Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

gitwatch is not generic
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 4fef872a..d8807abb 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -86,15 +86,6 @@ https://github.com/tinkershack/fluffy
  * [Debian package](https://tracker.debian.org/pkg/gamin) since 2005
  * not a commandline tool
 
-## gitwatch
-
-<https://github.com/gitwatch/gitwatch>
-
- * 2012-2020
- * GPLv3
- * relies on inotifywait
- * just commits to git after a delay
-
 ## incron
 
 <https://github.com/ar-/incron>
@@ -312,6 +303,15 @@ am aware of:
  * [git-annex](https://git-annex.branchable.com/)
  * [syncthing](https://syncthing.net/)
 
+## gitwatch
+
+<https://github.com/gitwatch/gitwatch>
+
+ * 2012-2020
+ * GPLv3
+ * relies on inotifywait
+ * just commits and pushes to git after a delay
+
 ## inosync
 
 <https://github.com/hollow/inosync>

more references
diff --git a/blog/2020-03-10-font-changes/comment_3_ee8eb8616c1a8002082526233ca172ac._comment b/blog/2020-03-10-font-changes/comment_3_ee8eb8616c1a8002082526233ca172ac._comment
new file mode 100644
index 00000000..6c19cf98
--- /dev/null
+++ b/blog/2020-03-10-font-changes/comment_3_ee8eb8616c1a8002082526233ca172ac._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""more design hints"""
+ date="2020-11-23T17:09:18Z"
+ content="""
+I found more web sites that could be relevant for future reshuffling of this work:
+
+ * [dev fonts comparator](https://devfonts.gafi.dev/)
+ * [What’s the best font size for the web?](https://www.imarc.com/blog/best-font-size-for-any-device)
+ * [Building a color palette](https://refactoringui.com/previews/building-your-color-palette/)
+"""]]

more sites
diff --git a/services/dns.mdwn b/services/dns.mdwn
index db7223af..ac76dfda 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -54,10 +54,12 @@ n'est pas clair, dans l'interface, qui a accès à mes domaines.
 
 | Registry       | .com     | .org     | .net     | .ca      | .at      | Notes                     |
 |----------------|----------|----------|----------|----------|----------|---------------------------|
+| bookmyname.com |          |          |          |          |          | à déterminer              |
 | cloudflare.com | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                           |
 | easydns.com    | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting              |
 | gandi.net      | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at  |
 | gandi.net (DD) | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Développeur Debian |
+| itich.com      |          |          |          |          |          | à déterminer              |
 | joker.com      | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                           |
 | njal.la        | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme  |
 

more tools
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 18f98ef4..4fef872a 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -86,6 +86,15 @@ https://github.com/tinkershack/fluffy
  * [Debian package](https://tracker.debian.org/pkg/gamin) since 2005
  * not a commandline tool
 
+## gitwatch
+
+<https://github.com/gitwatch/gitwatch>
+
+ * 2012-2020
+ * GPLv3
+ * relies on inotifywait
+ * just commits to git after a delay
+
 ## incron
 
 <https://github.com/ar-/incron>
diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index 1082cef3..e1b67adc 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -64,6 +64,7 @@ This also overlaps with bookmarking software like:
  * [Turtl](https://turtlapp.com/)
  * [Wallabag](https://wallabag.org/)
  * [seelink](https://www.seelink.app/)
+ * [Shaarli](https://github.com/shaarli/Shaarli)
 
 ... and archival software in the [[WARC ecosystem|services/archive]].
 

ajout prix .org/.net
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 1eee85e5..db7223af 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -52,13 +52,14 @@ changer tous les contacts du domaine **même s'ils n'étaient pas dans
 la liste des contacts**. C'est assez inquiétant et m'indique qu'il
 n'est pas clair, dans l'interface, qui a accès à mes domaines.
 
-| Registry       | .com     | .ca      | .at      | Notes                    |
-|----------------|----------|----------|----------|--------------------------|
-| cloudflare.com | 8.03USD  | N/A      | N/A      |                          |
-| easydns.com    | 15USD    | 15CAD    | 22USD    | also hosting             |
-| gandi.net      | 21.70CAD | 19.38CAD | 21.60CAD | pas de transfer lock .at |
-| joker.com      | 13.60CAD | N/A      | 15.31USD |                          |
-| njal.la        | 15EUR    | N/A      | N/A      | pas un registry, anonyme |
+| Registry       | .com     | .org     | .net     | .ca      | .at      | Notes                     |
+|----------------|----------|----------|----------|----------|----------|---------------------------|
+| cloudflare.com | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                           |
+| easydns.com    | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting              |
+| gandi.net      | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at  |
+| gandi.net (DD) | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Développeur Debian |
+| joker.com      | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                           |
+| njal.la        | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme  |
 
 Convention de noms
 ==================

gandi alternatives
diff --git a/services/dns.mdwn b/services/dns.mdwn
index d0ad2501..1eee85e5 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -33,6 +33,33 @@ Documentation locale
  * [[dnssec]] - la validation des noms de domaines
  * [[migration]] - comment migrer vers une nouvelle IP
 
+Autres fournisseurs
+===================
+
+Je considère des alternatives à Gandi. Le temps où Gandi était une
+bande d'anarchistes prêt à foutre le feu au système de noms de domaine
+est largement révolu: la seule chose qu'ils ont gardé après la vente
+est un slogan pourri, en anglais. Leur interface "v5" est parfaitement
+infecte, difficile à utiliser, et n'a pas la flexibilité de l'ancienne
+interface (qui permettait par example à un tier de payer un nom de
+domaine).
+
+J'ai d'ailleurs eu une expérience étrange cette semaine: un nom de
+domaine d'un ancien client (enfin, un client de Koumbit) s'est
+retrouvé dans ma liste de domaine, avec moi comme contact
+partout. J'ai informé Koumbit et, bizarrement, ils ont été capables de
+changer tous les contacts du domaine **même s'ils n'étaient pas dans
+la liste des contacts**. C'est assez inquiétant et m'indique qu'il
+n'est pas clair, dans l'interface, qui a accès à mes domaines.
+
+| Registry       | .com     | .ca      | .at      | Notes                    |
+|----------------|----------|----------|----------|--------------------------|
+| cloudflare.com | 8.03USD  | N/A      | N/A      |                          |
+| easydns.com    | 15USD    | 15CAD    | 22USD    | also hosting             |
+| gandi.net      | 21.70CAD | 19.38CAD | 21.60CAD | pas de transfer lock .at |
+| joker.com      | 13.60CAD | N/A      | 15.31USD |                          |
+| njal.la        | 15EUR    | N/A      | N/A      | pas un registry, anonyme |
+
 Convention de noms
 ==================
 

yet another tool
diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index 730659f8..1082cef3 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -63,6 +63,7 @@ This also overlaps with bookmarking software like:
  * [Shiori](https://github.com/RadhiFadlillah/shiori)
  * [Turtl](https://turtlapp.com/)
  * [Wallabag](https://wallabag.org/)
+ * [seelink](https://www.seelink.app/)
 
 ... and archival software in the [[WARC ecosystem|services/archive]].
 

anotehr option
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index e8f1c1bc..70046f2e 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -292,7 +292,8 @@ Calibre is...
    that protocol is quite useful to browse books on the fly from
    hacked Kobo readers (running [Koreader](http://koreader.rocks/), but [not Plato](https://github.com/baskerville/plato/issues/69)) or
    Android devices (running [Document Viewer](https://f-droid.org/packages/org.sufficientlysecure.viewer/) or Koreader)... There
-   is an OPDS [test server](http://feedbooks.github.io/opds-test-catalog/), see also my [2016 analysis](https://github.com/wallabag/wallabag/issues/1253#issuecomment-204996640).
+   is an OPDS [test server](http://feedbooks.github.io/opds-test-catalog/), see also my [2016
+   analysis](https://github.com/wallabag/wallabag/issues/1253#issuecomment-204996640). Update: [Ubooquity](https://vaemendis.net/ubooquity/) is a thing as well.
 
 [Liber]: https://git.autistici.org/ale/liber
 [Trantor]: https://gitlab.com/trantor/trantor

anotehr option
diff --git a/software/debian-development.mdwn b/software/debian-development.mdwn
index cd0a336e..9293ea0f 100644
--- a/software/debian-development.mdwn
+++ b/software/debian-development.mdwn
@@ -934,6 +934,7 @@ are the alternatives I am aware of:
  * [debspawn][] - system-nspawn builder
  * [docker-buildpackage][] - Docker builder
  * [qemubuilder][] - qemu builder
+ * [qemu-sbuild-utils][] - qemu + sbuild + autopkgtest
 
 Take, for example, [Whalebuilder][], which uses Docker to build
 packages instead of `pbuilder` or `sbuild`. Docker provides more
@@ -956,6 +957,7 @@ which would greatly reduce their complexity.
 [qemubuilder]: https://wiki.debian.org/qemubuilder
 [sbuild plugin]: https://lists.debian.org/debian-devel/2018/08/msg00005.html
 [whalebuilder]: https://www.uhoreg.ca/programming/debian/whalebuilder
+[qemu-sbuild-utils]: https://www.kvr.at/posts/qemu-sbuild-utils-01-sbuild-with-qemu/
 
 This guide should be integrated into the official documentation or the
 Debian wiki. It is eerily similar to [this guide][] which itself is a

sort reformat
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index d1db4394..b9a97c80 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -347,10 +347,12 @@ Other converters
 
 Consider alternative SSGs:
 
- * lektor: used at Tor
- * pelican: watch out for pelican, another user reports that, with caching, generating a 500 page site takes 30 seconds, 2 minutes without caching)
+ * [11ty](https://www.11ty.dev/): [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
+ * [lektor](https://www.getlektor.com/): used at Tor
+ * [pelican](https://getpelican.com/): watch out for pelican, another user reports that,
+   with caching, generating a 500 page site takes 30 seconds, 2
+   minutes without caching
  * [zola](https://www.getzola.org/)
- * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
 
 See also those comparisons:
 

merge the ssg alternatives in one place
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index e0cfce59..d2b99546 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -96,6 +96,8 @@ Here are some things I'm thinking of doing on the website:
  * improve spam control, consider the [mediawiki tricks](https://m.mediawiki.org/wiki/Manual:Combating_spam), [friendly
    captcha](https://friendlycaptcha.com/), the [Tornevall blocklist](https://www.tornevall.net/about/) and other RBLs, and [the
    ikiwiki discussion](https://ikiwiki.info/todo/anti-spam_protection/)
+ * consider migrating away from ikiwiki, see
+   [[ikiwiki-hugo-conversion]] for details
 
 [TufteCSS]: https://edwardtufte.github.io/tufte-css/
 [controlpanel]: http://anarc.at/ikiwiki.cgi?do=controlpanel
@@ -207,11 +209,6 @@ dropped:
 We're now running upstream (`0.20180719-1`), which hopefully still
 works.
 
-Other SSG options:
-
- * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
- * TODO: compare with other SSGs
-
 ## 2017-06-19: major upgrade
 
 upgraded to the upstream 3.20170111 release using backports in
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 80f983a8..d1db4394 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -255,10 +255,6 @@ the gist of it is we need to implement:
 
 structural elements needing more thinking:
 
- * consider lektor and pelican and [zola](https://www.getzola.org/) and what else (watch out
-   for pelican, another user reports that, with caching, generating a
-   500 page site takes 30 seconds, 2 minutes without caching)
-   ([comparison site](https://www.staticgen.com/), [another](https://staticsitegenerators.net/), and [another](https://www.staticsitegenerator.net/))
  * [RSS](https://gohugo.io/templates/rss/)
  * frontpage and blog structure (`inline`)
  * same with `map` and `orphan` pages
@@ -347,3 +343,16 @@ Other converters
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
  * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)
  * [Upstream list of converters](https://gohugo.io/tools/migrations/)
+# Other alternatives
+
+Consider alternative SSGs:
+
+ * lektor: used at Tor
+ * pelican: watch out for pelican, another user reports that, with caching, generating a 500 page site takes 30 seconds, 2 minutes without caching)
+ * [zola](https://www.getzola.org/)
+ * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
+
+See also those comparisons:
+
+ * <https://www.staticgen.com/
+ * <https://staticsitegenerators.net/>

settext/atx
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index db1e26fd..e0cfce59 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -10,8 +10,7 @@ Voir aussi [[hosted]] pour les sites statiques hébergés hors de la ferme de wi
 
 [[!toc levels=2]]
 
-Fonctionnement
-==============
+# Fonctionnement
 
 Les wikis fonctionnent sous l'excellent logiciel [[ikiwiki]], et les wikis sont gérés avec l'extension [ikiwiki-hosting](http://ikiwiki-hosting.branchable.com/).
 
@@ -19,13 +18,11 @@ Chaque wiki a sont propre dépôt [[git]] indépendant qui garde l'historique de
 
 Un [[!wikipedia stylesheet]] peut être installé par les utilisateurs, et un thème complet (tel [[night city|night_city/README]] qui formait la jolie présentation ici) peut être installé sur demande.
 
-Tips
-====
+# Tips
 
 Petits conseils d'utilisation supplémentaire de ikiwiki. Voir [[ikiwiki]] pour l'aide régulière.
 
-Migrating from Moinmoin markup to markdown regexes
---------------------------------------------------
+## Migrating from Moinmoin markup to markdown regexes
 
  * titles: `^== \(.*\) ==$` to `## \1`
  * preformatted areas: `{{{` to `[[!format txt """` and `}}}` to `"""]]`
@@ -33,8 +30,7 @@ Migrating from Moinmoin markup to markdown regexes
 
 Those are probably not being rendered properly, see [[!iki tips/convert_moinmoin_to_ikiwiki]] for a more complete solution.
 
-Renaming a wiki
----------------
+## Renaming a wiki
 
 Normally:
 
@@ -68,8 +64,7 @@ mv a-test a-testwiki
 sudo ikisite changesetup testwiki.anarc.at --rebuild
 ```
 
-Todo list
-=========
+# Todo list
 
 Here are some things I'm thinking of doing on the website:
 
@@ -120,13 +115,11 @@ Here are some things I'm thinking of doing on the website:
 [ikiwikihosting-dns]: http://ikiwiki-hosting.branchable.com/ikidns/
 [ikiwiki-hosting let's encrypt integration]: http://ikiwiki-hosting.branchable.com/todo/letsencrypt_support/
 
-Update log
-==========
+# Update log
 
 Various operations on the service documented here.
 
-Patches to apply
-----------------
+## Patches to apply
 
 On any given upgrade, the following patches need to be applied:
 
@@ -186,8 +179,7 @@ below is missing at least the geo scheme stuff. !!!
     git diff $release..admonitions doc/style.css | ( cd /usr/share/ikiwiki/basewiki ; sudo patch -p2 --dry-run ) &&
     git diff $release..admonitions doc/style.css | ( cd /usr/share/ikiwiki/basewiki ; sudo patch -p2 )
 
-2019-10-02: major upgrade
--------------------------
+## 2019-10-02: major upgrade
 
 Upgraded the entire server to buster. The following patches were
 dropped:
@@ -220,15 +212,13 @@ Other SSG options:
  * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
  * TODO: compare with other SSGs
 
-2017-06-19: major upgrade
--------------------------
+## 2017-06-19: major upgrade
 
 upgraded to the upstream 3.20170111 release using backports in
 preperation for the stretch upgrade. patches reapplied as they are not
 factored in upstream yet.
 
-2017-04-19: ikiwiki-hosting upgrade
------------------------------------
+## 2017-04-19: ikiwiki-hosting upgrade
 
 Followed the upstream 0.20161219 release from stretch. Had to apply
 the following patches:
@@ -243,8 +233,7 @@ The following patches were dropped:
    seems like there's a workaround...
  * dev/usercreate_fails: not reported upstream, werid use case
 
-2017-01-14: security upgrade
-----------------------------
+## 2017-01-14: security upgrade
 
 Upstream did a security update in Jessie from
 [3.20141016.3](https://tracker.debian.org/news/671435) to
@@ -254,47 +243,39 @@ still useful.
 
 I dropped the [[!iki bugs/notifyemail fails with some openid providers]] patch because of the impeding doom of OpenID.
 
-2016-05-08: security upgrade
------------------------------
+## 2016-05-08: security upgrade
 
 Upstream did a security update in Jessie from [3.20141016.2](https://tracker.debian.org/news/671435) to [3.20141016.3](https://tracker.debian.org/media/packages/i/ikiwiki/changelog-3.20141016.3). I decided to drop the  [[!iki bugs/notifyemail fails with some openid providers]] patch because it's probably not really in use and OpenID is dying anyways. I did reapply the git-annex patch since that is still useful.
 
-2015-02-06: blog migrated from Drupal
--------------------------------------
+## 2015-02-06: blog migrated from Drupal
 
 See [[blog/2015-02-06-migrating-drupal-ikiwiki/]].
 
-2015-04-02: security upgrade
-----------------------------
+## 2015-04-02: security upgrade
 
 Upstream just rerolled an upgrade to work around an XSS issue in the
 OpenID plugin.
 
-2015-03-30: git-annex support
------------------------------
+## 2015-03-30: git-annex support
 
 I started working on [[!iki todo/git-annex_support]]. Ikiwiki and ikiwiki-hosting have been locally patched to support this, but manual interventions are required for any wiki that wants to have annexed files. So far only this wiki has such support. See [[!iki todo/git-annex_support]] for more information on how this works.
 
-2015-02-03: minor upgrade
--------------------------
+## 2015-02-03: minor upgrade
 
 It seems there were some ikiwiki criticial bugs in jessie that warranted a [3.20141016.1 release](https://tracker.debian.org/news/671435). Debian is now diverging from [upstream](https://ikiwiki.info/news/) which is unfortunate, but I guess necessary to have stables.
 
 My openid patch is still not in, but I believe the [SSL issue](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761635) is finally fixed. See the [3.20141016.1 upload](https://tracker.debian.org/news/671435) for release notes.
 
-2014-??-??: ikiwiki-hosting upgrade?
-------------------------------------
+## 2014-??-??: ikiwiki-hosting upgrade?
 
 At some point during the year, ikiwiki-hosting was upgraded to
 0.20140613 (or just installed?).
 
-2014-10-28: minor upgrade
--------------------------
+## 2014-10-28: minor upgrade
 
 Hopefully last upgrade for the lifetime of the next Debian stable release, the [[!iki news/version_3.20141016]] release still hasn't factored in my patch and I'll probably have to port it to the end. But it's the only patch remaining. See [[!iki news/3.20141016]] for changelog.
 
-2014-09-28: minor upgrade
--------------------------
+## 2014-09-28: minor upgrade
 
 Upgraded to the latest release, only one patch left, and it seems it is here to stay... :/ See [[!iki bugs/notifyemail fails with some openid providers]].
 
@@ -306,8 +287,7 @@ At least those patches were merged in / fixed:
 
 The changes cover this [changelog](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=debian/changelog;hb=HEAD) between versions `3.20140227` and `3.20140916`.
 
-2014-06-01: minor upgrade
--------------------------
+## 2014-06-01: minor upgrade
 
 Upgraded to the february release, only two patches left to apply! Those patches were merged in:
 
@@ -318,8 +298,7 @@ I didn't re-enable the pagedown and album plugins for now. We would need to avoi
 
 The changes cover this [changelog](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=debian/changelog;hb=HEAD), version `3.20140227`.
 
-2014-02-03: jessie upgrade
---------------------------
+## 2014-02-03: jessie upgrade
 
 I upgraded to [[services/upgrades/jessie]], and I had to reapply the patches. I mostly followed the procedure above.
 
@@ -327,8 +306,7 @@ See the following changelogs for details:
 
 The changes cover this [changelog](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=debian/changelog;hb=HEAD) between versions `3.20140102` and `3.20140125`.
 
-2013-11-29: Backport upgrade
-----------------------------
+## 2013-11-29: Backport upgrade
 
 I upgraded to the current version in `jessie`, that is `3.20130904.1`. This deals with [problems with uncommitted changes from the web interface](http://ikiwiki.info/bugs/changes_from_the_web_interface_fail_to_get_committed/) and also factors in a few patches that were applied locally, as well as lots of bugfixes.
 
@@ -369,8 +347,7 @@ patching file templates/albumprev.tmpl
 patching file templates/albumviewer.tmpl
 """]]
 
-2013-09-08? Migration à ikiwiki-hosting
----------------------------------------
+## 2013-09-08? Migration à ikiwiki-hosting
 
 Ikiwiki-hosting est en utilisation depuis peut-être 2011, puisque
 c'est là que me premières contributions arrivent dans le projet. Mais

(Diff truncated)
very late corrections to the GnuTLS audit article
Obviously, if those had been addressed to me directly instead of the
Hacker News public at large, they would have been fixed faster... Only
because I looked at my analytics and noticed the popularity of this
article did I realize that I might want to look at Hacker News for
comments... Sigh.
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index 80d97e89..9ca63c94 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -133,6 +133,20 @@ after which the ticket gets cycled and properly initialized. But that
 is [apparently 6 hours by default](https://twitter.com/__agwa/status/1270054740559384576) so it is going to protect only
 really long-lasting TLS sessions, which are uncommon, I would argue.
 
+> Update: [according to the Tweet's author](https://news.ycombinator.com/item?id=23964740):
+>
+> > The author of this blog post is misinterpreting the problem. It's
+> > not the session ticket which is rotated after 6 hours, but the
+> > session ticket encryption key (STEK). This has nothing to do with
+> > the length of the TLS session, but rather the lifetime of the
+> > process using GnuTLS. For the first 6 hours, connections made to the
+> > GnuTLS server are vulnerable. After the process has been running for
+> > 6 hours, new connections are safe (assuming there's no other GnuTLS
+> > vulnerability). This reduces the impact of the vulnerability
+> > considerably (although it's still really bad).
+>
+> I stand corrected.
+
 My audit is limited. For example, it might have been better to walk
 the shared library dependencies directly, instead of relying on Debian
 package dependencies.
@@ -194,6 +208,15 @@ away from GnuTLS and instead think of other TLS libraries like
 [mbedtls](https://tls.mbed.org/) (previously known as PolarSSL), [NSS](https://en.wikipedia.org/wiki/Network_Security_Services), [BoringSSL](https://boringssl.googlesource.com/boringssl/),
 [LibreSSL](https://www.libressl.org/) and so on. Not that those are totally sinless either...
 
+> Correction, OpenSSL is [actually what those people have in mind](https://news.ycombinator.com/item?id=23964740):
+>
+> > No, OpenSSL is exactly what we have in mind, including Filippo:
+> > https://twitter.com/FiloSottile/status/1270130358634283008
+> >
+> > OpenSSL isn't perfect but it has improved considerably since
+> > Heartbleed and has the resources (funding and competent people) that
+> > a crypto project needs.
+
 "This is fine", as they say...
 
 [Heartbleed]: https://en.wikipedia.org/wiki/Heartbleed

response
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_6_100da9bc31931e3aab2c034a28219eca._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_6_100da9bc31931e3aab2c034a28219eca._comment
new file mode 100644
index 00000000..45fecd0a
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_6_100da9bc31931e3aab2c034a28219eca._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""Re: Is sum() over a gauge correct?"""
+ date="2020-11-11T17:47:58Z"
+ content="""
+The actual query right now in the dashboard is:
+
+    sum(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}) by (instance)
+
+Honestly, I don't remember anymore: I fiddled with those queries for a
+while, but notice the `instance` parameter in the labels there, which
+might make the `sum()` part a noop, so the actual query might be better expressed as:
+
+    probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}
+
+Would love to have some more experience PromQL people fix my ugly queries. :)
+"""]]

approve comment
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_70d3d6596d76e0511acaaab4d5cb0a48._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_70d3d6596d76e0511acaaab4d5cb0a48._comment
new file mode 100644
index 00000000..61797e7d
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_70d3d6596d76e0511acaaab4d5cb0a48._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="75.58.8.11"
+ claimedauthor="yegle"
+ url="yegle.net"
+ subject="Is sum() over a gauge correct?"
+ date="2020-11-11T03:11:41Z"
+ content="""
+I'm new to PromQL, but sum() a gauge doesn't sound right to me... Shouldn't you use avg()/min()/max() (or their _over_time variant), or just use quantile()?
+"""]]

calibre workaround
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 5500b79c..e8f1c1bc 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -382,3 +382,13 @@ up to date in Debian (although for the server side of things that
 shouldn't really matter). I tried to make systemd detect changes to
 the database and reload the service, but it failed, so maybe i'll need
 to look at another [[filesystem monitoring tool|blog/2019-11-20-file-monitoring-tools]].
+
+If you get a weird error about "Failed to communicate", it might be
+because the database is not writable by Calibre. Here I had to make it
+owned by a shared group and writable:
+
+    chown :media metadata*
+    chmod g+w metadata*
+
+I also added that in `.git/hooks/post-checkout` for my future self,
+although `git-annex` might overwrite that eventually...

more SSGs
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index 0a1615f0..db1e26fd 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -215,6 +215,11 @@ dropped:
 We're now running upstream (`0.20180719-1`), which hopefully still
 works.
 
+Other SSG options:
+
+ * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
+ * TODO: compare with other SSGs
+
 2017-06-19: major upgrade
 -------------------------
 

another monitoring tool
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index f79f5cd8..18f98ef4 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -21,6 +21,15 @@ Those tools an watch files or trees of files and execute whatever.
  * No Debian package
  * requires a TOML config file
 
+## chokidar
+
+<https://github.com/kimmobrunfeldt/chokidar-cli>
+
+ * 2015-2019
+ * Javascript
+ * MIT
+ * No Debian package
+
 ## direvent
 
 <https://www.gnu.org.ua/software/direvent/>

spam tricks
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index 6bd053bd..0a1615f0 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -98,6 +98,9 @@ Here are some things I'm thinking of doing on the website:
     * makesite - pour la création de nouveaux sites
     * missingsite - pour montrer un site même pour les sites manquants
     * parked - pour les sites désactivés
+ * improve spam control, consider the [mediawiki tricks](https://m.mediawiki.org/wiki/Manual:Combating_spam), [friendly
+   captcha](https://friendlycaptcha.com/), the [Tornevall blocklist](https://www.tornevall.net/about/) and other RBLs, and [the
+   ikiwiki discussion](https://ikiwiki.info/todo/anti-spam_protection/)
 
 [TufteCSS]: https://edwardtufte.github.io/tufte-css/
 [controlpanel]: http://anarc.at/ikiwiki.cgi?do=controlpanel

another san option
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 538c7d76..d97e00f9 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -374,6 +374,10 @@ It's unclear if I could just migrate marcos to this platform as is,
 and the prices might be slightly higher than what I would get when
 building it from scratch...
 
+## Ten64
+
+https://www.crowdsupply.com/traverse-technologies/ten64/updates/building-a-nas-with-ten64-and-rockstor-and-new-turnkey-nas-bundle
+
 ## Other SoC boards
 
 There are many SoC boards that could be used to create a device from

add crdt.el
diff --git a/blog/2018-06-26-collaborative-editors-history.mdwn b/blog/2018-06-26-collaborative-editors-history.mdwn
index 21093289..4f6e663d 100644
--- a/blog/2018-06-26-collaborative-editors-history.mdwn
+++ b/blog/2018-06-26-collaborative-editors-history.mdwn
@@ -41,6 +41,7 @@ notable feature or implementation detail.
 | [Qill](https://quilljs.com/)                  | 2013-now   | Web, Node.JS      | Rich text editor, also javascript. Not sure it is really collaborative.                                                                                                                                                                                                                                                    |
 | [Teletype](https://teletype.atom.io/)              | 2017-now   | WebRTC, Node.JS   | For the GitHub's [Atom editor](https://atom.io), introduces "portal" idea that makes guests follow what the host is doing across multiple docs. p2p with webRTC after visit to introduction server, CRDT based.                                                                                                                          |
 | [Tandem](http://typeintandem.com/)                | 2018-now   | Node.JS?          | Plugins for atom, vim, neovim, sublime... uses a relay to setup p2p connexions CRDT based. [Dubious license issues](https://github.com/typeintandem/tandem/issues/131) were resolved thanks to the involvement of Debian developers, which makes it a promising standard to follow in the future.                                                                          |
+| [crdt.el](https://code.librehq.com/qhong/crdt.el/)               | 2020-now   | Emacs             | First CRDT plugin for Emacs, Emacs-only                                                                                                                                                                                                                                                                                    |
 
 Other lists
 ===========

align table
diff --git a/blog/2018-06-26-collaborative-editors-history.mdwn b/blog/2018-06-26-collaborative-editors-history.mdwn
index 76969203..21093289 100644
--- a/blog/2018-06-26-collaborative-editors-history.mdwn
+++ b/blog/2018-06-26-collaborative-editors-history.mdwn
@@ -19,28 +19,28 @@ So without further ado, here is the list of notable collaborative
 editors that I could find. By "notable" i mean that they introduce a
 notable feature or implementation detail.
 
-| Project          | Date       | Platform | Notes |
-| ---------------- | ---------- | -------- | ----- |
-| [SubEthaEdit](https://www.codingmonkeys.de/subethaedit/) | 2003-2015? | Mac-only | first collaborative, real-time, multi-cursor editor I could find. An [reverse-engineering attempt in Emacs](https://www.emacswiki.org/emacs/SubEthaEmacs) failed to produce anything. |
-| [DocSynch](http://docsynch.sourceforge.net/) |  2004-2007 | ? | built on top of IRC! |
-| [Gobby](https://gobby.github.io/) | 2005-now | C, multi-platform | first open, solid and reliable implementation and still around! The protocol ("[libinfinoted](http://infinote.0x539.de/libinfinity/API/libinfinity/)") is notoriously hard to port to other editors (e.g. [Rudel](https://www.emacswiki.org/emacs/Rudel) failed to implement this in Emacs). 0.7 release in jan 2017 adds possible python bindings that might improve this. Interesting plugins: autosave to disk. |
-| [Ethercalc](https://ethercalc.net/) | 2005-now | Web, Javascript | First spreadsheet, along with [Google docs](https://en.wikipedia.org/wiki/Google_docs) |
-| [moonedit](https://web.archive.org/web/20060423192346/http://www.moonedit.com:80/) | 2005-2008? | ? | Original website died. Other user's cursors visible and emulated keystrokes noises. Included a calculator and music sequencer! |
-| [synchroedit](http://www.synchroedit.com/) | 2006-2007 | ? | First web app. |
-| [Inkscape](http://wiki.inkscape.org/wiki/index.php/WhiteBoard) | 2007-2011 | C++ | First graphics editor with collaborative features backed by the "whiteboard" plugin built on top of Jabber, now defunct. |
-| [Abiword](https://en.wikipedia.org/wiki/AbiWord) | 2008-now | C++ | First word processor |
-| [Etherpad](http://etherpad.org/) | 2008-now | Web | First solid web app. Originally developped as a heavy Java app in 2008, acquired and opensourced by Google in 2009, then rewritten in Node.js in 2011. Widely used. |
-| [Wave](https://en.wikipedia.org/wiki/Apache_Wave) | 2009-2010 | Web, Java | Failed attempt at a grand protocol unification |
-| [CRDT](https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type) | 2011 | Specification | Standard for replicating a document's datastructure among different computers reliably.|
-| [Operational transform](http://operational-transformation.github.io/) | 2013 | Specification | Similar to CRDT, yet, well, different. |
-| [Floobits](https://floobits.com/) | 2013-now | ? | Commercial, but opensource plugins for different editors |
-| [LibreOffice Online](https://wiki.documentfoundation.org/Development/LibreOffice_Online) | 2015-now | Web | free Google docs equivalent, now integrated in [Nextcloud](https://nextcloud.com/collaboraonline/) |
-| [HackMD](https://hackmd.io/) | 2015-now | ? | Commercial but [opensource](https://github.com/hackmdio/hackmd). Inspired by hackpad, which was bought up by Dropbox. |
-| [Cryptpad](https://cryptpad.fr/) | 2016-now | web? | spin-off of xwiki. encrypted, "zero-knowledge" on server |
-| [Prosemirror](https://prosemirror.net/) | 2016-now | Web, Node.JS | "Tries to bridge the gap between Markdown text editing and classical WYSIWYG editors." Not really an editor, but something that can be used to build one. |
-| [Qill](https://quilljs.com/) | 2013-now | Web, Node.JS | Rich text editor, also javascript. Not sure it is really collaborative. |
-| [Teletype](https://teletype.atom.io/) | 2017-now | WebRTC, Node.JS | For the GitHub's [Atom editor](https://atom.io), introduces "portal" idea that makes guests follow what the host is doing across multiple docs. p2p with webRTC after visit to introduction server, CRDT based. |
-| [Tandem](http://typeintandem.com/) | 2018-now | Node.JS? | Plugins for atom, vim, neovim, sublime... uses a relay to setup p2p connexions CRDT based. [Dubious license issues](https://github.com/typeintandem/tandem/issues/131) were resolved thanks to the involvement of Debian developers, which makes it a promising standard to follow in the future. |
+| Project                    | Date       | Platform          | Notes                                                                                                                                                                                                                                                                                                                      |
+|----------------------------|------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [SubEthaEdit](https://www.codingmonkeys.de/subethaedit/)           | 2003-2015? | Mac-only          | first collaborative, real-time, multi-cursor editor I could find. An [reverse-engineering attempt in Emacs](https://www.emacswiki.org/emacs/SubEthaEmacs) failed to produce anything.                                                                                                                                                                                 |
+| [DocSynch](http://docsynch.sourceforge.net/)              | 2004-2007  | ?                 | built on top of IRC!                                                                                                                                                                                                                                                                                                       |
+| [Gobby](https://gobby.github.io/)                 | 2005-now   | C, multi-platform | first open, solid and reliable implementation and still around! The protocol ("[libinfinoted](http://infinote.0x539.de/libinfinity/API/libinfinity/)") is notoriously hard to port to other editors (e.g. [Rudel](https://www.emacswiki.org/emacs/Rudel) failed to implement this in Emacs). 0.7 release in jan 2017 adds possible python bindings that might improve this. Interesting plugins: autosave to disk. |
+| [Ethercalc](https://ethercalc.net/)             | 2005-now   | Web, Javascript   | First spreadsheet, along with [Google docs](https://en.wikipedia.org/wiki/Google_docs)                                                                                                                                                                                                                                                                             |
+| [moonedit](https://web.archive.org/web/20060423192346/http://www.moonedit.com:80/)              | 2005-2008? | ?                 | Original website died. Other user's cursors visible and emulated keystrokes noises. Included a calculator and music sequencer!                                                                                                                                                                                             |
+| [synchroedit](http://www.synchroedit.com/)           | 2006-2007  | ?                 | First web app.                                                                                                                                                                                                                                                                                                             |
+| [Inkscape](http://wiki.inkscape.org/wiki/index.php/WhiteBoard)              | 2007-2011  | C++               | First graphics editor with collaborative features backed by the "whiteboard" plugin built on top of Jabber, now defunct.                                                                                                                                                                                                   |
+| [Abiword](https://en.wikipedia.org/wiki/AbiWord)               | 2008-now   | C++               | First word processor                                                                                                                                                                                                                                                                                                       |
+| [Etherpad](http://etherpad.org/)              | 2008-now   | Web               | First solid web app. Originally developped as a heavy Java app in 2008, acquired and opensourced by Google in 2009, then rewritten in Node.js in 2011. Widely used.                                                                                                                                                        |
+| [Wave](https://en.wikipedia.org/wiki/Apache_Wave)                  | 2009-2010  | Web, Java         | Failed attempt at a grand protocol unification                                                                                                                                                                                                                                                                             |
+| [CRDT](https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type)                  | 2011       | Specification     | Standard for replicating a document's datastructure among different computers reliably.                                                                                                                                                                                                                                    |
+| [Operational transform](http://operational-transformation.github.io/) | 2013       | Specification     | Similar to CRDT, yet, well, different.                                                                                                                                                                                                                                                                                     |
+| [Floobits](https://floobits.com/)              | 2013-now   | ?                 | Commercial, but opensource plugins for different editors                                                                                                                                                                                                                                                                   |
+| [LibreOffice Online](https://wiki.documentfoundation.org/Development/LibreOffice_Online)    | 2015-now   | Web               | free Google docs equivalent, now integrated in [Nextcloud](https://nextcloud.com/collaboraonline/)                                                                                                                                                                                                                                                              |
+| [HackMD](https://hackmd.io/)                | 2015-now   | ?                 | Commercial but [opensource](https://github.com/hackmdio/hackmd). Inspired by hackpad, which was bought up by Dropbox.                                                                                                                                                                                                                                       |
+| [Cryptpad](https://cryptpad.fr/)              | 2016-now   | web?              | spin-off of xwiki. encrypted, "zero-knowledge" on server                                                                                                                                                                                                                                                                   |
+| [Prosemirror](https://prosemirror.net/)           | 2016-now   | Web, Node.JS      | "Tries to bridge the gap between Markdown text editing and classical WYSIWYG editors." Not really an editor, but something that can be used to build one.                                                                                                                                                                  |
+| [Qill](https://quilljs.com/)                  | 2013-now   | Web, Node.JS      | Rich text editor, also javascript. Not sure it is really collaborative.                                                                                                                                                                                                                                                    |
+| [Teletype](https://teletype.atom.io/)              | 2017-now   | WebRTC, Node.JS   | For the GitHub's [Atom editor](https://atom.io), introduces "portal" idea that makes guests follow what the host is doing across multiple docs. p2p with webRTC after visit to introduction server, CRDT based.                                                                                                                          |
+| [Tandem](http://typeintandem.com/)                | 2018-now   | Node.JS?          | Plugins for atom, vim, neovim, sublime... uses a relay to setup p2p connexions CRDT based. [Dubious license issues](https://github.com/typeintandem/tandem/issues/131) were resolved thanks to the involvement of Debian developers, which makes it a promising standard to follow in the future.                                                                          |
 
 Other lists
 ===========

another fs watcher, in rust
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 8dd40fb7..f79f5cd8 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -11,6 +11,16 @@ find in a search engine.
 
 Those tools an watch files or trees of files and execute whatever.
 
+## caretaker
+
+<https://github.com/grego/caretaker>
+
+ * 2020
+ * Rust
+ * MIT
+ * No Debian package
+ * requires a TOML config file
+
 ## direvent
 
 <https://www.gnu.org.ua/software/direvent/>

settext -> atx
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index c5e3b09a..8dd40fb7 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -7,13 +7,11 @@ find in a search engine.
 
 [[!toc levels=3]]
 
-Generic
-=======
+# Generic
 
 Those tools an watch files or trees of files and execute whatever.
 
-direvent
---------
+## direvent
 
 <https://www.gnu.org.ua/software/direvent/>
 
@@ -23,8 +21,7 @@ direvent
  * [Debian package](https://tracker.debian.org/pkg/direvent), since 2015 (stretch), out of date (5.1 vs 5.2)
  * requires a config file to operate
 
-entr
-----
+## entr
 
 <http://eradman.com/entrproject/>
 
@@ -39,8 +36,7 @@ entr
  * has special hacks to reload browser
  * can clear screen between calls
 
-fluffy
-------
+## fluffy
 
 https://github.com/tinkershack/fluffy
 
@@ -52,8 +48,7 @@ https://github.com/tinkershack/fluffy
  * Streams events to standard output
  * also a library
 
-fswatch
--------
+## fswatch
 
 <http://emcrisostomo.github.io/fswatch/>
 
@@ -64,8 +59,7 @@ fswatch
  * outputs changesets using a specific syntax, so requires more
    commandline voodoo
 
-gamin
------
+## gamin
 
 <https://people.gnome.org/~veillard/gamin/>
 
@@ -73,8 +67,7 @@ gamin
  * [Debian package](https://tracker.debian.org/pkg/gamin) since 2005
  * not a commandline tool
 
-incron
-------
+## incron
 
 <https://github.com/ar-/incron>
 
@@ -86,8 +79,7 @@ incron
    obscure](https://manpages.debian.org/incrontab.5)) syntax
  * no event deduplication
 
-inoticoming
------------
+## inoticoming
 
 <https://tracker.debian.org/pkg/inoticoming>
 
@@ -100,8 +92,7 @@ inoticoming
  * built for [reprepro](https://tracker.debian.org/pkg/reprepro)
  * no event deduplication
 
-inotify-hookable
-----------------
+## inotify-hookable
 
 <https://metacpan.org/pod/App::Inotify::Hookable>
 
@@ -113,8 +104,7 @@ inotify-hookable
  * no event deduplication, but can "buffer" multiple events together
    with a timeout
 
-inotify-tools
--------------
+## inotify-tools
 
 <https://github.com/rvoicilas/inotify-tools/>
 
@@ -126,8 +116,7 @@ inotify-tools
  * somewhat [difficult commandline interface](https://manpages.debian.org/buster/inotify-tools/inotifywait.1.en.html)
  * no event deduplication
 
-systemd .path units
---------------------
+## systemd .path units
 
 <https://www.freedesktop.org/software/systemd/man/systemd.path.html>
 
@@ -156,8 +145,7 @@ somehow it didn't work:
 ... ie. it doesn't restart the service on changes to any of those
 files.
 
-watchexec
----------
+## watchexec
 
 <https://github.com/watchexec/watchexec>
 
@@ -178,8 +166,7 @@ watchexec
    elegantly avoided the loops I have had in watchman because of the
    files generated by tox
 
-watchman
---------
+## watchman
 
 <http://facebook.github.io/watchman/>
 
@@ -201,8 +188,7 @@ watchman
    constantely runs the tests, because there's [no way to ignore](https://github.com/facebook/watchman/issues/769)
    files in `watchman-make`.
 
-Web development
-===============
+# Web development
 
 ## grip (markdown)
 
@@ -240,8 +226,7 @@ examples:
    so more smartly
  * [iPython](https://ipython.org/) - has a [autoreload](https://ipython.org/ipython-doc/3/config/extensions/autoreload.html) extension
 
-Unit tests
-==========
+# Unit tests
 
 ## autotest
 
@@ -288,8 +273,7 @@ Unit tests
  * Perl only
  * No Debian package
 
-File synchronization
-====================
+# File synchronization
 
 I will not go through a list of all the file synchronization tools
 here. Most of them have some sort of "wake-up" system to notify file
@@ -322,8 +306,7 @@ am aware of:
  * spawns rsync on file changes
  * Lua configuration can be leveraged to do other things than sync
 
-Intrusion detection
-===================
+# Intrusion detection
 
 Here again, there are many filesystem integrity checkers and intrusion
 detection systems (IDS), but they are not relevant here unless they
@@ -371,8 +354,7 @@ to fit a square peg in this round hole:
  * [Debian package](https://tracker.debian.org/pkg/sshguard) since 2007, out of date
  * similar to fail2ban
 
-Other
-=====
+# Other
 
 ## kfmon (kobo launcher)
 

add toc
diff --git a/blog/2020-10-19-google-authenticator-libpam.mdwn b/blog/2020-10-19-google-authenticator-libpam.mdwn
index 488ecdd6..3ac2e1b0 100644
--- a/blog/2020-10-19-google-authenticator-libpam.mdwn
+++ b/blog/2020-10-19-google-authenticator-libpam.mdwn
@@ -18,6 +18,8 @@ After some fiddling, it turns out I was right and you *can*
 authenticate with a Yubikey over SSH. Here's that procedure so you
 don't have to second-guess it yourself.
 
+[[!toc]]
+
 Installation
 ============
 

fix formatting
diff --git a/blog/2020-10-19-google-authenticator-libpam.mdwn b/blog/2020-10-19-google-authenticator-libpam.mdwn
index fd985122..488ecdd6 100644
--- a/blog/2020-10-19-google-authenticator-libpam.mdwn
+++ b/blog/2020-10-19-google-authenticator-libpam.mdwn
@@ -86,7 +86,7 @@ def convert_b32_b16(data_b32):
         # pad to 20 bytes
         data_b16 += b"\x00" * (20 - len(data_b16))
     return binascii.hexlify(data_b16).decode("ascii")
-"""]
+"""]]
 
 Note that the code assumes a certain token length and will not work
 correctly for other sizes. To use the program, simply call it with:

libpam google authenticator + ssh 2FA + yubikey
diff --git a/blog/2015-12-14-yubikey-howto.mdwn b/blog/2015-12-14-yubikey-howto.mdwn
index fbe6e7c5..c21c8a16 100644
--- a/blog/2015-12-14-yubikey-howto.mdwn
+++ b/blog/2015-12-14-yubikey-howto.mdwn
@@ -304,6 +304,26 @@ for now.
 Using OATH
 ===========
 
+google-authenticator-libpam
+---------------------------
+
+I switched from libpam-oath (below) to another (better maintained)
+plugin, see the procedure in [[this article instead|2020-10-19-google-authenticator-libpam]].
+
+I switched away from libpam-oath because [users couldn't edit their
+own 2FA tokens](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807992) and I had to patch it to [avoid forcing 2FA on all
+users](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807990). The latter was merged in the Debian package, but never
+upstream, and the former was never fixed at all. It seems the library
+is not as well maintained as the Google Authenticator one, so I feel
+more confident using the latter in the future.
+
+libpam-oath
+-----------
+
+WARNING: those are the old instructions I used before I realized I
+could use the above "Google Authenticator" plugin. They are kept only
+for historical reference.
+
 This is pretty neat: it allows you to add two factor authentication to a *lot* of things. For example, PAM has such a module, which I will configure here to allow myself to login to my server from untrusted machines. While I will expose my main password to keyloggers, the OTP password will prevent that from being reused. This is a simplified version of [this OATH tutorial][].
 
 We install the PAM module with:
diff --git a/blog/2020-10-19-google-authenticator-libpam.mdwn b/blog/2020-10-19-google-authenticator-libpam.mdwn
new file mode 100644
index 00000000..fd985122
--- /dev/null
+++ b/blog/2020-10-19-google-authenticator-libpam.mdwn
@@ -0,0 +1,126 @@
+[[!meta title="SSH 2FA with Google Authenticator and Yubikey"]]
+
+About a lifetime ago (5 years), I wrote a [[tutorial on how to
+configure my Yubikey for OpenPGP signing, SSH authentication and SSH
+2FA|2015-12-14-yubikey-howto]]. In there, I used the [libpam-oath](http://www.nongnu.org/oath-toolkit/)
+PAM plugin for authentication, but it turns out that had too many
+problems: [users couldn't edit their own 2FA tokens](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807992) and I had to
+patch it to [avoid forcing 2FA on all users](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807990). The latter was merged
+in the Debian package, but never upstream, and the former was never
+fixed at all. So I started looking at alternatives and found the
+[Google Authenticator libpam plugin](https://github.com/google/google-authenticator-libpam/). A priori, it's designed to
+work with phones and the [Google Authenticator app](https://en.wikipedia.org/wiki/Google_Authenticator), but there's no
+reason why it shouldn't work with hardware tokens like the
+Yubikey. Both use the [standard HOTP protocol](https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_algorithm) so it should "just
+work".
+
+After some fiddling, it turns out I was right and you *can*
+authenticate with a Yubikey over SSH. Here's that procedure so you
+don't have to second-guess it yourself.
+
+Installation
+============
+
+On Debian, the PAM module is shipped in the [google-authenticator](https://tracker.debian.org/pkg/google-authenticator)
+source package:
+
+    apt install libpam-google-authenticator
+
+Then you need to add the module in your PAM stack somewhere. Since I
+only use it for SSH, I added this line on top of `/etc/pam.d/sshd`:
+
+    auth required pam_google_authenticator.so nullok
+
+I also used `no_increment_hotp debug` while debugging to avoid having
+to renew the token all the time and have more information about
+failures in the logs.
+
+Then reload ssh (not sure that's actually necessary):
+
+    service ssh reload
+
+Creating or replacing tokens
+============================
+
+To create a new key, run this command on the server:
+
+    google-authenticator -c
+
+This will prompt you for a bunch of questions. To get them all right,
+I prefer to just call the right ones on the commandline directly:
+
+    google-authenticator --counter-based --qr-mode=NONE --rate-limit=1 --rate-time=30 --emergency-codes=1 --window-size=3
+
+Those are actually the defaults, if my memory serves me right, except
+for the `--qr-mode` and `--emergency-codes` (which can't be disabled
+so I only print one). I disable the QR code display because I won't be
+using the codes on my phone, but you would obviously keep it if you
+want to use the app.
+
+Converting to a Yubikey-compatible secret
+=========================================
+
+Unfortunately, the encoding ([base32](https://tools.ietf.org/html/rfc3548#section-5)) produced by the
+`google-authenticator` command is not compatible with the token
+expected by the `ykpersonalize` command used to configure the Yubikey
+([base16](https://tools.ietf.org/html/rfc3548#page-8) AKA "hexadecimal", with a fixed 20 bytes length). So you
+need a way to convert between the two. I wrote a program called
+[oath-convert](https://gitlab.com/anarcat/scripts/blob/master/oath-convert) which basically does this:
+
+    read base32
+    add padding
+    convert to hex
+    print
+
+Or, in Python:
+
+[[!format python """
+def convert_b32_b16(data_b32):
+    remainder = len(data_b32) % 8
+    if remainder > 0:
+        # XXX: assume 6 chars are missing, the actual padding may vary:
+        # https://tools.ietf.org/html/rfc3548#section-5
+        data_b32 += "======"
+    data_b16 = base64.b32decode(data_b32)
+    if len(data_b16) < 20:
+        # pad to 20 bytes
+        data_b16 += b"\x00" * (20 - len(data_b16))
+    return binascii.hexlify(data_b16).decode("ascii")
+"""]
+
+Note that the code assumes a certain token length and will not work
+correctly for other sizes. To use the program, simply call it with:
+
+    head -1 .google_authenticator | oath-convert
+
+Then you paste the output in the prompt:
+
+    $ ykpersonalize -1 -o oath-hotp -o append-cr -a
+    Firmware version 3.4.3 Touch level 1541 Program sequence 2
+     HMAC key, 20 bytes (40 characters hex) : [SECRET GOES HERE]
+
+    Configuration data to be written to key configuration 1:
+
+    fixed: m:
+    uid: n/a
+    key: h:[SECRET REDACTED]
+    acc_code: h:000000000000
+    OATH IMF: h:0
+    ticket_flags: APPEND_CR|OATH_HOTP
+    config_flags: 
+    extended_flags: 
+
+    Commit? (y/n) [n]: y
+
+Note that you must NOT pass the `-o oath-hotp8` parameter to the
+`ykpersonalize` commandline, which we used to do in the [[Yubikey
+howto|2015-12-14-yubikey-howto]]. That is because Google Authenticator
+tokens are shorter: it's less secure, but it's an acceptable tradeoff
+considering the plugin is actually maintained. There's actually a
+[feature request to support 8-digit codes](https://github.com/google/google-authenticator-libpam/issues/20) so that limitation might
+eventually be fixed as well.
+
+Thanks to the [Google Authenticator people](https://github.com/google/google-authenticator-libpam/issues/186) and [Yubikey people](https://github.com/Yubico/yubikey-personalization/issues/169)
+for their support in establishing this procedure.
+
+[[!tag debian-planet python-planet geek software debian hacking security crypto hardware]]

new list
diff --git a/services/dns.mdwn b/services/dns.mdwn
index a7809cbc..d0ad2501 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -96,6 +96,9 @@ Les noms suivants pourraient être utilisés pour de futures machines:
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 
+Voir aussi [cette liste](https://www.hillelwayne.com/important-women-in-cs/) de femmes moins connues mais peut-être
+tout aussi importantes...
+
 Relié
 =====
 

set title
diff --git a/blog/2020-10-18-cdpath-replacement.mdwn b/blog/2020-10-18-cdpath-replacement.mdwn
index 193a98e3..d5df2142 100644
--- a/blog/2020-10-18-cdpath-replacement.mdwn
+++ b/blog/2020-10-18-cdpath-replacement.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="CDPATH replacements"]]
+
 after reading [this post](https://www.kvr.at/posts/my-new-favorite-utility-autojump/) I figured I might as well bite the bullet
 and improve on my CDPATH-related setup, especially because it does not
 work with Emacs. so i looked around for autojump-related alternatives

creating tag page tag/shell
diff --git a/tag/shell.mdwn b/tag/shell.mdwn
new file mode 100644
index 00000000..58d1268f
--- /dev/null
+++ b/tag/shell.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged shell"]]
+
+[[!inline pages="tagged(shell)" actions="no" archive="yes"
+feedshow=10]]

publish cdpath review
diff --git a/blog/cdpath-replacement.mdwn b/blog/2020-10-18-cdpath-replacement.mdwn
similarity index 98%
rename from blog/cdpath-replacement.mdwn
rename to blog/2020-10-18-cdpath-replacement.mdwn
index c34fd651..193a98e3 100644
--- a/blog/cdpath-replacement.mdwn
+++ b/blog/2020-10-18-cdpath-replacement.mdwn
@@ -103,4 +103,4 @@ references
 
 https://www.emacswiki.org/emacs/LocateFilesAnywhere
 
-[[!tag draft]]
+[[!tag debian-planet python-planet shell review emacs]]

finalize cdpath
diff --git a/blog/cdpath-replacement.mdwn b/blog/cdpath-replacement.mdwn
index 661319ae..c34fd651 100644
--- a/blog/cdpath-replacement.mdwn
+++ b/blog/cdpath-replacement.mdwn
@@ -3,6 +3,20 @@ and improve on my CDPATH-related setup, especially because it does not
 work with Emacs. so i looked around for autojump-related alternatives
 that do.
 
+What I use now
+==============
+
+I currently have this in my `.shenv` (sourced by `.bashrc`):
+
+    export CDPATH=".:~:~/src:~/dist:~/wikis:~/go/src:~/src/tor"
+
+This allows me to quickly jump into projects from my home dir, or the
+"source code" (`~/src`), "work" (`src/tor`), or wiki checkouts
+(`~/wikis`) directories. It works well from the shell, but
+unfortunately it's very static: if I want a new directory, I need to
+edit my config file, restart shells, etc. It also doesn't work from my
+text editor.
+
 Shell jumpers
 =============
 
@@ -16,48 +30,37 @@ Some of those may or may not have integration in Emacs.
 autojump
 --------
 
-https://github.com/wting/autojump 
-
-not in emacs, just in eshell
-https://github.com/coldnew/eshell-autojump
-
-https://stackoverflow.com/questions/25277748/use-z-jump-around-in-emacs-to-find-directories
+ * [home page](https://github.com/wting/autojump )
+ * not in emacs, but [works in eshell](https://github.com/coldnew/eshell-autojump)
+ * [this might work though](https://stackoverflow.com/questions/25277748/use-z-jump-around-in-emacs-to-find-directories)
 
 fasd
 ----
 
-https://github.com/clvv/fasd
-
-upstream packaged in debian, but those emacs extensions:
-
- * helm integration: https://github.com/ajsalminen/helm-fasd (not in melpa?)
- * more direct: https://framagit.org/steckerhalter/emacs-fasd
+ * [home page](https://github.com/clvv/fasd)
+ * upstream packaged in Debian
+ * emacs extensions, not in Debian:
+   * [helm integration](https://github.com/ajsalminen/helm-fasd) (not in melpa?)
+   * [more direct](https://framagit.org/steckerhalter/emacs-fasd)
 
 z
 -
 
-ungooglable.
-
-https://github.com/rupa/z
-
-not in debian at all.
-
-helm integration: https://melpa.org/#/helm-z
-eshell integration: https://github.com/xuchunyang/eshell-z
+ * [home page](https://github.com/rupa/z)
+ * ungooglable
+ * not in Debian
+ * [helm integration](https://melpa.org/#/helm-z)
+ * [eshell integration](https://github.com/xuchunyang/eshell-z)
 
 fzf
 ---
 
-https://github.com/junegunn/fzf
-
-the original "fuzzer". uses `find` by default, so no notion of
-frequency.
-
-emacs integration: https://github.com/bling/fzf.el
-
-similar projects: https://github.com/junegunn/fzf/wiki/Related-projects
-
-see also https://github.com/ajeetdsouza/zoxide
+ * [home page](https://github.com/junegunn/fzf)
+ * the original "fuzzer". uses `find` by default, so no notion of
+ frequency.
+ * [emacs integration](https://github.com/bling/fzf.el)
+ * [similar projects](https://github.com/junegunn/fzf/wiki/Related-projects)
+ * [rust implementation](https://github.com/ajeetdsouza/zoxide)
 
 Emacs plugins not integrated with the shell
 ===========================================
@@ -69,19 +72,32 @@ functionality in the shell.
 projectile
 ----------
 
-https://github.com/bbatsov/projectile
+ * [home page](https://github.com/bbatsov/projectile)
+ * supports ido, ivy, or helm.
 
-supports ido, ivy, or helm.
+elpy
+----
 
-elpy?
------
+ * [home page](https://elpy.readthedocs.io/)
+ * elpy has a notion of [projects](https://elpy.readthedocs.io/en/latest/ide.html#projects), so, by default, will find files
+   in the current "project" with <kbd>C-c C-f</kdb> which is useful
 
 bookmarks.el
 ------------
 
+ * built-in
+ * [home page](https://www.emacswiki.org/emacs/BookMarks)
+ * "Bookmarks record locations so you can return to them later"
+
 recentf
 -------
 
+ * built-in
+ * [home page](https://www.emacswiki.org/emacs/RecentFiles)
+ * "builds a list of recently opened files. This list is is
+   automatically saved across sessions on exiting Emacs - you can then
+   access this list through a command or the menu"
+
 references
 ==========
 

xref
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 594c47c6..5500b79c 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -379,4 +379,6 @@ configuration file:
 
 Calibre is installed [through Flatpak](https://flathub.org/apps/details/com.calibre_ebook.calibre) because that version is more
 up to date in Debian (although for the server side of things that
-shouldn't really matter).
+shouldn't really matter). I tried to make systemd detect changes to
+the database and reload the service, but it failed, so maybe i'll need
+to look at another [[filesystem monitoring tool|blog/2019-11-20-file-monitoring-tools]].

bug with .path files
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 57454827..c5e3b09a 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -137,6 +137,25 @@ systemd .path units
  * [Debian package](https://tracker.debian.org/pkg/systemd/) since 2010
  * activates a system or user "unit" on inotify changes
 
+Update: I tried to make this work for [[software/desktop/calibre]] but
+somehow it didn't work:
+
+    # this doesn't actually work. either it doesn't notices changes from git, or it
+    # doesn't notify calibre-server.service, or it does and that doesn't trigger a
+    # restart, but the thing doesn't restart as i would expect
+    [Path]
+    PathModified=/srv/books/metadata.db
+    PathModified=/srv/books
+    PathChanged=/srv/books/metadata.db
+    PathChanged=/srv/books
+
+    [Unit]
+    Description=calibre content server
+    After=network.target
+
+... ie. it doesn't restart the service on changes to any of those
+files.
+
 watchexec
 ---------
 

OPDS server
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 1f5c08de..594c47c6 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -328,3 +328,55 @@ independent from the Calibre project and talks directly to the
 database using SQLAlchemy. It does use calibre components to convert
 books but it might be an interesting alternative to the web interface
 shipped with Calibre.
+
+Update 3: I ended up setting up calibre on the server side of things
+to have an OPDS directory to more easily transfer books from my
+e-reader, now that I have an Android tablet (running "Document Viewer"
+or "Koreader", both of which support OPDS), or Koreader on my Kobo
+(which works much better than before, thanks to NickelMenu. I setup
+the service using this `.service` file:
+
+    [Service]
+    Type=simple
+    User=calibre-sandbox
+    Group=media
+    # this exposes the service to local users, which isn't great. socket activation
+    # would be better, but is not documented upstream and, well, it's only books and
+    # /srv/books is readable anyways..
+    ExecStart=/usr/bin/calibre-server --disable-fallback-to-detected-interface --listen-on 127.0.0.1 --port 4341 /srv/books
+
+    [Install]
+    WantedBy=multi-user.target
+
+The server is made publicly visible with authentication (because I
+don't trust calibre's builtin auth) thanks to this Apache
+configuration file:
+
+    <VirtualHost *:80>
+        ServerName calibre.anarc.at
+        Redirect / https://calibre.anarc.at/
+        DocumentRoot /var/www/html/
+    </VirtualHost>
+
+    <VirtualHost *:443>
+        ServerName calibre.anarc.at
+        Use common-letsencrypt-ssl calibre.anarc.at
+        DocumentRoot /var/www/html/
+        AllowEncodedSlashes On
+        ProxyPreserveHost On
+        ProxyPass /.well-known/ !
+            # 43 41 is ASCII hex for C A (L I B R E)
+            ProxyPass / http://127.0.0.1:4341/
+            ProxyPassReverse / http://127.0.0.1:4341/
+
+            <Location />
+            AuthType Basic
+            AuthName "Restricted Content"
+            AuthUserFile /etc/apache2/htpasswd.calibre
+            Require valid-user
+        </Location>
+    </VirtualHost>
+
+Calibre is installed [through Flatpak](https://flathub.org/apps/details/com.calibre_ebook.calibre) because that version is more
+up to date in Debian (although for the server side of things that
+shouldn't really matter).

tried google authenticator
diff --git a/blog/2015-12-14-yubikey-howto/comment_3_f5611c9d076c0dadfc8a448c428470df._comment b/blog/2015-12-14-yubikey-howto/comment_3_f5611c9d076c0dadfc8a448c428470df._comment
new file mode 100644
index 00000000..693be1d8
--- /dev/null
+++ b/blog/2015-12-14-yubikey-howto/comment_3_f5611c9d076c0dadfc8a448c428470df._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""tried google authenticator"""
+ date="2020-10-14T14:21:56Z"
+ content="""
+Because I suspect it is better maintained, I tried the [google-authenticator-libpam](https://github.com/google/google-authenticator-libpam) plugin which *claims* to also support HOTP/OATH so hit should just work. Unfortunately, I wasn't able to make it work:
+
+ 1. the secret is formatted differently, with base32 that `base32 -d` cannot parse
+ 2. even if it would, it uses a different secret length
+
+I tried this magic piece of Python to generate a secret that would work in both:
+
+    secret = secrets.token_bytes(20)
+    print(binascii.hexlify(secret).decode('ascii'))
+    print(base64.b32encode(secret).decode('ascii'))
+
+.. but it doesn't work. Details in <https://github.com/Yubico/yubikey-personalization/issues/169>
+"""]]

crazy glue might solve this?
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 1f8df52d..b9e0224a 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -540,3 +540,4 @@ The timeline of that laptop's hardware problems looks like this:
  * 2020-08-07: laptop delivered
  * 2020-09-20: bottom left "pad" drops off
  * 2020-10-10: asked support@ about the pad
+ * 2020-10-11: support response: crazy glue and [spare pads](https://shop.puri.sm/shop/rubber-feet/) (good)

notified support of hw problem again
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index e56e1e36..1f8df52d 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -539,3 +539,4 @@ The timeline of that laptop's hardware problems looks like this:
  * 2020-08-06: laptop shipped
  * 2020-08-07: laptop delivered
  * 2020-09-20: bottom left "pad" drops off
+ * 2020-10-10: asked support@ about the pad

two more suggestions from the fediverse
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 909ab5a5..66e3d222 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -65,6 +65,12 @@ keep up to date.
  * [Source code](https://github.com/impress/impress.js), [demo](https://impress.js.org/)
  * [Hekyll](https://github.com/bmcmurray/hekyll) uses [Jekyll](https://github.com/mojombo/jekyll) as a backend
 
+## Impressive
+
+ * simply displays PDFs or images
+ * page transitions, overview screen, highlighting
+ * [Home page](http://impressive.sourceforge.net/)
+
 ## Libreoffice Impress
 
  * Powerpoint clone
@@ -80,10 +86,11 @@ keep up to date.
  * no release since 2008
  * [Home page](http://member.wide.ad.jp/wg/mgp/)
 
-## mdp
+## mdp and lookatme (commandline)
 
  * Commandline-only, markdown
  * [Home page](https://github.com/visit1985/mdp)
+ * [lookatme](https://github.com/d0c-s4vage/lookatme) is similar
 
 ## Pandoc
 

forgot a previous rant on this topic
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index b61f2f46..909ab5a5 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -51,6 +51,13 @@ keep up to date.
  * see also [powerdot](https://www.ctan.org/pkg/powerdot/)
  * [Home page](https://ctan.org/pkg/beamer)
 
+## Darkslide
+
+ * HTML, Javascript
+ * presenter notes, table of contents, Markdown, RST, Textile, themes,
+   code samples, auto-reload
+ * [Home page](https://github.com/ionelmc/python-darkslide), [demo](https://ionelmc.github.io/python-darkslide/#slide:1)
+
 ## Impress.js
 
  * Javascript
@@ -116,10 +123,40 @@ keep up to date.
    python-docutils
  * [Home page](http://meyerweb.com/eric/tools/s5), [demo](https://meyerweb.com/eric/tools/s5/s5-intro.html)
 
+## sent
+
+ * X11 only
+ * plain text, black on white, image support, and that's it
+ * from the [suckless.org](https://suckless.org/) elitists
+ * [Home page](https://tools.suckless.org/sent/)
+
 ## Sozi
 
  * Entire presentation is one poster, zooming and jumping around
  * SVG + Javascript
  * [Home page](https://sozi.baierouge.fr/), [demo](https://sozi.baierouge.fr/pages/10-about.html)
 
+## Other options
+
+Another option I have seriously considered is just generate a series
+of images with good resolution, hopefully matching the resolution (or
+at least aspect ratio) of the output device. Then you flip through a
+series of images one by one. In that case, any of those image viewers
+(not an exhaustive list) would work:
+
+ * [Geeqie](http://geeqie.org/)
+ * GNOME's [eog](https://wiki.gnome.org/Apps/EyeOfGnome/)
+ * [pho](http://shallowsky.com/software/pho/)
+ * [feh](https://feh.finalrewind.org/)
+ * [fim](https://www.nongnu.org/fbi-improved/)
+ * [sxiv](https://github.com/muennich/sxiv)
+
+Update: it turns out I already wrote a somewhat similar thing when I
+did a recent presentation. If you're into rants, you might enjoy [the
+README file accompanying the Kubecon rant presentation][]. TL;DR:
+"makes me want to scream" and "yet another unsolved problem space,
+sigh" (refering to "display images full-screen" specifically).
+
+[the README file accompanying the Kubecon rant presentation]: https://gitlab.com/anarcat/presentation-ethics/-/blob/master/README.md
+
 [[!tag debian-planet python-planet software review]]

toc
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 1e51ae05..b61f2f46 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -6,6 +6,8 @@ I shouldn't share this (even if for myself!).
 
 So here it is. What's your favorite presentation tool?
 
+[[!toc levels=2]]
+
 # Tips
 
  * if you have some text to present, **outline keywords** so that you

title
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 03297fb0..1e51ae05 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="Presentation tools"]]
+
 I keep forgetting how to make presentations. I had a list of tools in
 a wiki from a previous job, but that's now private and I don't see why
 I shouldn't share this (even if for myself!).

link to coms
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 5264c376..03297fb0 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -34,6 +34,9 @@ Some of my presentations are available [in my GitLab.com account](https://gitlab
  * [Presentation about the Maple Spring, at OHM2013](https://gitlab.com/anarcat/ohm2013/)
  * [First presentation at Tor](https://gitlab.torproject.org/anarcat/onion-tex/-/tree/main/src/pandoc/anarcat-demo-2020)
 
+See also my [list of talks and presentations](/communication) which I can't seem to
+keep up to date.
+
 # Tools
 
 ## Beamer (LaTeX)

tag, add list of presentations
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 5df346fc..5264c376 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -25,6 +25,15 @@ for most slides, because PDFs are more reliable and portable than web
 pages. I've also used Libreoffice, Pinpoint, and S5 (through RST) in
 the past. I miss Pinpoint, too bad that it died.
 
+Some of my presentations are available [in my GitLab.com account](https://gitlab.com/users/anarcat/projects):
+
+ * [Presentations while I worked at Koumbit](https://gitlab.com/anarcat/presentations-koumbit)
+ * [Short presentation about PRISM](https://gitlab.com/anarcat/presentation-prism)
+ * [Security training](https://gitlab.com/anarcat/presentation-security)
+ * [Ethics in computing](https://gitlab.com/anarcat/presentation-ethics), based on [this blog post](https://anarc.at/blog/2018-05-26-kubecon-rant/)
+ * [Presentation about the Maple Spring, at OHM2013](https://gitlab.com/anarcat/ohm2013/)
+ * [First presentation at Tor](https://gitlab.torproject.org/anarcat/onion-tex/-/tree/main/src/pandoc/anarcat-demo-2020)
+
 # Tools
 
 ## Beamer (LaTeX)
@@ -105,3 +114,5 @@ the past. I miss Pinpoint, too bad that it died.
  * Entire presentation is one poster, zooming and jumping around
  * SVG + Javascript
  * [Home page](https://sozi.baierouge.fr/), [demo](https://sozi.baierouge.fr/pages/10-about.html)
+
+[[!tag debian-planet python-planet software review]]

presentation tools
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
new file mode 100644
index 00000000..5df346fc
--- /dev/null
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -0,0 +1,107 @@
+I keep forgetting how to make presentations. I had a list of tools in
+a wiki from a previous job, but that's now private and I don't see why
+I shouldn't share this (even if for myself!).
+
+So here it is. What's your favorite presentation tool?
+
+# Tips
+
+ * if you have some text to present, **outline keywords** so that you
+   can present your subject **without reading every word**
+ * ideally, **don't read from your slides** - they are there to help
+   people follow, not for people to read
+ * even better: make your slides **pretty** with only a few words, or
+   **don't make slides at all**
+
+Further advice:
+
+ * [7 tips by Jeffrey Veen](http://veen.com/jeff/archives/000483.html)
+ * [10 tips by Neil Patel](http://www.quicksprout.com/2007/09/01/10-tips-for-a-killer-presentation/)
+ * [The Art of Presenting by Matt Westgate](https://www.lullabot.com/blog/art-presenting) (video)
+ * [Presenting You by Emma Jane Hogbin](http://dc2009.drupalcon.org/session/presenting-you.html) (video)
+
+I'm currently using Pandoc with PDF input (with a trip through LaTeX)
+for most slides, because PDFs are more reliable and portable than web
+pages. I've also used Libreoffice, Pinpoint, and S5 (through RST) in
+the past. I miss Pinpoint, too bad that it died.
+
+# Tools
+
+## Beamer (LaTeX)
+
+ * LaTeX class
+ * Do not use directly unless you are a LaTeX expert or masochist, see
+   Pandoc below
+ * see also [powerdot](https://www.ctan.org/pkg/powerdot/)
+ * [Home page](https://ctan.org/pkg/beamer)
+
+## Impress.js
+
+ * Javascript
+ * Zooms in and out, 3D support
+ * [Source code](https://github.com/impress/impress.js), [demo](https://impress.js.org/)
+ * [Hekyll](https://github.com/bmcmurray/hekyll) uses [Jekyll](https://github.com/mojombo/jekyll) as a backend
+
+## Libreoffice Impress
+
+ * Powerpoint clone
+ * Makes my life miserable
+ * PDF export, presenter notes, outline view, etc
+ * [Home page](https://libreoffice.org/discover/impress/), [screenshots](https://libreoffice.org/discover/screenshots/)
+
+## Magicpoint
+
+ * ancestor of everyone else (1997!)
+ * text input format, image support, talk timer, slide guides,
+   HTML/Postscript export, draw on slides, X11 output
+ * no release since 2008
+ * [Home page](http://member.wide.ad.jp/wg/mgp/)
+
+## mdp
+
+ * Commandline-only, markdown
+ * [Home page](https://github.com/visit1985/mdp)
+
+## Pandoc
+
+ * Allows converting from basically whatever into slides, including
+   Beamer, DZSlides, reveal.js, slideous, slidy, Powerpoint
+ * PDF, HTML, Powerpoint export, presentation notes, full screen
+   background images
+ * nice plain text or markdown input format
+ * [Home page](https://pandoc.org/), [documentation](https://pandoc.org/MANUAL.html#producing-slide-shows-with-pandoc)
+
+## PDF Presenter
+
+ * PDF presentation tool, shows presentation notes
+ * basically "Keynote for Linux"
+ * [Home page](https://pdfpc.github.io/), pdf-presenter-console in Debian
+
+## Pinpoint
+
+ * Native GNOME app
+ * Full screen slides, PDF export, live change, presenter notes, pango
+   markup, video, image backgrounds
+ * [Home page](https://wiki.gnome.org/Attic/Pinpoint)
+ * Abandoned since at least 2019
+
+## Reveal.js
+
+ * HTML, Javascript
+ * PDF export, Markdown, LaTeX support, syntax-highlighting, nested
+   slides, speaker notes
+ * [Source code](https://github.com/hakimel/reveal.js), [demo](https://revealjs.com/)
+
+## S5
+
+ * HTML, CSS
+ * incremental, bookmarks, keyboard controls
+ * can be transformed from ReStructuredText (RST) with `rst2s5` with
+   python-docutils
+ * [Home page](http://meyerweb.com/eric/tools/s5), [demo](https://meyerweb.com/eric/tools/s5/s5-intro.html)
+
+## Sozi
+
+ * Entire presentation is one poster, zooming and jumping around
+ * SVG + Javascript
+ * [Home page](https://sozi.baierouge.fr/), [demo](https://sozi.baierouge.fr/pages/10-about.html)

add delivery date
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 1d27f7f2..e56e1e36 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -537,4 +537,5 @@ The timeline of that laptop's hardware problems looks like this:
    next week by the end of next week"
  * 2020-08-04: replacement ready, prompted for address again
  * 2020-08-06: laptop shipped
+ * 2020-08-07: laptop delivered
  * 2020-09-20: bottom left "pad" drops off

pads fall off
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index d4efb3c6..1d27f7f2 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -462,9 +462,10 @@ incurred significant extra costs and delays in getting the machine up
 to speed.
 
 But it seems the platform has some fundamental hardware reliability
-issues. Case screws would [fall off](https://forums.puri.sm/t/where-can-i-get-screws-for-the-librem-13v4/7044). A USB port broke. The CPU fan
-goes crazy. And now, after a year, the laptop just completely
-died. Below are the details...
+issues. Case screws would [fall off](https://forums.puri.sm/t/where-can-i-get-screws-for-the-librem-13v4/7044). (Update: and the "pads" below
+the laptop fall off.) A USB port broke. The CPU fan goes crazy. And
+now, after a year, the laptop just completely died. Below are the
+details...
 
 I have found that any significant hardware processing would quickly
 throttle the CPU because it would overheat. Any videoconferencing work
@@ -536,3 +537,4 @@ The timeline of that laptop's hardware problems looks like this:
    next week by the end of next week"
  * 2020-08-04: replacement ready, prompted for address again
  * 2020-08-06: laptop shipped
+ * 2020-09-20: bottom left "pad" drops off

approve comment
diff --git a/blog/2020-09-21-mailman-psa/comment_1_8865e32354a3769b0107feabd63edbb1._comment b/blog/2020-09-21-mailman-psa/comment_1_8865e32354a3769b0107feabd63edbb1._comment
new file mode 100644
index 00000000..983bd6b4
--- /dev/null
+++ b/blog/2020-09-21-mailman-psa/comment_1_8865e32354a3769b0107feabd63edbb1._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="187.214.194.0"
+ claimedauthor="Gunnar Wolf"
+ url="https://gwolf.org/"
+ subject="Lots of love and a promise of a beer. Thanks!"
+ date="2020-09-21T23:21:15Z"
+ content="""
+I have, like many others, spent some time head-scratching because of this stupid spammy behavior. Thanks a lot for taking the extra steps and providing a fix for it!
+"""]]

more notes
diff --git a/hardware/car.mdwn b/hardware/car.mdwn
index cb0834b6..b7e6e94b 100644
--- a/hardware/car.mdwn
+++ b/hardware/car.mdwn
@@ -19,6 +19,7 @@ Car comparisons
 
 * [axlegeeks.com](http://cars.axlegeeks.com/)
 * [cars.com](http://www.cars.com/go/compare/modelCompare.jsp?myids=7644,4656,3883)
+* [edmunds.com](https://www.edmunds.com/car-comparisons/)
 
 Listings
 ========
@@ -26,5 +27,11 @@ Listings
 * [Guide de l'auto](http://www.guideautoweb.com/occasions/)
 * [Auto-hebdo.net](http://wwwa.autohebdo.net/autos/toyota/qc/montr%C3%A9al/?prx=100&prv=Qu%C3%A9bec&loc=h2s+2r8&sts=Neuf-Occasion&pRng=%2c5000&oRng=1000%2c&hprc=True&wcp=True&uag=C28484A8C31B6F670D1F7AFAE9610D92DFC8A897C244B774026A439C5DEAA458&rcs=0&rcp=100&srt=12)
 * [Kijiji < 5000$ grand montréal](http://www.kijiji.ca/b-autos-camions/grand-montreal/autre+type+de+carrosserie__berline__bicorps__cabriolet__coupe__familiale/c174l80002a138?ad=offering&price=__5000)
+* [Car gurus](https://www.cargurus.ca/)
+
+Reference
+=========
+
+* [how to read a tire size](https://www.goodyearautoservice.com/en-US/tire-basics/tire-size)
 
 [[!tag research]]

reorder
diff --git a/blog/2020-09-21-mailman-psa.mdwn b/blog/2020-09-21-mailman-psa.mdwn
index 648522dd..8e61e1ad 100644
--- a/blog/2020-09-21-mailman-psa.mdwn
+++ b/blog/2020-09-21-mailman-psa.mdwn
@@ -1,12 +1,12 @@
 [[!meta title="PSA: Mailman used to harrass people"]]
 
-[[!toc]]
-
 It seems that Mailman instances are being abused to harrass people
 with subscribe spam. If some random people complain to you that they
 "never wanted to subscribe to your mailing list", you may be a victim
 to that attack, even if you run the latest Mailman 2.
 
+[[!toc]]
+
 # TL;DR: IKR! HOW DO I FIX THIS!?
 
 Make sure you have `SUBSCRIBE_FORM_SECRET` set in your mailman configuration:

toc, no repeat
diff --git a/blog/2020-09-21-mailman-psa.mdwn b/blog/2020-09-21-mailman-psa.mdwn
index a37fe2fe..648522dd 100644
--- a/blog/2020-09-21-mailman-psa.mdwn
+++ b/blog/2020-09-21-mailman-psa.mdwn
@@ -1,5 +1,7 @@
 [[!meta title="PSA: Mailman used to harrass people"]]
 
+[[!toc]]
+
 It seems that Mailman instances are being abused to harrass people
 with subscribe spam. If some random people complain to you that they
 "never wanted to subscribe to your mailing list", you may be a victim
@@ -71,8 +73,7 @@ cross-site scripting attack against Mailman servers.
 Obviously, CSRF protection should be enabled by default in Mailman,
 but there you go. Hopefully this will help some folks...
 
-(Obviously, the latest Mailman 3 release doesn't suffer from such
-idiotic defaults and ships with proper CSRF protection out of the
-box.)
+(The latest Mailman 3 release doesn't suffer from such idiotic
+defaults and ships with proper CSRF protection out of the box.)
 
 [[!tag mailman security debian-planet python-planet sysadmin email web]]

mailman security issue
diff --git a/blog/2020-09-21-mailman-psa.mdwn b/blog/2020-09-21-mailman-psa.mdwn
new file mode 100644
index 00000000..a37fe2fe
--- /dev/null
+++ b/blog/2020-09-21-mailman-psa.mdwn
@@ -0,0 +1,78 @@
+[[!meta title="PSA: Mailman used to harrass people"]]
+
+It seems that Mailman instances are being abused to harrass people
+with subscribe spam. If some random people complain to you that they
+"never wanted to subscribe to your mailing list", you may be a victim
+to that attack, even if you run the latest Mailman 2.
+
+# TL;DR: IKR! HOW DO I FIX THIS!?
+
+Make sure you have `SUBSCRIBE_FORM_SECRET` set in your mailman configuration:
+
+    SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 30)'
+    echo "SUBSCRIBE_FORM_SECRET = '$SECRET'" >> /etc/mailman/mm.cfg
+
+This will add a magic token to all forms in the Mailman web forms that
+will force the attacker to at least get a token before asking for
+registration. There are, of course, other ways of performing the
+attack then, but it's more expensive than a single request for the
+attacker and keeps most of the junk out.
+
+# Other solutions
+
+I originally deployed a different fix, using referrer checks and an IP
+block list:
+
+    RewriteMap hosts-deny  txt:/etc/apache2/blocklist.txt
+    RewriteCond ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND [OR]
+    RewriteCond ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
+    RewriteCond %{HTTP_REFERER} !^https://lists.torproject.org/$ [NC]
+    RewriteRule ^/cgi-bin/mailman/subscribe/ - [F]
+    # see also https://www.w3.org/TR/referrer-policy/#referrer-policy-origin
+    Header always set Referrer-Policy "origin"
+
+I kept those restrictions in place because it keeps the spammers from
+even hitting the Mailman CGI, which is useful to preserve our server
+resources. But if "they" escalate with smarter crawlers, the block
+list will still be useful.
+
+You can use this query to extract the top 10 IP addresses used for
+subscription attempts:
+
+    awk '{ print $NF }' /var/log/mailman/subscribe | sort | uniq -c | sort -n | tail -10  | awk '{ print $2 " " $1 }'
+
+Note that this might include email-based registration, but in our logs
+those are extremely rare: only *two* in three weeks, out of over
+73,000 requests. I also use this to keep an eye on the logs:
+
+    tail -f  /var/log/mailman/subscribe /var/log/apache2/lists.torproject.org-access.log | grep -v 'GET /pipermail/'
+
+The server-side mitigations might also be useful if you happen to run
+an extremely old version of Mailman, that is pre-2.1.18, but it's now
+over 6 years old and part of every supported Debian release out there
+(all the way back to Debian 8 jessie).
+
+# Why does that attack work?
+
+Because Mailman 2 doesn't have CSRF tokens in its forms by default,
+anyone can send a `POST` request to `/mailman/subscribe/LISTNAME` to
+have Mailman send an email to the user. In the old "Internet is for
+nice people" universe, that wasn't a problem: all it does is ask the
+victim if they want to subscribe to `LISTNAME`. Innocuous, right?
+
+But in the brave, new, post-[Eternal-September](https://en.wikipedia.org/wiki/Eternal_September), "Internet is for
+stupid" universe, some assholes think it's a good idea to make a form
+that collects *hundreds* of mailing list URLs and spam them through an
+`iframe`. To see what that looks like, you can look at the rendered
+source code behind `samedyfreeday.co.uk` (not linking to avoid
+promoting it). That site does what is basically a distributed
+cross-site scripting attack against Mailman servers.
+
+Obviously, CSRF protection should be enabled by default in Mailman,
+but there you go. Hopefully this will help some folks...
+
+(Obviously, the latest Mailman 3 release doesn't suffer from such
+idiotic defaults and ships with proper CSRF protection out of the
+box.)
+
+[[!tag mailman security debian-planet python-planet sysadmin email web]]

Added a comment
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_4_eabcbdbaa55049097ffc27833ba22ab5._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_4_eabcbdbaa55049097ffc27833ba22ab5._comment
new file mode 100644
index 00000000..04a25949
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_4_eabcbdbaa55049097ffc27833ba22ab5._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="comment 4"
+ date="2020-09-21T14:06:48Z"
+ content="""
+>  Could you share that smokeping_prober dash? Looks nice 
+
+The dashboard is linked from the post, but in case you can't find the link, here it is again:
+
+<https://grafana.com/grafana/dashboards/12412>
+
+... unless you mean the Prometheus exporter? It's here:
+
+<https://github.com/SuperQ/smokeping_prober/>
+
+I've also added the dashboard to my personal repo in:
+
+<https://gitlab.com/anarcat/grafana-dashboards>
+"""]]

approve comment
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_fa7e97d669f16bf4b429d536b6447218._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_fa7e97d669f16bf4b429d536b6447218._comment
new file mode 100644
index 00000000..29b87a84
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_fa7e97d669f16bf4b429d536b6447218._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ ip="107.3.130.185"
+ claimedauthor="simply_jack"
+ subject="Dashboard"
+ date="2020-09-20T22:22:34Z"
+ content="""
+Could you share that smokeping_prober dash? Looks nice
+"""]]

notice the wootbook
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 18e451bc..34ad9c90 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -95,6 +95,21 @@ prototype stage:
 
 Interesting especially for the possibility of a e-ink screen...
 
+Wootbook
+--------
+
+KDE and others have started branding laptops and shipping them with
+Linux. KDE has the [Slimbook 14](https://slimbook.es/en/store/slimbook-kde/kde-slimbook-14-comprar) for example, and there's the
+[Tuxedo Pulse 14](https://www.tuxedocomputers.com/en/Linux-Hardware/Linux-Notebooks/10-14-inch/TUXEDO-Pulse-14-Gen1.tuxedo). Both of those are actually rebranded Tongfang
+PF4NU1F laptops. Because of that stupidly hard name, many refer to
+them as the [Wootbook](https://www.wootware.co.za/wootbook-metal-ii-pf4nu1f-amd-ryzen-7-4800h-2-9ghz-octa-core-14-full-hd-1920x1080-ips-space-black-laptop.html).
+
+The current DPL has a [good review](https://jonathancarter.org/2020/09/13/wootbook-tongfang-laptop/) of the hardware, which looks
+like a nice cheap AMD laptop.
+
+I like that it has many USB ports and a real ethernet port, even
+though it's slim and light...
+
 Novena
 ------
 

merge the two opds notes
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index fe175ca4..1f5c08de 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -270,9 +270,6 @@ Calibre is...
    for this, however, given that I already use it to synchronize and
    backup my ebook collection in the first place...
 
-   TODO: Talk about OPDS? Liber doesn't support it (yet) and very few
-   server implementations ([test server](http://feedbooks.github.io/opds-test-catalog/), [2016 analysis](https://github.com/wallabag/wallabag/issues/1253#issuecomment-204996640)).
-
  * an **RSS reader**: I used this for a while to read RSS feeds on my
    ebook-reader, but it was pretty clunky. Calibre would be
    continously generating new ebooks based on those feeds and I would
@@ -291,7 +288,11 @@ Calibre is...
    supports acting as an OPDS directory, which is kind of neat. There
    are, as far as I know, no alternative for such a system although
    there *are* servers to share and store ebooks, like [Trantor][] or
-   [Liber][].
+   [Liber][]. Unfortunately, neither support OPDS, which is too bad:
+   that protocol is quite useful to browse books on the fly from
+   hacked Kobo readers (running [Koreader](http://koreader.rocks/), but [not Plato](https://github.com/baskerville/plato/issues/69)) or
+   Android devices (running [Document Viewer](https://f-droid.org/packages/org.sufficientlysecure.viewer/) or Koreader)... There
+   is an OPDS [test server](http://feedbooks.github.io/opds-test-catalog/), see also my [2016 analysis](https://github.com/wallabag/wallabag/issues/1253#issuecomment-204996640).
 
 [Liber]: https://git.autistici.org/ale/liber
 [Trantor]: https://gitlab.com/trantor/trantor

mention opds
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index bd9fb266..fe175ca4 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -270,6 +270,9 @@ Calibre is...
    for this, however, given that I already use it to synchronize and
    backup my ebook collection in the first place...
 
+   TODO: Talk about OPDS? Liber doesn't support it (yet) and very few
+   server implementations ([test server](http://feedbooks.github.io/opds-test-catalog/), [2016 analysis](https://github.com/wallabag/wallabag/issues/1253#issuecomment-204996640)).
+
  * an **RSS reader**: I used this for a while to read RSS feeds on my
    ebook-reader, but it was pretty clunky. Calibre would be
    continously generating new ebooks based on those feeds and I would

fix broken link
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 8778b0ec..bd9fb266 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -239,7 +239,7 @@ Calibre is...
    This also connects with the more general "book inventory" problem I
    have which involves an inventory physical books and directory of
    online articles. See also [[firefox]] (Zotero section) and
-   [[bookmarks]] for a longer discussion of that problem.
+   [[services/bookmarks]] for a longer discussion of that problem.
 
  * a **metadata editor**: the "collection browser" is based on a lot
    of metadata that Calibre indexes from the books. It can magically

sort linesc
diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index 4293bd44..730659f8 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -50,19 +50,19 @@ Possible alternatives to zotero and/or wallabag include:
 
  * [i librarian](https://i-librarian.net/)
  * [jabref](http://www.jabref.org/)
- * [xapers](https://finestructure.net/xapers/)
- * [pubs](https://github.com/pubs/pubs)
  * [papis](https://github.com/papis/papis)
+ * [pubs](https://github.com/pubs/pubs)
+ * [xapers](https://finestructure.net/xapers/)
 
 This also overlaps with bookmarking software like:
 
- * [Turtl](https://turtlapp.com/)
- * [reminiscense](https://github.com/kanishka-linux/reminiscence)
  * [archivebox](https://archivebox.io/) (previously called [bookmark-archiver](https://pirate.github.io/bookmark-archiver/))
- * [Wallabag](https://wallabag.org/)
  * [Buku](https://github.com/jarun/Buku)
- * [Shiori](https://github.com/RadhiFadlillah/shiori)
  * [memex](https://worldbrain.io/)
+ * [reminiscense](https://github.com/kanishka-linux/reminiscence)
+ * [Shiori](https://github.com/RadhiFadlillah/shiori)
+ * [Turtl](https://turtlapp.com/)
+ * [Wallabag](https://wallabag.org/)
 
 ... and archival software in the [[WARC ecosystem|services/archive]].
 

add two more bookmarks tools
diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index 76fd2641..4293bd44 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -48,6 +48,8 @@ Possible alternatives
 
 Possible alternatives to zotero and/or wallabag include:
 
+ * [i librarian](https://i-librarian.net/)
+ * [jabref](http://www.jabref.org/)
  * [xapers](https://finestructure.net/xapers/)
  * [pubs](https://github.com/pubs/pubs)
  * [papis](https://github.com/papis/papis)

another thing suggested on mastodon
diff --git a/blog/cdpath-replacement.mdwn b/blog/cdpath-replacement.mdwn
index 2007a5a6..661319ae 100644
--- a/blog/cdpath-replacement.mdwn
+++ b/blog/cdpath-replacement.mdwn
@@ -57,6 +57,8 @@ emacs integration: https://github.com/bling/fzf.el
 
 similar projects: https://github.com/junegunn/fzf/wiki/Related-projects
 
+see also https://github.com/ajeetdsouza/zoxide
+
 Emacs plugins not integrated with the shell
 ===========================================
 

correction, mlterm does not use VTE
diff --git a/blog/2018-04-12-terminal-emulators-1.mdwn b/blog/2018-04-12-terminal-emulators-1.mdwn
index 4549211c..08abca35 100644
--- a/blog/2018-04-12-terminal-emulators-1.mdwn
+++ b/blog/2018-04-12-terminal-emulators-1.mdwn
@@ -39,7 +39,7 @@ Here are the terminals examined in the series:
 | [Alacritty](https://github.com/jwilm/alacritty)            | N/A           | N/A     | 6debc4f  | no releases, Git head                                                                 |
 | [GNOME Terminal](https://wiki.gnome.org/Apps/Terminal)     | 3.22.2        | 3.26.2  | 3.28.0   | uses GTK3, [VTE](https://github.com/GNOME/vte)                                        |
 | [Konsole](https://konsole.kde.org/)                        | 16.12.0       | 17.12.2 | 17.12.3  | uses KDE libraries                                                                    |
-| [mlterm](http://mlterm.sourceforge.net/)                   | 3.5.0         | 3.7.0   | 3.8.5    | uses VTE, "Multi-lingual terminal"                                                    |
+| [mlterm](http://mlterm.sourceforge.net/)                   | 3.5.0         | 3.7.0   | 3.8.5    | <del>uses VTE,</del> "Multi-lingual terminal"                                                    |
 | [pterm](https://manpages.debian.org/pterm)                 | 0.67          | 0.70    | 0.70     | [PuTTY](https://www.chiark.greenend.org.uk/%7Esgtatham/putty/) without ssh, uses GTK2 |
 | [st](https://st.suckless.org/)                             | 0.6           | 0.7     | 0.8.1    | "simple terminal"                                                                     |
 | [Terminator](https://gnometerminator.blogspot.ca/)         | 1.90+bzr-1705 | 1.91    | 1.91     | uses GTK3, VTE                                                                        |

nice quote heard on This American Life ep #713
diff --git a/fortunes.txt b/fortunes.txt
index 6a8e6592..555d0a6f 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1123,3 +1123,7 @@ skill. The code you leave behind speaks.
 %
 When the power of love overcomes love of power the world will know peace.
                         - Jimi Hendrix
+%
+Treating different things the same can generate as much inequality as
+treating the same things differently.
+                        - Kimberlé Crenshaw

alternative to minimal
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 29a5ad0e..aeea4ae7 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -32,7 +32,8 @@ I have those extensions installed and use them very frequently:
  * [Livemarks](https://addons.mozilla.org/en-US/firefox/addon/livemarks/) (no deb, [source](https://github.com/nt1m/livemarks)) or [Awesome RSS](https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/) (no deb,
    [source](https://github.com/shgysk8zer0/awesome-rss)) - replace the [Live bookmarks removal](https://support.mozilla.org/en-US/kb/live-bookmarks-migration)
  * [Minimal](https://addons.mozilla.org/en-US/firefox/addon/minimal-internet-experience/) ([homepage](https://minimal.community/)) - removes autoplay, search suggestions
-   and all sorts of junks from many websites
+   and all sorts of junks from many websites (alternative:
+   [shutup](https://addons.mozilla.org/en-US/firefox/addon/shut-up-comment-blocker/), just for comments)
  * [uBlock Origin][] ([[!debpkg webext-ublock-origin desc="debian
    package"]], [source](https://github.com/gorhill/uBlock)) - making the web sane again
  * [uMatrix][] ([[!debpkg webext-umatrix desc="debian package"]],

another day, another patch
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index dbae7a85..6bd053bd 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -140,9 +140,14 @@ I still carry those patches on top of ikiwiki:
  * [todo/admonitions](https://ikiwiki.info/todo/admonitions)
  * [bugs/footnotes-look-weird](https://ikiwiki.info/bugs/footnotes-look-weird) (not a patch on core per se, but
    a modification to the stylesheet, as [many others](https://anarc.at/bootstrap.local.css))
+ * [todo/add_geo_uri_scheme](https://ikiwiki.info/todo/add_geo_uri_scheme/)
 
 To apply this patch set:
 
+!!!! switch to a master branch instead of this tangled mess. the
+master branch on gitlab has all the goods, i believe, while the stuff
+below is missing at least the geo scheme stuff. !!!
+
     cd src/ikiwiki &&
     release=debian/3.20190228-1 &&
     git rebase $release dev/git-annex-support &&

diff --git a/pleinair/sites.mdwn b/pleinair/sites.mdwn
index 4d87a99a..fd73f3fb 100644
--- a/pleinair/sites.mdwn
+++ b/pleinair/sites.mdwn
@@ -12,7 +12,7 @@ fast-food et station-service proche.
 Au sud de la sortie 29 de l'autouroute 10, après le Tim Horton's.
 
  * [OpenStreetMap](https://www.openstreetmap.org/node/5846671485)
- * [45.41158N 73.24219W](geo:45.41158,-73.24219)
+ * <a href="geo:45.41158,-73.24219">45.41158N 73.24219W</a>
 
 Petite Rivière St-François
 ==========================

toc
diff --git a/pleinair/sites.mdwn b/pleinair/sites.mdwn
index 20c3cda7..4d87a99a 100644
--- a/pleinair/sites.mdwn
+++ b/pleinair/sites.mdwn
@@ -1,5 +1,7 @@
 [[!meta title="Sites de camping et haltes routières"]]
 
+[[!toc]]
+
 Halte du Richelieu
 ==================
 

commencer un inventaire des belles haltes sur la route
diff --git a/pleinair/sites.mdwn b/pleinair/sites.mdwn
new file mode 100644
index 00000000..20c3cda7
--- /dev/null
+++ b/pleinair/sites.mdwn
@@ -0,0 +1,18 @@
+[[!meta title="Sites de camping et haltes routières"]]
+
+Halte du Richelieu
+==================
+
+Très jolie halte sur le Richelieu, sur les ruines d'un ancien moulin
+avec pied dans la rivière. Tables à pic-nic, ombragé, toilettes,
+fast-food et station-service proche.
+
+Au sud de la sortie 29 de l'autouroute 10, après le Tim Horton's.
+
+ * [OpenStreetMap](https://www.openstreetmap.org/node/5846671485)
+ * [45.41158N 73.24219W](geo:45.41158,-73.24219)
+
+Petite Rivière St-François
+==========================
+
+... détails à venir.

ideas
diff --git a/blog/cdpath-replacement.mdwn b/blog/cdpath-replacement.mdwn
new file mode 100644
index 00000000..2007a5a6
--- /dev/null
+++ b/blog/cdpath-replacement.mdwn
@@ -0,0 +1,88 @@
+after reading [this post](https://www.kvr.at/posts/my-new-favorite-utility-autojump/) I figured I might as well bite the bullet
+and improve on my CDPATH-related setup, especially because it does not
+work with Emacs. so i looked around for autojump-related alternatives
+that do.
+
+Shell jumpers
+=============
+
+Those are commandline tools that can be used from a shell, generally
+with built-in shell integration so that a shell alias will find the
+right directory magically, usually by keeping track of the directories
+visited with `cd`.
+
+Some of those may or may not have integration in Emacs.
+
+autojump
+--------
+
+https://github.com/wting/autojump 
+
+not in emacs, just in eshell
+https://github.com/coldnew/eshell-autojump
+
+https://stackoverflow.com/questions/25277748/use-z-jump-around-in-emacs-to-find-directories
+
+fasd
+----
+
+https://github.com/clvv/fasd
+
+upstream packaged in debian, but those emacs extensions:
+
+ * helm integration: https://github.com/ajsalminen/helm-fasd (not in melpa?)
+ * more direct: https://framagit.org/steckerhalter/emacs-fasd
+
+z
+-
+
+ungooglable.
+
+https://github.com/rupa/z
+
+not in debian at all.
+
+helm integration: https://melpa.org/#/helm-z
+eshell integration: https://github.com/xuchunyang/eshell-z
+
+fzf
+---
+
+https://github.com/junegunn/fzf
+
+the original "fuzzer". uses `find` by default, so no notion of
+frequency.
+
+emacs integration: https://github.com/bling/fzf.el
+
+similar projects: https://github.com/junegunn/fzf/wiki/Related-projects
+
+Emacs plugins not integrated with the shell
+===========================================
+
+Those projects can be used to track files inside a project or find
+files around directories, but do not offer the equivalent
+functionality in the shell.
+
+projectile
+----------
+
+https://github.com/bbatsov/projectile
+
+supports ido, ivy, or helm.
+
+elpy?
+-----
+
+bookmarks.el
+------------
+
+recentf
+-------
+
+references
+==========
+
+https://www.emacswiki.org/emacs/LocateFilesAnywhere
+
+[[!tag draft]]

yolo
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 9b2d33f5..7475ba2c 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -91,6 +91,8 @@ Normal
  * [Philips Moniteur 276E8VJSB 27 po, IPS 4K UHD 3840 x 2160, 60Hz,
    5ms](https://www.bureauengros.ca/products/2939812-fr-philips-moniteur-276e8vjsb-27-po-ips-4k-uhd-3840-x-2160-60hz-5ms) (BEG: 380$)
 
+Another idea: a [USB C monitor](https://etbe.coker.com.au/2020/07/02/desklab-portable-usb-c-monitor/)
+
 Note on latency
 ---------------
 

new hardware and people
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 49cb7e22..9b2d33f5 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -84,6 +84,10 @@ Normal
    computers: 270$)
  * [Dell U2419H 24" Ultrasharp LED Monitor 1920 x 1080 - IPS](https://www.canadacomputers.com/product_info.php?cPath=22_1195_700_1103&item_id=133314):
    (Canada computers: $320, special order)
+ * same at amazon, 27", https://www.amazon.com/dp/B07KGR784M/, as
+   suggested by [this
+   article](https://arstechnica.com/features/2020/08/work-from-home-01-ergo/),
+   see also https://www.amazon.com/dp/B082X46ZGD/
  * [Philips Moniteur 276E8VJSB 27 po, IPS 4K UHD 3840 x 2160, 60Hz,
    5ms](https://www.bureauengros.ca/products/2939812-fr-philips-moniteur-276e8vjsb-27-po-ips-4k-uhd-3840-x-2160-60hz-5ms) (BEG: 380$)
 
diff --git a/services/dns.mdwn b/services/dns.mdwn
index f2b4bfe8..a7809cbc 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -92,6 +92,7 @@ Les noms suivants pourraient être utilisés pour de futures machines:
    army squadron in the US (in the Civil War, to free more slaves)
  * [Sojourner Truth](https://en.wikipedia.org/wiki/Sojourner_Truth) - abolotionist, first black women to win a
    court case against a black man
+ * [Claudette Colvin](https://en.wikipedia.org/wiki/Claudette_Colvin) - before rosa parks, there was this rebel!
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 

two more awesome people
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 27cab389..f2b4bfe8 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -87,6 +87,11 @@ Les noms suivants pourraient être utilisés pour de futures machines:
    arborer le drapeau noir
  * [Séverine](https://fr.wikipedia.org/wiki/S%C3%A9verine) - journaliste, féministe, première femme à diriger un
    grand quotidien en France
+ * [Harriet Tubman](https://en.wikipedia.org/wiki/Harriet_Tubman) - kick-ass self-freed slave, black women that
+   ran the underground railroad for 8 years and first women to lead an
+   army squadron in the US (in the Civil War, to free more slaves)
+ * [Sojourner Truth](https://en.wikipedia.org/wiki/Sojourner_Truth) - abolotionist, first black women to win a
+   court case against a black man
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 

ship date
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index fab16286..d4efb3c6 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -535,3 +535,4 @@ The timeline of that laptop's hardware problems looks like this:
  * 2020-07-26: response: repair failed, new device will be sent, "ETA
    next week by the end of next week"
  * 2020-08-04: replacement ready, prompted for address again
+ * 2020-08-06: laptop shipped

another nice book
diff --git a/wishlist.mdwn b/wishlist.mdwn
index 2c6b5bf3..7595ca2c 100644
--- a/wishlist.mdwn
+++ b/wishlist.mdwn
@@ -52,6 +52,7 @@ Voici des choses que vous pouvez m'acheter si vous êtes le Père Nowel (yeah ri
      * [La théorie du drone](http://www.worldcat.org/oclc/847564093)
      * [The ARRL Operating Manual](http://www.arrl.org/shop/The-ARRL-Operating-Manual/)
      * [Les idées noires](https://en.wikipedia.org/wiki/Id%C3%A9es_noires) de Franquin, [l'intégrale](http://www.worldcat.org/oclc/493932411)
+     * [99% invisible city](https://99percentinvisible.org/book/)
  * <del>une liseuse 13" comme le [Sony DPT-S1](https://www.sony.com/electronics/digital-paper-notepads/dpts1#product_details_default) ou le [Onyx BOOX Max](https://onyxboox.com/boox_max),
    ou encore une tablette rootable qui roule le plus de logiciel libre
    possible</del> - j'en ai un maintenant, voir aussi [[hardware/tablet]]

update: maybe shipped soon?
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index d85a3b2b..fab16286 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -534,3 +534,4 @@ The timeline of that laptop's hardware problems looks like this:
  * 2020-07-25: ping sent
  * 2020-07-26: response: repair failed, new device will be sent, "ETA
    next week by the end of next week"
+ * 2020-08-04: replacement ready, prompted for address again

problem with dark mode and privacy
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index d79c1e53..29a5ad0e 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -294,7 +294,9 @@ that I version-control into git:
  * `network.cookie.cookieBehavior` ([ref](http://kb.mozillazine.org/Network.cookie.cookieBehavior#3_2)):
    1 (no third-party cookies)
  * `browser.in-content.dark-mode`: true (prefer dark CSS, see [this
-   discussion](https://css-tricks.com/dark-modes-with-css/), new in FF ~68)
+   discussion](https://css-tricks.com/dark-modes-with-css/), [new in FF 67](https://blog.logrocket.com/whats-new-in-firefox-67-prefers-color-scheme-and-more-195be81df03f/)), does not work with
+   `privacy.resistFingerprinting`, use `ui.systemUsesDarkTheme` set to
+   `1` instead. see [this doc](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme)
  * `middlemouse.contentLoadURL` ([ref](http://kb.mozillazine.org/Middlemouse.contentLoadURL)):
    false (got used to chromium not doing that, and it seems too risky:
    passwords can leak in DNS too easily if you miss the field)

fix formatting problem
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index fae57ec3..d79c1e53 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -120,7 +120,7 @@ hard to use or simply irrelevant.
  * [Cookie autodelete](https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/) - even though uMatrix stops most cookies
    from being sent, it actually stores them locally. it would be great
    if this could sync with umatrix block lists... maybe with [issue
-   #43](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/43)? turns out this is too inconvenient: need to specify the
+   43](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/43)? turns out this is too inconvenient: need to specify the
    cookies to keep per container, then per site, it's a huge mess and
    there's no way to run a "simulation" mode... either the cookies get
    deleted and you get kicked out everywhere (at once!) or it does

approve comment
diff --git a/blog/2020-06-10-gnutls-audit/comment_1_8c16cd71ac43a3c4449ef84cb0864038._comment b/blog/2020-06-10-gnutls-audit/comment_1_8c16cd71ac43a3c4449ef84cb0864038._comment
new file mode 100644
index 00000000..67c58fea
--- /dev/null
+++ b/blog/2020-06-10-gnutls-audit/comment_1_8c16cd71ac43a3c4449ef84cb0864038._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="90.208.192.45"
+ claimedauthor="Peter Green"
+ subject="Client verses server."
+ date="2020-07-27T15:25:48Z"
+ content="""
+You seem to be assuming that this vulnerability affects gnutls clients, but my reading of the advisory is that it is an issue with gnutls servers.
+
+Can anyone with deeper knowledge of the vulnerability clarify?
+"""]]
diff --git a/blog/2020-06-10-gnutls-audit/comment_1_9511d5d7a8d44aaabd7fbf63f17bb99c._comment b/blog/2020-06-10-gnutls-audit/comment_1_9511d5d7a8d44aaabd7fbf63f17bb99c._comment
new file mode 100644
index 00000000..d42f9279
--- /dev/null
+++ b/blog/2020-06-10-gnutls-audit/comment_1_9511d5d7a8d44aaabd7fbf63f17bb99c._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="50.39.163.217"
+ claimedauthor="Josh"
+ subject="OpenSSL licensing is not fixed yet"
+ date="2020-07-27T08:16:24Z"
+ content="""
+> There are at least a few programs that link against GnuTLS because of the OpenSSL licensing oddities but that has been first announced in 2015, then definitely and clearly resolved in 2017 -- or maybe that was in 2018? Anyways it's fixed
+
+Unfortunately, the OpenSSL license is only fixed on the branches leading up to OpenSSL 3.0, which hasn't been released yet; it's still in alpha.
+"""]]

approve comment
diff --git a/blog/2020-06-10-gnutls-audit/comment_1_183d6ddbea4e146041ec7e0780416529._comment b/blog/2020-06-10-gnutls-audit/comment_1_183d6ddbea4e146041ec7e0780416529._comment
new file mode 100644
index 00000000..9a24be91
--- /dev/null
+++ b/blog/2020-06-10-gnutls-audit/comment_1_183d6ddbea4e146041ec7e0780416529._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="193.16.224.12"
+ claimedauthor="anonym guy"
+ subject="comment 2"
+ date="2020-07-27T12:40:21Z"
+ content="""
+And what about: 
+
+https://www.libressl.org/
+"""]]

purism status update
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 68439f49..d85a3b2b 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -531,3 +531,6 @@ The timeline of that laptop's hardware problems looks like this:
  * 2020-07-13: ping sent to Purism
  * 2020-07-13: [update to this review published](/blog/2020-07-13-not-recommending-purism)
  * 2020-07-14: response: motherboard confirmed dead
+ * 2020-07-25: ping sent
+ * 2020-07-26: response: repair failed, new device will be sent, "ETA
+   next week by the end of next week"

Added a comment: comment removed
diff --git a/blog/2020-07-13-not-recommending-purism/comment_6_24f29cfc00da5c43ca95a0a1d51975f9._comment b/blog/2020-07-13-not-recommending-purism/comment_6_24f29cfc00da5c43ca95a0a1d51975f9._comment
new file mode 100644
index 00000000..1ad37174
--- /dev/null
+++ b/blog/2020-07-13-not-recommending-purism/comment_6_24f29cfc00da5c43ca95a0a1d51975f9._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="comment removed"
+ date="2020-07-19T13:05:04Z"
+ content="""
+A comment questioning the fact that Purism allows racism was removed. (The word *racism* was \"quoted\" in the original comment, which makes me believe the author was also questioning the existence of racism itself, which I find to be just despicable.)
+
+People interested in criticizing my stance on Purism's \"tolerance\" of neonazis and related ideologies are welcome to read [[my previous post on the topic|2019-05-13-free-speech]] and generally, just shove off somewhere else.
+
+Yes, you have found a Social Justice Warrior. Don't wet your pants too much, there's plenty of us out there.
+"""]]

-port isn't necessary as we have a proxy
diff --git a/services/analytics.mdwn b/services/analytics.mdwn
index 3af0b8ab..2dec9d28 100644
--- a/services/analytics.mdwn
+++ b/services/analytics.mdwn
@@ -31,7 +31,7 @@ Server configuration
 
  3. start the server:
 
-        exec docker run --restart=unless-stopped --volume="goatcounter:/home/user/db/" --publish 127.0.0.1:8081:8080 --detach zgoat/goatcounter serve -listen :8080 -port 8080 -tls none
+        exec docker run --restart=unless-stopped --volume="goatcounter:/home/user/db/" --publish 127.0.0.1:8081:8080 --detach zgoat/goatcounter serve -listen :8080 -tls none
 
  4. apache configuration:
 

more todos
diff --git a/services/analytics.mdwn b/services/analytics.mdwn
index 0939c712..3af0b8ab 100644
--- a/services/analytics.mdwn
+++ b/services/analytics.mdwn
@@ -73,8 +73,8 @@ Server configuration
 Remaining issues
 ================
 
- * the :8080 port leaks in some places, namely in the "Site config"
-   documentation
+ * Docker image should be `FROM scratch`, this is statically built
+   golang stuff after all...
  * move to Docker Compose or podman instead of just starting the thing
    by hand
  * this is all super janky and should be put in config management
@@ -82,8 +82,8 @@ Remaining issues
  * remove "anarc.at" test site (the site is the analytics site, not
    the tracked site), seems like [this is not possible yet](https://github.com/zgoat/goatcounter/issues/344)
  * do log parsing instead of Javascript or 1x1 images?
- * compare with goaccess logs, probably in september
- * `goatcounter monitor` [doesn't with sqlite](https://github.com/zgoat/goatcounter/issues/343)
+ * compare with goaccess logs, probably at the end of july, to have
+   two full weeks to compare
 
 Fixed issues
 ============
@@ -95,5 +95,9 @@ Fixed issues
  * <del>add pixel tracking for `noscript` users</del> done, but
    required a [patch to ikiwi](https://ikiwiki.info/ikiwiki.cgi?do=goto&page=todo%2Finclude_page_variable_in_base_templates) (and I noticed [another bug while
    doing it](https://ikiwiki.info/ikiwiki.cgi?do=goto&page=bugs%2Fjavascript_resources_placed_after_html_tag))
+ * `goatcounter monitor` [doesn't with sqlite](https://github.com/zgoat/goatcounter/issues/343) (fixed upstream!)
+ * <del>the :8080 port leaks in some places, namely in the "Site config"
+   documentation</del> that is because i was using `-port 8080` which
+   was not necessary.
 
 [[!tag blog debian-planet python-planet privacy meta ikiwiki stats]]

Added a comment: Re: Praising Pine64
diff --git a/blog/2020-07-13-not-recommending-purism/comment_5_8cfee72fe20550614c1907b35fa7a3d9._comment b/blog/2020-07-13-not-recommending-purism/comment_5_8cfee72fe20550614c1907b35fa7a3d9._comment
new file mode 100644
index 00000000..890a6d3a
--- /dev/null
+++ b/blog/2020-07-13-not-recommending-purism/comment_5_8cfee72fe20550614c1907b35fa7a3d9._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="Re: Praising Pine64"
+ date="2020-07-16T18:35:05Z"
+ content="""
+> How many of the people running PostmarketOS (or any other distribution) are using Phosh and other apps that were developed for it?
+
+Frankly, I don't know... I had to lookup \"Phosh\", just to give you an idea. I sense this is a rhetorical question and that the answer should be obvious, yet it is not at all, to me.
+
+> You are consistently leaving important details out of the picture. That makes your statements unfair and reflects badly on you.
+
+I am probably leaving out a lot of details out of Pine64, system76, and Fairphone out of this picture. But that's the point, isn't it: this is not a review of Pine64, it's a review of Purism and its hardware. Believe me, when I end up with Pine64 or system76 hardware, I will do a similarly merciless review and hordes of *their* fans will come accusing me of being unfair to *them* then. Maybe that will be a consolation? :p
+
+> As I said I’m all for criticising and you make good points against Purism, but you must apply equal treatment to all.
+
+As you have correctly asserted, I lack information about Pine64. I just felt they are more honest about their work, and I do not believe I have explicitly compared their free **software** work against Purism. What I said in the original post is:
+
+> I wish that people wishing to support the free software **movement** would spend their energy towards organisations that actually do honest work in that direction, like System76 and Pine64. And if you're going to go crazy with an experimental free hardware design, why not go retro with the MNT Reform.
+
+Emphasis added. Maybe you misinterpreted my comment as saying that System76 and Pine64 were contributing more to the **software** part of the ecosystem. That is not what I am saying. I am saying that by contributing cheap and somewhat open hardware that works well on Linux, and being honest about what their promises are, they are being more useful than Purism.
+
+I will be happy to apply the same, hopefully fair, treatment to other manufacturers when I end up with their products falling apart in my hands, when they do.
+
+I will also point out that you seem to get stuck on a tiny part of the lengthy review I (re)announced here. There are way more problems with Purism than their free software contributions. I did not even mention them in the original review, a year ago...
+"""]]

approve comment
diff --git a/blog/2020-07-13-not-recommending-purism/comment_1_1b7a40f08b245add3d6d2100b160b1f3._comment b/blog/2020-07-13-not-recommending-purism/comment_1_1b7a40f08b245add3d6d2100b160b1f3._comment
new file mode 100644
index 00000000..9b1a827c
--- /dev/null
+++ b/blog/2020-07-13-not-recommending-purism/comment_1_1b7a40f08b245add3d6d2100b160b1f3._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ ip="82.242.148.38"
+ claimedauthor="Alexandre Franke"
+ url="https://alexandrefranke.com"
+ subject="Re: Re: Praising Pine64"
+ date="2020-07-16T09:35:37Z"
+ content="""
+>> How much of the PinePhone is working thanks to the work of Purism?
+
+> Really? Probably not much, actually. Most people do not use PureOS on their PinePhone, as far as I know. The reviews I have seen use either PostmarketOS or their own distro on top of it, see for example Drew Devault's review.
+
+How many of the people running PostmarketOS (or any other distribution) are using Phosh and other apps that were developed for it? 
+
+You are consistently leaving important details out of the picture. That makes your statements unfair and reflects badly on *you*. As I said I’m all for criticising and you make good points against Purism, but you must apply equal treatment to all.
+"""]]

clarify trigger warning
diff --git a/blog/2020-07-13-not-recommending-purism.mdwn b/blog/2020-07-13-not-recommending-purism.mdwn
index 8ca40fe4..029565ae 100644
--- a/blog/2020-07-13-not-recommending-purism.mdwn
+++ b/blog/2020-07-13-not-recommending-purism.mdwn
@@ -52,6 +52,9 @@ post. There were more discussions on the subject here:
  * [Reddit /r/linux](http://www.reddit.com/r/linux/comments/hr8hvi/not_recommending_purism), [/r/linuxhardware](https://www.reddit.com/r/linuxhardware/comments/hqs48i/debian_developer_not_recommending_purism/), [r/purism](https://www.reddit.com/r/Purism/comments/hqs0vz/debian_developer_not_recommending_purism/)
  * [Hacker news](https://news.ycombinator.com/item?id=23842347)
 
-Trigger warning: 
+Trigger warning: some of those threads include personal insults and
+explicitly venture into the [[free speech
+discussion|2019-05-13-free-speech]], with predictable (sad)
+consequences...
 
 [[!tag debian-planet python-planet hardware review phone laptop]]

update external discussion links
diff --git a/blog/2020-07-13-not-recommending-purism.mdwn b/blog/2020-07-13-not-recommending-purism.mdwn
index 772ab082..8ca40fe4 100644
--- a/blog/2020-07-13-not-recommending-purism.mdwn
+++ b/blog/2020-07-13-not-recommending-purism.mdwn
@@ -49,10 +49,9 @@ while I usually get about 1k visitors after a week on any regular blog
 post. There were more discussions on the subject here:
 
  * [Lobsters](https://lobste.rs/s/ecyjq2/not_recommending_purism)
- * [Reddit /r/linux 1](http://www.reddit.com/r/linux/comments/hr8hvi/not_recommending_purism), [2](https://www.reddit.com/r/linuxhardware/comments/hqs48i/debian_developer_not_recommending_purism/)
+ * [Reddit /r/linux](http://www.reddit.com/r/linux/comments/hr8hvi/not_recommending_purism), [/r/linuxhardware](https://www.reddit.com/r/linuxhardware/comments/hqs48i/debian_developer_not_recommending_purism/), [r/purism](https://www.reddit.com/r/Purism/comments/hqs0vz/debian_developer_not_recommending_purism/)
  * [Hacker news](https://news.ycombinator.com/item?id=23842347)
 
-It also apparently showed up on /r/ubuntu and /r/purism but
-disapparead, at least from the latter.
+Trigger warning: 
 
 [[!tag debian-planet python-planet hardware review phone laptop]]

typo
diff --git a/blog/2020-07-13-not-recommending-purism.mdwn b/blog/2020-07-13-not-recommending-purism.mdwn
index ff54ef1a..772ab082 100644
--- a/blog/2020-07-13-not-recommending-purism.mdwn
+++ b/blog/2020-07-13-not-recommending-purism.mdwn
@@ -49,7 +49,7 @@ while I usually get about 1k visitors after a week on any regular blog
 post. There were more discussions on the subject here:
 
  * [Lobsters](https://lobste.rs/s/ecyjq2/not_recommending_purism)
- * [Reddit /r/linux 1](http://www.reddit.com/r/linux/comments/hr8hvi/not_recommending_purism) [2](https://www.reddit.com/r/linuxhardware/comments/hqs48i/debian_developer_not_recommending_purism/), 
+ * [Reddit /r/linux 1](http://www.reddit.com/r/linux/comments/hr8hvi/not_recommending_purism), [2](https://www.reddit.com/r/linuxhardware/comments/hqs48i/debian_developer_not_recommending_purism/)
  * [Hacker news](https://news.ycombinator.com/item?id=23842347)
 
 It also apparently showed up on /r/ubuntu and /r/purism but

link to other discussions
diff --git a/blog/2020-07-13-not-recommending-purism.mdwn b/blog/2020-07-13-not-recommending-purism.mdwn
index 6c1b6d31..ff54ef1a 100644
--- a/blog/2020-07-13-not-recommending-purism.mdwn
+++ b/blog/2020-07-13-not-recommending-purism.mdwn
@@ -44,4 +44,15 @@ the [Fairphone](https://www.fairphone.com/) a fair chance. It really is a "fair"
 the best, but okay) phone that you can moderately liberate, and it
 actually frigging works. See also my [hardware review of the FP2](/hardware/phone/fairphone2).
 
+Update: this kind of blew up, for my standards: 10k visitors in ~24h
+while I usually get about 1k visitors after a week on any regular blog
+post. There were more discussions on the subject here:
+
+ * [Lobsters](https://lobste.rs/s/ecyjq2/not_recommending_purism)
+ * [Reddit /r/linux 1](http://www.reddit.com/r/linux/comments/hr8hvi/not_recommending_purism) [2](https://www.reddit.com/r/linuxhardware/comments/hqs48i/debian_developer_not_recommending_purism/), 
+ * [Hacker news](https://news.ycombinator.com/item?id=23842347)
+
+It also apparently showed up on /r/ubuntu and /r/purism but
+disapparead, at least from the latter.
+
 [[!tag debian-planet python-planet hardware review phone laptop]]

fix tag name
diff --git a/services/analytics.mdwn b/services/analytics.mdwn
index a2a144b6..0939c712 100644
--- a/services/analytics.mdwn
+++ b/services/analytics.mdwn
@@ -96,4 +96,4 @@ Fixed issues
    required a [patch to ikiwi](https://ikiwiki.info/ikiwiki.cgi?do=goto&page=todo%2Finclude_page_variable_in_base_templates) (and I noticed [another bug while
    doing it](https://ikiwiki.info/ikiwiki.cgi?do=goto&page=bugs%2Fjavascript_resources_placed_after_html_tag))
 
-[[!tag blog debian-planet python-planet privacy meta ikiwiki stat]]
+[[!tag blog debian-planet python-planet privacy meta ikiwiki stats]]
diff --git a/tag/stat.mdwn b/tag/stat.mdwn
deleted file mode 100644
index e061f111..00000000
--- a/tag/stat.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-[[!meta title="pages tagged stat"]]
-
-[[!inline pages="tagged(stat)" actions="no" archive="yes"
-feedshow=10]]

try to fix ikiwiki freaking out about gt
diff --git a/services/analytics.mdwn b/services/analytics.mdwn
index a7a79c56..a2a144b6 100644
--- a/services/analytics.mdwn
+++ b/services/analytics.mdwn
@@ -41,15 +41,15 @@ Server configuration
                     DocumentRoot /var/www/html/
             </VirtualHost>
 
-            <VirtualHost *:443>
-                    ServerName analytics.anarc.at
-                    Use common-letsencrypt-ssl analytics.anarc.at
-                    DocumentRoot /var/www/html/
-                    ProxyPass /.well-known/ !
-                    ProxyPass / http://localhost:8081/
-                    ProxyPassReverse / http://localhost:8081/
-                    ProxyPreserveHost on
-            </VirtualHost>
+        <VirtualHost *:443>
+                ServerName analytics.anarc.at
+                Use common-letsencrypt-ssl analytics.anarc.at
+                DocumentRoot /var/www/html/
+                ProxyPass /.well-known/ !
+                ProxyPass / http://localhost:8081/
+                ProxyPassReverse / http://localhost:8081/
+                ProxyPreserveHost on
+        </VirtualHost>
 
  5. add `analytics.anarc.at` to DNS
 

creating tag page tag/stat
diff --git a/tag/stat.mdwn b/tag/stat.mdwn
new file mode 100644
index 00000000..e061f111
--- /dev/null
+++ b/tag/stat.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged stat"]]
+
+[[!inline pages="tagged(stat)" actions="no" archive="yes"
+feedshow=10]]

make this an article on my blog
diff --git a/services/analytics.mdwn b/services/analytics.mdwn
index 23a43d8b..a7a79c56 100644
--- a/services/analytics.mdwn
+++ b/services/analytics.mdwn
@@ -1,63 +1,99 @@
-goatcounter docker image:
+[[!meta title="Goatcounter analytics in ikiwiki"]]
 
-https://github.com/anarcat/goatcounter
+I have started using [Goatcounter](https://www.goatcounter.com/) for analytics after reading
+[this LWN article](https://lwn.net/Articles/822568/) called "Lightweight alternatives to Google
+Analytics". Goatcounter has an interesting approach to privacy in that
+it:
 
-build:
+> tracks sessions using a hash of the browser's user agent and IP
+> address to identify the client without storing any personal
+> information. The salt used to generate these hashes is rotated every
+> 4 hours with a sliding window.
 
-    docker build -t zgoat/goatcounter .
+There was no Debian package for the project, so I filed a [request for
+package](https://bugs.debian.org/964905) and instead made a [fork of the project to add a Docker
+image](https://github.com/anarcat/goatcounter).
 
-create volume for db:
+This page documents how Goatcounter was setup from there...
 
-    docker volume create goatcounter
+[[!toc]]
 
-startup:
+Server configuration
+====================
 
-    exec docker run --restart=unless-stopped --volume="goatcounter:/home/user/db/" --publish 127.0.0.1:8081:8080 --detach zgoat/goatcounter serve -listen :8080 -port 8080 -tls none
+ 1. build the image from [this fork](https://github.com/anarcat/goatcounter)
 
-need to be committed...
+        docker build -t zgoat/goatcounter .
 
-apache:
+ 2. create volume for db:
 
-    <VirtualHost *:80>
-            ServerName analytics.anarc.at
-            Redirect / https://analytics.anarc.at/
-            DocumentRoot /var/www/html/
-    </VirtualHost>
+        docker volume create goatcounter
 
-    <VirtualHost *:443>
-            ServerName analytics.anarc.at
-            Use common-letsencrypt-ssl analytics.anarc.at
-            DocumentRoot /var/www/html/
-            ProxyPass /.well-known/ !
-            ProxyPass / http://localhost:8081/
-            ProxyPassReverse / http://localhost:8081/
-            ProxyPreserveHost on
-    </VirtualHost>
+ 3. start the server:
 
-+ bind
+        exec docker run --restart=unless-stopped --volume="goatcounter:/home/user/db/" --publish 127.0.0.1:8081:8080 --detach zgoat/goatcounter serve -listen :8080 -port 8080 -tls none
 
-let's encrypt:
+ 4. apache configuration:
 
-    certbot certonly --webroot  -d analytics.anarc.at --webroot-path /var/www/html/
+        <VirtualHost *:80>
+                    ServerName analytics.anarc.at
+                    Redirect / https://analytics.anarc.at/
+                    DocumentRoot /var/www/html/
+            </VirtualHost>
 
-create site:
+            <VirtualHost *:443>
+                    ServerName analytics.anarc.at
+                    Use common-letsencrypt-ssl analytics.anarc.at
+                    DocumentRoot /var/www/html/
+                    ProxyPass /.well-known/ !
+                    ProxyPass / http://localhost:8081/
+                    ProxyPassReverse / http://localhost:8081/
+                    ProxyPreserveHost on
+            </VirtualHost>
 
-    docker run -it --rm --volume="goatcounter:/home/user/db/" zgoat/goatcounter create -domain analytics.anarc.at -email anarcat+rapports@anarc.at
+ 5. add `analytics.anarc.at` to DNS
 
-and add to ikiwiki template (must be committed). then:
+ 6. create a TLS cert with LE:
 
-    ikiwiki --setup ikiwiki.setup --rebuild --verbose
+        certbot certonly --webroot  -d analytics.anarc.at --webroot-path /var/www/html/
 
-remaining issues:
+    note that goatcounter has code to do this on its own, but we avoid
+    it to follow our existing policies and simplify things
 
- * cache headers are wrong (120ms!)
- * some redirects...
- * move docker to compose or podman
- * this is all super janky and should be put in CM somehow
+ 7. create site:
+
+        docker run -it --rm --volume="goatcounter:/home/user/db/" zgoat/goatcounter create -domain analytics.anarc.at -email anarcat+rapports@anarc.at
+
+ 8. [add to ikiwiki template](https://gitlab.com/anarcat/ikiwiki-bootstrap-anarcat/-/commit/bde10038f12218a0cd0cea0a4900d9fd3f23e185)
+
+ 9. rebuild wiki:
+
+        ikiwiki --setup ikiwiki.setup --rebuild --verbose
+
+Remaining issues
+================
+
+ * the :8080 port leaks in some places, namely in the "Site config"
+   documentation
+ * move to Docker Compose or podman instead of just starting the thing
+   by hand
+ * this is all super janky and should be put in config management
+   somehow
+ * remove "anarc.at" test site (the site is the analytics site, not
+   the tracked site), seems like [this is not possible yet](https://github.com/zgoat/goatcounter/issues/344)
+ * do log parsing instead of Javascript or 1x1 images?
+ * compare with goaccess logs, probably in september
+ * `goatcounter monitor` [doesn't with sqlite](https://github.com/zgoat/goatcounter/issues/343)
+
+Fixed issues
+============
+
+ * <del>cache headers are wrong (120ms!)</del> deployed workaround in
+   apache, [reported as a bug upstream](https://github.com/zgoat/goatcounter/issues/342)
  * <del>remove self-referer</del> done, just a matter of configuring
    the URL in the settings. could this be automated too?
- * remove "anarc.at" test site (the site is the analytics site,
-   not the tracked site)
- * add pixel tracking for `noscript` users
- * log parsing?
- * compare with goaccess logs, probably in september
+ * <del>add pixel tracking for `noscript` users</del> done, but
+   required a [patch to ikiwi](https://ikiwiki.info/ikiwiki.cgi?do=goto&page=todo%2Finclude_page_variable_in_base_templates) (and I noticed [another bug while
+   doing it](https://ikiwiki.info/ikiwiki.cgi?do=goto&page=bugs%2Fjavascript_resources_placed_after_html_tag))
+
+[[!tag blog debian-planet python-planet privacy meta ikiwiki stat]]

and yet another patch
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index 565cdd09..dbae7a85 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -134,6 +134,7 @@ I still carry those patches on top of ikiwiki:
  * [todo/git-annex_support](https://ikiwiki.info/todo/git-annex_support)
  * [todo/allow_toc_to_skip_entries](https://ikiwiki.info/todo/allow_toc_to_skip_entries)
  * [todo/include_page_variable_in_base_templates](https://ikiwiki.info/todo/include_page_variable_in_base_templates)
+ * [bugs/javascript_resources_placed_after_html_tag](https://ikiwiki.info/bugs/javascript_resources_placed_after_html_tag/)
  * [plugins/contrib/i18nheadinganchors](https://ikiwiki.info/plugins/contrib/i18nheadinganchors)
  * [plugins/contrib/bootstrap](https://ikiwiki.info/plugins/contrib/bootstrap)
  * [todo/admonitions](https://ikiwiki.info/todo/admonitions)
@@ -153,6 +154,9 @@ To apply this patch set:
     git rebase $release page-template-variable &&
     git diff $release..page-template-variable | ( cd /usr/share/perl5 ; sudo patch -p1 --dry-run ) &&
     git diff $release..page-template-variable | ( cd /usr/share/perl5 ;    sudo patch -p1 ) &&
+    git rebase $release js-newline &&
+    git diff $release..js-newline | ( cd /usr/share/perl5 ; sudo patch -p1 --dry-run ) &&
+    git diff $release..js-newline | ( cd /usr/share/perl5 ;    sudo patch -p1 ) &&
     git rebase $release i18n-headinganchors &&
     mv /usr/share/perl5/IkiWiki/Plugin/i18nheadinganchors.pm{,.orig} &&
     git diff $release..i18n-headinganchors | ( cd /usr/share/perl5 ; sudo patch -p1 --dry-run ) &&

replace macros by real links here so they are clickable in emacs
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index 87443048..565cdd09 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -131,14 +131,14 @@ On any given upgrade, the following patches need to be applied:
 
 I still carry those patches on top of ikiwiki:
 
- * [[!iki todo/git-annex_support]]
- * [[!iki todo/allow_toc_to_skip_entries]]
- * [[!iki plugins/contrib/i18nheadinganchors]]
- * [[!iki plugins/contrib/bootstrap]]
- * [[!iki todo/admonitions]]
- * [[!iki bugs/footnotes-look-weird]] (not a patch on core per se, but
+ * [todo/git-annex_support](https://ikiwiki.info/todo/git-annex_support)
+ * [todo/allow_toc_to_skip_entries](https://ikiwiki.info/todo/allow_toc_to_skip_entries)
+ * [todo/include_page_variable_in_base_templates](https://ikiwiki.info/todo/include_page_variable_in_base_templates)
+ * [plugins/contrib/i18nheadinganchors](https://ikiwiki.info/plugins/contrib/i18nheadinganchors)
+ * [plugins/contrib/bootstrap](https://ikiwiki.info/plugins/contrib/bootstrap)
+ * [todo/admonitions](https://ikiwiki.info/todo/admonitions)
+ * [bugs/footnotes-look-weird](https://ikiwiki.info/bugs/footnotes-look-weird) (not a patch on core per se, but
    a modification to the stylesheet, as [many others](https://anarc.at/bootstrap.local.css))
- * [[!iki todo/include_page_variable_in_base_templates]]
 
 To apply this patch set:
 

new patch against ikiwiki
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index a98dfea6..87443048 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -138,6 +138,7 @@ I still carry those patches on top of ikiwiki:
  * [[!iki todo/admonitions]]
  * [[!iki bugs/footnotes-look-weird]] (not a patch on core per se, but
    a modification to the stylesheet, as [many others](https://anarc.at/bootstrap.local.css))
+ * [[!iki todo/include_page_variable_in_base_templates]]
 
 To apply this patch set:
 
@@ -149,6 +150,9 @@ To apply this patch set:
     git rebase $release toc-skip &&
     git diff $release..toc-skip | ( cd /usr/share/perl5 ; sudo patch -p1 --dry-run ) &&
     git diff $release..toc-skip | ( cd /usr/share/perl5 ;    sudo patch -p1 ) &&
+    git rebase $release page-template-variable &&
+    git diff $release..page-template-variable | ( cd /usr/share/perl5 ; sudo patch -p1 --dry-run ) &&
+    git diff $release..page-template-variable | ( cd /usr/share/perl5 ;    sudo patch -p1 ) &&
     git rebase $release i18n-headinganchors &&
     mv /usr/share/perl5/IkiWiki/Plugin/i18nheadinganchors.pm{,.orig} &&
     git diff $release..i18n-headinganchors | ( cd /usr/share/perl5 ; sudo patch -p1 --dry-run ) &&

another linux laptop platform
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 4d85c7a3..18e451bc 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -532,6 +532,12 @@ the i3 is good enough anyways: it has 4 cores instead of 2, takes up
 much less power (15W vs 65W) and has an integrated GPU, even though it
 has a lower actual clock speed (2.3GHz vs 2.93GHz).
 
+Zareason
+========
+
+Didn't know about [Zareason](https://zareason.com/) until [this comment](https://social.weho.st/web/statuses/104516711452286035) in response to
+[this Purism rant](/blog/2020-07-13-not-recommending-purism/)...
+
 Fournisseurs
 ============
 

more todos
diff --git a/services/analytics.mdwn b/services/analytics.mdwn
index 042902d9..23a43d8b 100644
--- a/services/analytics.mdwn
+++ b/services/analytics.mdwn
@@ -54,6 +54,10 @@ remaining issues:
  * some redirects...
  * move docker to compose or podman
  * this is all super janky and should be put in CM somehow
- * remove self-referer
- * remove "anarc.at" test site (the site is the analytics site, not
-   the tracked site)
+ * <del>remove self-referer</del> done, just a matter of configuring
+   the URL in the settings. could this be automated too?
+ * remove "anarc.at" test site (the site is the analytics site,
+   not the tracked site)
+ * add pixel tracking for `noscript` users
+ * log parsing?
+ * compare with goaccess logs, probably in september

Added a comment: Re: Praising Pine64
diff --git a/blog/2020-07-13-not-recommending-purism/comment_3_cfe79ad93cdf23baad79a43f481b0ad4._comment b/blog/2020-07-13-not-recommending-purism/comment_3_cfe79ad93cdf23baad79a43f481b0ad4._comment
new file mode 100644
index 00000000..dbfabe8c
--- /dev/null
+++ b/blog/2020-07-13-not-recommending-purism/comment_3_cfe79ad93cdf23baad79a43f481b0ad4._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="Re: Praising Pine64"
+ date="2020-07-15T13:15:06Z"
+ content="""
+> I don’t see how Pine64 deserves your praises when they fail to hire software developers to work on things that Purism actually pays people for.
+
+Pine64 deserves our praise exactly for that: they are a hardware company, and they make good hardware, with open schematics, that we can write software for. They don't pretend that they will build a hardware platform, and operating system, and liberate the universe all at once, because that's unrealistic, and they know it.
+
+And Purism knows it too.
+
+> Your criticism of Purism may be well founded, but you can’t then claim that Pine64 is doing better.
+
+Why not?
+
+> How much of the PinePhone is working thanks to the work of Purism?
+
+Really? Probably not much, actually. Most people do not use PureOS on their PinePhone, as far as I know. The reviews I have seen use either PostmarketOS or their own distro on top of it, see for example [Drew Devault's review](https://drewdevault.com/2019/12/18/PinePhone-review.html).
+
+> How much did Pine64 contribute to the software stack?
+
+Arguably, not much. But that's not their job and they don't pretend it is: they're building a phone, a piece of hardware. They try to make it as open as possible so that people can write software for it.
+
+> If Pine64 was actually a bit more Purism-like, they would both be in better shape (and the community would also benefit).
+
+The entire point of my article here is exactly the opposite of that. I believe we are in a better situation with Pine64 *not* faking it and creating real, working, everyday hardware that people can use instead of promising the moon and then failing to deliver.
+
+Besides, I'm not sure that \"Praising Pine64\" is an honest characterization of my article. I just said they did \"honest work\". If that's praise, our standards are very low indeed...
+"""]]

approve comment
diff --git a/blog/2020-07-13-not-recommending-purism/comment_1_46595ff9be3cc390a959c5d217394f02._comment b/blog/2020-07-13-not-recommending-purism/comment_1_46595ff9be3cc390a959c5d217394f02._comment
new file mode 100644
index 00000000..e479f429
--- /dev/null
+++ b/blog/2020-07-13-not-recommending-purism/comment_1_46595ff9be3cc390a959c5d217394f02._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="90.255.34.237"
+ claimedauthor="Fazal Majid"
+ url="https://majid.info/"
+ subject="This is consistent with their former CTO"
+ date="2020-07-15T12:23:48Z"
+ content="""
+https://www.phoronix.com/scan.php?page=news_item&px=Zlatan-Todoric-Interview
+"""]]
diff --git a/blog/2020-07-13-not-recommending-purism/comment_1_c3736d7c60e0275528cab2dbb3ffef14._comment b/blog/2020-07-13-not-recommending-purism/comment_1_c3736d7c60e0275528cab2dbb3ffef14._comment
new file mode 100644
index 00000000..cf46ec80
--- /dev/null
+++ b/blog/2020-07-13-not-recommending-purism/comment_1_c3736d7c60e0275528cab2dbb3ffef14._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="82.242.148.38"
+ claimedauthor="Alexandre Franke"
+ url="https://alexandrefranke.com"
+ subject="Praising Pine64"
+ date="2020-07-15T08:53:52Z"
+ content="""
+I don’t see how Pine64 deserves your praises when they fail to hire software developers to work on things that Purism actually pays people for. Your criticism of Purism may be well founded, but you can’t then claim that Pine64 is doing better. How much of the PinePhone is working thanks to the work of Purism? How much did Pine64 contribute to the software stack? If Pine64 was actually a bit more Purism-like, they would both be in better shape (and the community would also benefit).
+"""]]

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .