XhQX1Ongiz7aHsTNHpVzb7TT2mz11KMCtDhB
-bnRvaW5lIEJlYXVwcsOpIChob21lIGFkZHJlc3MpIDxhbmFyY2F0QGFuYXJjYXQu
-YXRoLmN4PokCNgQwAQgAIAUCU85w3RkdIHJlbW92aW5nIGNvbW1lbnQgZmllbGRz
-AAoJEHkhUlJ7dZIeuvsQALv5rpGEI39KvmQHPrW8Y8ycN+03b1EeCTsGo/OS8wHh
-j8EmCno2HXVPVjauU4dpusEzvQHsiKqIkpknq0heA/oTkUxSrBLz8hRrmL3XN87S
-tNBOVFNkqAgAr2eoIdi2xpm3TAMqsUUj6jjM4K2JOjduIPSvcpfg43vrAo/Y54W4
-rINbhTOyCjRjQkqUhPL7bvVJvAlmpluKSDdS+ON5xEWR38g3loGkCZQvjBdSB4hh
-vaxp49MGanVTwIHzI9RSrb+UtYHM3H0G5a4+AgiVYGuwqIJZc15hI3Vz+cxPoFJ2
-haetoKT9rTwnqxZxknW+JnldH2V7KuyEMvWs5Jo3i8qSFfLCwG1jW3LGuILDBNtc
-+QiMxy7NdOZpP3Lex9bqQ6p7io6FfNK7RN/kbeUyQNvIzLu6RpB0EkMmI2XDtalZ
-cOZ1TUmQ4gP941HQBBjp/uDAUlkoa4/HIFxRwBTDnPspkG19HLub6QDs5/AB3/55
-CGS9pBHrU2EsPQ9cLwzb+zfQmJi2vC2IzcVrbwVcTRpAluHo8kUVlgTHpnbwXOHr
-r40FRuKgex7TREBK1OyAn1gYdQUFVhau+SjdcAz9zEVI8aj23Umu4oTVYVOjcx2f
-lzZCcdzyG6nzd3JQVWm3gpK3TgWo8eC/hNa7s5aIs7ThTofGXh+d5bUtcZx+FbJ5
-uQENBFAGwRgBCADTtdA/YZOdYY35bKWKokkHkXTklnwWKbAMWbcgGaaDbPEMl+0w
-Am75WoBRUF/ZetwbQQ1SlNsbqymeFp2LiwbwU3xFmw7v/TAJrYJxIPEV8fjApIIa
-o7PWzz0o8na+Ocz6w2qKWc1CJkryLT/t/JcUnPsFzlp/nYkOyrS0BqdkNwj9/hSO
-8zB1uaErrtc+TeiUO/Cu6oJ81LR1Rk0sRnHNBQv85W7ORVna+38LENQk05dQLuOx
-yf2c+TbZMJrA2d6VeZwX2hER52N23qOfyAs45f0LQOqmyk8y1BcnRykrmVlsVVgV
-JSBFKDRj6lMPLFrEUG0R5+p15m+W8833VpHnABEBAAGJAh8EGAEIAAkCGyAFAlAG
-53UACgkQeSFSUnt1kh6IexAAsxdz/64hu2YW66drIuVBgvvTcr9YBraZ4DDo5UKX
-ewNJgfLc1nB85uXmbzSVKvAB++LnqmogRE3wRlOH4A004O/i+JOtGQhf1SG6yPFk
-VWBpqvwhJeFiGcYqvw+K9XwuFhoYEP8ngpq8/SSaivH7IAVV2rSYsWfeEw4B+gS6
-bkdOiOAt9RTSyn4QVqIKvnPmOTb60I1tZTUbinEWMifu45m+6f7qqc1oadk9Ic40
-NTHEaiO9liYmq0s3l19BBUSRETlBAvJ7caAiucqHGgYeqgVfXR3Gpy+L+DBvF29g
-7XDxtXgXa8BG0AMVmxO5Ey+UH0gUpJ6azoeAFe4+U5O2q8pi+8tlLXHoLQBHXeoB
-vncZVakeC1kfZT8EzcgwtmpkzRcI5bkFRxMXx6rQqoolWM+m0cVJb95j03bK2Ao7
-S94soo3ofsgWnEoLjXvkILu3pdbmGznOcC1QINxiFDdsDfRyF3CBC6wyo1jRquHu
-qsSYx1ZVc9qHgUsi7A6NIFJ7ZWDozt+4+jn0rmkKvfbiUr+mmlfy5yCAkjjvjWif
-eMbDOkSN7o7VWEsav4WnKRChyuAvGH5kvYNCMYF9+s/H57Isehx3KmLKFLjY3bPA
-EdPUNnATbRR7eQ1B7kr7Q354uEXcW2iD39SpGvyQ4BcIGS3kNS4/m1i7SlbKoVoi
-kwW5AQ0EUAijnwEIALsJjr5pMuWTp6mXX5MrrAhoeDV9qB4R+YoWCf5ii/7aUoUi
-E1GRxbOdBVzJWJWYLuJpmQQh6LWA/37SWux2F7C1MGO+QM3FHXxog5EmyIf3kUWM
-Ui4nQdCOszWM7GJeFBnTEuWeEWTHFryP2XnYdO62lhRTrd7eW9jQIG6qHtC2Qfe6
-fuJPoRqoxHfjIVrbKbflqDy6AxtzMHCdMMlifeqkvyAq7Dcmcin6p1JBvWwZ0twL
-gk3TYTb8hjuLDyXMz3FVpvUiC96YInBLQL8G30uyaELL0AylpUVoBiN6mB0GlKog
-xr/xVyhU6uF0lZ8hzt8u236eM3WqiOw+a6GyvWcAEQEAAYkCHwQYAQgACQUCUAij
-nwIbIAAKCRB5IVJSe3WSHkPXD/4sBuRegkO6GUZeXgZv+lf2gvq2yMJWTdYWuyGD
-GGcxygWNEHupGbtzDW8OgGNr4Uj/NOYxscVvvDRley9b5iHatSqDbkaeMHkjvth/
-G6y3pby4aY9KP4q2llKRotF5i1Cz1fb8XqD3ebcB1+evUnBKX0PkAoZxhSxEJ8VM
-jWgnrK9Jg6mvKlwk6KcgqOzMMmx5UkeiNdZa4GL96waH6y9JF6f7n6BtrX7z3GUE
-DdQWOT+sVUknhptNwzOYfhYnBWqR45Ic2IXfd0u0l8BRqGaPQ895oF1CDw6fmMMg
-F4VQvg1gabQqRMBjZxqtTyUkzINCuCm2SylrgMuuzeXQMCFHcL9G/DNpjwe+rUCz
-JCZO9M0RsC9YEP5zFdsXBLr/rBM1BEvlu3JTOhfos1BMJnWXwNXS+KmGUxW2By+K
-t9LpbG0LeITzImgesdZNA/Ar2a6qH00jg77BqmYQEJYaxVm2SPvcljgeEoh78iI7
-5RYt4atcT7wYaIH3ajD1q44Sg4K/G0x5iVM19oYQakC3q5uARgzZpDfP8aFWWMBZ
-zQ9s97vlnBS6yla3j/U6Zs5WoQvftISffU1HOm2y6XJs14Mss2XseeFwB4w2H8bm
-HSwKRJkpKCISS505yANMjFBfIwF6CLa/5B3mKUxc7wB97IufuV8ZLvy6eHFnrj7k
-a1M+urkBDQRQDuHnAQgAyu2f3s3RGkGG64wXDVTfvFZCKxk3H+sJAwwATeNMd8LS
-QaNM6vQE4x/99dj+xC0B59Q9KcrCG2a9EBfPmPqBHsMYd+l31W+R0Wf/MdoIY91X
-tYbbo9vSlaqwZYjScIloxdeI8hrHMrXsQSo3NVvESFGfSZNYj6T6ryb2T6V/eu3K
-tJAYZA9pOw2kzgDmEDFxoGMqv/kyrvSGBrrDl/Q0Eq9Llbwpi+bgFX+so05ArdnT
-gX/GnwvSYO5tFwAotzABdlfKT67OqTUlf0FpkVMKgjAj7pBIczAVd4TnXTbW16x0
-W8U1XyZT2rgKomN+IDZVeQDu5Bxgh0RK+CG4w5ahzwARAQABiQJnBCgBCABRFiEE
-jckBzmQUbASK1Q+7eSFSUnt1kh4FAlh8Il0zHQNhdXRoZW50aWNhdGlvbiBrZXkg
-ZnJvbSBrb3VtYml0LCBub3QgdXNlZCBhbnltb3JlAAoJEHkhUlJ7dZIecxcP/RUQ
-d6uNQ71leKZgA7WHYyHl0OaTblEdJ+BWlEfadOjw2aWtb+cfeV15Z9YkKbm/8tBV
-5UgbNRfvz+M4M7ftzdf4CRMp5539aZC5z2D2vgJJmuebaai3KAP3g03H7JSL5Oc+
-8oGhoMPmR/U83c8oy/WjEHw+vK0jIqAwrZKm/35pc7IQxTE4CMpXG0snXbp4xU/K
-PZkUfN8Qseg3XK3SHyjPnHdB2iuXQNpO8TVXJz3x18kRkH0NFjwTrJu0fgbp/VOV
-oJd7auMs6+Gfprcka/TzDPKxaLQ7UtViiqrctidkspNMtj8wWvnjmuiUR8jvUATe
-DC9MwpmTD2ct/CiWUepNbCRXmfV7119S1hHIJic57dEEUhLzJ8+UL/LgdbWFjkq4
-J0pNiUVnB+kWh23tMaBTeDpxq2Ne/w02eZUry8qrrjpRX2x69Cvx1Qttap6pBhbC
-QiX5l2gFn9+qo0EfTcdZCkutBD1VR0S667nLc52rfDboyf8dcI81wcm96rySB8EZ
-UwD36Vtmol/1/4xn64E4+8PellLlF0DFZ9u/RSh46xvfmBp97zWRudfSNRb2u/Yf
-COUtdrZ+Atu8H5otxHpFN0yKVibXVzieAzeTWndMxwztrIag6IEzWbl6OwMyGAC3
-sbJs3RwVb+9PyC6UbJZmLfpPM4PnNFHgXeHCaXXbiQIfBBgBCAAJBQJQDuHnAhsg
-AAoJEHkhUlJ7dZIexD0P/1jWAJNK5sWWCpZzLhTBcIsju5FcjozKaOXL3suCnv67
-/b32VsYD1jXDR2BkiJ6xAdOv1u1aaAitaEOaq+YeF3f1zRM004BK9giDfStwZxyu
-yu4zMNWwayXEh3Zn7LZSy8spS8gKNqcped1xQcWb1O01uumQj4JvBnJrQYk1xpIj

(Diff truncated)
add references for MTA-STS
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 2b972ba8..eb68f3d7 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -376,6 +376,11 @@ the daemon itself. Thankfully, there's a third-party daemon called
 not in Debian yet ([bug #917366](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917366)) so that piece of the puzzle will
 most likely have to wait a little longer.
 
+References:
+
+ * [excellent tutorial from Luc de Louw](https://blog.delouw.ch/2018/12/16/using-mta-sts-to-enhance-email-transport-security-and-privacy/)
+ * [Hardenize docs on MTA-STS](https://www.hardenize.com/blog/mta-sts) and [TLS reporting](https://www.hardenize.com/blog/smtp-tls-reporting-tls-rpt)
+
 Postfix SASL configuration
 ==========================
 

document MTA-STS
diff --git a/services/mail.mdwn b/services/mail.mdwn
index aa1c9a25..2b972ba8 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -319,6 +319,63 @@ configured (see [`FILTER_README`][] and below).
 [`content_filter`]: http://www.postfix.org/postconf.5.html#content_filter
 Without this patch, local delivery would hang during my tests.
 
+MTA-STS
+=======
+
+The above has now somewhat been standardized as [RFC 8461](https://tools.ietf.org/html/rfc8461), "SMTP
+MTA Strict Transport Security".
+
+For me this involved creating the following file in my `well-known`
+directory (`/var/www/.well-known/mta-sts.txt`):
+
+    version: STSv1
+    mode: testing
+    mx: marcos.anarc.at
+    max_age: 86400
+
+Then a set of new record needs to be added to DNS:
+
+    mta-sts IN CNAME marcos
+    _smtp._tls     IN      TXT "v=TLSRPTv1;rua=mailto:postmaster@anarc.at"
+    _mta-sts   300   IN   TXT   "v=STSv1; id=20190225113927Z;"
+
+The `id` field should be a unique string that changes when there's a
+policy change. I picked the format output by `date +%Y%m%d%H%M%SZ`.
+
+Then a vhost needs to be created for the above file to be accessible:
+
+    <VirtualHost *:80>
+        ServerName mta-sts.anarc.at
+        ServerAlias mta-sts.orangeseeds.org
+        DocumentRoot /var/www/html/
+        #Redirect / https://mta-sts.anarc.at/
+    </VirtualHost>
+
+    <VirtualHost *:443>
+        ServerName mta-sts.anarc.at
+        ServerAlias mta-sts.orangeseeds.org
+        DocumentRoot /var/www/html/
+        #Use common-letsencrypt-ssl mta-sts.anarc.at
+    </VirtualHost>
+
+This needs to be authenticated with `certbot` of course and uncomment
+the redirect and `Use` lines when done:
+
+    rndc reload
+    service apache2 reload
+    certbot certonly --webroot --webroot-path /var/www/html/ -d mta-sts.anarc.at -d mta-sts.orangeseeds.org
+
+Then the configuration can be checked on [aykevl.nl](https://aykevl.nl/apps/mta-sts/) or
+[hardenize.com](https://www.hardenize.com/).
+
+This only works for *incoming* email. For *outgoing* email, Postfix
+needs to be able to check the TLS policy (which it could do with
+[smtp_tls_policy_maps](http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps)) but the MTA-STS checks are not supported in
+the daemon itself. Thankfully, there's a third-party daemon called
+[postfix-mta-sts-resolver](https://pypi.org/project/postfix-mta-sts-resolver/) which can do this. Unfortunately it's
+not in Debian yet ([bug #917366](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917366)) so that piece of the puzzle will
+most likely have to wait a little longer.
+
 Postfix SASL configuration
 ==========================
 

update storage stats after disk swap
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 12d691c4..36c4f54c 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -18,14 +18,27 @@ another storage system, see below for progress.
 Backup storage
 --------------
 
+I have about 30TB of storage deployed in various places, quite
+ineffeciently managing a little over 5TB of original data stored in
+various places. The main reason for that inefficiency is that many
+drives outlived their usefulness because they are too small and no
+"enterprise" storage mechanisms (like RAID) were deployed to aggregate
+multiple drives.
+
+Such bad usage pattern could (eventually?) be fixed by regrouping all
+those drives in a single cohesive unit, as a NAS for example. See
+[[hardware/server/marcos]] for a discussion of alternatives.
+
 ### Marcos storage
 
- * `srv`: 4TB (3.6TiB) SATA; video, mp3, external backups, postcasts and so on
-   * `/srv/video`: 1.3TiB, git-annex `backup` group
+ * `srv`: 8TB (7.2TiB) SATA; video, mp3, external backups, postcasts and so on
+   * `/srv/video`: ~4TiB, git-annex `backup` group
  * `marcossd1`: 480GB SSD; `/home`, `/var`, `/usr` and so on...
 
 ### External
 
+ * `crystal`: 4TB HDD seagate desktop drive, ex `srv` volume, in a
+   clear enclosure
  * `wd`: 4TB black external WD drive connected to `marcos`
  * `calyx`: 1.5TB iOmega external backup drive, encrypted, `borg`
    backups for angela
@@ -39,6 +52,7 @@ Backup storage
    `git-annex` archive, previously `/srv`, but stripped of private
    data - see [this post about reinit](http://git-annex.branchable.com/todo/reinit_should_work_without_arguments/) - git-annex
    `incrementalbackup`
+ * `toutatis`: 8TB Seagate Ironwolf drive on an offsite server
 
 ### Offsite (squirrel mode)
 

size
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index fc633f5b..3dc271f3 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -258,6 +258,9 @@ but expensive.
 
 https://www.indiegogo.com/projects/cosmo-communicator
 
+ * Size: 17.14(W) x 7.93cm(D) x 1.6(H)cm
+
+
 Gemini & other PDAs
 -------------------
 

cosmo might just ship
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 83deb766..fc633f5b 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -250,6 +250,14 @@ supported until 14. It's unclear how repairable those last three are.
 
 Xiaomi devices are also hard to find at usual locations.
 
+Cosmo communicator
+------------------
+
+Huge phone running android, flip keyboard, 24MP camera, super powerful
+but expensive.
+
+https://www.indiegogo.com/projects/cosmo-communicator
+
 Gemini & other PDAs
 -------------------
 
@@ -525,8 +533,10 @@ There are tons of other generic phones out there. A friend got
 [this cubot phone](http://www.everbuying.net/product1055309.html)
 which will be a good test for the 3G and 4G support.
 
-Not yet shipping phones
-=======================
+Vaporware
+=========
+
+Those phones were nice ideas but never shipped.
 
 Phoneblocks
 -----------
@@ -538,18 +548,10 @@ Here's a [pretty homepage](http://www.projectara.com/) while we wait for somethi
 Puzzlephone
 -----------
 
-[[!wikipedia Puzzlephone]] (page deleted!) is a similar idea, with hopes of shipping somewhere in 2015.
+[[!wikipedia Puzzlephone]] is a similar idea, with hopes of shipping somewhere in 2015.
 
 Similarly, there's a [pretty homepage](http://www.puzzlephone.com/) while we wait for something to happen also.
 
-Cosmo communicator
-------------------
-
-Huge phone running android, flip keyboard, 24MP camera, super powerful
-but expensive.
-
-https://www.indiegogo.com/projects/cosmo-communicator
-
 Current phone
 =============
 

syntax fix
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index aeea4f6f..83deb766 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -84,21 +84,19 @@ in the wiki:
 I ended up writing a small script to pull the currently supported
 models from the [base de données](https://github.com/LineageOS/lineage_wiki/)
 
-```python
-#!/usr/bin/python3
+    #!/usr/bin/python3
 
-import sys
+    import sys
 
-from ruamel.yaml import YAML
+    from ruamel.yaml import YAML
 
-yaml = YAML()
+    yaml = YAML()
 
-for path in sys.argv[1:]:
-    with open(path) as stream:
-        data = yaml.load(stream=stream)
-        if data['current_branch'] == 15.1:
-            print("{vendor:10.10s}| {name:20.20s}\t| {screen}\t | {release}".format(**data))
-```
+    for path in sys.argv[1:]:
+        with open(path) as stream:
+            data = yaml.load(stream=stream)
+            if data['current_branch'] == 15.1:
+                print("{vendor:10.10s}| {name:20.20s}\t| {screen}\t | {release}".format(**data))
 
 Si on regarde seulement les modèles sortis dans les derniers 3 ans, ça
 nous donne ce joli tableau:

update fairphone: en vente!
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 0286f645..aeea4f6f 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -133,6 +133,53 @@ X4 pourrait être un avantage, en fait, vu qu'elle est "seulement"
 14Mpx, ça prend moins d'espace. Et les reviews de la caméra du XA2
 sont mauvais sur XDA...
 
+Ceci dit, j'ai découvert que le FP2 est possiblement en vente au
+Canada (voir ci-bas) et j'ai fait une [demande](https://forum.fairphone.com/t/buying-a-fairphone-2-in-canada/48483) pour un usagé.
+
+Fairphone 2
+-----------
+
+The [[!wikipedia Fairphone]] (FP) is a really important project. They
+have already shipped two versions of the phone (FP1 and [FP2](https://shop.fairphone.com/en/)) and
+a third one is at the [concept stage](https://twitter.com/Fairphone/status/1053232949225766912) ([more discussions](https://forum.fairphone.com/t/date-de-lancement-du-fairphone-3/41694/12)).
+
+The key with the FP project, is to avoid major human rights issues in
+the source of components and the production of the device, something
+that's way too often overlooked. Many minerals involved in the
+fabrication of modern electronics come from conflict zones or involve
+horrible (child) labour conditions. Fixing those issues should be our
+priority, maybe even before hardware or software freedom.
+
+Even without addressing completely those issues, the fact that it
+scored a [perfect 10][] in iFixit's reparibility score is incredible.
+It seems parts are difficult to find, even in Europe. The phone
+doesn't ship to the Americas from the original website, which makes it
+difficult to buy, but *some* shops *do* ship to Canada, like
+[Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/). So it might still be relevant.
+
+[perfect 10]: https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523
+
+Specs:
+
+ * Android 7, [supported in LOS](https://wiki.lineageos.org/devices/FP2) 15.1, will likely be [ported to
+   LOS 16](https://forum.fairphone.com/t/lineage-os-16-x/44213)
+ * [perfect 10][] in iFixit repairability
+ * 2GB RAM
+ * CPU: Quad-core Krait 400 2.26 GHz (Qualcomm MSM8974AB-AB Snapdragon 801)
+ * Network: 2G bands: 850 900 1800 1900, 3G bands: 8(900) 2(1900)
+   1(2100), 4G bands: 3(1800) 7(2600) 20(800)
+ * Storage: 32GB
+ * SD card < 128GB
+ * Dual SIM
+ * GPS, A-GPS, Glonass
+ * compass, FM receiver, etc
+ * BT <= 4.0
+ * Camera: 12 MP f/2.2
+ * 3.5mm audio jack
+ * Micro-USB 2.0
+ * 5" screen, 143 mm x 73 mm x 11 mm, gorilla glass 3
+ * Battery: 2420 mAh at 3.8V (9.2 Wh) - REMOVABLE!!
+
 Purism Librem 5
 ---------------
 
@@ -142,41 +189,6 @@ report](https://puri.sm/posts/massive-progress-exact-cpu-selected-minor-shipping
 shipping", so that means at least July 2019, if not later. Their demos
 still don't have a finished device.
 
-Fairphone
----------
-
-The [[!wikipedia Fairphone]] is a really interesting project:
-
- * [homepage](http://www.fairphone.com/)
- * [specs](http://shop.fairphone.com/specs-page.html)
-
-First, it's already shipping, although out of stocks now (feb
-2015). Second, it really tries to avoid major human rights issues in
-the production, something that's way too often overlooked.
-
- * Dual SIM
- * MicroUSB Port, Type B
- * GSM850/900/1800/1900MHZ
- * WCDMA 900/2100MHz
- * 1GB RAM
- * 16GB
- * 960x540
- * 8MP 1080P@30fps
- * 165 g
- * 2000mAh Replaceable
- * GPS, Wifi, FM (?), compass, proximity, gyro,
- * 8MP
- * 5" (143 mm x 73 mm x 11 mm)
- * 148 g (phone) + 20 g (external case)
-
-Downside: it doesn't have an FM transmitter and the [baseband isn't
-open](https://forum.fairphone.com/t/fairphone-baseband-os-firmware/1228), but that's pretty much the case for all phones out there
-right now.
-
-It scored a [perfect 10](https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523) in iFixit's reparibility score, but it
-seems parts are difficult to find, even in Europe. The phone doesn't
-ship to the Americas, which makes it difficult to buy.
-
 Google
 ------
 
@@ -250,6 +262,37 @@ See [[laptop#gemini]].
 
 This is getting incredibly out of date.
 
+Fairphone 1
+-----------
+
+The [[!wikipedia Fairphone]] is a really interesting project:
+
+ * [homepage](http://www.fairphone.com/)
+ * [specs](http://shop.fairphone.com/specs-page.html)
+
+First, it's already shipping, although out of stocks now (feb
+2015). Second, it really tries to avoid major human rights issues in
+the production, something that's way too often overlooked.
+
+ * Dual SIM
+ * MicroUSB Port, Type B
+ * GSM850/900/1800/1900MHZ
+ * WCDMA 900/2100MHz
+ * 1GB RAM
+ * 16GB
+ * 960x540
+ * 8MP 1080P@30fps
+ * 165 g
+ * 2000mAh Replaceable
+ * GPS, Wifi, FM (?), compass, proximity, gyro,
+ * 8MP
+ * 5" (143 mm x 73 mm x 11 mm)
+ * 148 g (phone) + 20 g (external case)
+
+Downside: it doesn't have an FM transmitter and the [baseband isn't
+open](https://forum.fairphone.com/t/fairphone-baseband-os-firmware/1228), but that's pretty much the case for all phones out there
+right now.
+
 Samsung Galaxy S3
 -----------------
 

ajouter la taille du telephone, google
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 3a00bf9d..0286f645 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -103,28 +103,28 @@ for path in sys.argv[1:]:
 Si on regarde seulement les modèles sortis dans les derniers 3 ans, ça
 nous donne ce joli tableau:
 
-| Marque   | Modèle              | Taille             |             Année |
-| -------- | ------------------- | -----------------  |              ---- |
-| Asus     | Zenfone Max Pro M1  | 152.1 mm (5.99 in) |           2018-05 |
-| BQ       | Aquaris X           | 130 mm (5.2 in)    |           2017-06 |
-| BQ       | Aquaris X Pro       | 130 mm (5.2 in)    |           2017-06 |
-| LeEco    | Le Pro3 / Elite     | 5.5 in             | 2016-10 / 2017-03 |
-| Motorola | Moto X4             | 84.5 cm (5.2 in)   |           2017-10 |
-| Motorola | Moto Z2 Force       | 83.4 cm (5.5 in)   |           2017-07 |
-| Motorola | Moto Z2 Play        | 5.5 in             |           2017-06 |
-| OnePlus  | 5                   | 139.7 mm (5.5 in)  |           2017-06 |
-| OnePlus  | 5T                  | 152.7 mm (6.01 in) |           2017-11 |
-| Samsung  | Galaxy S9           | 5.8 inches         |        2018-03-11 |
-| Samsung  | Galaxy S9+          | 6.2 inches         |        2018-03-11 |
-| Sony     | Xperia XA2          | 132 mm (5.2 in)    |           2018-02 |
-| Sony     | Xperia XA2 Ultra    | 152.4 mm (6 in)    |           2018-02 |
-| Xiaomi   | Mi 6                | 130.8 mm (5.15 in) |           2017-04 |
-| Xiaomi   | Mi A1               | 139.7 mm (5.5 in)  |           2017-10 |
-| Xiaomi   | Mi MIX 2            | 152.1 mm (5.99 in) |           2017-09 |
-| Xiaomi   | Mi Note 3           | 139.7 mm (5.5 in)  |           2017-09 |
-| Xiaomi   | Redmi 4(X)          | 127 mm (5.0 in)    |           2017-05 |
-| Xiaomi   | Redmi Note 4        | 139.7 mm (5.5 in)  |           2017-01 |
-| Xiaomi   | Redmi Note 5 Pro    | 152.1 mm (5.99 in) |           2018-02 |
+| Marque   | Modèle             | Taille             | Écran              |             Année |
+| -------- | ------------------ | -----------------  | ------------------ | ----------------- |
+| Asus     | Zenfone Max Pro M1 | 159 mm (6.26 in)   | 152.1 mm (5.99 in) |           2018-05 |
+| BQ       | Aquaris X          | 146.5 mm (5.76 in) | 130 mm (5.2 in)    |           2017-06 |
+| BQ       | Aquaris X Pro      | 146.5 mm (5.77 in) | 130 mm (5.2 in)    |           2017-06 |
+| LeEco    | Le Pro3 / Élite    | 151.4 mm (5.96 in) | 5.5 in             | 2016-10 / 2017-03 |
+| Motorola | Moto X4            | 148.4 mm (5.84 in) | 84.5 cm (5.2 in)   |           2017-10 |
+| Motorola | Moto Z2 Force      | 155.8 mm (6.13 in) | 83.4 cm (5.5 in)   |           2017-07 |
+| Motorola | Moto Z2 Play       | 156.2 mm (6.15 in) | 5.5 in             |           2017-06 |
+| OnePlus  | 5                  | 154.2 mm (6.07 in) | 139.7 mm (5.5 in)  |           2017-06 |
+| OnePlus  | 5T                 | 156.1 mm (6.15 in) | 152.7 mm (6.01 in) |           2017-11 |
+| Samsung  | Galaxy S9          | 147.7 mm (5.81 in) | 5.8 inches         |        2018-03-11 |
+| Samsung  | Galaxy S9+         | 158.1 mm (6.22 in) | 6.2 inches         |        2018-03-11 |
+| Sony     | Xperia XA2         | 142 mm (5.59 in)   | 132 mm (5.2 in)    |           2018-02 |
+| Sony     | Xperia XA2 Ultra   | 163 mm (6.42 in)   | 152.4 mm (6 in)    |           2018-02 |
+| Xiaomi   | Mi 6               | 145.2 mm (5.72 in) | 130.8 mm (5.15 in) |           2017-04 |
+| Xiaomi   | Mi A1              | 155.4 mm (6.12 in) | 139.7 mm (5.5 in)  |           2017-10 |
+| Xiaomi   | Mi MIX 2           | 151.8 mm (5.98 in) | 152.1 mm (5.99 in) |           2017-09 |
+| Xiaomi   | Mi Note 3          | 152.6 mm (6.01 in) | 139.7 mm (5.5 in)  |           2017-09 |
+| Xiaomi   | Redmi 4(X)         | 139.2 mm (5.48 in) | 127 mm (5.0 in)    |           2017-05 |
+| Xiaomi   | Redmi Note 4       | 151 mm (5.94 in)   | 139.7 mm (5.5 in)  |           2017-01 |
+| Xiaomi   | Redmi Note 5 Pro   | 158.6 mm (6.24 in) | 152.1 mm (5.99 in) |           2018-02 |
 
 De ceux là, je trouve le Moto X4 et Sony XA2 les plus intéressants,
 principalement à cause de la taille. Le X4 est étanche mais a une
@@ -177,6 +177,15 @@ It scored a [perfect 10](https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52
 seems parts are difficult to find, even in Europe. The phone doesn't
 ship to the Americas, which makes it difficult to buy.
 
+Google
+------
+
+Apart from, you know, being Google, the Pixel has a few more problems
+that made me discard it:
+
+ * no SD card
+ * no official build for the latest (Pixel 3)
+
 Motorola
 --------
 
@@ -193,9 +202,10 @@ difficult" as it requires unplugging the mainboard, camera and
 basically everything. Unfortunately, both of those are "big" (5.5",
 like the LG G3).
 
-The [Moto X4](https://wiki.lineageos.org/devices/payton) ([review](https://forum.xda-developers.com/moto-x4/review)) is very interesting: smaller form
-factor, sealed. The only problem might be the lower battery life and
-the lower resolution camera, when compared with the XA2.
+The [Moto X4](https://wiki.lineageos.org/devices/payton) ([review](https://forum.xda-developers.com/moto-x4/review)) is very interesting, as it's
+sealed. The only problem might be the lower battery life and the lower
+resolution camera, when compared with the XA2. The body is about the
+same size as the G3 and the screen is smaller, unfortunately.
 
 Samsung
 -------
@@ -219,7 +229,8 @@ Xiaomi
 ------
 
 Those make the fame [Pocophone F1](https://en.wikipedia.org/wiki/Xiaomi_Pocophone_F1) which I'm avoiding mostly
-because of the notch but also [difficult battery access](https://www.youtube.com/watch?v=L5VWWba0coY&feature=youtu.be).
+because of the notch but also [difficult battery access](https://www.youtube.com/watch?v=L5VWWba0coY&feature=youtu.be). It's also
+gigantic (6.18").
 
 Some Xiaomi devices like the Redmi Note 3 have [an excellent iFixit
 score](https://www.ifixit.com/Device/Xiaomi_Redmi_Note_3) (8/10) but it's unclear if they are well supported in

more phone research
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index ccb753d0..3a00bf9d 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -12,6 +12,7 @@ Places to buy
 =============
 
  * [Bestbuy](https://www.bestbuy.ca/en-ca/category/unlocked-android-phones/743360.aspx?)
+ * [B&H](https://www.bhphotovideo.com/c/buy/smartphones/ci/24039/N/3955685938)
  * [Canada Computers](https://www.canadacomputers.com/index.php?cPath=571_30&sf=:)
  * [JP Mobiles](https://jpmobiles.ca/) (listed on Bestbuy, uses Amazon for "fulfillment")
  * [Newegg](https://www.newegg.ca/Cell-Phones/Category/ID-450?Tid=165898)
@@ -30,48 +31,107 @@ Must-have criteria:
  * 3.5mm jack
  * Wifi, GSM coverage in Québec
  * good GPS
+ * no scratches
+ * no contract with a GSM provider
 
 Nice to have:
 
+ * new phone, mint condition, easy returns
+ * available somewhere else than Amazon
+ * good [reparibility score](https://www.ifixit.com/smartphone-repairability?sort=score)
+ * good camera
  * <= 5" screen
  * removable battery
  * "fair" sourced materials
 
-Picking a phone is hard, even with those specs.
+Picking a phone
+---------------
 
-<https://stats.lineageos.org/> can be a source for the most popular
-phones.
+Picking a phone is hard with all those restrictions. The `#lineageos`
+folks are legendary for not helping you choose your phone but have
+provided stellar advice like:
 
-The [download page](https://download.lineageos.org/) shows which devices are officially
-supported. The latest release is 15.1, if it's not listed, it means
-support was dropped in the latest release. The devices targeted for
-16.0 right now are [listed here](https://review.lineageos.org/c/LineageOS/hudson/+/214015/24/lineage-build-targets). Non-exhaustive list of the
-devices I could find in the wiki:
+    19:41:04 <anarcat> haha great ... on https://itvends.com/irc Khaytsus's "random quote" is "This is LOS support. Not a place to find you a phone."
+    19:41:23 <+Khaytsus> Yeah bitch.
+    20:17:41 <@LuK1337> i wouldn't get a galaxy at all
+    20:19:15 <[R]> yeah, the pocophone is great
+    20:19:20 <[R]> super terrific chinese shitware great
+    20:22:12 <+noahajac> anarcat: Just get a fucking Pixel
+    20:37:09 <@LuK1337> xa2 is very hipster device
+
+... and so on.
+
+<https://stats.lineageos.org/> can be a source for the most popular
+phones, but that doesn't say which phone is *still* supported. The
+[download page](https://download.lineageos.org/) shows which devices are officially supported. The
+latest release is 15.1, if it's not listed, it means support was
+dropped in the latest release. The devices targeted for 16.0 right now
+are [listed here](https://review.lineageos.org/c/LineageOS/hudson/+/214015/24/lineage-build-targets). Non-exhaustive list of the devices I could find
+in the wiki:
 
  * [Moto X4](https://wiki.lineageos.org/devices/payton) ([review](https://forum.xda-developers.com/moto-x4/review))
  * [Moto Z2](https://wiki.lineageos.org/devices/nash) 
  * [Nexus 6](https://wiki.lineageos.org/devices/shamu)
  * [OnePlus 3 / 3T](https://wiki.lineageos.org/devices/oneplus3) ([review](https://forum.xda-developers.com/oneplus-3/review), [review](https://forum.xda-developers.com/oneplus-3t/review))
- * [OnePlus 5](https://wiki.lineageos.org/devices/cheeseburger) / [5T](https://wiki.lineageos.org/devices/dumpling)
+ * [OnePlus 5](https://wiki.lineageos.org/devices/cheeseburger) / [5T](https://wiki.lineageos.org/devices/dumpling) ([good iFixit score](https://www.ifixit.com/Teardown/OnePlus+5+Teardown/94173): 7/10)
  * [Pixel XL](https://wiki.lineageos.org/devices/marlin)
  * [Pixel sailfish](https://wiki.lineageos.org/devices/sailfish)
  * [Samsung Galaxy S9+](https://wiki.lineageos.org/devices/star2lteO)
- * [XA2](https://wiki.lineageos.org/devices/pioneer) / [XA2 ultra](https://wiki.lineageos.org/devices/discovery)
+ * [XA2](https://wiki.lineageos.org/devices/pioneer) ([review](https://forum.xda-developers.com/xperia-xa2/review)) / [XA2 ultra](https://wiki.lineageos.org/devices/discovery)
  * [Xiaomi Mi Note 3](https://wiki.lineageos.org/devices/jason)
  * [Zuk Z1](https://wiki.lineageos.org/devices/ham)
 
-The `#lineageos` folks are legendary for not helping you choose your
-phone but have provided some advice like:
-
-    19:41:04 <anarcat> haha great ... on https://itvends.com/irc Khaytsus's "random quote" is "This is LOS support. Not a place to find you a phone."
-    19:41:23 <+Khaytsus> Yeah bitch.
-    20:17:41 <@LuK1337> i wouldn't get a galaxy at all
-    20:19:15 <[R]> yeah, the pocophone is great
-    20:19:20 <[R]> super terrific chinese shitware great
-    20:22:12 <+noahajac> anarcat: Just get a fucking Pixel
-    20:37:09 <@LuK1337> xa2 is very hipster device
-
-... and so on.
+I ended up writing a small script to pull the currently supported
+models from the [base de données](https://github.com/LineageOS/lineage_wiki/)
+
+```python
+#!/usr/bin/python3
+
+import sys
+
+from ruamel.yaml import YAML
+
+yaml = YAML()
+
+for path in sys.argv[1:]:
+    with open(path) as stream:
+        data = yaml.load(stream=stream)
+        if data['current_branch'] == 15.1:
+            print("{vendor:10.10s}| {name:20.20s}\t| {screen}\t | {release}".format(**data))
+```
+
+Si on regarde seulement les modèles sortis dans les derniers 3 ans, ça
+nous donne ce joli tableau:
+
+| Marque   | Modèle              | Taille             |             Année |
+| -------- | ------------------- | -----------------  |              ---- |
+| Asus     | Zenfone Max Pro M1  | 152.1 mm (5.99 in) |           2018-05 |
+| BQ       | Aquaris X           | 130 mm (5.2 in)    |           2017-06 |
+| BQ       | Aquaris X Pro       | 130 mm (5.2 in)    |           2017-06 |
+| LeEco    | Le Pro3 / Elite     | 5.5 in             | 2016-10 / 2017-03 |
+| Motorola | Moto X4             | 84.5 cm (5.2 in)   |           2017-10 |
+| Motorola | Moto Z2 Force       | 83.4 cm (5.5 in)   |           2017-07 |
+| Motorola | Moto Z2 Play        | 5.5 in             |           2017-06 |
+| OnePlus  | 5                   | 139.7 mm (5.5 in)  |           2017-06 |
+| OnePlus  | 5T                  | 152.7 mm (6.01 in) |           2017-11 |
+| Samsung  | Galaxy S9           | 5.8 inches         |        2018-03-11 |
+| Samsung  | Galaxy S9+          | 6.2 inches         |        2018-03-11 |
+| Sony     | Xperia XA2          | 132 mm (5.2 in)    |           2018-02 |
+| Sony     | Xperia XA2 Ultra    | 152.4 mm (6 in)    |           2018-02 |
+| Xiaomi   | Mi 6                | 130.8 mm (5.15 in) |           2017-04 |
+| Xiaomi   | Mi A1               | 139.7 mm (5.5 in)  |           2017-10 |
+| Xiaomi   | Mi MIX 2            | 152.1 mm (5.99 in) |           2017-09 |
+| Xiaomi   | Mi Note 3           | 139.7 mm (5.5 in)  |           2017-09 |
+| Xiaomi   | Redmi 4(X)          | 127 mm (5.0 in)    |           2017-05 |
+| Xiaomi   | Redmi Note 4        | 139.7 mm (5.5 in)  |           2017-01 |
+| Xiaomi   | Redmi Note 5 Pro    | 152.1 mm (5.99 in) |           2018-02 |
+
+De ceux là, je trouve le Moto X4 et Sony XA2 les plus intéressants,
+principalement à cause de la taille. Le X4 est étanche mais a une
+caméra moyenne, alors que le XA2 est difficile à réparer. La caméra du
+X4 pourrait être un avantage, en fait, vu qu'elle est "seulement"
+14Mpx, ça prend moins d'espace. Et les reviews de la caméra du XA2
+sont mauvais sur XDA...
 
 Purism Librem 5
 ---------------
@@ -90,7 +150,9 @@ The [[!wikipedia Fairphone]] is a really interesting project:
  * [homepage](http://www.fairphone.com/)
  * [specs](http://shop.fairphone.com/specs-page.html)
 
-First, it's already shipping, although out of stocks now (feb 2015). Second, it really tries to avoid major human rights issues in the production, something that's way too often overlook. 
+First, it's already shipping, although out of stocks now (feb
+2015). Second, it really tries to avoid major human rights issues in
+the production, something that's way too often overlooked.
 
  * Dual SIM
  * MicroUSB Port, Type B
@@ -107,7 +169,13 @@ First, it's already shipping, although out of stocks now (feb 2015). Second, it
  * 5" (143 mm x 73 mm x 11 mm)
  * 148 g (phone) + 20 g (external case)
 
-Downside: it doesn't have an FM transmitter and the [baseband isn't open](https://forum.fairphone.com/t/fairphone-baseband-os-firmware/1228).
+Downside: it doesn't have an FM transmitter and the [baseband isn't
+open](https://forum.fairphone.com/t/fairphone-baseband-os-firmware/1228), but that's pretty much the case for all phones out there
+right now.
+
+It scored a [perfect 10](https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523) in iFixit's reparibility score, but it
+seems parts are difficult to find, even in Europe. The phone doesn't
+ship to the Americas, which makes it difficult to buy.
 
 Motorola
 --------
@@ -117,14 +185,25 @@ phone and are the first company to [provide iFixit with OEM parts](https://ifixi
 so I should definitely give them a chance. LOS has good coverage of
 their devices.
 
-The [Moto Z](https://wiki.lineageos.org/devices/griffin) looks interesting but is not on sale in CC or BB.
+The [Moto Z](https://wiki.lineageos.org/devices/griffin) looks interesting but is not on sale in CC or BB. It
+has a [good iFixit repair score](https://www.ifixit.com/Guide/Motorola+Moto+Z+Repairability+Assessment/79114) even if the battery is not
+removable. The [Z2 force](https://wiki.lineageos.org/devices/nash) is well supported in LOS, but
+unfortunately the [battery replacement](https://www.ifixit.com/Guide/Motorola+Moto+Z2+Force+Battery+Replacement/103378) is rated as "very
+difficult" as it requires unplugging the mainboard, camera and
+basically everything. Unfortunately, both of those are "big" (5.5",
+like the LG G3).
+
+The [Moto X4](https://wiki.lineageos.org/devices/payton) ([review](https://forum.xda-developers.com/moto-x4/review)) is very interesting: smaller form
+factor, sealed. The only problem might be the lower battery life and
+the lower resolution camera, when compared with the XA2.
 
 Samsung
 -------
 
-Generally well supported. The S7 has [good reviews](https://forum.xda-developers.com/galaxy-s7/review) but hasn't been
-ported to the newer LOS 15.1. The [S9](https://wiki.lineageos.org/devices/starlte) is better and also has [good
-reviews](https://forum.xda-developers.com/galaxy-s9/review) but is much more expensive.
+Generally well supportedin LOS. The S7 has [good reviews](https://forum.xda-developers.com/galaxy-s7/review) but
+hasn't been ported to the newer LOS 15.1. The [S9](https://wiki.lineageos.org/devices/starlte) is better and
+also has [good reviews](https://forum.xda-developers.com/galaxy-s9/review) but is much more expensive. It also didn't
+score well (4/10) in the [iFixit teardown](https://www.ifixit.com/Teardown/Samsung+Galaxy+S9+Teardown/104322) and is *huge* (5.8"/6.2").
 
 Sony
 ----
@@ -133,6 +212,23 @@ The [XA2](https://wiki.lineageos.org/devices/pioneer) looks well maintained in L
 nice phone. The [reviews](https://forum.xda-developers.com/xperia-xa2/review) are generally positive, except for the

(Diff truncated)
push gemini down
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 6f864bde..ccb753d0 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -73,11 +73,6 @@ phone but have provided some advice like:
 
 ... and so on.
 
-Gemini & other PDAs
--------------------
-
-See [[laptop#gemini]].
-
 Purism Librem 5
 ---------------
 
@@ -138,6 +133,11 @@ The [XA2](https://wiki.lineageos.org/devices/pioneer) looks well maintained in L
 nice phone. The [reviews](https://forum.xda-developers.com/xperia-xa2/review) are generally positive, except for the
 camera. The XA2 is 5.2", the Ultra is 6.0" ([comparative](https://www.gsmarena.com/compare.php3?idPhone1=8985&idPhone2=8986)).
 
+Gemini & other PDAs
+-------------------
+
+See [[laptop#gemini]].
+
 2015 phones evaluation
 ======================
 

link to the G3 for the current phone
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 4461aaff..6f864bde 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -405,7 +405,9 @@ https://www.indiegogo.com/projects/cosmo-communicator
 Current phone
 =============
 
-I don't really have a phone anymore.
+A friend gave me a [[lg-g3-d852]], a generally nice device, if a
+little big (5.5"). Biggest problem is it's locked and marked as
+"stolen or lost" (it was found in a taxi) so unusable for GSM.
 
 Previous phones
 ===============

more research on devices
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 4a6878b8..4461aaff 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -8,9 +8,71 @@ phones as well:
 
 [[!toc levels=2]]
 
+Places to buy
+=============
+
+ * [Bestbuy](https://www.bestbuy.ca/en-ca/category/unlocked-android-phones/743360.aspx?)
+ * [Canada Computers](https://www.canadacomputers.com/index.php?cPath=571_30&sf=:)
+ * [JP Mobiles](https://jpmobiles.ca/) (listed on Bestbuy, uses Amazon for "fulfillment")
+ * [Newegg](https://www.newegg.ca/Cell-Phones/Category/ID-450?Tid=165898)
+ * [Recy-cell](https://recy-cell.ca/) (used phones)
+ * [Tiger Direct](http://www.tigerdirect.ca/applications/category/category_tlc.asp?CatId=5116) - not a great selection
+
 Potential phones
 ================
 
+Must-have criteria:
+
+ * removable SD card
+ * good battery life
+ * <= 5.5" screen (~LG G3)
+ * supports LineageOS
+ * 3.5mm jack
+ * Wifi, GSM coverage in Québec
+ * good GPS
+
+Nice to have:
+
+ * <= 5" screen
+ * removable battery
+ * "fair" sourced materials
+
+Picking a phone is hard, even with those specs.
+
+<https://stats.lineageos.org/> can be a source for the most popular
+phones.
+
+The [download page](https://download.lineageos.org/) shows which devices are officially
+supported. The latest release is 15.1, if it's not listed, it means
+support was dropped in the latest release. The devices targeted for
+16.0 right now are [listed here](https://review.lineageos.org/c/LineageOS/hudson/+/214015/24/lineage-build-targets). Non-exhaustive list of the
+devices I could find in the wiki:
+
+ * [Moto X4](https://wiki.lineageos.org/devices/payton) ([review](https://forum.xda-developers.com/moto-x4/review))
+ * [Moto Z2](https://wiki.lineageos.org/devices/nash) 
+ * [Nexus 6](https://wiki.lineageos.org/devices/shamu)
+ * [OnePlus 3 / 3T](https://wiki.lineageos.org/devices/oneplus3) ([review](https://forum.xda-developers.com/oneplus-3/review), [review](https://forum.xda-developers.com/oneplus-3t/review))
+ * [OnePlus 5](https://wiki.lineageos.org/devices/cheeseburger) / [5T](https://wiki.lineageos.org/devices/dumpling)
+ * [Pixel XL](https://wiki.lineageos.org/devices/marlin)
+ * [Pixel sailfish](https://wiki.lineageos.org/devices/sailfish)
+ * [Samsung Galaxy S9+](https://wiki.lineageos.org/devices/star2lteO)
+ * [XA2](https://wiki.lineageos.org/devices/pioneer) / [XA2 ultra](https://wiki.lineageos.org/devices/discovery)
+ * [Xiaomi Mi Note 3](https://wiki.lineageos.org/devices/jason)
+ * [Zuk Z1](https://wiki.lineageos.org/devices/ham)
+
+The `#lineageos` folks are legendary for not helping you choose your
+phone but have provided some advice like:
+
+    19:41:04 <anarcat> haha great ... on https://itvends.com/irc Khaytsus's "random quote" is "This is LOS support. Not a place to find you a phone."
+    19:41:23 <+Khaytsus> Yeah bitch.
+    20:17:41 <@LuK1337> i wouldn't get a galaxy at all
+    20:19:15 <[R]> yeah, the pocophone is great
+    20:19:20 <[R]> super terrific chinese shitware great
+    20:22:12 <+noahajac> anarcat: Just get a fucking Pixel
+    20:37:09 <@LuK1337> xa2 is very hipster device
+
+... and so on.
+
 Gemini & other PDAs
 -------------------
 
@@ -25,6 +87,62 @@ report](https://puri.sm/posts/massive-progress-exact-cpu-selected-minor-shipping
 shipping", so that means at least July 2019, if not later. Their demos
 still don't have a finished device.
 
+Fairphone
+---------
+
+The [[!wikipedia Fairphone]] is a really interesting project:
+
+ * [homepage](http://www.fairphone.com/)
+ * [specs](http://shop.fairphone.com/specs-page.html)
+
+First, it's already shipping, although out of stocks now (feb 2015). Second, it really tries to avoid major human rights issues in the production, something that's way too often overlook. 
+
+ * Dual SIM
+ * MicroUSB Port, Type B
+ * GSM850/900/1800/1900MHZ
+ * WCDMA 900/2100MHz
+ * 1GB RAM
+ * 16GB
+ * 960x540
+ * 8MP 1080P@30fps
+ * 165 g
+ * 2000mAh Replaceable
+ * GPS, Wifi, FM (?), compass, proximity, gyro,
+ * 8MP
+ * 5" (143 mm x 73 mm x 11 mm)
+ * 148 g (phone) + 20 g (external case)
+
+Downside: it doesn't have an FM transmitter and the [baseband isn't open](https://forum.fairphone.com/t/fairphone-baseband-os-firmware/1228).
+
+Motorola
+--------
+
+Motorola is an interesting company. They made the first ever cell
+phone and are the first company to [provide iFixit with OEM parts](https://ifixit.org/blog/11644/motorola-ifixit-partnership/),
+so I should definitely give them a chance. LOS has good coverage of
+their devices.
+
+The [Moto Z](https://wiki.lineageos.org/devices/griffin) looks interesting but is not on sale in CC or BB.
+
+Samsung
+-------
+
+Generally well supported. The S7 has [good reviews](https://forum.xda-developers.com/galaxy-s7/review) but hasn't been
+ported to the newer LOS 15.1. The [S9](https://wiki.lineageos.org/devices/starlte) is better and also has [good
+reviews](https://forum.xda-developers.com/galaxy-s9/review) but is much more expensive.
+
+Sony
+----
+
+The [XA2](https://wiki.lineageos.org/devices/pioneer) looks well maintained in LOS, and looks like generally a
+nice phone. The [reviews](https://forum.xda-developers.com/xperia-xa2/review) are generally positive, except for the
+camera. The XA2 is 5.2", the Ultra is 6.0" ([comparative](https://www.gsmarena.com/compare.php3?idPhone1=8985&idPhone2=8986)).
+
+2015 phones evaluation
+======================
+
+This is getting incredibly out of date.
+
 Samsung Galaxy S3
 -----------------
 
@@ -70,33 +188,6 @@ Google Nexus S
 
 No external keyboard, no FM transmitter?
 
-Fairphone
----------
-
-The [[!wikipedia Fairphone]] is a really interesting project:
-
- * [homepage](http://www.fairphone.com/)
- * [specs](http://shop.fairphone.com/specs-page.html)
-
-First, it's already shipping, although out of stocks now (feb 2015). Second, it really tries to avoid major human rights issues in the production, something that's way too often overlook. 
-
- * Dual SIM
- * MicroUSB Port, Type B
- * GSM850/900/1800/1900MHZ
- * WCDMA 900/2100MHz
- * 1GB RAM
- * 16GB
- * 960x540
- * 8MP 1080P@30fps
- * 165 g
- * 2000mAh Replaceable
- * GPS, Wifi, FM (?), compass, proximity, gyro,
- * 8MP
- * 5" (143 mm x 73 mm x 11 mm)
- * 148 g (phone) + 20 g (external case)
-
-Downside: it doesn't have an FM transmitter and the [baseband isn't open](https://forum.fairphone.com/t/fairphone-baseband-os-firmware/1228).
-
 Elephone
 --------
 
@@ -286,14 +377,6 @@ There are tons of other generic phones out there. A friend got
 [this cubot phone](http://www.everbuying.net/product1055309.html)
 which will be a good test for the 3G and 4G support.
 
-Motorola
---------
-
-Motorola is an interesting company. They made the first ever cell
-phone and are the first company to [provide iFixit with OEM parts](https://ifixit.org/blog/11644/motorola-ifixit-partnership/),
-so I should definitely give them a chance. LOS has good coverage of
-their devices.
-
 Not yet shipping phones
 =======================
 
@@ -408,6 +491,9 @@ Partial inventory
 Features
 ========
 
+Those features are nice to have. Unfortunately, they are now showing
+their age and might not be relevant anymore.
+
 FM support
 ----------
 

mention fizz more explicitely
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 2de38df8..4a6878b8 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -541,6 +541,9 @@ Then there are smaller ones that are resellers or branded versions:
  * [Public Mobile](https://en.wikipedia.org/wiki/Public_Mobile) (Telus, originally autonomous, prepaid)
  * [Virgin Mobile](https://en.wikipedia.org/wiki/Virgin_Mobile#Virgin_Mobile_Canada) (Bell, "young")
 
+I might go with Fizz: 50$/mth for unlimited text/voice Canada + USA,
+10GB and voicemail. Nice.
+
 Data-only (2015)
 ----------------
 

librem update
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 936207e8..2de38df8 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -19,7 +19,11 @@ See [[laptop#gemini]].
 Purism Librem 5
 ---------------
 
-In development.
+In development at the time of writing (2019-02-21), might ship in
+"april 2019" according to their website but according to their [latest
+report](https://puri.sm/posts/massive-progress-exact-cpu-selected-minor-shipping-adjustment/), "the previous Q2 estimate is now confirmed for Q3 product
+shipping", so that means at least July 2019, if not later. Their demos
+still don't have a finished device.
 
 Samsung Galaxy S3
 -----------------

document the oligopoly a little
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 8257c162..936207e8 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -507,8 +507,38 @@ See also [this post on koodoo](https://community.koodomobile.com/koodo/topics/th
 Provider packages
 =================
 
-Data-only
----------
+Canada has one of the worst markets for mobile phone service in the
+world, which is unsurprising considering there's a relative oligopoly
+with very little regulation to control it, the CRTC claiming
+competition is sufficient to control the prices.
+
+Furthermore, any list created here would be quickly out of date, so
+it's somewhat pointless to even try. The [planhub.ca site][planhub]
+does a good job at comparing prices, but I am not sure they are fully
+independent. For example, they run ads, currently mainly for [Fizz][],
+a branding operation from Vidéotron.
+
+[planhub]: https://www.planhub.ca/
+[Fizz]: https://fizz.ca
+
+Here are the "big 4" in Québec:
+
+ * [Bell](https://en.wikipedia.org/wiki/Bell_Mobility)
+ * [Rogers](https://en.wikipedia.org/wiki/Rogers_Wireless)
+ * [Telus](https://en.wikipedia.org/wiki/Telus)
+ * [Vidéotron](https://en.wikipedia.org/wiki/Vid%C3%A9otron)
+
+Then there are smaller ones that are resellers or branded versions:
+
+ * [Chatr](https://en.wikipedia.org/wiki/Chatr) (Rogers, urban, entry-level)
+ * [Fido](https://en.wikipedia.org/wiki/Fido_Solutions) (Rogers, originally funded by [T-Mobile](https://en.wikipedia.org/wiki/T-Mobile_US), mid-range)
+ * [Fizz][] (Vidéotron, "DIY/BYOD" branding)
+ * [Koodo](https://en.wikipedia.org/wiki/Koodo_Mobile) (Telus, no fixed term)
+ * [Public Mobile](https://en.wikipedia.org/wiki/Public_Mobile) (Telus, originally autonomous, prepaid)
+ * [Virgin Mobile](https://en.wikipedia.org/wiki/Virgin_Mobile#Virgin_Mobile_Canada) (Bell, "young")
+
+Data-only (2015)
+----------------
 
 See also this
 [interesting article](http://misener.org/ditched-voice-plan-went-data/)

update translation status, ready for MVP
diff --git a/services/mail.mdwn b/services/mail.mdwn
index f4abebb2..aa1c9a25 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -976,12 +976,14 @@ Remaining issues
         mm3-invite-user.py test@lists.anarc.at anarcat@example.com
 
  * confirmation mail subject is not translatable, subjects are not
-   templatable ([mailman bug #541](https://gitlab.com/mailman/mailman/issues/541))
-
- * french translation is missing ([mailman bug #540](https://gitlab.com/mailman/mailman/issues/540)) - workaround:
-   add french templates as needed through the web GUI (adding in
-   filesystem fails because of [mailman bug #535](https://gitlab.com/mailman/mailman/issues/535) - but I
-   [backported](https://gitlab.com/mailman/postorius/issues/325#note_138235609) [MR 442](https://gitlab.com/mailman/mailman/merge_requests/442) so lookups now work. templates can be
+   templatable ([mailman bug #541](https://gitlab.com/mailman/mailman/issues/541)). workaround: patch to make
+   Mailman not send the email so we can do it ourselves ([mailman MR
+   452](https://gitlab.com/mailman/mailman/merge_requests/452)))
+
+ * translated french templates are missing ([mailman bug #540](https://gitlab.com/mailman/mailman/issues/540)) -
+   workaround: add french templates as needed through the web GUI
+   (adding in filesystem fails because of [mailman bug #535](https://gitlab.com/mailman/mailman/issues/535) - but
+   I [backported](https://gitlab.com/mailman/postorius/issues/325#note_138235609) [MR 442](https://gitlab.com/mailman/mailman/merge_requests/442) so lookups now work. templates can be
    added in any of:
    
    * `$template_dir/lists/test.example.com/it/foo.txt`
@@ -993,7 +995,11 @@ Remaining issues
    is `/usr/lib/python3/dist-packages/mailman/`. This means templates
    can be created on the filesystem for individual lists without going
    through the GUI. updates are shipped upstream in [MR #446](https://gitlab.com/mailman/mailman/merge_requests/446).
- 
+
+ * UI french translation is missing - workaround: partial translation
+   started, with `.pot` file but still missing compiling and shipping
+   the `.mo` file ([MR 453](https://gitlab.com/mailman/mailman/merge_requests/453))
+
  * unicode templates gets mangled ([mailman bug #542](https://gitlab.com/mailman/mailman/issues/542)) -
    workaround: switch French to utf-8 ([MR #443](https://gitlab.com/mailman/mailman/merge_requests/443)), change default
    encoding to utf-8 ([MR #445](https://gitlab.com/mailman/mailman/merge_requests/444)) and change `default_language` to

code linting MR merged!
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 0e529bdf..f4abebb2 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -963,6 +963,8 @@ Other issues:
  * "subscription message" template ineffective: sends empty message
    (not reported, but [bug #919970](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919970) is related) - can't reproduce??
 
+ * code linting issues in Mailman core made my other MR fail ([MR #444](https://gitlab.com/mailman/mailman/merge_requests/444))
+
 Remaining issues
 ----------------
 
@@ -1003,8 +1005,6 @@ Remaining issues
         >>> m.preferred_language = 'fr'
         >>> commit()
 
- * code linting issues in Mailman core made my other MR fail ([MR #444](https://gitlab.com/mailman/mailman/merge_requests/444))
-
 Tested
 ------
 

moar software!
diff --git a/software/packages.yml b/software/packages.yml
index 6b1dbbe9..ef8e1c04 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -241,6 +241,7 @@
       - elpa-solarized-theme
       - elpa-use-package
       - elpa-writegood-mode
+      - elpa-yaml-mode
       - elpa-yasnippet
       - exuberant-ctags
       - emacs
@@ -366,6 +367,7 @@
       - inkscape
       - rapid-photo-downloader
       - sane
+      - siril
       - xsane
 
   - name: install HAM tools

explain the smd page better
diff --git a/services/mail/syncmaildir.mdwn b/services/mail/syncmaildir.mdwn
index fac52809..0368a370 100644
--- a/services/mail/syncmaildir.mdwn
+++ b/services/mail/syncmaildir.mdwn
@@ -1,5 +1,10 @@
 [[!meta title="syncmaildir (SMD) configuration"]]
 
+In May 2018, I have migrated from OfflineIMAP to [syncmaildir][]. This
+page documents how that process was done and the SMD configuration.
+
+[syncmaildir]: https://github.com/gares/syncmaildir
+
 I tried to follow the official procedure to migrate from OfflienIMAP
 to SMD. I hit some difficulties, which I documented in upstream
 issues. What follows is the detailed test procedure I followed to test

update: whalebuilder supports arbitrary args
diff --git a/software/debian-development.mdwn b/software/debian-development.mdwn
index 37cdcacd..bd1ac48c 100644
--- a/software/debian-development.mdwn
+++ b/software/debian-development.mdwn
@@ -944,8 +944,8 @@ and that `pbuilder` and `sbuild` *do* build under a different user
 which will limit the security issues with building untrusted
 packages. Furthermore, `whalebuilder` <del>is not currently packaged
 as an official Debian package</del> (it is now, see [[!debpkg
-whalebuilder]]) and lacks certain features (like [passing custom
-arguments to dpkg-buildpackage][]) so I don't feel it is quite ready
+whalebuilder]]) and lacks certain features, like [passing custom
+arguments to dpkg-buildpackage][] (update: fixed), so I don't feel it is quite ready
 yet. None of those solutions are implemented as a [sbuild plugin][],
 which would greatly reduce their complexity.
 

add more entries to alternative build systems and cleanup
diff --git a/software/debian-development.mdwn b/software/debian-development.mdwn
index 2a433f35..37cdcacd 100644
--- a/software/debian-development.mdwn
+++ b/software/debian-development.mdwn
@@ -925,24 +925,36 @@ host your own Debian repository using [reprepro][] (Koumbit has some
 Further work and remaining issues
 =================================
 
-I am curious about [Whalebuilder][], which uses Docker to build
-packages instead of `pbuilder` or `sbuild`. Docker provides more isolation than a
-simple `chroot`: in `whalebuilder`, packages are built without network
-access and inside a virtualized environment. Keep in mind there are
-limitations to Docker's security and that `pbuilder` and `sbuild` *do* build
-under a different user which will limit the security issues with
-building untrusted packages. Furthermore, `whalebuilder` <del>is not
-currently packaged as an official Debian package</del> (it is now, see
-[[!debpkg whalebuilder]]) and lacks certain
-features (like [passing custom arguments to dpkg-buildpackage][]) so I
-don't feel it is quite ready yet. For now, if you need better
-isolation, look towards [qemubuilder][] or possibly kvmtool. There are
-also *two* other container-based builders now: [conbuilder](https://salsa.debian.org/federico/conbuilder) and
-[docker-buildpackage](https://github.com/metux/docker-buildpackage). None of those solutions are implemented as a
-[sbuild](https://lists.debian.org/debian-devel/2018/08/msg00005.html) plugin, which would greatly reduce their complexity.
-
-[qemubuilder]: https://wiki.debian.org/qemubuilder
+I am curious about other build environments which use Docker, Virtual
+machines or some sort of stronger isolation to build packages. Here
+are the alternatives I am aware of:
+
+ * [Whalebuilder][] - Docker builder
+ * [conbuilder][] - "container" builder
+ * [debspawn][] - system-nspawn builder
+ * [docker-buildpackage][] - Docker builder
+ * [qemubuilder][] - qemu builder
+
+Take, for example, [Whalebuilder][], which uses Docker to build
+packages instead of `pbuilder` or `sbuild`. Docker provides more
+isolation than a simple `chroot`: in `whalebuilder`, packages are
+built without network access and inside a virtualized
+environment. Keep in mind there are limitations to Docker's security
+and that `pbuilder` and `sbuild` *do* build under a different user
+which will limit the security issues with building untrusted
+packages. Furthermore, `whalebuilder` <del>is not currently packaged
+as an official Debian package</del> (it is now, see [[!debpkg
+whalebuilder]]) and lacks certain features (like [passing custom
+arguments to dpkg-buildpackage][]) so I don't feel it is quite ready
+yet. None of those solutions are implemented as a [sbuild plugin][],
+which would greatly reduce their complexity.
+
+[conbuilder]: https://salsa.debian.org/federico/conbuilder
+[debspawn]: https://github.com/lkorigin/debspawn
+[docker-buildpackage]: https://github.com/metux/docker-buildpackage
 [passing custom arguments to dpkg-buildpackage]: https://gitlab.com/uhoreg/whalebuilder/issues/4
+[qemubuilder]: https://wiki.debian.org/qemubuilder
+[sbuild plugin]: https://lists.debian.org/debian-devel/2018/08/msg00005.html
 [whalebuilder]: https://www.uhoreg.ca/programming/debian/whalebuilder
 
 This guide should be integrated into the official documentation or the

note limitations of mailman-pgp
diff --git a/services/mail.mdwn b/services/mail.mdwn
index a5a40654..0e529bdf 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -1020,4 +1020,6 @@ Tested
 Future work
 -----------
 
- * [mailman3 pgp plugin](https://pypi.org/project/mailman-pgp/)
+ * [mailman3 pgp plugin](https://pypi.org/project/mailman-pgp/) - interesting if not promising project,
+   but requires [many patches](https://gitlab.com/mailman/mailman-suite/issues/13) to anything from all the Mailman
+   components to PGPy itself. 

more packages
diff --git a/software/packages.yml b/software/packages.yml
index 54e255c0..6b1dbbe9 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -63,6 +63,7 @@
       - texlive-latex-base
       - texlive-latex-recommended
       - texlive-latex-extra
+      - texlive-luatex
 
   - name: install communication tools
     tags: comms
@@ -77,7 +78,7 @@
       - neomutt
       - nullmailer
       - syncmaildir
- 
+
   - name: install desktop packages
     # Shitload of stuff that doesn't fit anywhere else.
     tags: desktop
@@ -103,6 +104,7 @@
       - gajim
       - gameclock
       - git-annex
+      - git-annex-remote-rclone
       - git-lfs
       - git-mediawiki
       - gobby
@@ -111,6 +113,7 @@
       - hledger
       - i3
       - jmtpfs
+      - kstars
       - ledger
       - ledger-el
       - less
@@ -424,6 +427,7 @@
       - cu
       - curl
       - dateutils
+      - ddrescue
       - debian-goodies
       - deborphan
       - debsums
@@ -432,6 +436,7 @@
       - duff
       - etckeeper
       - f3
+      - gddrescue
       - git
       - goaccess
       - gparted

add missing link and ref to git-bug
diff --git a/blog/2019-02-06-report.mdwn b/blog/2019-02-06-report.mdwn
index 279b33be..28d64d57 100644
--- a/blog/2019-02-06-report.mdwn
+++ b/blog/2019-02-06-report.mdwn
@@ -91,11 +91,12 @@ packaging and could use a wider audience. In the meantime, my
 [[reference documentation|software/debian-development]] is the best
 you can get.
 
-I've decided to let [bugs-everywhere]() die in Debian. There's a
+I've decided to let [bugs-everywhere](http://bugseverywhere.org/) die in Debian. There's a
 [release critical bug](https://bugs.debian.org/918268) and it seems no one is really using this
 anymore, at least I'm not. I would probably orphan the package once it
 gets removed from buster, but I'm not actually the maintainer, just an
-uploader...
+uploader... A promising alternative to BE seems to be [git-bug](https://github.com/MichaelMure/git-bug),
+with support for synchronization with GitHub issues.
 
 I've otherwise tried to get my figurative "house" of Debian packages
 in order for the upcoming [freeze](https://release.debian.org/), which meant new updates for

Added a comment: cdbs and haskell
diff --git a/blog/2019-02-05-debian-build-systems/comment_1_1bef40a7687aaf764d3502a153469422._comment b/blog/2019-02-05-debian-build-systems/comment_1_1bef40a7687aaf764d3502a153469422._comment
new file mode 100644
index 00000000..4dedbb23
--- /dev/null
+++ b/blog/2019-02-05-debian-build-systems/comment_1_1bef40a7687aaf764d3502a153469422._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ ip="82.24.245.131"
+ claimedauthor="Neil Williams"
+ url="codehelp@debian.org"
+ subject="cdbs and haskell"
+ date="2019-02-06T16:39:54Z"
+ content="""
+974 of the cdbs packages contain the word \"haskell\" in the package name, 42%.
+274 of the cdbs packages contain the word \"perl\" in the package name, 12%.
+Chances are, groups like those may have tools to convert / generate packaging.
+"""]]

clarify
diff --git a/blog/2019-02-06-report.mdwn b/blog/2019-02-06-report.mdwn
index bd5dc1ab..279b33be 100644
--- a/blog/2019-02-06-report.mdwn
+++ b/blog/2019-02-06-report.mdwn
@@ -205,24 +205,25 @@ recently a [friend asked me to sign his key](https://dkg.fifthhorseman.net/blog/
 great time to test out possible replacements for the project. Turns
 out things were not as rosy as I thought.
 
-I first tested [pius](https://packages.debian.org/search?keywords=pius) and it didn't behave as well as I
+I first [tested](https://0xacab.org/monkeysphere/monkeysign/issues/64#note_159775) [pius](https://packages.debian.org/search?keywords=pius) and it didn't behave as well as I
 hoped. Generally, it asks too many cryptic questions the user
-shouldn't have to guess the answer to. Specifically:
-
- 1. it forces you to specify your signing key, which is error-prone
-    and needlessly difficult for the user
-
- 1. I don't quite understand what the first question means - there's
-    too much to unpack there: is it for inline PGP/MIME? for sending
-    email at all? for sending individual emails? what's going on? and
-    the second questions
-
- 1. the second question should be optional: i already specified my key
-    on the commandline, it should use that as a From...
-
- 1. the signature level is useless and generally disregarded by all
-    software, including OpenPGP. even if it would be used,
-    0/1/2/3/s/n/h/q is a pretty horrible user interface.
+shouldn't have to guess the answer to. Specifically, here's the issues
+I found in my review:
+
+> 1. it forces you to specify your signing key, which is error-prone
+>    and needlessly difficult for the user
+>
+> 1. I don't quite understand what the first question means - there's
+>    too much to unpack there: is it for inline PGP/MIME? for sending
+>    email at all? for sending individual emails? what's going on? and
+>    the second questions
+>
+> 1. the second question should be optional: i already specified my key
+>    on the commandline, it should use that as a From...
+>
+> 1. the signature level is useless and generally disregarded by all
+>    software, including OpenPGP. even if it would be used,
+>    0/1/2/3/s/n/h/q is a pretty horrible user interface.
 
 And then it simply fails to send the email completely on dkg's key,
 but that might be because its key was so exotic...

try to fix another markdown snafu
diff --git a/blog/2019-02-06-report.mdwn b/blog/2019-02-06-report.mdwn
index 41ba261e..bd5dc1ab 100644
--- a/blog/2019-02-06-report.mdwn
+++ b/blog/2019-02-06-report.mdwn
@@ -243,18 +243,18 @@ have come to dislike the poor little thing...
 ## Golang packaging
 
 To help a friend getting the new [RiseupVPN package in Debian](https://bugs.debian.org/919937), I
-uploaded a bunch of Golang dependencies ([#919936][], [#919938][],
-[#919941][], [#919944][], [#919945][], [#919946][], [#919947][],
-[#919948][]) in Debian. This involved filing many bugs upstream as
+uploaded a bunch of Golang dependencies ([bug #919936][], [bug #919938][],
+[bug #919941][], [bug #919944][], [bug #919945][], [bug #919946][], [bug #919947][],
+[bug #919948][]) in Debian. This involved filing many bugs upstream as
 many of those (often tiny) packages didn't have explicit licences, so
 many of those couldn't actually *be* uploaded, but the ITPs are there
 and hopefully someone will complete that thankless work.
 
 I also tried to package two other useful Golang programs,
 [dmarc-cat](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920385) and [gotop](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921276), both of which also required a
-significant number of dependencies to be packaged ([#920387][],
-[#920388][], [#920389][], [#920390][], [#921285][], [#921286][],
-[#921287][], [#921288][]). dmarc-cat has just been accepted in
+significant number of dependencies to be packaged ([bug #920387][],
+[bug #920388][], [bug #920389][], [bug #920390][], [bug #921285][], [bug #921286][],
+[bug #921287][], [bug #921288][]). dmarc-cat has just been accepted in
 Debian - it's very useful to decipher DMARC reports you get when you
 configure your DNS to receive such reports. This is part of a larger
 effort to modernize my DNS and [[mail
@@ -264,22 +264,22 @@ But gotop is just starting - none of the dependencies have been update
 just yet, and I'm running out of steam a little, even though that
 looks like an awesome package.
  
- [#919936]: https://bugs.debian.org/919936
- [#919938]: https://bugs.debian.org/919938
- [#919941]: https://bugs.debian.org/919941
- [#919944]: https://bugs.debian.org/919944
- [#919945]: https://bugs.debian.org/919945
- [#919946]: https://bugs.debian.org/919946
- [#919947]: https://bugs.debian.org/919947
- [#919948]: https://bugs.debian.org/919948
- [#920387]: https://bugs.debian.org/920387
- [#920388]: https://bugs.debian.org/920388
- [#920389]: https://bugs.debian.org/920389
- [#920390]: https://bugs.debian.org/920390
- [#921285]: https://bugs.debian.org/921285
- [#921286]: https://bugs.debian.org/921286
- [#921287]: https://bugs.debian.org/921287
- [#921288]: https://bugs.debian.org/921288
+ [bug #919936]: https://bugs.debian.org/919936
+ [bug #919938]: https://bugs.debian.org/919938
+ [bug #919941]: https://bugs.debian.org/919941
+ [bug #919944]: https://bugs.debian.org/919944
+ [bug #919945]: https://bugs.debian.org/919945
+ [bug #919946]: https://bugs.debian.org/919946
+ [bug #919947]: https://bugs.debian.org/919947
+ [bug #919948]: https://bugs.debian.org/919948
+ [bug #920387]: https://bugs.debian.org/920387
+ [bug #920388]: https://bugs.debian.org/920388
+ [bug #920389]: https://bugs.debian.org/920389
+ [bug #920390]: https://bugs.debian.org/920390
+ [bug #921285]: https://bugs.debian.org/921285
+ [bug #921286]: https://bugs.debian.org/921286
+ [bug #921287]: https://bugs.debian.org/921287
+ [bug #921288]: https://bugs.debian.org/921288
 
 ## Other work
 

fix syntax error
diff --git a/blog/2019-02-06-report.mdwn b/blog/2019-02-06-report.mdwn
index 14000756..41ba261e 100644
--- a/blog/2019-02-06-report.mdwn
+++ b/blog/2019-02-06-report.mdwn
@@ -110,9 +110,9 @@ in order for the upcoming [freeze](https://release.debian.org/), which meant new
  * [undertime](https://tracker.debian.org/undertime) (see below)
  * [xscreensaver](https://tracker.debian.org/xscreensaver) (new upstream, sponsored)
 
-I've also sponsored the introduction of [web-mode](https://bugs.debian.org/794624) ([RFS
-#921130](https://bugs.debian.org/921130)) a nice package to edit HTML in Emacs and filed the usual
-barrage of bug reports and patches.
+I've also sponsored the introduction of [web-mode](https://bugs.debian.org/794624) ([RFS #921130](https://bugs.debian.org/921130))
+a nice package to edit HTML in Emacs and filed the usual barrage of
+bug reports and patches.
 
 ## Elegant argparse configfile support and new date parser for undertime
 

creating tag page tag/mailman
diff --git a/tag/mailman.mdwn b/tag/mailman.mdwn
new file mode 100644
index 00000000..79007f5e
--- /dev/null
+++ b/tag/mailman.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged mailman"]]
+
+[[!inline pages="tagged(mailman)" actions="no" archive="yes"
+feedshow=10]]

creating tag page tag/vero
diff --git a/tag/vero.mdwn b/tag/vero.mdwn
new file mode 100644
index 00000000..fb3341f9
--- /dev/null
+++ b/tag/vero.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged vero"]]
+
+[[!inline pages="tagged(vero)" actions="no" archive="yes"
+feedshow=10]]

creating tag page tag/undertime
diff --git a/tag/undertime.mdwn b/tag/undertime.mdwn
new file mode 100644
index 00000000..a143e620
--- /dev/null
+++ b/tag/undertime.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged undertime"]]
+
+[[!inline pages="tagged(undertime)" actions="no" archive="yes"
+feedshow=10]]

prepare gigantic report
diff --git a/blog/2019-02-06-report.mdwn b/blog/2019-02-06-report.mdwn
new file mode 100644
index 00000000..14000756
--- /dev/null
+++ b/blog/2019-02-06-report.mdwn
@@ -0,0 +1,393 @@
+[[!meta title="January 2019 report: LTS, Mailman 3, Vero 4k, Kubernetes, Undertime, Monkeysign, oh my!"]]
+
+[[!toc levels=2]]
+
+January is often a long month in our northern region. Very cold, lots
+of snow, which can mean a lot of fun as well. But it's also a great
+time to cocoon (or maybe [hygge](https://en.wikipedia.org/wiki/Hygge)?) in front of the computer and do
+great things. I think the last few weeks were particularly fruitful
+which lead to this rather lengthy report, which I hope will be
+nonetheless interesting.
+
+So grab some hot coco, a coffee, tea or whatever warm beverage (or
+cool if you're in the southern hemisphere) and hopefully you'll learn
+awesome things. I know I did.
+
+Free software volunteer work
+============================
+
+As always, the vast majority of my time was actually spent
+volunteering on various projects, while scrambling near the end of the
+month to work on paid stuff. For the first time here I mention my
+Kubernetes work, but I've also worked on the new Mailman 3 packages,
+my monkeysign and undertime packages (including a new configuration
+file support for argparse), random Debian work, and Golang
+packaging. Oh, and I bought a new toy for my home cinema, which I
+warmly recommend.
+    
+Kubernetes research
+-------------------
+
+While I've written [[multiple articles|tag/kubernetes]] on Kubernetes
+for LWN in the past, I am somewhat embarrassed to say that I don't
+have much experience running Kubernetes itself for real out there. But
+for a few months, with a group of fellow sysadmins, we've been
+exploring various container solutions and gravitated naturally towards
+Kubernetes. In the last month, I particularly worked on deploying a
+[Ceph](https://ceph.com/) cluster with [Rook](https://rook.io/), a tool to deploy storage solutions
+on a Kubernetes cluster (submitting a [patch](https://github.com/rook/rook/pull/2520) while I was
+there). Like many things in Kubernetes, Rook is shipped as a [Helm](https://helm.sh/)
+chart, more specifically as an "operator", which might be described
+(if I understand this right) as a container that talks with Kubernetes
+to orchestrate other containers.
+
+We've similarly worked on containerizing Nextcloud, which proved to be
+pretty shitty at behaving like a "cloud" application: secrets and
+dynamic data and configuration are all mixed up in the config
+directory, which makes it really hard to manage sanely in a container
+environment. The only way we found it could work was to mount
+configuration as a volume, which means configuration becomes data and
+can't be controled through git. Which is bad. This is also how the
+[proposed Nextcloud Helm solves this problem](https://github.com/helm/charts/pull/10922) (on which I've
+provided a review), for what it's worth.
+
+We've also worked on integrating GitLab in our workflow, so that we
+keep configuration as code and deploy on pushes. While GitLab talks a
+lot about Kubernetes integration, the actual integration features
+aren't that great: unless I totally misunderstood how it's supposed to
+work, it seems you need to provide your own container and run
+`kubectl` from it, using the tokens provided by GitLab. And if you
+want to do anything of significance, you will probably need to give
+GitLab cluster access to your Kubernetes cluster, which kind of freaks
+me out considering the number of security issues that keep coming out
+with GitLab recently.
+
+In general, I must say I was very skeptical of Kubernetes when I first
+attended those conferences: too much hype, buzzwords and suits. I felt
+that Google just threw us a toy project to play with while they kept
+the real stuff to themselves. I don't think that analysis is wrong,
+but I do think Kubernetes has something to offer, especially for
+organizations still stuck in the "shared hosting" paradigm where you
+give users a shell account or (S?!)FTP access and run `mod_php` on
+top. Containers at least provide some level of isolation out of the
+box and make such multi-tenant offerings actually reasonable and much
+more scalable. With a little work, we've been able to setup a fully
+redundant and scalable storage cluster and Nextcloud service: doing
+this from scratch wouldn't be that hard either, but it would have been
+done *only* for Nextcloud. The trick is the knowledge and experience
+we gained by doing this with Nextcloud will be useful for all the
+other apps we'll be hosting in the future. So I think there's
+definitely something there.
+
+## Debian work
+
+I participated in the Montreal BSP, of which Louis-Philippe Véronneau
+made a good [summary](https://veronneau.org/a-cold-bsp.html). I also sponsored a few uploads and fixed a
+few bugs. We didn't fix that many bugs, but I gave two workshops,
+including my now well-tuned packaging 101 workshop, which seems to be
+always quite welcome. I really wish I could make a video of that talk,
+because I think it's useful in going through the essentials of Debian
+packaging and could use a wider audience. In the meantime, my
+[[reference documentation|software/debian-development]] is the best
+you can get.
+
+I've decided to let [bugs-everywhere]() die in Debian. There's a
+[release critical bug](https://bugs.debian.org/918268) and it seems no one is really using this
+anymore, at least I'm not. I would probably orphan the package once it
+gets removed from buster, but I'm not actually the maintainer, just an
+uploader...
+
+I've otherwise tried to get my figurative "house" of Debian packages
+in order for the upcoming [freeze](https://release.debian.org/), which meant new updates for
+
+ * [etckeeper](https://tracker.debian.org/etckeeper) (new upstream release)
+ * [horst](https://tracker.debian.org/horst) ([FTCBFS bug #920780](https://bugs.debian.org/920780)),
+ * [magic-wormhole-mailbox-server](https://tracker.debian.org/magic-wormhole-mailbox-server) (housekeeping)
+ * [monkeysphere](https://tracker.debian.org/monkeysphere) (new upstream, sponsored)
+ * [percol](https://tracker.debian.org/percol) (housekeeping)
+ * [pymediainfo](https://tracker.debian.org/pymediainfo) (new upstream)
+ * [sopel](https://tracker.debian.org/sopel) (new upstream)
+ * [undertime](https://tracker.debian.org/undertime) (see below)
+ * [xscreensaver](https://tracker.debian.org/xscreensaver) (new upstream, sponsored)
+
+I've also sponsored the introduction of [web-mode](https://bugs.debian.org/794624) ([RFS
+#921130](https://bugs.debian.org/921130)) a nice package to edit HTML in Emacs and filed the usual
+barrage of bug reports and patches.
+
+## Elegant argparse configfile support and new date parser for undertime
+
+I've issued *two* new releases for my [undertime](https://gitlab.com/anarcat/undertime) project which
+helps users coordinate meetings across timezones. I first started
+working on [improvingthe date parser](https://gitlab.com/anarcat/undertime/issues/8) which mostly involved finding
+a new library to handle dates. I started using [dateparser](https://dateparser.readthedocs.io/) which
+behaves slightly better, and I ended up [packaging it for Debian as
+well](https://bugs.debian.org/907337) although I still have to re-upload undertime to use the new
+dependency. 
+
+That was a first 1.6.0 release, but that wasn't enough - my users
+wanted a [configuration file](https://gitlab.com/anarcat/undertime/issues/7)! I ended up designing a simple,
+YAML-based configuration file parser that integrates quite well with
+[argparse](https://docs.python.org/3/library/argparse.html), after finding too many issues with existing solutions
+like [Configargparse](https://github.com/bw2/ConfigArgParse/). I summarized those for the [certbot
+project](https://github.com/certbot/certbot/issues/4493#issuecomment-459413674) which suffered from similar issues. I'm quite happy with
+my [small, elegant solution](https://gitlab.com/anarcat/undertime/blob/acd4a7c73f7e9c727a8a572884a46bcb696682c9/undertime#L102) for config file support. It is
+significantly better than the one I used for Monkeysign which was
+(ab)using the `fromfile` option of argparse.
+
+## Mailman 3
+
+Motivated by [this post](https://blog.chaddickerson.com/2019/01/09/replacing-facebook/) extolling the virtues of good old mailing
+lists to resist social media hegemony, I did a lot (too much) work on
+installing Mailman 3 on my own server. I have ran Mailman 2 mailing
+lists for hundreds of clients in my previous job at [Koumbit](https://koumbit.org) and I
+have so far used my access there to host a few mailing lists. This
+time, I wanted to try something new and figured Mailman 3 might have
+been ready after 4 years since the 3.0 release and almost 10 years
+since the project started.
+
+How wrong I was! Many things don't work: there is [no french
+translation at all](https://gitlab.com/mailman/mailman/issues/540) (nor any other translation, for that matter),
+[no invite feature](https://gitlab.com/mailman/mailman/issues/510), templates translation is [buggy](https://gitlab.com/mailman/mailman/issues/535), the
+Debian backport [fails with the MySQL version in stable](https://bugs.debian.org/921128)... it's a
+mess. The complete history of my failure is better documented in
+[[services/mail#mailing-lists]].
+
+I worked around many of those issues. I like the fact that I was
+*almost* able to replace the missing "invite" feature through the API
+and there Mailman 3 is much better to look at than the older
+version. They did fix a lot of things and I absolutely love the web
+interface which allows users to interact with the mailing list as a
+forum. But maybe it will take a bit more time before it's ready for my
+use case.
+
+Right now, I'm hesitant: either I go with a mailing list to connect
+with friends and family. It works with everyone because everyone uses
+email, if only for their password resets. The alternative is to use
+something like a (private?) [Discourse](https://discourse.org/) instance, which could also
+double as a comments provider for my blog if I ever decide to switch
+away from Ikiwiki... Neither seems like a good solution, and both
+require extra work and maintenance, Discourse particularly so because
+it is very unlikely it will get shipped as a Debian package.
+
+## Vero: my new home cinema box
+
+Speaking of Discourse, the reason I'm thinking about it is I am
+involved in many online forums running it. It's generally a great
+experience, although I wish email integration was mandatory - it's
+great to be able to reply through your email client, and it's not
+always supported. One of the forums I participate in is the
+[Pixls.us](https://pixls.us/) [forum](https://discuss.pixls.us/) where I posted a [description of my
+photography kit](https://discuss.pixls.us/t/whats-in-your-bag/182/44), [explained different NAS options I'm
+considering](https://discuss.pixls.us/t/do-you-use-nas/11019/23) and [explained part of my git-annex/dartkable
+workflow](https://discuss.pixls.us/t/how-well-do-darktable-and-git-annex-integrate/9002/4).
+
+Another forum I recently started working on is the [OSMC.tv](https://osmc.tv)
+[forum](https://discourse.osmc.tv/). I first asked what were the [full specifications](https://discourse.osmc.tv/t/full-specifications/75617) for
+their neat little embedded set-top box, the [Vero 4k+](https://osmc.tv/vero/). I wasn't
+fully satisfied with the answers (the hardware is not fully open), but
+I ended up ordering the device and moving the "home cinema services"
+off of the venerable [[hardware/server/marcos]] server, which is going
+to turn 8 years old this year. This was an elaborate enterprise which
+involved wiring power outlets (because a ground was faulty), vacuuming
+the basement (because it was filthy), doing [elaborate research on
+SSHFS setup and performance](https://discourse.osmc.tv/t/how-to-sshfs-tutorial/77852), deal with [systemd bugs](https://bugs.debian.org/860264) and so
+on.

(Diff truncated)
mention dmarc-cat
diff --git a/services/mail.mdwn b/services/mail.mdwn
index a23a7d3f..a5a40654 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -243,6 +243,10 @@ Breaking it down, this means:
 I am not clear yet on how that interacts with DKIM and SPF, but that
 seems like a safe way to start.
 
+The above *will* lead to reports landing in your mailbox. To parse
+them, you can use the [dmarc-cat tool](https://github.com/keltia/dmarc-cat) which I [packaged for
+Debian](https://tracker.debian.org/pkg/dmarc-cat).
+
 Postfix
 =======
 

short analysis of debian build systems
diff --git a/blog/2019-02-05-debian-build-systems.mdwn b/blog/2019-02-05-debian-build-systems.mdwn
new file mode 100644
index 00000000..850a7ed2
--- /dev/null
+++ b/blog/2019-02-05-debian-build-systems.mdwn
@@ -0,0 +1,81 @@
+[[!meta title="Debian build helpers: dh dominates"]]
+
+It's been a while since someone did this. Back in 2009, [Joey Hess](https://joeyh.name/)
+made a talk at [Debconf 9](http://debconf9.debconf.org/) about [debhelper](https://manpages.debian.org/unstable/debhelper/debhelper.7.en.html) and mentioned in
+his [slides](https://joeyh.name/talks/debhelper/debhelper-slides.pdf) (PDF) that it was used in most Debian packages. Here
+was the ratio (page 10):
+
+ * debhelper: 54%
+ * cdbs: 25%
+ * dh: 9%
+ * other: 3%
+
+Then [Lucas Nussbaum](https://www.lucas-nussbaum.net/) made graphs from [snapshot.debian.org](https://snapshot.debian.org/)
+that did the same, but with history. His [latest post](https://www.lucas-nussbaum.net/blog/?p=891) ([archive
+link](https://web.archive.org/web/20170704111200/http://www.lucas-nussbaum.net/blog/?p=891) because original is missing images), from 2015 confirmed
+Joey's 2009 results. It also showed cdbs was slowly declining and a
+sharp uptake in the dh usage (over debhelper). Here were the
+approximate numbers:
+
+ * debhelper: 15%
+ * cdbs: 15%
+ * dh: 69%
+ * other: 1%
+
+I ran the numbers again. Jakub Wilk pointed me to the
+[lintian.debian.org](https://lintian.debian.org/) output that can be used to get the current
+state easily:
+
+    $ curl -so lintian.log.gz https://lintian.debian.org/lintian.log.gz
+    $ zgrep debian-build-system lintian.log.gz | awk '{print $NF}' | sort | uniq -c | sort -nr
+      25772 dh
+       2268 debhelper
+       2124 cdbs-with-debhelper.mk
+        257 dhmk
+        123 other
+          8 cdbs-without-debhelper.mk
+
+Shoving this in a LibreOffice spreadsheet (sorry, my R/Python brain is
+slow today) gave me this nice little graph:
+
+<figure>
+<img src="debian-build-systems-20190205.png" alt="Pie chart of showing a large proportion of dh packages, and much less of debhelper and cdbs" />
+</figure>
+
+As of today, the numbers are now:
+
+ * debhelper: 7%
+ * cdbs: 7%
+ * dh: 84%
+ * other: 1%
+
+(No the numbers don't add up. Yes it's a rounding error. Blame
+LibreOffice.)
+
+So while cdbs lost 10% of the packages in 6 years, it lost another
+*half* of its share in the last 4. It's also interesting to note that
+debhelper and cdbs are both shrinking at a similar rate.
+
+This confirms that debhelper development is where everything is
+happening right now. The new [dh(1)](https://manpages.debian.org/stretch/debhelper/dh.1.en.html) sequencer is also a huge
+improvement that almost everyone has adopted wholeheartedly.
+
+Now of course, that remaining 15% of debhelper/cdbs (or just 7% of
+cdbs, depending on how pedantic you are) will be the hard part to
+transition. Notice how the 1% of "other" packages hasn't really moved
+in the last four years: that's because some packages in Debian are
+old, abandoned, ignored, complicated, or all of the above. So it will
+be difficult to convert the remaining packages and finalize this great
+unification Joey (unknowingly) started ten years ago, as the remaining
+packages are probably the hard, messy, old ones no want wants to fix
+because, well, "they're not broken so don't fix it".
+
+Still, it's nice to see us agree on something for a change. I'd be
+quite curious to see an update of Lucas' historical graphs. It would
+be particularly useful to see the impact of the old Alioth server
+replacement with [salsa.debian.org](https://salsa.debian.org), because it runs GitLab and
+only supports Git. Without an easy-to-use internal hosting service, I
+doubt SVN, Darcs, Bzr and whatever is left in "other" there will
+survive very long.
+
+[[!tag debian debian-planet python-planet history analysis]]
diff --git a/blog/2019-02-05-debian-build-systems/debian-build-systems-20190205.png b/blog/2019-02-05-debian-build-systems/debian-build-systems-20190205.png
new file mode 100644
index 00000000..a8c08be2
Binary files /dev/null and b/blog/2019-02-05-debian-build-systems/debian-build-systems-20190205.png differ

note patch backport
diff --git a/services/mail.mdwn b/services/mail.mdwn
index d758b209..a23a7d3f 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -975,8 +975,8 @@ Remaining issues
  * french translation is missing ([mailman bug #540](https://gitlab.com/mailman/mailman/issues/540)) - workaround:
    add french templates as needed through the web GUI (adding in
    filesystem fails because of [mailman bug #535](https://gitlab.com/mailman/mailman/issues/535) - but I
-   backported [MR 442](https://gitlab.com/mailman/mailman/merge_requests/442) so lookups now work. templates can be added
-   in any of:
+   [backported](https://gitlab.com/mailman/postorius/issues/325#note_138235609) [MR 442](https://gitlab.com/mailman/mailman/merge_requests/442) so lookups now work. templates can be
+   added in any of:
    
    * `$template_dir/lists/test.example.com/it/foo.txt`
    * `$template_dir/domains/example.com/it/foo.txt`

report chroot bug
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 6391f7bb..d758b209 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -857,8 +857,8 @@ Then Postfix needs to be configured:
     relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:mailman3/postfix_domains
 
 This differs from the configuration suggested in the README because
-the postfix daemons are usually chrooted (and this is no
-exception). This is then symlinked in place:
+the postfix daemons are usually chrooted (reported as [bug #921445](https://bugs.debian.org/921445)).
+This is then symlinked in place:
 
     touch /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
     chown list:list /var/spool/postfix/mailman3/postfix_*

removed
diff --git a/blog/2016-01-24-internet-in-cuba/comment_11_6676374b7fa49a904ccd38b6d577a6a1._comment b/blog/2016-01-24-internet-in-cuba/comment_11_6676374b7fa49a904ccd38b6d577a6a1._comment
deleted file mode 100644
index 327d1f2b..00000000
--- a/blog/2016-01-24-internet-in-cuba/comment_11_6676374b7fa49a904ccd38b6d577a6a1._comment
+++ /dev/null
@@ -1,8 +0,0 @@
-[[!comment format=mdwn
- ip="82.145.221.188"
- claimedauthor="Morgan "
- subject="How i join illuminati "
- date="2019-02-05T08:21:04Z"
- content="""
-join illuminati Are you a Politician, pastor  Businessman Woman, Musicians, Talented, Footballer, Golf player or any sport, Model, Government worker, You want to achieve your dreams. You want to be rich. Protected and famous. Join the Illuminati brotherhood too attain all your dreams if you are interested.  every individual  he or she have is own benefit of 50 million dollars  join illuminati  come now and see a new charge in your life. reject hardship in life and join illuminati  so your desire we be granted whatsapp our agent via: +2347051758952 or greatilluminaticop@gmail.com
-"""]]

fix markdown syntax
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 7b95678d..6391f7bb 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -921,10 +921,10 @@ Resolved Issues
 ---------------
 
 I have found out that I had `masquerade_domains` enabled in my
-`main.cf`: bad idea. It made a fool out of myself in [bug
-#921137](https://bugs.debian.org/921137), where I complained that Mailman would rewrite emails in
-or out and that would break unsubscribe links and other stuff. I
-simply disabled that line for now, we'll see what breaks.
+`main.cf`: bad idea. It made a fool out of myself in [bug #921137](https://bugs.debian.org/921137),
+where I complained that Mailman would rewrite emails in or out and
+that would break unsubscribe links and other stuff. I simply disabled
+that line for now, we'll see what breaks.
 
 Other issues:
 
@@ -999,8 +999,7 @@ Remaining issues
         >>> m.preferred_language = 'fr'
         >>> commit()
 
- * code linting issues in Mailman core made my other MR fail ([MR
-   #444](https://gitlab.com/mailman/mailman/merge_requests/444))
+ * code linting issues in Mailman core made my other MR fail ([MR #444](https://gitlab.com/mailman/mailman/merge_requests/444))
 
 Tested
 ------

Added a comment: How i join illuminati
diff --git a/blog/2016-01-24-internet-in-cuba/comment_11_6676374b7fa49a904ccd38b6d577a6a1._comment b/blog/2016-01-24-internet-in-cuba/comment_11_6676374b7fa49a904ccd38b6d577a6a1._comment
new file mode 100644
index 00000000..327d1f2b
--- /dev/null
+++ b/blog/2016-01-24-internet-in-cuba/comment_11_6676374b7fa49a904ccd38b6d577a6a1._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ ip="82.145.221.188"
+ claimedauthor="Morgan "
+ subject="How i join illuminati "
+ date="2019-02-05T08:21:04Z"
+ content="""
+join illuminati Are you a Politician, pastor  Businessman Woman, Musicians, Talented, Footballer, Golf player or any sport, Model, Government worker, You want to achieve your dreams. You want to be rich. Protected and famous. Join the Illuminati brotherhood too attain all your dreams if you are interested.  every individual  he or she have is own benefit of 50 million dollars  join illuminati  come now and see a new charge in your life. reject hardship in life and join illuminati  so your desire we be granted whatsapp our agent via: +2347051758952 or greatilluminaticop@gmail.com
+"""]]

more progress on translation work
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 1d51c4e5..7b95678d 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -969,12 +969,38 @@ Remaining issues
          export MAILMAN_PASSWORD=$(sed -n '/^admin_pass:/{s/.*: //;p}' mailman.cfg)
         mm3-invite-user.py test@lists.anarc.at anarcat@example.com
 
+ * confirmation mail subject is not translatable, subjects are not
+   templatable ([mailman bug #541](https://gitlab.com/mailman/mailman/issues/541))
+
  * french translation is missing ([mailman bug #540](https://gitlab.com/mailman/mailman/issues/540)) - workaround:
    add french templates as needed through the web GUI (adding in
-   filesystem fails)
+   filesystem fails because of [mailman bug #535](https://gitlab.com/mailman/mailman/issues/535) - but I
+   backported [MR 442](https://gitlab.com/mailman/mailman/merge_requests/442) so lookups now work. templates can be added
+   in any of:
+   
+   * `$template_dir/lists/test.example.com/it/foo.txt`
+   * `$template_dir/domains/example.com/it/foo.txt`
+   * `$template_dir/site/it/foo.txt`
+   * `<source_dir>/templates/it/foo.txt`
+
+   ... where `$template_dir` is `/var/lib/mailman3` and `<source_dir>`
+   is `/usr/lib/python3/dist-packages/mailman/`. This means templates
+   can be created on the filesystem for individual lists without going
+   through the GUI. updates are shipped upstream in [MR #446](https://gitlab.com/mailman/mailman/merge_requests/446).
  
- * unicode templates gets mangled ([postorious bug #325](https://gitlab.com/mailman/postorius/issues/325)) -
-   workaround: switch to utf-8 by default
+ * unicode templates gets mangled ([mailman bug #542](https://gitlab.com/mailman/mailman/issues/542)) -
+   workaround: switch French to utf-8 ([MR #443](https://gitlab.com/mailman/mailman/merge_requests/443)), change default
+   encoding to utf-8 ([MR #445](https://gitlab.com/mailman/mailman/merge_requests/444)) and change `default_language` to
+   `fr` in `mailman.cfg`. then switch the list to french:
+   
+        # su -s /bin/sh -c "mailman shell -l test.lists.anarc.at" list
+        Welcome to the GNU Mailman shell
+        The variable 'm' is the test.lists.anar.at mailing list
+        >>> m.preferred_language = 'fr'
+        >>> commit()
+
+ * code linting issues in Mailman core made my other MR fail ([MR
+   #444](https://gitlab.com/mailman/mailman/merge_requests/444))
 
 Tested
 ------

workarounds for invites and translations
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 78b5ae06..1d51c4e5 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -959,10 +959,22 @@ Other issues:
  * "subscription message" template ineffective: sends empty message
    (not reported, but [bug #919970](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919970) is related) - can't reproduce??
 
-Blocking issues
----------------
+Remaining issues
+----------------
+
+ * no "invite" subscription mechanism ([mailman bug #510](https://gitlab.com/mailman/mailman/issues/510)) -
+   workaround: [custom API script](https://gitlab.com/anarcat/scripts/blob/master/mm3-invite-user.py) to invite users seem to
+   work. usage:
+   
+         export MAILMAN_PASSWORD=$(sed -n '/^admin_pass:/{s/.*: //;p}' mailman.cfg)
+        mm3-invite-user.py test@lists.anarc.at anarcat@example.com
 
- * no "invite" subscription mechanism ([mailman bug #510](https://gitlab.com/mailman/mailman/issues/510))
+ * french translation is missing ([mailman bug #540](https://gitlab.com/mailman/mailman/issues/540)) - workaround:
+   add french templates as needed through the web GUI (adding in
+   filesystem fails)
+ 
+ * unicode templates gets mangled ([postorious bug #325](https://gitlab.com/mailman/postorius/issues/325)) -
+   workaround: switch to utf-8 by default
 
 Tested
 ------
@@ -973,6 +985,8 @@ Tested
  * unsubscribe
  * archives
  * mail from web
+ * invites (fail + workaround)
+ * translation (fail + workaround)
 
 Future work
 -----------

redirection
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 9dd99822..78b5ae06 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -889,6 +889,7 @@ sucks):
             ServerName lists.anarc.at
             #Use common-letsencrypt-ssl lists.anarc.at
             DocumentRoot /var/www/html/
+            RedirectMatch ^/$ /mailman3/
             Include /etc/mailman3/apache.conf
     </VirtualHost>
 

mailman progress
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 2f8927ee..9dd99822 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -916,23 +916,64 @@ works. Follow that. Then you must configure the `Domains` to make sure
 they match the hostname. After you can create a test mailing list and
 try delivery.
 
-What works:
+Resolved Issues
+---------------
 
- * delivery
- * (mass) subscription
- * reply
+I have found out that I had `masquerade_domains` enabled in my
+`main.cf`: bad idea. It made a fool out of myself in [bug
+#921137](https://bugs.debian.org/921137), where I complained that Mailman would rewrite emails in
+or out and that would break unsubscribe links and other stuff. I
+simply disabled that line for now, we'll see what breaks.
+
+Other issues:
 
-What doesn't:
+ * [bug #919145](https://bugs.debian.org/919145) - mailman3: stretch-backports dependencies can not
+   be satisfied with python3-alembic from backports. workaround:
+   force-install stable versions (see above)
 
- * no "invite" subscription mechanism ([postorious bug #203](https://gitlab.com/mailman/postorius/issues/203))
- * leaving - confirmations bounce:
+ * <del>[bug #920304](https://bugs.debian.org/920304) - mailman3-web: mailman3web / django does not
+   like python3-pymysql</del>
+
+ * [bug #921128](https://bugs.debian.org/921128): mailman3-web fails to initialize mysql: Specified
+   key was too long. workaround: sqlite3 or upgrade to buster.
+
+ * mailing lists archives would simply not work. this was fixed by
+   adding this to `mailman.py`:
    
-        Feb  1 19:51:45 marcos postfix/smtpd[28736]: NOQUEUE: reject: RCPT from mx1.riseup.net[198.252.153.129] 550 5.1.1 <test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at>: Recipient address rejected: User unknown in local recipient table; from=<anarcat@riseup.net> to=<test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at> proto=ESMTP helo=<mx1.riseup.net> `
+        # The following lines are specific to mailing lists archiving using
+        # HyperKitty. They require 'python3-mailman-hyperkitty' to be installed
+        # and will produce errors otherwise.
+        # 
+        # If you don't want to use HyperKitty, please comment them out.
+
+        [archiver.hyperkitty]
+        class: mailman_hyperkitty.Archiver
+        enable: yes
+        configuration: /etc/mailman3/mailman-hyperkitty.cfg
+
+   The password in `mailman-hyperkitty.cfg` must match the
+   `MAILMAN_ARCHIVER_KEY` in `mailman-web.py`. I would have expected
+   the Debian packages to handle that, but I might have screwed it up.
 
-   .. even though test-confirm@lists.anarc.at works. Notice, it's
-   because the domain is wrong. (reported as [bug #921137](https://bugs.debian.org/921137))
- * probably other stuff
+ * "subscription message" template ineffective: sends empty message
+   (not reported, but [bug #919970](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919970) is related) - can't reproduce??
+
+Blocking issues
+---------------
+
+ * no "invite" subscription mechanism ([mailman bug #510](https://gitlab.com/mailman/mailman/issues/510))
+
+Tested
+------
+
+ * delivery
+ * (mass) subscription
+ * reply
+ * unsubscribe
+ * archives
+ * mail from web
 
-Possible future improvements:
+Future work
+-----------
 
  * [mailman3 pgp plugin](https://pypi.org/project/mailman-pgp/)

two more refs
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 2d72e051..2f8927ee 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -924,10 +924,15 @@ What works:
 
 What doesn't:
 
- * no "invite" subscription mechanism?
+ * no "invite" subscription mechanism ([postorious bug #203](https://gitlab.com/mailman/postorius/issues/203))
  * leaving - confirmations bounce:
    
         Feb  1 19:51:45 marcos postfix/smtpd[28736]: NOQUEUE: reject: RCPT from mx1.riseup.net[198.252.153.129] 550 5.1.1 <test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at>: Recipient address rejected: User unknown in local recipient table; from=<anarcat@riseup.net> to=<test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at> proto=ESMTP helo=<mx1.riseup.net> `
 
    .. even though test-confirm@lists.anarc.at works. Notice, it's
    because the domain is wrong. (reported as [bug #921137](https://bugs.debian.org/921137))
+ * probably other stuff
+
+Possible future improvements:
+
+ * [mailman3 pgp plugin](https://pypi.org/project/mailman-pgp/)

mark which bugs i reported
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 084af451..2d72e051 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -837,9 +837,10 @@ workaround is simple:
     apt install -t stretch-backports mailman3-full
 
 Then I found out that the mailman3-web interface is simply
-uninstallable when using MySQL ([bug #921128](https://bugs.debian.org/921128)). So I just used the
-`sqlite3` backend, which is promising to cause delightful problems
-when interoperating with the `mailman3` package, running MySQL.
+uninstallable when using MySQL (reported as [bug #921128](https://bugs.debian.org/921128)). So I
+just used the `sqlite3` backend, which is promising to cause
+delightful problems when interoperating with the `mailman3` package,
+running MySQL.
 
     dpkg-reconfigure mailman3-web
 
@@ -929,4 +930,4 @@ What doesn't:
         Feb  1 19:51:45 marcos postfix/smtpd[28736]: NOQUEUE: reject: RCPT from mx1.riseup.net[198.252.153.129] 550 5.1.1 <test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at>: Recipient address rejected: User unknown in local recipient table; from=<anarcat@riseup.net> to=<test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at> proto=ESMTP helo=<mx1.riseup.net> `
 
    .. even though test-confirm@lists.anarc.at works. Notice, it's
-   because the domain is wrong.
+   because the domain is wrong. (reported as [bug #921137](https://bugs.debian.org/921137))

document my mailman3 adventures
diff --git a/services/mail.mdwn b/services/mail.mdwn
index e7ca32d1..084af451 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -819,3 +819,114 @@ changes:
 
 That must be one of the simplest webapp install I've seen, considering
 the complexity of this thing. Bravo!
+
+Mailing lists
+=============
+
+I naively thought I could [go old school and replace Facebook with
+email](https://blog.chaddickerson.com/2019/01/09/replacing-facebook/) (even though I actually never used Facebook). I figured,
+heck, mailing lists, I know that, I'll just install Mailman 3 in
+Debian and be done with it.
+
+How wrong can one be. First bug I found was that stretch doesn't have
+mailman 3, it's only in backports. But then the dependencies in the
+package are all out of whack ([bug #919145](https://bugs.debian.org/919145), [bug #920304](https://bugs.debian.org/920304)). The
+workaround is simple:
+
+    apt install python3-alembic python3-sqlalchemy python3-pymysql python3-mysqldb
+    apt install -t stretch-backports mailman3-full
+
+Then I found out that the mailman3-web interface is simply
+uninstallable when using MySQL ([bug #921128](https://bugs.debian.org/921128)). So I just used the
+`sqlite3` backend, which is promising to cause delightful problems
+when interoperating with the `mailman3` package, running MySQL.
+
+    dpkg-reconfigure mailman3-web
+
+This, incidentally, allows us to have the web server (Apache2)
+automatically configured, but we won't do that - we'll configure it by
+hand.
+
+Then Postfix needs to be configured:
+
+    owner_request_special = no
+    transport_maps = hash:/etc/postfix/transport
+                     hash:mailman3/postfix_lmtp
+    local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:mailman3/postfix_lmtp
+    relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:mailman3/postfix_domains
+
+This differs from the configuration suggested in the README because
+the postfix daemons are usually chrooted (and this is no
+exception). This is then symlinked in place:
+
+    touch /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
+    chown list:list /var/spool/postfix/mailman3/postfix_*
+    postmap /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
+    ln -s /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp /var/lib/mailman3/data/
+
+And, of course, postfix reloaded:
+
+    postfix reload
+
+The `data_dir` needs to be changed in the mailman config
+(`/etc/mailman3/mailman.cfg`), and while you're there change the
+`site_owner` as well:
+
+    site_owner: anarcat+register@anarc.at
+    data_dir: /var/spool/postfix/mailman3/
+
+Then we create an Apache config (because the default one kind of
+sucks):
+
+    <VirtualHost *:80>
+            ServerName lists.anarc.at
+            #Redirect / https://lists.anarc.at/
+            DocumentRoot /var/www/html/
+    </VirtualHost>
+
+    <VirtualHost *:443>
+            ServerName lists.anarc.at
+            #Use common-letsencrypt-ssl lists.anarc.at
+            DocumentRoot /var/www/html/
+            Include /etc/mailman3/apache.conf
+    </VirtualHost>
+
+Reload apache:
+
+    service apache2 reload
+
+A certificate is obtained, after creating the domain of course:
+
+    certbot certonly -w /var/www/html -d lists.anarc.at --webroot
+
+Once the cert is enabled, uncomment the `Redirect` and `Use` lines and
+relaod apache again:
+
+    service apache2 reload
+
+Finally, a Posterius super user needs to be created:
+
+    django-admin createsuperuser --pythonpath /usr/share/mailman3-web --settings settings --username anarcat --email anarcat+register@anarc.at
+
+That will prompt for a password, head over to
+https://lists.anarc.at/mailman3/ to login. This will ask for an email
+confirmation, which should confirm your email system somewhat
+works. Follow that. Then you must configure the `Domains` to make sure
+they match the hostname. After you can create a test mailing list and
+try delivery.
+
+What works:
+
+ * delivery
+ * (mass) subscription
+ * reply
+
+What doesn't:
+
+ * no "invite" subscription mechanism?
+ * leaving - confirmations bounce:
+   
+        Feb  1 19:51:45 marcos postfix/smtpd[28736]: NOQUEUE: reject: RCPT from mx1.riseup.net[198.252.153.129] 550 5.1.1 <test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at>: Recipient address rejected: User unknown in local recipient table; from=<anarcat@riseup.net> to=<test-confirm+b29ccf7e932a2ef4bd6e01542a80736d451f0297@anarc.at> proto=ESMTP helo=<mx1.riseup.net> `
+
+   .. even though test-confirm@lists.anarc.at works. Notice, it's
+   because the domain is wrong.

notice the cosmo communicator
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index bc7c5c6b..8257c162 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -307,6 +307,14 @@ Puzzlephone
 
 Similarly, there's a [pretty homepage](http://www.puzzlephone.com/) while we wait for something to happen also.
 
+Cosmo communicator
+------------------
+
+Huge phone running android, flip keyboard, 24MP camera, super powerful
+but expensive.
+
+https://www.indiegogo.com/projects/cosmo-communicator
+
 Current phone
 =============
 

noter la question de l'oiseau de février
diff --git a/communication/photo/calendrier-2019.mdwn b/communication/photo/calendrier-2019.mdwn
index 40ad32d8..a5a87749 100644
--- a/communication/photo/calendrier-2019.mdwn
+++ b/communication/photo/calendrier-2019.mdwn
@@ -845,6 +845,13 @@ d'impression, plutôt qu'une date exacte car la date précise est
 généralement inconnue lors du montage. De plus, il est possible qu'une
 impression prenne plusieurs jours pour les gros volumes.
 
+La photo de février est seulement identifiée comme un "oiseau de
+proie", car il est plutôt difficile d'identifier la bête. On croit
+qu'il s'agit peut-être d'un épervier de Cooper ([Cooper Hawk](https://www.allaboutbirds.org/guide/Coopers_Hawk/media-browser/60324921)) mais
+ça pourrait aussi être une petite buse ([broad-winged hawk](https://www.allaboutbirds.org/guide/Broad-winged_Hawk/id)), une
+buse à épaulettes ([red-shouldered hawk](https://www.allaboutbirds.org/guide/Red-shouldered_Hawk/id)) ou encore un épervier
+brun ([sharp-shinned hawk](https://www.allaboutbirds.org/guide/Sharp-shinned_Hawk/id)).
+
 ## Améliorations futures
 
 Les calendriers ont souvent un "mini-calendrier" qui montre les mois

two pine64 options
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index b009d704..10a38ecb 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -114,6 +114,10 @@ https://www.pine64.org/?page_id=3707
  * LCD 11.6"
  * 1.04Kg
 
+First version is apparently too slow for day-to-day usage (and RAM is
+just ludicrously small), but it's cheap. A new one should [come out in
+2019](https://www.omgubuntu.co.uk/2019/01/pinebook-pro-linux-laptop-coming-soon) but alas still with only 4GB RAM.
+
 Pyra
 ----
 
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index 2b1a882e..37e554c3 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -351,6 +351,12 @@ as a keyboard.
 
 Insane.
 
+Pine64
+------
+
+Those guys known for their cheap [[laptop]] are [making a cheap
+tablet](https://www.omgubuntu.co.uk/2019/01/pine-tab-linux-tablet) as well, running Ubuntu.
+
 Phones
 ======
 

remove dupe ref to koumbit
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 4a89ec13..796affd3 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -11,7 +11,6 @@ Key highlights:
  * newest: [[ursula]] (2019)
  * first machine used: Vic-20, in the 1980s
  * number of workstations/servers built/managed at home: at least 5
-   (not counting the tens of machines built at Koumbit)
  * number of routers/wifi hotspots: at least 5
  * number of laptops: 14
  * most common architecture: Intel (32 or 64 bits)

add highlights
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 322fb595..4a89ec13 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -5,6 +5,19 @@ setup and maintained as part of my work, at
 
 See also my software [[software/history]].
 
+Key highlights:
+
+ * oldest running machine: [[hardware/server/marcos]] (2011)
+ * newest: [[ursula]] (2019)
+ * first machine used: Vic-20, in the 1980s
+ * number of workstations/servers built/managed at home: at least 5
+   (not counting the tens of machines built at Koumbit)
+ * number of routers/wifi hotspots: at least 5
+ * number of laptops: 14
+ * most common architecture: Intel (32 or 64 bits)
+
+Here's the detailed history:
+
 * 1980s: [Vic-20](https://en.wikipedia.org/wiki/Commodore_VIC-20)
 * 1984+: [Mac Plus](https://en.wikipedia.org/wiki/Macintosh_Plus)
 * 1998-2005: Pentium 1 clone: 32MB ram, 1GB disk ([[and a bunch more|blog/2005-08-24-ma-victoire-contre-la-machine]])

fix some dates
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 9c5e49c5..322fb595 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -6,11 +6,11 @@ setup and maintained as part of my work, at
 See also my software [[software/history]].
 
 * 1980s: [Vic-20](https://en.wikipedia.org/wiki/Commodore_VIC-20)
-* 1980s+: [Mac Plus](https://en.wikipedia.org/wiki/Macintosh_Plus)
+* 1984+: [Mac Plus](https://en.wikipedia.org/wiki/Macintosh_Plus)
 * 1998-2005: Pentium 1 clone: 32MB ram, 1GB disk ([[and a bunch more|blog/2005-08-24-ma-victoire-contre-la-machine]])
 * 1998-2000: used [Indigo](https://en.wikipedia.org/wiki/SGI_Indigo%C2%B2_and_Challenge_M)
   workstations at university
-* -2005: Thinkpad 380z (Pentium II 300Mhz + 96Mo de RAM et 3Go disk
+* ?-2005: Thinkpad 380z (Pentium II 300Mhz + 96Mo de RAM et 3Go disk
 * ~2005?: Toshiba Satellite 4090xDVD
 * 2005 linux counter entry:
   * lenny: AMD Duron 1GHz 200GB disk, 512MB ram, workstation (Debian
@@ -24,7 +24,7 @@ See also my software [[software/history]].
 * 2006: [[laptop/MobilePro780]] (PDA / NetBSD experiment)
 * 2006-2007?: [[Toshiba Satellite A30|laptop/ToshibaSatelliteA30]],
   cause of death: slowness
-* ...-2007: squatting hugo's machines: 20070906065732.GK4796@mumia.anarcat.ath.cx
+* ?-2007: squatting hugo's machines: 20070906065732.GK4796@mumia.anarcat.ath.cx
 * 2007-2011: [[Thinkpad X31|laptop/thinkpadx31]]  2008 - lenny in 2010?
 * 2008: still on X31: 20080520194824.GB22856@mumia.anarcat.ath.cx
 * 2008: laptop pété: 20080129214948.GA12870@anarcat.ath.cx
@@ -50,11 +50,12 @@ See also my software [[software/history]].
   debian stretch)
 * 2017?-2018: [[server/mafalda]] (Raspbery Pi, print server moved to
   [[server/plastik]])
-* 2018-...: [[server/plastik]] (wifi router and print server in the office)
+* (2012-2017) 2018-...: [[server/plastik]] (wifi router and print
+  server in the office)
 * 2018: Thinkpad x201 (temporary angela, 0$ from micah, i5 m520, 8GB
   RAM (2x4GB), physically worn out: keys falling off, disk slot broken, drive
   taken from old angela the x120e, running stretch, 128GB Crucial M4 SSD)
-* 2018: Thinkad x220 (new [[angela]], 150$ refurb from Encan Depot,
+* 2018-...: Thinkad x220 (new [[angela]], 150$ refurb from Encan Depot,
   8GB ram, running stretch, 512GB SSD)
-* 2019: Vero 4k+ ([[ursula]], home cinema service replacing a part of
+* 2019-...: Vero 4k+ ([[ursula]], home cinema service replacing a part of
   marcos, which is moved to the basement)

fix another link
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 2eceeb0b..9c5e49c5 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -40,8 +40,9 @@ See also my software [[software/history]].
   lenny, backups of marvin archived in two disks (~120GB)
 * 2012-2017: mesh experiments with [[server/plastik]], [[server/roadkiller]]
 * 2011-2018: [[laptop/thinkpad-x120e]] (angela, 600$, 4GB RAM (2x2GB),
-  AMD E-350, [[blog/2015-09-28-fun-with-batteries|battery changed in
-  2015]], debian wheezy, jessie, then stretch. cause of death: screen cracked)
+  AMD E-350, [[battery changed in
+  2015|blog/2015-09-28-fun-with-batteries]], debian wheezy, jessie,
+  then stretch. cause of death: screen cracked)
 * 2016-...: [[octavia]] (Turris Omnia router, [[server/roadkiller]] replacement)
 * 2017-...: Intel NUC desktop (curie, 750$, 16GB, Intel i3-6100U
   2.3Ghz 4 threads, M.2 500GB disk,

fix links
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 89a8835f..2eceeb0b 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -20,7 +20,7 @@ See also my software [[software/history]].
   * marvin: Pentium II 233MHz 34GB disk, 65MB ram, server, merged with
     lenny to yield marcos in 2009 (2011?)
     (Debian 3.1)
-* 2006: [[Thinkpad T22|thinkpadt22]], cause of death: stolen?
+* 2006: [[Thinkpad T22|laptop/thinkpadt22]], cause of death: stolen?
 * 2006: [[laptop/MobilePro780]] (PDA / NetBSD experiment)
 * 2006-2007?: [[Toshiba Satellite A30|laptop/ToshibaSatelliteA30]],
   cause of death: slowness
@@ -48,8 +48,8 @@ See also my software [[software/history]].
   [installation report](https://wiki.debian.org/InstallingDebianOn/Intel/NUC6i3SYH#preview),
   debian stretch)
 * 2017?-2018: [[server/mafalda]] (Raspbery Pi, print server moved to
-  [[plastik]])
-* 2018-...: [[plastik]] (wifi router and print server in the office)
+  [[server/plastik]])
+* 2018-...: [[server/plastik]] (wifi router and print server in the office)
 * 2018: Thinkpad x201 (temporary angela, 0$ from micah, i5 m520, 8GB
   RAM (2x4GB), physically worn out: keys falling off, disk slot broken, drive
   taken from old angela the x120e, running stretch, 128GB Crucial M4 SSD)

formatting tweaks
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index b3511520..89a8835f 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -20,9 +20,10 @@ See also my software [[software/history]].
   * marvin: Pentium II 233MHz 34GB disk, 65MB ram, server, merged with
     lenny to yield marcos in 2009 (2011?)
     (Debian 3.1)
-* 2006: [[Thinkpad T22|thinkpadt22]] (stolen?)
+* 2006: [[Thinkpad T22|thinkpadt22]], cause of death: stolen?
 * 2006: [[laptop/MobilePro780]] (PDA / NetBSD experiment)
-* 2006-2007?: [[Toshiba Satellite A30|laptop/ToshibaSatelliteA30]]
+* 2006-2007?: [[Toshiba Satellite A30|laptop/ToshibaSatelliteA30]],
+  cause of death: slowness
 * ...-2007: squatting hugo's machines: 20070906065732.GK4796@mumia.anarcat.ath.cx
 * 2007-2011: [[Thinkpad X31|laptop/thinkpadx31]]  2008 - lenny in 2010?
 * 2008: still on X31: 20080520194824.GB22856@mumia.anarcat.ath.cx
@@ -30,18 +31,17 @@ See also my software [[software/history]].
 * 2009: mumia? 20080520194824.GB22856@mumia.anarcat.ath.cx
 * 2009: feu laptop: 20091026192858.GH8286@anarcat.ath.cx
 * 2008/2009?-2011: Asus Aspire One D250 (Atom N270 1.6GHz, 1GB ram, 160GB
-  disque), suspected compromised by RCMP and replaced
-  http://wiki.debian.org/InstallingDebianOn/Acer/AspireOne-D250-1821
+  disque), cause of death: suspected compromise by RCMP ([install notes](http://wiki.debian.org/InstallingDebianOn/Acer/AspireOne-D250-1821))
 * 2010 linux counter entry:
   * lenny: AMD Athlon 1.1GHz 200GB disk, 1GB ram, workstation (debian lenny)
   * mumia: Pentium M 1GHz 40GB disk, 1GB ram, laptop (Debian lenny)
-* 2010: HP Mini 10 [[blog/2010-03-18-hp-mini-10-netbook-doom]]
+* 2010: HP Mini 10 ([[many problems|blog/2010-03-18-hp-mini-10-netbook-doom]])
 * 2011-...: custom server ([[server/marcos]]), merge of marvin and
   lenny, backups of marvin archived in two disks (~120GB)
 * 2012-2017: mesh experiments with [[server/plastik]], [[server/roadkiller]]
-* 2011-2018: [[laptop/thinkpad-x120e]] (angela, 600$, 4GB RAM (2x2GB), AMD E-350, battery
-  changed in 2015, see [[blog/2015-09-28-fun-with-batteries]], debian
-  wheezy, jessie, then stretch. dead screen)
+* 2011-2018: [[laptop/thinkpad-x120e]] (angela, 600$, 4GB RAM (2x2GB),
+  AMD E-350, [[blog/2015-09-28-fun-with-batteries|battery changed in
+  2015]], debian wheezy, jessie, then stretch. cause of death: screen cracked)
 * 2016-...: [[octavia]] (Turris Omnia router, [[server/roadkiller]] replacement)
 * 2017-...: Intel NUC desktop (curie, 750$, 16GB, Intel i3-6100U
   2.3Ghz 4 threads, M.2 500GB disk,

add newest machines
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 50d4f8e2..b3511520 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -53,3 +53,7 @@ See also my software [[software/history]].
 * 2018: Thinkpad x201 (temporary angela, 0$ from micah, i5 m520, 8GB
   RAM (2x4GB), physically worn out: keys falling off, disk slot broken, drive
   taken from old angela the x120e, running stretch, 128GB Crucial M4 SSD)
+* 2018: Thinkad x220 (new [[angela]], 150$ refurb from Encan Depot,
+  8GB ram, running stretch, 512GB SSD)
+* 2019: Vero 4k+ ([[ursula]], home cinema service replacing a part of
+  marcos, which is moved to the basement)

add references missing to existing pages in history
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 981b5bc3..50d4f8e2 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -20,10 +20,11 @@ See also my software [[software/history]].
   * marvin: Pentium II 233MHz 34GB disk, 65MB ram, server, merged with
     lenny to yield marcos in 2009 (2011?)
     (Debian 3.1)
-* 2006: Thinkpad T22 (stolen?)
-* 2006-2007?: Toshiba Satellite A30
+* 2006: [[Thinkpad T22|thinkpadt22]] (stolen?)
+* 2006: [[laptop/MobilePro780]] (PDA / NetBSD experiment)
+* 2006-2007?: [[Toshiba Satellite A30|laptop/ToshibaSatelliteA30]]
 * ...-2007: squatting hugo's machines: 20070906065732.GK4796@mumia.anarcat.ath.cx
-* 2007-2011: Thinkpad X31  2008 - lenny in 2010?
+* 2007-2011: [[Thinkpad X31|laptop/thinkpadx31]]  2008 - lenny in 2010?
 * 2008: still on X31: 20080520194824.GB22856@mumia.anarcat.ath.cx
 * 2008: laptop pété: 20080129214948.GA12870@anarcat.ath.cx
 * 2009: mumia? 20080520194824.GB22856@mumia.anarcat.ath.cx
@@ -37,13 +38,18 @@ See also my software [[software/history]].
 * 2010: HP Mini 10 [[blog/2010-03-18-hp-mini-10-netbook-doom]]
 * 2011-...: custom server ([[server/marcos]]), merge of marvin and
   lenny, backups of marvin archived in two disks (~120GB)
+* 2012-2017: mesh experiments with [[server/plastik]], [[server/roadkiller]]
 * 2011-2018: [[laptop/thinkpad-x120e]] (angela, 600$, 4GB RAM (2x2GB), AMD E-350, battery
   changed in 2015, see [[blog/2015-09-28-fun-with-batteries]], debian
   wheezy, jessie, then stretch. dead screen)
+* 2016-...: [[octavia]] (Turris Omnia router, [[server/roadkiller]] replacement)
 * 2017-...: Intel NUC desktop (curie, 750$, 16GB, Intel i3-6100U
   2.3Ghz 4 threads, M.2 500GB disk,
   [installation report](https://wiki.debian.org/InstallingDebianOn/Intel/NUC6i3SYH#preview),
   debian stretch)
-* 2018-...: Thinkpad x201 (new angela, 0$ from micah, i5 m520, 8GB
+* 2017?-2018: [[server/mafalda]] (Raspbery Pi, print server moved to
+  [[plastik]])
+* 2018-...: [[plastik]] (wifi router and print server in the office)
+* 2018: Thinkpad x201 (temporary angela, 0$ from micah, i5 m520, 8GB
   RAM (2x4GB), physically worn out: keys falling off, disk slot broken, drive
   taken from old angela the x120e, running stretch, 128GB Crucial M4 SSD)

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .