Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

got a new cool antenna
diff --git a/hardware/radio.mdwn b/hardware/radio.mdwn
index 0b079bda..567db591 100644
--- a/hardware/radio.mdwn
+++ b/hardware/radio.mdwn
@@ -21,6 +21,9 @@ Hardware
  * 100' of RG8 coax cabling [65$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_394&products_id=6831)
  * 3 PL259 connectors [4$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_394&products_id=3244)
  * Total, incl. shipping: 452.35$
+ * [S&K Open Stub J-Pole Antenna](https://signalstuff.com/product/signal-staff-osj/) (OSJ) from [Signalstuff.com](https://signalstuff.com/),
+   can be mounted on a mast *or* a camera tripod *or* even hanged from
+   a tree! (60$USD)
 * VHF/UHF meter: [workman 50$](http://www.ebay.com/itm/SWR-Power-500-Watt-METER-120-500-MHz-UHF-VHF-Ham-Radio-w-RG8X-Jumper-/380424888249)  ([17 reviews: 3.5/5](http://www.eham.net/reviews/detail/3905))
 * Ferrites: ~40$ + 24$ customs fees (PN: 2643167851 from [IBS electronics](http://www.ibselectronics.com/search_r.asp?mfgpn=2643167851))
 * some PL259 connectors, usually around 2$ each

update i do not use borg anymore
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 6c7ca3ab..bf4531c2 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -11,9 +11,12 @@ hand, monthly.
 Workstation and laptop backups are more irregular, on a separate
 drive.
 
-Most backups are performed with [borg](http://borgbackup.rtfd.org/) but some offsite backups are
-still done with [bup](https://bup.github.io/) for historical reasons but may be migrated to
-another storage system, see below for progress.
+Backups are performed with [borg](http://borgbackup.rtfd.org/) and [git-annex](https://git-annex.branchable.com/).
+
+Some offsite backups were done with [bup](https://bup.github.io/), but that was replaced by
+borg because the latter supports client-side encryption out of the
+box, supports purging old snapshots (which bup didn't at the time),
+and has a better commandline interface.
 
 Backup storage
 ==============

some settings in a user.js now, document other issues
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index ec9b3b31..fae57ec3 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -279,7 +279,8 @@ the long term.
 Configuration
 ==============
 
-I have set the following configuration options:
+I have set the following configuration options, in a `user.js` file
+that I version-control into git:
 
  * `browser.tabs.loadDivertedInBackground` ([ref](http://kb.mozillazine.org/About:config_entries)):
    true (fixes an issue where focus would change to the firefox window
@@ -329,6 +330,27 @@ I add some search engines that are misconfigured from [Mycroft](http://mycroftpr
 import my set of [Debian bookmarks](https://salsa.debian.org/debian/debian-bookmarks-shortcuts) for quick access to Debian
 resources.
 
+Remaining work
+==============
+
+My Firefox configuration is not fully automated yet. The `user.js`
+hacks above only go so far. For example, the search engine override
+[doesn't seem to work anymore](https://superuser.com/questions/1372679/how-to-set-duckduckgo-as-default-search-engine-using-user-js). Similarly, it is not possible to
+populate the following:
+
+ * search engines
+ * bookmarks
+ * extensions
+
+Bookmarks and search engines seems to be hackable through a
+[distribution file](https://wiki.mozilla.org/Distribution_INI_File) (and a [different one on mobile](https://wiki.mozilla.org/Mobile/Distribution_Files)??), but I
+haven't figured out how that works just yet. It also seems extensions
+are going to become harder since [Mozilla decided to stop
+sideloading](https://blog.mozilla.org/addons/2020/03/10/support-for-extension-sideloading-has-ended/) for some obscure reason...
+
+I miss the times where bookmarks where just that HTML file sitting in
+the profile directory...
+
 History
 =======
 

promote livemarks and minimal, demote display anchors, containers, tridactyl
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 9bb17c9f..ec9b3b31 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -28,8 +28,11 @@ I have those extensions installed and use them very frequently:
    package"]], [source](https://github.com/browserpass/browserpass)) - super fast access to my passwords. use
    some magic mumble-jumble message passing thing which feels a bit
    creepy.
- * [display anchors](https://addons.mozilla.org/en-US/firefox/addon/display-_anchors/) (no deb, [source](https://github.com/Rob--W/display-anchors))
  * [GhostText][] (no debian package, [#910289](https://bugs.debian.org/910289), [source](https://github.com/GhostText/GhostText))- "It's all text" replacement
+ * [Livemarks](https://addons.mozilla.org/en-US/firefox/addon/livemarks/) (no deb, [source](https://github.com/nt1m/livemarks)) or [Awesome RSS](https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/) (no deb,
+   [source](https://github.com/shgysk8zer0/awesome-rss)) - replace the [Live bookmarks removal](https://support.mozilla.org/en-US/kb/live-bookmarks-migration)
+ * [Minimal](https://addons.mozilla.org/en-US/firefox/addon/minimal-internet-experience/) ([homepage](https://minimal.community/)) - removes autoplay, search suggestions
+   and all sorts of junks from many websites
  * [uBlock Origin][] ([[!debpkg webext-ublock-origin desc="debian
    package"]], [source](https://github.com/gorhill/uBlock)) - making the web sane again
  * [uMatrix][] ([[!debpkg webext-umatrix desc="debian package"]],
@@ -60,15 +63,7 @@ Ideally, all of those should be packaged for Debian.
 
 I am testing those and they might make it to the top list once I'm happy:
 
- * Firefox [Multi-account containers][] (no deb, [source](https://github.com/mozilla/multi-account-containers/)) - kind of
-   useful, but also a bit strange: impossible to assign an existing
-   tab to a container, UI is very clikety (can't open a
-   container-specific tab from the keyboard), etc. need to click-hold
-   on the "+" tab button to choose container.
- * [Livemarks](https://addons.mozilla.org/en-US/firefox/addon/livemarks/) (no deb, [source](https://github.com/nt1m/livemarks)) or [Awesome RSS](https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/) (no deb,
-   [source](https://github.com/shgysk8zer0/awesome-rss)) - replace the [Live bookmarks removal](https://support.mozilla.org/en-US/kb/live-bookmarks-migration)
- * [Minimal](https://addons.mozilla.org/en-US/firefox/addon/minimal-internet-experience/) ([homepage](https://minimal.community/)) - removes autoplay, search suggestions
-   and all sorts of junks from many websites
+ * [display anchors](https://addons.mozilla.org/en-US/firefox/addon/display-_anchors/) (no deb, [source](https://github.com/Rob--W/display-anchors))
  * [Open in Browser](https://addons.mozilla.org/en-US/firefox/addon/open-in-browser/) (no deb, [source](https://github.com/Rob--W/open-in-browser)) - reopen the file in the
    browser instead of downloading
  * [Smart HTTPS](https://addons.mozilla.org/en-US/firefox/addon/smart-https-revived/) (no deb, [source](https://github.com/ilGur1132/Smart-HTTPS)) - some use [HTTPS
@@ -78,19 +73,6 @@ I am testing those and they might make it to the top list once I'm happy:
    "secure" URL...  HE does have a "Block all unencrypted requests"
    setting, but it does exactly that: it breaks plaintext sites
    completely. See [issue #7936](https://github.com/EFForg/https-everywhere/issues/7936) and [issue #16488](https://github.com/EFForg/https-everywhere/issues/16488) for details.
- * [Switch container](https://addons.mozilla.org/en-US/firefox/addon/switch-container/) (no deb, [source](https://gitlab.com/mjanetmars/switch-container)) - fixes *one* of the
-   issues with multi-account containers (ie. moving tab to another
-   container)
- * [tridactyl][] - to use the web browser without the mouse. was
-   [pulled from AMO][] for a policy violation, might return but in the
-   meantime, i'm trying out [vimium][], which has the major problem of
-   not entering the "edit mode" (where keybindings are not effective)
-   in text areas, or at least in etherpad. tridactyl has its own
-   annoyances though, like <kbd>C-f</kbd> being bound to "page
-   down". this can be disabled with `:unbind <C-f>`. also see the
-   [builtin Firefox shortcuts][] and the `pentadactyl` entry in the
-   XULocalypse section below. [Krabby](https://krabby.netlify.com/), another of those
-   implementations, has an [interesting list of alternatives](https://github.com/alexherbo2/krabby/blob/master/doc/alternatives.md).
  * [View Page Archive & Cache](https://addons.mozilla.org/en-US/firefox/addon/view-page-archive/) (no deb, [source](https://github.com/dessant/view-page-archive/)) - load page in
    one or many page archives. No "save" button unfortunately, but is
    good enough for my purposes. [The Archiver](https://addons.mozilla.org/en-US/firefox/addon/the-archiver/) (no deb,
@@ -105,6 +87,30 @@ I am testing those and they might make it to the top list once I'm happy:
 Those should probably not be packaged in Debian until they make it to
 the top list.
 
+## Might use again
+
+Those were in testing for a while, then installed, but then I got
+tired of them...
+
+ * Firefox [Multi-account containers][] (no deb, [source](https://github.com/mozilla/multi-account-containers/)) - kind of
+   useful, but also a bit strange: impossible to assign an existing
+   tab to a container, UI is very clikety (can't open a
+   container-specific tab from the keyboard), etc. need to click-hold
+   on the "+" tab button to choose container.
+ * [Switch container](https://addons.mozilla.org/en-US/firefox/addon/switch-container/) (no deb, [source](https://gitlab.com/mjanetmars/switch-container)) - fixes *one* of the
+   issues with multi-account containers (ie. moving tab to another
+   container)
+ * [tridactyl][] - to use the web browser without the mouse. was
+   [pulled from AMO][] for a policy violation, might return but in the
+   meantime, i'm trying out [vimium][], which has the major problem of
+   not entering the "edit mode" (where keybindings are not effective)
+   in text areas, or at least in etherpad. tridactyl has its own
+   annoyances though, like <kbd>C-f</kbd> being bound to "page
+   down". this can be disabled with `:unbind <C-f>`. also see the
+   [builtin Firefox shortcuts][] and the `pentadactyl` entry in the
+   XULocalypse section below. [Krabby](https://krabby.netlify.com/), another of those
+   implementations, has an [interesting list of alternatives](https://github.com/alexherbo2/krabby/blob/master/doc/alternatives.md).
+
 ## Previously used
 
 I once used those but eventually removed them for various

update marcos status
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 9d99d7f9..538c7d76 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -58,6 +58,7 @@ fail. Here's the inventory of drives.
 Currently in marcos:
 
  * `Samsung SSD 850 EVO 500GB`: 465GiB
+ * `Seagate HDD IronWolf 8TB ST8000VN004-2M21`: 7.3TiB
  * `Seagate HDD IronWolf 8TB ST8000VN0022-2EL112`: 7.3TiB
  * `Western Digital Green 3TB WDC_WD30EZRX-00D8PB0`: 2.7TiB (external
    "WD My Drive" backup drive)
@@ -95,6 +96,15 @@ Possible newegg order:
  * <https://www.newegg.ca/p/N82E16882203142?Item=9SIAH2M8651681>
  * https://www.staples.ca/products/805523-en-dymo-labelwriter-450-label-printer-1756692
 
+Update: seems like Intel is more popular there, maybe try one in the
+mix. We support NVMe anyways, so might as well get one of those:
+
+ * https://www.newegg.ca/intel-660p-series-1tb/p/N82E16820167462
+ * https://www.newegg.ca/western-digital-blue-sn550-nvme-1tb/p/N82E16820250135?Item=N82E16820250135
+ * review and pick one of those https://nairatips.com/best-nvme-ssd-enclosure/
+
+The [samsung is 70$+ more](https://www.newegg.ca/samsung-860-evo-series-1tb/p/N82E16820147678?Item=N82E16820147678) so maybe not worth it?
+
 ## BIOS config
 
 New machine BIOS configuration:
@@ -117,16 +127,13 @@ New machine BIOS configuration:
 
 ## Remaining transplant TODO
 
- 1. missing a SATA cable for the port #3, because provided cables have
-    an "elbow" that prevents them to be connected (and the bord
-    connectors are on the side instead of on top (!!).
-
  2. The external backup drive (sdc2) could be swapped into one of the
     hotswap bay.
 
- 3. need to setup RAID-1.
+ 3. need to setup RAID-1 on the SSDs
 
- 4. SSD drive floating in bay because of missing tray adapter.
+ 4. SSD drive floating in bay because of missing tray adapter. (to be
+    replaced by 2xNVMe drives)
 
  5. Missig serial port, required to switch to headless server (and
     remove the nvidia video card), although...
@@ -136,7 +143,18 @@ New machine BIOS configuration:
     output).
 
  6. HDD LEDs seem to light up (but not the SSD!) in the BIOS, but are
-    not lit when Linux is booted.
+    not lit when Linux is booted. tested [ledmon](https://github.com/intel/ledmon) but it seems to
+    have [issues with AMD devices](https://github.com/intel/ledmon/issues/65) and, surprise-suprise, i have a
+    AMD board! but i'm not sure that is related because the leds are
+    controlled by the Supermicro enclosure...
+
+## DONE
+
+ 1. missing a SATA cable for the port #3, because provided cables have
+    an "elbow" that prevents them to be connected (and the bord
+    connectors are on the side instead of on top (!!).
+
+ 2. RAID-1 on the HDDs
 
 # Possible phase out
 

completely moved to puppet
diff --git a/software/packages.yml b/software/packages.yml
index cb62a1c6..78a2a069 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -11,336 +11,4 @@
 #
 # ansible-playbook packages.yml --tags graphics
 #
-# to install only graphics-related packages
-#
-# the following tags are available right now:
-#
-# author
-# comms
-# desktop
-# developer
-# games
-# gis
-# graphics
-# ham
-# multimedia
-# sysadmin
-
----
-- name: install common packages
-  hosts: all
-
-  tasks:
-  - name: install authorship tools (incl. TeX)
-    # This is mostly TeX-related packages
-    tags: author
-    # replaced by profile::author
-
-  - name: install communication tools
-    tags: comms
-    # replaced by profile::comms
-
-  - name: install desktop packages
-    # Shitload of stuff that doesn't fit anywhere else.
-    tags: desktop
-    # profile::desktop
-
-  - name: install developer tools
-    tags: developer
-    #  Mostly VCS tools, emacs, emulation tools and emulators.
-    apt: name={{item}} state=installed
-    with_items:
-      - adb
-      - adequate
-      - apt-file
-      - apt-listbugs
-      - apt-show-versions
-      - apt-venv
-      - aptitude
-      - austin
-      - bats
-      - binwalk
-      - bzr
-      - build-essential
-      - cdbs
-      - cloc
-      - curl
-      - colordiff
-      - cvs
-      - dateutils
-      - debian-el
-      - debian-installer-9-netboot-amd64
-      - dgit
-      - dh-make
-      - dh-make-elpa
-      - syslinux-efi
-      - pxelinux
-      - devscripts
-      - dia
-      - docker.io
-      - dpkg-dev-el
-      - dstat
-      - dictionary-el
-      - elpa-anzu
-      - elpa-atomic-chrome
-      - elpa-company
-      - elpa-company-go
-      - elpa-elpy
-      - elpa-flycheck
-      - elpa-hl-todo
-      - elpa-ledger
-      - elpa-magit
-      - elpa-mailscripts
-      - elpa-markdown-mode
-      - elpa-py-autopep8
-      - elpa-rainbow-mode
-      - elpa-solarized-theme
-      - elpa-use-package
-      - elpa-web-mode
-      - elpa-which-key
-      - elpa-writegood-mode
-      - elpa-yaml-mode
-      - elpa-yasnippet
-      - exuberant-ctags
-      - emacs
-      - emacs-goodies-el
-      - emacs25
-      - emacs25-common-non-dfsg
-      - fabric
-      - fastboot
-      - flake8
-      - gdb
-      - gettext-el
-      - git
-      - git-annex
-      - git-buildpackage
-      - git-email
-      - git-extras
-      - git-mediawiki
-      - git-review
-      - git-svn
-      - github-backup
-      - gitlint
-      - glade
-      - gocode
-      - go-dep
-      - golang
-      - golang-mode
-      - golint
-      - graphviz
-      - haskell-mode
-      - help2man
-      - hub
-      - stylish-haskell
-      - icdiff
-      - ikiwiki
-      - ikiwiki-hosting-common
-      - info
-      - inotify-tools
-      - ipython
-      - ipython3
-      - jq
-      - kicad
-      - ldap-utils
-      - librarian-puppet
-      - libterm-readkey-perl
-      - libtext-bibtex-perl
-      - libsearch-xapian-perl
-      # for flamegraph
-      - libdevel-nytprof-perl
-      - linkchecker
-      - make-doc
-      - mercurial
-      - multitime
-      - myrepos
-      - ncdu
-      - npm
-      - num-utils
-      - org-mode
-      - org-mode-doc
-      - pastebinit
-      - perl-doc
-      - po4a
-      - puppet
-      - puppet-lint
-      - puppet-strings
-      - pv
-      - pypi2deb
-      - python
-      - python3
-      - python3-betamax
-      - python3-doc
-      - python-jedi
-      - python3-jedi
-      - python3-html2text
-      - python-pip
-      - python3-pip
-      - python-pytest
-      - python3-pytest
-      - python-seaborn
-      - python3-seaborn
-      - python-setuptools
-      - python3-setuptools-scm
-      - python-setuptools
-      - python3-setuptools-scm
-      - python-sphinx
-      - python3-sphinx
-      - python-sphinx-rtd-theme
-      - python3-sphinx-rtd-theme
-      - python-ttystatus
-      - python3-unidecode
-      - python-wheel
-      - python3-vcr
-      - qemu
-      - qemu-kvm
-      - quilt
-      - rename
-      - reprotest
-      - g10k
-      - ruby-rspec
-      - sbuild
-      - shellcheck
-      - sloccount
-      - sqlitebrowser
-      - subversion

(Diff truncated)
start converting this to a puppet recipe
diff --git a/software/packages.yml b/software/packages.yml
index a62f7728..cb62a1c6 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -34,175 +34,16 @@
   - name: install authorship tools (incl. TeX)
     # This is mostly TeX-related packages
     tags: author
-    apt: name={{item}} state=installed
-    with_items:
-      - auctex
-      - dict
-      - dict-bouvier
-      - dict-devil
-      - dict-elements
-      - dict-foldoc
-      - dict-freedict-eng-fra
-      - dict-freedict-eng-spa
-      - dict-freedict-fra-eng
-      - dict-freedict-spa-eng
-      - dict-gazetteer2k
-      - dict-gcide
-      - dict-jargon
-      - dict-moby-thesaurus
-      - dict-vera
-      - dict-wn
-      - dictd
-      - dictionary-el
-      - epubcheck
-      - elpa-writegood-mode
-      - gv
-      - libtext-multimarkdown-perl
-      - multitime
-      - pandoc
-      - sigil
-      - texlive-latex-base
-      - texlive-latex-recommended
-      - texlive-latex-extra
-      - texlive-luatex
+    # replaced by profile::author
 
   - name: install communication tools
     tags: comms
-    #  Mostly consists of mail and IRC stuff (irssi, mutt, thunderbird, offlineimap).
-    apt: name={{item}} state=installed
-    with_items:
-      - bsd-mailx
-      - irssi-plugin-otr
-      - irssi-plugin-xmpp
-      - irssi-scripts
-      - mutt
-      - neomutt
-      - nullmailer
-      - syncmaildir
+    # replaced by profile::comms
 
   - name: install desktop packages
     # Shitload of stuff that doesn't fit anywhere else.
     tags: desktop
-    apt: name={{item}} state=installed
-    with_items:
-      - afuse
-      - anki
-      - apksigner
-      - arandr
-      - aspell-fr
-      - calibre
-      - chromium
-      - diceware
-      - electrum
-      - emacs
-      - exiftool
-      - feed2exec
-      - feh
-      - fim
-      - finger
-      - firefox-esr
-      - fonts-roboto
-      - fonts-firacode
-      - fortunes
-      - gajim
-      - gameclock
-      - git-annex
-      - git-annex-remote-rclone
-      - git-lfs
-      - git-mediawiki
-      - gobby
-      - gnutls-bin
-      - gucharmap
-      - hledger
-      - i3
-      - jmtpfs
-      - khal
-      - khard
-      - kstars
-      - ledger
-      - ledger-el
-      - less
-      - libnotify-bin
-      - libu2f-host0
-      - localepurge
-      - locales
-      - mlocate
-      - maim
-      - monkeysign
-      - monkeysphere
-      - mpd
-      - mumble
-      - mutt
-      - muttprint
-      - ncdu
-      - needrestart
-      - needrestart-session
-      - network-manager-iodine-gnome
-      - network-manager-openvpn-gnome
-      - notmuch
-      - notmuch-emacs
-      - oathtool
-      - offlineimap
-      - onionshare
-      - openjdk-8-jdk-headless
-      - openntpd
-      - parcimonie
-      - pavucontrol
-      - pass
-      - pass-extension-otp
-      - pcscd
-      - picard
-      - pidgin
-      - pinpoint
-      - pmount
-      - pinentry-qt
-      - python-certifi
-      - python3-notmuch
-      - qalculate
-      - qalculate-gtk
-      - ranger
-      - redshift-gtk
-      - rofi
-      - rxvt-unicode
-      - scdaemon
-      - slop
-      - sm
-      - surfraw
-      - sxiv
-      - taffybar
-      - thunar
-      - torbrowser-launcher
-      - transmission-qt
-      - trayer
-      - tty-clock
-      - unattended-upgrades
-      - unicode
-      - vdirsyncer
-      - verbiste
-      - verbiste-gnome
-      - workrave
-      - wotsap
-      - xkbset
-      - xprintidle
-      - xkcdpass
-      - xmobar
-      - xsel
-      - libghc-xmonad-dev
-      - libghc-xmonad-contrib-dev
-      - libghc-xmonad-extras-dev
-      - libghc-taffybar-dev
-      - xmonad
-      - xplanet
-      - xscreensaver
-      - xscreensaver-screensaver-bsod
-      - xterm
-      - webext-browserpass
-      - webext-ublock-origin
-      - webext-umatrix
-      - xournal
-      - yubikey-personalization
-      - yubikey-manager
-      - zotero-standalone
+    # profile::desktop
 
   - name: install developer tools
     tags: developer
@@ -390,21 +231,8 @@
 
   - name: install graphics packages
     # My graphic design tools. Not much, since I don't do much of that.
-    apt: name={{item}} state=installed
     tags: graphics
-    with_items:
-      - colorhug-client
-      - darktable
-      - dia
-      - dispcalgui
-      - feh
-      - geeqie
-      - gimp
-      - inkscape
-      - rapid-photo-downloader
-      - sane

(Diff truncated)
another nice debian font
diff --git a/blog/2020-03-10-font-changes.mdwn b/blog/2020-03-10-font-changes.mdwn
index 7cdc4afc..386ac46c 100644
--- a/blog/2020-03-10-font-changes.mdwn
+++ b/blog/2020-03-10-font-changes.mdwn
@@ -30,6 +30,8 @@ alternatives. I found the following packages in debian:
  * [fonts-hack](https://tracker.debian.org/fonts-hack): no ligatures
  * [fonts-hermit](https://tracker.debian.org/fonts-hermit): no ligatures, smaller
  * [fonts-monoid](https://tracker.debian.org/fonts-monoid): ligatures, feels much "thinner" than jetbrains
+ * [fonts-mononoki](https://tracker.debian.org/fonts-mononoki): no ligatures, looks good, suggested by the
+   fonts team as part of [fonts-recommended](https://tracker.debian.org/fonts-recommended)
 
 Those are also "programmer fonts" that caught my interest but somehow
 didn't land in Debian yet:

noter un oubli et une mise à jour sur le blockchain
diff --git a/blog/2019-12-12-blockchain-biometrie.mdwn b/blog/2019-12-12-blockchain-biometrie.mdwn
index e946612a..84b301f8 100644
--- a/blog/2019-12-12-blockchain-biometrie.mdwn
+++ b/blog/2019-12-12-blockchain-biometrie.mdwn
@@ -102,8 +102,11 @@ vie privée.
 > > 
 > > Merci.
 
-Mise à jour: il semblerait que la journaliste ait en effet reçu mon
-message et répondu, mais n'a pas effectué de correction. Voir [cette
-discussion sur Twitter](https://twitter.com/MyleneCrete/status/1205531144135020544).
+Mise à jour, 2020-06-17: il semblerait que la journaliste ait en effet
+reçu mon message et répondu, mais n'a pas effectué de correction. Voir
+[cette discussion sur Twitter](https://twitter.com/MyleneCrete/status/1205531144135020544). J'avais oublié de noter ce fait
+ici. Noter aussi que je n'ai pas eu de suivi du conseil de la presse
+mais que cette idée parfaitement ridicule [est de retour](https://www.journaldemontreal.com/2020/06/17/des-milliards-de-dollars-pour-un-projet-unique) avec des
+budgets de milliards de dollars, en plein pandémie.
 
 [[!tag politique québec légal réflexion blockchain biométrie vie_privée]]

noter la discussion twitter
diff --git a/blog/2019-12-12-blockchain-biometrie.mdwn b/blog/2019-12-12-blockchain-biometrie.mdwn
index 350e3c6b..e946612a 100644
--- a/blog/2019-12-12-blockchain-biometrie.mdwn
+++ b/blog/2019-12-12-blockchain-biometrie.mdwn
@@ -102,4 +102,8 @@ vie privée.
 > > 
 > > Merci.
 
+Mise à jour: il semblerait que la journaliste ait en effet reçu mon
+message et répondu, mais n'a pas effectué de correction. Voir [cette
+discussion sur Twitter](https://twitter.com/MyleneCrete/status/1205531144135020544).
+
 [[!tag politique québec légal réflexion blockchain biométrie vie_privée]]

update wikilink and toc status: implemented
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 943ae219..80f983a8 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -201,23 +201,34 @@ done to see how other engines handle this and how it compares to the
 
 The peculiarities of wikilinks in ikiwiki:
 
- * case-insensitiven (e.g. `\[[OtherPage]]` and `\[[otherpage]]` both
-   work)
- * subpage lookups (e.g. `\[[otherpage]]` in `foo/subpage` will
-   look for `foo/subpage/otherpage`, `foo/otherpage`,
-   `otherpage`, in order; `\[[foo/subpage]]` will find
-   `/foo/subpage` from `bar`, instead of the expected
-   `bar/foo/subpage` in HTML)
- * absolute lookups (prefixed with `/`, e.g. `\[[/about]]` links to
-   `https://example.com/foo/about` if the wiki is in
-   `example.com/foo`, and *not* `https://example.com/about` as HTML
-   normally would - probably relevant only for wikis in subdirectories)
- * userdir lookups (`\[[anarcat]]` links to `\[[users/anarcat]]` if
-   userdir is set to `users`)
- * backslash escapes (`\\[[WikiLink]]` is not a link)
- * anchor lookups (`\[[WikiLink#foo]]`)
- * there might be other rules like underscore (`_`) mapping to spaces
-   and other funky escape mechanisms
+  1. case-insensitiven (e.g. `\[[OtherPage]]` and `\[[otherpage]]` both
+     work) - implemented
+
+  2. subpage lookups (e.g. `\[[otherpage]]` in `foo/subpage` will
+     look for `foo/subpage/otherpage`, `foo/otherpage`,
+     `otherpage`, in order; `\[[foo/subpage]]` will find
+     `/foo/subpage` from `bar`, instead of the expected
+     `bar/foo/subpage` in HTML) - implemented
+
+  3. absolute lookups (prefixed with `/`, e.g. `\[[/about]]` links
+     to `https://example.com/foo/about` if the wiki is in
+     `example.com/foo`, and *not* `https://example.com/about` as
+     HTML normally would - probably relevant only for wikis in
+     subdirectories) - NOT IMPLEMENTED
+
+  4. userdir lookups (`\[[anarcat]]` links to `\[[users/anarcat]]` if
+     userdir is set to `users`) in some contexts (namely comments,
+     recentchanges, but not normal content) - NOT IMPLEMENTED
+
+  5. backslash escapes (`\\[[WikiLink]]` is not a link) -
+     implemented by the caller (in LINK_RE)
+
+  6. anchor lookups (`\[[WikiLink#foo]]`) - implemented by the
+     caller (in LINK_RE)
+
+  7. there might be other rules like underscore (`_`) mapping to
+     spaces and other funky escape mechanisms - NOT IMPLEMENTED,
+     look at IkiWiki::titlepage for those
 
 Tasks
 =====
@@ -229,10 +240,13 @@ the gist of it is we need to implement:
    bundles](https://gohugo.io/content-management/page-bundles/) and [content organization](https://gohugo.io/content-management/organization/))
  * `\[[link]]` and `\[[link|parser]]`, hard because we need to figure
    out pagespec? maybe [links and crossferences](https://gohugo.io/content-management/cross-references/) could save us, or
-   maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls)
+   maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls) - implemented some of that logic in
+   the parser
  * incidentally, backslashed stuff like the above link stuff for example
  * table of contents could be a problem: Hugo only has [support
-   through templates](https://gohugo.io/content-management/toc/#usage), not markup (or maybe shortcode would work?)
+   through templates](https://gohugo.io/content-management/toc/#usage), not markup (or maybe shortcode would
+   work?) - implemented a directive parser that converts to GitLab's
+   `\[[__TOC__]]` which might be reused)
  * img directives (maybe [this works](https://gohugo.io/content-management/image-processing/)
  * format (shortcodes? or [syntax hilighting](https://gohugo.io/content-management/syntax-highlighting/))
  * shortcodes ([dokuwiki converter](https://github.com/wgroeneveld/dokuwiki-to-hugo) also suggests using shortcodes for interwiki)

new package entered unstable!
diff --git a/software/packages.yml b/software/packages.yml
index c8beb4f4..a62f7728 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -241,6 +241,7 @@
       - dstat
       - dictionary-el
       - elpa-anzu
+      - elpa-atomic-chrome
       - elpa-company
       - elpa-company-go
       - elpa-elpy

a quote from hendrix
This one is tricky. Technically, it's a derivation of an existing
quote, possibly from Ghandi:
> The day the power of love overrules the love of power, the world
> will know peace.
https://www.goodreads.com/quotes/248476-the-day-the-power-of-love-overrules-the-love-of
But wikipedia attributes to Sri Chinmoy a similar quote:
> The heart's Power Of Love must replace the mind's Love Of Power. If
> I have the Power Of Love, then I shall claim the whole World as my
> own … World Peace can be achieved when the Power Of Love replaces
> the Love Of Power.
https://en.wikiquote.org/wiki/Sri_Chinmoy
.. but that's from 1993, years after Hendrix. The original quote from
his 1970 book is actually:
> When the power of love replaces the love of power, man will have a
> new name: God.
... which is a *very* different thing.
But maybe the first source is Gladstone:
> We look forward to the time when the Power of Love will replace the
> Love of Power. Then will our world know the blessings of peace.
... which wikipedia marks as disputed:
https://en.wikiquote.org/wiki/William_Ewart_Gladstone#Disputed
It *is*, however, predating Jimi Hendrix (almost his birth, even) by
quite a few years.
I do prefer Hendrix's wording so I'm using that. And black lives
matter so fuck that white guy, whoever that is.
diff --git a/fortunes.txt b/fortunes.txt
index c169a3c2..6a8e6592 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1120,3 +1120,6 @@ If you want to go fast, go alone. If you want to go far, go together.
 Programming is a social activity in which communication is a vital
 skill. The code you leave behind speaks.
                         - Kate Gregory
+%
+When the power of love overcomes love of power the world will know peace.
+                        - Jimi Hendrix

Added a comment: Mandos
diff --git a/blog/2020-06-10-gnutls-audit/comment_1_e5b0a919ab63d55b0479e4b5ceabb6bc._comment b/blog/2020-06-10-gnutls-audit/comment_1_e5b0a919ab63d55b0479e4b5ceabb6bc._comment
new file mode 100644
index 00000000..bbc41394
--- /dev/null
+++ b/blog/2020-06-10-gnutls-audit/comment_1_e5b0a919ab63d55b0479e4b5ceabb6bc._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="teddy@322dd771f447963677b44de7dd32d0ed5690ce0e"
+ nickname="teddy"
+ avatar="https://seccdn.libravatar.org/avatar/989f6e31dc9c4027c83bfc89b4ac379b"
+ subject="Mandos"
+ date="2020-06-11T18:51:25Z"
+ content="""
+Mandos co-author here.  You are correct about Mandos; only OpenPGP encrypted data is sent over the TLS connection.  Also, Mandos *does* use TLS1.3, so only active connections could ever have been intercepted and decrypted.
+
+If one would suspect that this *actually* has been done, what one should do on each Mandos client is change the OpenPGP key, generate a new encrypted blob for the Mandos server configuration, using the same password for the encrypted disk; the password can not have been compromised unless the OpenPGP secret key from the client also was compromised.  (Of course, changing the encrypted disk password is also an option, but that would also mean generating a new encrypted blob for the Mandos server configuration, which would mean more work than the other option.)
+
+Regarding your comment about Heartbleed; I agree; in using GnuTLS, we have been able to avoid being affected by most of the TLS vulnerabilities in recent years.  Also, we do not know of any other TLS library which provides either OpenPGP keys as session keys (RFC 6091), or raw public keys (RFC 7250).  We prefer to avoid X.509 certificates, so we need either one; GnuTLS recently switched from the former to the latter.
+"""]]

fix wording
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index 5a2a5b57..80d97e89 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -161,7 +161,8 @@ the above with a grain of salt.
 
 The [full patch is available here](https://gitlab.com/gnutls/gnutls/-/merge_requests/1275.patch). See also the [upstream issue
 1011](https://gitlab.com/gnutls/gnutls/-/issues/1011), the [upstream advisory](https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03), the [Debian security
-tracker](https://security-tracker.debian.org/tracker/CVE-2020-13777), and the [Redhat's Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1843723).
+tracker](https://security-tracker.debian.org/tracker/CVE-2020-13777),
+and the [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1843723).
 
 # Moving forward
 

fix broken link
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index 224d8f31..5a2a5b57 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -177,13 +177,15 @@ Looking ahead, however, one has to wonder whether we should follow
 [@FiloSottile][]'s advice and stop using GnuTLS altogether. There are
 at least a few programs that link against GnuTLS because of the
 [OpenSSL licensing oddities][] but that has been first announced in
-2015, then [definitely and clearly resolved in 2017][] -- or [maybe
+2015, then [definitely and clearly resolved in 2017][openssl-license-update] -- or [maybe
 that was in 2018](https://opensource.com/article/19/2/top-foss-legal-developments)? Anyways it's fixed, pinky-promise-I-swear,
 except if you're one of those weirdos still using GPL-2, of
 course. Even though OpenSSL isn't the simplest and secure TLS
 implementation out there, it could preferable to GnuTLS and maybe we
 should consider changing Debian packages to use it in the future.
 
+[openssl-license-update]: https://www.openssl.org/blog/blog/2017/03/22/license/
+
 But then again, the last time something like this happened, it was
 [Heartbleed][] and GnuTLS wasn't affected, so who knows... It is
 likely that people don't have OpenSSL in mind when they suggest moving
@@ -194,7 +196,6 @@ away from GnuTLS and instead think of other TLS libraries like
 "This is fine", as they say...
 
 [Heartbleed]: https://en.wikipedia.org/wiki/Heartbleed
-[mostly resolved in 2017]: https://www.openssl.org/blog/blog/2017/03/22/license/
 [OpenSSL licensing oddities]: https://en.wikipedia.org/wiki/OpenSSL#Licensing
 
 [[!tag debian-planet security crypto sysadmin]]

clarify: openssl licensing situation is far from solved
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index 4622c123..224d8f31 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -176,8 +176,11 @@ It promises to be a fun week for some people at least.
 Looking ahead, however, one has to wonder whether we should follow
 [@FiloSottile][]'s advice and stop using GnuTLS altogether. There are
 at least a few programs that link against GnuTLS because of the
-[OpenSSL licensing oddities][] but that has been [mostly resolved in
-2017][]. Even though OpenSSL isn't the simplest and secure TLS
+[OpenSSL licensing oddities][] but that has been first announced in
+2015, then [definitely and clearly resolved in 2017][] -- or [maybe
+that was in 2018](https://opensource.com/article/19/2/top-foss-legal-developments)? Anyways it's fixed, pinky-promise-I-swear,
+except if you're one of those weirdos still using GPL-2, of
+course. Even though OpenSSL isn't the simplest and secure TLS
 implementation out there, it could preferable to GnuTLS and maybe we
 should consider changing Debian packages to use it in the future.
 

do not use "safe", it is ambiguous
mutt is not necessarily entirely "safe" just because it doesn't suffer
from this bug...
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index b61021e0..4622c123 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -96,7 +96,7 @@ against GnuTLS and could be vulnerable:
 
 # Not affected
 
-Those programs are known to be safe against the vulnerability:
+Those programs are not affected by this vulnerability:
 
  * `apache2`
  * `gnupg`
@@ -125,7 +125,7 @@ TLS.
 Keep in mind that it's not because a package links against GnuTLS that
 it *uses* it. For example, I have been told that, on Arch Linux, if
 both GnuTLS and OpenSSL are available, the `mutt` package will use the
-latter, so it's safe. I haven't confirmed that myself nor have I
+latter, so it's not affected. I haven't confirmed that myself nor have I
 checked on Debian.
 
 Also, because it relies on session tickets, there's a time window

move toc
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index 6e60b90e..b61021e0 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -1,7 +1,5 @@
 [[!meta title="CVE-2020-13777 GnuTLS audit: be scared"]]
 
-[[!toc]]
-
 So [CVE-2020-13777][] came out while I wasn't looking last week. The
 GnuTLS advisory ([GNUTLS-SA-2020-06-03][]) is pretty opaque so I'll
 refer instead to [this tweet][] from [@FiloSottile][] (Go team
@@ -33,6 +31,8 @@ roof right now, so this article is not about that.
 This article is about figuring out what, exactly, was exposed in our
 infrastructure because of this.
 
+[[!toc]]
+
 # Affected packages
 
 Assuming you're running Debian, this will show a list of packages that

add toc
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index 7671d391..6e60b90e 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -1,5 +1,7 @@
 [[!meta title="CVE-2020-13777 GnuTLS audit: be scared"]]
 
+[[!toc]]
+
 So [CVE-2020-13777][] came out while I wasn't looking last week. The
 GnuTLS advisory ([GNUTLS-SA-2020-06-03][]) is pretty opaque so I'll
 refer instead to [this tweet][] from [@FiloSottile][] (Go team

new article about gnutls vuln
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
new file mode 100644
index 00000000..7671d391
--- /dev/null
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -0,0 +1,195 @@
+[[!meta title="CVE-2020-13777 GnuTLS audit: be scared"]]
+
+So [CVE-2020-13777][] came out while I wasn't looking last week. The
+GnuTLS advisory ([GNUTLS-SA-2020-06-03][]) is pretty opaque so I'll
+refer instead to [this tweet][] from [@FiloSottile][] (Go team
+security lead):
+
+> PSA: don't rely on GnuTLS, please.
+>
+> [CVE-2020-13777] Whoops, for the past 10 releases most TLS 1.0–1.2
+> connection could be passively decrypted and most TLS 1.3 connections
+> intercepted. Trivially.
+>
+> Also, [TLS 1.2–1.0 session tickets are awful][].
+
+[TLS 1.2–1.0 session tickets are awful]: https://blog.filippo.io/we-need-to-talk-about-session-tickets/
+[@FiloSottile]: https://twitter.com/FiloSottile
+[this tweet]: https://twitter.com/FiloSottile/status/1270061316368224256
+[GNUTLS-SA-2020-06-03]: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
+[CVE-2020-13777]: https://nvd.nist.gov/vuln/detail/CVE-2020-13777
+
+You are reading this correctly: supposedly encrypted TLS connections
+made with affected GnuTLS releases are vulnerable to *passive*
+cleartext recovery attack (and active for 1.3, but who uses that
+anyways). That is extremely bad. It's pretty close to just switching
+everyone to HTTP instead of HTTPS, more or less. I would have a lot
+more to say about the security of GnuTLS in particular -- and security
+in general -- but I am mostly concerned about patching holes in the
+roof right now, so this article is not about that.
+
+This article is about figuring out what, exactly, was exposed in our
+infrastructure because of this.
+
+# Affected packages
+
+Assuming you're running Debian, this will show a list of packages that
+`Depends` on GnuTLS:
+
+    apt-cache --installed rdepends libgnutls30 | grep '^ ' | sort -u
+
+This assumes you run this only on hosts running Buster or
+above. Otherwise you'll need to figure out a way to pick machines
+running GnuTLS 3.6.4 or later.
+
+Note that this list only *first level* dependencies! It is perfectly
+possible that another package uses GnuTLS without being listed
+here. For example, in the above list I have `libcurl3-gnutls`, so the
+be really thorough, I would actually need to recurse down the
+dependency tree.
+
+On my desktop, this shows an "interesting" list of targets:
+
+ * `apt`
+ * `cadaver` - AKA WebDAV
+ * `curl` & `wget`
+ * `fwupd` - another attack on top of [this one][]
+ * `git` (through the `libcurl3-gnutls` dependency)
+ * `mutt` - all your emails
+ * `weechat` - your precious private chats
+
+Arguably, fetchers like `apt`, `curl`, `fwupd`, and `wget` rely on HTTPS for
+"authentication" more than secrecy, although `apt` has its own
+OpenPGP-based authentication so that wouldn't matter anyways. Still,
+this is truly distressing. And I haven't mentioned here things like
+`gobby`, `network-manager`, `systemd`, and others - the scope of this is
+broad. Hell, even good old `lynx` links against GnuTLS.
+
+[this one]: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
+
+In our infrastructure, the magic command looks something like this:
+
+    cumin -o txt -p 0  'F:lsbdistcodename=buster' "apt-cache --installed rdepends libgnutls30 | grep '^ ' | sort -u" | tee gnutls-rdepds-per-host | awk '{print $NF}' | sort | uniq -c | sort -n
+
+There, the result is even more worrisome, as those important packages seem to rely on GnuTLS for their transport security:
+
+ * `mariadb` - all MySQL traffic and passwords
+ * `mandos` - full disk encryption
+ * `slapd` - LDAP passwords
+
+`mandos` is especially distressing although it's probably not
+vulnerable because it seems it doesn't store the cleartext -- it's
+encrypted with the client's OpenPGP public key -- so the TLS tunnel
+never sees the cleartext either.
+
+[Other reports][] have also mentioned the following servers link
+against GnuTLS and could be vulnerable:
+
+[Other reports]: https://twitter.com/jedisct1/status/1270078914996682753
+
+ * `exim`
+ * `rsyslog`
+ * `samba`
+ * various `VNC` implementations
+
+# Not affected
+
+Those programs are known to be safe against the vulnerability:
+
+ * `apache2`
+ * `gnupg`
+ * `python`
+ * `nginx`
+ * `openssh`
+
+This list is not exhaustive, naturally, but serves as an example of
+common software you don't need to worry about.
+
+The vulnerability only exists in GnuTLS, as far as we know, so
+programs linking against other libraries are not vulnerable.
+
+Because the vulnerability affects session tickets -- and those are set
+on the server side of the TLS connection -- only users of GnuTLS as a
+server are vulnerable. This means, for example, that while `weechat`
+uses GnuTLS, it will only suffer from the problem when acting as a
+server (which it does, in relay mode) or, of course, if the remote IRC
+server also uses GnuTLS. Same with apt, curl, wget, or git: it is
+unlikely to be a problem because it is only used as a client; the
+remote server is usually a webserver -- not git itself -- when using
+TLS.
+
+# Caveats
+
+Keep in mind that it's not because a package links against GnuTLS that
+it *uses* it. For example, I have been told that, on Arch Linux, if
+both GnuTLS and OpenSSL are available, the `mutt` package will use the
+latter, so it's safe. I haven't confirmed that myself nor have I
+checked on Debian.
+
+Also, because it relies on session tickets, there's a time window
+after which the ticket gets cycled and properly initialized. But that
+is [apparently 6 hours by default](https://twitter.com/__agwa/status/1270054740559384576) so it is going to protect only
+really long-lasting TLS sessions, which are uncommon, I would argue.
+
+My audit is limited. For example, it might have been better to walk
+the shared library dependencies directly, instead of relying on Debian
+package dependencies.
+
+# Other technical details
+
+It seems the vulnerability might have been introduced in [this merge
+request](https://gitlab.com/gnutls/gnutls/-/merge_requests/695), itself following a (entirely reasonable) [feature request
+to make it easier to rotate session tickets](https://gitlab.com/gnutls/gnutls/-/issues/184). The merge request was
+open for a few months and was thoroughly reviewed by a peer before
+being merged. Interestingly, the vulnerable function
+(`_gnutls_initialize_session_ticket_key_rotation`), explicitly says:
+
+     * This function will not enable session ticket keys on the server side. That is done
+     * with the gnutls_session_ticket_enable_server() function. This function just initializes
+     * the internal state to support periodical rotation of the session ticket encryption key.
+
+In other words, it thinks it is not responsible for session ticket
+initialization, yet it is. Indeed, the [merge request fixing the
+problem](https://gitlab.com/gnutls/gnutls/-/merge_requests/1275/) unconditionally does this:
+
+    memcpy(session->key.initial_stek, key->data, key->size);
+
+I haven't reviewed the code and the vulnerability in detail, so take
+the above with a grain of salt.
+
+The [full patch is available here](https://gitlab.com/gnutls/gnutls/-/merge_requests/1275.patch). See also the [upstream issue
+1011](https://gitlab.com/gnutls/gnutls/-/issues/1011), the [upstream advisory](https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03), the [Debian security
+tracker](https://security-tracker.debian.org/tracker/CVE-2020-13777), and the [Redhat's Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1843723).
+
+# Moving forward
+
+The impact of this vulnerability depends on the affected packages and
+how they are used. It can range from "meh, someone knows I downloaded
+that Debian package yesterday" to "holy crap my full disk encryption
+passwords are compromised, I need to re-encrypt all my drives",
+including "I need to change all LDAP and MySQL passwords".
+
+It promises to be a fun week for some people at least.
+
+Looking ahead, however, one has to wonder whether we should follow
+[@FiloSottile][]'s advice and stop using GnuTLS altogether. There are
+at least a few programs that link against GnuTLS because of the
+[OpenSSL licensing oddities][] but that has been [mostly resolved in
+2017][]. Even though OpenSSL isn't the simplest and secure TLS
+implementation out there, it could preferable to GnuTLS and maybe we
+should consider changing Debian packages to use it in the future.
+
+But then again, the last time something like this happened, it was
+[Heartbleed][] and GnuTLS wasn't affected, so who knows... It is
+likely that people don't have OpenSSL in mind when they suggest moving
+away from GnuTLS and instead think of other TLS libraries like
+[mbedtls](https://tls.mbed.org/) (previously known as PolarSSL), [NSS](https://en.wikipedia.org/wiki/Network_Security_Services), [BoringSSL](https://boringssl.googlesource.com/boringssl/),
+[LibreSSL](https://www.libressl.org/) and so on. Not that those are totally sinless either...
+
+"This is fine", as they say...
+
+[Heartbleed]: https://en.wikipedia.org/wiki/Heartbleed
+[mostly resolved in 2017]: https://www.openssl.org/blog/blog/2017/03/22/license/
+[OpenSSL licensing oddities]: https://en.wikipedia.org/wiki/OpenSSL#Licensing
+

(Diff truncated)
make it more obvious you don't need to recreate the dashboard
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index 21c58fc1..93c46f57 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -98,8 +98,8 @@ missing something. Here's what I did.
     samples. `nexthop.anarc.at` was added into DNS to avoid hardcoding
     my upstream ISP's IP in my configuration.
 
- 4. create a Grafana panel to graph the results. first, add this
-    query:
+ 4. use this [Grafana panel](https://grafana.com/grafana/dashboards/12412) to graph the results. It was created
+    with this query:
     
         sum(probe_icmp_duration_seconds{phase="rtt"}) by (instance)
     
@@ -109,7 +109,7 @@ missing something. Here's what I did.
     * Show the `Legend` `As table`, with `Min`, `Avg`, `Max` and
       `Current` enabled
 
-    Then add this query, for packet loss:
+    Then this query, for packet loss:
     
         1-avg_over_time(probe_success[$__interval])!=0 or null
 
@@ -131,10 +131,8 @@ The result looks something like this:
 <figcaption>Not bad, but not Smokeping</figcaption>
 </figure>
 
-This actually looks pretty good!
-
-I've uploaded the resulting dashboard in the [Grafana dashboard
-repository](https://grafana.com/grafana/dashboards/12412).
+This actually looks pretty good! The resulting dashboard is available
+in the [Grafana dashboard repository](https://grafana.com/grafana/dashboards/12412).
 
 What is missing?
 ================

another typo
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index 7becc3ef..21c58fc1 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -115,7 +115,7 @@ missing something. Here's what I did.
 
     * Set the `Legend` field to `{{instance}} packet loss`
     * Set a `Add series override` to `Lines: false`, `Null point mode:
-      null`, `Points: true`, `Points Radios: 1`, `Color: deep red`,
+      null`, `Points: true`, `Points Radius: 1`, `Color: deep red`,
       and, most importantly, `Y-axis: 2`
     * Set the `Right Y` axis `Unit` to `percent (0.0-1.0)` and set
       `Y-max` to 1

another archive tool
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index b4ff61ce..9bb17c9f 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -93,7 +93,9 @@ I am testing those and they might make it to the top list once I'm happy:
    implementations, has an [interesting list of alternatives](https://github.com/alexherbo2/krabby/blob/master/doc/alternatives.md).
  * [View Page Archive & Cache](https://addons.mozilla.org/en-US/firefox/addon/view-page-archive/) (no deb, [source](https://github.com/dessant/view-page-archive/)) - load page in
    one or many page archives. No "save" button unfortunately, but is
-   good enough for my purposes.
+   good enough for my purposes. [The Archiver](https://addons.mozilla.org/en-US/firefox/addon/the-archiver/) (no deb,
+   [source](https://www.cathalmcnally.com/tools/the-archiver/)) is another option that does the reverse: save only, no
+   view.
 
 [tridactyl]: https://github.com/tridactyl/tridactyl
 [builtin Firefox shortcuts]: https://support.mozilla.org/en-US/kb/keyboard-shortcuts-perform-firefox-tasks-quickly

fix headings in old articles
Some were starting directly from level 2. I thought I had fixed those,
but it seems I had only looked for '----' styled headers, not '##'.
diff --git a/blog/2007-05-30-la-resolution-et-les-laptops.mdwn b/blog/2007-05-30-la-resolution-et-les-laptops.mdwn
index facf133a..789a40f8 100644
--- a/blog/2007-05-30-la-resolution-et-les-laptops.mdwn
+++ b/blog/2007-05-30-la-resolution-et-les-laptops.mdwn
@@ -8,39 +8,39 @@ Argh... compliqué la vie avec [Xorg](http://www.x.org/). Après avoir vu [Mathi
 
  time seq -f "the quick brown fox jumps over the lazy dog %g"    10000
 
-= Voici les résultats =
+# Voici les résultats
 
-== 75dpi  ==
+## 75dpi
 
- real    0m0.908s
- user    0m0.024s
- sys     0m0.040s
+    real    0m0.908s
+    user    0m0.024s
+    sys     0m0.040s
 
-== 85dpi ==
+## 85dpi
 
- real    0m3.302s
- user    0m0.184s
- sys     0m0.104s
+    real    0m3.302s
+    user    0m0.184s
+    sys     0m0.104s
 
-== 96dpi ==
+## 96dpi
 
- real    0m6.195s
- user    0m0.212s
- sys     0m0.276s
+    real    0m6.195s
+    user    0m0.212s
+    sys     0m0.276s
 
-== 24bpp, 75dpi ==
+## 24bpp, 75dpi
 
- real    0m0.709s
- user    0m0.028s
- sys     0m0.036s
+    real    0m0.709s
+    user    0m0.028s
+    sys     0m0.036s
 
-== 24bpp, 96dpi ==
+## 24bpp, 96dpi
 
- real    0m8.125s
- user    0m0.204s
- sys     0m0.204s
+    real    0m8.125s
+    user    0m0.204s
+    sys     0m0.204s
 
-= Conclusion =
+# Conclusion
 
 On remarque donc que le 96dpi est beaucoup plus lent, d'un ordre de 8x. J'ai donc configuré GDM pour lancer X avec cette configuration:
 
@@ -54,7 +54,7 @@ On remarque donc que le 96dpi est beaucoup plus lent, d'un ordre de 8x. J'ai don
 
 Tout ceci est un bordel impossible. Je ne devrais pas avoir à m'occupper de ces choses là et X devrait fournir une interface transparente pour la résolution et les fontes. Peut-être que c'est déjà le cas et que ce sont les applications qui sont cassées, je n'en sait rien...
 
-= Update =
+# Update
 
 En fait, la "bonne façon" de régler la résolution, c'est avec le paramètre DisplaySize dans le xorg.conf:
 
@@ -72,4 +72,4 @@ Il me donne alors une résolution pas carrée:
 
 C'est évidemment n'importe quoi, mais ça marche
 
-[[!tag "logiciel libre" "geek"]]
\ No newline at end of file
+[[!tag "logiciel libre" "geek"]]
diff --git a/blog/2008-02-09-coupures-reseau-majeures-en-orient-un-complot.mdwn b/blog/2008-02-09-coupures-reseau-majeures-en-orient-un-complot.mdwn
index 5b86a85b..6a1e8823 100644
--- a/blog/2008-02-09-coupures-reseau-majeures-en-orient-un-complot.mdwn
+++ b/blog/2008-02-09-coupures-reseau-majeures-en-orient-un-complot.mdwn
@@ -22,7 +22,7 @@ Le 31 janvier, Telecom Egypt faisait [l'annonce](http://www.tmcnet.com/usubmit/2
 
 Parfois, il y a des coïncidences qui sont seulement des coïncidences...
 
-== Références ==
+# Références
 
 En plus de tous les liens inclus dans le texte, voir aussi ces excellentes ressources:
 
@@ -31,4 +31,4 @@ En plus de tous les liens inclus dans le texte, voir aussi ces excellentes resso
 * [Une autre excellente carte](http://www.telegeography.com/products/map_cable/index.php)
 * [Cette photo](http://www.wired.com/culture/art/multimedia/2008/01/gallery_simon?slide=10) sur wired.com donne une idée de la vulnérabilité de ce matériel en général
 
-[[!tag "politique" "nouvelles" "monde" "geek"]]
\ No newline at end of file
+[[!tag "politique" "nouvelles" "monde" "geek"]]
diff --git a/blog/2008-02-16-des-exemples-des-negociations-de-couloirs.mdwn b/blog/2008-02-16-des-exemples-des-negociations-de-couloirs.mdwn
index 6831b4ed..6c6cea82 100644
--- a/blog/2008-02-16-des-exemples-des-negociations-de-couloirs.mdwn
+++ b/blog/2008-02-16-des-exemples-des-negociations-de-couloirs.mdwn
@@ -6,7 +6,7 @@
 
 Dans mon article précédent, j'ai présenté comment les compagnies et le gouvernement marchent main dans la main pour nous exploiter et nous massacrer... Quelques exemples de l'actualité.
 <!--break-->
-== La forêt ==
+# La forêt
 
 [Le "livre vert"](http://www.radio-canada.ca/nouvelles/Politique/2008/02/14/001-livre-vert.shtml) des (néo-)libéraux québécois pour "réformer" la gestion de la forêt, propose, sous sa couverture "verte", d'ouvrir 25% de la forêt présentement attribuée à contrat (les fameux CAAF, qui seraient enfin abolis) au libre marché, pour créer un véritable "marché de la forêt". Encore une fois la foi au marché magique qui va tout gérer pour nous...
 
@@ -23,8 +23,8 @@ Bref, tous du monde pour le rasage de la forêt sur l'autel de la création d'em
 
 Greenpeace est cité dans l'article comme étant "beaucoup plus critique", critiquant le "manque de vision" et le mutisme sur la "conservation du patrimoine mondial que constituent les dernières forêts intactes du Québec". C'est que, deux jours plus tôt, Greenpeace publiait une [lettre ouverte au ministre](http://www.greenpeace.org/canada/fr/presse/communiques/lettre-greenpeace-claude-bechard), l'accusant d'avoir une politique de "liquidation des forêts anciennes". On ne parle pas de ce communiqué dans l'article de Radio-Canada, évidemment...
 
-== La guerre ==
+# La guerre
 
 2009? 20011? On a dit quoi déjà? Le PLC avait demandé 2009, le PC offre 2011 et on chante les louanges du concensus parlementaire. Dion nous dit maintenant que quand il a dit "2011", il voulait dire 2009, avec deux ans de "formations" des militaires "afghans". So what, tant que les sondages sont de son bord... Curieusement, ce n'est pas le cas, selon [Le Devoir](http://www.ledevoir.com/2008/02/14/176085.html), le PC obtenait 37% des intentions de vote, contre 32% pour le PLC... 
 
-[[!tag "politique" "nouvelles"]]
\ No newline at end of file
+[[!tag "politique" "nouvelles"]]
diff --git a/blog/2013-04-04-internet-101-anatomie-dun-site-web.mdwn b/blog/2013-04-04-internet-101-anatomie-dun-site-web.mdwn
index e283ac12..a4b8a214 100644
--- a/blog/2013-04-04-internet-101-anatomie-dun-site-web.mdwn
+++ b/blog/2013-04-04-internet-101-anatomie-dun-site-web.mdwn
@@ -48,7 +48,7 @@ Mais on voit rarement les adresses IP durant notre utilisation régulière du we
 
  [^2]: IP ("Internet Protocol") est un autre standard ouvert qui permet à tout le monde de se parler de façon égale sur internet.
 
-### Exercice 2.1: trouver l'adresse IP d'un site web
+## Exercice 2.1: trouver l'adresse IP d'un site web
 
 Pour trouver où est un site web, on doit commencer par trouver son adresse IP. Plusieurs outils existent sur le web pour cela, mais je vais assumer que vous avez une machine Linux qui peut faire des opérations de base dans un terminal. Si vous avez une machine handicappée (ie. Windows) vous devriez quand même être capable de trouver un terminal et rouler des commandes similaires.
 
diff --git a/blog/2016-10-14-bug-reporting.mdwn b/blog/2016-10-14-bug-reporting.mdwn
index 81ee9e79..4a49ecc6 100644
--- a/blog/2016-10-14-bug-reporting.mdwn
+++ b/blog/2016-10-14-bug-reporting.mdwn
@@ -7,7 +7,7 @@ developers to be made aware of issues with their software that they
 could not have foreseen or found themselves, for lack of resources,
 variety or imagination.
 
-[[!toc levels=2 startlevel=2]]
+[[!toc]]
 
 Prior art
 =========
diff --git a/blog/2016-12-22-debian-considering-automated-upgrades.mdwn b/blog/2016-12-22-debian-considering-automated-upgrades.mdwn
index 7065f737..0eab5b4d 100644
--- a/blog/2016-12-22-debian-considering-automated-upgrades.mdwn
+++ b/blog/2016-12-22-debian-considering-automated-upgrades.mdwn
@@ -35,7 +35,7 @@ discussion that followed was interesting as it brought up key issues one
 would have when deploying automated upgrade tools, outlining both the
 benefits and downsides to such systems.
 
-## Problems with automated upgrades
+# Problems with automated upgrades
 
 An issue raised in the following discussion is that automated upgrades
 may create unscheduled downtime for critical services. For example,
@@ -95,7 +95,7 @@ degrades the interactivity of the usually satisfying `apt-get install`
 process. Nevertheless, it seems like `needrestart` is a key component of
 a properly deployed automated upgrade system.
 
-## Benefits of automated upgrades
+# Benefits of automated upgrades
 
 One thing that was less discussed is the actual benefit of automating
 upgrades. It is merely described as "secure by default" by McIntyre in
@@ -132,7 +132,7 @@ adventurous users could follow rolling distributions like Debian testing
 or unstable with unattended upgrades as well, with all the risks and
 benefits that implies.
 
-## Possible non-issues
+# Possible non-issues
 
 That there was not a backlash against the proposal surprised me: I
 expected the privacy-sensitive Debian community to react negatively to
@@ -153,7 +153,7 @@ upgrades: such changes could mean degraded functionality or additional
 spyware. However, this is the free-software world and upgrades generally
 come with bug fixes and new features, not additional restrictions.
 
-## Automating major upgrades?
+# Automating major upgrades?
 
 While automating minor upgrades is one part of the solution to the
 problem of security maintenance, the other is how to deal with major
@@ -197,7 +197,7 @@ but it is Ubuntu-specific and would need [significant
 changes](https://answers.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+question/402913)
 in order to work in Debian.
 
-## Future work
+# Future work
 

(Diff truncated)
fix typo
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index e3bab9d0..7becc3ef 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -154,7 +154,7 @@ same in PromQL. I tried:
     stddev_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[1m])
 
 The first two give zero for all samples. The latter works, but doesn't
-looks as good as Smokeping. So there might be something I'm missing.
+look as good as Smokeping. So there might be something I'm missing.
 
 [SuperQ](https://github.com/SuperQ) wrote a [special exporter for this called
 smokeping_prober](https://github.com/SuperQ/smokeping_prober/) that came out of [this discussion in the blackbox

Added a comment
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_2_48883e550b0b213f1a629fd6e178cddc._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_2_48883e550b0b213f1a629fd6e178cddc._comment
new file mode 100644
index 00000000..da6d8bf1
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_2_48883e550b0b213f1a629fd6e178cddc._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="comment 2"
+ date="2020-06-05T13:25:19Z"
+ content="""
+I don't actually know what those mean, to be honest. The blackbox exporter documentation isn't exactly exhaustive, so I can only venture a guess:
+
+    probe_icmp_duration_seconds{phase=\"resolve\"}
+
+DNS (domain name resolution). I ignore this in my graphing, because it's not what I am measuring.
+
+    probe_icmp_duration_seconds{phase=\"rtt\"}
+
+\"RTT\" stands for \"Round Trip Time\", this is the number \"ping\" gives you, the time it takes for a packet to reach its destination, for the destination to generate a new one, and for that packet to return back.
+
+    probe_icmp_duration_seconds{phase=\"setup\"}
+
+That, I frankly have no idea. I guess it's everything else the exporter might be doing to do what it needs to do? Looking [at the source code](https://github.com/prometheus/blackbox_exporter/blob/master/prober/icmp.go) it looks like it's the time it takes to setup the socket...
+"""]]

approve comment
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_ebbcf2e4e7ebeeba1180dd02ce0ebd06._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_ebbcf2e4e7ebeeba1180dd02ce0ebd06._comment
new file mode 100644
index 00000000..35034f9c
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_ebbcf2e4e7ebeeba1180dd02ce0ebd06._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ ip="193.219.12.33"
+ claimedauthor="Hardsoda"
+ subject="Explain"
+ date="2020-06-05T07:55:16Z"
+ content="""
+Hi! This is greate article :) But I missing explainetion of this probes:
+
+probe_icmp_duration_seconds{phase=\"resolve\"}
+probe_icmp_duration_seconds{phase=\"rtt\"}
+probe_icmp_duration_seconds{phase=\"setup\"}
+"""]]

add more fuzzing to graphs
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index a5f6b735..e3bab9d0 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -215,13 +215,22 @@ So yes, we're missing pretty "fuzz" lines around the main lines, but
 maybe that's alright. It *would* be possible to do the equivalent to
 the InfluxDB hack, with queries like:
 
-    min_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[1m])
-    avg_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[1m])
-    max_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[1m])
+    min_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[30s])
+    avg_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[5m])
+    max_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[30s])
 
-... and setup the "fill lines" but that's not really the way things
-work in Prometheus/Grafana land. I'm actually satisfied with the
-current result.
+The output looks something like this:
+
+<figure>
+<img src="snap-20200604T222103.png" alt="A plot of RTT and packet loss over time of three nodes, with minimax" />
+<figcaption>Looks more like Smokeping!</figcaption>
+</figure>
+
+But there's a problem there: see how the middle graph "dips" sometimes
+below 20ms? That's the `min_over_time` function (incorrectly, IMHO)
+returning zero. I haven't quite figured out how to fix that, and I'm
+not sure it is better. But it does look more like Smokeping than the
+previous graph.
 
 Update: I forgot to mention one big thing that this setup is
 missing. Smokeping has this nice feature that you can order and group
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T222103.png b/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T222103.png
new file mode 100644
index 00000000..2e5627aa
Binary files /dev/null and b/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T222103.png differ

another feature missing from my setup
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index 467bd93b..a5f6b735 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -223,6 +223,14 @@ the InfluxDB hack, with queries like:
 work in Prometheus/Grafana land. I'm actually satisfied with the
 current result.
 
+Update: I forgot to mention one big thing that this setup is
+missing. Smokeping has this nice feature that you can order and group
+probe targets in a "folder"-like hierarchy. It is often used to group
+probes by location, which makes it easier to scan a lot of
+targets. This is harder to do in this setup. It might be possible to
+setup location-specific "jobs" and select based on that, but it's not
+exactly the same.
+
 Credits
 =======
 

update screenshot
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index 88bf0827..467bd93b 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -127,8 +127,8 @@ missing something. Here's what I did.
 The result looks something like this:
 
 <figure> 
-<img src="snap-20200604T111507.png" alt="A plot of RTT and packet loss over time of three nodes" />
-<figcaption>Not bad, but definitely not Smokeping</figcaption>
+<img src="snap-20200604T121030.png" alt="A plot of RTT and packet loss over time of three nodes" />
+<figcaption>Not bad, but not Smokeping</figcaption>
 </figure>
 
 This actually looks pretty good!
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T111507.png b/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T111507.png
deleted file mode 100644
index e63c71e0..00000000
Binary files a/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T111507.png and /dev/null differ
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T121030.png b/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T121030.png
new file mode 100644
index 00000000..0e58b3cb
Binary files /dev/null and b/blog/2020-06-04-replacing-smokeping-prometheus/snap-20200604T121030.png differ

clarify conclusion
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index 97fc5a7f..88bf0827 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -219,8 +219,9 @@ the InfluxDB hack, with queries like:
     avg_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[1m])
     max_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[1m])
 
-... and setup the "fill bits" but that's not really the way things
-work in Prometheus/Grafana land.
+... and setup the "fill lines" but that's not really the way things
+work in Prometheus/Grafana land. I'm actually satisfied with the
+current result.
 
 Credits
 =======

add toc
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index d6282bca..97fc5a7f 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -14,6 +14,8 @@ from Munin](https://help.torproject.org/tsa/howto/prometheus/#Migrating_from_Mun
 Nagios is much harder, and I still haven't quite [figured out if it's
 worth it](https://trac.torproject.org/projects/tor/ticket/29864).
 
+[[!toc]]
+
 How does Smokeping work
 =======================
 

tag for debian-planet
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
index 9010f363..d6282bca 100644
--- a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -225,3 +225,5 @@ Credits
 
 Credits to [Chris Siebenmann](https://utcc.utoronto.ca/~cks/) for his [article about Prometheus and
 pings](https://utcc.utoronto.ca/~cks/space/blog/sysadmin/PrometheusAmountCheckDown) which gave me the `avg_over_time` query idea.
+
+[[!tag debian-planet python-planet prometheus sysadmin]]

prometheus smokeping replacement
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus.mdwn b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
new file mode 100644
index 00000000..9010f363
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus.mdwn
@@ -0,0 +1,227 @@
+[[!meta title="Replacing Smokeping with Prometheus"]]
+
+I've been struggling with replacing parts of my old sysadmin
+monitoring toolkit (previously built with Nagios, Munin and Smokeping)
+with more modern tools (specifically Prometheus, its "exporters" and
+Grafana) for a while now.
+
+Replacing Munin with Prometheus and Grafana is fairly straightforward:
+the network architecture ("server pulls metrics from all nodes") is
+similar and there are lots of exporters. They are a little harder to
+write than Munin modules, but that makes them more flexible and
+efficient, which was a huge problem in Munin. I wrote a [Migrating
+from Munin](https://help.torproject.org/tsa/howto/prometheus/#Migrating_from_Munin) guide that summarizes those differences. Replacing
+Nagios is much harder, and I still haven't quite [figured out if it's
+worth it](https://trac.torproject.org/projects/tor/ticket/29864).
+
+How does Smokeping work
+=======================
+
+Leaving those two aside for now, I'm left with Smokeping, which I used
+in my previous job to diagnose routing issues, using Smokeping as a
+decentralized looking glass, which was handy to debug long term
+issues. Smokeping is a strange animal: it's fundamentally similar to
+Munin, except it's harder to write plugins for it, so most people just
+use it for Ping, something for which it excels at.
+
+Its trick is this: instead of doing a single ping and returning this
+metrics, it does *multiple* ones and returns *multiple*
+metrics. Specifically, smokeping will send multiple ICMP packets (20
+by default), with a low interval (500ms by default) and a single
+retry. It also pings *multiple* hosts at once which means it can
+quickly scan multiple hosts simultaneously. You therefore see network
+conditions affecting one host reflected in further hosts down (or up)
+the chain. The *multiple* metrics also mean you can draw graphs with
+"error bars" which Smokeping shows as "smoke" (hence the name). You
+also get per-metric packet loss.
+
+Basically, smokeping runs this command and collects the output in a
+RRD database:
+
+    fping -c $count -q -b $backoff -r $retry -4 -b $packetsize -t $timeout -i $mininterval -p $hostinterval $host [ $host ...]
+
+... where those parameters are, by default:
+
+ * `$count` is 20 (packets)
+ * `$backoff` is 1 (avoid exponential backoff)
+ * `$timeout` is 1.5s
+ * `$mininterval` is 0.01s (minimum wait interval between any target)
+ * `$hostinterval` is 1.5s (minimum wait between probes on a single target)
+
+It can also override stuff like the source address and TOS
+fields. This probe will complete between 30 and 60 seconds, if my math
+is right (0% and 100% packet loss).
+
+How do draw Smokeping graphs in Grafana
+=======================================
+
+A naive implementation of Smokeping in Prometheus/Grafana would be to
+use the blackbox exporter and create a dashboard displaying those
+metrics. I've done this at home, and then I realized that I was
+missing something. Here's what I did.
+
+ 1. install the blackbox exporter:
+ 
+        apt install prometheus-blackbox-exporter
+
+ 2. make sure to allow capabilities so it can ping:
+ 
+        dpkg-reconfigure prometheus-blackbox-exporter
+
+ 3. hook monitoring targets into `prometheus.yml` (the default blackbox
+    exporter configuration is fine):
+
+        scrape_configs:
+          - job_name: blackbox
+              metrics_path: /probe
+              params:
+                module: [icmp]
+              scrape_interval: 5s
+              static_configs:
+                - targets:
+                  - octavia.anarc.at
+                  # hardcoded in DNS
+                  - nexthop.anarc.at
+                  - koumbit.net
+                  - dns.google
+              relabel_configs:
+                - source_labels: [__address__]
+                  target_label: __param_target
+                - source_labels: [__param_target]
+                  target_label: instance
+                - target_label: __address__
+                  replacement: 127.0.0.1:9115  # The blackbox exporter's real hostname:port.
+
+    Notice how we lower the `scrape_interval` to 5 seconds to get more
+    samples. `nexthop.anarc.at` was added into DNS to avoid hardcoding
+    my upstream ISP's IP in my configuration.
+
+ 4. create a Grafana panel to graph the results. first, add this
+    query:
+    
+        sum(probe_icmp_duration_seconds{phase="rtt"}) by (instance)
+    
+    * Set the `Legend` field to `{{instance}} RTT`
+    * Set `Draw modes` to `lines` and `Mode options` to `staircase`
+    * Set the `Left Y` axis `Unit` to `duration(s)`
+    * Show the `Legend` `As table`, with `Min`, `Avg`, `Max` and
+      `Current` enabled
+
+    Then add this query, for packet loss:
+    
+        1-avg_over_time(probe_success[$__interval])!=0 or null
+
+    * Set the `Legend` field to `{{instance}} packet loss`
+    * Set a `Add series override` to `Lines: false`, `Null point mode:
+      null`, `Points: true`, `Points Radios: 1`, `Color: deep red`,
+      and, most importantly, `Y-axis: 2`
+    * Set the `Right Y` axis `Unit` to `percent (0.0-1.0)` and set
+      `Y-max` to 1
+
+    Then set the entire thing to `Repeat`, on `target`,
+    `vertically`. And you need to add a `target` variable like
+    `label_values(probe_success, instance)`.
+
+The result looks something like this:
+
+<figure> 
+<img src="snap-20200604T111507.png" alt="A plot of RTT and packet loss over time of three nodes" />
+<figcaption>Not bad, but definitely not Smokeping</figcaption>
+</figure>
+
+This actually looks pretty good!
+
+I've uploaded the resulting dashboard in the [Grafana dashboard
+repository](https://grafana.com/grafana/dashboards/12412).
+
+What is missing?
+================
+
+Now, that doesn't exactly look like Smokeping, does it. It's pretty
+good, but it's not quite what we want. What is missing is *variance*,
+the "smoke" in Smokeping.
+
+There's a [good article about replacing Smokeping with
+Grafana](https://hveem.no/visualizing-latency-variance-with-grafana). They wrote a custom script to write samples into InfluxDB
+so unfortunately we can't use it in this case, since we don't have
+InfluxDB's query language. I couldn't quite figure out how to do the
+same in PromQL. I tried:
+
+    stddev(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"})
+    stddev_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[$__interval])
+    stddev_over_time(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}[1m])
+
+The first two give zero for all samples. The latter works, but doesn't
+looks as good as Smokeping. So there might be something I'm missing.
+
+[SuperQ](https://github.com/SuperQ) wrote a [special exporter for this called
+smokeping_prober](https://github.com/SuperQ/smokeping_prober/) that came out of [this discussion in the blackbox
+exporter](https://github.com/prometheus/blackbox_exporter/issues/115). Instead of delegating scheduling and target definition
+to Prometheus, the targets are set in the exporter.
+
+They also take a different approach than Smokeping: instead of
+recording the individual variations, they delegate that to Prometheus,
+through the use of "buckets". Then they use a query like this:
+
+    histogram_quantile(0.9 rate(smokeping_response_duration_seconds_bucket[$__interval]))
+
+This is the rationale to SuperQ's implementation:
+
+> Yes, I know about smokeping's bursts of pings. IMO, smokeping's data
+> model is flawed that way. This is where I intentionally deviated
+> from the smokeping exact way of doing things. This prober sends a
+> smooth, regular series of packets in order to be measuring at
+> regular controlled intervals.
+> 
+> Instead of 20 packets, over 10 seconds, every minute. You send one
+> packet per second and scrape every 15. This has the same overall
+> effect, but the measurement is, IMO, more accurate, as it's a
+> continuous stream. There's no 50 second gap of no metrics about the
+> ICMP stream.
+> 
+> Also, you don't get back one metric for those 20 packets, you get
+> several. Min, Max, Avg, StdDev. With the histogram data, you can
+> calculate much more than just that using the raw data.
+> 
+> For example, IMO, avg and max are not all that useful for continuous
+> stream monitoring. What I really want to know is the 90th percentile
+> or 99th percentile.
+> 
+> This smokeping prober is not intended to be a one-to-one replacement
+> for exactly smokeping's real implementation. But simply provide
+> similar functionality, using the power of Prometheus and PromQL to
+> make it better.
+>

(Diff truncated)
Added a comment
diff --git a/blog/2020-05-28-isp-upgrade/comment_2_0268518e78b93314146e535ba4c0baa1._comment b/blog/2020-05-28-isp-upgrade/comment_2_0268518e78b93314146e535ba4c0baa1._comment
new file mode 100644
index 00000000..285f7720
--- /dev/null
+++ b/blog/2020-05-28-isp-upgrade/comment_2_0268518e78b93314146e535ba4c0baa1._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="comment 2"
+ date="2020-06-02T20:23:38Z"
+ content="""
+> Other than the speed being lower than what you want and the IPv6 being iffy, does TSI satisfy your other requirements?
+
+It does, mostly. I'm looking for something cheaper / faster.
+
+One problem I have with TSI is they are not local. I come out from somewhere in Ontario, both in geolocation but also (more critically) in terms of latency. So that's inconvenient for local voice conferencing, where you want latency to an absolute minimum. 
+
+DSL also adds quite a lot more latency than cable, so the latter is kind of becoming a must. And unfortunately, there, TSI has the same problems as Ebox, last I checked (that is, services are blocked).
+"""]]

a nice package in emacs to tell me which key is on which command
diff --git a/software/packages.yml b/software/packages.yml
index d5f17209..c8beb4f4 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -255,6 +255,7 @@
       - elpa-solarized-theme
       - elpa-use-package
       - elpa-web-mode
+      - elpa-which-key
       - elpa-writegood-mode
       - elpa-yaml-mode
       - elpa-yasnippet

approve comment
diff --git a/blog/2020-05-28-isp-upgrade/comment_1_f2a8b591f8b87403f04aeefbe5600c9e._comment b/blog/2020-05-28-isp-upgrade/comment_1_f2a8b591f8b87403f04aeefbe5600c9e._comment
new file mode 100644
index 00000000..77f95bba
--- /dev/null
+++ b/blog/2020-05-28-isp-upgrade/comment_1_f2a8b591f8b87403f04aeefbe5600c9e._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="96.23.12.217"
+ claimedauthor="mgregoire"
+ subject="comment 1"
+ date="2020-05-28T18:55:17Z"
+ content="""
+Other than the speed being lower than what you want and the IPv6 being iffy, does TSI satisfy your other requirements?
+
+I live on the South Shore, and haven't been very happy with either Vidéotron or Bell.  Teksavvy might be an improvement.
+"""]]

add delays
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index 5b1610f7..3f627977 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -94,6 +94,8 @@ residential services", even though they [seem to have that package on
 their website](https://www.teksavvy.com/services/internet/hardware/?itemID=4843&prov=QC). They confirmed that they "don't have a option more
 than 10 mbps upload."
 
+TSI were the first to respond, within 24h.
+
 Oricom
 ------
 
@@ -105,6 +107,10 @@ their IP address space.
 
 I can confirm that the IP is fairly static from the office.
 
+Oricom were the second to respond, within 24h, but required a phone
+call instead of an email exchange. Responded within 6 hours after
+leaving a voicemail.
+
 Ebox
 ----
 
@@ -122,6 +128,8 @@ service:
 No static IP addressing, shared dynamic space so no garantee on
 reputation. IPv6 only on DSL, so no high speed IPv6.
 
+Ebox took the longest to respond, about 48 hours.
+
 Beanfield / Openface
 ---------------------
 

ebox response
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index b51bf793..5b1610f7 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -108,7 +108,19 @@ I can confirm that the IP is fairly static from the office.
 Ebox
 ----
 
-No response yet.
+Ebox claims my neighborhood supports 400mbps down, but offered me a
+100/30 package with 350Go bandwidth per month for 54.95$/mth or
+unlimited for 65$/mth.
+
+Many ports are blocked, which makes it impossible for me to use their
+service:
+
+ * port 25 blocked incoming
+ * port 25 filtered outgoing (only allowed to their servers)
+ * port 53 blocked incoming (!)
+
+No static IP addressing, shared dynamic space so no garantee on
+reputation. IPv6 only on DSL, so no high speed IPv6.
 
 Beanfield / Openface
 ---------------------

clarifier les sections
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 3853315f..27cab389 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -4,6 +4,8 @@ Le service de DNS n'est pas censuré d'aucune façon, mais donne des réponses d
 
 Il supporte [[IPv6]].
 
+[[!toc levels=2]]
+
 Problèmes connus
 ================
 
@@ -51,7 +53,13 @@ femmes. Exemples utilisés:
  * [[hardware/server/mafalda]] ([yes, the character](https://en.wikipedia.org/wiki/Mafalda))
  * [[hardware/server/plastik]] (a "piece of plastic")
 
-Utilisés par le passé:
+Anciens
+-------
+
+Ces noms ont été utilisés par le passé et ont été retiré de la
+circulation, généralement parce que les machines auxquelles ils ont
+été attitrés ont été retirés, mais aussi parce que les noms ne sont
+plus compatibles avec la nouvelle convention.
 
  * [[hardware/server/lenny]] - origin forgotten
  * marvin - origin forgotten
@@ -61,7 +69,10 @@ Utilisés par le passé:
  * roadkill
  * [[hardware/server/roadkiller]]
 
-Autres idées:
+Potentiels
+----------
+
+Les noms suivants pourraient être utilisés pour de futures machines:
 
  * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - "one of the most important political
    philosophers of the twentieth century"

explain the picks
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 2b1f5cb1..3853315f 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -63,14 +63,19 @@ Utilisés par le passé:
 
 Autres idées:
 
- * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - although, how do you spell it?
- * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond)
- * [Margaret Hamilton][]
- * [Ada Lovelace](https://en.wikipedia.org/wiki/Ada_Lovelace)
- * [Grace Hopper](https://en.wikipedia.org/wiki/Grace_Hopper)
- * [Fumiko Kaneko](https://en.wikipedia.org/wiki/Fumiko_Kaneko)
- * [Louise Michel](https://fr.wikipedia.org/wiki/Louise_Michel)
- * [Séverine](https://fr.wikipedia.org/wiki/S%C3%A9verine)
+ * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - "one of the most important political
+   philosophers of the twentieth century"
+ * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond) - challenged racial segregation in Canada
+ * [Margaret Hamilton][] - developed the on-board flight software for NASA's Apollo program
+ * [Ada Lovelace](https://en.wikipedia.org/wiki/Ada_Lovelace) - first programmer
+ * [Grace Hopper](https://en.wikipedia.org/wiki/Grace_Hopper) - inventor of the compiler and linker
+ * [Fumiko Kaneko](https://en.wikipedia.org/wiki/Fumiko_Kaneko) - Japanese feminist, anti-colonialist, anarchist
+   and nihilist, (possibly self-)convicted of plotting to assassinate
+   the Japanese emperor
+ * [Louise Michel](https://fr.wikipedia.org/wiki/Louise_Michel) - anarchiste de la commune de Paris, première à
+   arborer le drapeau noir
+ * [Séverine](https://fr.wikipedia.org/wiki/S%C3%A9verine) - journaliste, féministe, première femme à diriger un
+   grand quotidien en France
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 

move names ideas
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 6734e3c6..2b1f5cb1 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -66,7 +66,11 @@ Autres idées:
  * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - although, how do you spell it?
  * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond)
  * [Margaret Hamilton][]
+ * [Ada Lovelace](https://en.wikipedia.org/wiki/Ada_Lovelace)
+ * [Grace Hopper](https://en.wikipedia.org/wiki/Grace_Hopper)
  * [Fumiko Kaneko](https://en.wikipedia.org/wiki/Fumiko_Kaneko)
+ * [Louise Michel](https://fr.wikipedia.org/wiki/Louise_Michel)
+ * [Séverine](https://fr.wikipedia.org/wiki/S%C3%A9verine)
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 

openface/beanfield update
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index e5db6171..b51bf793 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -115,6 +115,8 @@ Beanfield / Openface
 
 Even though they have a really interesting service (50$/mth for
 unlimited 1gbps), they are not in my building. I did try to contact
-them over chat, they told me to call, and I left a message
+them over chat, they told me to call, and I left a message. They
+responded saying they mostly offer business services for now, no
+residential in Montreal.
 
 [[!tag debian-planet internet neutrality québec sysadmin diy montreal]]

add more ideas
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index d1f7a477..e5db6171 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -59,12 +59,13 @@ So I'm shopping for a replacement. The requirements are:
 Contestants
 ===========
 
-I wrote a similar message asking three major ISPs in my city for those
+I wrote a similar message asking major ISPs in my city for those
 services, including business service if necessary:
 
  * [Oricom](https://oricom.ca) - `ventes@oricom.ca`
  * [TSI](https://teksavvy.com) - `sales@teksavvy.com`
  * [Ebox](https://ebox.ca) - `sales@ebox.ca`
+ * [Beanfield/Openface](https://www.beanfield.com/residential/)
 
 I have *not* contacted those providers:
 
@@ -96,11 +97,24 @@ than 10 mbps upload."
 Oricom
 ------
 
-No response yet.
+They offer a 100/30 link for 65$ plus 25$ for a static IP.
+
+No IPv6 yet, unlikely to come soon. No services blocked, they have
+their own PoP within Videotron's datacenters so clients come out from
+their IP address space.
+
+I can confirm that the IP is fairly static from the office.
 
 Ebox
 ----
 
 No response yet.
 
+Beanfield / Openface
+---------------------
+
+Even though they have a really interesting service (50$/mth for
+unlimited 1gbps), they are not in my building. I did try to contact
+them over chat, they told me to call, and I left a message
+
 [[!tag debian-planet internet neutrality québec sysadmin diy montreal]]
diff --git a/services/dns.mdwn b/services/dns.mdwn
index cd1d0818..6734e3c6 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -65,6 +65,10 @@ Autres idées:
 
  * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - although, how do you spell it?
  * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond)
+ * [Margaret Hamilton][]
+ * [Fumiko Kaneko](https://en.wikipedia.org/wiki/Fumiko_Kaneko)
+
+[Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 
 Relié
 =====

confirmed response from TSI
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index f503ef66..d1f7a477 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -90,7 +90,8 @@ TSI
 
 First answer from TSI was "we do not provide 30mbps upload on
 residential services", even though they [seem to have that package on
-their website](https://www.teksavvy.com/services/internet/hardware/?itemID=4843&prov=QC).
+their website](https://www.teksavvy.com/services/internet/hardware/?itemID=4843&prov=QC). They confirmed that they "don't have a option more
+than 10 mbps upload."
 
 Oricom
 ------

a little more rationale
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index 42066dd3..f503ef66 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -22,6 +22,11 @@ often feel I should pack a little more punch at home (although I have
 no illusions about my capacity of resisting any sort of DoS attack at
 home of course).
 
+Also, the idea of having gigabit links at home brings back the idea of
+the original internet, that *everyone* on the internet is a
+"peer". "Client" and "servers" are just a technical distinction and
+everyone should be able to run a server.
+
 Requirements
 ============
 

fix toc
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index 16256e65..42066dd3 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -1,5 +1,7 @@
 [[!meta title="Upgrading my home server uplink"]]
 
+[[!toc levels=3]]
+
 For more than a few decades now (!), I've been running my own
 server. First it was just my old Pentium 1 squatting on university
 networks, but eventually grew into a real server somewhere at the dawn
@@ -8,6 +10,9 @@ hosted over ADSL links, first a handful of megabits, up to the current
 25 Mbps down, 6 Mbps up that the Bell Canada network seems to allow
 to its resellers (currently Teksavvy Internet, or TSI).
 
+Why change?
+===========
+
 Obviously, this speed is showing its age, and especially in this age
 of Pandemia where everyone is on videoconferencing all the time. But
 it's also inconvenient when I need to *upload* large files on the
@@ -17,6 +22,9 @@ often feel I should pack a little more punch at home (although I have
 no illusions about my capacity of resisting any sort of DoS attack at
 home of course).
 
+Requirements
+============
+
 So I'm shopping for a replacement. The requirements are:
 
  1. higher speed than 25/6, preferably 100mbps down, 30mbps up, or
@@ -43,6 +51,9 @@ So I'm shopping for a replacement. The requirements are:
 
 (All amounts in $CAD.)
 
+Contestants
+===========
+
 I wrote a similar message asking three major ISPs in my city for those
 services, including business service if necessary:
 
@@ -70,19 +81,19 @@ from a major telco exchange site, so it's not like I'm in a rural
 community. This should just work.
 
 TSI
-===
+---
 
 First answer from TSI was "we do not provide 30mbps upload on
 residential services", even though they [seem to have that package on
 their website](https://www.teksavvy.com/services/internet/hardware/?itemID=4843&prov=QC).
 
 Oricom
-======
+------
 
 No response yet.
 
 Ebox
-====
+----
 
 No response yet.
 

explain where i am a little
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index 37d3d65b..16256e65 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -65,6 +65,10 @@ I might have forgotten some, let me know if you're in the area and
 have a good recommendation. I'll update this post with findings as
 they come in.
 
+Keep in mind that I am in a major Canadian city, less than a kilometer
+from a major telco exchange site, so it's not like I'm in a rural
+community. This should just work.
+
 TSI
 ===
 

tsi does have a package, wtf?
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
index c4c1e49f..37d3d65b 100644
--- a/blog/2020-05-28-isp-upgrade.mdwn
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -69,7 +69,8 @@ TSI
 ===
 
 First answer from TSI was "we do not provide 30mbps upload on
-residential services".
+residential services", even though they [seem to have that package on
+their website](https://www.teksavvy.com/services/internet/hardware/?itemID=4843&prov=QC).
 
 Oricom
 ======

creating tag page tag/diy
diff --git a/tag/diy.mdwn b/tag/diy.mdwn
new file mode 100644
index 00000000..b6908aeb
--- /dev/null
+++ b/tag/diy.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged diy"]]
+
+[[!inline pages="tagged(diy)" actions="no" archive="yes"
+feedshow=10]]

new isp research
diff --git a/blog/2020-05-28-isp-upgrade.mdwn b/blog/2020-05-28-isp-upgrade.mdwn
new file mode 100644
index 00000000..c4c1e49f
--- /dev/null
+++ b/blog/2020-05-28-isp-upgrade.mdwn
@@ -0,0 +1,84 @@
+[[!meta title="Upgrading my home server uplink"]]
+
+For more than a few decades now (!), I've been running my own
+server. First it was just my old Pentium 1 squatting on university
+networks, but eventually grew into a real server somewhere at the dawn
+of the millenia. Apart from the university days, the server was mostly
+hosted over ADSL links, first a handful of megabits, up to the current
+25 Mbps down, 6 Mbps up that the Bell Canada network seems to allow
+to its resellers (currently Teksavvy Internet, or TSI).
+
+Obviously, this speed is showing its age, and especially in this age
+of Pandemia where everyone is on videoconferencing all the time. But
+it's also inconvenient when I need to *upload* large files on the
+network. I also host a variety of [[services]] on this network, and I
+always worry that any idiot can (rather trivially) DoS my server, so I
+often feel I should pack a little more punch at home (although I have
+no illusions about my capacity of resisting any sort of DoS attack at
+home of course).
+
+So I'm shopping for a replacement. The requirements are:
+
+ 1. higher speed than 25/6, preferably 100mbps down, 30mbps up, or
+    more. ideally 1gbps symmetric.
+
+ 2. static or near-static IP address: I run a DNS server with its IP
+    in the glue records (although the latter could possibly be
+    relaxed). ideally a /29 or more.
+
+ 3. all ports open: I run an SMTP server (incoming and outgoing) along
+    with a webserver and other experiments. ideally, no firewall or
+    policy should be blocking me from hosting stuff, unless there's an
+    attack or security issue, obviously.
+    
+ 4. clean IP address: the SMTP server needs to have a good reputation,
+    so the IP address should not be in a "residential space" pool.
+
+ 5. IPv6 support: TSI offers IPv6 support, but it is buggy (I
+    frequently have to restart the IPv6 interface on the router
+    because the delegated block stops routing, and they haven't been
+    able to figure out the problem). ideally, a /56.
+
+ 6. less than 100$/mth, ideally close to the current 60$/mth I pay.
+
+(All amounts in $CAD.)
+
+I wrote a similar message asking three major ISPs in my city for those
+services, including business service if necessary:
+
+ * [Oricom](https://oricom.ca) - `ventes@oricom.ca`
+ * [TSI](https://teksavvy.com) - `sales@teksavvy.com`
+ * [Ebox](https://ebox.ca) - `sales@ebox.ca`
+
+I have *not* contacted those providers:
+
+ * Bell Canada: i have sworn, two decades ago, never to do business
+   with that company ever again. They have a near-monopoly on almost
+   all telcos in Canada and I want to give them as little money as
+   possible.
+
+ * Videotron: I know for a fact they do not allow servers on their
+   network, and their [IPv6 has been in beta](https://support.videotron.com/residential/internet/monitor-usage/ipv6) [for so long](http://web.archive.org/web/20110713003117/http://soutien.videotron.com/residentiel/internet/ipv6) it
+   has become somewhat of a joke now
+
+I might have forgotten some, let me know if you're in the area and
+have a good recommendation. I'll update this post with findings as
+they come in.
+
+TSI
+===
+
+First answer from TSI was "we do not provide 30mbps upload on
+residential services".
+
+Oricom
+======
+
+No response yet.
+
+Ebox
+====
+
+No response yet.
+
+[[!tag debian-planet internet neutrality québec sysadmin diy montreal]]

fix listing in parent page
diff --git a/hardware/emma.mdwn b/hardware/emma.mdwn
index dff49e4f..f955d845 100644
--- a/hardware/emma.mdwn
+++ b/hardware/emma.mdwn
@@ -19,3 +19,5 @@ music recording.
 
 Emma's name was also briefly attributed to [[rosa]] by mistake, before
 I remembered of its existence.
+
+[[!tag node]]
diff --git a/hardware/rosa.mdwn b/hardware/rosa.mdwn
index 3a583784..5fc02f37 100644
--- a/hardware/rosa.mdwn
+++ b/hardware/rosa.mdwn
@@ -213,3 +213,5 @@ it was supposed to deliver 300mbps:
 So performance is also *definitely* disappointing here, although that
 could also be due to the hardware in angela, which wouldn't surprise
 me at this point.
+
+[[!tag node]]

another link
diff --git a/services/dns.mdwn b/services/dns.mdwn
index b6d60ba9..cd1d0818 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -46,7 +46,7 @@ femmes. Exemples utilisés:
  * [[hardware/emma]] ([Goldman](https://en.wikipedia.org/wiki/Emma_Goldman))
  * ([Subcommandante](https://en.wikipedia.org/wiki/Subcomandante_Marcos)) [[hardware/server/marcos]]
  * [[hardware/octavia]] ([E. Butler](https://en.wikipedia.org/wiki/Octavia_E._Butler))
- * [[hardware/rosa]] ([Luxembourg](https://en.wikipedia.org/wiki/Rosa_Luxemburg))
+ * [[hardware/rosa]] ([Luxembourg](https://en.wikipedia.org/wiki/Rosa_Luxemburg) or [Parks](https://en.wikipedia.org/wiki/Rosa_Parks))
  * [[hardware/ursula]] ([K. Le Guin](https://en.wikipedia.org/wiki/Ursula_K._Le_Guin))
  * [[hardware/server/mafalda]] ([yes, the character](https://en.wikipedia.org/wiki/Mafalda))
  * [[hardware/server/plastik]] (a "piece of plastic")

the other rosa
diff --git a/hardware/rosa.mdwn b/hardware/rosa.mdwn
index 79ee122f..3a583784 100644
--- a/hardware/rosa.mdwn
+++ b/hardware/rosa.mdwn
@@ -7,6 +7,18 @@ anti-war activist and revolutionary socialist.
 > proletariat, but our solution offers the only means of saving human
 > society from destruction. -- Rosa Luxembourg
 
+[Rosa Parks](https://en.wikipedia.org/wiki/Rosa_Parks) was also an American activist in the civil rights
+movement best known for her pivotal role in the Montgomery bus
+boycott. The United States Congress has called her "the first lady of
+civil rights" and "the mother of the freedom movement".
+
+> People always said that I didn't give up my seat because I was
+> tired, but that isn't true. I was not tired physically, or no more
+> tired than I usually was at the end of a working day. I was not old,
+> although some people have an image of me as being old then. I was
+> forty-two. No, the only tired I was, was tired of giving in.  --
+> Rosa Parks
+
 It is also a TP-Link AC1750 v5 router that I use as a bridge. It was
 configured similarly to [[hardware/server/plastik]], with a fresh
 OpenWRT (19.07.3) setup (see the [OpenWRT hardware page](https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_c7_v5)), using

sort names alpha
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 5dafbde9..b6d60ba9 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -38,12 +38,13 @@ Les noms des machines sur le réseau sont des personalités ou autrices
 inspirantes (politiquement ou autre), préférablement des
 femmes. Exemples utilisés:
 
- * ([Subcommandante](https://en.wikipedia.org/wiki/Subcomandante_Marcos)) [[hardware/server/marcos]]
  * [[hardware/angela]] ([Davis](https://en.wikipedia.org/wiki/Angela_Davis))
+ * bell ([Hooks](https://en.wikipedia.org/wiki/Bell_hooks))
  * ([Margaret](https://en.wikipedia.org/wiki/Margaret_Atwood)) Atwood
  * ([Marie](https://en.wikipedia.org/wiki/Marie_Curie)) [[hardware/curie]]
  * ([Richard](https://en.wikipedia.org/wiki/Richard_Dawkins)) dawkins
  * [[hardware/emma]] ([Goldman](https://en.wikipedia.org/wiki/Emma_Goldman))
+ * ([Subcommandante](https://en.wikipedia.org/wiki/Subcomandante_Marcos)) [[hardware/server/marcos]]
  * [[hardware/octavia]] ([E. Butler](https://en.wikipedia.org/wiki/Octavia_E._Butler))
  * [[hardware/rosa]] ([Luxembourg](https://en.wikipedia.org/wiki/Rosa_Luxemburg))
  * [[hardware/ursula]] ([K. Le Guin](https://en.wikipedia.org/wiki/Ursula_K._Le_Guin))
@@ -55,11 +56,14 @@ Utilisés par le passé:
  * [[hardware/server/lenny]] - origin forgotten
  * marvin - origin forgotten
  * mumia ([Abu Jamal](https://en.wikipedia.org/wiki/Mumia_Abu-Jamal))
+ * orange
+ * tangerine
  * roadkill
  * [[hardware/server/roadkiller]]
 
 Autres idées:
 
+ * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - although, how do you spell it?
  * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond)
 
 Relié

emma already in use (laptop in the koumbit office) switch to rosa
diff --git a/hardware/emma.mdwn b/hardware/emma.mdwn
index a5fd3ab4..dff49e4f 100644
--- a/hardware/emma.mdwn
+++ b/hardware/emma.mdwn
@@ -11,202 +11,11 @@ Europe in the first half of the 20th century".
 > wealth; an order that will guarantee to every human being free
 > access to the earth and full enjoyment of the necessities of life,
 > according to individual desires, tastes, and inclinations.
-> 
+>
 > -- Emma Goldman, 1910
 
-It is a TP-Link AC1750 v5 router that I use as a bridge. It was
-configured similarly to [[hardware/server/plastik]], with a fresh
-OpenWRT (19.07.3) setup (see the [OpenWRT hardware
-page](https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_c7_v5)),
-using the `factory.bin` image from the TP-Link stock firmware web
-interface.
+Emma is also an old battered X220 laptop running Debian I use for
+music recording.
 
-Benchmarks
-==========
-
-I performed some benchmarks at the request of people from
-`#debian-quebec`, provided below.
-
-I unfortunately forgot to run the same benchmarks with the stock
-firmware, but that could have been difficult unless it ships with
-`iperf3`...
-
-Wired network
--------------
-
-From [[angela]] (with a Startech USB-3 gigabit adapter) to emma over a
-RJ-45 wire:
-
-    root@angela:/home/anarcat# iperf3 -c 192.168.0.10
-    Connecting to host 192.168.0.10, port 5201
-    [  5] local 192.168.0.116 port 44332 connected to 192.168.0.10 port 5201
-    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
-    [  5]   0.00-1.00   sec  20.8 MBytes   174 Mbits/sec    0    440 KBytes       
-    [  5]   1.00-2.00   sec  29.5 MBytes   248 Mbits/sec   14    344 KBytes       
-    [  5]   2.00-3.00   sec  29.3 MBytes   246 Mbits/sec    0    370 KBytes       
-    [  5]   3.00-4.00   sec  30.4 MBytes   255 Mbits/sec    0    399 KBytes       
-    [  5]   4.00-5.00   sec  28.3 MBytes   237 Mbits/sec    0    403 KBytes       
-    [  5]   5.00-6.00   sec  19.9 MBytes   167 Mbits/sec    2    417 KBytes       
-    [  5]   6.00-7.00   sec  28.6 MBytes   240 Mbits/sec    0    441 KBytes       
-    [  5]   7.00-8.00   sec  30.5 MBytes   255 Mbits/sec    0    454 KBytes       
-    [  5]   8.00-9.00   sec  29.2 MBytes   245 Mbits/sec    0    462 KBytes       
-    [  5]   9.00-10.00  sec  29.5 MBytes   247 Mbits/sec    0    469 KBytes       
-    - - - - - - - - - - - - - - - - - - - - - - - - -
-    [ ID] Interval           Transfer     Bitrate         Retr
-    [  5]   0.00-10.00  sec   276 MBytes   231 Mbits/sec   16             sender
-    [  5]   0.00-10.02  sec   273 MBytes   229 Mbits/sec                  receiver
-
-    iperf Done.
-
-In comparison, from angela to [[octavia]], the Turris Omnia router:
-
-    root@angela:/home/anarcat# iperf3 -c 192.168.0.1
-    Connecting to host 192.168.0.1, port 5201
-    [  5] local 192.168.0.116 port 56192 connected to 192.168.0.1 port 5201
-    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
-    [  5]   0.00-1.00   sec  42.6 MBytes   357 Mbits/sec    0    208 KBytes       
-    [  5]   1.00-2.00   sec  41.8 MBytes   350 Mbits/sec    0    208 KBytes       
-    [  5]   2.00-3.00   sec  42.0 MBytes   353 Mbits/sec    0    219 KBytes       
-    [  5]   3.00-4.00   sec  41.8 MBytes   351 Mbits/sec    0    229 KBytes       
-    [  5]   4.00-5.00   sec  42.1 MBytes   353 Mbits/sec    0    229 KBytes       
-    [  5]   5.00-6.00   sec  42.3 MBytes   354 Mbits/sec    0    229 KBytes       
-    [  5]   6.00-7.00   sec  42.0 MBytes   352 Mbits/sec    0    229 KBytes       
-    [  5]   7.00-8.00   sec  41.8 MBytes   350 Mbits/sec    0    229 KBytes       
-    [  5]   8.00-9.00   sec  42.4 MBytes   355 Mbits/sec    0    229 KBytes       
-    [  5]   9.00-10.00  sec  41.9 MBytes   351 Mbits/sec    0    229 KBytes       
-    - - - - - - - - - - - - - - - - - - - - - - - - -
-    [ ID] Interval           Transfer     Bitrate         Retr
-    [  5]   0.00-10.00  sec   421 MBytes   353 Mbits/sec    0             sender
-    [  5]   0.00-10.00  sec   420 MBytes   352 Mbits/sec                  receiver
-
-    iperf Done.
-
-Between octavia and emma directly:
-
-    root@octavia:~# iperf3 -c 192.168.0.10
-    Connecting to host 192.168.0.10, port 5201
-    [  5] local 192.168.0.1 port 44068 connected to 192.168.0.10 port 5201
-    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
-    [  5]   0.00-1.00   sec  36.2 MBytes   303 Mbits/sec    0    344 KBytes       
-    [  5]   1.00-2.00   sec  36.2 MBytes   303 Mbits/sec    0    393 KBytes       
-    [  5]   2.00-3.00   sec  32.3 MBytes   271 Mbits/sec    0    393 KBytes       
-    [  5]   3.00-4.00   sec  27.5 MBytes   230 Mbits/sec    0    393 KBytes       
-    [  5]   4.00-5.00   sec  35.9 MBytes   301 Mbits/sec    0    424 KBytes       
-    [  5]   5.00-6.00   sec  36.0 MBytes   302 Mbits/sec   27    341 KBytes       
-    [  5]   6.00-7.00   sec  35.9 MBytes   301 Mbits/sec    0    382 KBytes       
-    [  5]   7.00-8.00   sec  32.1 MBytes   269 Mbits/sec    0    382 KBytes       
-    [  5]   8.00-9.00   sec  27.0 MBytes   227 Mbits/sec    0    382 KBytes       
-    [  5]   9.00-10.00  sec  36.0 MBytes   302 Mbits/sec   48    315 KBytes       
-    - - - - - - - - - - - - - - - - - - - - - - - - -
-    [ ID] Interval           Transfer     Bitrate         Retr
-    [  5]   0.00-10.00  sec   335 MBytes   281 Mbits/sec   75             sender
-    [  5]   0.00-10.03  sec   333 MBytes   279 Mbits/sec                  receiver
-
-    iperf Done.
-
-Between octavia and [[server/marcos]]:
-
-    anarcat@marcos:~(master)$ iperf3 -c 192.168.0.1
-    Connecting to host 192.168.0.1, port 5201
-    [  5] local 192.168.0.3 port 50918 connected to 192.168.0.1 port 5201
-    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
-    [  5]   0.00-1.00   sec   114 MBytes   956 Mbits/sec    0    448 KBytes       
-    [  5]   1.00-2.00   sec   113 MBytes   948 Mbits/sec    0    469 KBytes       
-    [  5]   2.00-3.00   sec   112 MBytes   941 Mbits/sec    0    513 KBytes       
-    [  5]   3.00-4.00   sec   112 MBytes   942 Mbits/sec    0    513 KBytes       
-    [  5]   4.00-5.00   sec   112 MBytes   939 Mbits/sec    0    540 KBytes       
-    [  5]   5.00-6.00   sec   112 MBytes   941 Mbits/sec    0    540 KBytes       
-    [  5]   6.00-7.00   sec   112 MBytes   943 Mbits/sec    0    540 KBytes       
-    [  5]   7.00-8.00   sec   112 MBytes   936 Mbits/sec    0    540 KBytes       
-    [  5]   8.00-9.00   sec   112 MBytes   942 Mbits/sec    0    540 KBytes       
-    [  5]   9.00-10.00  sec   113 MBytes   947 Mbits/sec    0    567 KBytes       
-    - - - - - - - - - - - - - - - - - - - - - - - - -
-    [ ID] Interval           Transfer     Bitrate         Retr
-    [  5]   0.00-10.00  sec  1.10 GBytes   944 Mbits/sec    0             sender
-    [  5]   0.00-10.02  sec  1.10 GBytes   940 Mbits/sec                  receiver
-
-    iperf Done.
-
-... which proves octavia is not the bottleneck: the tp-link is (and,
-unrelatedly, angela's gigabit adapter as well, but we could still
-reproduce without it).
-
-Wireless network
-----------------
-
-Over 2.4GHz:
-
-    root@angela:/home/anarcat# iperf3 -c 192.168.0.10
-    Connecting to host 192.168.0.10, port 5201
-    [  5] local 192.168.0.152 port 59030 connected to 192.168.0.10 port 5201
-    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
-    [  5]   0.00-1.00   sec  5.71 MBytes  47.9 Mbits/sec    0    325 KBytes       
-    [  5]   1.00-2.00   sec  5.72 MBytes  48.0 Mbits/sec    0    359 KBytes       
-    [  5]   2.00-3.00   sec  4.23 MBytes  35.4 Mbits/sec    0    423 KBytes       
-    [  5]   3.00-4.00   sec  6.59 MBytes  55.3 Mbits/sec    0    444 KBytes       
-    [  5]   4.00-5.00   sec  5.84 MBytes  49.0 Mbits/sec    0    465 KBytes       
-    [  5]   5.00-6.00   sec  4.16 MBytes  34.9 Mbits/sec    0    489 KBytes       
-    [  5]   6.00-7.00   sec  4.47 MBytes  37.5 Mbits/sec    0    489 KBytes       
-    [  5]   7.00-8.00   sec  4.41 MBytes  37.0 Mbits/sec    0    489 KBytes       
-    [  5]   8.00-9.00   sec  5.03 MBytes  42.2 Mbits/sec    0    489 KBytes       
-    [  5]   9.00-10.00  sec  4.29 MBytes  36.0 Mbits/sec    0    489 KBytes       
-    - - - - - - - - - - - - - - - - - - - - - - - - -
-    [ ID] Interval           Transfer     Bitrate         Retr
-    [  5]   0.00-10.00  sec  50.5 MBytes  42.3 Mbits/sec    0             sender
-    [  5]   0.00-10.01  sec  48.3 MBytes  40.5 Mbits/sec                  receiver
-
-    iperf Done.
-
-`iwconfig` was showing:
-
-    wlp2s0    IEEE 802.11  ESSID:"CrapN6-emma"  
-              Mode:Managed  Frequency:2.412 GHz  Access Point: B0:95:75:41:E7:C1   
-              Bit Rate=144.4 Mb/s   Tx-Power=15 dBm   
-              Retry short limit:7   RTS thr:off   Fragment thr:off
-              Power Management:off
-              Link Quality=70/70  Signal level=-22 dBm  
-              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
-              Tx excessive retries:1  Invalid misc:104   Missed beacon:0
-
-So the 40Mbps is actually disappointing here. It's possible
-neighboring access points caused interference.
-
-Over 5GHz:
-
-    root@angela:/home/anarcat# iperf3 -c 192.168.0.10
-    Connecting to host 192.168.0.10, port 5201
-    [  5] local 192.168.0.152 port 59148 connected to 192.168.0.10 port 5201
-    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
-    [  5]   0.00-1.00   sec  8.45 MBytes  70.9 Mbits/sec    1    348 KBytes       
-    [  5]   1.00-2.00   sec  12.6 MBytes   106 Mbits/sec    0    488 KBytes       
-    [  5]   2.00-3.00   sec  6.46 MBytes  54.2 Mbits/sec    0    488 KBytes       
-    [  5]   3.00-4.00   sec  5.29 MBytes  44.4 Mbits/sec    0    488 KBytes       
-    [  5]   4.00-5.00   sec  6.14 MBytes  51.5 Mbits/sec    1    488 KBytes       
-    [  5]   5.00-6.00   sec  5.10 MBytes  42.7 Mbits/sec    0    488 KBytes       
-    [  5]   6.00-7.00   sec  6.96 MBytes  58.4 Mbits/sec    1    488 KBytes       
-    [  5]   7.00-8.00   sec  7.71 MBytes  64.6 Mbits/sec    0    488 KBytes       
-    [  5]   8.00-9.00   sec  7.27 MBytes  61.0 Mbits/sec    0    488 KBytes       
-    [  5]   9.00-10.00  sec  7.33 MBytes  61.5 Mbits/sec    0    488 KBytes       
-    - - - - - - - - - - - - - - - - - - - - - - - - -
-    [ ID] Interval           Transfer     Bitrate         Retr
-    [  5]   0.00-10.00  sec  73.3 MBytes  61.5 Mbits/sec    3             sender
-    [  5]   0.00-10.11  sec  70.6 MBytes  58.6 Mbits/sec                  receiver
-
-    iperf Done.
-
-I had trouble connecting to the router over 5GHz and web browsing
-performance was bad (Wikipedia would not load properly). Still it said
-it was supposed to deliver 300mbps:
-
-    wlp2s0    IEEE 802.11  ESSID:"CrapN6-5GHz-emma"  
-              Mode:Managed  Frequency:5.745 GHz  Access Point: B0:95:75:41:E7:C0   

(Diff truncated)
update: fp3 teardown is, of course, a perfect 10 again, congrats!
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 849caac6..7326c167 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -204,6 +204,7 @@ The full specs:
    * Thickness 9.89 mm
    * Weight: 189g
    * IP54 certification
+ * Again, [10/10 iFixit score](https://www.ifixit.com/Teardown/Fairphone+3+Teardown/125573)
 
 There are some problems, however, that I have found with the specs:
 
@@ -250,7 +251,8 @@ On the upside:
  * transluscent cover is back
  * [positive first impressions from iFixit](https://www.ifixit.com/News/the-fairphone-3-is-here-and-its-not-the-only-sustainable-phone-on-the-way) although they do
    mention problems with US networks and that there are now other
-   porjects like the Fairphone (namely [Shift](https://www.shiftphones.com/en/) and [Teracube](https://myteracube.com/))
+   porjects like the Fairphone (namely [Shift](https://www.shiftphones.com/en/) and
+   [Teracube](https://myteracube.com/)). update: they did a 10/10 score in the [teardown](https://www.ifixit.com/Teardown/Fairphone+3+Teardown/125573)
 
 Places that might ship in Canada:
 

more emma details
diff --git a/hardware/emma.mdwn b/hardware/emma.mdwn
index 053eb511..a5fd3ab4 100644
--- a/hardware/emma.mdwn
+++ b/hardware/emma.mdwn
@@ -15,11 +15,22 @@ Europe in the first half of the 20th century".
 > -- Emma Goldman, 1910
 
 It is a TP-Link AC1750 v5 router that I use as a bridge. It was
-configured similarly to [[hardware/server/plastik]].
+configured similarly to [[hardware/server/plastik]], with a fresh
+OpenWRT (19.07.3) setup (see the [OpenWRT hardware
+page](https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_c7_v5)),
+using the `factory.bin` image from the TP-Link stock firmware web
+interface.
 
 Benchmarks
 ==========
 
+I performed some benchmarks at the request of people from
+`#debian-quebec`, provided below.
+
+I unfortunately forgot to run the same benchmarks with the stock
+firmware, but that could have been difficult unless it ships with
+`iperf3`...
+
 Wired network
 -------------
 

mention emma
diff --git a/hardware/history.mdwn b/hardware/history.mdwn
index 796affd3..37c6e0b6 100644
--- a/hardware/history.mdwn
+++ b/hardware/history.mdwn
@@ -71,3 +71,5 @@ Here's the detailed history:
   8GB ram, running stretch, 512GB SSD)
 * 2019-...: Vero 4k+ ([[ursula]], home cinema service replacing a part of
   marcos, which is moved to the basement)
+* 2020-...: TP-Link AC1750 router ([[emma]]), may become
+  "standard" for cheap, not-quite-gigabit, wireless bridges

small documentation for a new server
diff --git a/hardware/emma.mdwn b/hardware/emma.mdwn
new file mode 100644
index 00000000..053eb511
--- /dev/null
+++ b/hardware/emma.mdwn
@@ -0,0 +1,201 @@
+[Emma Goldman](https://en.wikipedia.org/wiki/Emma_Goldman) was "an
+anarchist political activist and writer. She played a pivotal role in
+the development of anarchist political philosophy in North America and
+Europe in the first half of the 20th century".
+
+> Anarchism, then, really stands for the liberation of the human mind
+> from the dominion of religion; the liberation of the human body from
+> the dominion of property; liberation from the shackles and restraint
+> of government. Anarchism stands for a social order based on the free
+> grouping of individuals for the purpose of producing real social
+> wealth; an order that will guarantee to every human being free
+> access to the earth and full enjoyment of the necessities of life,
+> according to individual desires, tastes, and inclinations.
+> 
+> -- Emma Goldman, 1910
+
+It is a TP-Link AC1750 v5 router that I use as a bridge. It was
+configured similarly to [[hardware/server/plastik]].
+
+Benchmarks
+==========
+
+Wired network
+-------------
+
+From [[angela]] (with a Startech USB-3 gigabit adapter) to emma over a
+RJ-45 wire:
+
+    root@angela:/home/anarcat# iperf3 -c 192.168.0.10
+    Connecting to host 192.168.0.10, port 5201
+    [  5] local 192.168.0.116 port 44332 connected to 192.168.0.10 port 5201
+    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
+    [  5]   0.00-1.00   sec  20.8 MBytes   174 Mbits/sec    0    440 KBytes       
+    [  5]   1.00-2.00   sec  29.5 MBytes   248 Mbits/sec   14    344 KBytes       
+    [  5]   2.00-3.00   sec  29.3 MBytes   246 Mbits/sec    0    370 KBytes       
+    [  5]   3.00-4.00   sec  30.4 MBytes   255 Mbits/sec    0    399 KBytes       
+    [  5]   4.00-5.00   sec  28.3 MBytes   237 Mbits/sec    0    403 KBytes       
+    [  5]   5.00-6.00   sec  19.9 MBytes   167 Mbits/sec    2    417 KBytes       
+    [  5]   6.00-7.00   sec  28.6 MBytes   240 Mbits/sec    0    441 KBytes       
+    [  5]   7.00-8.00   sec  30.5 MBytes   255 Mbits/sec    0    454 KBytes       
+    [  5]   8.00-9.00   sec  29.2 MBytes   245 Mbits/sec    0    462 KBytes       
+    [  5]   9.00-10.00  sec  29.5 MBytes   247 Mbits/sec    0    469 KBytes       
+    - - - - - - - - - - - - - - - - - - - - - - - - -
+    [ ID] Interval           Transfer     Bitrate         Retr
+    [  5]   0.00-10.00  sec   276 MBytes   231 Mbits/sec   16             sender
+    [  5]   0.00-10.02  sec   273 MBytes   229 Mbits/sec                  receiver
+
+    iperf Done.
+
+In comparison, from angela to [[octavia]], the Turris Omnia router:
+
+    root@angela:/home/anarcat# iperf3 -c 192.168.0.1
+    Connecting to host 192.168.0.1, port 5201
+    [  5] local 192.168.0.116 port 56192 connected to 192.168.0.1 port 5201
+    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
+    [  5]   0.00-1.00   sec  42.6 MBytes   357 Mbits/sec    0    208 KBytes       
+    [  5]   1.00-2.00   sec  41.8 MBytes   350 Mbits/sec    0    208 KBytes       
+    [  5]   2.00-3.00   sec  42.0 MBytes   353 Mbits/sec    0    219 KBytes       
+    [  5]   3.00-4.00   sec  41.8 MBytes   351 Mbits/sec    0    229 KBytes       
+    [  5]   4.00-5.00   sec  42.1 MBytes   353 Mbits/sec    0    229 KBytes       
+    [  5]   5.00-6.00   sec  42.3 MBytes   354 Mbits/sec    0    229 KBytes       
+    [  5]   6.00-7.00   sec  42.0 MBytes   352 Mbits/sec    0    229 KBytes       
+    [  5]   7.00-8.00   sec  41.8 MBytes   350 Mbits/sec    0    229 KBytes       
+    [  5]   8.00-9.00   sec  42.4 MBytes   355 Mbits/sec    0    229 KBytes       
+    [  5]   9.00-10.00  sec  41.9 MBytes   351 Mbits/sec    0    229 KBytes       
+    - - - - - - - - - - - - - - - - - - - - - - - - -
+    [ ID] Interval           Transfer     Bitrate         Retr
+    [  5]   0.00-10.00  sec   421 MBytes   353 Mbits/sec    0             sender
+    [  5]   0.00-10.00  sec   420 MBytes   352 Mbits/sec                  receiver
+
+    iperf Done.
+
+Between octavia and emma directly:
+
+    root@octavia:~# iperf3 -c 192.168.0.10
+    Connecting to host 192.168.0.10, port 5201
+    [  5] local 192.168.0.1 port 44068 connected to 192.168.0.10 port 5201
+    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
+    [  5]   0.00-1.00   sec  36.2 MBytes   303 Mbits/sec    0    344 KBytes       
+    [  5]   1.00-2.00   sec  36.2 MBytes   303 Mbits/sec    0    393 KBytes       
+    [  5]   2.00-3.00   sec  32.3 MBytes   271 Mbits/sec    0    393 KBytes       
+    [  5]   3.00-4.00   sec  27.5 MBytes   230 Mbits/sec    0    393 KBytes       
+    [  5]   4.00-5.00   sec  35.9 MBytes   301 Mbits/sec    0    424 KBytes       
+    [  5]   5.00-6.00   sec  36.0 MBytes   302 Mbits/sec   27    341 KBytes       
+    [  5]   6.00-7.00   sec  35.9 MBytes   301 Mbits/sec    0    382 KBytes       
+    [  5]   7.00-8.00   sec  32.1 MBytes   269 Mbits/sec    0    382 KBytes       
+    [  5]   8.00-9.00   sec  27.0 MBytes   227 Mbits/sec    0    382 KBytes       
+    [  5]   9.00-10.00  sec  36.0 MBytes   302 Mbits/sec   48    315 KBytes       
+    - - - - - - - - - - - - - - - - - - - - - - - - -
+    [ ID] Interval           Transfer     Bitrate         Retr
+    [  5]   0.00-10.00  sec   335 MBytes   281 Mbits/sec   75             sender
+    [  5]   0.00-10.03  sec   333 MBytes   279 Mbits/sec                  receiver
+
+    iperf Done.
+
+Between octavia and [[server/marcos]]:
+
+    anarcat@marcos:~(master)$ iperf3 -c 192.168.0.1
+    Connecting to host 192.168.0.1, port 5201
+    [  5] local 192.168.0.3 port 50918 connected to 192.168.0.1 port 5201
+    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
+    [  5]   0.00-1.00   sec   114 MBytes   956 Mbits/sec    0    448 KBytes       
+    [  5]   1.00-2.00   sec   113 MBytes   948 Mbits/sec    0    469 KBytes       
+    [  5]   2.00-3.00   sec   112 MBytes   941 Mbits/sec    0    513 KBytes       
+    [  5]   3.00-4.00   sec   112 MBytes   942 Mbits/sec    0    513 KBytes       
+    [  5]   4.00-5.00   sec   112 MBytes   939 Mbits/sec    0    540 KBytes       
+    [  5]   5.00-6.00   sec   112 MBytes   941 Mbits/sec    0    540 KBytes       
+    [  5]   6.00-7.00   sec   112 MBytes   943 Mbits/sec    0    540 KBytes       
+    [  5]   7.00-8.00   sec   112 MBytes   936 Mbits/sec    0    540 KBytes       
+    [  5]   8.00-9.00   sec   112 MBytes   942 Mbits/sec    0    540 KBytes       
+    [  5]   9.00-10.00  sec   113 MBytes   947 Mbits/sec    0    567 KBytes       
+    - - - - - - - - - - - - - - - - - - - - - - - - -
+    [ ID] Interval           Transfer     Bitrate         Retr
+    [  5]   0.00-10.00  sec  1.10 GBytes   944 Mbits/sec    0             sender
+    [  5]   0.00-10.02  sec  1.10 GBytes   940 Mbits/sec                  receiver
+
+    iperf Done.
+
+... which proves octavia is not the bottleneck: the tp-link is (and,
+unrelatedly, angela's gigabit adapter as well, but we could still
+reproduce without it).
+
+Wireless network
+----------------
+
+Over 2.4GHz:
+
+    root@angela:/home/anarcat# iperf3 -c 192.168.0.10
+    Connecting to host 192.168.0.10, port 5201
+    [  5] local 192.168.0.152 port 59030 connected to 192.168.0.10 port 5201
+    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
+    [  5]   0.00-1.00   sec  5.71 MBytes  47.9 Mbits/sec    0    325 KBytes       
+    [  5]   1.00-2.00   sec  5.72 MBytes  48.0 Mbits/sec    0    359 KBytes       
+    [  5]   2.00-3.00   sec  4.23 MBytes  35.4 Mbits/sec    0    423 KBytes       
+    [  5]   3.00-4.00   sec  6.59 MBytes  55.3 Mbits/sec    0    444 KBytes       
+    [  5]   4.00-5.00   sec  5.84 MBytes  49.0 Mbits/sec    0    465 KBytes       
+    [  5]   5.00-6.00   sec  4.16 MBytes  34.9 Mbits/sec    0    489 KBytes       
+    [  5]   6.00-7.00   sec  4.47 MBytes  37.5 Mbits/sec    0    489 KBytes       
+    [  5]   7.00-8.00   sec  4.41 MBytes  37.0 Mbits/sec    0    489 KBytes       
+    [  5]   8.00-9.00   sec  5.03 MBytes  42.2 Mbits/sec    0    489 KBytes       
+    [  5]   9.00-10.00  sec  4.29 MBytes  36.0 Mbits/sec    0    489 KBytes       
+    - - - - - - - - - - - - - - - - - - - - - - - - -
+    [ ID] Interval           Transfer     Bitrate         Retr
+    [  5]   0.00-10.00  sec  50.5 MBytes  42.3 Mbits/sec    0             sender
+    [  5]   0.00-10.01  sec  48.3 MBytes  40.5 Mbits/sec                  receiver
+
+    iperf Done.
+
+`iwconfig` was showing:
+
+    wlp2s0    IEEE 802.11  ESSID:"CrapN6-emma"  
+              Mode:Managed  Frequency:2.412 GHz  Access Point: B0:95:75:41:E7:C1   
+              Bit Rate=144.4 Mb/s   Tx-Power=15 dBm   
+              Retry short limit:7   RTS thr:off   Fragment thr:off
+              Power Management:off
+              Link Quality=70/70  Signal level=-22 dBm  
+              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
+              Tx excessive retries:1  Invalid misc:104   Missed beacon:0
+
+So the 40Mbps is actually disappointing here. It's possible
+neighboring access points caused interference.
+
+Over 5GHz:
+
+    root@angela:/home/anarcat# iperf3 -c 192.168.0.10
+    Connecting to host 192.168.0.10, port 5201
+    [  5] local 192.168.0.152 port 59148 connected to 192.168.0.10 port 5201
+    [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
+    [  5]   0.00-1.00   sec  8.45 MBytes  70.9 Mbits/sec    1    348 KBytes       
+    [  5]   1.00-2.00   sec  12.6 MBytes   106 Mbits/sec    0    488 KBytes       
+    [  5]   2.00-3.00   sec  6.46 MBytes  54.2 Mbits/sec    0    488 KBytes       
+    [  5]   3.00-4.00   sec  5.29 MBytes  44.4 Mbits/sec    0    488 KBytes       
+    [  5]   4.00-5.00   sec  6.14 MBytes  51.5 Mbits/sec    1    488 KBytes       
+    [  5]   5.00-6.00   sec  5.10 MBytes  42.7 Mbits/sec    0    488 KBytes       
+    [  5]   6.00-7.00   sec  6.96 MBytes  58.4 Mbits/sec    1    488 KBytes       
+    [  5]   7.00-8.00   sec  7.71 MBytes  64.6 Mbits/sec    0    488 KBytes       
+    [  5]   8.00-9.00   sec  7.27 MBytes  61.0 Mbits/sec    0    488 KBytes       
+    [  5]   9.00-10.00  sec  7.33 MBytes  61.5 Mbits/sec    0    488 KBytes       
+    - - - - - - - - - - - - - - - - - - - - - - - - -
+    [ ID] Interval           Transfer     Bitrate         Retr
+    [  5]   0.00-10.00  sec  73.3 MBytes  61.5 Mbits/sec    3             sender
+    [  5]   0.00-10.11  sec  70.6 MBytes  58.6 Mbits/sec                  receiver
+
+    iperf Done.
+
+I had trouble connecting to the router over 5GHz and web browsing
+performance was bad (Wikipedia would not load properly). Still it said
+it was supposed to deliver 300mbps:
+
+    wlp2s0    IEEE 802.11  ESSID:"CrapN6-5GHz-emma"  
+              Mode:Managed  Frequency:5.745 GHz  Access Point: B0:95:75:41:E7:C0   
+              Bit Rate=300 Mb/s   Tx-Power=17 dBm   
+              Retry short limit:7   RTS thr:off   Fragment thr:off
+              Power Management:off

(Diff truncated)
fix url
diff --git a/services/dns.mdwn b/services/dns.mdwn
index c61041c7..6a804b38 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -47,7 +47,7 @@ femmes. Exemples utilisés:
  * [[hardware/octavia]] ([E. Butler](https://en.wikipedia.org/wiki/Octavia_E._Butler))
  * [[hardware/ursula]] ([K. Le Guin](https://en.wikipedia.org/wiki/Ursula_K._Le_Guin))
  * [[hardware/server/mafalda]] ([yes, the character](https://en.wikipedia.org/wiki/Mafalda))
- * [[hardware/plastik]] (a "piece of plastic")
+ * [[hardware/server/plastik]] (a "piece of plastic")
 
 Utilisés par le passé:
 

add references and emma
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 4bab2373..c61041c7 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -38,21 +38,22 @@ Les noms des machines sur le réseau sont des personalités ou autrices
 inspirantes (politiquement ou autre), préférablement des
 femmes. Exemples utilisés:
 
- * (el commandante) [[hardware/server/marcos]]
- * [[hardware/angela]] (Davis)
- * (Margaret) Atwood
- * (Marie) [[hardware/curie]]
- * (Richard) dawkins
- * [[hardware/octavia]] (Butler)
- * [[hardware/ursula]] (K. Le Guin)
- * [[hardware/server/mafalda]]
- * [[hardware/plastik]]
+ * ([Subcommandante](https://en.wikipedia.org/wiki/Subcomandante_Marcos)) [[hardware/server/marcos]]
+ * [[hardware/angela]] ([Davis](https://en.wikipedia.org/wiki/Angela_Davis))
+ * ([Margaret](https://en.wikipedia.org/wiki/Margaret_Atwood)) Atwood
+ * ([Marie](https://en.wikipedia.org/wiki/Marie_Curie)) [[hardware/curie]]
+ * ([Richard](https://en.wikipedia.org/wiki/Richard_Dawkins)) dawkins
+ * emma ([Goldman](https://en.wikipedia.org/wiki/Emma_Goldman))
+ * [[hardware/octavia]] ([E. Butler](https://en.wikipedia.org/wiki/Octavia_E._Butler))
+ * [[hardware/ursula]] ([K. Le Guin](https://en.wikipedia.org/wiki/Ursula_K._Le_Guin))
+ * [[hardware/server/mafalda]] ([yes, the character](https://en.wikipedia.org/wiki/Mafalda))
+ * [[hardware/plastik]] (a "piece of plastic")
 
 Utilisés par le passé:
 
  * [[hardware/server/lenny]] - origin forgotten
  * marvin - origin forgotten
- * mumia (Abu Jamal)
+ * mumia ([Abu Jamal](https://en.wikipedia.org/wiki/Mumia_Abu-Jamal))
  * roadkill
  * [[hardware/server/roadkiller]]
 

document known names
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 0f9e387f..4bab2373 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -31,6 +31,35 @@ Documentation locale
  * [[dnssec]] - la validation des noms de domaines
  * [[migration]] - comment migrer vers une nouvelle IP
 
+Convention de noms
+==================
+
+Les noms des machines sur le réseau sont des personalités ou autrices
+inspirantes (politiquement ou autre), préférablement des
+femmes. Exemples utilisés:
+
+ * (el commandante) [[hardware/server/marcos]]
+ * [[hardware/angela]] (Davis)
+ * (Margaret) Atwood
+ * (Marie) [[hardware/curie]]
+ * (Richard) dawkins
+ * [[hardware/octavia]] (Butler)
+ * [[hardware/ursula]] (K. Le Guin)
+ * [[hardware/server/mafalda]]
+ * [[hardware/plastik]]
+
+Utilisés par le passé:
+
+ * [[hardware/server/lenny]] - origin forgotten
+ * marvin - origin forgotten
+ * mumia (Abu Jamal)
+ * roadkill
+ * [[hardware/server/roadkiller]]
+
+Autres idées:
+
+ * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond)
+
 Relié
 =====
 

remove test comments
diff --git a/blog/2020-04-27-drowning-camera/comment_1_07f43231a14d0ee6e78d1030aa6a7985._comment b/blog/2020-04-27-drowning-camera/comment_1_07f43231a14d0ee6e78d1030aa6a7985._comment
deleted file mode 100644
index 66d9ec47..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_07f43231a14d0ee6e78d1030aa6a7985._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="192.168.0.116"
- claimedauthor="spammer name"
- url="example.com"
- subject="subject"
- date="2020-05-27T04:00:23Z"
- content="""
-spammy comment
-"""]]
diff --git a/blog/2020-04-27-drowning-camera/comment_1_502d3046f8db0210ff544738112f04f1._comment b/blog/2020-04-27-drowning-camera/comment_1_502d3046f8db0210ff544738112f04f1._comment
deleted file mode 100644
index 75e708dd..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_502d3046f8db0210ff544738112f04f1._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="192.168.0.116"
- claimedauthor="spammer name"
- url="example.com"
- subject="subject"
- date="2020-05-27T03:41:17Z"
- content="""
-spammy comment
-"""]]

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_1_62335f3c8f73f1225334816487995f76._comment b/blog/2020-04-27-drowning-camera/comment_1_62335f3c8f73f1225334816487995f76._comment
deleted file mode 100644
index cb07362b..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_62335f3c8f73f1225334816487995f76._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="208.111.65.10"
- claimedauthor="test"
- url="test website"
- subject="test subject"
- date="2020-05-27T15:10:09Z"
- content="""
-this is the commetn's body
-"""]]

approve comment
diff --git a/blog/2020-04-27-drowning-camera/comment_1_62335f3c8f73f1225334816487995f76._comment b/blog/2020-04-27-drowning-camera/comment_1_62335f3c8f73f1225334816487995f76._comment
new file mode 100644
index 00000000..cb07362b
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_62335f3c8f73f1225334816487995f76._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="208.111.65.10"
+ claimedauthor="test"
+ url="test website"
+ subject="test subject"
+ date="2020-05-27T15:10:09Z"
+ content="""
+this is the commetn's body
+"""]]

approve comment
diff --git a/blog/2020-04-27-drowning-camera/comment_1_07f43231a14d0ee6e78d1030aa6a7985._comment b/blog/2020-04-27-drowning-camera/comment_1_07f43231a14d0ee6e78d1030aa6a7985._comment
new file mode 100644
index 00000000..66d9ec47
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_07f43231a14d0ee6e78d1030aa6a7985._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="192.168.0.116"
+ claimedauthor="spammer name"
+ url="example.com"
+ subject="subject"
+ date="2020-05-27T04:00:23Z"
+ content="""
+spammy comment
+"""]]

Comment moderation
diff --git a/blog/2020-04-27-drowning-camera/comment_1_502d3046f8db0210ff544738112f04f1._comment b/blog/2020-04-27-drowning-camera/comment_1_502d3046f8db0210ff544738112f04f1._comment
new file mode 100644
index 00000000..75e708dd
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_502d3046f8db0210ff544738112f04f1._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="192.168.0.116"
+ claimedauthor="spammer name"
+ url="example.com"
+ subject="subject"
+ date="2020-05-27T03:41:17Z"
+ content="""
+spammy comment
+"""]]

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_2_712ef800ffe47d9bb492f4c935f81bf3._comment b/blog/2020-04-27-drowning-camera/comment_2_712ef800ffe47d9bb492f4c935f81bf3._comment
deleted file mode 100644
index 5161af2a..00000000
--- a/blog/2020-04-27-drowning-camera/comment_2_712ef800ffe47d9bb492f4c935f81bf3._comment
+++ /dev/null
@@ -1,8 +0,0 @@
-[[!comment format=mdwn
- ip="192.168.0.116"
- claimedauthor="spammer2"
- subject="another spam test"
- date="2020-05-27T00:12:06Z"
- content="""
-test
-"""]]

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_1_f4f99921837deb77857a6cc7b682269c._comment b/blog/2020-04-27-drowning-camera/comment_1_f4f99921837deb77857a6cc7b682269c._comment
deleted file mode 100644
index 361294e8..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_f4f99921837deb77857a6cc7b682269c._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="192.168.0.116"
- claimedauthor="spammer"
- url="http://spammer.example.net/"
- subject="this is a spammy comment"
- date="2020-05-27T00:09:27Z"
- content="""
-this is spam, obviosuly. a test.
-"""]]

Added a comment: another spam test
diff --git a/blog/2020-04-27-drowning-camera/comment_2_712ef800ffe47d9bb492f4c935f81bf3._comment b/blog/2020-04-27-drowning-camera/comment_2_712ef800ffe47d9bb492f4c935f81bf3._comment
new file mode 100644
index 00000000..5161af2a
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_2_712ef800ffe47d9bb492f4c935f81bf3._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ ip="192.168.0.116"
+ claimedauthor="spammer2"
+ subject="another spam test"
+ date="2020-05-27T00:12:06Z"
+ content="""
+test
+"""]]

Added a comment: this is a spammy comment
diff --git a/blog/2020-04-27-drowning-camera/comment_1_f4f99921837deb77857a6cc7b682269c._comment b/blog/2020-04-27-drowning-camera/comment_1_f4f99921837deb77857a6cc7b682269c._comment
new file mode 100644
index 00000000..361294e8
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_f4f99921837deb77857a6cc7b682269c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="192.168.0.116"
+ claimedauthor="spammer"
+ url="http://spammer.example.net/"
+ subject="this is a spammy comment"
+ date="2020-05-27T00:09:27Z"
+ content="""
+this is spam, obviosuly. a test.
+"""]]

more fucking spam
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_1_93f28878da00874db95b5517e948773c._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_1_93f28878da00874db95b5517e948773c._comment
deleted file mode 100644
index 66593b40..00000000
--- a/blog/2017-09-01-free-software-activities-august-2017/comment_1_93f28878da00874db95b5517e948773c._comment
+++ /dev/null
@@ -1,14 +0,0 @@
-[[!comment format=mdwn
- ip="103.73.164.234"
- claimedauthor="RajabandarQ"
- url="http://202.95.10.208"
- subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
- date="2020-05-26T23:07:42Z"
- content="""
-Mau Dapatkan Uang Dengan Mudah...
-Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
-
-Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
-"""]]
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_2_7265fae6e1d149e61f9973b232cec900._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_2_7265fae6e1d149e61f9973b232cec900._comment
deleted file mode 100644
index 536cc1b3..00000000
--- a/blog/2017-09-01-free-software-activities-august-2017/comment_2_7265fae6e1d149e61f9973b232cec900._comment
+++ /dev/null
@@ -1,14 +0,0 @@
-[[!comment format=mdwn
- ip="103.73.164.234"
- claimedauthor="RajabandarQ"
- url="http://202.95.10.208"
- subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
- date="2020-05-26T23:08:05Z"
- content="""
-Mau Dapatkan Uang Dengan Mudah...
-Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
-
-Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
-"""]]
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_3_105fa59ba2598239b7399c000fbaec51._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_3_105fa59ba2598239b7399c000fbaec51._comment
deleted file mode 100644
index eb506703..00000000
--- a/blog/2017-09-01-free-software-activities-august-2017/comment_3_105fa59ba2598239b7399c000fbaec51._comment
+++ /dev/null
@@ -1,14 +0,0 @@
-[[!comment format=mdwn
- ip="103.73.164.234"
- claimedauthor="RajabandarQ"
- url="http://202.95.10.208"
- subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
- date="2020-05-26T23:08:28Z"
- content="""
-Mau Dapatkan Uang Dengan Mudah...
-Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
-
-Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
-"""]]

removed
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_4_34ed57aceb6388eb623ac25ce92b0db1._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_4_34ed57aceb6388eb623ac25ce92b0db1._comment
deleted file mode 100644
index 17d56368..00000000
--- a/blog/2017-09-01-free-software-activities-august-2017/comment_4_34ed57aceb6388eb623ac25ce92b0db1._comment
+++ /dev/null
@@ -1,14 +0,0 @@
-[[!comment format=mdwn
- ip="103.73.164.234"
- claimedauthor="RajabandarQ"
- url="http://202.95.10.208"
- subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
- date="2020-05-26T23:08:51Z"
- content="""
-Mau Dapatkan Uang Dengan Mudah...
-Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
-
-Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
-Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
-"""]]

Added a comment: RajabandarQ: Situs Bandarq, DominoQQ, Poker Online
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_4_34ed57aceb6388eb623ac25ce92b0db1._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_4_34ed57aceb6388eb623ac25ce92b0db1._comment
new file mode 100644
index 00000000..17d56368
--- /dev/null
+++ b/blog/2017-09-01-free-software-activities-august-2017/comment_4_34ed57aceb6388eb623ac25ce92b0db1._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ ip="103.73.164.234"
+ claimedauthor="RajabandarQ"
+ url="http://202.95.10.208"
+ subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
+ date="2020-05-26T23:08:51Z"
+ content="""
+Mau Dapatkan Uang Dengan Mudah...
+Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
+
+Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
+"""]]

Added a comment: RajabandarQ: Situs Bandarq, DominoQQ, Poker Online
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_3_105fa59ba2598239b7399c000fbaec51._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_3_105fa59ba2598239b7399c000fbaec51._comment
new file mode 100644
index 00000000..eb506703
--- /dev/null
+++ b/blog/2017-09-01-free-software-activities-august-2017/comment_3_105fa59ba2598239b7399c000fbaec51._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ ip="103.73.164.234"
+ claimedauthor="RajabandarQ"
+ url="http://202.95.10.208"
+ subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
+ date="2020-05-26T23:08:28Z"
+ content="""
+Mau Dapatkan Uang Dengan Mudah...
+Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
+
+Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
+"""]]

Added a comment: RajabandarQ: Situs Bandarq, DominoQQ, Poker Online
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_2_7265fae6e1d149e61f9973b232cec900._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_2_7265fae6e1d149e61f9973b232cec900._comment
new file mode 100644
index 00000000..536cc1b3
--- /dev/null
+++ b/blog/2017-09-01-free-software-activities-august-2017/comment_2_7265fae6e1d149e61f9973b232cec900._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ ip="103.73.164.234"
+ claimedauthor="RajabandarQ"
+ url="http://202.95.10.208"
+ subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
+ date="2020-05-26T23:08:05Z"
+ content="""
+Mau Dapatkan Uang Dengan Mudah...
+Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
+
+Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
+"""]]

Added a comment: RajabandarQ: Situs Bandarq, DominoQQ, Poker Online
diff --git a/blog/2017-09-01-free-software-activities-august-2017/comment_1_93f28878da00874db95b5517e948773c._comment b/blog/2017-09-01-free-software-activities-august-2017/comment_1_93f28878da00874db95b5517e948773c._comment
new file mode 100644
index 00000000..66593b40
--- /dev/null
+++ b/blog/2017-09-01-free-software-activities-august-2017/comment_1_93f28878da00874db95b5517e948773c._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ ip="103.73.164.234"
+ claimedauthor="RajabandarQ"
+ url="http://202.95.10.208"
+ subject="RajabandarQ: Situs Bandarq, DominoQQ, Poker Online"
+ date="2020-05-26T23:07:42Z"
+ content="""
+Mau Dapatkan Uang Dengan Mudah...
+Yuk join bersama <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a> Situs Bandarq, DominoQQ, Poker Online terbaik di asia dengan 9 game yang paling seru...
+
+Buruan Daftar Disini >>> <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Rajabandarq</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Situs BandarQ</a>
+Klik Disini : <a href=\"http://202.95.10.208/\" rel=\"nofollow\">Poker Online</a>
+"""]]

fix typo, thanks u.
diff --git a/services/mail/syncmaildir.mdwn b/services/mail/syncmaildir.mdwn
index 0368a370..fa5caa8f 100644
--- a/services/mail/syncmaildir.mdwn
+++ b/services/mail/syncmaildir.mdwn
@@ -5,7 +5,7 @@ page documents how that process was done and the SMD configuration.
 
 [syncmaildir]: https://github.com/gares/syncmaildir
 
-I tried to follow the official procedure to migrate from OfflienIMAP
+I tried to follow the official procedure to migrate from OfflineIMAP
 to SMD. I hit some difficulties, which I documented in upstream
 issues. What follows is the detailed test procedure I followed to test
 the synchronization and notes about the process.

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_1_79876e7f57608534a1e3cebea4f2a2fd._comment b/blog/2020-04-27-drowning-camera/comment_1_79876e7f57608534a1e3cebea4f2a2fd._comment
deleted file mode 100644
index 2662d3b7..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_79876e7f57608534a1e3cebea4f2a2fd._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="5.248.226.19"
- claimedauthor="edoejiasef"
- url="http://mewkid.net/when-is-xaxlop/"
- subject="If fovea, lonely predicament each burrow charged. "
- date="2020-05-25T16:21:47Z"
- content="""
-http://mewkid.net/when-is-xaxlop/ - Buy Amoxicillin Online <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxil Dose For 55 Pounds</a> vpr.lxkg.davidalfonso.es.aga.ww http://mewkid.net/when-is-xaxlop/
-"""]]

Added a comment: If fovea, lonely predicament each burrow charged.
diff --git a/blog/2020-04-27-drowning-camera/comment_1_79876e7f57608534a1e3cebea4f2a2fd._comment b/blog/2020-04-27-drowning-camera/comment_1_79876e7f57608534a1e3cebea4f2a2fd._comment
new file mode 100644
index 00000000..2662d3b7
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_79876e7f57608534a1e3cebea4f2a2fd._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="5.248.226.19"
+ claimedauthor="edoejiasef"
+ url="http://mewkid.net/when-is-xaxlop/"
+ subject="If fovea, lonely predicament each burrow charged. "
+ date="2020-05-25T16:21:47Z"
+ content="""
+http://mewkid.net/when-is-xaxlop/ - Buy Amoxicillin Online <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxil Dose For 55 Pounds</a> vpr.lxkg.davidalfonso.es.aga.ww http://mewkid.net/when-is-xaxlop/
+"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_ed20bcc4a2a4b9ca79ba3aa27f9e3d81._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_ed20bcc4a2a4b9ca79ba3aa27f9e3d81._comment
deleted file mode 100644
index c8d4adb2..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_ed20bcc4a2a4b9ca79ba3aa27f9e3d81._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="110.82.167.108"
- claimedauthor="hotlimon"
- url="http://www.hotlimon.com/"
- subject="hotlimon"
- date="2020-05-25T03:48:07Z"
- content="""
-<a href=\"http://www.soanuncios.com/knitted-baby-boy-hats-patterns-books-hat_pl\">knitted baby boy hats patterns books</a> <a href=\"http://www.maeblooms.com/lebron-11-all-white-gold-trainers_ge\">lebron 11 all white gold</a> <a href=\"http://www.vesissb.com/all-white-air-jordan-5-shoes-uk-cheap_ie\">all white air jordan 5 shoes uk</a> <a href=\"http://www.kreshme.com/where-can-i-acquistare-adidas-nmd-runner-shoe_bo\">where can i acquistare adidas nmd runner</a> <a href=\"http://www.dominiclb.com/new-curry-shoes-grey-purple-shoes-on-sale-running_pt\">new curry shoes grey purple shoes on sale</a> <a href=\"http://www.mrchiizu.com/dirk-nowitzki-jersey-city-edition-nfl_de\">dirk nowitzki jersey city edition</a>
-"""]]

Added a comment: hotlimon
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_ed20bcc4a2a4b9ca79ba3aa27f9e3d81._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_ed20bcc4a2a4b9ca79ba3aa27f9e3d81._comment
new file mode 100644
index 00000000..c8d4adb2
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_ed20bcc4a2a4b9ca79ba3aa27f9e3d81._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="110.82.167.108"
+ claimedauthor="hotlimon"
+ url="http://www.hotlimon.com/"
+ subject="hotlimon"
+ date="2020-05-25T03:48:07Z"
+ content="""
+<a href=\"http://www.soanuncios.com/knitted-baby-boy-hats-patterns-books-hat_pl\">knitted baby boy hats patterns books</a> <a href=\"http://www.maeblooms.com/lebron-11-all-white-gold-trainers_ge\">lebron 11 all white gold</a> <a href=\"http://www.vesissb.com/all-white-air-jordan-5-shoes-uk-cheap_ie\">all white air jordan 5 shoes uk</a> <a href=\"http://www.kreshme.com/where-can-i-acquistare-adidas-nmd-runner-shoe_bo\">where can i acquistare adidas nmd runner</a> <a href=\"http://www.dominiclb.com/new-curry-shoes-grey-purple-shoes-on-sale-running_pt\">new curry shoes grey purple shoes on sale</a> <a href=\"http://www.mrchiizu.com/dirk-nowitzki-jersey-city-edition-nfl_de\">dirk nowitzki jersey city edition</a>
+"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_fe2f89514a9d068be5378687d08bf384._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_fe2f89514a9d068be5378687d08bf384._comment
deleted file mode 100644
index ad54959c..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_fe2f89514a9d068be5378687d08bf384._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="59.58.149.212"
- claimedauthor="kaewwern"
- url="http://www.kaewwern.com/"
- subject="kaewwern"
- date="2020-05-24T23:20:34Z"
- content="""
-<a href=\"http://www.taylorsifts.com/black-and-red-kansas-city-royals-hat-hats-hat_en\">black and red kansas city royals hat hats</a> <a href=\"http://www.nlmczech.com/adidas-yeezy-boost-350-release-date-quote-sneakers_de\">adidas yeezy boost 350 release date quote</a> <a href=\"http://www.sanbilizi.com/jordan-3-black-and-grey-for-canada-cheap_ca\">jordan 3 black and grey for canada</a> <a href=\"http://www.bordalba.com/nmd-adidas-us-sale-sports_it\">nmd adidas us sale</a> <a href=\"http://www.gliclub.com/jay-z-made-the-yankee-hat-famous-billig-hat__dk\">jay z made the yankee hat famous billig</a> <a href=\"http://www.detikwin.com/air-max-tailwind-8-release-date-youtube-shoe_es\">air max tailwind 8 release date youtube</a>
-"""]]

Added a comment: kaewwern
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_fe2f89514a9d068be5378687d08bf384._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_fe2f89514a9d068be5378687d08bf384._comment
new file mode 100644
index 00000000..ad54959c
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_fe2f89514a9d068be5378687d08bf384._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="59.58.149.212"
+ claimedauthor="kaewwern"
+ url="http://www.kaewwern.com/"
+ subject="kaewwern"
+ date="2020-05-24T23:20:34Z"
+ content="""
+<a href=\"http://www.taylorsifts.com/black-and-red-kansas-city-royals-hat-hats-hat_en\">black and red kansas city royals hat hats</a> <a href=\"http://www.nlmczech.com/adidas-yeezy-boost-350-release-date-quote-sneakers_de\">adidas yeezy boost 350 release date quote</a> <a href=\"http://www.sanbilizi.com/jordan-3-black-and-grey-for-canada-cheap_ca\">jordan 3 black and grey for canada</a> <a href=\"http://www.bordalba.com/nmd-adidas-us-sale-sports_it\">nmd adidas us sale</a> <a href=\"http://www.gliclub.com/jay-z-made-the-yankee-hat-famous-billig-hat__dk\">jay z made the yankee hat famous billig</a> <a href=\"http://www.detikwin.com/air-max-tailwind-8-release-date-youtube-shoe_es\">air max tailwind 8 release date youtube</a>
+"""]]

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_1_3bb1aac1fbdd5dad1fc2b39c7c5c8b2b._comment b/blog/2020-04-27-drowning-camera/comment_1_3bb1aac1fbdd5dad1fc2b39c7c5c8b2b._comment
deleted file mode 100644
index 9fb8f9bf..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_3bb1aac1fbdd5dad1fc2b39c7c5c8b2b._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="37.229.204.155"
- claimedauthor="isaxoqhwouy"
- url="http://mewkid.net/when-is-xaxlop/"
- subject="Often healed, amylase benefits, undrainable ergonomic axillae. "
- date="2020-05-22T19:36:41Z"
- content="""
-http://mewkid.net/when-is-xaxlop/ - Buy Amoxil Online <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxicillin 500 Mg</a> awe.uwsx.davidalfonso.es.vwz.dv http://mewkid.net/when-is-xaxlop/
-"""]]

Added a comment: Often healed, amylase benefits, undrainable ergonomic axillae.
diff --git a/blog/2020-04-27-drowning-camera/comment_1_3bb1aac1fbdd5dad1fc2b39c7c5c8b2b._comment b/blog/2020-04-27-drowning-camera/comment_1_3bb1aac1fbdd5dad1fc2b39c7c5c8b2b._comment
new file mode 100644
index 00000000..9fb8f9bf
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_3bb1aac1fbdd5dad1fc2b39c7c5c8b2b._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="37.229.204.155"
+ claimedauthor="isaxoqhwouy"
+ url="http://mewkid.net/when-is-xaxlop/"
+ subject="Often healed, amylase benefits, undrainable ergonomic axillae. "
+ date="2020-05-22T19:36:41Z"
+ content="""
+http://mewkid.net/when-is-xaxlop/ - Buy Amoxil Online <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxicillin 500 Mg</a> awe.uwsx.davidalfonso.es.vwz.dv http://mewkid.net/when-is-xaxlop/
+"""]]

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_1_c62ff2f3a183c66095e14d6a21d1698e._comment b/blog/2020-04-27-drowning-camera/comment_1_c62ff2f3a183c66095e14d6a21d1698e._comment
deleted file mode 100644
index a0dd318a..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_c62ff2f3a183c66095e14d6a21d1698e._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=rst
- ip="37.229.204.155"
- claimedauthor="miqeweuxooyah"
- url="http://mewkid.net/when-is-xaxlop/"
- subject="Hair spot return happy pneumoconiosis, there. "
- date="2020-05-22T19:19:22Z"
- content="""
-http://mewkid.net/when-is-xaxlop/ - Buy Amoxicillin <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxicillin Online</a> tyn.kilv.davidalfonso.es.hvv.xg http://mewkid.net/when-is-xaxlop/
-"""]]

Added a comment: Hair spot return happy pneumoconiosis, there.
diff --git a/blog/2020-04-27-drowning-camera/comment_1_c62ff2f3a183c66095e14d6a21d1698e._comment b/blog/2020-04-27-drowning-camera/comment_1_c62ff2f3a183c66095e14d6a21d1698e._comment
new file mode 100644
index 00000000..a0dd318a
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_c62ff2f3a183c66095e14d6a21d1698e._comment
@@ -0,0 +1,9 @@
+[[!comment format=rst
+ ip="37.229.204.155"
+ claimedauthor="miqeweuxooyah"
+ url="http://mewkid.net/when-is-xaxlop/"
+ subject="Hair spot return happy pneumoconiosis, there. "
+ date="2020-05-22T19:19:22Z"
+ content="""
+http://mewkid.net/when-is-xaxlop/ - Buy Amoxicillin <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxicillin Online</a> tyn.kilv.davidalfonso.es.hvv.xg http://mewkid.net/when-is-xaxlop/
+"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_835d25eb114e2c54b3b063a81778d366._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_835d25eb114e2c54b3b063a81778d366._comment
deleted file mode 100644
index 43848cba..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_835d25eb114e2c54b3b063a81778d366._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="59.58.148.13"
- claimedauthor="taylorsifts"
- url="http://www.taylorsifts.com/"
- subject="taylorsifts"
- date="2020-05-21T00:42:21Z"
- content="""
-<a href=\"http://www.nlmluo.com/jordan-supreme-hats-1984-hat_cz\">jordan supreme hats 1984</a> <a href=\"http://www.rinajordi.com/nike-blazer-print-black-running_de\">nike blazer print black</a> <a href=\"http://www.hultcos.com/women-air-max-2017-all-black-shoes-for-cheap-sneakers_nz\">women air max 2017 all black shoes for cheap</a> <a href=\"http://www.uzmanpet.com/white-green-nike-kd-6-elite-series-for-uk-sports_si\">white green nike kd 6 elite series for uk</a> <a href=\"http://www.kmcases.com/city-puma-kit-for-cheap-nfl_en\">city puma kit for cheap</a> <a href=\"http://www.kaewwern.com/womens-cincinnati-reds-hat-hat_sk\">womens cincinnati reds hat</a>
-"""]]

Added a comment: taylorsifts
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_835d25eb114e2c54b3b063a81778d366._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_835d25eb114e2c54b3b063a81778d366._comment
new file mode 100644
index 00000000..43848cba
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_835d25eb114e2c54b3b063a81778d366._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="59.58.148.13"
+ claimedauthor="taylorsifts"
+ url="http://www.taylorsifts.com/"
+ subject="taylorsifts"
+ date="2020-05-21T00:42:21Z"
+ content="""
+<a href=\"http://www.nlmluo.com/jordan-supreme-hats-1984-hat_cz\">jordan supreme hats 1984</a> <a href=\"http://www.rinajordi.com/nike-blazer-print-black-running_de\">nike blazer print black</a> <a href=\"http://www.hultcos.com/women-air-max-2017-all-black-shoes-for-cheap-sneakers_nz\">women air max 2017 all black shoes for cheap</a> <a href=\"http://www.uzmanpet.com/white-green-nike-kd-6-elite-series-for-uk-sports_si\">white green nike kd 6 elite series for uk</a> <a href=\"http://www.kmcases.com/city-puma-kit-for-cheap-nfl_en\">city puma kit for cheap</a> <a href=\"http://www.kaewwern.com/womens-cincinnati-reds-hat-hat_sk\">womens cincinnati reds hat</a>
+"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_f80f267c9dc82a1821b161c2d22d0662._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_f80f267c9dc82a1821b161c2d22d0662._comment
deleted file mode 100644
index 9a826317..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_f80f267c9dc82a1821b161c2d22d0662._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="36.250.184.89"
- claimedauthor="uapole"
- url="http://www.uapole.com/"
- subject="uapole"
- date="2020-05-20T20:34:31Z"
- content="""
-<a href=\"http://www.gudangrumus.com/iphone-8-plus-case-power-bank-caseo\">iphone 8 plus case power bank</a> <a href=\"http://www.vidisurf.com/emu-rozowe-tenisq\">emu rozowe</a> <a href=\"http://www.freezingwind.com/pool-shoes-sports-direct-bootss\">pool shoes sports direct</a> <a href=\"http://www.oldzeros.com/nike-metcon-5.5-trainersp\">nike metcon 5.5</a> <a href=\"http://www.elliethedog.com/black-harrison-smith-jersey-nfld\">black harrison smith jersey</a> <a href=\"http://www.fyeahco.com/opinion-dr-martens-botap\">opinion dr martens</a>
- <a href=\"http://www.uapole.com/\" >uapole</a> [url=http://www.uapole.com/]uapole[/url]
-"""]]

Added a comment: uapole
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_f80f267c9dc82a1821b161c2d22d0662._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_f80f267c9dc82a1821b161c2d22d0662._comment
new file mode 100644
index 00000000..9a826317
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_f80f267c9dc82a1821b161c2d22d0662._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="36.250.184.89"
+ claimedauthor="uapole"
+ url="http://www.uapole.com/"
+ subject="uapole"
+ date="2020-05-20T20:34:31Z"
+ content="""
+<a href=\"http://www.gudangrumus.com/iphone-8-plus-case-power-bank-caseo\">iphone 8 plus case power bank</a> <a href=\"http://www.vidisurf.com/emu-rozowe-tenisq\">emu rozowe</a> <a href=\"http://www.freezingwind.com/pool-shoes-sports-direct-bootss\">pool shoes sports direct</a> <a href=\"http://www.oldzeros.com/nike-metcon-5.5-trainersp\">nike metcon 5.5</a> <a href=\"http://www.elliethedog.com/black-harrison-smith-jersey-nfld\">black harrison smith jersey</a> <a href=\"http://www.fyeahco.com/opinion-dr-martens-botap\">opinion dr martens</a>
+ <a href=\"http://www.uapole.com/\" >uapole</a> [url=http://www.uapole.com/]uapole[/url]
+"""]]

renew pgp key
diff --git a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe
index 6e4e226c..87688745 100644
Binary files a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe and b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe differ

document more of the OpenPGP renewal procedure
diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile
index ede803e0..6636f2e8 100644
--- a/.well-known/openpgpkey/Makefile
+++ b/.well-known/openpgpkey/Makefile
@@ -1,7 +1,28 @@
-.PHONY: hu
+.PHONY: all hu upload renew upload-tpo
 
 ADDRESS=anarcat@debian.org
+FINGERPRINT=8DC901CE64146C048AD50FBB792152527B75921E
+NEXT_EXPIRE=$(shell date -d '+1 year +1 month')
+TPO_KEYRING=~/src/tor/account-keyring/
+
+all: hu upload
+	@echo "run $(MAKE) renew all upload-tpo to make a full renewal"
+	@echo "this is not default because 'renew' and 'upload-tpo' are no idempotent"
 
 hu:
 	@echo "Consider switching to weasel's version in https://kushaldas.in/posts/setting-up-wkd.html"
 	generate-openpgpkey-hu-3 --address $(ADDRESS) --exist-ok
+
+upload:
+	gpg --keyserver keyring.debian.org --send-keys $(FINGERPRINT)
+	gpg --keyserver keys.openpgp.org --send-keys $(FINGERPRINT)
+	gpg --keyserver pool.sks-keyservers.net --send-keys $(FINGERPRINT)
+
+renew:
+	gpg --quick-set-expire $(FINGERPRINT) $(NEXT_EXPIRE)
+
+upload-tpo:
+	git -C $(TPO_KEYRING) pull
+	gpg --export --export-options export-minimal $(FINGERPRINT) > $(TPO_KEYRING)/torproject-keyring/anarcat-$(FINGERPRINT).gpg
+	git -C $(TPO_KEYRING) commit torproject-keyring/anarcat-$(FINGERPRINT).gpg
+	git -C $(TPO_KEYRING) push

silence a command
diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile
index a3a985e1..ede803e0 100644
--- a/.well-known/openpgpkey/Makefile
+++ b/.well-known/openpgpkey/Makefile
@@ -3,5 +3,5 @@
 ADDRESS=anarcat@debian.org
 
 hu:
-	echo "Consider switching to weasel's version in https://kushaldas.in/posts/setting-up-wkd.html"
+	@echo "Consider switching to weasel's version in https://kushaldas.in/posts/setting-up-wkd.html"
 	generate-openpgpkey-hu-3 --address $(ADDRESS) --exist-ok

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_1_9ae2ceaefdac171fa2bee26495f46d21._comment b/blog/2020-04-27-drowning-camera/comment_1_9ae2ceaefdac171fa2bee26495f46d21._comment
deleted file mode 100644
index f7d3509c..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_9ae2ceaefdac171fa2bee26495f46d21._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=rst
- ip="37.115.223.45"
- claimedauthor="imoseyue"
- url="http://mewkid.net/when-is-xaxlop/"
- subject="Pericardial site short-lived protrusions gel. "
- date="2020-05-18T20:37:14Z"
- content="""
-http://mewkid.net/when-is-xaxlop/ - 18 <a href=\"http://mewkid.net/when-is-xaxlop/\">Buy Amoxicillin</a> qbf.iwtc.davidalfonso.es.tbb.nz http://mewkid.net/when-is-xaxlop/
-"""]]

Added a comment: Pericardial site short-lived protrusions gel.
diff --git a/blog/2020-04-27-drowning-camera/comment_1_9ae2ceaefdac171fa2bee26495f46d21._comment b/blog/2020-04-27-drowning-camera/comment_1_9ae2ceaefdac171fa2bee26495f46d21._comment
new file mode 100644
index 00000000..f7d3509c
--- /dev/null
+++ b/blog/2020-04-27-drowning-camera/comment_1_9ae2ceaefdac171fa2bee26495f46d21._comment
@@ -0,0 +1,9 @@
+[[!comment format=rst
+ ip="37.115.223.45"
+ claimedauthor="imoseyue"
+ url="http://mewkid.net/when-is-xaxlop/"
+ subject="Pericardial site short-lived protrusions gel. "
+ date="2020-05-18T20:37:14Z"
+ content="""
+http://mewkid.net/when-is-xaxlop/ - 18 <a href=\"http://mewkid.net/when-is-xaxlop/\">Buy Amoxicillin</a> qbf.iwtc.davidalfonso.es.tbb.nz http://mewkid.net/when-is-xaxlop/
+"""]]

removed
diff --git a/blog/2020-04-27-drowning-camera/comment_1_2d854bc88485e11c6d94dccb0be28edc._comment b/blog/2020-04-27-drowning-camera/comment_1_2d854bc88485e11c6d94dccb0be28edc._comment
deleted file mode 100644
index 235a7da9..00000000
--- a/blog/2020-04-27-drowning-camera/comment_1_2d854bc88485e11c6d94dccb0be28edc._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="5.188.210.39"
- claimedauthor="Abermottom"
- url="http://amunlabs.com/rezz-dating.html"
- subject="birthday gift for someone you just started dating reddit  pfxs36"
- date="2020-05-18T06:46:34Z"
- content="""
-vice magazine online dating  <a href=\" http://amunlabs.com/dating-online-kauai.html \">dating online kauai</a>  subtitle dating alone  <a href=\" http://amunlabs.com/funny-chinese-dating-show.html \">funny chinese dating show</a>  dating with std websites  http://amunlabs.com/yeah-dating-is-cool-but.html  wife dating while separated 
-"""]]

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .