Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_6119eca16ebf1c85c722cf72f6d33f77._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_6119eca16ebf1c85c722cf72f6d33f77._comment
deleted file mode 100644
index 5424b3cc..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_6119eca16ebf1c85c722cf72f6d33f77._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="121.205.223.13"
- claimedauthor="nobilisuk"
- url="http://www.nobilisuk.com/"
- subject="nobilisuk"
- date="2019-09-12T22:22:12Z"
- content="""
-<a href=\"http://www.bijoubrio.com/nike-flyknit-lunar-3-grey-orange-kdm_en\">nike flyknit lunar 3 grey orange</a> <a href=\"http://www.guschoko.com/new-york-yankees-1927-hat-xi-hatru_dk\">new york yankees 1927 hat xi</a> <a href=\"http://www.tabscore.com/nike-magista-onda-zaal-2016-efoot_en\">nike magista onda zaal 2016</a> <a href=\"http://www.escortcv.com/nike-mercurial-superfly-vi-kids-red-white-shoes-nikel_dk\">nike mercurial superfly vi kids red white shoes</a> <a href=\"http://www.razgoldin.com/nfl-dolphins-knit-hat-patterns-bhat_uk\">nfl dolphins knit hat patterns</a> <a href=\"http://www.spinnykids.com/nba-jerseys-fans-lakers-73-dennis-rodman-yellow-fans-edition-jerseys-nfld_uk\">nba jerseys fans lakers 73 dennis rodman yellow fans edition jerseys</a>
-"""]]

Added a comment: nobilisuk
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_6119eca16ebf1c85c722cf72f6d33f77._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_6119eca16ebf1c85c722cf72f6d33f77._comment
new file mode 100644
index 00000000..5424b3cc
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_6119eca16ebf1c85c722cf72f6d33f77._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="121.205.223.13"
+ claimedauthor="nobilisuk"
+ url="http://www.nobilisuk.com/"
+ subject="nobilisuk"
+ date="2019-09-12T22:22:12Z"
+ content="""
+<a href=\"http://www.bijoubrio.com/nike-flyknit-lunar-3-grey-orange-kdm_en\">nike flyknit lunar 3 grey orange</a> <a href=\"http://www.guschoko.com/new-york-yankees-1927-hat-xi-hatru_dk\">new york yankees 1927 hat xi</a> <a href=\"http://www.tabscore.com/nike-magista-onda-zaal-2016-efoot_en\">nike magista onda zaal 2016</a> <a href=\"http://www.escortcv.com/nike-mercurial-superfly-vi-kids-red-white-shoes-nikel_dk\">nike mercurial superfly vi kids red white shoes</a> <a href=\"http://www.razgoldin.com/nfl-dolphins-knit-hat-patterns-bhat_uk\">nfl dolphins knit hat patterns</a> <a href=\"http://www.spinnykids.com/nba-jerseys-fans-lakers-73-dennis-rodman-yellow-fans-edition-jerseys-nfld_uk\">nba jerseys fans lakers 73 dennis rodman yellow fans edition jerseys</a>
+"""]]

moar bugs
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index 6692dda6..837189f4 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -287,8 +287,12 @@ On a Thinkpad E431, the entire mouse interface (touch, trackpoint)
 freezes after sleep. Keyboard still works but not mouse until a
 reboot.
 
-There's [bug 1791427](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1791427) in Ubuntu 18.04 that seems related, and which
-proposes the following workarounds:
+There's [bug 922666](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922666) in Debian buster, without a fix. It also says
+it eventually recovers, which is not our experience. Possible dupe is
+[bug 928189](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928189).
+
+There's also [bug 1791427](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1791427) in Ubuntu 18.04 that seems related, and
+which proposes the following workarounds:
 
  * In gsettings: `org.gnome.desktop.peripherals.touchpad click-method disabled`
 
@@ -372,7 +376,6 @@ identifies [this commit](https://git.kernel.org/pub/scm/linux/kernel/git/stable/
 kernel bug](https://bugzilla.kernel.org/show_bug.cgi?id=196719), still open.
 
 
-
 Resolved
 --------
 

crazy touchpad issue on a laptop
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index ed2949c5..6692dda6 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -281,6 +281,98 @@ security issue](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921688). I don
 it's possible that people send money there, unfortunately. I should
 probably figure a way out of there.
 
+### Touchpad / trackpoint freeze after sleep
+
+On a Thinkpad E431, the entire mouse interface (touch, trackpoint)
+freezes after sleep. Keyboard still works but not mouse until a
+reboot.
+
+There's [bug 1791427](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1791427) in Ubuntu 18.04 that seems related, and which
+proposes the following workarounds:
+
+ * In gsettings: `org.gnome.desktop.peripherals.touchpad click-method disabled`
+
+ * A .service file:
+
+        # /etc/systemd/system/touchpad-sleep.service
+        # restore touchpad on suspend
+
+        [Unit]
+        Description=Restore Touchpad on suspend
+        Before=sleep.target
+        StopWhenUnneeded=yes
+
+        [Service]
+        #Type=oneshot
+        Type=idle
+        RemainAfterExit=yes
+        ExecStart=/bin/bash -c 'echo "0000:00:1f.4" > /sys/bus/pci/drivers/i801_smbus/unbind'
+        ExecStop=/bin/bash -c 'echo "0000:00:1f.4" > /sys/bus/pci/drivers/i801_smbus/bind'
+
+        [Install]
+        WantedBy=sleep.target
+
+ * "Maybe try xserver-xorg-input-evdev instead of xserver-xorg-input-libinput?"
+
+ * reloading `psmouse`:
+ 
+        sudo modprobe -r psmouse
+        sudo modprobe psmouse
+
+ * "`modprobe i2c-i801` after removing it from the `blacklist.conf` seems to solve the issue."
+
+ * whatever this is:
+ 
+        # echo 1 > /sys/devices/rmi4-00/nosleep
+
+ * "Anyone who still affected by touchpad issues after S3. Please
+   switch back to suspend-to-idle in BIOS if s2idle is
+   supported. ThinkPad Carbon 6th and Yoga 3rd do support
+   suspend-to-idle in BIOS->config->power menu."
+
+There's also [bug 1442699](https://bugzilla.redhat.com/show_bug.cgi?id=1442699) in Fedora, which suggests those
+workarounds:
+
+ * another module reload:
+ 
+        sudo rmmod i2c_hid
+        sudo modprobe i2c_hid
+
+ * "Just updated to kernel-4.12.5-300.fc26.x86_64 in updates-testing
+   and this issue seems to have been resolved (for me)."
+
+ * another `/proc` hack:
+ 
+        echo -n "reconnect" >  /sys/bus/serio/devices/serio1/drvctl
+
+ * "The `psmouse.synaptics_intertouch=0` workaround still works for me."
+
+Also related is this [libinput bug](https://bugs.freedesktop.org/show_bug.cgi?id=103149) that's closed as "not our bug"
+because they claim it's a bug in the kernel.
+
+Patches on the Linux kernel which apparently fix the issue, still
+pending approval:
+
+https://lkml.org/lkml/2019/2/20/700
+https://lkml.org/lkml/2019/2/20/701
+
+Possibly related: https://lkml.org/lkml/2016/8/18/134
+
+[5.1rc7](https://lkml.org/lkml/2019/4/28/270) shipped two fixes against the `synaptics-rmi4` module.
+
+A [pull request](https://lkml.org/lkml/2019/7/12/19) has been merged in mainline with two other fixes
+on the module./
+
+[5.0.11](https://lkml.org/lkml/2019/5/2/287) also has fixes on the module.
+
+It's a regression from Debian stretch (kernel 4.9)
+
+Possibly related, [two-finger scrolling bug in Ubuntu](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1722478), which
+identifies [this commit](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e839ffab028981ac77f650faf8c84f16e1719738) as the source of the regression. [Upstream
+kernel bug](https://bugzilla.kernel.org/show_bug.cgi?id=196719), still open.
+
+
+
 Resolved
 --------
 

partly merge with tpo instructions
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index 8668e16f..ed2949c5 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -13,55 +13,64 @@ promising, so here we go.
 Procedure
 =========
 
- 1. Pre-upgrade backups and preperation:
+ 1. Preperation:
 
-        sudo apt install ttyrec screen
+        : reset to the default locale
+        export LC_ALL=C.UTF-8 &&
+        sudo apt install ttyrec screen debconf-utils apt-show-versions deborphan &&
         sudo ttyrec -e screen /var/log/upgrade-buster.ttyrec
-        cd /etc; git tag pre-buster
-        git gc --prune # make /etc smaller for backup
-        umask 0077
-        tar cfz /var/backups/pre-buster-backup.tgz /etc /var/lib/dpkg /var/lib/apt/extended_states /var/lib/aptitude/pkgstates /var/cache/debconf
-        dpkg --get-selections "*" > /var/backups/dpkg-selections-pre-buster.txt
-        debconf-get-selections > /var/backups/debconf-selections-pre-buster.txt
-        # the above (and more) are performed automatically by the `sys` handler in backupninja
+
+ 2. Backups and checks:
+
+        ( umask 0077 &&
+          tar cfz /var/backups/pre-buster-backup.tgz /etc /var/lib/dpkg /var/lib/apt/extended_states /var/lib/aptitude/pkgstates /var/cache/debconf &&
+          dpkg --get-selections "*" > /var/backups/dpkg-selections-pre-buster.txt &&
+          debconf-get-selections > /var/backups/debconf-selections-pre-buster.txt
+        ) &&
+        apt-mark showhold &&
+        dpkg --audit &&
+        : look for dkms packages and make sure they are relevant, if not, purge. &&
+        dpkg -l '*dkms' || true &&
         /home/anarcat/bin/backup-curie
-        apt-mark showhold
-        dpkg --audit
-        dpkg -l '*dkms' # look for dkms packages and make sure they are relevant, if not, purge.
-
- 2. Perform any pending upgrade and clear out old pins:
-
-        rm /etc/apt/preferences /etc/apt/preferences.d/* #  Check for pinned (on hold) packages, and possibly disable
-        rm /etc/apt/sources.list.d/testing.list # or other similar backports or sources from later releases
-        rm /etc/apt/sources.list.d/stretch-backports.list
-        apt update && apt -y upgrade
-        dpkg -l 'linux-image-*' # list kernel images and purge unused packages
-        # look for packages from backports, other suites or archives
-        # if possible, switch to official packages by disabling
-        # third-party repositories
-        apt install apt-show-versions
-        apt-show-versions | grep -v /stretch | grep -v 'not installed$'
-
- 3. Check free space, see [this guide to free up space](http://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html#sufficient-space) and
+
+ 3. Perform any pending upgrade and clear out old pins:
+
+        : Check for pinned, on hold, packages, and possibly disable &&
+        rm -f /etc/apt/preferences /etc/apt/preferences.d/* &&
+        rm -f /etc/apt/sources.list.d/testing.list &&
+        rm -f /etc/apt/sources.list.d/stretch-backports.list &&
+        rm -f /etc/apt/sources.list.d/backports.debian.org.list &&
+        apt update && apt -y upgrade &&
+        : list kernel images and purge unused packages &&
+        dpkg -l 'linux-image-*' &&
+        : look for packages from backports, other suites or archives &&
+        : if possible, switch to official packages by disabling third-party repositories &&
+        apt-show-versions | grep -v /stretch | grep -v 'not installed$' &&
+        echo End of Step 3
+
+ 4. Check free space, see [this guide to free up space][] and
     download packages:
 
-        sed -i.orig 's/stretch/buster/g' /etc/apt/sources.list
-        apt update; apt -o APT::Get::Trivial-Only=true dist-upgrade; df -h
+        sed -i 's/stretch/buster/g' /etc/apt/sources.list /etc/apt/sources.list.d/* &&
+        apt update && apt -o APT::Get::Trivial-Only=true dist-upgrade && df -h &&
         apt -y -d upgrade && apt -y -d dist-upgrade
 
- 4. Actual upgrade run:
+[this guide to free up space]: http://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html#sufficient-space
 
-        export DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=mail
-        apt dist-upgrade -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'
-        /opt/bin/clean_conflicts
+ 6. Actual upgrade run:
+
+        export DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=mail &&
+        apt dist-upgrade -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' &&
+        /opt/bin/clean_conflicts &&
+        echo 'End step 6'
 
  5. Post-upgrade checks:
 
-        apt install deborphan
-        apt purge $(deborphan -n) # look also for obsolete packages in aptitude
         dpkg -l '*-dbg' # look for dbg package and possible replace with -dbgsym
         aptitude purge ~c # purge removed packages
         apt autoremove -y --purge
+        while deborphan -n | grep -q . ; do apt purge $(deborphan -n); done
+        apt autoremove -y --purge
         apt clean
         reboot
         # review and purge older kernel once the new one boots properly

removed
diff --git a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_4ebf797236c4e9211b11e490ac17314f._comment b/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_4ebf797236c4e9211b11e490ac17314f._comment
deleted file mode 100644
index c9d0904e..00000000
--- a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_4ebf797236c4e9211b11e490ac17314f._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="112.111.185.252"
- claimedauthor="forever 21 floral maxi dress"
- url="http://www.relaxmassagestudio.net/forever-21-floral-maxi-dress-dressh"
- subject="forever 21 floral maxi dress"
- date="2019-09-06T08:38:45Z"
- content="""
-<a href=\"http://www.imannequins.com/flower-mini-dress-vero-moda-dressh\">flower mini dress vero moda</a> <a href=\"http://www.irentevent.com/roberto-cavalli-floral-print-jersey-dress-dressh\">roberto cavalli floral print jersey dress</a> <a href=\"http://www.stpetereads.com/forever-21-long-floral-dress-dressh\">forever 21 long floral dress</a> <a href=\"http://www.cometwifi.net/next-floral-dress-review-dressh\">next floral dress review</a> <a href=\"http://www.cremontana.com/floral-dress-long-dressh\">floral dress long</a> <a href=\"http://www.freerivalcasinos.net/midi-floral-dress-plus-size-dressh\">midi floral dress plus size</a>
- <a href=\"http://www.relaxmassagestudio.net/forever-21-floral-maxi-dress-dressh\" >forever 21 floral maxi dress</a> [url=http://www.relaxmassagestudio.net/forever-21-floral-maxi-dress-dressh]forever 21 floral maxi dress[/url]
-"""]]

Added a comment: forever 21 floral maxi dress
diff --git a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_4ebf797236c4e9211b11e490ac17314f._comment b/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_4ebf797236c4e9211b11e490ac17314f._comment
new file mode 100644
index 00000000..c9d0904e
--- /dev/null
+++ b/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_4ebf797236c4e9211b11e490ac17314f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="112.111.185.252"
+ claimedauthor="forever 21 floral maxi dress"
+ url="http://www.relaxmassagestudio.net/forever-21-floral-maxi-dress-dressh"
+ subject="forever 21 floral maxi dress"
+ date="2019-09-06T08:38:45Z"
+ content="""
+<a href=\"http://www.imannequins.com/flower-mini-dress-vero-moda-dressh\">flower mini dress vero moda</a> <a href=\"http://www.irentevent.com/roberto-cavalli-floral-print-jersey-dress-dressh\">roberto cavalli floral print jersey dress</a> <a href=\"http://www.stpetereads.com/forever-21-long-floral-dress-dressh\">forever 21 long floral dress</a> <a href=\"http://www.cometwifi.net/next-floral-dress-review-dressh\">next floral dress review</a> <a href=\"http://www.cremontana.com/floral-dress-long-dressh\">floral dress long</a> <a href=\"http://www.freerivalcasinos.net/midi-floral-dress-plus-size-dressh\">midi floral dress plus size</a>
+ <a href=\"http://www.relaxmassagestudio.net/forever-21-floral-maxi-dress-dressh\" >forever 21 floral maxi dress</a> [url=http://www.relaxmassagestudio.net/forever-21-floral-maxi-dress-dressh]forever 21 floral maxi dress[/url]
+"""]]

document some of my keyboard stuff
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 24b69fc1..850e90e8 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -64,6 +64,19 @@ everything.
  * no windows logo (customizable)
  * 145$, 185$ with o-rings and MX-clear
 
+Update:
+
+ * I ordered a [Custom 87-key mechanical keyboard](https://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v3-87-key-custom-mechanical-keyboard.html) with cherry MX
+   "brown" switches and a custom coloring and labeling layout
+ * the keys worn out pretty fast, which is kind of sad, otherwise it's
+   absolutely gorgeous
+ * I could order [reprints](https://www.wasdkeyboards.com/index.php/products/printed-keycap-singles/reprinted-key.html) of those worn-out keys, on the upside
+ * i first ordered it with cherry MX "red" by mistake, and WASD were
+   nice enough to accept a return, but I had to pay shipping costs
+ * I would probably order a [WASD V3 87-Key Doubleshot PBT Black/Slate
+   Mechanical Keyboard](https://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-87-key-doubleshot-pbt-black-slate-mechanical-keyboard.html) next time, because they keys wear out much
+   less, and it's still really pretty
+
 CODE
 ----
 

fix header and add pool ball trivia
diff --git a/hardware/mouse.mdwn b/hardware/mouse.mdwn
index ae2a7338..4de2b40f 100644
--- a/hardware/mouse.mdwn
+++ b/hardware/mouse.mdwn
@@ -1,4 +1,11 @@
-I love trackpads. I only ues those now.
+[Computer Mice](https://en.wikipedia.org/wiki/Computer_mouse). They've been with us since almost the very
+beginning of computing, at least for machines with graphical
+interfaces.
+
+I used various mice over the years, from the [Mac plus](https://en.wikipedia.org/wiki/Macintosh_Plus) one-button
+mouse to the almost-standard [modern optical mouse](https://en.wikipedia.org/wiki/Optical_mouse) that crowds
+millions of offices world-wide. But now, I love [trackballs](https://en.wikipedia.org/wiki/Trackball). I
+only use those now.
 
 Kensington expert mouse
 =======================
@@ -31,6 +38,16 @@ time to get used to, but now it's wired into my fingers.
 
 I just love this mouse.
 
+Fun bit of trivia: according to Wikipedia, the original Kensington
+expert mouse could use normal US pool balls to replace the trackball!
+(I actually added a `{{citation needed}}`) And while it's [featured in
+the Ocean's 8 movie](https://www.trackballmouse.org/kensington-expert-trackball-in-the-movie-oceans-8/), [actual tests](https://www.youtube.com/watch?v=e9QcsBrN5I4) show the 8-ball doesn't
+track so well while the red 3-ball doesn't track at all, so I doubt
+this really works in any real way.
+
+But it's still freaking cool. Some even [built a custom mouse](https://maniacallabs.com/2019/01/22/billiard-ball-arcade-trackball-mouse/)
+inspired by the movie. 
+
 Kensington Orbit
 ================
 

some mouse reviews
diff --git a/hardware/mouse.mdwn b/hardware/mouse.mdwn
new file mode 100644
index 00000000..ae2a7338
--- /dev/null
+++ b/hardware/mouse.mdwn
@@ -0,0 +1,55 @@
+I love trackpads. I only ues those now.
+
+Kensington expert mouse
+=======================
+
+Specifically, a colleague/friend *gave* me a [Kensington Expert
+mouse](https://www.kensington.com/p/products/control/trackballs/expert-mouse-wired-trackball/) during a serious RSI episode, for which I will ever be
+grateful. It took a while to get used to it, but I will never go
+back. It's really the most expensive mice I have ever owned (at
+90$USD). Unfortunately, it's hard to find in real stores. The only
+canadian store I could find it at is [CDW.ca](https://www.cdw.ca/product/kensington-expert-mouse/610537?pfm=srh), for 127$CAD. Staples
+has it in the US as well, but the Canadian equivalent (Bureau En Gros)
+only has the [wireless version](https://www.bureauengros.com/products/2125926-fr-kensington-boule-de-commande-sans-fil-expert-mouse-k72359ww) at 133$CAD.
+
+Other stores:
+
+ * [Insight](https://ca.insight.com/en_CA/shop/product/64325/KENSINGTON/64325/Kensington-Expert-Mouse--trackball--PS2-USB/) (130$CAD)
+ * [SHI](https://www.shi.ca/products/productdetail.aspx?SHISystemID=SHICommodity&ProductIdentity=14220337&EventID=12692951-3336-42b3-8f27-75ec821bdaa6) (120$CAD)
+ * [CDW.ca](https://www.cdw.ca/product/kensington-expert-mouse/610537?pfm=srh) (127$CAD)
+
+The mouse is very comfortable, the ball is heavy and precise, and the
+mouse wheel is the best I have ever used. It has so much inertia that
+you can just send that thing *flying* and scroll quickly to long
+documents, a bit like you can scroll quickly through things on phones
+by swiping up repeatedly. I always find scroll wheels on other mouse
+frustrating since I have found this one.
+
+I also like the four buttons although I must admit I never use the
+fourth one and always forget what it's for. The layout needed a bit of
+time to get used to, but now it's wired into my fingers.
+
+I just love this mouse.
+
+Kensington Orbit
+================
+
+Because the "expert" is so hard to find and expensive, I bought a
+[orbit trackball](https://www.kensington.com/p/products/control/trackballs/orbit-trackball-with-scroll-ring/) for use at home. I never found it as satisfying,
+as it has many issues:
+
+ 1. the scroll wheel doesn't have as much inertia as the "expert"
+ 2. there are only two buttons, so no middle button, which I use
+    profusely
+
+It's otherwise a decent mouse and is good for travel as the "ball"
+doesn't fall off like it does with the "expert" model.
+
+Clearly superior
+================
+
+I only mention this because I read about that hardware in some blog
+that was swearing only by their trackballs. Their laser trackballs are
+called [L-Trac](https://www.clearlysuperiortech.com/l-trac-product-selector) and they have an interesting design where the
+scroll wheel is above the buttons. I'm not sure I like it, but it's
+worth looking into I guess...

more keyboard stuff
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index d814b9c3..24b69fc1 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -202,4 +202,16 @@ Downsides:
  * no function keys without modifier
  * expensive
 
+Keyboard.io
+-----------
+
+[Keyboard.io](https://shop.keyboard.io/) is an open hardware keyboard that comes with "source
+code and a screwdriver". It comes fully assembled, that said. It has a
+peculiar split layout with columned keys and weird key arrangement. I
+had to spend almost a minute to find the "space" key in their drawings
+(hint: it's a single, normal key that you hit with your thumb, between
+control, alt and shift). There are also "palm" keys that act as Fn
+keys. All this is probably totally alien and too weird for my poor old
+fingers to adapt to, but it does look gorgeous.
+
 [[!tag research]]

add references
diff --git a/communication/cards/Makefile b/communication/cards/Makefile
index 7a95c08e..176590b6 100644
--- a/communication/cards/Makefile
+++ b/communication/cards/Makefile
@@ -1,3 +1,11 @@
+# Some docs
+# general: https://www.qrcode.com/en/faq.html
+# smallest size: https://www.qrcode.com/en/howto/cell.html
+# upstream: https://github.com/fukuchi/libqrencode
+# WP: https://en.wikipedia.org/wiki/QR_code
+# vcard standard https://tools.ietf.org/html/rfc6350
+# https://en.wikipedia.org/wiki/VCard
+
 COLOR=c5da4fFF
 FORMAT=png
 

move along the existing cards stuff
diff --git a/business/Makefile b/communication/cards/Makefile
similarity index 100%
rename from business/Makefile
rename to communication/cards/Makefile
diff --git a/business/anarcat.vcf b/communication/cards/anarcat.vcf
similarity index 100%
rename from business/anarcat.vcf
rename to communication/cards/anarcat.vcf

stage business cards stuff
diff --git a/business/Makefile b/business/Makefile
new file mode 100644
index 00000000..7a95c08e
--- /dev/null
+++ b/business/Makefile
@@ -0,0 +1,8 @@
+COLOR=c5da4fFF
+FORMAT=png
+
+anarcat-qrcode-vcf.$(FORMAT): anarcat.vcf Makefile
+	qrencode --background=$(COLOR) --type=$(FORMAT) --verbose --output $@ < $<
+
+anarcat-qrcode-fpr.$(FORMAT): Makefile
+	qrencode --background=$(COLOR) --type=$(FORMAT) --verbose --output $@ OPENPGPFPR:8DC901CE64146C048AD50FBB792152527B75921E
diff --git a/business/anarcat.vcf b/business/anarcat.vcf
new file mode 100644
index 00000000..d112b5e1
--- /dev/null
+++ b/business/anarcat.vcf
@@ -0,0 +1,9 @@
+BEGIN:VCARD
+VERSION:4.0
+N:Beaupré;Antoine
+NICKNAME:anarcat
+ORG:Tor Project
+TITLE:Sysadmin
+EMAIL:anarcat@torproject.org
+X-OPENPGPFPR:8DC901CE64146C048AD50FBB792152527B75921E
+END:VCARD

make a section explicitely on dasung
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index b9ae634f..e6186529 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -246,6 +246,17 @@ l'écran "E ink" (550$USD).
 C'est aussi une machine beaucoup plus restreinte (délibérément) qu'une
 tablette générique.
 
+Dasung
+------
+
+[Dasung Tech](http://www.dasungtech.com/) make kind of weird devices. Their first device was a
+[13.3" e-ink monitor](https://www.indiegogo.com/projects/first-e-ink-monitor-with-front-light-touch/x/16580847#/) that only supported display and touch input,
+over HDMI, and that apparently works in Linux.
+
+They also make a weird [not-ereader](https://www.indiegogo.com/projects/not-ereader-first-e-ink-mobile-phone-monitor/x/16580847#/) that is a 7.8" e-ink screen
+that's designed to be a "phone monitor" but that also runs Android
+(6!) and can act as a standalone e-reader.
+
 Tablets
 =======
 
@@ -403,7 +414,7 @@ sizes:
 
  * 14.3": [A4 paper][]
  * 13.9": [US letter paper][]
- * 13.3": Onyx Boox Max, Sony DPTS1, [DPT-CP1](https://www.sony.com/electronics/digital-paper-notepads/dpt-series) 
+ * 13.3": Onyx Boox Max, Sony DPTS1, [DPT-CP1](https://www.sony.com/electronics/digital-paper-notepads/dpt-series), Dasung e-ink monitor
  * 12.9": [iPad Pro](https://en.wikipedia.org/wiki/IPad_Pro)
  * 10.3": Onyx Boox Note, [Sony DPT-RP1](https://www.sony.com/electronics/digital-paper-notepads/dpt-series), [reMarkable][]
  * 10.1": [Galaxy Tab 10.1](https://en.wikipedia.org/wiki/Samsung_Galaxy_Tab_10.1)

fp3: add full specs and more links
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index eeb1a295..49c3b3ee 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -157,6 +157,54 @@ with pre-orders for October. Here are the hilights from the website:
  * Qualcomm Snapdragon 632
  * 64GB internal storage
 
+The full specs:
+
+ * OS: Android 9
+ * Qualcomm Snapdragon 632 SoC
+ * CPU: Cortex-A53, Qualcomm Kryo 250 (64bit, 8 core, 1.8GHz)
+ * GPU: Qualcomm Adreno 506 650MHz
+ * 4GB RAM
+ * 64GB internal storage
+ * MicroSD card ([precise specs unknonwn](https://forum.fairphone.com/t/fp3-microsd-controller-specs-a1-or-a2/52368), <=200GB)
+ * 3060mAH battery (300 hours idle, 20h calls, 3.5h charge time)
+ * 5.65" Full HD+ 18:9 LCD (IPS) touchscreen,  2160 x 1080 resolution,
+   427ppi, Gorilla Glass 5, 16 million colors
+ * Rear camera: 12MP f/1.8, 1/2.55" sensor, phase detection autofocus,
+   Sony IMX363 sensor, digital image stabilization, dual LED flash, 8x
+   digital zoom, 3840x2160 video resolution, 4k@30fps, 1080p@30fps,
+   720p@60fps
+ * Front camera: 8MP f/2.0, 1/4" sensor, Digital Image Stabilization,
+   8x digital zoom
+ * Wifi: 2.4 & 5 GHz, 802.11 a/b/g/n/ac, Wifi direct
+ * Bluetooth 5 + LE
+ * NFC
+ * GNSS standards: GPS, Glonass, Galileo, A-GPS support
+ * Dual Nano SIM (4FF, Max SAR head (W/kg @ 10g) = 0.388, Max SAR body
+   (W/kg @ 10g) = 1.405)
+ * Frequencies:
+   * 4G (LTE) Type - Cat. 13, MIMO - 4x2, 2CA Carrier Aggregation,
+     VoLTE + VoWiFi, Bands - 1, 2, 3, 4, 5, 7, 13, 20, 26, Max download
+     300Mbps, Max upload 150Mbps
+   * 3G (HSPA+) HSDPA - Cat 24, HSUPA - Cat 6, Frequencies - 800, 850,
+     900, 1700, 1900, 2100 Mhz, Max download 42Mbps, Max upload 5.76Mbps
+   * 2G (GMS, GPRS, EDGE) Type - Cat. 33 Frequencies - 850, 900, 1800,
+     1900 Mhz
+ * USB-C 2.0
+ * Sensors: Fingerprint scanner, Ambient Light, Accelerometer,
+   Gyroscope, Proximity, Barometer, Compass
+ * Headphone jack
+ * External speaker loudness: 95db @ 10cm
+ * Audio: Miracast support, codecs:    AAC/AAC+/eAAC+, MP3, WMA (v9,
+   v10), WMALossless, WMAPro 10, AMR-NB, AMR-WB, FLAC, ALAC, Vorbis,
+   AIFF, APE
+ * Video: HEVC, H.264, MPEG-4, MPEG-2, H.263, VP8, VP9
+ * Dark Translucent body and cover
+   * Length 158 mm
+   * Width 71.8 mm
+   * Thickness 9.89 mm
+   * Weight: 189g
+   * IP54 certification
+
 There are some problems, however, that I have found with the specs:
 
  * they [dropped support for Fairphone Open](https://support.fairphone.com/hc/en-us/articles/360032971751-Operating-systems-OS-for-the-Fairphone-3), their google-free
@@ -164,8 +212,10 @@ There are some problems, however, that I have found with the specs:
    LineageOS is [not yet supported](https://forum.fairphone.com/t/will-lineageos-be-supported-on-fairphone-3/52528) on the phone. so it's unclear
    you will be able to [use the phone without a google account](https://forum.fairphone.com/t/can-i-use-a-fp3-without-a-google-account/52569) and
    the associated surveillance at all. it's possible a post-launch
-   update does provide support for those configurations, however.
- * the phone is 10% larger than the FP2
+   update does provide support for those configurations, however. see
+   also [this discussion](https://forum.fairphone.com/t/fp3-fairphone-open-os/52301)
+ * the phone is 10% larger than the FP2 (FP3: 158 x 71.8 x 9.89 mm,
+   FP2: 143 x 73 x 11 mm) but 2mm thinner and 1mm less wide
 
 Things I'm still unsure about:
 
@@ -179,7 +229,7 @@ Things I'm still unsure about:
    "[extend the battery life of your FP3](https://support.fairphone.com/hc/en-us/articles/360032857671-Extend-the-battery-life-of-your-Fairphone-3)" are stock "battery
    saver, etc" advice that worry me. but the specs say "300h standby
    time" so that could be much better than what I currently get, which
-   is about 30-40h standby
+   is about 30-40h standby. see also [this discussion](https://forum.fairphone.com/t/fp3-vs-fp2-autonomy-and-durability/52407)
  * they say they have a "great" 12MP camera in "low light", but I'm
    not convinced that 12MP is that great for a camera phone at this
    point. it's the same resolution as the *older* fairphone 2 so I

fp3 notes
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index f810801c..eeb1a295 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -142,6 +142,60 @@ Fairphone 2
 
 Moved to [[fairphone2]].
 
+Fairphone 3
+-----------
+
+The third generation of the fairphone was released in august 2019,
+with pre-orders for October. Here are the hilights from the website:
+
+ * Recycled and fair materials
+ * Modular and repairable design
+ * Full-day battery life
+ * A commitment to fairness
+ * Android 9, easy to use
+ * 12MP camera, great in low light
+ * Qualcomm Snapdragon 632
+ * 64GB internal storage
+
+There are some problems, however, that I have found with the specs:
+
+ * they [dropped support for Fairphone Open](https://support.fairphone.com/hc/en-us/articles/360032971751-Operating-systems-OS-for-the-Fairphone-3), their google-free
+   version of Android. that's a real bummer, especially since
+   LineageOS is [not yet supported](https://forum.fairphone.com/t/will-lineageos-be-supported-on-fairphone-3/52528) on the phone. so it's unclear
+   you will be able to [use the phone without a google account](https://forum.fairphone.com/t/can-i-use-a-fp3-without-a-google-account/52569) and
+   the associated surveillance at all. it's possible a post-launch
+   update does provide support for those configurations, however.
+ * the phone is 10% larger than the FP2
+
+Things I'm still unsure about:
+
+ * [no 4G support in the US](https://support.fairphone.com/hc/en-us/articles/360032577632-Connectivity-of-the-FP3-outside-of-Europe) - that's pretty dramatic, and is a
+   blocker for a huge market, I don't understand how they made that
+   decision. but you have to select *some* bands and it seems the
+   range is [wider than it was with the FP2](https://forum.fairphone.com/t/fairphone-3-canada/52358/5?u=anarcat), so it might actually
+   be *better* than the FP2, which *does* work (somewhat) in Canada
+ * "full day battery life" sounds like they haven't fixed the poor
+   battery life of the FP2 I have witnessed. the advice on how to
+   "[extend the battery life of your FP3](https://support.fairphone.com/hc/en-us/articles/360032857671-Extend-the-battery-life-of-your-Fairphone-3)" are stock "battery
+   saver, etc" advice that worry me. but the specs say "300h standby
+   time" so that could be much better than what I currently get, which
+   is about 30-40h standby
+ * they say they have a "great" 12MP camera in "low light", but I'm
+   not convinced that 12MP is that great for a camera phone at this
+   point. it's the same resolution as the *older* fairphone 2 so I
+   don't understand how they could give that an upgrade... apparently,
+   the camera *is* better in that it can at least *compare* with the
+   Pixel and Moto phone, according to [this review](https://tweakers.net/reviews/7290/4/fairphone-3-de-meest-repareerbare-smartphone-hardware-en-camera.html)
+
+On the upside:
+
+ * headphone jack is still there
+ * USB-C, although [without video output](https://forum.fairphone.com/t/fp3-and-hdmi-output-usb3-or-mhl/52511/5)
+ * transluscent cover is back
+ * [positive first impressions from iFixit](https://www.ifixit.com/News/the-fairphone-3-is-here-and-its-not-the-only-sustainable-phone-on-the-way) although they do
+   mention problems with US networks and that there are now other
+   porjects like the Fairphone (namely [Shift](https://www.shiftphones.com/en/) and [Teracube](https://myteracube.com/))
+
 Purism Librem 5
 ---------------
 
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 78fa9d66..736a1188 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -25,7 +25,7 @@ difficult to buy, but *some* shops *do* ship to Canada, like
 
 [perfect 10]: https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523
 
-I bought a [Fairphone 2]() (FP2) after the [price came down](https://forum.fairphone.com/t/fp2-price-at-399-24-discount-it-contains-24mg-of-gold/45562) for
+I bought a [Fairphone 2](https://en.wikipedia.org/wiki/Fairphone_2) (FP2) after the [price came down](https://forum.fairphone.com/t/fp2-price-at-399-24-discount-it-contains-24mg-of-gold/45562) for
 ~500$CAD at [Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/) and I'm waiting for the actual device to
 ship. It's a guess: the Fairphone 3 (FP3) is [due to come out in
 2019](https://forum.fairphone.com/t/fairphone-3-interview-of-bas-from-frandroid/28529) but I was tired of hacking around really old, unsupported and

complete a sentence
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 981f0cef..0229c817 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -20,7 +20,8 @@ Why
 
  * unusual templating engine: Perl's templates may have been great at
    some point, but they are definitely showing their age
-   now. something more standard like Jinja or Golang templates
+   now. something more standard like Jinja or Golang templates would
+   be easier for designers to use
 
  * sometimes strange markup rules. just writing this document was a
    challenge, because preformatted markdown text (prefixed with four

use the format directive to bypass the ikiwiki parser
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 4f67b9eb..981f0cef 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -36,6 +36,8 @@ $ git grep -h '\[\[!' | sed 's/\[\[!/\n[[!/g' | grep '\[\[!' | sed 's/ .*//' | s
      18 [[!img <span class="error">Error: bad image filename</span>]], which have their own unique logic:
 """]]
 
+   I had to use the `format` directive to workaround those problems.
+
 First conversion attempt
 ========================
 
@@ -105,77 +107,79 @@ Inventory
 
 List of directives used in my wiki:
 
-    $ git grep -h '\[\[!' | sed 's/\[\[!/\n[[!/g' | grep '\[\[!' | sed 's/ .*//' | sort | uniq -c | sort -n
-          1 [[!bibtex2html
-    ^ convert by hand
-          1 [[!orphans
-    ^ only in services?
-          1 [[!osm]]
-    ^ false positive, in software/ikiwiki-osm
-          1 [[!toggle
-    ^ in blog, convert by hand
-          1 [[!toggleable
-    ^ same
-          1 [[!wiki
-    ^ shortcode, probably to wikipedia, or an error
-          2 [[!debss
-    ^ shortcode, false positive (in shortcuts)
-          2 [[!google
-    ^ same
-          2 [[!if
-    ^ ikiwiki internal stuff (shortcuts, recentchanges)
-          2 [[!pagestats
-    ^ in tags and monthly reports
-          3 [[!rfc
-    ^ shortcode
-          3 [[!warning
-    ^ admonition
-          3 [[!waypoint
-    ^ false positive, see osm above
-          5 [[!debmsg
-    ^ shortcode
-          5 [[!debwiki
-    ^ shortcode
-          6 [[!important
-    ^ admonition
-          7 [[!man
-    ^ shortcode
-          8 [[!map
-    ^ IMPORTANT, need to figure it out
-          8 [[!note
-    ^ admonition
-          9 [[!tip
-    ^ admonition
-         16 [[!toc]]
-    ^ IMPORTANT, need to figure it out
-         18 [[!img
-    ^ IMPORTANT, need to figure it out
-         22 [[!color
-    ^ services table, rebuild by hand
-         26 [[!iki
-    ^ shortcodes?
-         50 [[!format
-    ^ IMPORTANT, need to figure it out
-         55 [[!shortcut
-    ^ shortcode, false positive (in shortcuts)
-         72 [[!wikipedia
-    ^ shortcode
-         96 [[!toc
-    ^ IMPORTANT, need to figure it out (see aboev)
-        109 [[!debcve
-    ^ shortcode
-        115 [[!debbug
-    ^ shortcode
-        142 [[!debpkg
-    ^ shortcode
-        268 [[!inline
-    mostly used in frontpage and blog, need to figure out
-        335 [[!tag
-    ^ IMPORTANT, need to figure it out
-        358 [[!comment
-    ^ IMPORTANT, need to figure it out
-       1254 [[!meta
-    ^ IMPORTANT, need to figure it out
+[[!format txt """
+$ git grep -h '\[\[!' | sed 's/\[\[!/\n[[!/g' | grep '\[\[!' | sed 's/ .*//' | sort | uniq -c | sort -n
+      1 [[!bibtex2html
+^ convert by hand
+      1 [[!orphans
+^ only in services?
+      1 [[!osm]]
+^ false positive, in software/ikiwiki-osm
+      1 [[!toggle
+^ in blog, convert by hand
+      1 [[!toggleable
+^ same
+      1 [[!wiki
+^ shortcode, probably to wikipedia, or an error
+      2 [[!debss
+^ shortcode, false positive (in shortcuts)
+      2 [[!google
+^ same
+      2 [[!if
+^ ikiwiki internal stuff (shortcuts, recentchanges)
+      2 [[!pagestats
+^ in tags and monthly reports
+      3 [[!rfc
+^ shortcode
+      3 [[!warning
+^ admonition
+      3 [[!waypoint
+^ false positive, see osm above
+      5 [[!debmsg
+^ shortcode
+      5 [[!debwiki
+^ shortcode
+      6 [[!important
+^ admonition
+      7 [[!man
+^ shortcode
+      8 [[!map
+^ IMPORTANT, need to figure it out
+      8 [[!note
+^ admonition
+      9 [[!tip
+^ admonition
+     16 [[!toc]]
+^ IMPORTANT, need to figure it out
+     18 [[!img
+^ IMPORTANT, need to figure it out
+     22 [[!color
+^ services table, rebuild by hand
+     26 [[!iki
+^ shortcodes?
+     50 [[!format
+^ IMPORTANT, need to figure it out
+     55 [[!shortcut
+^ shortcode, false positive (in shortcuts)
+     72 [[!wikipedia
+^ shortcode
+     96 [[!toc
+^ IMPORTANT, need to figure it out (see aboev)
+    109 [[!debcve
+^ shortcode
+    115 [[!debbug
+^ shortcode
+    142 [[!debpkg
+^ shortcode
+    268 [[!inline
+mostly used in frontpage and blog, need to figure out
+    335 [[!tag
+^ IMPORTANT, need to figure it out
+    358 [[!comment
+^ IMPORTANT, need to figure it out
+   1254 [[!meta
+^ IMPORTANT, need to figure it out
+"""]]
 
 Magic links
 ------------
@@ -183,8 +187,10 @@ Magic links
 There are also a ton of "magic ikiwiki links", called
 [[ikiwiki/wikilink]], which have their own unique logic:
 
-    $ git grep -h '\[\[[^!]' | sed 's/\[\[/\n[[/g' | grep '\[\[[^!]' | wc -l 
-    631
+[[!format txt """
+$ git grep -h '\[\[[^!]' | sed 's/\[\[/\n[[/g' | grep '\[\[[^!]' | wc -l 
+631
+"""]]
 
 Those will be difficult to convert as the semantics of internal
 linking in Markdown is not well defined. Or rather, it's bound to HTML

add example of weird markup in this very page
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index dc55621c..4f67b9eb 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -5,17 +5,37 @@
 Why
 ===
 
- * too slow: ikiwiki takes 30 seconds to refresh even a single page
+ * too slow: ikiwiki takes 30 seconds to refresh even when changing a
+   single page
+
  * hard to maintain: my patches to ikiwiki are still not merged and it
    makes upgrades painful
+
  * hard to deploy: it's difficult to tell people to use ikiwiki
-   because it's really hard to install and deploy a new wiki... i had
-   to use ikiwiki-hosting and that just adds another layer of
-   complexity
+   because it's really hard to install and deploy a new wiki... you
+   need to install the Debian package, then create a git repo (or SVN?
+   or darcs! why not), then create a `.setup` file, then... I forgot!
+   I had to use `ikiwiki-hosting` to make my life easier and that just
+   adds another layer of complexity.
+
  * unusual templating engine: Perl's templates may have been great at
    some point, but they are definitely showing their age
    now. something more standard like Jinja or Golang templates
 
+ * sometimes strange markup rules. just writing this document was a
+   challenge, because preformatted markdown text (prefixed with four
+   spaces) is being interpreted by the wikilinks parser, which lead to
+   errors like:
+   
+      [[!format txt """
+$ git grep -h '\[\[!' | sed 's/\[\[!/\n[[!/g' | grep '\[\[!' | sed 's/ .*//' | sort | uniq -c | sort -n
+      1 [[!bibtex2html <span class="error">Error: cannot find bestlink for &quot;^&quot;</span>]]
+^ false positive, in software/ikiwiki-osm
+      1 <a class="toggle" href="#services-wiki-ikiwiki-hugo-conversion.default">more</a>
+^ IMPORTANT, need to figure it out
+     18 [[!img <span class="error">Error: bad image filename</span>]], which have their own unique logic:
+"""]]
+
 First conversion attempt
 ========================
 

restructure a bit
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 2c96fe0d..dc55621c 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -1,5 +1,24 @@
 [[!meta title="Ikiwiki to Hugo conversion notes"]]
 
+[[!toc levels=3]]
+
+Why
+===
+
+ * too slow: ikiwiki takes 30 seconds to refresh even a single page
+ * hard to maintain: my patches to ikiwiki are still not merged and it
+   makes upgrades painful
+ * hard to deploy: it's difficult to tell people to use ikiwiki
+   because it's really hard to install and deploy a new wiki... i had
+   to use ikiwiki-hosting and that just adds another layer of
+   complexity
+ * unusual templating engine: Perl's templates may have been great at
+   some point, but they are definitely showing their age
+   now. something more standard like Jinja or Golang templates
+
+First conversion attempt
+========================
+
 I had to rename all files, and move stuff into `content/`, then things
 started generally working "working" (as in "breaking").
 
@@ -229,17 +248,3 @@ Other converters
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
  * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)
  * [Upstream list of converters](https://gohugo.io/tools/migrations/)
-
-Why
-===
-
- * too slow: ikiwiki takes 30 seconds to refresh even a single page
- * hard to maintain: my patches to ikiwiki are still not merged and it
-   makes upgrades painful
- * hard to deploy: it's difficult to tell people to use ikiwiki
-   because it's really hard to install and deploy a new wiki... i had
-   to use ikiwiki-hosting and that just adds another layer of
-   complexity
- * unusual templating engine: Perl's templates may have been great at
-   some point, but they are definitely showing their age
-   now. something more standard like Jinja or Golang templates

add title
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 24d5b66e..2c96fe0d 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -138,6 +138,9 @@ List of directives used in my wiki:
        1254 [[!meta
     ^ IMPORTANT, need to figure it out
 
+Magic links
+------------
+
 There are also a ton of "magic ikiwiki links", called
 [[ikiwiki/wikilink]], which have their own unique logic:
 

discussion of wikilinks
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 3f388862..24d5b66e 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -138,6 +138,38 @@ List of directives used in my wiki:
        1254 [[!meta
     ^ IMPORTANT, need to figure it out
 
+There are also a ton of "magic ikiwiki links", called
+[[ikiwiki/wikilink]], which have their own unique logic:
+
+    $ git grep -h '\[\[[^!]' | sed 's/\[\[/\n[[/g' | grep '\[\[[^!]' | wc -l 
+    631
+
+Those will be difficult to convert as the semantics of internal
+linking in Markdown is not well defined. Or rather, it's bound to HTML
+(in general) and ikiwiki goes beyond that. Some research needs to be
+done to see how other engines handle this and how it compares to the
+[[ikiwiki/subpage/linkingrules]].
+
+The peculiarities of wikilinks in ikiwiki:
+
+ * case-insensitiven (e.g. `\[[OtherPage]]` and `\[[otherpage]]` both
+   work)
+ * subpage lookups (e.g. `\[[otherpage]]` in `foo/subpage` will
+   look for `foo/subpage/otherpage`, `foo/otherpage`,
+   `otherpage`, in order; `\[[foo/subpage]]` will find
+   `/foo/subpage` from `bar`, instead of the expected
+   `bar/foo/subpage` in HTML)
+ * absolute lookups (prefixed with `/`, e.g. `\[[/about]]` links to
+   `https://example.com/foo/about` if the wiki is in
+   `example.com/foo`, and *not* `https://example.com/about` as HTML
+   normally would - probably relevant only for wikis in subdirectories)
+ * userdir lookups (`\[[anarcat]]` links to `\[[users/anarcat]]` if
+   userdir is set to `users`)
+ * backslash escapes (`\\[[WikiLink]]` is not a link)
+ * anchor lookups (`\[[WikiLink#foo]]`)
+ * there might be other rules like underscore (`_`) mapping to spaces
+   and other funky escape mechanisms
+
 Tasks
 =====
 

link to Antonioli's blog post
diff --git a/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
index 91acda2a..22902e8c 100644
--- a/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
+++ b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
@@ -144,9 +144,10 @@ go to sleep, it will disconnect. Then to start using the device again,
 the BT layer will renegociate that keysize, and the attack can happen
 again.
 
-(<del>I have written the authors of the paper to clarify at which stage the
-attack happens and will update this post when/if they reply.</del>
-Update: Daniele Antonioli confirmed the attack takes place at connect phase.)
+(<del>I have written the authors of the paper to clarify at which
+stage the attack happens and will update this post when/if they
+reply.</del> Update: Daniele Antonioli [has confirmed](https://francozappa.github.io/post/knob-repo2/) the attack
+takes place at connect phase.)
 
 [Bose Soundlink II]: https://www.bose.com/en_us/support/article/pairing-a-device-soundlink-mini-ii.html
 

update: Antonioli confirmed the attack phase
diff --git a/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
index 4422d01a..91acda2a 100644
--- a/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
+++ b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
@@ -135,17 +135,18 @@ devices. If you count three device by person (laptop, workstation,
 phone), you quickly hit the limit when you move the device around. So
 I end up repairing that device quite often.
 
-And even without that problem, it's possible the attack window might
-be much wider. I'm still trying to figure this out, but it's possible
-the attack happens during the *connexion* stage (see Figure 1, page
-1049 in the paper), *after* devices have paired. This actually happens
-*way* more often than just during pairing. Any time your speaker or
-laptop will go to sleep, it will disconnect. Then to start using the
-device again, the BT layer will renegociate that keysize, and the
-attack can happen again.
-
-(I have written the authors of the paper to clarify at which stage the
-attack happens and will update this post when/if they reply.)
+And that would be if the attack takes place during the pairing
+phase. As it turns out, the attack window is much wider: the attack
+happens during the *connexion* stage (see Figure 1, page 1049 in the
+paper), *after* devices have paired. This actually happens *way* more
+often than just during pairing. Any time your speaker or laptop will
+go to sleep, it will disconnect. Then to start using the device again,
+the BT layer will renegociate that keysize, and the attack can happen
+again.
+
+(<del>I have written the authors of the paper to clarify at which stage the
+attack happens and will update this post when/if they reply.</del>
+Update: Daniele Antonioli confirmed the attack takes place at connect phase.)
 
 [Bose Soundlink II]: https://www.bose.com/en_us/support/article/pairing-a-device-soundlink-mini-ii.html
 

add toc
diff --git a/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
index 387d26a3..4422d01a 100644
--- a/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
+++ b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
@@ -15,6 +15,8 @@ at all, and just base this analysis on my own (limited) knowledge of
 the protocol, and some articles (including the [paper](https://www.usenix.org/system/files/sec19-antonioli.pdf)) I read on
 the topic.
 
+[[!toc levels=2]]
+
 Is Bluetooth still safe?
 ========================
 

creating tag page tag/bluetooth
diff --git a/tag/bluetooth.mdwn b/tag/bluetooth.mdwn
new file mode 100644
index 00000000..464c58b9
--- /dev/null
+++ b/tag/bluetooth.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged bluetooth"]]
+
+[[!inline pages="tagged(bluetooth)" actions="no" archive="yes"
+feedshow=10]]

creating tag page tag/wireless
diff --git a/tag/wireless.mdwn b/tag/wireless.mdwn
new file mode 100644
index 00000000..de2cd369
--- /dev/null
+++ b/tag/wireless.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged wireless"]]
+
+[[!inline pages="tagged(wireless)" actions="no" archive="yes"
+feedshow=10]]

short blurb on bluetooth
diff --git a/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
new file mode 100644
index 00000000..387d26a3
--- /dev/null
+++ b/blog/2019-08-19-is-my-bluetooth-device-insecure.mdwn
@@ -0,0 +1,234 @@
+[[!meta title="KNOB attack: Is my Bluetooth device insecure?"]]
+
+A recent attack against [[!wikipedia Bluetooth]], called [KNOB][], has
+been making waves last week. In essence, it allows an attacker to
+downgrade the security of a Bluetooth so much that it's possible for
+the attacker to break the encryption key and spy on all the
+traffic. The attack is so devastating that some have described it as
+the "stop using bluetooth" flaw.
+
+[KNOB]: https://knobattack.com/
+
+This is my attempt at answering my own lingering questions about "can
+I still use Bluetooth now?" Disclaimer: I'm not an expert in Bluetooth
+at all, and just base this analysis on my own (limited) knowledge of
+the protocol, and some articles (including the [paper](https://www.usenix.org/system/files/sec19-antonioli.pdf)) I read on
+the topic.
+
+Is Bluetooth still safe?
+========================
+
+It really depends what "safe" means, and what your threat model is. I
+liked how the [Ars Technica article put it][]:
+
+[Ars Technica article put it]: https://arstechnica.com/information-technology/2019/08/new-attack-exploiting-serious-bluetooth-weakness-can-intercept-sensitive-data/
+
+> It's also important to note the hurdles—namely the cost of equipment
+> and a surgical-precision MitM—that kept the researchers from
+> actually carrying out their over-the-air attack in their own
+> laboratory. Had the over-the-air technique been easy, they almost
+> certainly would have done it.
+
+In other words, the active attack is really hard to do, and the
+researchers didn't actually *do* one at all! It's a theoretical flaw,
+at this point, and while it's definitely possible, it's not what the
+researchers did:
+
+> The researchers didn't carry out the man-in-the-middle attack over
+> the air. They did, however, root a Nexus 5 device to perform a
+> firmware attack. Based on the response from the other device—a
+> Motorola G3—the researchers said they believe that both attacks
+> would work.
+
+This led some researchers to (boldy) say they would still use a
+Bluetooth keyboard:
+
+> Dan Guido, a mobile security expert and the CEO of security firm
+> Trail of Bits, said: "This is a bad bug, although it is hard to
+> exploit in practice. It requires local proximity, perfect timing,
+> and a clear signal. You need to fully MitM both peers to change the
+> key size and exploit this bug. I'm going to apply the available
+> patches and continue using my bluetooth keyboard."
+
+So, what's safe and what's not, in my much humbler opinion?
+
+Keyboards: bad
+==============
+
+The attack is a real killer for Bluetooth keyboards. If an active
+attack is leveraged, it's game over: everything you type is visible to
+the attacker, and that includes, critically, passwords. In theory, one
+could even *input* keyboard events into the channel, which allows
+basically arbitrary code execution on the host.
+
+Some, however, made the argument that it's probably easier to implant
+a keylogger in the device than actually do that attack, but I
+disagree: this requires physical access, while the KNOB attack can be
+done remotely.
+
+How *far* this can be done, by the way, is still open to debate. The
+[Telegraph claimed "a mile"][] in a click-bait title, but I think
+such an attacker would need to be *much* closer for this to work, more
+in the range of "meters" than "kilometers". But it still means "a
+black van sitting outside your house" instead of "a dude breaking into
+your house", which is a significant difference.
+
+[Telegraph claimed "a mile"]: https://www.telegraph.co.uk/technology/2019/08/16/hackers-sitting-nearby-could-listen-phone-calls-bluetooth-headset/
+
+Other input devices: hum
+========================
+
+I'm not sure mice and other input devices are such a big deal,
+however. Extracting useful information from those mice moving around
+the screen is difficult without *seeing* what's behind that
+screen.
+
+So unless you use an on-screen keyboard or have special input devices,
+I don't think those are such a big deal when spied upon.
+
+They *could* be leveraged with other attacks to make you "click
+through" some things an attacker would otherwise not be able to do.
+
+Speakers: okay
+==============
+
+I think I'll still keep using my Bluetooth speakers. But that's
+because I don't have much confidential audio I listen to. I listen to
+music, movies, and silly cat videos; not confidential interviews with
+victims of repression that should absolutely have their identities
+protected. And if I ever come across such material, I now know that I
+should not trust that speaker..
+
+Otherwise, what's an attacker going to do here: listen to my (ever
+decreasing) voicemail (which is transmitted in cleartext by email
+anyways)? Listen to that [latest hit][]? Meh.
+
+[latest hit]: https://www.youtube.com/watch?v=_whvVXX0hCk
+
+Do keep in mind that some speakers have *microphones* in them as well,
+so that's not the entire story...
+
+Headsets and microphones: hum
+=============================
+
+Headsets and microphones are another beast, as they can listen to
+*other* things in your environment. I do feel much less comfortable
+using those devices now. What makes the entire thing really iffy is
+some speakers *do* have microphones in them and all of a sudden
+everything around you can listen on your entire life.
+
+(It seems like a given, with "smart home assistants" these days, but I
+still like to think my private conversations at home are private, in
+general. And I generally don't want to be near any of those "smart"
+devices, to be honest.)
+
+One mitigating circumstance here is that the attack needs to happen
+during the connection (or pairing? still unclear) negociation, which
+doesn't happen that often if everything works
+correctly. Unfortunately, this happens more than often *exactly* with
+speakers and headsets. That's because many of those devices stupidly
+have low limits on the number of devices they can pair with. For
+example, the [Bose Soundlink II][] can only pair with 8 other
+devices. If you count three device by person (laptop, workstation,
+phone), you quickly hit the limit when you move the device around. So
+I end up repairing that device quite often.
+
+And even without that problem, it's possible the attack window might
+be much wider. I'm still trying to figure this out, but it's possible
+the attack happens during the *connexion* stage (see Figure 1, page
+1049 in the paper), *after* devices have paired. This actually happens
+*way* more often than just during pairing. Any time your speaker or
+laptop will go to sleep, it will disconnect. Then to start using the
+device again, the BT layer will renegociate that keysize, and the
+attack can happen again.
+
+(I have written the authors of the paper to clarify at which stage the
+attack happens and will update this post when/if they reply.)
+
+[Bose Soundlink II]: https://www.bose.com/en_us/support/article/pairing-a-device-soundlink-mini-ii.html
+
+Fortunarely, the Bose Soundlink II has no microphone, which I'm
+thankful of. But my Bluetooth headset *does* have a microphone, which
+makes me less comfortable.
+
+File and contact transfers: bad
+===============================
+
+Bluetooth, finally, is also used to transfer stuff other than audio of
+course. It's clunky, weird and barely working, but it's possible to
+send files over Bluetooth, and some headsets and car controllers will
+ask you permission to list your contacts so that "smart" features like
+"OK Google, call dad please" will work.
+
+This attack makes it possible for an attacker to steal your contacts,
+when connecting devices. It can also intercept file transfers and so
+on.
+
+That's pretty bad, to say the least.
+
+Unfortunately, the "connection phase" mitigation described above is
+less relevant here. It's less likely you'll be continuously connecting
+two phones (or your phone and laptop) together for the purpose of file
+transfers. What's more likely is you'll connect the devices for
+explicit purpose of the file transfer, and therefore an attacker has a
+window for attack at *every* transfer.
+
+I don't really use the "contacts" feature anyways (because it creeps
+me the hell out in the first place), so that's not a problem for
+me. But the file transfer problem will certainly give me pause the
+next time I ever need to feel the pain of transfering files over
+Bluetooth again, which I hope is "never".
+
+It's interesting to note the parallel between this flaw, which will
+mostly affect Android file transfers, and the recent disclosure of
+[flaws with Apple's Airdrop protocol](https://www.zdnet.com/google-amp/article/apples-awdl-protocol-plagued-by-flaws-that-enable-tracking-and-mitm-attacks/) which was similarly believed
+to be secure, even though it was opaque and proprietary. Now, think a
+bit about how Airdrop uses Bluetooth to negociate part of the
+protocol, and you can feel like I feel that everything in security
+just somewhat keeps crashes down and we [don't seem to be able to make
+any progress at all](https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/).
+
+Overall: meh
+============
+
+I've always been uncomfortable with Bluetooth devices: the pairing

(Diff truncated)
another keyboard to add to the pile
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 52fc1929..d814b9c3 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -83,6 +83,21 @@ The [CODE keyboard](http://codekeyboards.com/) is also made by WASD but has spec
  * no windows logo!
  * 147$USD
 
+Happy Hacker Keyboard
+---------------------
+
+The [HHKB](https://hhkeyboard.us/) is interesting because it goes back to the old "[Sun
+type 3](http://blog.daveastels.com.s3-website-us-west-2.amazonaws.com/2014/12/27/type-3-keyboard.html)" keyboard layout, where the control key is next to the `A`
+key, in place of caps lock. I found this through the [TMK keyboard
+firmware](https://github.com/tmk/tmk_keyboard) project, which features open source firmware for a bunch
+of keyboards, including the HHKB (which, out of the box, is
+unfortunately *not* open).
+
+Their keyboards have weird features like variable actuation points and
+"capacitive switches".
+
+260$USD.
+
 Das Keyboard
 ------------
 

more issues in buster
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index 38c9c2ec..8668e16f 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -149,7 +149,9 @@ Those are packages that are only available in sid or stretch:
      <del>transition failure, probably just needs a punt</del> fixed
    * [[!debpkg torbrowser-launcher]]: was deliberately removed from
      buster, future unclear ([[!debbug 926042]])
-   * [[!debpkg wireguard]]: see above
+   * [[!debpkg virtualbox]]: same ([[!debbug 794466]])
+   * [[!debpkg wireguard]]: same ([[!debbug 849308]])
+   * [[!debpkg xawtv-tools]]: [[!debbug 916114]](
    * [xen](https://tracker.debian.org/pkg/xen): <del>newer in
      stretch</del> fixed ([[!debbug 907835]]!!)
    * [[!debpkg zotero-standalone]] - replaced by a Flatpak, see [the
@@ -263,6 +265,13 @@ The fix was to remove those diversions and reinstall the package:
     dpkg-divert --remove /usr/share/alsa/alsa.conf.d/50-pulseaudio.conf
     apt install --reinstall libasound2-plugins
 
+### Electrum
+
+[Electrum](http://electrum.org/) was [removed from Debian](https://tracker.debian.org/news/1006129/electrum-removed-from-testing/) because of a [serious
+security issue](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921688). I don't have anything in my wallet anymore, but
+it's possible that people send money there, unfortunately. I should
+probably figure a way out of there.
+
 Resolved
 --------
 

mention the secret keyring
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 68b2ce04..722d14af 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -194,7 +194,10 @@ find. Those with the long key ID are those that I could not find on
 the keyservers, for whatever reason. This takes a surprisingly long
 time: neither `gpg --list-packets` or `pgpdump` shows the key
 fingerprint, and I need a much more costly `--show-key` to get the
-actual key fingerprint.)
+actual key fingerprint. I also have a copy of the above keys, in
+flooded version, for testing purposes if people are interested in
+doing research and optimization for them. I won't link to them here to
+avoid confusion.)
 
 How to check for flooded keys
 -----------------------------

expand the list of vulnerable keys from brinkmann
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index f3c59222..68b2ce04 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -74,7 +74,8 @@ well:
     [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
 
  3. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
-    use the custom patch shipped in Debian experimental, see [Debian bug #930665](https://bugs.debian.org/930665))
+    use the custom patch shipped in Debian testing and unstable, see
+    [Debian bug #930665](https://bugs.debian.org/930665) and [bug #932684](https://bugs.debian.org/932684) for stable)
 
  4. `keys.openpgp.org` [does not currently receive updates from the SKS
     pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org
@@ -166,20 +167,34 @@ obviously not work as you probably don't want to delete your own
 key. [Daniel Lange's Cleaning a broken GNUpg (gpg) key](https://daniel-lange.com/archives/159-Cleaning-a-broken-GNUpg-gpg-key.html) article has
 an excellent tutorial on how to deal with that situation, fortunately.
 
-Known vulnerable keys
----------------------
-
-The keys known to be affected by such an attack are, at the time of
-writing:
-
- * Robert J. Hansen: `CC11 BE7C BBED 77B1 20F3 7B01 1DCB DC01 B444 27C7`
- * [Daniel Kahn Gillmor](https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/sr4so3py756t9p5ktpud9menxx1m3g5b): `C4BC 2DDB 38CC E964 85EB  E9C2 F206 9117 9038 E5C6`
- * [Tor Browser Developers (signing key)](https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf): `EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290`
-
-I have linked to a canonical, non-flooded version of the key when
-available on the web. Those are [now](https://trac.torproject.org/projects/tor/ticket/31168) available through WKD, as are
-any `debian.org` and `torproject.org` keys. The [Tor browser
-documentation](https://support.torproject.org/tbb/how-to-verify-signature/) has been updated to follow those instructions.
+Known flooded keys
+------------------
+
+At the time of writing, the keys known to be affected by such an
+attack are, according to [Marcus Brinkmann](https://twitter.com/lambdafu/status/1147216425276325889/photo/1):
+
+ * Yegor Timoshenko (SKS Exploit, 174612 sigs): `EC18 257D B217 46FC 7110  54BE B19C 61D6 1333 360C`
+ * Robert J. Hansen (GnuPG, 149113 sigs): `CC11 BE7C BBED 77B1 20F3 7B01 1DCB DC01 B444 27C7`
+ * Phil Zimmermann (PGP author, 101023 sigs): `055F C78F 1121 9349 2C4F  37AF C746 3639 B2D7 795E`
+ * [Tor Browser Developers (Tor, 100245 sigs)](https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf): `EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290`
+ * Patrick Brunschwig (Enigmail, 100145 sigs): `4F9F 89F5 505A C1D1 A260 631C DB11 87B9 DD5F 693B`
+ * Ryan McGinnis (GnuPG-Users 100001 sigs): `5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD`
+ * Micah Lee (Intercept, 84650 sigs): `927F 419D 7EC8 2C2F 149C  1BD1 403C 2657 CD99 4F73`
+ * [Daniel Kahn Gillmor](https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/sr4so3py756t9p5ktpud9menxx1m3g5b) (Debian, 54616 sigs): `C4BC 2DDB 38CC E964 85EB  E9C2 F206 9117 9038 E5C6`
+ * Patrick Brunschwig (Enigmail, 51343 sigs): `6D67 E781 7D58 8BEA 263F 41B9 EE81 92A6 E443 D6D8`
+ * Lance Cottrell (Mixmaster, 34390 sigs): `33D5 1B56 2195 3173 AB74 B521 BDCA 9F8E 3A6C 1785`
+
+I have linked to a canonical, non-flooded version of the key when I
+found one on the web. Keys on `debian.org` and `torproject.org` are
+[now](https://trac.torproject.org/projects/tor/ticket/31168) available through WKD. The [Tor browser documentation](https://support.torproject.org/tbb/how-to-verify-signature/) has
+been updated to follow those instructions.
+
+(Note that I added the full fingerprint for the keys I could
+find. Those with the long key ID are those that I could not find on
+the keyservers, for whatever reason. This takes a surprisingly long
+time: neither `gpg --list-packets` or `pgpdump` shows the key
+fingerprint, and I need a much more costly `--show-key` to get the
+actual key fingerprint.)
 
 How to check for flooded keys
 -----------------------------

corrections from dkg
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 4b8eba33..f3c59222 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -56,7 +56,8 @@ The first action should only be used in the short term, to give
 yourself time to evaluate your options. It should mitigate the
 problem, but it will mean you will not update your keyring for
 precious revocation certificates users post when their key is
-compromised. It's therefore not an acceptable solution in any way.
+compromised. It's therefore not an acceptable long-term solution in
+any way.
 
 The second action mitigates the problem, but has several downsides as
 well:
@@ -64,9 +65,9 @@ well:
  1. `keys.openpgp.org` does not store UIDs unless they are verified and
     asked for explicitly (workaround: keys can be shipped in-band with
     [Autocrypt](https://autocrypt.org/) or found through other mechanisms like [WKD, Web Key
-    Discovery](https://wiki.gnupg.org/WKD))
+    Directory](https://wiki.gnupg.org/WKD))
 
- 2. `keys.openpgp.org` does not store UID certifications at all, which means it
+ 2. `keys.openpgp.org` does not store third-party UID certifications at all, which means it
     doesn't propagate the "web of trust" (workaround: same as above,
     and you should send signed keys by email anyways to verify
     ownership of the UID, using tools like [caff](https://www.palfrader.org/code/#caff), [pius](https://phildev.net/pius/),
@@ -206,4 +207,11 @@ trouble in all OpenPGP implementations. Thankfully, both pgpdump and
 GnuPG are able to walk the packets fast enough to parse the raw form,
 it's when they are loaded in memory by GnuPG that things go south...
 
+Credits
+-------
+
+A million thanks to Daniel Kahn Gillmor for the incredible work he's
+done bringing sense in the GnuPG upstream but also in reviewing my
+many writings over the years, and of course particularly this one.
+
 [[!tag pgp documentation security news]]

another reference
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 3fb558a0..4b8eba33 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -21,6 +21,7 @@ workflows.
 > * [Gentoo: Impact of SKS keyserver poisoning on Gentoo](https://www.gentoo.org/news/2019/07/03/sks-key-poisoning.html)
 > * [Michał Górny: SKS poisoning, keys.openpgp.org / Hagrid and other
 >   non-solutions](https://blogs.gentoo.org/mgorny/2019/07/04/sks-poisoning-keys-openpgp-org-hagrid-and-other-non-solutions/)
+> * [Julien Voisin: Cleaning up your gpg keyring after the SKS debacle](https://dustri.org/b/cleaning-up-your-gpg-keyring-after-the-sks-debacle.html)
 
 Since the Tor project uses OpenPGP and GnuPG extensively in its
 operations, I figured it was important to let the community know of an

rewrite key parser without gpg, and mention alternatives to GnuPG
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 894c07f5..3fb558a0 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -120,6 +120,29 @@ key](https://dev.gnupg.org/T4591) has been marked as fixed, even though the fix
 ignore all signatures from the keyservers, which is hardly a fix at
 all...
 
+I have high hopes that [sequoia](https://gitlab.com/sequoia-pgp/sequoia) eventually replaces GnuPG as the
+canonical OpenPGP implementation. It has already grown by leaps and
+bounds and seems to have a much better approach to solving the various
+problems:
+
+ 1. it's a library, not only an executable
+ 2. it has a sane commandline interface
+ 3. it's written in a somewhat safer language (Rust)
+
+The downsides?
+
+ 1. it's [not packaged in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929385)
+ 2. it's written in an unusual and fast moving language (Rust)
+ 3. it doesn't have support for smartcard readers and key cards like
+    the Yubikey
+
+I'm sometimes using sequoia through the [Docker image I built](https://gitlab.com/sequoia-pgp/sequoia/merge_requests/157) but
+I am still using GnuPG on a day to day basis.
+
+I did write some [scripts](https://gitlab.com/anarcat/scripts/blob/master/openpgp-key-get) to work around some problems in dirmngr
+as well. Finally, [hOpenPGP](https://salsa.debian.org/clint/hOpenPGP) has some interesting Haskell tools to
+process OpenPGP packets, along with [pgpdump](https://www.mew.org/~kazu/proj/pgpdump/en/).
+
 Recovering from a damaged keyring
 ---------------------------------
 
@@ -163,17 +186,23 @@ To check if your key is affected *without* importing it into your
 keyring, you can use the following command:
 
     FINGERPRINT=0x8DC901CE64146C048AD50FBB792152527B75921E # for example mine
-    KEYSERVER="http://pool.sks-keyservers.net/"
-    URL="$KEYSERVER/pks/lookup?op=get&search=$FINGERPRINT&options=mr&fingerprint=on&exact=on" 
-    curl -sSL "$URL"| gpg --list-packets |  grep -c '^:signature packet:'
+    curl --cacert /usr/share/gnupg/sks-keyservers.netCA.pem -sSL "http://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=$FINGERPRINT&options=mr&fingerprint=on&exact=on" \
+        | pgpdump | grep -E -c '^(Old|New): Signature Packet'
+
+This counts the number of signatures on your key. The key part
+(`pgpdump | grep -E -c '^(Old|New): Signature Packet'`) can be used to
+check any keyring or blob, so it can also be used on your own keyring,
+in `~/.gnupg/pubring.gpg`.
+
+If you do not have `pgpdump` installed, the equivalent in GnuPG would
+be:
 
-This counts the number of signatures on your key. The key part (`gpg
---list-packets |  grep -c '^:signature packet:'`) can be used to check
-any keyring or blob, so it can also be used on your own keyring, in
-`~/.gnupg/pubring.gpg`.
+    gpg --list-packets |  grep -c '^:signature packet:'
 
 A reasonable number is less or around a thousand. dkg's key has now
 around 55 000 signatures on his key, which (naturally) causes some
-trouble in all OpenPGP implementations.
+trouble in all OpenPGP implementations. Thankfully, both pgpdump and
+GnuPG are able to walk the packets fast enough to parse the raw form,
+it's when they are loaded in memory by GnuPG that things go south...
 
 [[!tag pgp documentation security news]]

fix broken markup
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index d829efa5..894c07f5 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -72,8 +72,7 @@ well:
     [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
 
  3. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
-    use the custom patch shipped in Debian experimental, see [Debian bug
-    #930665](https://bugs.debian.org/930665))
+    use the custom patch shipped in Debian experimental, see [Debian bug #930665](https://bugs.debian.org/930665))
 
  4. `keys.openpgp.org` [does not currently receive updates from the SKS
     pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org

add toc, fix list
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 67ec3569..d829efa5 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -1,5 +1,7 @@
 [[!meta title="OpenPGP flooding attack mitigations"]]
 
+[[!toc levels=2]]
+
 TL;DR: stop using keyservers, they're dangerous, at least with
 GnuPG. Start deploying WKD and consider replacing GnuPG in your
 workflows.
@@ -58,22 +60,22 @@ compromised. It's therefore not an acceptable solution in any way.
 The second action mitigates the problem, but has several downsides as
 well:
 
- a. `keys.openpgp.org` does not store UIDs unless they are verified and
+ 1. `keys.openpgp.org` does not store UIDs unless they are verified and
     asked for explicitly (workaround: keys can be shipped in-band with
     [Autocrypt](https://autocrypt.org/) or found through other mechanisms like [WKD, Web Key
     Discovery](https://wiki.gnupg.org/WKD))
 
- b. `keys.openpgp.org` does not store UID certifications at all, which means it
+ 2. `keys.openpgp.org` does not store UID certifications at all, which means it
     doesn't propagate the "web of trust" (workaround: same as above,
     and you should send signed keys by email anyways to verify
     ownership of the UID, using tools like [caff](https://www.palfrader.org/code/#caff), [pius](https://phildev.net/pius/),
     [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
 
- c. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
+ 3. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
     use the custom patch shipped in Debian experimental, see [Debian bug
     #930665](https://bugs.debian.org/930665))
 
- d. `keys.openpgp.org` [does not currently receive updates from the SKS
+ 4. `keys.openpgp.org` [does not currently receive updates from the SKS
     pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org
     directly as well as the SKS pool)
 

new blog post: more PGP madness
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
new file mode 100644
index 00000000..67ec3569
--- /dev/null
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -0,0 +1,178 @@
+[[!meta title="OpenPGP flooding attack mitigations"]]
+
+TL;DR: stop using keyservers, they're dangerous, at least with
+GnuPG. Start deploying WKD and consider replacing GnuPG in your
+workflows.
+
+> This blog post was originally [posted to the tor-project mailing
+> list](https://lists.torproject.org/pipermail/tor-project/2019-June/002377.html). It has been edited to take new information into account. A
+> few other people wrote about this problem since my first email, see
+> also:
+>
+> * [Daniel Kahn Gillmor: OpenPGP Certificate Flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.mdwn.html)
+> * [Daniel Kahn Gillmor: Community Impact of OpenPGP Certificate Flooding](https://dkg.fifthhorseman.net/blog/community-impact-openpgp-cert-flooding.html)
+> * [Robert J. Hansen: SKS Keyserver Network Attack: Consequences](https://gist.github.com/rjhansen/f716c3ff4a7068b50f2d8896e54e4b7e)
+> * [Daniel Lange: Cleaning a broken GNUpg (gpg) key](https://daniel-lange.com/archives/159-Cleaning-a-broken-GNUpg-gpg-key.html)
+> * [Jake Edge: OpenPGP certificate flooding](https://lwn.net/Articles/792366/)
+> * [Filippo Valsorda: Cryptography Dispatches: Hello World, and
+>   OpenPGP Is Broken](https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-hello-world-and-openpgp/)
+> * [Gentoo: Impact of SKS keyserver poisoning on Gentoo](https://www.gentoo.org/news/2019/07/03/sks-key-poisoning.html)
+> * [Michał Górny: SKS poisoning, keys.openpgp.org / Hagrid and other
+>   non-solutions](https://blogs.gentoo.org/mgorny/2019/07/04/sks-poisoning-keys-openpgp-org-hagrid-and-other-non-solutions/)
+
+Since the Tor project uses OpenPGP and GnuPG extensively in its
+operations, I figured it was important to let the community know of an
+ongoing attack against the keyserver infrastructure and GnuPG. The
+longer story is available on [dkg's blog](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), but a summary is that at
+least two prominent OpenPGP users have seen their public key flooded
+with thousands of signatures, to the point where their keys are now
+completely unusable.
+
+Note that a *different* attack was fielded against the
+`deb.torproject.org` Debian archive signing key, [back in
+February](https://lists.torproject.org/pipermail/tor-project/2019-February/002194.html). The key was signed by a key with a large UID which made
+GPG's life harder. It's a different attack, but that can be mitigated
+in similar ways. The good key is still available [on the archive site
+itself](https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc).
+
+Mitigation strategies
+---------------------
+
+I recommend you consider taking the following immediate actions, either:
+
+ 1. in the short term, disable automated key refreshes on your keyring
+    (either [Parcimonie](https://gaffer.boum.org/intrigeri/code/parcimonie/) or manual scripts calling `gpg --refresh`
+    in some other way), or;
+
+ 2. switch to the new keys.openpgp.org keyserver, by setting the
+    following in your `gpg.conf`:
+
+        keyserver hkps://keys.openpgp.org/
+
+The first action should only be used in the short term, to give
+yourself time to evaluate your options. It should mitigate the
+problem, but it will mean you will not update your keyring for
+precious revocation certificates users post when their key is
+compromised. It's therefore not an acceptable solution in any way.
+
+The second action mitigates the problem, but has several downsides as
+well:
+
+ a. `keys.openpgp.org` does not store UIDs unless they are verified and
+    asked for explicitly (workaround: keys can be shipped in-band with
+    [Autocrypt](https://autocrypt.org/) or found through other mechanisms like [WKD, Web Key
+    Discovery](https://wiki.gnupg.org/WKD))
+
+ b. `keys.openpgp.org` does not store UID certifications at all, which means it
+    doesn't propagate the "web of trust" (workaround: same as above,
+    and you should send signed keys by email anyways to verify
+    ownership of the UID, using tools like [caff](https://www.palfrader.org/code/#caff), [pius](https://phildev.net/pius/),
+    [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
+
+ c. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
+    use the custom patch shipped in Debian experimental, see [Debian bug
+    #930665](https://bugs.debian.org/930665))
+
+ d. `keys.openpgp.org` [does not currently receive updates from the SKS
+    pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org
+    directly as well as the SKS pool)
+
+Note that `keys.openpgp.org` has been seeded with the global SKS keyserver
+datastore, so it contains all the keys you would expect to be present on
+the latter, except they are sanitized to avoid this problem. The UID
+are also "hidden" from public view until validated by the user.
+
+I encourage users to:
+
+ 1. upload their keys to the `keys.openpgp.org` keyserver if they are
+    not already present
+
+ 2. validate their email address on `keys.openpgp.org`
+
+ 3. either switch to `keys.openpgp.org` by default or carefully
+    review their key update configuration to make sure it is not
+    vulnerable to this attack
+
+ 4. make sure your own keys are not affected by this problem (see
+    below)
+
+Discussion on mitigations in GnuPG itself
+-----------------------------------------
+
+GnuPG [released a new version (2.2.17)](https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html) that supposedly address
+those issues. Unfortunately, the workaround ("Ignore all
+key-signatures received from keyservers") has the same limitation as
+switching to `keys.openpgp.org`, in that it ignores UID
+signatures. The change has already been [reverted in Arch Linux](https://bugs.archlinux.org/task/63147) is
+it broke their authentication chain.
+
+The underlying problem is that GPG has serious performance flaws in
+its implementation, with certain lookups taking O(N^2) where N is the
+number of signatures (or keys?). OpenPGP packets are basically a list
+of blobs, but GnuPG also represents those internally (and on disk) as
+a linked list as well, which has obvious performance limitations.
+
+[Patches have been submitted](https://dev.gnupg.org/T4592) to fix this particular performance
+problem, but have yet to find their way in an official release, for
+some inexplicable reason. The [original bug reported by dkg about his
+key](https://dev.gnupg.org/T4591) has been marked as fixed, even though the fix is actually to
+ignore all signatures from the keyservers, which is hardly a fix at
+all...
+
+Recovering from a damaged keyring
+---------------------------------
+
+If you have fetched an hostile key and GnuPG has become unusable, you
+can recover by deleting the key with:
+
+    gpg --delete-key C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
+
+Note that this may take anywhere from 20 minutes to an hour.
+
+And then fetch dkg's key via WKD:
+
+    gpg --locate-keys dkg@fifthhorseman.net
+
+or his website, <https://dkg.fifthhorseman.net/dkg-openpgp.key>.
+
+If *your* key is the one that has been damaged, the above will
+obviously not work as you probably don't want to delete your own
+key. [Daniel Lange's Cleaning a broken GNUpg (gpg) key](https://daniel-lange.com/archives/159-Cleaning-a-broken-GNUpg-gpg-key.html) article has
+an excellent tutorial on how to deal with that situation, fortunately.
+
+Known vulnerable keys
+---------------------
+
+The keys known to be affected by such an attack are, at the time of
+writing:
+
+ * Robert J. Hansen: `CC11 BE7C BBED 77B1 20F3 7B01 1DCB DC01 B444 27C7`
+ * [Daniel Kahn Gillmor](https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/sr4so3py756t9p5ktpud9menxx1m3g5b): `C4BC 2DDB 38CC E964 85EB  E9C2 F206 9117 9038 E5C6`
+ * [Tor Browser Developers (signing key)](https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf): `EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290`
+
+I have linked to a canonical, non-flooded version of the key when
+available on the web. Those are [now](https://trac.torproject.org/projects/tor/ticket/31168) available through WKD, as are
+any `debian.org` and `torproject.org` keys. The [Tor browser
+documentation](https://support.torproject.org/tbb/how-to-verify-signature/) has been updated to follow those instructions.
+
+How to check for flooded keys
+-----------------------------
+
+To check if your key is affected *without* importing it into your
+keyring, you can use the following command:
+
+    FINGERPRINT=0x8DC901CE64146C048AD50FBB792152527B75921E # for example mine
+    KEYSERVER="http://pool.sks-keyservers.net/"
+    URL="$KEYSERVER/pks/lookup?op=get&search=$FINGERPRINT&options=mr&fingerprint=on&exact=on" 
+    curl -sSL "$URL"| gpg --list-packets |  grep -c '^:signature packet:'
+
+This counts the number of signatures on your key. The key part (`gpg
+--list-packets |  grep -c '^:signature packet:'`) can be used to check
+any keyring or blob, so it can also be used on your own keyring, in
+`~/.gnupg/pubring.gpg`.
+
+A reasonable number is less or around a thousand. dkg's key has now
+around 55 000 signatures on his key, which (naturally) causes some
+trouble in all OpenPGP implementations.
+
+[[!tag pgp documentation security news]]

pinebook pro now available
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 9e371237..30986b1b 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -118,7 +118,8 @@ https://www.pine64.org/?page_id=3707
 
 First version is apparently too slow for day-to-day usage (and RAM is
 just ludicrously small), but it's cheap. A new one should [come out in
-2019](https://www.omgubuntu.co.uk/2019/01/pinebook-pro-linux-laptop-coming-soon) but alas still with only 4GB RAM.
+2019](https://www.omgubuntu.co.uk/2019/01/pinebook-pro-linux-laptop-coming-soon) but alas still with only 4GB RAM. Update: [Pinebook 64 pro
+now pre-order](https://store.pine64.org/?product=14-pinebook-pro-linux-laptop) (august 2019).
 
 Pyra
 ----

removed
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
deleted file mode 100644
index 11d6c88f..00000000
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="90s floral dress"
- url="http://www.cpbetas.com/90s-floral-dress-dressh"
- subject="90s floral dress"
- date="2019-07-26T23:36:50Z"
- content="""
-<a href=\"http://www.kinkfresno.com/floral-dress-women-knee-length-dressh\">floral dress women knee length</a> <a href=\"http://www.modconsol.com/floral-off-shoulder-maxi-dress-dressh\">floral off shoulder maxi dress</a> <a href=\"http://www.portlandsarl.com/adrianna-papell-plus-elbow-sleeve-floral-dress-dressh\">adrianna papell plus elbow sleeve floral dress</a> <a href=\"http://www.qdoritsharon.com/blue-floral-dress-cap-sleeve-dressh\">blue floral dress cap sleeve</a> <a href=\"http://www.sandyshands.com/coast-floral-dress-2013-dressh\">coast floral dress 2013</a> <a href=\"http://www.shehutrans.com/floral-dresses-by-vesper-dressh\">floral dresses by vesper</a>
-"""]]

removed
diff --git a/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment b/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
deleted file mode 100644
index 6a8cac62..00000000
--- a/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="yumi neon floral dress"
- url="http://www.rimsanmakine.com/yumi-neon-floral-dress-dressh"
- subject="yumi neon floral dress"
- date="2019-07-26T20:06:40Z"
- content="""
-<a href=\"http://www.weissewelt.com/red-herring-blue-floral-dress-dressh\">red herring blue floral dress</a> <a href=\"http://www.wileyhyundai.com/navy-blue-floral-dresses-dressh\">navy blue floral dresses</a> <a href=\"http://www.ariehonders.com/phase-eight-violet-vintage-floral-dress-dressh\">phase eight violet vintage floral dress</a> <a href=\"http://www.axxisdrilling.com/how-to-wear-a-floral-dress-at-night-dressh\">how to wear a floral dress at night</a> <a href=\"http://www.edannaturals.com/basler-three-quarter-sleeve-ruched-floral-print-dress-dressh\">basler three quarter sleeve ruched floral print dress</a> <a href=\"http://www.instabitgram.com/floral-dresses-midi-length-dressh\">floral dresses midi length</a>
-"""]]

removed
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
deleted file mode 100644
index 83175203..00000000
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="torrid floral chiffon dress"
- url="http://www.vtrvideo.com/torrid-floral-chiffon-dress-dressh"
- subject="torrid floral chiffon dress"
- date="2019-07-26T23:36:06Z"
- content="""
-<a href=\"http://www.carlandcodys.com/orleans-navy-and-white-floral-dress-dressh\">orleans navy and white floral dress</a> <a href=\"http://www.creftech.com/ebay-midi-floral-dresses-dressh\">ebay midi floral dresses</a> <a href=\"http://www.desksergeant.com/floral-dresses-tall-dressh\">floral dresses tall</a> <a href=\"http://www.fromuser.com/flower-print-dress-2015-dressh\">flower print dress 2015</a> <a href=\"http://www.giorgiocarusi.com/ralph-lauren-floral-dress-dressh\">ralph lauren floral dress</a> <a href=\"http://www.jserrahockey.com/floral-print-prom-dresses-under-200-dressh\">floral print prom dresses under 200</a>
-"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment b/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
deleted file mode 100644
index ab3d4e41..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="cheap flower girl dresses in uk"
- url="http://www.chocopictures.com/cheap-flower-girl-dresses-in-uk-dressh"
- subject="cheap flower girl dresses in uk"
- date="2019-07-27T04:34:26Z"
- content="""
-<a href=\"http://www.eisenhards.com/zara-blue-floral-dress-ebay-dressh\">zara blue floral dress ebay</a> <a href=\"http://www.essodustade.com/floral-dress-buy-dressh\">floral dress buy</a> <a href=\"http://www.frugstore.com/macy-s-inc-floral-dress-dressh\">macy s inc floral dress</a> <a href=\"http://www.partyhubuk.com/flower-boy-dress-designs-dressh\">flower boy dress designs</a> <a href=\"http://www.prohaarklinik.com/navy-and-pale-pink-floral-dress-dressh\">navy and pale pink floral dress</a> <a href=\"http://www.unclicprod.com/dorothy-perkins-pink-floral-pencil-dress-dressh\">dorothy perkins pink floral pencil dress</a>
-"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
deleted file mode 100644
index 3ba1e2f7..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="warehouse blue flower dress"
- url="http://www.hardingmarcom.com/warehouse-blue-flower-dress-dressh"
- subject="warehouse blue flower dress"
- date="2019-07-27T04:23:50Z"
- content="""
-<a href=\"http://www.vaccinebuynet.com/long-floral-boho-dresses-dressh\">long floral boho dresses</a> <a href=\"http://www.akivla.com/lipsy-floral-dress-ebay-dressh\">lipsy floral dress ebay</a> <a href=\"http://www.dastforoush.com/lipsy-long-sleeve-floral-bodycon-dress-dressh\">lipsy long sleeve floral bodycon dress</a> <a href=\"http://www.kleenexformen.com/black-floral-dresses-with-sleeves-dressh\">black floral dresses with sleeves</a> <a href=\"http://www.koreazp.com/multi-floral-occasion-dress-dressh\">multi floral occasion dress</a> <a href=\"http://www.mgazamusic.com/3-4-sleeve-white-floral-dress-dressh\">3 4 sleeve white floral dress</a>
-"""]]

Added a comment: cheap flower girl dresses in uk
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment b/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
new file mode 100644
index 00000000..ab3d4e41
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="cheap flower girl dresses in uk"
+ url="http://www.chocopictures.com/cheap-flower-girl-dresses-in-uk-dressh"
+ subject="cheap flower girl dresses in uk"
+ date="2019-07-27T04:34:26Z"
+ content="""
+<a href=\"http://www.eisenhards.com/zara-blue-floral-dress-ebay-dressh\">zara blue floral dress ebay</a> <a href=\"http://www.essodustade.com/floral-dress-buy-dressh\">floral dress buy</a> <a href=\"http://www.frugstore.com/macy-s-inc-floral-dress-dressh\">macy s inc floral dress</a> <a href=\"http://www.partyhubuk.com/flower-boy-dress-designs-dressh\">flower boy dress designs</a> <a href=\"http://www.prohaarklinik.com/navy-and-pale-pink-floral-dress-dressh\">navy and pale pink floral dress</a> <a href=\"http://www.unclicprod.com/dorothy-perkins-pink-floral-pencil-dress-dressh\">dorothy perkins pink floral pencil dress</a>
+"""]]

Added a comment: warehouse blue flower dress
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
new file mode 100644
index 00000000..3ba1e2f7
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="warehouse blue flower dress"
+ url="http://www.hardingmarcom.com/warehouse-blue-flower-dress-dressh"
+ subject="warehouse blue flower dress"
+ date="2019-07-27T04:23:50Z"
+ content="""
+<a href=\"http://www.vaccinebuynet.com/long-floral-boho-dresses-dressh\">long floral boho dresses</a> <a href=\"http://www.akivla.com/lipsy-floral-dress-ebay-dressh\">lipsy floral dress ebay</a> <a href=\"http://www.dastforoush.com/lipsy-long-sleeve-floral-bodycon-dress-dressh\">lipsy long sleeve floral bodycon dress</a> <a href=\"http://www.kleenexformen.com/black-floral-dresses-with-sleeves-dressh\">black floral dresses with sleeves</a> <a href=\"http://www.koreazp.com/multi-floral-occasion-dress-dressh\">multi floral occasion dress</a> <a href=\"http://www.mgazamusic.com/3-4-sleeve-white-floral-dress-dressh\">3 4 sleeve white floral dress</a>
+"""]]

Added a comment: 90s floral dress
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
new file mode 100644
index 00000000..11d6c88f
--- /dev/null
+++ b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="90s floral dress"
+ url="http://www.cpbetas.com/90s-floral-dress-dressh"
+ subject="90s floral dress"
+ date="2019-07-26T23:36:50Z"
+ content="""
+<a href=\"http://www.kinkfresno.com/floral-dress-women-knee-length-dressh\">floral dress women knee length</a> <a href=\"http://www.modconsol.com/floral-off-shoulder-maxi-dress-dressh\">floral off shoulder maxi dress</a> <a href=\"http://www.portlandsarl.com/adrianna-papell-plus-elbow-sleeve-floral-dress-dressh\">adrianna papell plus elbow sleeve floral dress</a> <a href=\"http://www.qdoritsharon.com/blue-floral-dress-cap-sleeve-dressh\">blue floral dress cap sleeve</a> <a href=\"http://www.sandyshands.com/coast-floral-dress-2013-dressh\">coast floral dress 2013</a> <a href=\"http://www.shehutrans.com/floral-dresses-by-vesper-dressh\">floral dresses by vesper</a>
+"""]]

Added a comment: torrid floral chiffon dress
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
new file mode 100644
index 00000000..83175203
--- /dev/null
+++ b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="torrid floral chiffon dress"
+ url="http://www.vtrvideo.com/torrid-floral-chiffon-dress-dressh"
+ subject="torrid floral chiffon dress"
+ date="2019-07-26T23:36:06Z"
+ content="""
+<a href=\"http://www.carlandcodys.com/orleans-navy-and-white-floral-dress-dressh\">orleans navy and white floral dress</a> <a href=\"http://www.creftech.com/ebay-midi-floral-dresses-dressh\">ebay midi floral dresses</a> <a href=\"http://www.desksergeant.com/floral-dresses-tall-dressh\">floral dresses tall</a> <a href=\"http://www.fromuser.com/flower-print-dress-2015-dressh\">flower print dress 2015</a> <a href=\"http://www.giorgiocarusi.com/ralph-lauren-floral-dress-dressh\">ralph lauren floral dress</a> <a href=\"http://www.jserrahockey.com/floral-print-prom-dresses-under-200-dressh\">floral print prom dresses under 200</a>
+"""]]

Added a comment: yumi neon floral dress
diff --git a/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment b/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
new file mode 100644
index 00000000..6a8cac62
--- /dev/null
+++ b/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="yumi neon floral dress"
+ url="http://www.rimsanmakine.com/yumi-neon-floral-dress-dressh"
+ subject="yumi neon floral dress"
+ date="2019-07-26T20:06:40Z"
+ content="""
+<a href=\"http://www.weissewelt.com/red-herring-blue-floral-dress-dressh\">red herring blue floral dress</a> <a href=\"http://www.wileyhyundai.com/navy-blue-floral-dresses-dressh\">navy blue floral dresses</a> <a href=\"http://www.ariehonders.com/phase-eight-violet-vintage-floral-dress-dressh\">phase eight violet vintage floral dress</a> <a href=\"http://www.axxisdrilling.com/how-to-wear-a-floral-dress-at-night-dressh\">how to wear a floral dress at night</a> <a href=\"http://www.edannaturals.com/basler-three-quarter-sleeve-ruched-floral-print-dress-dressh\">basler three quarter sleeve ruched floral print dress</a> <a href=\"http://www.instabitgram.com/floral-dresses-midi-length-dressh\">floral dresses midi length</a>
+"""]]

one more todo
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 28fca6fc..3f388862 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -149,6 +149,7 @@ the gist of it is we need to implement:
  * `\[[link]]` and `\[[link|parser]]`, hard because we need to figure
    out pagespec? maybe [links and crossferences](https://gohugo.io/content-management/cross-references/) could save us, or
    maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls)
+ * incidentally, backslashed stuff like the above link stuff for example
  * table of contents could be a problem: Hugo only has [support
    through templates](https://gohugo.io/content-management/toc/#usage), not markup (or maybe shortcode would work?)
  * img directives (maybe [this works](https://gohugo.io/content-management/image-processing/)

try to fix markup
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 3e85448f..28fca6fc 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -146,7 +146,7 @@ the gist of it is we need to implement:
  * meta (in progress)
  * foo/ and foo.mdwn rename to foo/_index.mdwn (see also [page
    bundles](https://gohugo.io/content-management/page-bundles/) and [content organization](https://gohugo.io/content-management/organization/))
- * `[[link]]` and `[[link|parser]]`, hard because we need to figure
+ * `\[[link]]` and `\[[link|parser]]`, hard because we need to figure
    out pagespec? maybe [links and crossferences](https://gohugo.io/content-management/cross-references/) could save us, or
    maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls)
  * table of contents could be a problem: Hugo only has [support

more work
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 51f600f5..3e85448f 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -35,6 +35,8 @@ Hugo ultra short primer
  * `hugo serve` does that and serves on localhost, with autoreload
  * `hugo new` to post new stuff
 
+Maybe the [Emacs mode](https://github.com/masasam/emacs-easy-hugo) could be useful.
+
 Results
 =======
 
@@ -142,28 +144,36 @@ Tasks
 the gist of it is we need to implement:
 
  * meta (in progress)
- * foo/ and foo.mdwn rename to foo/_index.mdwn
- * `[[link]]` and `[[link|parser]]`, hard because we need to figure out pagespec?
- * toc
- * img
- * format (shortcodes?)
+ * foo/ and foo.mdwn rename to foo/_index.mdwn (see also [page
+   bundles](https://gohugo.io/content-management/page-bundles/) and [content organization](https://gohugo.io/content-management/organization/))
+ * `[[link]]` and `[[link|parser]]`, hard because we need to figure
+   out pagespec? maybe [links and crossferences](https://gohugo.io/content-management/cross-references/) could save us, or
+   maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls)
+ * table of contents could be a problem: Hugo only has [support
+   through templates](https://gohugo.io/content-management/toc/#usage), not markup (or maybe shortcode would work?)
+ * img directives (maybe [this works](https://gohugo.io/content-management/image-processing/)
+ * format (shortcodes? or [syntax hilighting](https://gohugo.io/content-management/syntax-highlighting/))
  * shortcodes ([dokuwiki converter](https://github.com/wgroeneveld/dokuwiki-to-hugo) also suggests using shortcodes for interwiki)
  * admonitions (same as shortcode?)
  * switch to a branch before making changes?
 
 structural elements needing more thinking:
 
- * consider lektor and pelican and [zola](https://www.getzola.org/)
-   and what else
+ * consider lektor and pelican and [zola](https://www.getzola.org/) and what else (watch out
+   for pelican, another user reports that, with caching, generating a
+   500 page site takes 30 seconds, 2 minutes without caching)
+   ([comparison site](https://www.staticgen.com/), [another](https://staticsitegenerators.net/), and [another](https://www.staticsitegenerator.net/))
+ * [RSS](https://gohugo.io/templates/rss/)
  * frontpage and blog structure (`inline`)
  * same with `map` and `orphan` pages
- * comments
- * tags
+ * [comments](https://gohugo.io/content-management/comments/#readout)
+ * tags (AKA [taxonomies](https://gohugo.io/content-management/taxonomies) in Hugo parlance)
  * 550 non-page files?
  * git-annex stuff
  * a good theme
- * sidebar
+ * sidebar (maybe see [sections](https://gohugo.io/content-management/sections/))
  * blog posts outside of `blog/`
+ * [search](https://gohugo.io/tools/search/)
 
 will be converted by hand:
 
@@ -182,6 +192,7 @@ Other converters
  * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
  * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)
+ * [Upstream list of converters](https://gohugo.io/tools/migrations/)
 
 Why
 ===

moar
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index babf2480..51f600f5 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -153,7 +153,8 @@ the gist of it is we need to implement:
 
 structural elements needing more thinking:
 
- * consider lektor and pelican
+ * consider lektor and pelican and [zola](https://www.getzola.org/)
+   and what else
  * frontpage and blog structure (`inline`)
  * same with `map` and `orphan` pages
  * comments
@@ -162,6 +163,7 @@ structural elements needing more thinking:
  * git-annex stuff
  * a good theme
  * sidebar
+ * blog posts outside of `blog/`
 
 will be converted by hand:
 
@@ -180,3 +182,17 @@ Other converters
  * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
  * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)
+
+Why
+===
+
+ * too slow: ikiwiki takes 30 seconds to refresh even a single page
+ * hard to maintain: my patches to ikiwiki are still not merged and it
+   makes upgrades painful
+ * hard to deploy: it's difficult to tell people to use ikiwiki
+   because it's really hard to install and deploy a new wiki... i had
+   to use ikiwiki-hosting and that just adds another layer of
+   complexity
+ * unusual templating engine: Perl's templates may have been great at
+   some point, but they are definitely showing their age
+   now. something more standard like Jinja or Golang templates

link to previous notes
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 72ac1a86..babf2480 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -179,3 +179,4 @@ Other converters
 
  * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
+ * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)

mention another implementation of this
diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile
index 370059b5..a3a985e1 100644
--- a/.well-known/openpgpkey/Makefile
+++ b/.well-known/openpgpkey/Makefile
@@ -3,4 +3,5 @@
 ADDRESS=anarcat@debian.org
 
 hu:
+	echo "Consider switching to weasel's version in https://kushaldas.in/posts/setting-up-wkd.html"
 	generate-openpgpkey-hu-3 --address $(ADDRESS) --exist-ok

ikiwiki conversion notes
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
new file mode 100644
index 00000000..72ac1a86
--- /dev/null
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -0,0 +1,181 @@
+[[!meta title="Ikiwiki to Hugo conversion notes"]]
+
+I had to rename all files, and move stuff into `content/`, then things
+started generally working "working" (as in "breaking").
+
+I had to clone a theme, the quickstart suggest:
+
+    git submodule add https://github.com/budparr/gohugo-theme-ananke.git themes/ananke
+
+Then I had a failure to parse comments:
+
+    Error: Error building site: "/home/anarcat/wikis/anarc.at/content/blog/2013-02-04-why-i-dont-pulseaudio.md:2:1": starting HTML comment with no end
+
+Workaround, delete all comments:
+
+    505  2019-07-18 17:22:08 grep -l -r -- '<!--' * | grep -e comment  -e '\.md$'  | xargs  sed -i '/<!--/d'
+
+Long term solution might be to [convert to shortcodes](https://discourse.gohugo.io/t/internal-comment-shortcode/6694/2).
+
+I also tried:
+
+    607  2019-07-18 17:11:55 grep -l -r -- '-->$' * | grep -e comment  -e '\.md$'
+    608  2019-07-18 17:12:15 grep -l -r -- '-->$' * | grep -e comment  -e '\.md$' -0 | xargs -0 sed -i 's/-->$/!-->/'
+    609  2019-07-18 17:12:23 grep -l -r -- '-->$' * | grep -e comment  -e '\.md$'  | xargs  sed -i 's/-->$/!-->/'
+
+Another failure is when it finds an HTML file with an unquoted `href`
+argument (e.g. `hardware/phone/htc-one-s/apps.html`).
+
+Hugo ultra short primer
+=======================
+
+ * `apt install hugo` - available in Debian, also there's a newer
+   version in unstable
+ * `hugo` builds stuff
+ * `hugo serve` does that and serves on localhost, with autoreload
+ * `hugo new` to post new stuff
+
+Results
+=======
+
+Result of running hugo build after the renames:
+
+                       | EN   
+    +------------------+-----+
+      Pages            | 734  
+      Paginator pages  |  63  
+      Non-page files   | 549  
+      Static files     |   3  
+      Processed images |   0  
+      Aliases          |  12  
+      Sitemaps         |   1  
+      Cleaned          |   0  
+
+Things generally look like crap:
+
+ * ikiwiki-specific links are not parsed
+ * no directives are parsed, so most content is broken
+ * links are broken
+ * blog posts are not sorted properly and generally look like crap as
+   well
+
+Inventory
+=========
+
+List of directives used in my wiki:
+
+    $ git grep -h '\[\[!' | sed 's/\[\[!/\n[[!/g' | grep '\[\[!' | sed 's/ .*//' | sort | uniq -c | sort -n
+          1 [[!bibtex2html
+    ^ convert by hand
+          1 [[!orphans
+    ^ only in services?
+          1 [[!osm]]
+    ^ false positive, in software/ikiwiki-osm
+          1 [[!toggle
+    ^ in blog, convert by hand
+          1 [[!toggleable
+    ^ same
+          1 [[!wiki
+    ^ shortcode, probably to wikipedia, or an error
+          2 [[!debss
+    ^ shortcode, false positive (in shortcuts)
+          2 [[!google
+    ^ same
+          2 [[!if
+    ^ ikiwiki internal stuff (shortcuts, recentchanges)
+          2 [[!pagestats
+    ^ in tags and monthly reports
+          3 [[!rfc
+    ^ shortcode
+          3 [[!warning
+    ^ admonition
+          3 [[!waypoint
+    ^ false positive, see osm above
+          5 [[!debmsg
+    ^ shortcode
+          5 [[!debwiki
+    ^ shortcode
+          6 [[!important
+    ^ admonition
+          7 [[!man
+    ^ shortcode
+          8 [[!map
+    ^ IMPORTANT, need to figure it out
+          8 [[!note
+    ^ admonition
+          9 [[!tip
+    ^ admonition
+         16 [[!toc]]
+    ^ IMPORTANT, need to figure it out
+         18 [[!img
+    ^ IMPORTANT, need to figure it out
+         22 [[!color
+    ^ services table, rebuild by hand
+         26 [[!iki
+    ^ shortcodes?
+         50 [[!format
+    ^ IMPORTANT, need to figure it out
+         55 [[!shortcut
+    ^ shortcode, false positive (in shortcuts)
+         72 [[!wikipedia
+    ^ shortcode
+         96 [[!toc
+    ^ IMPORTANT, need to figure it out (see aboev)
+        109 [[!debcve
+    ^ shortcode
+        115 [[!debbug
+    ^ shortcode
+        142 [[!debpkg
+    ^ shortcode
+        268 [[!inline
+    mostly used in frontpage and blog, need to figure out
+        335 [[!tag
+    ^ IMPORTANT, need to figure it out
+        358 [[!comment
+    ^ IMPORTANT, need to figure it out
+       1254 [[!meta
+    ^ IMPORTANT, need to figure it out
+
+Tasks
+=====
+
+the gist of it is we need to implement:
+
+ * meta (in progress)
+ * foo/ and foo.mdwn rename to foo/_index.mdwn
+ * `[[link]]` and `[[link|parser]]`, hard because we need to figure out pagespec?
+ * toc
+ * img
+ * format (shortcodes?)
+ * shortcodes ([dokuwiki converter](https://github.com/wgroeneveld/dokuwiki-to-hugo) also suggests using shortcodes for interwiki)
+ * admonitions (same as shortcode?)
+ * switch to a branch before making changes?
+
+structural elements needing more thinking:
+
+ * consider lektor and pelican
+ * frontpage and blog structure (`inline`)
+ * same with `map` and `orphan` pages
+ * comments
+ * tags
+ * 550 non-page files?
+ * git-annex stuff
+ * a good theme
+ * sidebar
+
+will be converted by hand:
+
+ * services table (color)
+ * bibtex
+ * toggle in blog
+ * pagestats in tags and monthly reports tagr
+ * openid.mdwn redirect
+ * `meta` redirections
+
+Work is ongoing in this [conversion script](https://gitlab.com/anarcat/scripts/blob/master/ikiwiki2hugo.py).
+
+Other converters
+================
+
+ * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
+ * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)

fix link to makefile, add fr
diff --git a/contact.mdwn b/contact.mdwn
index 0fdd3ef2..1891219e 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -8,6 +8,13 @@ Vous pouvez également encrypter vos messages avec cette
 [clef PGP](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe). Notez que
 [j'ai changé de clef](../pgp_transition.txt) en 2009.
 
+> Note: vous pouvez également retrouver ma clé avec le protocole WKD:
+>
+>     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
+>
+> Voir ce [makefile](../.well-known/openpgpkey/Makefile) pour plus
+> d'informations sur le comment de la chose.
+
 Les articles de blog acceptent les commentaires, mais sont sujet à
 modération et contrôles anti-spam.
 
@@ -28,7 +35,7 @@ available on key servers and the [Web Key Discover protocol](https://keyserver.m
 >
 >     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
 >
-> See the [[makefile|../.well-known/openpgpkey/Makefile]] for more
+> See the [makefile](../.well-known/openpgpkey/Makefile) for more
 > information on how this was built.
 
 Blog articles accept comments, but are subjected to moderation and

diff --git a/contact.mdwn b/contact.mdwn
index 3082e324..0fdd3ef2 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -28,7 +28,7 @@ available on key servers and the [Web Key Discover protocol](https://keyserver.m
 >
 >     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
 >
-> See the [[makefile|.well-known/openpgpkey/Makefile]] for more
+> See the [[makefile|../.well-known/openpgpkey/Makefile]] for more
 > information on how this was built.
 
 Blog articles accept comments, but are subjected to moderation and

link to makefile and show how to use WKD
diff --git a/contact.mdwn b/contact.mdwn
index 94d9f0c6..3082e324 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -24,5 +24,12 @@ You can also encrypt your messages with this [PGP key](../.well-known/openpgpkey
 available on key servers and the [Web Key Discover protocol](https://keyserver.mattrude.com/guides/web-key-directory/)
 (WKD). Note that I [changed key](../pgp_transition.txt) in 2009.
 
+> Note: this uses the WKD protocol, so you can also fetch my key with:
+>
+>     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
+>
+> See the [[makefile|.well-known/openpgpkey/Makefile]] for more
+> information on how this was built.
+
 Blog articles accept comments, but are subjected to moderation and
 anti-spam filtering.

fix broken link to project ara
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 25ce0154..f810801c 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -510,7 +510,9 @@ Phoneblocks
 
 [[!wikipedia Phonebloks]] is the idea of a modular phone that could be easily fixable and field-upgradable. It was turned into a [discussion forum](https://phonebloks.com/) around 2013 by Motorola and Google in favor of their [[!wikipedia Project Ara]] scheduled for release in January 2015.
 
-Here's a [pretty homepage](http://www.projectara.com/) while we wait for something to actually happen.
+Here's a [pretty homepage](http://www.projectara.com/) (site dead, [archive](http://web.archive.org/web/20170329161342/https://atap.google.com/ara/) while we wait for something to actually happen.
+
+Update: project was [killed by Google](http://venturebeat.com/2017/01/10/inside-project-ara-googles-revolutionary-modular-phone/), like [so many others](https://killedbygoogle.com/).
 
 Puzzlephone
 -----------

mention that -H is expensive and the simpler, more obvious -a form
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 5a5304e2..0a7f4028 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -8,7 +8,18 @@ grep around this wiki and find other instances, which are never quite
 as good as what I've come up with with the help of my (new) colleague
 [weasel](https://www.palfrader.org/).
 
-The answer, *of course*, is the very intuitive:
+The common answer is "just use `-av`":
+
+    rsync -av A/ B/
+
+... but that has a few limitations:
+
+ * it shows every file transfered, which can overwhelm the terminal
+   for large transfers
+ * it won't transfer hardlinks, ACLs and other extended attributes
+ * it might break if `/etc/password` is not synchronized across hosts
+
+The answer, *of course*, is instead the very intuitive:
 
     rsync -PaSHAX --numeric-ids --info=progress2 A/ B/
 
@@ -30,6 +41,11 @@ Those flags mean:
             --numeric-ids           don't map uid/gid values by user/group name
         -c, --checksum              skip based on checksum, not mod-time & size
 
+<span/><div class="important">
+Keep in mind that `-H` is expensive, which is why it's not included in
+`-a` by default, as the manpage explains.
+</div>
+
 Unrolling some of those, this actually means:
 
         -r, --recursive             recurse into directories

add -S, thanks pabs!
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 54925960..5a5304e2 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -10,7 +10,7 @@ as good as what I've come up with with the help of my (new) colleague
 
 The answer, *of course*, is the very intuitive:
 
-    rsync -PHaAX --numeric-ids --info=progress2 A/ B/
+    rsync -PaSHAX --numeric-ids --info=progress2 A/ B/
 
 <span/><div class="note">
 If you don't trust the filesystem time and files sizes, also throw in
@@ -22,8 +22,9 @@ much slower. (A better hashing algorithm could be [SHA-2](https://en.wikipedia.o
 Those flags mean:
 
         -P                          same as --partial --progress
-        -H, --hard-links            preserve hard links
         -a, --archive               archive mode; equals -rlptgoD (no -H,-A,-X)
+        -S, --sparse                turn sequences of nulls into sparse blocks
+        -H, --hard-links            preserve hard links
         -A, --acls                  preserve ACLs (implies -p)
         -X, --xattrs                preserve extended attributes
             --numeric-ids           don't map uid/gid values by user/group name
@@ -74,9 +75,9 @@ test suite, against, interestingly, rsync. Indeed, [bup](https://github.com/bup/
 rsync](https://github.com/bup/bup/blob/master/t/compare-trees) to check that the files it restores are identical to the
 original. They use the also super-intuitive `-niaHAX` (maybe with
 `-c`), which I find slightly less intuitive than *my* ordering, which
-sounds like "fax".
+sounds like <del>"fax"</del>[pacha](https://fr.wikipedia.org/wiki/Pacha_(titre)) in french.
 
-So there you go. `-PHaAX` is now your new best friend. And don't
+So there you go. `-PaSHAX` is now your new best friend. And don't
 forget the *obvious* `--numeric-ids` (and not `uids`, they talk
 about groups too) and `--info=progress2` (*grrr*) and *maybe*
 `--checksum` if you're nostalgic about the good old MD5 days.
diff --git a/blog/2019-07-07-rsync-oneliner/comment_1_3c79d3ec5dcf8ebda4e57d193c453891._comment b/blog/2019-07-07-rsync-oneliner/comment_1_3c79d3ec5dcf8ebda4e57d193c453891._comment
new file mode 100644
index 00000000..4b33cd18
--- /dev/null
+++ b/blog/2019-07-07-rsync-oneliner/comment_1_3c79d3ec5dcf8ebda4e57d193c453891._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""update: added -S"""
+ date="2019-07-08T14:14:15Z"
+ content="""
+On [pabs](https://bonedaddy.net/pabs3/)'s recommendation, I also added -S, changing the acronym from "fax" (`-PHaAX`) to "pacha(x)" (`-PaSHAX`) which still sounds good *and* is a better mapping to the transliteration...
+"""]]

lowercase weasel
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index dc1b04b1..54925960 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -6,7 +6,7 @@ forgetting the answer to "what if I really want to just transfer
 words, I basically *never* go there to find the answer and instead
 grep around this wiki and find other instances, which are never quite
 as good as what I've come up with with the help of my (new) colleague
-Weasel.
+[weasel](https://www.palfrader.org/).
 
 The answer, *of course*, is the very intuitive:
 

better link
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 41bf16e6..dc1b04b1 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -106,7 +106,7 @@ They ommitted, obviously, that this is also identical:
     rsync -av /src/foo/ /dest/foo/
 
 At this point, I would understand if you want to throw the "fine
-manual" out the window and [yell](https://www.youtube.com/watch?v=rGIY5Vyj4YM).
+manual" out the window and [yell like crazy](https://www.youtube.com/watch?v=ZwMVMbmQBug).
 </div>
 
 [[!tag documentation unix history backup archive]]

ah, and obviously...
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 5ea90b96..41bf16e6 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -81,4 +81,32 @@ forget the *obvious* `--numeric-ids` (and not `uids`, they talk
 about groups too) and `--info=progress2` (*grrr*) and *maybe*
 `--checksum` if you're nostalgic about the good old MD5 days.
 
+<span/><div class="important">
+Notice the trailing slashes at the end of `A/` and `B/`. Those,
+stupidly, matter to rsync. This is one of the most confusing things
+about rsync and I have gotten around that problem by *always*
+specifying a trailing slash to *both* arguments, which gives a
+consistent experience all the time. But, if you want to know all the
+nasty details, try to figure out this bit:
+
+> A trailing slash on the source changes this behavior to avoid
+> creating an additional directory level at the destination. You can
+> think of a trailing / on a source as meaning "copy the contents of
+> this directory" as opposed to "copy the directory by name", but in
+> both cases the attributes of the containing directory are
+> transferred to the containing directory on the destination. In other
+> words, each of the following commands copies the files in the same
+> way, including their setting of the attributes of /dest/foo:
+>
+>     rsync -av /src/foo /dest
+>     rsync -av /src/foo/ /dest/foo
+
+They ommitted, obviously, that this is also identical:
+
+    rsync -av /src/foo/ /dest/foo/
+
+At this point, I would understand if you want to throw the "fine
+manual" out the window and [yell](https://www.youtube.com/watch?v=rGIY5Vyj4YM).
+</div>
+
 [[!tag documentation unix history backup archive]]

fix markup
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 584f2995..5ea90b96 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -12,7 +12,7 @@ The answer, *of course*, is the very intuitive:
 
     rsync -PHaAX --numeric-ids --info=progress2 A/ B/
 
-<span /><div class="note>
+<span/><div class="note">
 If you don't trust the filesystem time and files sizes, also throw in
 `-c` to do a ([MD5!?](https://en.wikipedia.org/wiki/MD5#Security)) checksum of the files instead, but that's
 much slower. (A better hashing algorithm could be [SHA-2](https://en.wikipedia.org/wiki/SHA-2) or

creating tag page tag/unix
diff --git a/tag/unix.mdwn b/tag/unix.mdwn
new file mode 100644
index 00000000..9276f8a0
--- /dev/null
+++ b/tag/unix.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged unix"]]
+
+[[!inline pages="tagged(unix)" actions="no" archive="yes"
+feedshow=10]]

a study on the rsync commandline
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
new file mode 100644
index 00000000..584f2995
--- /dev/null
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -0,0 +1,84 @@
+[[!meta title="rsync oneliner: a study of a complex commandline"]]
+
+It seems silly to make a blog post about this, but I keep on
+forgetting the answer to "what if I really want to just transfer
+*EVERYTHING* with rsync?". Since the [rsync(1) manpage](http://manpages.debian.org/rsync) is 28,000
+words, I basically *never* go there to find the answer and instead
+grep around this wiki and find other instances, which are never quite
+as good as what I've come up with with the help of my (new) colleague
+Weasel.
+
+The answer, *of course*, is the very intuitive:
+
+    rsync -PHaAX --numeric-ids --info=progress2 A/ B/
+
+<span /><div class="note>
+If you don't trust the filesystem time and files sizes, also throw in
+`-c` to do a ([MD5!?](https://en.wikipedia.org/wiki/MD5#Security)) checksum of the files instead, but that's
+much slower. (A better hashing algorithm could be [SHA-2](https://en.wikipedia.org/wiki/SHA-2) or
+[Meow](https://mollyrocket.com/meowhash), obviously.)
+</div>
+
+Those flags mean:
+
+        -P                          same as --partial --progress
+        -H, --hard-links            preserve hard links
+        -a, --archive               archive mode; equals -rlptgoD (no -H,-A,-X)
+        -A, --acls                  preserve ACLs (implies -p)
+        -X, --xattrs                preserve extended attributes
+            --numeric-ids           don't map uid/gid values by user/group name
+        -c, --checksum              skip based on checksum, not mod-time & size
+
+Unrolling some of those, this actually means:
+
+        -r, --recursive             recurse into directories
+        -l, --links                 copy symlinks as symlinks
+        -p, --perms                 preserve permissions
+        -t, --times                 preserve modification times
+        -g, --group                 preserve group
+        -o, --owner                 preserve owner (super-user only)
+        -D                          same as --devices --specials
+            --partial               keep partially transferred files
+            --progress              show progress during transfer
+
+And yes, we need to unroll this *again*:
+
+            --devices               preserve device files (super-user only)
+            --specials              preserve special files
+
+The `--numeric-ids` parameter is really relevant only when you archive
+files across servers that might not share the same UID space. This is
+especially important when restoring from backups because you might be
+creating `/etc/passwd` along the way (!).
+
+The last bit, `--info=progress2` is not directly documented in the
+manpage, at least not in the `--info` section. Strangely, there's some
+information in the `-P` flag where it says:
+
+    outputs statistics based on the whole transfer, rather than
+    individual files.
+
+I found this was extremely useful during large transfers because, by
+default, `-P` (or, more specifically, `--progress`) shows progress for
+*each* individual file. That's fine if you transfer large files, but
+for large *transfers* (with a large *number* of files), that's much
+less useful and possibly incredibly noisy. `--info=progress2`,
+according to `--info=help`, does instead:
+
+    PROGRESS   Mention 1) per-file progress or 2) total transfer progress
+
+... which I admit is not much clearer.
+
+Note that this is similar to how at least one backup system runs its
+test suite, against, interestingly, rsync. Indeed, [bup](https://github.com/bup/bup/) [uses
+rsync](https://github.com/bup/bup/blob/master/t/compare-trees) to check that the files it restores are identical to the
+original. They use the also super-intuitive `-niaHAX` (maybe with
+`-c`), which I find slightly less intuitive than *my* ordering, which
+sounds like "fax".
+
+So there you go. `-PHaAX` is now your new best friend. And don't
+forget the *obvious* `--numeric-ids` (and not `uids`, they talk
+about groups too) and `--info=progress2` (*grrr*) and *maybe*
+`--checksum` if you're nostalgic about the good old MD5 days.
+
+[[!tag documentation unix history backup archive]]

frigging fedex charged me 260$ for shipping for this thing, outrageous
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 4e92c0a8..4ad552c2 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -183,6 +183,15 @@ getting an actual working laptop. FedEx even charged me for the return
 even though Purism actually issued a shipping label, something I still
 haven't quite resolved.
 
+Update: I ended up paying over 260$ in shipping fees to Fedex, in the
+end. I first paid around 70$ for the first laptop sent, then Fedex
+sent me *another* 200$ bill for the *second* laptop. Purism were
+unable to help me with this issue and Fedex has been totally useless
+as well. I've tried to reach to both organizations to get around those
+fees but the time wasted waiting on hold and support has outgrown the
+possible savings I could to by not paying the damn bill, so I just
+paid it now.
+
 Bright LEDs, not accessible when lid closed
 -------------------------------------------
 

d'autres trucs de la famille qui voyage autour du monde
diff --git a/pleinair/liste.mdwn b/pleinair/liste.mdwn
index fc304d24..e755cd79 100644
--- a/pleinair/liste.mdwn
+++ b/pleinair/liste.mdwn
@@ -184,6 +184,8 @@ toujours retourner sur l'ordinateur.
  * Peigne
  * Rasoir
  * Capotes
+ * Détergent
+ * Corde à linge
 
 ## Vêtements
 
@@ -214,6 +216,7 @@ toujours retourner sur l'ordinateur.
  * Tuque
  * Guêtres
  * Gants
+ * Gants de construction
  * Mitaines et sous-mitaines
  * Foulard / Masque facial / Cache-cou
  * Filet anti-moustique
@@ -295,7 +298,7 @@ Médicaments:
  [Loperamide]: https://en.wikipedia.org/wiki/Loperamide
  [Loratadine]: https://en.wikipedia.org/wiki/Loratadine
  [Épinéphrine]: https://en.wikipedia.org/wiki/Epinephrine
- [discussion sur wikipedia]: https://en.wikipedia.org/wiki/Talk:Anaphylaxis#contradiction_with_Benadryl_.2F_Diphenhydramine_article
+ [discussion sur wikipedia]: https://en.wikipedia.org/wiki/Talk:Anaphylaxis#Preferred_post-epipen_medication?
 
 ## Notes
 
@@ -365,6 +368,7 @@ Les différentes sources qui a permis de créer cette page.
  * [Liste pour un voyage de canot-camping avec 2 jours d'approche en vélo][]
  * [Équipement requis de Alexhike.com][]
  * [Trousse d'urgence du MSPQ][]
+ * [Our Around the World Packing List][]
 
  [Liste personnelle de Antoine]: https://anarc.at/pleinair/liste/
  [SuperOli]: https://wiki.koumbit.net/SuperOli
@@ -375,3 +379,4 @@ Les différentes sources qui a permis de créer cette page.
  [Équipement requis de Alexhike.com]: http://www.alexhike.com/informer/equipements-requis/
  [Liste pour un voyage de canot-camping avec 2 jours d'approche en vélo]: https://wiki.koumbit.net/PleinAir/ListeCanotCamping
  [Trousse d'urgence du MSPQ]: https://www.securitepublique.gouv.qc.ca/securite-civile/se-preparer-aux-sinistres/plan-familial-1/trousse-urgence.html
+ [Our Around the World Packing List]: https://www.earthtrekkers.com/around-the-world-packing-list/

removed
diff --git a/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment b/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
deleted file mode 100644
index c4bf8d5a..00000000
--- a/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
+++ /dev/null
@@ -1,11 +0,0 @@
-[[!comment format=creole
- ip="5.188.210.5"
- claimedauthor="w3u6x6o1"
- url="https://buyessayy.us/"
- subject="where to buy essays  nltx"
- date="2019-07-01T21:25:43Z"
- content="""
-<a href=\" https://buyessayy.us/ \">where can i buy an essay online</a>, buy essay paper 
-buy pre written essays - <a href=\" https://buyessayy.us/ \">buy essays cheap</a> 
-https://buyessayy.us/
-"""]]

Added a comment: where to buy essays nltx
diff --git a/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment b/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
new file mode 100644
index 00000000..c4bf8d5a
--- /dev/null
+++ b/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
@@ -0,0 +1,11 @@
+[[!comment format=creole
+ ip="5.188.210.5"
+ claimedauthor="w3u6x6o1"
+ url="https://buyessayy.us/"
+ subject="where to buy essays  nltx"
+ date="2019-07-01T21:25:43Z"
+ content="""
+<a href=\" https://buyessayy.us/ \">where can i buy an essay online</a>, buy essay paper 
+buy pre written essays - <a href=\" https://buyessayy.us/ \">buy essays cheap</a> 
+https://buyessayy.us/
+"""]]

one more time.
diff --git a/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment b/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
deleted file mode 100644
index 94d34971..00000000
--- a/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
+++ /dev/null
@@ -1,34 +0,0 @@
-[[!comment format=mdwn
- ip="201.178.247.43"
- claimedauthor="rick"
- subject="comment 3"
- date="2019-06-21T16:12:45Z"
- content="""
-Hi man,
-no worries about \"censorship\". This is your place and I'm commenting because you posted publicly something you are apparently open to discuss, and me too. So, much appreciate that you took the time to read and edit my text, which I didnt notice was so super long, and I apologize for that. 
-
-My core point was the one illustrated here: https://bloximages.newyork1.vip.townnews.com/newsadvance.com/content/tncms/assets/v3/editorial/3/2f/32fc6138-844c-11e7-8284-0f550f01a651/599741542513d.image.jpg?resize=1200%2C800
-
-I'm not saying \"censorship is wrong\" because I believe in defining boundaries (I would be close to the anarchist definition, but I believe that power \"struggle\" is unavoidable between humans, but power ultimately is conceded from the mind of those who recognize in other, -be the state, be a person, be a corpo- instead of the other way around. Also I dont like *-ism labels)
-
-I just think that censorship doesn't work. I'm talking about results. It hasn't made the world any better. The natzis were even physically defeated, and the history written afterwards made them look like the worst possible evil of all times. I'm not saying \"they are good\", I'm saying \"lets not be that ingenuous, there ALWAYS can be a worse evil\". 
-And here we are, almost year 2020 and still worried about them \"coming back\" (in case you didnt, I recommend you to watch the movie \"Look Who's back\")
-
-Fascist movements (right wing, left wing, religious, whatever) are a symptomes of deeper societal diseases. Lets move on and fight the causes, not the symptoms.
-
-Everyone nowadays seems to think that censoring what they think is wrong, is the solution. Nazis would gladly censor their criticisms. Anti-nazis want to censor nazis. Some feminists wants to censor gender-roles biased content. Some masculinists want to censor feminism. Conservatives want to censor liberals. Science supporters want to censor pseudo-science fans. All of then want to censor \"to protect others from those dangerous opinions!\"
-The only effective outcome for censorship is the \"Straissand effect\" , where trying to hide something actually brings it up to the spotlight. 
-
-My theory is that many young folks -and not so younger- are becoming \"neonazis\" because in perspective you can see nazis as \"victims\", so it's rebellious and politically incorrect to take that stance. That's attractive for inexperienced minds. If something is politically correct in a society you dont feel like you belong, then it's easy to tempt you into something politically incorrect, if selled it properly. That's why fascism and right wing have so much success, they appeal to collective unconsciousness, massive gut feelings.
-
-So are those kids dangerous murderers? 
-They may be wrong from our point of view but they think theirs is _the_ good way. They deny the killings and say \"if news today are fake, of course history can be fake too\". 
-We have to admit  that ultimately, \"knowing the history\" constitutes an act of faith. We pick the version that best matches the idea we want to justify.
-
-Let's not forget that the human being, is not entirely rational. We are mis-educated in a way that first you have and opinion, THEN look for any argument to support it (and avoid any argument that challenge it, because hey, who likes to be intellectualy challenged in this culture of constant self-validation and inmediate satisfaction?). The opinions have root in people's feelings and internet and the media provide enough \"fuel\" to feed any opinion you already have. That's what personalized feeds like FB are doing, giving you what you need to volume up your internal echo-chamber. Then any belief contrary to your own will make you angry and want it silenced. 
-
-The words \"Divide et impera\" are so true today where divisions are each day more individualized, through internet and \"smart\"phones.
-
-In my opinion, if there's something to fight, is that. Truth today is irrelevant, sadly. People ultimately act motivated on feelings, often not very rational. And hate speech may come from any ideology. And utlimately words and opinions dont change nothing. Only actions. You can't blame the \"leader\" because he wouldnt be a leader if no one followed.
-
-"""]]
diff --git a/blog/2019-05-13-free-speech/comment_3_8bde3225985bfb8d5540130d2af6d65f._comment b/blog/2019-05-13-free-speech/comment_3_8bde3225985bfb8d5540130d2af6d65f._comment
new file mode 100644
index 00000000..8df008ff
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_3_8bde3225985bfb8d5540130d2af6d65f._comment
@@ -0,0 +1,40 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""comment 3"""
+ date="2019-06-21T16:20:10Z"
+ content="""
+
+> I just think that censorship doesn't work. 
+
+If it doesn't work, why worry about it? Why did nazis and stalinists and americans use it copiously when they needed to? Why does the US propaganda machine work so well when "ideas do not matter"?
+
+> The words "Divide et impera" are so true today where divisions are each day more individualized, through internet and "smart"phones.
+>
+> In my opinion, if there's something to fight, is that. 
+
+That's your opinion. I believe in a diversity of tactics and while you can punch a nazi in the face, you can also silence their speech. SO many options.
+
+> We have to admit that ultimately, "knowing the history" constitutes an act of faith. We pick the version that best matches the idea we want to justify.
+
+No. History is a science like many others, and it's based on verifiable facts and observations. There is such a thing.
+
+> Truth today is irrelevant, sadly. 
+
+No. Truth is relevant, and we debate it every day. It's the entire point of speech, after all. "Truthers" and conspiracy theorist certainly care about "truth" anyways, even if they have a blatant disregard for basic facts and can't accept reality.
+
+> People ultimately act motivated on feelings, often not very rational.
+
+No, no, and no! While, ultimately, you might be able to say that there's no free will and everything is irrational, we have to behave like we are rational beings. That's one of the cornerstone of living together.
+
+Otherwise we just go to war all the time, because there's no point arguing.
+
+> And hate speech may come from any ideology.
+
+I strongly agree with that assertion. I don't see how anarchism or liberation theology lead to hate speech, to pick somewhat unrelated examples.
+
+> And utlimately words and opinions dont change nothing. Only actions. 
+
+If that would be true, you wouldn't have come back here to put more words.
+
+I have also removed your last post, because it was, again, too long. For what it's worth, it's still availabld in the history of this wiki anyways. :p
+"""]]

Added a comment
diff --git a/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment b/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
new file mode 100644
index 00000000..94d34971
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
@@ -0,0 +1,34 @@
+[[!comment format=mdwn
+ ip="201.178.247.43"
+ claimedauthor="rick"
+ subject="comment 3"
+ date="2019-06-21T16:12:45Z"
+ content="""
+Hi man,
+no worries about \"censorship\". This is your place and I'm commenting because you posted publicly something you are apparently open to discuss, and me too. So, much appreciate that you took the time to read and edit my text, which I didnt notice was so super long, and I apologize for that. 
+
+My core point was the one illustrated here: https://bloximages.newyork1.vip.townnews.com/newsadvance.com/content/tncms/assets/v3/editorial/3/2f/32fc6138-844c-11e7-8284-0f550f01a651/599741542513d.image.jpg?resize=1200%2C800
+
+I'm not saying \"censorship is wrong\" because I believe in defining boundaries (I would be close to the anarchist definition, but I believe that power \"struggle\" is unavoidable between humans, but power ultimately is conceded from the mind of those who recognize in other, -be the state, be a person, be a corpo- instead of the other way around. Also I dont like *-ism labels)
+
+I just think that censorship doesn't work. I'm talking about results. It hasn't made the world any better. The natzis were even physically defeated, and the history written afterwards made them look like the worst possible evil of all times. I'm not saying \"they are good\", I'm saying \"lets not be that ingenuous, there ALWAYS can be a worse evil\". 
+And here we are, almost year 2020 and still worried about them \"coming back\" (in case you didnt, I recommend you to watch the movie \"Look Who's back\")
+
+Fascist movements (right wing, left wing, religious, whatever) are a symptomes of deeper societal diseases. Lets move on and fight the causes, not the symptoms.
+
+Everyone nowadays seems to think that censoring what they think is wrong, is the solution. Nazis would gladly censor their criticisms. Anti-nazis want to censor nazis. Some feminists wants to censor gender-roles biased content. Some masculinists want to censor feminism. Conservatives want to censor liberals. Science supporters want to censor pseudo-science fans. All of then want to censor \"to protect others from those dangerous opinions!\"
+The only effective outcome for censorship is the \"Straissand effect\" , where trying to hide something actually brings it up to the spotlight. 
+
+My theory is that many young folks -and not so younger- are becoming \"neonazis\" because in perspective you can see nazis as \"victims\", so it's rebellious and politically incorrect to take that stance. That's attractive for inexperienced minds. If something is politically correct in a society you dont feel like you belong, then it's easy to tempt you into something politically incorrect, if selled it properly. That's why fascism and right wing have so much success, they appeal to collective unconsciousness, massive gut feelings.
+
+So are those kids dangerous murderers? 
+They may be wrong from our point of view but they think theirs is _the_ good way. They deny the killings and say \"if news today are fake, of course history can be fake too\". 
+We have to admit  that ultimately, \"knowing the history\" constitutes an act of faith. We pick the version that best matches the idea we want to justify.
+
+Let's not forget that the human being, is not entirely rational. We are mis-educated in a way that first you have and opinion, THEN look for any argument to support it (and avoid any argument that challenge it, because hey, who likes to be intellectualy challenged in this culture of constant self-validation and inmediate satisfaction?). The opinions have root in people's feelings and internet and the media provide enough \"fuel\" to feed any opinion you already have. That's what personalized feeds like FB are doing, giving you what you need to volume up your internal echo-chamber. Then any belief contrary to your own will make you angry and want it silenced. 
+
+The words \"Divide et impera\" are so true today where divisions are each day more individualized, through internet and \"smart\"phones.
+
+In my opinion, if there's something to fight, is that. Truth today is irrelevant, sadly. People ultimately act motivated on feelings, often not very rational. And hate speech may come from any ideology. And utlimately words and opinions dont change nothing. Only actions. You can't blame the \"leader\" because he wouldnt be a leader if no one followed.
+
+"""]]

yolo
diff --git a/services/usbguard.mdwn b/services/usbguard.mdwn
index 1bd198a6..f2d57fe7 100644
--- a/services/usbguard.mdwn
+++ b/services/usbguard.mdwn
@@ -1,4 +1,11 @@
-TL;DR:
+install intel platform key, then reboot, then `--enable-validation`,
+which prompts for a passphrase that will then be required to disable
+validation in the future.
+
+requires way more work to be effective, because right now can be
+bypassed in the bios or grub?
+
+usbguard TL;DR:
 
     sudo apt-get install usbguard usbguard-applet-qt &&
     : populate the policy with the currently connected USB devices &&

summary docs on usbguard
diff --git a/services/usbguard.mdwn b/services/usbguard.mdwn
new file mode 100644
index 00000000..1bd198a6
--- /dev/null
+++ b/services/usbguard.mdwn
@@ -0,0 +1,14 @@
+TL;DR:
+
+    sudo apt-get install usbguard usbguard-applet-qt &&
+    : populate the policy with the currently connected USB devices &&
+    sudo usbguard generate-policy | sudo tee -a /etc/usbguard/rules.conf &&
+    : allow the plugdev group to change policy
+    sudo sed -i '/IPCAllowedGroups=/s/$/ plugdev/' /etc/usbguard/usbguard-daemon.conf &&
+    : optionnally, set default policy to allow:
+    : sudo sed -i -e '/ImplicitPolicyTarget/s/=.*$/=allow/' -e '/PresentDevicePolicy/s/=.*$/=keep/' /etc/usbguard/usbguard-daemon.conf &&
+    sudo systemctl enable usbguard && 
+    sudo systemctl start usbguard &&
+    usbguard-applet-qt
+
+See [bug #928032](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928032#15), [PR #267](https://github.com/USBGuard/usbguard/pull/267#issuecomment-503795269) and [USBGuard homepage](https://usbguard.github.io/).

un autre interview, cette fois à Rad
diff --git a/communication.mdwn b/communication.mdwn
index 33f745b7..7180df9b 100644
--- a/communication.mdwn
+++ b/communication.mdwn
@@ -23,6 +23,9 @@ J'ai donné les interviews suivants, politico-techniques:
 
 <!-- todo: move to a .bib file and add good entries to CV -->
 
+ * sur la vie privée, à [Rad](https://www.rad.ca/dossier/controle-du-web/190/gafam-geant-web-donnees-experimentation) (Radio-Canada), été 2019
+ * sur la vie privée, pour le film documentaire [HAK_MTL](https://www.imdb.com/title/tt10353560/) de
+   Alexandre Sheldon, présenté au Cinéma du Parc au printemps 2019
  * sur la loi C-51, avec [les Alter Citoyens][],
    [The Law of the Land: Qui sont les terroristes?](http://lesaltercitoyens.com/?p=2454)
    ([lien youtube](https://youtu.be/cYiHxmFBZmo)), présenté au
@@ -40,6 +43,7 @@ J'ai donné les interviews suivants, politico-techniques:
  * au sujet de [Tor](http://torproject.org/), à [la radio de Radio-Canada](http://www.radio-canada.ca/emissions/desautels/2010-2011/chronique.asp?idChronique=139708&autoPlay=##commenter) ([[copie locale|blog/files/desautels201103091732_2.spx]]) et [la radio CBC](http://www.cbc.ca/daybreakmontreal/2011/03/hackers-who-help.html) ([[copie locale|blog/files/montrealdaybreak_20110307_46292.mp3]]) (mars 2011)
 
 [les Alter Citoyens]: http://lesaltercitoyens.com/
+
 J'ai participé plus régulièrement à l'émission "En Profondeur", version française de l'émission de nouvelles quotidienne "Off the hour", diffusée tous les lundis à 17h à CKUT, 90.3FM.
 
 Techniques:
@@ -63,7 +67,8 @@ Politiques
  * "Le réseau et vous" au Forum Ouvert de Communautique, [vidéo](https://www.youtube.com/watch?v=sQEoXr_sn7s), [présentation](https://gitlab.com/anarcat/koumbit/blob/master/conferences/infrastructure-internet/reseau-et-vous.html) (décembre 2010, Montréal)
  * "Infrastructure et internet", au cours "Informatique et société" de Stéphane Couture de l'UQAM (deux fois?), version longue de "Le réseau et vous", [présentation](https://gitlab.com/anarcat/koumbit/blob/master/conferences/infrastructure-internet/infrastructure-internet.html) (2008-2009, Montréal, basé sur une présentation de Lunar à Dijon)
 
-J'ai donné plusieurs fois des présentations devant des classes au CEGEP Maisonneuve (informatique) et à l'UQAM (communications) au sujet des logiciels libres et de la neutralité des réseaux.
+Je donne régulièrement des présentations à l'UQAM dans le département
+de communication comme présentateur invité.
 
 Techniques
 ----------

removed
diff --git a/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment b/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
deleted file mode 100644
index 3f4cac16..00000000
--- a/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
+++ /dev/null
@@ -1,62 +0,0 @@
-[[!comment format=mdwn
- ip="201.178.193.76"
- claimedauthor="rick"
- subject="comment 2"
- date="2019-06-18T05:32:29Z"
- content="""
-Hi!
-I will get a little polemic here, I think.
-I always find hard to believe in censorship, yes, even when it comes to \"the natzis\".
-
-There were always extreme ideas, just nowadays they are amplified by the internet phenomen where practically anyone can broadcast them as much as they like. 
-But they were always there. 
-
-What do we win by trying to silence them?
-We are acknoledging that, they are \"dangerous\", and may \"convince\" people?
-
-Well, the solution could never be censor them. Ideas only, are harmless. You would be surprised on how many \"good\" people still believe that the natzis were for a good cause, or that the US dropping atomic bombs was a \"lesser evil\". I dont share either view but I can understand people who hold them.
-
-But opinions have never changed the world. Only actions.
-Actions may be inspired by opinions, but the man who runs amok shooting 15 people, probably would have found any other idea to support his impulse to do it. 
-That behavior comes, I'd say, from something more emotional-related than from ideas or opinions. Of course, they will rationalize and use that ideas to say they're doing crazy shit for some \"noble cause\" or to feel like kind of heroes. 
-I could go full-conspironoic here and say that emotions are injected and amplified by the skilled in communications techniques (and with access to the means), through seemingly innocent content like advertising. Should we censor there, too?
-
-Let's remember the context of the nazism, a big part of population, was kind of angry, looking up to the politics to provide answers or solutions, then ideas starts to spread that the fault is of the jews, muslims, black, gays, whatever. 
-A charismatic, unapologetic and strong willed figure cant do much harm without convincing some masses. 
-What's the easiest way to buy to them? Knowing to read \"what they want\", kind of a \"herd feeling\". So: amplify what they already are starting to believe, in your favor. The dictator still needs some complicity from some part of the population, and they will fight the dissidence themselves. (See the spanish movie \"Lengua de las mariposas\")
-
-Violent people don't need the \"leader\" to say: \"go burn that church\", because they're already wanting to burn something, somebody. 
-Just get enough public exposure, deliver a \"rational\" message, mix with some fallacies to point in your favor, and you can get a mass to burn whoever you point to as the enemy. Would censoring you make things any better? No way. They will defend you as a victim and deepen their beliefs.
-
-So I think we should be growing a cultural context of \"I can read any idea, no matter how far it's from my own, and not feel it has any impact on me\". 
-Educate on the idea of questioning everything, submit to examination, not only those views that are different from mine, but also my own views. Always.
-Critical thinking. 
-That's the antidote against hate speech. Not attacking ideas based on pre-assumed truths.
-Many people dont know anything about the natzis, what happened, or why, still, are the first ones to fight against \"neo nazism\" and use \"nazi\" as an insult or desqualifier for ideas they don't like. Just like in the comic.
-
-People have commited crimes in the name of God. Should we ban God? People have commited crimes in the name of Love, should we ban Love? You get my point?
-Gasoline runs cars but I could burn a house with it. Knifes are for eating but I could hurt severely another person with one.
-
-We have to be smarter than that. Any platform provider should have any conditions they want, of course, so if I don't want to comply with it, I should simply look for another place. That's the idea of internet. But if we push for making every corner of the internet so politically correct as we think we are, we are missing the point. 
-
-And always remember that many of us hold ideas now that would have been censored and condemned in other time, or right now in some place of the world. Often with the same kind of arguments I hear from people today saying we should censor \"the natzis\", the trolls, the masculinists (whats wrong with them anyway?), the scum. The anti-vax, the flat-earthers. The pseudo-sciences.
-See a pattern? They are all considered by some as \"dangerous\", \"harmful\" .
-
-But we could also point many things that now are more socially accepted, that could be dangerous or harmful to some people.
-
-I'm not saying \"anything can be OK\" as those mythical posmarxists or whatever they call it in the comic. I'm saying there are different points of view on different subjects, some based more strongly than others, but what? are we punishing lack of inteligence, are we punishing lack of knowledge? So free speech only for the enlightened?
-
-\"Traditionalists\" feel specially like victims these days because so many \"progressive\" views (I dont like these terms, but I dont like \"right\" or \"left\" either) have become very politically correct. Too many people think they are something-ists only because that's the mainstream, but they dont really know what's it about.
-I can think of feminism as an example, but there are surely others.
-
-We should trascend all that paradigms. 
-Some think that we should \"go back\" to something that WAS good. They reject \"the new ways\"
-Some think we should \"go forward\" to something that WILL be good. They reject \"the old ways\"
-
-But there's a perennial paradigm, of taking what's \"good\", i.e., what really works for us, from either things we've already tried as from trying something new. Pragmatism. Leaving behind any -ism, because words often get attached to many meanings that weren't originally intended to, like a snow ball that grows on and on.
-
-I really like that quote that says \"opposing to something is perpetuating it\". If you want to fight, let's say, \"the natzis\" you NEED them to exist in order to fight them! So if you fight them you are keeping them real. If you don't want them to exist actually the only and best thing you can do is just act like they dont.
-
-Lets just focus on doing the right thing, whatever we think it is, OURSELVES instead of always be looking at what those fucking \"post marxist femi natzi terrorist christian scums\" (i.e. \"OTHERS\") are saying or doing!
-
-"""]]

Added a comment: i'm only going to do this once
diff --git a/blog/2019-05-13-free-speech/comment_3_a68c0fb889371e6fcfa58edb1d70b79e._comment b/blog/2019-05-13-free-speech/comment_3_a68c0fb889371e6fcfa58edb1d70b79e._comment
new file mode 100644
index 00000000..13d3f27e
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_3_a68c0fb889371e6fcfa58edb1d70b79e._comment
@@ -0,0 +1,108 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="i'm only going to do this once"
+ date="2019-06-18T13:27:20Z"
+ content="""
+So I was afraid this article would degenerate in a storm of awful comments. Instead I got one long one, not bad. But I won't go around explaining this a billion times, so here we go.
+
+> What do we win by trying to silence them?
+
+They are silenced. They stop existing publicly.
+
+> We are acknoledging that, they are \"dangerous\", and may \"convince\" people?
+
+Yes. They are dangerous.
+
+> I could go full-conspironoic here and say that emotions are injected and amplified by the skilled in communications techniques (and with access to the means), through seemingly innocent content like advertising. Should we censor there, too?
+
+Oh yes. Advertising (public relations, to be more precise)  is the word we found for \"propaganda\" but we were too afraid to use that because (oh yes) the Nazis were using it:
+
+> > When I came back to the United States, I decided that if you could use
+> > propaganda for war, you could certainly use it for peace. And
+> > \"propaganda\" got to be a bad word because of the Germans using it, so
+> > what I did was to try and find some other words so we found the words
+> > \"public relations\".      -- Edward Bernays
+
+> [People are upset.] What's the easiest way to buy to them?
+
+More Nazi propaganda.
+
+> Violent people don't need the \"leader\" to say: \"go burn that church\"[...]
+
+Sure they do. One way those leaders can do that effectively while still being acceptable to liberals (and how Hitler and Trump do it) is to shift the blame (\"there was violence on both sides\") and legitimize violence. They don't necessarily order the violence at first, but you can be sure that, at the critical moment, they *will* go burn down that immigrant center, ghetto or else. They rarely burn down churches, by the way, because the church is often the ally of fascist movements. That's what anarchists do, not fascists.
+
+> Would censoring you make things any better? 
+
+Yes, it will. 
+
+> \"I can read any idea, no matter how far it's from my own, and not feel it has any impact on me\"
+
+That is just false. The Cambridge Analytica scandal and the most massive social science/psychology researched (also performed at Facebook!) prove that masses can easily be manipulated through what they read, see and hear.
+
+> Critical thinking. That's the antidote against hate speech.
+
+So that's the argument that, ironically, was made to allow anarchists to express their anti-war views at the end of the 19th century, from what I understand.  Lots of liberals, naturally, were against the idea, arguing that their speech was too dangerous to be let out. The argument is that \"we should defeat them in the marketplace of idea\".
+
+I have come to disagree with this, as I explained in the article (poorly, it seems). Some speech is hateful and shouldn't be allowed. Many countries, including Canada, have laws against specifically hate speech. Why shouldn't communities have policies, code of conduct and practices against hate speech as well? Why leave speech for those people at all?
+
+If a douchebag comes to a party in my home and starts harassing people, should I \"debate him in the marketplace of ideas\"? No. Because that's not where the debate is held. I tried that, numerous times. What happens is you get punched in the face. So you overwhelmingly use your power (numbers) to kick those people out of your spaces.
+
+But I'll let Aamer Rahman speak, more eloquently that I ever code:
+
+https://www.youtube.com/watch?v=IKICKcMU3MU
+
+> Not attacking ideas based on pre-assumed truths. 
+
+You're venturing in dangerous territory here. What pre-assumed truths? That Nazis are violent, sexist, racist, dangerous murderers that created the holocaust which killed millions of people? This is not going to be questioned here.
+
+> People have commited crimes in the name of God. Should we ban God?
+
+God doesn't exist, so we can't ban it. We might consider banning organized religion, like Christianity. But considering the religious wars we have fought (and that's most wars, actually), we have reconsidered and instead established freedom of religion to try to fix that problem.
+
+> People have commited crimes in the name of Love, should we ban Love? 
+
+We should definitely ban abusive behavior in relationships, yet. Love is a different thing.
+
+> You get my point?
+
+Yes, you are making a [slippery slope](https://yourlogicalfallacyis.com/slippery-slope) argument.
+
+> We have to be smarter than that. Any platform provider should have any conditions they want, of course, so if I don't want to comply with it, I should simply look for another place. That's the idea of internet.
+
+This is what I am arguing for. Purism has a [social purpose](https://puri.sm/about/social-purpose/) which states, among other things:
+
+> * The Corporation will prioritize privacy, security, and freedom for its customers
+> * The Corporation will design and manufacture hardware that respects users’ rights to privacy, security, and freedom
+> * The Corporation will not discriminate against individuals, groups or fields of endeavor
+
+Some of those are in contradiction: for example, to ensure privacy and security of its users, it will need to discriminate against state actors who maliciously try infiltrate its organization to destroy the privacy of their users. I am arguing that by allowing nazis on their platforms, they allow discrimination against individuals, groups or fields of endeavor.
+
+> But if we push for making every corner of the internet so politically correct as we think we are, we are missing the point. 
+
+I'm not going to every corner. I'm going to this one corner *I already was in* that I want to make sure has no Nazis. Is that really too much to ask?
+
+Or, to reverse your argument, there will be dark corners of the internet where there are Nazis. Do you want to be one of those corners?
+
+> are we punishing lack of inteligence, are we punishing lack of knowledge? So free speech only for the enlightened?
+
+Yes, we are, in a way. Racism, sexism, hatred, those often come from ignorance. We're essentially telling people \"go figure it out and come back when you have\".
+
+> If you want to fight, let's say, \"the natzis\" you NEED them to exist in order to fight them!
+
+I don't want to fight nazis. I want them to stop existing for crying out loud. This is blaming the victim.
+
+> Lets just focus on doing the right thing, whatever we think it is,
+
+Right now, this is fighting Nazis.
+
+You'll thank me later.
+
+PS: I have removed your comment. Before you go crazy and complain about censorship, consider that:
+
+1. it was almost half as long as my original article, 
+2. you deliberately and knowingly made it \"polemic\",
+3. you seem to question the harmfulness of the Nazi ideology, masculinism, the flat-earthers, anti-vaccination promonents and think we should accept pseudo-science
+
+That has no space here.
+"""]]

Added a comment
diff --git a/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment b/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
new file mode 100644
index 00000000..3f4cac16
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
@@ -0,0 +1,62 @@
+[[!comment format=mdwn
+ ip="201.178.193.76"
+ claimedauthor="rick"
+ subject="comment 2"
+ date="2019-06-18T05:32:29Z"
+ content="""
+Hi!
+I will get a little polemic here, I think.
+I always find hard to believe in censorship, yes, even when it comes to \"the natzis\".
+
+There were always extreme ideas, just nowadays they are amplified by the internet phenomen where practically anyone can broadcast them as much as they like. 
+But they were always there. 
+
+What do we win by trying to silence them?
+We are acknoledging that, they are \"dangerous\", and may \"convince\" people?
+
+Well, the solution could never be censor them. Ideas only, are harmless. You would be surprised on how many \"good\" people still believe that the natzis were for a good cause, or that the US dropping atomic bombs was a \"lesser evil\". I dont share either view but I can understand people who hold them.
+
+But opinions have never changed the world. Only actions.
+Actions may be inspired by opinions, but the man who runs amok shooting 15 people, probably would have found any other idea to support his impulse to do it. 
+That behavior comes, I'd say, from something more emotional-related than from ideas or opinions. Of course, they will rationalize and use that ideas to say they're doing crazy shit for some \"noble cause\" or to feel like kind of heroes. 
+I could go full-conspironoic here and say that emotions are injected and amplified by the skilled in communications techniques (and with access to the means), through seemingly innocent content like advertising. Should we censor there, too?
+
+Let's remember the context of the nazism, a big part of population, was kind of angry, looking up to the politics to provide answers or solutions, then ideas starts to spread that the fault is of the jews, muslims, black, gays, whatever. 
+A charismatic, unapologetic and strong willed figure cant do much harm without convincing some masses. 
+What's the easiest way to buy to them? Knowing to read \"what they want\", kind of a \"herd feeling\". So: amplify what they already are starting to believe, in your favor. The dictator still needs some complicity from some part of the population, and they will fight the dissidence themselves. (See the spanish movie \"Lengua de las mariposas\")
+
+Violent people don't need the \"leader\" to say: \"go burn that church\", because they're already wanting to burn something, somebody. 
+Just get enough public exposure, deliver a \"rational\" message, mix with some fallacies to point in your favor, and you can get a mass to burn whoever you point to as the enemy. Would censoring you make things any better? No way. They will defend you as a victim and deepen their beliefs.
+
+So I think we should be growing a cultural context of \"I can read any idea, no matter how far it's from my own, and not feel it has any impact on me\". 
+Educate on the idea of questioning everything, submit to examination, not only those views that are different from mine, but also my own views. Always.
+Critical thinking. 
+That's the antidote against hate speech. Not attacking ideas based on pre-assumed truths.
+Many people dont know anything about the natzis, what happened, or why, still, are the first ones to fight against \"neo nazism\" and use \"nazi\" as an insult or desqualifier for ideas they don't like. Just like in the comic.
+
+People have commited crimes in the name of God. Should we ban God? People have commited crimes in the name of Love, should we ban Love? You get my point?
+Gasoline runs cars but I could burn a house with it. Knifes are for eating but I could hurt severely another person with one.
+
+We have to be smarter than that. Any platform provider should have any conditions they want, of course, so if I don't want to comply with it, I should simply look for another place. That's the idea of internet. But if we push for making every corner of the internet so politically correct as we think we are, we are missing the point. 
+
+And always remember that many of us hold ideas now that would have been censored and condemned in other time, or right now in some place of the world. Often with the same kind of arguments I hear from people today saying we should censor \"the natzis\", the trolls, the masculinists (whats wrong with them anyway?), the scum. The anti-vax, the flat-earthers. The pseudo-sciences.
+See a pattern? They are all considered by some as \"dangerous\", \"harmful\" .
+
+But we could also point many things that now are more socially accepted, that could be dangerous or harmful to some people.
+
+I'm not saying \"anything can be OK\" as those mythical posmarxists or whatever they call it in the comic. I'm saying there are different points of view on different subjects, some based more strongly than others, but what? are we punishing lack of inteligence, are we punishing lack of knowledge? So free speech only for the enlightened?
+
+\"Traditionalists\" feel specially like victims these days because so many \"progressive\" views (I dont like these terms, but I dont like \"right\" or \"left\" either) have become very politically correct. Too many people think they are something-ists only because that's the mainstream, but they dont really know what's it about.
+I can think of feminism as an example, but there are surely others.
+
+We should trascend all that paradigms. 
+Some think that we should \"go back\" to something that WAS good. They reject \"the new ways\"
+Some think we should \"go forward\" to something that WILL be good. They reject \"the old ways\"
+
+But there's a perennial paradigm, of taking what's \"good\", i.e., what really works for us, from either things we've already tried as from trying something new. Pragmatism. Leaving behind any -ism, because words often get attached to many meanings that weren't originally intended to, like a snow ball that grows on and on.
+
+I really like that quote that says \"opposing to something is perpetuating it\". If you want to fight, let's say, \"the natzis\" you NEED them to exist in order to fight them! So if you fight them you are keeping them real. If you don't want them to exist actually the only and best thing you can do is just act like they dont.
+
+Lets just focus on doing the right thing, whatever we think it is, OURSELVES instead of always be looking at what those fucking \"post marxist femi natzi terrorist christian scums\" (i.e. \"OTHERS\") are saying or doing!
+
+"""]]

moar packages
diff --git a/software/packages.yml b/software/packages.yml
index 86108d1d..6cf4e347 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -19,6 +19,7 @@
 # comms
 # desktop
 # developer
+# games
 # gis
 # graphics
 # ham
@@ -190,6 +191,7 @@
       - xterm
       - webext-browserpass
       - webext-ublock-origin
+      - webext-umatrix
       - xournal
       - yubikey-personalization
       - yubikey-manager
@@ -352,6 +354,13 @@
       - virtualbox
       - wget
 
+  - name: install games
+    tags: games
+    apt: name={{item}} state=installed
+    with_items:
+      - endless-sky
+      - freeorion
+
   - name: install GPS tools
     tags: gis
     apt: name={{item}} state=installed

more lens notes
diff --git a/hardware/camera.mdwn b/hardware/camera.mdwn
index ff860544..162b75ff 100644
--- a/hardware/camera.mdwn
+++ b/hardware/camera.mdwn
@@ -227,20 +227,18 @@ Cossins:
 Lentilles:
 
  1. [35mm f/2 R WR ø43](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf35mmf2_r_wr/), [Rockwell](http://www.kenrockwell.com/fuji/x-mount-lenses/35mm-f2.htm), [fstoppers](https://fstoppers.com/gear/fstoppers-reviews-fujifilm-35mm-f2-wr-158227), bonne
-    taille, scellée, 350-400$ sur kijiji , 500$ lozeau
+    taille, scellée, no OIS, 350-400$ sur kijiji , 500$ lozeau
  2. [16-55mm f/2.8 R LM WR ø77](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf16_55mmf28_r_lm_wr/): [Rockwell](http://www.kenrockwell.com/fuji/x-mount-lenses/16-55mm-f28.htm), [Phoblographer](https://www.thephoblographer.com/2015/03/12/review-fujifilm-16-55mm-f2-8-lm-wr-fujifilm-x-mount/), huge
-    but real nice, 900-1400$
- 3. [56mm f/1.2 R ø62mm](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf56mmf12_r/), [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/56mm-f12.htm) ("extraordinary lens",
-    again), [Photography life](https://photographylife.com/reviews/fuji-xf-56mm-f-1-2-r) ("one of the best prime portrait
-    lenses on the market") 900$ sur kijiji, 1175$ lozeau, not so great
-    for macro (70cm min)
- 4. [90mm f/2 R WR](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf90mmf2_r_lm_wr/): [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/90mm-f2.htm), [jokas photography](https://jonasraskphotography.com/2015/05/25/the-fujifilm-xf-90mm-f2-review/)
-    ("amazing lens"), [fstoppers](https://fstoppers.com/originals/fstoppers-reviews-fujifilm-xf-90mm-f20-lens-133836) ("spectacular"), [1300$
-    Lozeau](https://lozeau.com/produits/fr/fujifilm/fujifilm-fujinon-xf-90mm-f-2-0-r-lm-wr-p24751/?search=90mm%20fuji&description=true), looks like a good portrait lens but no OIS
+    but real nice, no OIS, 900-1400$
  5. [80mm f/2.8 R LM OIS WR Macro](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf80mmf28_r_lm_ois_wr_macro/), leur seule vraie lentille
     macro, [1550$ lozeau](https://lozeau.com/produits/fr/fujifilm/fujifilm-fujinon-xf-80mmf2-8-r-lm-ois-wr-macro-p31178/?search=80mm%20fuji&description=true)
  6. une "wide angle", quelques options: [phoblographer](https://www.thephoblographer.com/2017/06/21/best-wide-angle-lenses-for-fujifilm-weve-got-you-covered/), [dpreview
-    forum](https://www.dpreview.com/forums/thread/4049063)
+    forum](https://www.dpreview.com/forums/thread/4049063), [DP review recommends](https://www.dpreview.com/reviews/buying-guide-best-lenses-for-fujifilm-mirrorless-cameras) the XF 10-24mm F4 R OIS
+    ([1200$ lozeau](https://en.lozeau.com/collections/objectifs/products/fujifilm-fujinon-xf-10-24mm-f-4-r-ois))
+ 7. [XF18-135mmF3.5-5.6 R LM OIS WR](https://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf18_135mmf35_56_r_lm_ois_wr/): weather resist, good all
+    around travel lens even if a bit bulky, 28-200mm equivalent,
+    [dpreview recommendation](https://www.dpreview.com/reviews/buying-guide-best-lenses-for-fujifilm-mirrorless-cameras), [800$USD B&H](https://www.bhphotovideo.com/c/product/1058622-REG/fujifilm_16432853_xf_18_135mm_f_3_5_5_6_r.html) [1050$CAD
+    lozeau](https://en.lozeau.com/collections/objectifs/products/fujifilm-fujinon-xf-18-135mm-f-3-5-5-6-r-lm-ois-wr)
 
 Second appareil:
 
@@ -259,12 +257,21 @@ Second appareil:
 Écarté:
 
 
+ * [56mm f/1.2 R ø62mm](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf56mmf12_r/), [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/56mm-f12.htm) ("extraordinary lens",
+   again), [Photography life](https://photographylife.com/reviews/fuji-xf-56mm-f-1-2-r) ("one of the best prime portrait
+   lenses on the market") 900$ sur kijiji, 1175$ lozeau, not so great
+   for macro (70cm min) and apparently "one of the slower-focusing
+   lenses in the system" [according to DP review](https://www.dpreview.com/reviews/buying-guide-best-lenses-for-fujifilm-mirrorless-cameras) which means it's
+   pretty damn slow
+ * [90mm f/2 R WR](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf90mmf2_r_lm_wr/): [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/90mm-f2.htm), [jokas photography](https://jonasraskphotography.com/2015/05/25/the-fujifilm-xf-90mm-f2-review/) ("amazing
+   lens"), [fstoppers](https://fstoppers.com/originals/fstoppers-reviews-fujifilm-xf-90mm-f20-lens-133836) ("spectacular"), [1300$ Lozeau](https://lozeau.com/produits/fr/fujifilm/fujifilm-fujinon-xf-90mm-f-2-0-r-lm-wr-p24751/?search=90mm%20fuji&description=true), looks
+   like a good portrait lens but no OIS
  * [35mm f/1.4 R ø52](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf35mmf14_r/), [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/35mm-f14.htm) ("extraordinary lens"),
    700$ new [B&H](https://www.bhphotovideo.com/c/product/839139-REG/Fujifilm_16240755_35mm_f_1_4_XF_R.html), 400-460$ on kijiji. je préfère passer à la f/2,
    qui est tropicalisée.
  * [50mm f/2 R WR ø46](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf50mmf2_r_wr/), not many reviews. 480$ kijiji, 600$
-    Lozeau, cheaper slower version of the 56mm, [not good for
-    macro](https://www.imaging-resource.com/lenses/fujinon/xf-50mm-f2-r-wr/review/) as small magnification and not much closeup (39cm min)
+   Lozeau, cheaper slower version of the 56mm, [not good for
+   macro](https://www.imaging-resource.com/lenses/fujinon/xf-50mm-f2-r-wr/review/) as small magnification and not much closeup (39cm min)
  * blower are apparently the best solution to clear sensors,
    e.g. [blower on B&H](https://www.bhphotovideo.com/c/buy/Blowers-Compressed-Air/ci/18806/N/4077634545?origSearch=blower), 5-15$. a [red one](https://www.bhphotovideo.com/c/product/838821-REG/sensei_bl_014_bulb_air_blower_cleaning_system.html) is easier to find
    in a bag (8$USD). i already have a blower, so not necessary.

update setup checklist to reflect the actual FP2 setup
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index a874464d..78fa9d66 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -325,27 +325,25 @@ reboots and takes a while to resume (a minute or two).
 Android configuration
 =====================
 
-This is copied from [[htc-one-s]].
-
 Those are things to do when I flash the device, which I seem to
 screwup so often that I actually had to note this down.
 
- 1. Check for updates and install: there's an "updater" app in
-    Fairephon Open
- 2. encrypt the phone (takes ~10 minutes, needs power), see below
+ 1. Check for updates and install
+    * use the "updater" app in Fairephon Open to upgrade the firmware
+    * the recovery (TWRP) is already installed but needs an upgrade
+ 2. encrypt the phone (takes ~10 minutes, needs power)
  3. set lock code (PIN)
  4. go through prefs to tweak everything
-   * enable privacy guard, including on builtin apps
-   * browser: disable a bunch of stuff, enable utf8
- 5. install f-droid using sideloading (see below)
- 5. install and configure [apps](apps.html) (see below)
- 6. import contacts from backups (see below)
- 7. <del>setup fake GCM</del> screw google
- 8. configure all installed apps (see below)
- 9. backup the phone (!) todo!
+ 5. install f-droid using sideloading
+ 6. install, configure and synchronize apps
+ 7. backup the phone (!) todo!
 
 Some of those steps are documented more explicitly below.
 
+This checklist was copied from [[htc-one-s]] but some steps have been
+removed or changed. No Google services were installed, for example,
+which implies that apps like `Transit` do not work.
+
 Upgrading recovery
 ------------------
 

show how to encrypt phone
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index fa19d055..a874464d 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -372,6 +372,77 @@ install a new TWRP image on the phone:
 
 And install it from the `Install` menu.
 
+Encryption
+----------
+
+The Fairphone 2 runs Android 7 now, so it uses that "Encrypt Phone"
+functionality from AOSP. The procedure is as follows:
+
+[[!warning """Before you start, MAKE SURE YOU KNOW YOUR PIN BY HEART!
+    once this process is over, all your data will be encrypted with
+    the pin and won't be recoverable otherwise."""]]
+
+ 1. Charge the phone and keep it plugged in the charger
+ 2. Open the `Settings` app
+ 3. Go to `Security` → `Encrypt phone`
+ 4. Then you get a dialog warning about the process, hit `Encrypt
+    phone`
+ 5. The phone reboots a couple of times and then shows an `Encrypting`
+    dialog that says:
+    
+    > Wait while your phone is being encrypted. Time remaining: 8:00
+
+ 6. ...and then reboots again and asks you for your PIN
+
+In my case, the estimate was around 8 minutes and it took about that
+time to encrypt the phone.
+
+### Stronger encryption password
+
+It is a good idea to set a distinct screen PINs and encryption
+passwords. Built-in support to do this in Android through the GUI is
+still lacking, despite [efforts by Copperhead to implement it](https://copperhead.co/blog/2015/07/08/android-encryption-password). The
+proposed feature was [abandoned in 2015](https://android-review.googlesource.com/c/platform/frameworks/base/+/154841), unfortunately. It might
+be present in LineageOS, but I haven't confirmed that.
+
+A [workaround](https://www.xda-developers.com/how-to-manually-change-your-android-encryption-password/) is to get a root shell, either through `adb root; adb
+shell` when connected over USB, or with a shell directly on the
+phone. Then you can run:
+
+    vdc cryptfs changepw password <current_PIN> password <new_passphrase>
+
+This should show something cryptic like:
+
+    200 25575 0
+
+It's important the first number is `200`. For example, when using the
+wrong commandline, I would get:
+
+    500 25469 Usage: cryptfs changepw default|password|pin|pattern [currentpasswd] default|password|pin|pattern [newpasswd]
+
+Then it's important to verify the passphrase works with:
+
+    vdc cryptfs verifypw <new_passphrase>
+
+Once you are confident you remember the passphrase and/or have saved
+it to your password manager, reboot the phone which will prompt you
+for your passphrase. I recommend using passphrases generated by
+[xkcdpass](https://pypi.org/project/xkcdpass/) or [diceware](https://github.com/ulif/diceware) for this purpose because they are
+easier to type on the phone yet still very strong.
+
+To ensure the passphrase is effective, the phone should reboot after N
+failed attempts on the weaker PIN screen lock. An app called [WrongPIN
+Shutdown](https://f-droid.org/packages/org.nuntius35.wrongpinshutdown/) seems to work on the phone.
+
+<span /><div class="note">
+I previously used [SnooperStopper](https://f-droid.org/en/packages/cz.eutopia.snooperstopper/) to do this but unfortunately,
+that app hasn't seen a [release since 2016](https://github.com/xmikos/SnooperStopper/releases), when it was updated
+for Android 6 support. So I haven't been able to change the password
+with the app on Fairphone's Android 7 ([bug report](https://github.com/xmikos/SnooperStopper/issues/30)). Another app
+supposed to allow you to change the password is [Cryptfs Password](https://f-droid.org/en/packages/org.nick.cryptfs.passwdmanager/)
+but it [fails in a similar way](https://github.com/nelenkov/cryptfs-password-manager/issues/20).
+</div>
+
 Installing the F-Droid privileged extension
 -------------------------------------------
 

add alternatives for live bookmarks
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index cd2df450..983fd698 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -81,6 +81,8 @@ I am testing those and they might make it to the top list once I'm happy:
  * [View Page Archive & Cache](https://addons.mozilla.org/en-US/firefox/addon/view-page-archive/) (no deb, [source](https://github.com/dessant/view-page-archive/)) - load page in
    one or many page archives. No "save" button unfortunately, but is
    good enough for my purposes.
+ * [Livemarks](https://addons.mozilla.org/en-US/firefox/addon/livemarks/) (no deb, [source](https://github.com/nt1m/livemarks)) or [Awesome RSS](https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/) (no deb,
+   [source](https://github.com/shgysk8zer0/awesome-rss)) - replace the [Live bookmarks removal](https://support.mozilla.org/en-US/kb/live-bookmarks-migration)
 
 [Multi-account containers]: https://github.com/mozilla/multi-account-containers/
 

possible monitors
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 13839e6d..d2aff83c 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -51,6 +51,13 @@ Normal
 ------
 
  * [Viewsonic VP2768](https://www.viewsonic.com/us/monitors/shop/professional-monitors/vp2768.html#specs)
+ * [Dell 27" WQHD 144Hz 1ms GTG TN LED G-SYNC Gaming Monitor
+   (S2716DG) - Black](https://www.bestbuy.ca/en-ca/product/dell-dell-27-wqhd-144hz-3ms-gtg-tn-led-g-sync-gaming-monitor-s2716dg-black-s2716dg/10409157) (bestbuy: 450$)
+ * [DELL 27" 2ms 144Hz AMD FreeSync Gaming Monitor DisplayPort, HDMI,
+   USB 2.0, Built in Speakers Tilt, VESA mount (D2719HGF)](https://www.canadacomputers.com/product_info.php?cPath=22_1195_700_1104&item_id=131528) (Canada
+   computers: 270$)
+ * [Dell U2419H 24" Ultrasharp LED Monitor 1920 x 1080 - IPS](https://www.canadacomputers.com/product_info.php?cPath=22_1195_700_1103&item_id=133314):
+   (Canada computers: $320, special order)
 
 Resources
 =========

the i915 drivver doesn't need the firmware
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 66bca0e1..4e92c0a8 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -113,7 +113,11 @@ Update: I still have some `non-free` packages installed:
 
  * Bluetooth requires [[!debpkg firmware-atheros]]
  
- * some other controller (i915?) also needs [[!debpkg firmware-misc-nonfree]]
+When building the `initramfs`, there are warnings about the `i915`
+graphics controller, which is solved by installing the [[!debpkg
+firmware-misc-nonfree]] package, but the graphics card works without
+the firmware. Apparently, the warnings are harmless and indeed PureOS
+fixed [the bug](https://tracker.pureos.net/T362) by simply [disabling all such warnings](https://source.puri.sm/pureos/core/initramfs-tools/commit/005ca5b834fa7ee44bb913d74b4ff2aa542fc9d1).3
 
 The Debian-specific stuff is also documented in [the Debian wiki](https://wiki.debian.org/InstallingDebianOn/Purism/Librem%2013).
 

link to coreboot upgrade docs
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 500c5cd6..66bca0e1 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -89,6 +89,9 @@ is really impractical.
 Finally, Pureboot doesn't support encrypted `/boot` so it actually
 makes it *harder* to implement trusted boot.
 
+The coreboot stuff needs to be updated, and instructions are available
+[on the Purism website](https://puri.sm/coreboot/).
+
 Excellent Linux support
 -----------------------
 

more documentation of purism laptop
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index ef70ce03..500c5cd6 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -101,11 +101,23 @@ drivers, even for wifi.
 That is just awesome. It's the first device, in a long time, that
 gives me this freedom, so it should be acknowledged and celebrated.
 
-(Update: I still have some `non-free` packages installed, the Intel
-CPU firmware package ([[!debpkg intel-microcode]]) along with
-documentation packages ([[!debpkg doc-rfc]], [[!debpkg
-emacs-common-non-dfsg]], [[!debpkg make-doc]]). It also *seems* like I
-need [[!debpkg firmware-misc-nonfree]] for bluetooth.)
+Update: I still have some `non-free` packages installed:
+
+ * the Intel CPU firmware package ([[!debpkg intel-microcode]])
+ 
+ * I also use some "non-free" documentation packages ([[!debpkg
+   doc-rfc]], [[!debpkg emacs-common-non-dfsg]], [[!debpkg make-doc]])
+
+ * Bluetooth requires [[!debpkg firmware-atheros]]
+ 
+ * some other controller (i915?) also needs [[!debpkg firmware-misc-nonfree]]
+
+The Debian-specific stuff is also documented in [the Debian wiki](https://wiki.debian.org/InstallingDebianOn/Purism/Librem%2013).
+
+Good speakers
+-------------
+
+The builtin speakers sound great.
 
 Issues
 ======
@@ -119,7 +131,17 @@ The [keyboard layout is strange](https://forums.puri.sm/t/keyboard-layout-unable
 instead of sending <kbd>\</kbd> or <kbd>|</kbd>, sends
 "chevrons". This is due to the Purism folks expecting you to pick the
 "US international" keyboard instead of the "US" keyboard, which is a
-very strange pick, as the "US" keyboard seems pretty standard.
+very strange pick, as the "US" keyboard seems pretty standard. The
+workaround is to drop this in your `udev` configuration, say in
+`/etc/udev/hwdb.d/90-purism-pipe-symbol-fix.hwdb`:
+
+    evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism:pnLibrem13v4*
+     KEYBOARD_KEY_56=backslash
+
+Then running:
+
+    sudo systemd-hwdb update
+    sudo udevadm trigger
 
 The keyboard layout, in general, is a little unique: the sound buttons
 are split across the <kbd>F4</kbd> key (mute) and

some firmware is actually required
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 8e9bcf80..ef70ce03 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -101,6 +101,12 @@ drivers, even for wifi.
 That is just awesome. It's the first device, in a long time, that
 gives me this freedom, so it should be acknowledged and celebrated.
 
+(Update: I still have some `non-free` packages installed, the Intel
+CPU firmware package ([[!debpkg intel-microcode]]) along with
+documentation packages ([[!debpkg doc-rfc]], [[!debpkg
+emacs-common-non-dfsg]], [[!debpkg make-doc]]). It also *seems* like I
+need [[!debpkg firmware-misc-nonfree]] for bluetooth.)
+
 Issues
 ======
 

expand keyboard layout information
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 5ce0ad47..52fc1929 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -13,7 +13,10 @@ Requirements
 Layout
 ------
 
-I like the [ANSI layout](https://en.wikipedia.org/wiki/Keyboard_layout#Mechanical.2C_visual_and_functional_layouts), [[!wikipedia QWERTY]] of course. Ideally, I would like to have an ANSI keyboard with the `«»` key added, but this doesn't seem to actually exist, and I don't like the oversized ISO enter key, as I used backslash a lot.
+I like the [ANSI layout](https://en.wikipedia.org/wiki/Keyboard_layout#Mechanical.2C_visual_and_functional_layouts), [[!wikipedia QWERTY]] of course. Ideally,
+I would like to have an ANSI keyboard with the `«»` key added, but
+this doesn't seem to actually exist, and I don't like the oversized
+ISO enter key, as I used backslash a lot.
 
 No numpad
 ---------
@@ -23,6 +26,14 @@ traveling between the keyboard and the mouse, which I still use more
 often than the keypad. I would need to get an external keypad, but
 that's easy to solve - even if it takes an extra USB port.
 
+That's called a "80%", "TKL" ("tenkey-less") or "88" or "87 keys"
+keyboard. Those articles help me figure out the different layouts:
+
+ * [Understand keyboard sizes](https://hobgear.com/understand-keyboard-sizes/)
+ * [Guide to keyboard sizes](https://www.keyboardco.com/blog/index.php/2017/08/full-size-tkl-60-and-more-a-guide-to-mechanical-keyboard-sizes/)
+ * [WASD keyboard products](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard.html?dir=asc&order=name), for example comparing [88-key](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v2-88-key-iso-custom-mechanical-keyboard.html),
+   [87-key](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v2-87-key-custom-mechanical-keyboard.html) and [104-key](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v3-104-key-custom-mechanical-keyboard.html) layouts
+
 Tactile feel
 ------------
 

more cross-refs
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 87b71a4a..9e371237 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -2,9 +2,11 @@
 
 Update: I didn't buy a new, powerful, laptop for my work, but a
 NUC. See [[hardware/curie]] for details. When my travel laptop finally
-died, I bought a X220 as a replacement, see [[hardware/laptop/angela]]
+died, I bought a X220 as a replacement, see [[hardware/angela]]
 for details.
 
+[[!map pages="page(hardware/laptop/*)" show=title]]
+
 Besoins
 =======
 
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index a0eabd7a..8e9bcf80 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -1,7 +1,8 @@
 The [Purism Librem 13](https://puri.sm/products/librem-13/) is a 13" laptop that's similar to the
 Macbook Air but slightly heavier and thicker, from what I
 understand. I have the `v4` means it's the fourth hardware version of
-the device.
+the device. This is the latest incarnation of the [[hardware/angela]]
+node.
 
 [[!toc levels=3]]
 
diff --git a/hardware/laptop/thinkpad-x120e.mdwn b/hardware/laptop/thinkpad-x120e.mdwn
index 98be5359..14d6481b 100644
--- a/hardware/laptop/thinkpad-x120e.mdwn
+++ b/hardware/laptop/thinkpad-x120e.mdwn
@@ -1,6 +1,6 @@
 [[!meta title="Death of a Thinkpad x120e laptop"]]
 
-My laptop named "angela" is (was?) a [Thinkpad x120e](https://www3.lenovo.com/us/en/laptops/thinkpad/x-series/x120e/)
+My laptop named [[hardware/angela]] is (was?) a [Thinkpad x120e](https://www3.lenovo.com/us/en/laptops/thinkpad/x-series/x120e/)
 ([ThinkWiki](https://www.thinkwiki.org/wiki/Category:X120e)). It's a [netbook](https://en.wikipedia.org/wiki/Netbook) model (although they branded it
 a [Ultraportable](https://en.wikipedia.org/wiki/Subnotebook)), which meant back then that it was a small,
 wide, slim laptop with less power, but cheaper. It did its job: I

mention purism on the angela page
diff --git a/hardware/angela.mdwn b/hardware/angela.mdwn
index 4d626f4f..9e19310f 100644
--- a/hardware/angela.mdwn
+++ b/hardware/angela.mdwn
@@ -10,8 +10,11 @@ the Black Panther Party during the Civil Rights Movement.*" -
 >
 > - Angela Davis
 
+First and second generations: Thinkpad
+======================================
+
 It's my travel laptop. It was previously housed in a [[Thinkpad
-X120e|thinkpad-x120e]] body, which I never liked. That computer
+X120e|hardware/laptop/thinkpad-x120e]] body, which I never liked. That computer
 finally "died" after 5 years of use when its screen cracked, at which
 point I replaced the hardware with a Thinkpad X220, after a brief
 interval in a battered old X201 body lent from a friend.
@@ -25,4 +28,14 @@ or [[hardware/server/marcos]] instead.
 See the [X220 install docs](https://wiki.debian.org/InstallingDebianOn/Thinkpad/X220) for issues with running Debian on the
 X220.
 
+Third generation: Purism
+========================
+
+The third body I have given angela is a Purism Librem 13, in may 2019,
+see [[hardware/laptop/purism-librem13v4]] for a detailed review. I
+made the change mostly because of the poor screen resolution on the
+x220, but also because it was somewhat significantly slower than my
+workstation and had limited expansion capabilities. It was also a
+shopping therapy in a difficult year.
+
 [[!tag node]]

again
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 6bfa122f..a0eabd7a 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -165,8 +165,8 @@ useful. Plus, I can afford to have a USB dongle there with a gigabit
 ethernet port, indeed, I already have one of those USB hubs. So not
 that big of a deal.
 
-Cost
-----
+High cost
+---------
 
 Those devices have a hefty price tag! At 1500-1700USD, it's definitely
 not something a student or even I, in my previous job, could

fix headings
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index dbf202fa..6bfa122f 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -35,8 +35,8 @@ Specifications
 The machine came with a 250GB Crucial SSD drive with PureOS
 pre-installed, even if I ordered it without storage.
 
-Power connector
----------------
+Semi-standard power connector
+-----------------------------
 
 The power connector is [somewhat standard](https://learn.sparkfun.com/tutorials/connector-basics/power-connectors): 19V DC on a 5.5mm
 sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki/IEC_60320#C5/C6_coupler) for the AC side
@@ -44,8 +44,12 @@ sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki
 able to find a "universal 19V adpater" for ~60$ at a local store that
 also supported other barrel connectors.
 
-Monitor
--------
+It would be better if the laptop would charge through USB-C,
+naturally, as *that* is slowly becoming the standard for charging
+computing devices, but that will have to do for now.
+
+Good monitor
+------------
 
 The monitor shipped with the Librem is actually quite good by my
 standards (1920x1080 / 1080p / FullHD). It does mean messing around

good linux support in the librem
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 1ff43a97..dbf202fa 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -84,6 +84,18 @@ is really impractical.
 Finally, Pureboot doesn't support encrypted `/boot` so it actually
 makes it *harder* to implement trusted boot.
 
+Excellent Linux support
+-----------------------
+
+On top of the liberated BIOS, it must be said the device has
+*excellent* support for free operating systems. *Every* device on the
+machine has full support in the Linux kernel, even the "older" version
+in Debian stretch (Linux 4.9). No binary blobs, no proprietary
+drivers, even for wifi.
+
+That is just awesome. It's the first device, in a long time, that
+gives me this freedom, so it should be acknowledged and celebrated.
+
 Issues
 ======
 

add toc
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 32fa2c08..1ff43a97 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -3,6 +3,8 @@ Macbook Air but slightly heavier and thicker, from what I
 understand. I have the `v4` means it's the fourth hardware version of
 the device.
 
+[[!toc levels=3]]
+
 Specifications
 ==============
 

prohibitive costs
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 490195e1..32fa2c08 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -147,6 +147,15 @@ useful. Plus, I can afford to have a USB dongle there with a gigabit
 ethernet port, indeed, I already have one of those USB hubs. So not
 that big of a deal.
 
+Cost
+----
+
+Those devices have a hefty price tag! At 1500-1700USD, it's definitely
+not something a student or even I, in my previous job, could
+afford. It's only because my current work was generous enough to pay
+for this machine that I was able to shell out the cash needed for this
+luxury item, clearly targeting the "high-end" crowd like Apple fans...
+
 Questionable politics
 ---------------------
 

notes on the purism
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 06a7b5c7..87b71a4a 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -260,10 +260,9 @@ https://puri.sm/products/librem-13/
  * Touch interface: Elantech Multitouch Trackpad
  * Thermal design: Low noise fan
 
-Downside: no ethernet port (WTF seriously) and no power on USB-C. At
-least the power connector is [somewhat standard](https://learn.sparkfun.com/tutorials/connector-basics/power-connectors): 19V DC on a 5.5mm
-sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki/IEC_60320#C5/C6_coupler) for the AC side
-(as opposed to the more standard C13/C14 coupler, mind you).
+Downside: no ethernet port (WTF seriously) and no power on USB-C.
+
+Update: got the device, see [[purism-librem13v4]] for details.
 
 Dell
 ----
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
new file mode 100644
index 00000000..490195e1
--- /dev/null
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -0,0 +1,159 @@
+The [Purism Librem 13](https://puri.sm/products/librem-13/) is a 13" laptop that's similar to the
+Macbook Air but slightly heavier and thicker, from what I
+understand. I have the `v4` means it's the fourth hardware version of
+the device.
+
+Specifications
+==============
+
+ * Operating system: PureOS
+ * TPM: Included
+ * Battery life: Roughly 7 to 9 hours (actual: more like 6h)
+ * Processor: Core i7 7500U (Kabylake)
+ * Display: 13.3" 1920×1080
+ * Graphics: Intel HD Graphics 620
+ * Memory: Up to 32GB, DDR4 at 2133 MHz
+ * Storage: 2.5" SATA + NVMe-capable M.2 slots
+ * Chassis: Black anodized aluminium
+ * Webcam: 720p 1.0 megapixel
+ * Dimensions: 325×219×18mm
+ * Weight: 1.4kg
+ * Wireless: Atheros 802.11n w/ Two Antenna
+ * Radio hardware killswitch: Yes
+ * Mic and cam killswitches: Yes
+ * Audio port: 1 headphone/line output jack
+ * USB ports: 2 USB 3.0 Ports (1 type C, data transfer only)
+ * External monitor output: 1 HDMI Port (4K capable @ 30Hz max)
+ * Card reader: Yes, 2-in-1 SD/MMC
+ * Backlit keyboard: Yes
+ * Touch interface: Elantech Multitouch Trackpad
+ * Thermal design: Low noise fan (actual: not really, quite noisy when
+   all CPUs are maxed)
+
+The machine came with a 250GB Crucial SSD drive with PureOS
+pre-installed, even if I ordered it without storage.
+
+Power connector
+---------------
+
+The power connector is [somewhat standard](https://learn.sparkfun.com/tutorials/connector-basics/power-connectors): 19V DC on a 5.5mm
+sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki/IEC_60320#C5/C6_coupler) for the AC side
+(as opposed to the more standard C13/C14 coupler, mind you). I was
+able to find a "universal 19V adpater" for ~60$ at a local store that
+also supported other barrel connectors.
+
+Monitor
+-------
+
+The monitor shipped with the Librem is actually quite good by my
+standards (1920x1080 / 1080p / FullHD). It does mean messing around
+with [HiDPI](https://wiki.debian.org/MonitorDPI) settings which I haven't quite figured out yet.
+
+[This post](https://vincent.bernat.ch/en/blog/2018-4k-hidpi-dual-screen-linux) seems to have good resources. From what I understand,
+the resolution of the screen is actually 166dpi, which takes some
+configuring to display properly. This can be computed from the aspect
+ratio (16:9), the resolution (1920x1080) and the diagonal of the
+screen (13.3"). According to [this calculator](https://www.sven.de/dpi/), this is the
+formula:
+
+    Display size: 11.59" × 6.52" = 75.59in² (29.44cm × 16.56cm = 487.64cm²) at 165.63 PPI, 0.1534mm dot pitch, 27434 PPI² 
+
+All this does make my old monitor (which I found in the basement) look
+like crap. So I need to find a [new monitor](https://forums.puri.sm/t/suitable-external-monitor-for-librem-13/5627), arguably not a
+problem with the Librem per se of course...
+
+It seems the Librem can drive 1440p, so not "4K UHD" (3840x2160), but
+"QHD" (2560x1440) which should be more than enough.
+
+Liberated boot
+--------------
+
+The Purism folks did a pretty awesome job at liberating their
+BIOS. They run their own version of coreboot they call
+[Pureboot](https://docs.puri.sm/PureBoot.html). In theory, it should be easier to setup a trusted,
+[SecureBoot](http://wiki.debian.org/SecureBoot) but in practice I have yet to set that up.
+
+I did try to configure the laptop with an encrypted `/boot`, but that
+didn't go so well. First, I get a double password prompt: once in
+`grub` and once in the `initramfs`. But more annoying is the `grub`
+prompt has no retry: if you fail, you drop in the rescue shell which
+is really impractical.
+
+Finally, Pureboot doesn't support encrypted `/boot` so it actually
+makes it *harder* to implement trusted boot.
+
+Issues
+======
+
+I have a few issues with the device.
+
+Weird keyboard layout
+---------------------
+
+The [keyboard layout is strange](https://forums.puri.sm/t/keyboard-layout-unable-to-recognize-pipe/2022): the key above <kbd>enter</kbd>,
+instead of sending <kbd>\</kbd> or <kbd>|</kbd>, sends
+"chevrons". This is due to the Purism folks expecting you to pick the
+"US international" keyboard instead of the "US" keyboard, which is a
+very strange pick, as the "US" keyboard seems pretty standard.
+
+The keyboard layout, in general, is a little unique: the sound buttons
+are split across the <kbd>F4</kbd> key (mute) and
+<kbd>-</kbd>/<kbd>=</kbd> (volume up/down keys) for some reason.
+
+The <kbd>PrtSc</kbd> key [can be as SysRq](https://forums.puri.sm/t/does-alt-sysrq-work-on-librem-laptops/5290/9) but is *backwards*
+(<kbd>ScrLk</kbd> <kbd>PrtSc</kbd>) to their usual order
+(<kbd>PrtSc</kbd> <kbd>ScrLk</kbd>).
+
+Limited USB-C port
+------------------
+
+The USB-C port [does not support video](https://forums.puri.sm/t/is-hdmi-over-usb-c-possible-on-13v2/2020) which makes it limited to
+charging and data transfer. It can also not charge the laptop itself,
+as there's a separate power connector, losing many of the benefits
+usually associated with USB-C.
+
+Ideally, a USB-C port might be used as a universal docking port: one
+wire to plug and you have power, video, audio, and USB for keyboard
+and mouse. Unfortunately, I'm still stuck with about 4 wires to plugin
+when I come into the office, something I was hoping to avoid. People
+have [looked for a dock station](https://forums.puri.sm/t/please-recommend-a-port-replicator-docking-station/1115) without success.
+
+Shipping delays, DOA
+--------------------
+
+I waited almost four weeks to have my laptop delivered. Presumably
+this was due to a [warehouse move](https://forums.puri.sm/t/where-was-purism-moving/5799/) but I found that communication
+about the issue could have been better. Worse: the laptop was [dead on
+arrival](https://forums.puri.sm/t/librem-13v3-bricked/5714/19?u=anarcat) (DOA) so I had to return it, adding another week delay for
+getting an actual working laptop. FedEx even charged me for the return
+even though Purism actually issued a shipping label, something I still
+haven't quite resolved.
+
+Bright LEDs, not accessible when lid closed
+-------------------------------------------
+
+There are three leds on the top right of the keyboad: one for wifi,
+battery and power. They are very bright and even though they can
+technically be dimmed, the firmware is not open so there's [no way to
+dim the LEDs](https://forums.puri.sm/t/is-there-a-way-to-dim-the-leds-on-the-13-v2/1172). 
+
+No ethernet port
+----------------
+
+That was a deal breaker for me originally, but I changed my
+mind. First, I don't need gigabit transfer speeds that often. Then my
+office doesn't have wired connectivity yet, so it is not that
+useful. Plus, I can afford to have a USB dongle there with a gigabit
+ethernet port, indeed, I already have one of those USB hubs. So not
+that big of a deal.
+
+Questionable politics
+---------------------
+
+After I bought the device, I found out that Purism wouldn't take a
+stand against racism and nazis on their servers. As a hardware
+manufacturer, that would be only a slight annoyance, but they recently
+got into the business of hosting social networks, emails and so on, so
+this is a big problem. I have written about the rationale in details
+in [[blog/2019-05-13-free-speech]], but I cannot in good faith
+recommend doing business with Purism anymore, unfortunately.

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .