Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

zutty 0.8 released with the missing features
diff --git a/blog/2018-05-04-terminal-emulators-2/comment_4_428ade819987668bfeb8603f4d6841dd._comment b/blog/2018-05-04-terminal-emulators-2/comment_4_428ade819987668bfeb8603f4d6841dd._comment
index 336c5ad9..6ff5cf18 100644
--- a/blog/2018-05-04-terminal-emulators-2/comment_4_428ade819987668bfeb8603f4d6841dd._comment
+++ b/blog/2018-05-04-terminal-emulators-2/comment_4_428ade819987668bfeb8603f4d6841dd._comment
@@ -13,12 +13,12 @@ If I would do this review again today, it seems I would definitely need to inclu
  * good font handling
  * written in plain C++
 
-Major blockers for adoption:
+<del>Major blockers for adoption:</del>
 
- * lack of scrollback
+ * scrollback support
  * [support for *BOTH* PRIMARY or CLIPBOARD](https://github.com/tomszilagyi/zutty/issues/9), which i use often in rxvt
 
-But author seems open to improvements, so who knows.
+<del>But author seems open to improvements, so who knows.</del> Update: both were implemented! Very nice! I guess my only concern at switching now would be whether it will survive the Wayland apocalypse (whether that will come or not... ;) In theory, since it relies so much on OpenGL, Wayland shouldn't be "that hard"...
 
 Anyways, author did an excellent [latency review](https://tomscii.sig7.se/2021/01/Typing-latency-of-Zutty) and [general comparison](https://tomscii.sig7.se/2020/12/A-totally-biased-comparison-of-Zutty) that is definitely worth a read if you liked this article.
 """]]

another gizmo
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 0bb777c0..8524bc24 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -159,15 +159,20 @@ researched...
 Apparently, there's a "class compliant mode" which is compatible with
 ALSA, but it might be better to just use an analog mixer and feed the
 signal from each unmixed track into an USB audio interface like
-[this](https://www.long-mcquade.com/87374/Pro-Audio---Recording/Audio-Interfaces/Presonus/Studio-68-6-In-8-Out-USB-Audio-Interface.htm), instead of trying to shove everything into a single device.
-
-[Soundcraft EPM8]: https://www.soundcraft.com/en-US/products/epm8
+[this](https://www.long-mcquade.com/87374/Pro-Audio---Recording/Audio-Interfaces/Presonus/Studio-68-6-In-8-Out-USB-Audio-Interface.htm), instead of trying to shove everything into a single
+device.
 
 There was a lenghty conversation on the [Ardour forums](https://discourse.ardour.org/) about this
 topic, see:
 
 <https://discourse.ardour.org/t/hardware-mixer-recommendations-for-band-practice/100877/4>
 
+Update: `#debian-quebec` folks (tvaz, sten0) suggest looking at the
+[Motu brand](https://motu.com/), for example the [AVB 8A](https://motu.com/products/avb/8a) would be a good
+match. See also [this discussion](https://linuxmusicians.com/viewtopic.php?f=6&t=18046&hilit=tvaz&start=420), [and this](https://panther.kapsi.fi/posts/2020-02-02_motu_m4), [and this](https://linuxmusicians.com/viewtopic.php?f=6&t=18046&sid=b6155ce9b3142282113235dc8171a74f&start=525).
+
+[Soundcraft EPM8]: https://www.soundcraft.com/en-US/products/epm8
+
 Speakers
 ========
 

more audio stuff
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 657c94ec..0bb777c0 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -26,7 +26,8 @@ this at some point:
    "fusionner" les deux, [40$USD B&H](https://www.bhphotovideo.com/c/product/1213105-REG/antlion_audio_gdl_0422_modmic_4_0_cardioid.html), setup on the HD 280: a
    little "dongly" lots of wires and the modmic hangs on the side (or
    is in your face) when not in use which is a bit annoying. good
-   quality mic otherwise
+   quality mic otherwise. also used their [usb soundcard](http://web.archive.org/web/20190804221209/https://antlionaudio.com/collections/accessories/products/antlion-audio-usb-sound-card), might be
+   crap, unsure.
  * [Blue designs snowball](https://www.bluedesigns.com/products/snowball/#): 70$, omni mike, USB, [50$USD B&H](https://www.bhphotovideo.com/c/product/836611-REG/Blue_SNOWBALL_ICE_Snowball_USB_Condenser_Microphone.html).
    great sound, but not directional enough: when you use them for
    videoconferencing, they do pick up more outside noise than a mic
@@ -90,6 +91,8 @@ consider:
    replacement by B&H staff
  * Shure SE215 ([99$USD B&H](https://www.bhphotovideo.com/c/product/758628-REG/Shure_SE215_CL_SE215_Sound_Isolating_In_Ear_Stereo.html) + [30$USD for the mic](https://www.bhphotovideo.com/c/product/1398214-REG/shure_rmce_uni_3_5mm_earphone_communication_cable.html)),
    recommended by B&H staff as a Mee Audio replacement
+ * [Blue audio Yeticaster](https://www.bluemic.com/en-us/products/yeticaster/) ([200$USD B&H](https://www.bhphotovideo.com/c/product/1385877-REG/blue_yeticaster_prodessional_broadcast_bundle.html?fromDisList=y)), includes boom, cable
+   management, and excellent audio, [recommended by jvoisin](https://dustri.org/b/my-writing-code-from-home-setup.html)
 
 XLR jacks and recording
 =======================

another interesting laptop
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 34ad9c90..f1cfc4c5 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -33,6 +33,15 @@ Modèles
 
 Comparateur: https://www.thelaptoplist.com/
 
+Frame work
+----------
+
+<https://frame.work/>
+
+ * easily repairable (qrcodes pointing to repair guides!)
+ * modular ports, replacable mainboard
+ * no price announced yet (feb 2021)
+
 GPD pocket
 ----------
 

approve comment
diff --git a/blog/2021-01-13-new-phone/comment_1_7b83204f3d945ed62d1c64fcf5ae21c0._comment b/blog/2021-01-13-new-phone/comment_1_7b83204f3d945ed62d1c64fcf5ae21c0._comment
new file mode 100644
index 00000000..83be2275
--- /dev/null
+++ b/blog/2021-01-13-new-phone/comment_1_7b83204f3d945ed62d1c64fcf5ae21c0._comment
@@ -0,0 +1,50 @@
+[[!comment format=mdwn
+ ip="27.147.206.237"
+ claimedauthor="jidpat ch"
+ subject="CalyxOS on Pixel 4a"
+ date="2021-02-25T14:56:41Z"
+ content="""
+i started using it and enjoying it on my Pixel 4a. 
+i researched a lot to work on it. i know this CalyxOS purpose is to DE google function or skip all the alternative service of Regular android apps. What i am doing right now is. i am flashed sunfish-factory-2020.09.22.12.zip which is older than the current one. after start i went to microG settings first Cloud messaging off then Google Device Registration and Safetynet off . then i logged in with Google account. it worked. then download vanced YouTube and did logging there too. then i downloaded Google maps ( yes i need this app because its perfect maps to navigate) from Apk mirror latest one . and installed it. in location privacy i choose google maps too. after everythig setup i turned on only google device Registration. it helps me to locate my location in maps. after everything is done i updated to lates update of CalyxoS
+For Contact backup i am using 
+First of all, go to https://www.google.com/settings/security/lesssecureapps With your account and enable the setting
+When logging in with DAVDroid, Use \"Login with URL and user name\"
+-- Base URL: https://www.google.com/calendar/dav/your_gmail_id@gmail.com/events
+-- User name: your_gmail_id@gmail.com
+-- Password: Your Google account password
+after update i installed latest Google cam from apk mirror 
+Currently i am using these apps 
+Airdroid
+Amazon music
+Bitwarden ( for password management)
+Bluetooth Audio widget
+Google calender ( it supports ur google calender sync with the help of microG)
+Davx1
+Google Drive ( some work related drive)
+Energy Ring
+Facebook
+Frost
+Gboard (  i need emoji in my keyboard so i cannot deny this google app)
+instagram
+Google app ( it dosent work but i can have weather clock  widget  on home)
+keep notes
+Google maps
+messenger
+yandex music ( for my backup songs)
+Google photos
+protonVpn
+Spotify
+telegram ( from fdroid)
+truecaller
+Vanced youtube
+yahoo mail
+WhatsApp
+For Snapchat there is a trick ( I downloaded Huawei app gallery then installed its snapchat app and Huawei service core app ) and i can now login to snapchat.
+
+to erase google completely easily is hard for our daily life
+but i am trying to shift NextCloud Slowly .
+
+i dont need Google service or extra things but yes its a smooth ram and i  think i am getting more battery .
+
+one thing i am missing is in recent i cannot select text .
+"""]]

note that trantor could also do collection browsing
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 70046f2e..5c940861 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -10,7 +10,7 @@ TL;DR: I'm considering replacing those various [Calibre][] compnents with...
  * ebook-viewer: using a Kobo or other ebook reader, possibly
    [Atril][] or [MuPDF][] on the desktop?
  * ebook-editor: [Sigil][].
- * collection browser: [Liber][]? see also [[services/bookmarks]]
+ * collection browser: [Liber][] or [trantor][]? see also [[services/bookmarks]]
  * metadata editor: no good alternative.
  * device synchronisation: [git-annex][]?
  * RSS reader: [feed2exec][], [wallabako][]
@@ -234,7 +234,9 @@ Calibre is...
    added by hand in the library. It somewhat assumes Calibre already
    exists, in a way, to properly curate the library and is more
    designed to be a search engine and book sharing system between
-   liber instances.
+   liber instances. This is something that [trantor][] might be better
+   at, although it doesn't use the Calibre database, so it might not
+   have as good metadata...
 
    This also connects with the more general "book inventory" problem I
    have which involves an inventory physical books and directory of

minimal could be replaced by ublock
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 2f444d03..2aa8fb00 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -34,9 +34,6 @@ I have those extensions installed and use them very frequently:
  * [GhostText][] (no debian package, [#910289](https://bugs.debian.org/910289), [source](https://github.com/GhostText/GhostText))- "It's all text" replacement
  * [Livemarks](https://addons.mozilla.org/en-US/firefox/addon/livemarks/) (no deb, [source](https://github.com/nt1m/livemarks)) or [Awesome RSS](https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/) (no deb,
    [source](https://github.com/shgysk8zer0/awesome-rss)) - replace the [Live bookmarks removal](https://support.mozilla.org/en-US/kb/live-bookmarks-migration)
- * [Minimal](https://addons.mozilla.org/en-US/firefox/addon/minimal-internet-experience/) ([homepage](https://minimal.community/)) - removes autoplay, search suggestions
-   and all sorts of junks from many websites (alternative:
-   [shutup](https://addons.mozilla.org/en-US/firefox/addon/shut-up-comment-blocker/), just for comments)
  * [uBlock Origin][] ([[!debpkg webext-ublock-origin desc="debian
    package"]], [source](https://github.com/gorhill/uBlock)) - making the web sane again
  * [Wallabager][] (no debian package, [source](https://github.com/wallabag/wallabagger)) - to YOLO a bunch
@@ -66,6 +63,10 @@ Ideally, all of those should be packaged for Debian.
 I am testing those and they might make it to the top list once I'm happy:
 
  * [display anchors](https://addons.mozilla.org/en-US/firefox/addon/display-_anchors/) (no deb, [source](https://github.com/Rob--W/display-anchors))
+ * [Minimal](https://addons.mozilla.org/en-US/firefox/addon/minimal-internet-experience/) ([homepage](https://minimal.community/)) - removes autoplay, search suggestions
+   and all sorts of junks from many websites (alternatives:
+   [shutup](https://addons.mozilla.org/en-US/firefox/addon/shut-up-comment-blocker/) for comments, uBlock origin dynamic rules, e.g. [those
+   rules](https://news.ycombinator.com/item?id=26120168))
  * [Open in Browser](https://addons.mozilla.org/en-US/firefox/addon/open-in-browser/) (no deb, [source](https://github.com/Rob--W/open-in-browser)) - reopen the file in the
    browser instead of downloading
  * [Smart HTTPS](https://addons.mozilla.org/en-US/firefox/addon/smart-https-revived/) (no deb, [source](https://github.com/ilGur1132/Smart-HTTPS)) - some use [HTTPS

switched from umatrix to ublock
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index aeea4ae7..2f444d03 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -28,6 +28,9 @@ I have those extensions installed and use them very frequently:
    package"]], [source](https://github.com/browserpass/browserpass)) - super fast access to my passwords. use
    some magic mumble-jumble message passing thing which feels a bit
    creepy.
+ * [Cookie AutoDelete](https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/) (no Debian package, [908285](http://bugs.debian.org/908285),
+   [source](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete)) - clear long-term identities for all sites except a
+   few
  * [GhostText][] (no debian package, [#910289](https://bugs.debian.org/910289), [source](https://github.com/GhostText/GhostText))- "It's all text" replacement
  * [Livemarks](https://addons.mozilla.org/en-US/firefox/addon/livemarks/) (no deb, [source](https://github.com/nt1m/livemarks)) or [Awesome RSS](https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/) (no deb,
    [source](https://github.com/shgysk8zer0/awesome-rss)) - replace the [Live bookmarks removal](https://support.mozilla.org/en-US/kb/live-bookmarks-migration)
@@ -36,8 +39,6 @@ I have those extensions installed and use them very frequently:
    [shutup](https://addons.mozilla.org/en-US/firefox/addon/shut-up-comment-blocker/), just for comments)
  * [uBlock Origin][] ([[!debpkg webext-ublock-origin desc="debian
    package"]], [source](https://github.com/gorhill/uBlock)) - making the web sane again
- * [uMatrix][] ([[!debpkg webext-umatrix desc="debian package"]],
-   [source](https://github.com/gorhill/uMatrix)) - making the web somewhat safe again
  * [Wallabager][] (no debian package, [source](https://github.com/wallabag/wallabagger)) - to YOLO a bunch
    of links in a pile outside my web browser that I can read offline
    thanks to [Wallabako](https://gitlab.com/anarcat/wallabako/)
@@ -163,6 +164,15 @@ hard to use or simply irrelevant.
  * [U2F Support](https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/), is now unnecessary as it is builtin, starting
    with FF 57 (see [issue #59](https://github.com/prefiks/u2f4moz/issues/59#issuecomment-325768286)). the upstream issue
    was [#1065729](https://bugzilla.mozilla.org/show_bug.cgi?id=1065729)
+ * [uMatrix][] ([[!debpkg webext-umatrix desc="debian package"]],
+   [source](https://github.com/gorhill/uMatrix)) - abandoned upstream, replaced by uBlock origin's
+   advanced mode and dynamic filtering, see [this migration
+   script](https://github.com/ashwinvis/umatrix2ublock), and Cookie Autodelete. Cookie Autodelete is actually
+   somewhat nicer than uMatrix because it accepts cookies everywhere,
+   but only for a while, so you need a much shorter whitelist
+   (basically only the sites which you really want a long-term
+   identity on, whereas you had to unblock cookies from a lot more
+   sites just to get things to work at all in uMatrix)
  * [Wayback machine](https://addons.mozilla.org/en-US/firefox/addon/wayback-machine_new/) (no deb, [source](https://github.com/internetarchive/wayback-machine-chrome)?) - i also have
    bookmarklets, but this could work better! Unfortunately, it doesn't
    work with other archival sites like archive.is or Google's

start using a deploy branch for deploys, and master as a base
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index a15934a8..087211e2 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -144,9 +144,11 @@ I still carry those patches on top of ikiwiki:
 
 To apply this patch set:
 
-!!!! switch to a master branch instead of this tangled mess. the
-master branch on gitlab has all the goods, i believe, while the stuff
-below is missing at least the geo scheme stuff. !!!
+<div class="warning">This list is incomplete: it's missing the
+`geo-scheme` branch. The `deploy` branch on GitLab has all the goods.
+Also make sure to update the `master` branch on my GitLab repository
+to follow the `$release` tag those patches are based on, to facilitate
+web-based reviews there.</div>
 
     cd src/ikiwiki &&
     release=debian/3.20190228-1 &&

yolo
diff --git a/hardware/inventaire-bureau.csv b/hardware/inventaire-bureau.csv
new file mode 100644
index 00000000..845888ff
--- /dev/null
+++ b/hardware/inventaire-bureau.csv
@@ -0,0 +1,10 @@
+Matériel,Valeur,Description
+Yaseu FT-100d,600,radio Amateur HF/VHF/UHF
+Autres radios,400,"radios portables, tuners, manuels"
+Bibliothèque,500,différents manuels techniques
+curie,1000,ordinateur Intel NUC BOXNUC6I3SYH 16GiB 1.5TB clavier WASD custom
+marcos,500,serveur maison custom
+Moniteurs,500,collection d'écrans usagés
+Thinkpad x120e,500,laptop usagé
+Panasonic Toughbook CF-W5,500,laptop usagé
+Total,4500,
diff --git a/hardware/inventaire-bureau.md b/hardware/inventaire-bureau.md
new file mode 100644
index 00000000..3c03335b
--- /dev/null
+++ b/hardware/inventaire-bureau.md
@@ -0,0 +1,11 @@
+| Matériel                  | Valeur | Description                                                       |
+|---------------------------|--------|-------------------------------------------------------------------|
+| Yaseu FT-100d             | 600    | radio Amateur HF/VHF/UHF                                          |
+| Autres radios             | 400    | radios portables, tuners, manuels                                 |
+| Bibliothèque              | 500    | différents manuels techniques                                     |
+| curie                     | 1000   | ordinateur Intel NUC BOXNUC6I3SYH 16GiB 1.5TB clavier WASD custom |
+| marcos                    | 500    | serveur maison custom                                             |
+| Moniteurs                 | 500    | collection d'écrans usagés                                        |
+| Thinkpad x120e            | 500    | laptop usagé                                                      |
+| Panasonic Toughbook CF-W5 | 500    | laptop usagé                                                      |
+

mention review and other terminals
diff --git a/software/desktop.mdwn b/software/desktop.mdwn
index 47864026..5b317c82 100644
--- a/software/desktop.mdwn
+++ b/software/desktop.mdwn
@@ -174,6 +174,12 @@ Here are the other tools that are generally running in my session:
    back to xterm and using [godothecorrectthing](https://github.com/andrewchambers/godothecorrectthing) or [dsearch](https://github.com/halfwit/dotfiles) to
    handle URLs
 
+Hilariously, I wrote a full, two-part [[review of terminal
+emulators|blog/2018-04-12-terminal-emulators-1]], yet it seems I can't
+make up my mind of what the best terminal emulator is. I'm interested
+in going back to xterm now, but [foot](https://codeberg.org/dnkl/foot) (for Wayland) and [zutty](https://github.com/tomszilagyi/zutty)
+(for performance) are quite interesting as well.
+
 The GNOME exception
 ===================
 

mention xterm
diff --git a/software/desktop.mdwn b/software/desktop.mdwn
index 6eb919ed..47864026 100644
--- a/software/desktop.mdwn
+++ b/software/desktop.mdwn
@@ -169,6 +169,10 @@ Here are the other tools that are generally running in my session:
  messing around with [ibus](https://github.com/ibus/ibus) to input Chinese characters
  * disable the touchpad while typing: `syndaemon -K -R -i 0.5 -t & synclient PalmDetect=1 TouchpadOff=0 TapButton1=1 TapButton2=2 TapButton3=3`
  * Xplanet - to orient my ham radio antenna (`xplanet -latitude 45.5 -longitude -73.66 -wait 600 -label -projection azimuthal -fork -radius 90`)
+ * terminal emulator: currently urxvt because of text reflow,
+   clickable links, some bracketed paste protection, considering going
+   back to xterm and using [godothecorrectthing](https://github.com/andrewchambers/godothecorrectthing) or [dsearch](https://github.com/halfwit/dotfiles) to
+   handle URLs
 
 The GNOME exception
 ===================

more fine quotes
diff --git a/fortunes.txt b/fortunes.txt
index d402bfa2..f91b075a 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1142,3 +1142,16 @@ Don't just do something, sit there.
 See the world as if for the first time; see it through the eyes of a
 child, and you will suddenly find that you are free.
                         - Deepak Chopra
+%
+The odds are greatly against you being immensely smarter than everyone
+else in the field. If your analysis says your terminal velocity is
+twice the speed of light, you may have invented warp drive, but the
+chances are a lot better that you've screwed up.
+                        - Akin's Laws of Spacecraft Design
+%
+You can't get to the moon by climbing successively taller trees.
+                        - Akin's Laws of Spacecraft Design
+%
+La perfection est atteinte, non pas lorsqu'il n'y a plus rien à
+ajouter, mais lorsqu'il n'y a plus rien à retirer.
+                        - Antoine de Saint-Exupéry

sbuild-qemu is a thing now!
diff --git a/software/debian-development.mdwn b/software/debian-development.mdwn
index 0e6ca196..366eae0b 100644
--- a/software/debian-development.mdwn
+++ b/software/debian-development.mdwn
@@ -721,6 +721,9 @@ So unification is not quite there yet. See also [[services/hosting]]
 for more information. Once we can build packages with KVM (or
 autopkgtest with vagrant), this guide should be updated to only use
 that everywhere.
+
+**Update**: [qemu-sbuild](https://www.kvr.at/posts/qemu-sbuild-utils-merged-into-sbuild/) is the new kid in town here, and it *was*
+merged into sbuild, so it should make the above "unification" possible!
 </div>
 
 [Vagrant]: https://www.vagrantup.com/

recette a ma mere
diff --git a/recette/lasagne.md b/recette/lasagne.md
new file mode 100644
index 00000000..324b79c1
--- /dev/null
+++ b/recette/lasagne.md
@@ -0,0 +1,86 @@
+# LASAGNE CRÉMEUSE AUX LÉGUMES RÔTIS
+
+## Ingrédients
+
+ * 1 oignon, haché finement
+ * 2 gousses d’ail, hachées finement
+ * 30 ml (2 c. à soupe) d’huile d’olive
+ * 2 boîtes de 796 ml (28 oz) de tomates italiennes entières, écrasées à la main
+ * 30 ml (2 c. à soupe) de basilic frais ciselé
+ * Sel et poivre
+
+### Légumes rôtis
+
+ * <del>1 grosse aubergine, coupée en rondelles de 1,5 cm (1/2 po) d’épaisseur</del>
+ * 2 poivrons de couleur, épépinés et coupés en lanières
+ * 2 courgettes, coupées en tranches de 5 mm (1/4 po) d’épaisseur dans le sens de la longueur
+ * 60 ml (1/4 tasse) d’huile d’olive
+ 
+### Béchamel au parmesan
+
+ * 30 ml (2 c. à soupe) de beurre
+ * 30 ml (2 c. à soupe) de farine
+ * 310 ml (1 1/4 tasse) de lait
+ * 20 g (1/4 tasse) de fromage parmigiano reggiano râpé
+ * 1 pincée de muscade moulue
+
+### Lasagne
+
+ * 15 ml (1 c. à soupe) de beurre
+ * 300 g (10 tasses) de bébés épinards frais
+ * 9 pâtes à lasagne sans précuisson (voir note)
+ * 300 g (3 tasses) de fromage mozzarella râpé
+ * 2 courgettes moyennes, tranchées en fins rubans à la mandoline
+ * 20 g (1/4 tasse) de fromage parmigiano reggiano râpé
+
+## Directions
+
+### Sauce tomate
+
+Dans une casserole, à feu moyen, dorer l’oignon et l’ail dans
+l’huile. Ajouter les tomates. Laisser mijoter 30 minutes. Ajouter le
+basilic. Saler et poivrer. Réserver.
+
+### Légumes rôtis
+
+Placer deux grilles au centre du four. Préchauffer le four à 220 °C
+(425 °F). Tapisser deux plaques de cuisson de papier parchemin.
+
+Sur une plaque, mélanger l’aubergine avec 45 ml (3 c. à soupe)
+d’huile. Saler et poivrer. Sur l’autre plaque, mélanger les poivrons
+et les courgettes avec le reste de l’huile (15 ml/1 c. à soupe). Saler
+et poivrer. Répartir les légumes bien à plat en une seule
+couche. Cuire au four les deux plaques en même temps de 15 à 20
+minutes ou jusqu’à ce que les légumes soient bien rôtis. Réserver.
+Béchamel au parmesan
+
+Dans une casserole, à feu moyen, fondre le beurre. Ajouter la farine
+et cuire 1 minute en remuant à l’aide d’un fouet. Ajouter le lait en
+fouettant. Porter à ébullition. Laisser mijoter doucement 5 minutes en
+remuant fréquemment pour éviter que la sauce colle au fond. Ajouter le
+parmesan et la muscade. Saler et poivrer. Réserver. 
+
+### Lasagne
+
+Placer la grille au centre du four. Régler le four à 190 °C (375 °F).
+
+Dans une grande poêle antiadhésive, à feu moyen-élevé, fondre le
+beurre. Ajouter les épinards et cuire 1 minute ou jusqu’à ce qu’ils
+soient tout juste tombés.
+
+Dans un plat de cuisson de 33 x 23 cm (13 x 9 po), étaler 250 ml (1
+tasse) de sauce tomate et couvrir d’un rang de pâtes. Répartir les
+aubergines et les épinards. Ajouter 250 ml (1 tasse) de sauce tomate
+et la moitié de la béchamel. Parsemer de 75 g (3/4 tasse) de fromage
+mozzarella et couvrir d’un rang de pâtes. Couvrir avec 250 ml (1
+tasse) de sauce tomate, les courgettes et les poivrons rôtis et le
+reste de la béchamel. Terminer avec un dernier rang de pâtes, le reste
+de la sauce tomate et du fromage. Couvrir complètement la surface avec
+les tranches crues de courgettes en les tressant si désiré. Parsemer
+avec le parmesan.
+
+Cuire au four 45 minutes, puis dorer quelques minutes sous le gril
+(broil) du four. Laisser reposer 15 minutes avant de servir.
+
+NOTE: Il est important d’acheter des pâtes à lasagne sèches portant la
+mention « précuites et prêtes à utiliser » 

response to apk, but also: new terminal emulator and latency comp!
diff --git a/blog/2018-05-04-terminal-emulators-2/comment_4_428ade819987668bfeb8603f4d6841dd._comment b/blog/2018-05-04-terminal-emulators-2/comment_4_428ade819987668bfeb8603f4d6841dd._comment
new file mode 100644
index 00000000..336c5ad9
--- /dev/null
+++ b/blog/2018-05-04-terminal-emulators-2/comment_4_428ade819987668bfeb8603f4d6841dd._comment
@@ -0,0 +1,24 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""another performance comparison and new emulator"""
+ date="2021-01-18T15:59:33Z"
+ content="""
+If I would do this review again today, it seems I would definitely need to include a terminal emulator called [Zutty](https://tomscii.sig7.se/zutty). It checks all the boxes for me (almost):
+
+ * fast
+ * low latency
+ * good unicode support
+ * correct terminal emulation (which is a major annoyance in urxvt)
+ * low resource usage
+ * good font handling
+ * written in plain C++
+
+Major blockers for adoption:
+
+ * lack of scrollback
+ * [support for *BOTH* PRIMARY or CLIPBOARD](https://github.com/tomszilagyi/zutty/issues/9), which i use often in rxvt
+
+But author seems open to improvements, so who knows.
+
+Anyways, author did an excellent [latency review](https://tomscii.sig7.se/2021/01/Typing-latency-of-Zutty) and [general comparison](https://tomscii.sig7.se/2020/12/A-totally-biased-comparison-of-Zutty) that is definitely worth a read if you liked this article.
+"""]]
diff --git a/blog/2021-01-13-new-phone/comment_6_ca860a0ab4455e6a080c78ffbd1c1786._comment b/blog/2021-01-13-new-phone/comment_6_ca860a0ab4455e6a080c78ffbd1c1786._comment
new file mode 100644
index 00000000..be1b483d
--- /dev/null
+++ b/blog/2021-01-13-new-phone/comment_6_ca860a0ab4455e6a080c78ffbd1c1786._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""re: microG"""
+ date="2021-01-18T15:56:54Z"
+ content="""
+regarding avoiding google services: at this point, I gave up. i have other apps that *do* use that one, mostly anonymous, passive connection to google servers to tell the apps to wake up and do shit. it feels pretty close to harmless, and can even be wrapped in Tor if you're really worried about that stuff.
+
+it's a tradeoff: i get good battery savings out of this, compared to each app doing its own similar polling.
+
+also, installing the APK from that URL is more complicated, and harder for users to authenticate... so I don't recommend users do this anymore.
+
+not sure what "Corona app" you are refering to here.
+"""]]

approve comment
diff --git a/blog/2021-01-13-new-phone/comment_1_d0e70ed1dc7c6577d3fd63a70bc1f253._comment b/blog/2021-01-13-new-phone/comment_1_d0e70ed1dc7c6577d3fd63a70bc1f253._comment
new file mode 100644
index 00000000..3e92b72c
--- /dev/null
+++ b/blog/2021-01-13-new-phone/comment_1_d0e70ed1dc7c6577d3fd63a70bc1f253._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ ip="77.181.242.197"
+ subject="Please get the Signal APK from "
+ date="2021-01-17T09:54:19Z"
+ content="""
+https[:]//signal[.]org/android/apk/
+
+and you can avoid installing microG
+
+(even Corona app from Fdroid works fine - as it includes microG internally).
+"""]]

approve comment
diff --git a/blog/2020-05-28-isp-upgrade/comment_1_6349adcaf0d4e0320c688b087f69ef9e._comment b/blog/2020-05-28-isp-upgrade/comment_1_6349adcaf0d4e0320c688b087f69ef9e._comment
new file mode 100644
index 00000000..a4ca5461
--- /dev/null
+++ b/blog/2020-05-28-isp-upgrade/comment_1_6349adcaf0d4e0320c688b087f69ef9e._comment
@@ -0,0 +1,15 @@
+[[!comment format=mdwn
+ ip="104.163.151.120"
+ claimedauthor="Michael"
+ subject="comment 3"
+ date="2021-01-14T23:46:18Z"
+ content="""
+I'm with Ebox in NDG, on DSL 50/10.
+I believe 53 (DNS) is blocked, unless you have a static IP, which they do sell. IPv6 on DSL works well so far, I have a DHCP'd but ultimately static /56.
+
+You've seen [this](https://www.dslreports.com/forum/r30445798-Port-53-UDP-incoming-to-be-blocked-1-January-2016) (older) post from the CEO?
+
+Many of the limitations you're seen come down from Videotron as far as I can see, so DSL is probably one of your best options if you want the flexibility.
+
+
+"""]]

approve comment
diff --git a/blog/2021-01-13-new-phone/comment_1_e75b54979d3626b25ed311a13af7778b._comment b/blog/2021-01-13-new-phone/comment_1_e75b54979d3626b25ed311a13af7778b._comment
new file mode 100644
index 00000000..f7537815
--- /dev/null
+++ b/blog/2021-01-13-new-phone/comment_1_e75b54979d3626b25ed311a13af7778b._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ ip="73.223.196.139"
+ claimedauthor="Pig Monkey"
+ url="https://pig-monkey.com"
+ subject="GrapheneOS"
+ date="2021-01-13T22:59:57Z"
+ content="""
+Yes, Graphene is the new Copperhead. After all the internet drama a couple years back that caused the Copperhead developer and business person split, the Copperhead developer started Graphene. Same guy, same basic idea.
+
+I've been a Calyx Institute member for a few years, so technically I'm paying for CalyxOS. I ought to try it out one of these days.
+"""]]

fix markup again
diff --git a/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment b/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
index cea5dae1..19456634 100644
--- a/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
+++ b/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
@@ -3,7 +3,7 @@
  subject="""GrapheneOS"""
  date="2021-01-13T22:50:08Z"
  content="""
-I did not know about Graphene... is that the new Copperhead? i actually like the fact that Calyx ships with microg, it's a compromise i would do myself when i would flash with LOS, in the past, so that's perfect for me (and it seems Graphene explicitely doesn't do that). Also: dang there are a lot of Android firmwares out there... [LineageOS](https://lineageos.org/), [Replicant][]), [OmniROM](https://www.omnirom.org/), [resurrection remix](http://www.resurrectionremix.com/), [Dirty Unicorns](https://dirtyunicorns.com/), now GrapheneOS? Let's just add [postmarketOS](https://postmarketos.org/) in there fore good measure and I give up: I used CalyxOS because I knew those folks and was told the install was a breeze and it just works. They're nice and it's true: the thing just works.
+I did not know about Graphene... is that the new Copperhead? i actually like the fact that Calyx ships with microg, it's a compromise i would do myself when i would flash with LOS, in the past, so that's perfect for me (and it seems Graphene explicitely doesn't do that). Also: dang there are a lot of Android firmwares out there... [LineageOS](https://lineageos.org/), [Replicant][], [OmniROM](https://www.omnirom.org/), [resurrection remix](http://www.resurrectionremix.com/), [Dirty Unicorns](https://dirtyunicorns.com/), now GrapheneOS? Let's just add [postmarketOS](https://postmarketos.org/) in there fore good measure and I give up: I used CalyxOS because I knew those folks and was told the install was a breeze and it just works. They're nice and it's true: the thing just works.
 
 [Replicant]: https://en.wikipedia.org/wiki/Replicant_(operating_system)
 """]]

fix markup
diff --git a/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment b/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
index 332e295c..cea5dae1 100644
--- a/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
+++ b/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
@@ -3,14 +3,7 @@
  subject="""GrapheneOS"""
  date="2021-01-13T22:50:08Z"
  content="""
-I did not know about Graphene... is that the new Copperhead? i
-actually like the fact that Calyx ships with microg, it's a
-compromise i would do myself when i would flash with LOS, in the
-past, so that's perfect for me (and it seems Graphene explicitely
-doesn't do that). Also: dang there are a lot of Android firmwares out
-there... [LineageOS](https://lineageos.org/), [Replicant](https://en.wikipedia.org/wiki/Replicant_(operating_system)), [OmniROM](https://www.omnirom.org/), [resurrection
-remix](http://www.resurrectionremix.com/), [Dirty Unicorns](https://dirtyunicorns.com/), now GrapheneOS? Let's just add
-[postmarketOS](https://postmarketos.org/) in there fore good measure and I give up: I used
-CalyxOS because I knew those folks and was told the install was a
-breeze and it just works. They're nice and it's true: the thing just works.
+I did not know about Graphene... is that the new Copperhead? i actually like the fact that Calyx ships with microg, it's a compromise i would do myself when i would flash with LOS, in the past, so that's perfect for me (and it seems Graphene explicitely doesn't do that). Also: dang there are a lot of Android firmwares out there... [LineageOS](https://lineageos.org/), [Replicant][]), [OmniROM](https://www.omnirom.org/), [resurrection remix](http://www.resurrectionremix.com/), [Dirty Unicorns](https://dirtyunicorns.com/), now GrapheneOS? Let's just add [postmarketOS](https://postmarketos.org/) in there fore good measure and I give up: I used CalyxOS because I knew those folks and was told the install was a breeze and it just works. They're nice and it's true: the thing just works.
+
+[Replicant]: https://en.wikipedia.org/wiki/Replicant_(operating_system)
 """]]
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index 72141ab4..07b0e922 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -8,13 +8,15 @@ papers (and especially PDFs) on, which excludes [[phone]]s and
 We focus on devices that can be rooted with our own operating
 system. Considering the environment, this generally means Android
 derivatives like [LineageOS](https://lineageos.org/) although alternatives are acceptable
-(like [postmarketOS](https://postmarketos.org/), [Replicant](https://en.wikipedia.org/wiki/Replicant_(operating_system)), [OmniROM](https://www.omnirom.org/), [resurrection
+(like [postmarketOS](https://postmarketos.org/), [Replicant][], [OmniROM](https://www.omnirom.org/), [resurrection
 remix](http://www.resurrectionremix.com/), and what the hell is [Dirty Unicorns](https://dirtyunicorns.com/) exactly?) . This
 excludes proprietary platforms like Apple products but also many other
 tablets which run proprietary versions of Android or even
 Windows. Exceptions are made for devices that were under our
 possession or evaluated directly.
 
+[Replicant]: https://en.wikipedia.org/wiki/Replicant_(operating_system)
+
 [[!toc levels=3]]
 
 E-readers

response on graphene
diff --git a/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment b/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
new file mode 100644
index 00000000..332e295c
--- /dev/null
+++ b/blog/2021-01-13-new-phone/comment_3_e2c8fd25e13922d2655bdf1acf4c7739._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""GrapheneOS"""
+ date="2021-01-13T22:50:08Z"
+ content="""
+I did not know about Graphene... is that the new Copperhead? i
+actually like the fact that Calyx ships with microg, it's a
+compromise i would do myself when i would flash with LOS, in the
+past, so that's perfect for me (and it seems Graphene explicitely
+doesn't do that). Also: dang there are a lot of Android firmwares out
+there... [LineageOS](https://lineageos.org/), [Replicant](https://en.wikipedia.org/wiki/Replicant_(operating_system)), [OmniROM](https://www.omnirom.org/), [resurrection
+remix](http://www.resurrectionremix.com/), [Dirty Unicorns](https://dirtyunicorns.com/), now GrapheneOS? Let's just add
+[postmarketOS](https://postmarketos.org/) in there fore good measure and I give up: I used
+CalyxOS because I knew those folks and was told the install was a
+breeze and it just works. They're nice and it's true: the thing just works.
+"""]]

the root issue was fixed, yay
diff --git a/blog/2021-01-13-new-phone.md b/blog/2021-01-13-new-phone.md
index 0a38e4f6..00c8a30b 100644
--- a/blog/2021-01-13-new-phone.md
+++ b/blog/2021-01-13-new-phone.md
@@ -124,10 +124,10 @@ One problem with CalyxOS I found is that the fragile little microg
 tweaks didn't seem to work well enough for Signal. That was unexpected
 so they encouraged me to [file that as a bug](https://gitlab.com/CalyxOS/calyxos/-/issues/292).
 
-The other "issue" is that the bootloader is locked, which makes it
+<del>The other "issue" is that the bootloader is locked, which makes it
 impossible to have "root" on the device. That's rather unfortunate: I
 often need root to debug things on Android. In particular, it made it
-difficult to restore data from OSMand (see below). But I guess that
+difficult to restore data from OSMand</del> (see below). But I guess that
 most things just work out of the box now, so I don't really need it
 and appreciate the extra security. Locking the bootloader means full
 cryptographic verification of the phone, so that's a good feature to
@@ -135,18 +135,21 @@ have!
 
 OSMand still [doesn't have a good import/export](https://www.reddit.com/r/OsmAnd/comments/jo3fhf/exportimport/) story. I ended up
 sharing the `Android/data/net.osmand.plus/files` directory and
-importing waypoints, favorites and tracks by hand. Even though maps
+importing waypoints, favorites and tracks by hand. <del>Even though maps
 are actually in there, it's not possible for Syncthing to write
 directly to the same directory on the new phone, "thanks" to the new
 permission system in Android which forbids this kind of inter-app
-messing around.
+messing around.</del>
 
-Tracks are particularly a problem: my older OSMand setup had all those
+<del>Tracks are particularly a problem: my older OSMand setup had all those
 folders neatly sorting those tracks by month. This makes it really
 annoying to track every file manually and copy it over. I have mostly
 given up on that for now, unfortunately. And I'll still need to
 reconfigure profiles and maps and everything by hand. Sigh. I guess
-that's a good clearinghouse for my old tracks I never use...
+that's a good clearinghouse for my old tracks I never use...</del>
+
+Update: turns out setting storage to "shared" fixed the issue, see
+comments below!
 
 # Conclusion
 

response: thanks
diff --git a/blog/2021-01-13-new-phone/comment_2_23da63d39bc27f44aedd07dcd3b05a63._comment b/blog/2021-01-13-new-phone/comment_2_23da63d39bc27f44aedd07dcd3b05a63._comment
new file mode 100644
index 00000000..b13b1d13
--- /dev/null
+++ b/blog/2021-01-13-new-phone/comment_2_23da63d39bc27f44aedd07dcd3b05a63._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""OSM shared storage FTW!"""
+ date="2021-01-13T22:39:25Z"
+ content="""
+OMG that just worked. I just went into `Settings -> OSMand Settings -> Data storage folder` and picked `Shared memory`. I chose "do not move", OSMand crashed, and then on restart everything was back up magically. Amazing. Thanks Pig Monkey, whoever you are! ;)
+"""]]

approve comment
diff --git a/blog/2021-01-13-new-phone/comment_1_39bfdd5a73ee8bf20f0777807296972e._comment b/blog/2021-01-13-new-phone/comment_1_39bfdd5a73ee8bf20f0777807296972e._comment
new file mode 100644
index 00000000..3ef96856
--- /dev/null
+++ b/blog/2021-01-13-new-phone/comment_1_39bfdd5a73ee8bf20f0777807296972e._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ ip="73.223.196.139"
+ claimedauthor="Pig Monkey"
+ url="http://pig-monkey.com"
+ subject="comment 1"
+ date="2021-01-13T22:06:27Z"
+ content="""
+I bought myself the Pixel 4A a few weeks ago as well. Did you consider [GrapheneOS](https://grapheneos.org/)? I'm currently giving stock Android a spin, but have debated whether in the future I'd want to try GrapheneOS or stick with the slightly more traditional setup of CalyxOS.
+
+For OSMAnd, I initially ran into a similar problem. I plugged my old phone into my laptop via USB and used [adb-sync](https://github.com/google/adb-sync) to slurp down the entire `net.osmand.plus` directory. After installing OSMAnd on the new phone, I plugged it in to my laptop and pushed that directory back out. That restored everything on the new phone: tracks, waypoints, even map tiles, voice files and the travel wiki stuff. (Pushing maps etc out over USB was much faster than downloading it fresh on the new phone via wifi.)
+
+But then I wanted to use Syncthing to sync the `net.osmand.plus/files/tracks` directory with my laptop. I promptly ran into the silly Android filesystem permission limitations. Eventually I figured out that in the OSMAnd settings I could go into \"Data storage folder\" and select the \"Shared memory\" option. That moved the folder to `/storage/emulated/0/osmand`, which I guess has looser permissions. I now have Syncthing configured to sync `/storage/emulated/0/osmand/tracks`. It can read and write to that folder. Everything works great.
+"""]]

reaffirm this rocks
diff --git a/blog/2021-01-13-new-phone.md b/blog/2021-01-13-new-phone.md
index eef03740..0a38e4f6 100644
--- a/blog/2021-01-13-new-phone.md
+++ b/blog/2021-01-13-new-phone.md
@@ -148,4 +148,12 @@ given up on that for now, unfortunately. And I'll still need to
 reconfigure profiles and maps and everything by hand. Sigh. I guess
 that's a good clearinghouse for my old tracks I never use...
 
+# Conclusion
+
+Overall, CalyxOS seems like a good Android firmware. The install is
+smooth and the resulting install seems solid. The above problems are
+mostly annoyances and I'm very happy with the experience so far,
+although I've only been using it for a few hours so this is very
+preliminary.
+
 [[!tag debian-planet hardware phone android python-planet]]

clarify why non-root is a problem in my specific case
diff --git a/blog/2021-01-13-new-phone.md b/blog/2021-01-13-new-phone.md
index e707b020..eef03740 100644
--- a/blog/2021-01-13-new-phone.md
+++ b/blog/2021-01-13-new-phone.md
@@ -126,9 +126,10 @@ so they encouraged me to [file that as a bug](https://gitlab.com/CalyxOS/calyxos
 
 The other "issue" is that the bootloader is locked, which makes it
 impossible to have "root" on the device. That's rather unfortunate: I
-often need root to debug things on Android. But I guess that most
-things just work out of the box now, so I don't really need it and
-appreciate the extra security. Locking the bootloader means full
+often need root to debug things on Android. In particular, it made it
+difficult to restore data from OSMand (see below). But I guess that
+most things just work out of the box now, so I don't really need it
+and appreciate the extra security. Locking the bootloader means full
 cryptographic verification of the phone, so that's a good feature to
 have!
 

expand on bootloader
diff --git a/blog/2021-01-13-new-phone.md b/blog/2021-01-13-new-phone.md
index d65cab52..e707b020 100644
--- a/blog/2021-01-13-new-phone.md
+++ b/blog/2021-01-13-new-phone.md
@@ -128,7 +128,9 @@ The other "issue" is that the bootloader is locked, which makes it
 impossible to have "root" on the device. That's rather unfortunate: I
 often need root to debug things on Android. But I guess that most
 things just work out of the box now, so I don't really need it and
-appreciate the extra security.
+appreciate the extra security. Locking the bootloader means full
+cryptographic verification of the phone, so that's a good feature to
+have!
 
 OSMand still [doesn't have a good import/export](https://www.reddit.com/r/OsmAnd/comments/jo3fhf/exportimport/) story. I ended up
 sharing the `Android/data/net.osmand.plus/files` directory and

calyx rocks!
diff --git a/blog/2021-01-13-new-phone.md b/blog/2021-01-13-new-phone.md
index 03ee5cb8..d65cab52 100644
--- a/blog/2021-01-13-new-phone.md
+++ b/blog/2021-01-13-new-phone.md
@@ -69,6 +69,10 @@ download their binary and run it as root), but it Just. Works. It
 reminded me of how great it was to get the Fairphone with TWRP
 preinstalled... 
 
+Oh, and kudos to the people in `#calyxos` on Freenode: awesome tech
+support, super nice folks. An amazing improvement over the ambiance in
+`#lineageos`! :)
+
 # Migrating data
 
 Unfortunately, migrating the data was the usual pain in the back. This

fix title, add osm link
diff --git a/blog/2021-01-13-new-phone.md b/blog/2021-01-13-new-phone.md
index aa333444..03ee5cb8 100644
--- a/blog/2021-01-13-new-phone.md
+++ b/blog/2021-01-13-new-phone.md
@@ -1,3 +1,5 @@
+[[!meta title="New phone: Pixel 4a"]]
+
 I'm sorry to announce that I gave up on the Fairphone series and
 switched to a Google Phone (Pixel 4a) running [CalyxOS](https://calyxos.org/).
 
@@ -124,7 +126,7 @@ often need root to debug things on Android. But I guess that most
 things just work out of the box now, so I don't really need it and
 appreciate the extra security.
 
-OSMand still doesn't have a good import/export story. I ended up
+OSMand still [doesn't have a good import/export](https://www.reddit.com/r/OsmAnd/comments/jo3fhf/exportimport/) story. I ended up
 sharing the `Android/data/net.osmand.plus/files` directory and
 importing waypoints, favorites and tracks by hand. Even though maps
 are actually in there, it's not possible for Syncthing to write

got a new phone
diff --git a/blog/2021-01-13-new-phone.md b/blog/2021-01-13-new-phone.md
new file mode 100644
index 00000000..aa333444
--- /dev/null
+++ b/blog/2021-01-13-new-phone.md
@@ -0,0 +1,142 @@
+I'm sorry to announce that I gave up on the Fairphone series and
+switched to a Google Phone (Pixel 4a) running [CalyxOS](https://calyxos.org/).
+
+[[!toc]]
+
+# Problems in fairy land
+
+My [[hardware/phone/fairphone2]], even if it is less than two years
+old, is having major problems:
+
+ * from time to time, the screen flickers and loses "touch" until I
+   squeeze it back together
+ * the camera similarly disconnects regularly
+ * even when it works, the camera is... pretty bad: low light is
+   basically unusable, it's slow and grainy
+ * the battery can barely keep up for one day
+ * the cellular coverage is very poor, in Canada: I lose signal at the
+   grocery store and in the middle of my house...
+
+Some of those problems are known: the Fairphone 2 is old now. It was
+probably old even when I got it. But I can't help but feel a little
+sad to let it go: the entire point of that device was to make it easy
+to fix. But alas, because it's sold only in Europe, local stores don't
+carry replacement parts. To be fair, Fairphone did offer to fix the
+device, but with a 2 weeks turnaround, I had to get another phone
+anyways.
+
+I did actually try to buy a [[hardware/phone/fairphone3]], from
+Clove. But they did some crazy validation routine. By email, they
+asked me to provide a photo copy of a driver's license and the credit
+card, arguing they need to do this to combat fraud. I found that
+totally unacceptable and asked them to cancel my order. And because
+I'm not sure the FP3 will fix the coverage issues, I decided to just
+give up on Fairphone until they officially ship to the Americas.
+
+# Do no evil, do not pass go, do not collect 200$
+
+So I got a Google phone, specifically a Pixel 4a. It's a nice device,
+all small and shiny, but it's "plasticky" - I would have prefered
+metal, but it seems you need to pay much, much more to get that (in
+the Pixel 5).
+
+In any case, it's certainly a better form factor than the Fairphone 2:
+even though the screen is bigger, the device itself is actually
+smaller and thinner, which feels great. The OLED screen is beautiful,
+awesome contrast and everything, and preliminary tests show that the
+camera is much better than the one on the Fairphone 2. (The be fair,
+again, that is another thing the FP3 improved significantly. And that
+is with the stock Camera app from CalyxOS/AOSP, so not as good as the
+Google Camera app, which does AI stuff.)
+
+# CalyxOS: success
+
+The Pixel 4a not [not supported by LineageOS](https://wiki.lineageos.org/devices/): it seems every time
+I pick a device in that list, I manage to miss the right device by one
+(I bought a Samsung S9 before, which is also unsupported, even though
+the S8 is). But thankfully, it is [supported by CalyxOS](https://calyxos.org/get/).
+
+That install was a breeze: I was hesitant in playing again with
+installing a custom Android firmware on a phone after fighting with
+this quite a bit in the past (e.g. [[hardware/phone/htc-one-s]],
+[[hardware/phone/lg-g3-d852/]]). But it turns out their install
+instructions, mostly using a [AOSP alliance](https://github.com/AOSPAlliance) [device-flasher](https://github.com/AOSPAlliance/device-flasher/)
+works absolutely great. It assumes you know about the commandline, and
+it does require to basically `curl | sudo` (because you need to
+download their binary and run it as root), but it Just. Works. It
+reminded me of how great it was to get the Fairphone with TWRP
+preinstalled... 
+
+# Migrating data
+
+Unfortunately, migrating the data was the usual pain in the back. This
+should improve the next time I do this: CalyxOS ships with
+[seedvault](https://github.com/seedvault-app/seedvault/), a secure backup system for Android 10 (or 9?) and
+later which backs up everything (including settings!) with
+encryption. Apparently it works great, and CalyxOS is also working on
+a migration system to switch phones.
+
+But, obviously, I couldn't use that on the Fairphone 2 running Android
+7... So I had to, again, improvised. The first step was to install
+[Syncthing](https://syncthing.net/), to have an easy way to copy data around. That's easily
+done through [F-Droid](https://f-droid.org/), already bundled with CalyxOS (including the
+privileged extension!). Pair the devices and boom, a magic portal to
+copy stuff over.
+
+The other early step I took was to copy apps over using the F-Droid
+"find nearby" functionality. It's a bit quirky, but really helps in
+copying a bunch of APKs over.
+
+Then I setup a temporary [keepassxc](https://keepassxc.org/) password vault on the
+Syncthing share so that I could easily copy-paste passwords into
+apps. I used to do this in a text file in Syncthing, but copy-pasting
+in the text file is much harder than in [KeePassDX](https://f-droid.org/packages/com.kunzisoft.keepass.libre). (I just picked
+one, maybe [KeePassDroid](https://f-droid.org/packages/com.android.keepass) is better? I don't know.) Do keep a copy
+of the URL of the service to reduce typing as well.
+
+Then the following apps required special tweaks:
+
+ * **AntennaPod** has an import/export feature: export on one end,
+   into the Syncthing share, then import on the other. then go to the
+   queue and select all episodes and download
+ * the **Signal** "chat backup" *does* copy the secret key around, so
+   you don't get the "security number change" warning (even if it
+   prompts you to re-register) - external devices need to be relinked
+   though
+ * AnkiDroid, DSub, Nextcloud, and Wallabag required copy-pasting
+   passwords
+
+I tried to sync contacts with [DAVx5](https://www.davx5.com/) but that didn't work so well:
+the account was setup correctly, but contacts didn't show up. There's
+probably just this one thing I need to do to fix this, but since I
+don't really need sync'd contact, it was easier to export a VCF file
+to Syncthing and import again.
+
+# Known problems
+
+One problem with CalyxOS I found is that the fragile little microg
+tweaks didn't seem to work well enough for Signal. That was unexpected
+so they encouraged me to [file that as a bug](https://gitlab.com/CalyxOS/calyxos/-/issues/292).
+
+The other "issue" is that the bootloader is locked, which makes it
+impossible to have "root" on the device. That's rather unfortunate: I
+often need root to debug things on Android. But I guess that most
+things just work out of the box now, so I don't really need it and
+appreciate the extra security.
+
+OSMand still doesn't have a good import/export story. I ended up
+sharing the `Android/data/net.osmand.plus/files` directory and
+importing waypoints, favorites and tracks by hand. Even though maps
+are actually in there, it's not possible for Syncthing to write
+directly to the same directory on the new phone, "thanks" to the new
+permission system in Android which forbids this kind of inter-app
+messing around.
+
+Tracks are particularly a problem: my older OSMand setup had all those
+folders neatly sorting those tracks by month. This makes it really
+annoying to track every file manually and copy it over. I have mostly
+given up on that for now, unfortunately. And I'll still need to
+reconfigure profiles and maps and everything by hand. Sigh. I guess
+that's a good clearinghouse for my old tracks I never use...
+
+[[!tag debian-planet hardware phone android python-planet]]
diff --git a/hardware/phone/fairphone3.mdwn b/hardware/phone/fairphone3.mdwn
index 3796988b..02b10232 100644
--- a/hardware/phone/fairphone3.mdwn
+++ b/hardware/phone/fairphone3.mdwn
@@ -207,3 +207,5 @@ There's also this [third-party case for the FP3](https://annatreurniet.nl/produc
    driver's license and credit card, or pay by PayPal. I refuse the
    former and accept the later, although it's unclear how and if they
    can now refund the credit card transaction...
+ * 2020-12-15: (approximately) Clove did refund my credit card
+ * 2021-01-13: I [[bought a Pixel 4a|blog/2021-01-13-new-phone]]

ads.txt YOLO
based on https://feeding.cloud.geek.nz/posts/opting-your-domain-out-of-programmatic-advertising/
diff --git a/ads.txt b/ads.txt
new file mode 100644
index 00000000..19ce4caf
--- /dev/null
+++ b/ads.txt
@@ -0,0 +1 @@
+placeholder.example.com, placeholder, DIRECT, placeholder

mention a tiling WM for gnome
diff --git a/software/desktop.mdwn b/software/desktop.mdwn
index 74566036..6eb919ed 100644
--- a/software/desktop.mdwn
+++ b/software/desktop.mdwn
@@ -231,6 +231,9 @@ different guides trying to tell people how to do this kind of stuff:
  * [Arch wiki: GNOME Keyring](https://wiki.archlinux.org/index.php/GNOME/Keyring#SSH_keys)
  * [lg's blog: YubiKey gpg/ssh: Great security but tricky install](https://lorgor.blogspot.com/2017/01/yubikey-gpgssh-great-security-but.html)
 
+Also: maybe try [PaperWM](https://github.com/paperwm/PaperWM) to get
+tiling into GNOME.
+
 Older setups
 ============
 

other alternatives
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index d97e00f9..5d7e7036 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -378,6 +378,10 @@ building it from scratch...
 
 https://www.crowdsupply.com/traverse-technologies/ten64/updates/building-a-nas-with-ten64-and-rockstor-and-new-turnkey-nas-bundle
 
+## Qotom
+
+Embedded devices: http://qotom.net/
+
 ## Other SoC boards
 
 There are many SoC boards that could be used to create a device from
diff --git a/services/backup.mdwn b/services/backup.mdwn
index bf4531c2..af72c8d6 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -556,3 +556,9 @@ Once we figure out git-annex, the following pages need to be updated:
  * [tips](https://git-annex.branchable.com/tips/fully_encrypted_git_repositories_with_gcrypt/)
  * [gcrypt remote](https://git-annex.branchable.com/tips/fully_encrypted_git_repositories_with_gcrypt/)
 
+### Alternatives
+
+ * [asuran](https://asuran.rs/) - in development
+ * [restic](https://restic.net/) - another alternative, slow at purge
+ * [bupstash](https://bupstash.io/)
+ * ZFS and [simplesnap](https://github.com/jgoerzen/simplesnap), see [Goerzen's ZFS series](https://changelog.complete.org/archives/10186-more-topics-on-store-and-forward-possibly-airgapped-zfs-and-non-zfs-backups-with-nncp)
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index b9a97c80..618c555b 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -336,6 +336,10 @@ Discarded alternatives:
 [Utterances]: https://utteranc.es/
 [Hypothes.is]: https://web.hypothes.is/
 
+Other ideas:
+
+ * [bridgy](https://brid.gy/) "connects websites to social media", including Mastodon
+
 Other converters
 ================
 

more fonts stuff
diff --git a/blog/2020-03-10-font-changes/comment_4_f6c695e06ed2fe37e5e1312ab872c5dc._comment b/blog/2020-03-10-font-changes/comment_4_f6c695e06ed2fe37e5e1312ab872c5dc._comment
new file mode 100644
index 00000000..b8e178d6
--- /dev/null
+++ b/blog/2020-03-10-font-changes/comment_4_f6c695e06ed2fe37e5e1312ab872c5dc._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""more font sizes"""
+ date="2021-01-06T21:27:04Z"
+ content="""
+More font sizes tools:
+
+ * <https://www.imarc.com/blog/best-font-size-for-any-device>
+ * <https://sizecalc.com/>
+"""]]
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index d2b99546..a15934a8 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -98,6 +98,8 @@ Here are some things I'm thinking of doing on the website:
    ikiwiki discussion](https://ikiwiki.info/todo/anti-spam_protection/)
  * consider migrating away from ikiwiki, see
    [[ikiwiki-hugo-conversion]] for details
+ * theming improvements:
+   * [followup on the font changes](/blog/2020-03-10-font-changes)
 
 [TufteCSS]: https://edwardtufte.github.io/tufte-css/
 [controlpanel]: http://anarc.at/ikiwiki.cgi?do=controlpanel

one more keyboard
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 6b091e73..be67b14e 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -258,4 +258,9 @@ control, alt and shift). There are also "palm" keys that act as Fn
 keys. All this is probably totally alien and too weird for my poor old
 fingers to adapt to, but it does look gorgeous.
 
+Keychron
+--------
+
+[Keychron](https://www.keychron.com/) - nice wireless keyboards, maybe?
+
 [[!tag research]]

more bookmarks tools
diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index e1b67adc..ad9b54aa 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -57,7 +57,9 @@ Possible alternatives to zotero and/or wallabag include:
 This also overlaps with bookmarking software like:
 
  * [archivebox](https://archivebox.io/) (previously called [bookmark-archiver](https://pirate.github.io/bookmark-archiver/))
+ * [archivy](https://archivy.github.io/)
  * [Buku](https://github.com/jarun/Buku)
+ * [linkace](https://www.linkace.org/)
  * [memex](https://worldbrain.io/)
  * [reminiscense](https://github.com/kanishka-linux/reminiscence)
  * [Shiori](https://github.com/RadhiFadlillah/shiori)

freedom quote
from https://changelog.complete.org/archives/10157-see-the-world-through-the-eyes-of-a-child-and-you-are-free
diff --git a/fortunes.txt b/fortunes.txt
index c7807d86..d402bfa2 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1138,3 +1138,7 @@ qui est de ne pas savoir demeurer au repos dans une chambre.
 %
 Don't just do something, sit there.
                         - Sylvia Boorstein
+%
+See the world as if for the first time; see it through the eyes of a
+child, and you will suddenly find that you are free.
+                        - Deepak Chopra

quotes from pascal and a meditation teacher
from: https://www.theguardian.com/lifeandstyle/2014/jul/19/change-your-life-sit-down-and-think
diff --git a/fortunes.txt b/fortunes.txt
index 555d0a6f..c7807d86 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1127,3 +1127,14 @@ When the power of love overcomes love of power the world will know peace.
 Treating different things the same can generate as much inequality as
 treating the same things differently.
                         - Kimberlé Crenshaw
+%
+Je n'ai fait celle-ci plus longue que parce que je n'ai pas eu le
+loisir de la faire plus courte.
+                        - Blaise Pascal
+%
+J'ai découvert que tout le malheur des hommes vient d'une seule chose,
+qui est de ne pas savoir demeurer au repos dans une chambre.
+                        - Blaise Pascal
+%
+Don't just do something, sit there.
+                        - Sylvia Boorstein

moar toc
diff --git a/services/archive/rescue.mdwn b/services/archive/rescue.mdwn
index 3869181b..55c8b432 100644
--- a/services/archive/rescue.mdwn
+++ b/services/archive/rescue.mdwn
@@ -1,6 +1,6 @@
 [[!meta title="Data rescue operations"]]
 
-[[!toc]]
+[[!toc levels=2]]
 
 A few general data recovery principles:
 

link to parent file for gnome3
diff --git a/software/desktop/gnome2.mdwn b/software/desktop/gnome2.mdwn
index 208783d6..c2946462 100644
--- a/software/desktop/gnome2.mdwn
+++ b/software/desktop/gnome2.mdwn
@@ -2,6 +2,8 @@ This configuration is not relevant anymore, as GNOME 2 has been
 removed from most distributions. It could still apply to stuff like
 MATE and Cinnamon, but let's let it rest here for now.
 
+Note that there's a GNOME 3 doc in [[desktop]].
+
 The Gnome exception
 ===================
 

small gnome update: material shell
diff --git a/software/desktop.mdwn b/software/desktop.mdwn
index a7452a94..74566036 100644
--- a/software/desktop.mdwn
+++ b/software/desktop.mdwn
@@ -190,6 +190,7 @@ configuration:
    * places status indicator
    * workrave display
    * focus follows mouse (slow, but works)
+ * consider [material shell](https://material-shell.com/)
 
 I still have to figure out how to enable the nice shortcuts I have in
 my normal setup. In particular, I should bind the same keybindings to

another nice lens
diff --git a/hardware/camera.mdwn b/hardware/camera.mdwn
index 38820f1a..dd8eff36 100644
--- a/hardware/camera.mdwn
+++ b/hardware/camera.mdwn
@@ -260,6 +260,8 @@ Lentilles:
     around travel lens even if a bit bulky, 28-200mm equivalent,
     [dpreview recommendation](https://www.dpreview.com/reviews/buying-guide-best-lenses-for-fujifilm-mirrorless-cameras), [800$USD B&H](https://www.bhphotovideo.com/c/product/1058622-REG/fujifilm_16432853_xf_18_135mm_f_3_5_5_6_r.html) [1050$CAD
     lozeau](https://en.lozeau.com/collections/objectifs/products/fujifilm-fujinon-xf-18-135mm-f-3-5-5-6-r-lm-ois-wr)
+ 8. [XF50mm F1.0 R WR](https://www.dpreview.com/products/fujifilm/lenses/fujifilm_xf_50_1p0_r_wr): weather resist, f/1! awesome portrait lens,
+    rated second "[lens of the year 2020](https://www.bhphotovideo.com/explora/photography/buying-guide/top-10-mirrorless-lenses-of-2020)" by B&H
 
 Second appareil:
 

acheté une lentille il y a déjà un bout de temps...
diff --git a/hardware/camera.mdwn b/hardware/camera.mdwn
index 36d3ea52..38820f1a 100644
--- a/hardware/camera.mdwn
+++ b/hardware/camera.mdwn
@@ -166,6 +166,12 @@ Lentilles
   lens"), [fstoppers](https://fstoppers.com/gear/worlds-quickest-lens-review-fuji-xf-23mm-14r-8342) (glowing review), 700-900$ on kijiji,
   excellente lentille "prime", utile pour le portrait, mais faut être
   proche... excellente pour la photo de nuit, don d'un ami (!!)
+* Fujifilm [35mm f/2 R WR ø43](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf35mmf2_r_wr/), [Rockwell](http://www.kenrockwell.com/fuji/x-mount-lenses/35mm-f2.htm), [fstoppers](https://fstoppers.com/gear/fstoppers-reviews-fujifilm-35mm-f2-wr-158227),
+  bonne taille, scellée, no OIS, trouvé par le passé à 350-400$ sur
+  kijiji , mais acheté chez Lozeau. bonne taille, scellée, ma
+  principale lentille de travail ces temps-ci. j'aime bien
+  l'équivalent "50mm"... un bon compromis entre "portrait" et
+  "paysage"...
 
 ### Vieux kit
 
@@ -243,8 +249,6 @@ Cossins:
 
 Lentilles:
 
- 1. [35mm f/2 R WR ø43](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf35mmf2_r_wr/), [Rockwell](http://www.kenrockwell.com/fuji/x-mount-lenses/35mm-f2.htm), [fstoppers](https://fstoppers.com/gear/fstoppers-reviews-fujifilm-35mm-f2-wr-158227), bonne
-    taille, scellée, no OIS, 350-400$ sur kijiji , 500$ lozeau
  2. [16-55mm f/2.8 R LM WR ø77](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf16_55mmf28_r_lm_wr/): [Rockwell](http://www.kenrockwell.com/fuji/x-mount-lenses/16-55mm-f28.htm), [Phoblographer](https://www.thephoblographer.com/2015/03/12/review-fujifilm-16-55mm-f2-8-lm-wr-fujifilm-x-mount/), huge
     but real nice, no OIS, 900-1400$
  5. [80mm f/2.8 R LM OIS WR Macro](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf80mmf28_r_lm_ois_wr_macro/), leur seule vraie lentille

wtf clove...
diff --git a/hardware/phone/fairphone3.mdwn b/hardware/phone/fairphone3.mdwn
index e5b8cadc..3796988b 100644
--- a/hardware/phone/fairphone3.mdwn
+++ b/hardware/phone/fairphone3.mdwn
@@ -203,3 +203,7 @@ There's also this [third-party case for the FP3](https://annatreurniet.nl/produc
  * late 2020: Fairphone 2 started to show signs of hardware failure
  * 2020-11-30: ordered Fairphone 3+ from Clove, 628.86$CAD (shipping
    included, customs to be paid on delivery)
+ * 2020-11-30: Clove asks me, by email, to send them a photo of my
+   driver's license and credit card, or pay by PayPal. I refuse the
+   former and accept the later, although it's unclear how and if they
+   can now refund the credit card transaction...

ordered a FP3
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index c29a0aa9..b2a8da16 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -2,6 +2,9 @@
 
 [[!toc levels=2]]
 
+Update: I have ordered a Fairphone 3+ to replace my Fairphone 2, after
+less than two years of use. See [[fairphone3]].
+
 Project overview
 ================
 
diff --git a/hardware/phone/fairphone3.mdwn b/hardware/phone/fairphone3.mdwn
index d0e8daab..e5b8cadc 100644
--- a/hardware/phone/fairphone3.mdwn
+++ b/hardware/phone/fairphone3.mdwn
@@ -197,3 +197,9 @@ Fairphone 3 -- and has stopped shopping the FP2 as well, so they're
 unlikely to ship the FP3.. See also the [Canadian fairphoners group](https://forum.fairphone.com/t/canadian-fairphoners/17991).
 
 There's also this [third-party case for the FP3](https://annatreurniet.nl/products/fairphone-3-flip-case-book-type-bumper).
+
+# Timeline
+
+ * late 2020: Fairphone 2 started to show signs of hardware failure
+ * 2020-11-30: ordered Fairphone 3+ from Clove, 628.86$CAD (shipping
+   included, customs to be paid on delivery)

fix table markups
diff --git a/hardware/phone/fairphone3.mdwn b/hardware/phone/fairphone3.mdwn
index 84aacbb0..d0e8daab 100644
--- a/hardware/phone/fairphone3.mdwn
+++ b/hardware/phone/fairphone3.mdwn
@@ -42,11 +42,13 @@ project.
  * Dual Nano SIM (4FF, Max SAR head (W/kg @ 10g) = 0.388, Max SAR body
    (W/kg @ 10g) = 1.405)
  * Frequencies:
+
    |    | Bands                                                      | Technology                                                                                                           |
    |----|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
    | 4G | Bands **1**, **2**, 3, **4**, **5**, 7, **13**, 20, **26** | (LTE)  Type - Cat. 13, MIMO - 4x2, 2CA Carrier Aggregation, VoLTE + VoWiFi, Max download 300Mbps, Max upload 150Mbps |
    | 3G | **800**, **850**, 900, **1700**, 1900, **2100** Mhz        | (HSPA+) HSDPA - Cat 24, HSUPA - Cat 6 Max download 42Mbps, Max upload 5.76Mbps                                       |
    | 2G | 850, 900, 1800, 1900 Mhz                                   | GMS, GPRS, EDGE) Type - Cat. 33                                                                                      |
+
    Bands in **bold** are new from the [[fairphone2]].
  * USB-C 2.0
  * Sensors: Fingerprint scanner, Ambient Light, Accelerometer,
@@ -96,15 +98,15 @@ Things I'm still unsure about:
    and 4G bands available, but it's still a far cry from what you get
    with a (say) Samsung S9:
    
-   | technology | bands |
-   |---|---|
-   |2G bands |GSM 850 / 900 / 1800 / 1900 - SIM 1 & SIM 2 (dual-SIM model only)|
-   |  |CDMA 800 / 1900 - USA|
-   |3G bands |HSDPA 850 / 900 / 1700(AWS) / 1900 / 2100 - Global, USA|
-   |  |CDMA2000 1xEV-DO - USA|
-   |4G bands |1, 2, 3, 4, 5, 7, 8, 12, 13, 17, 18, 19, 20, 25, 26, 28, 32, 38, 39, 40, 41, 66 - Global|
-   |  |1, 2, 3, 4, 5, 7, 8, 12, 13, 14, 17, 18, 19, 20, 25, 26, 28, 29, 30, 38, 39, 40, 41, 46, 66, 71 - USA|
-   |Speed |HSPA 42.2/5.76 Mbps, LTE-A (6CA) Cat18 1200/200 Mbps|
+   |    | bands                                                                                                 |
+   |----|-------------------------------------------------------------------------------------------------------|
+   | 2G | GSM 850 / 900 / 1800 / 1900 - SIM 1 & SIM 2 (dual-SIM model only)                                     |
+   || CDMA 800 / 1900 - USA                                                                                 |
+   | 3G | HSDPA 850 / 900 / 1700(AWS) / 1900 / 2100 - Global, USA                                               |
+   || CDMA2000 1xEV-DO - USA                                                                                |
+   | 4G | 1, 2, 3, 4, 5, 7, 8, 12, 13, 17, 18, 19, 20, 25, 26, 28, 32, 38, 39, 40, 41, 66 - Global              |
+   || 1, 2, 3, 4, 5, 7, 8, 12, 13, 14, 17, 18, 19, 20, 25, 26, 28, 29, 30, 38, 39, 40, 41, 46, 66, 71 - USA |
+   || HSPA 42.2/5.76 Mbps, LTE-A (6CA) Cat18 1200/200 Mbps                                                  |
 
    Still, it should be a significant improvement from the FP2.
 

more details on the fp3(+)
diff --git a/hardware/phone/fairphone3.mdwn b/hardware/phone/fairphone3.mdwn
index 93d5de34..84aacbb0 100644
--- a/hardware/phone/fairphone3.mdwn
+++ b/hardware/phone/fairphone3.mdwn
@@ -14,7 +14,10 @@ with pre-orders for October. Here are the hilights from the website:
  * Qualcomm Snapdragon 632
  * 64GB internal storage
 
-The full specs:
+See also the [[fairphone2]] page for a broader discussion of the
+project.
+
+# Specifications
 
  * OS: Android <del>9</del>10
  * Qualcomm Snapdragon 632 SoC
@@ -62,6 +65,8 @@ The full specs:
    * IP54 certification
  * Again, [10/10 iFixit score](https://www.ifixit.com/Teardown/Fairphone+3+Teardown/125573)
 
+# Issues
+
 There are some problems, however, that I have found with the specs:
 
  * they [dropped support for Fairphone Open](https://support.fairphone.com/hc/en-us/articles/360032971751-Operating-systems-OS-for-the-Fairphone-3), their google-free
@@ -86,7 +91,23 @@ Things I'm still unsure about:
    decision. but you have to select *some* bands and it seems the
    range is [wider than it was with the FP2](https://forum.fairphone.com/t/fairphone-3-canada/52358/5?u=anarcat), so it might actually
    be *better* than the FP2, which *does* work (somewhat) in
-   Canada. Apparently, it [works fine with Fizz/Vidéotron](https://forum.fairphone.com/t/canadian-fairphoners/17991/78?u=anarcat).
+   Canada. Apparently, it [works fine with Fizz/Vidéotron](https://forum.fairphone.com/t/canadian-fairphoners/17991/78?u=anarcat). As
+   outlined by the chart above, there's a *large* number of new 3G
+   and 4G bands available, but it's still a far cry from what you get
+   with a (say) Samsung S9:
+   
+   | technology | bands |
+   |---|---|
+   |2G bands |GSM 850 / 900 / 1800 / 1900 - SIM 1 & SIM 2 (dual-SIM model only)|
+   |  |CDMA 800 / 1900 - USA|
+   |3G bands |HSDPA 850 / 900 / 1700(AWS) / 1900 / 2100 - Global, USA|
+   |  |CDMA2000 1xEV-DO - USA|
+   |4G bands |1, 2, 3, 4, 5, 7, 8, 12, 13, 17, 18, 19, 20, 25, 26, 28, 32, 38, 39, 40, 41, 66 - Global|
+   |  |1, 2, 3, 4, 5, 7, 8, 12, 13, 14, 17, 18, 19, 20, 25, 26, 28, 29, 30, 38, 39, 40, 41, 46, 66, 71 - USA|
+   |Speed |HSPA 42.2/5.76 Mbps, LTE-A (6CA) Cat18 1200/200 Mbps|
+
+   Still, it should be a significant improvement from the FP2.
+
  * "full day battery life" sounds like they haven't fixed the poor
    battery life of the FP2 I have witnessed. the advice on how to
    "[extend the battery life of your FP3](https://support.fairphone.com/hc/en-us/articles/360032857671-Extend-the-battery-life-of-your-Fairphone-3)" are stock "battery
@@ -101,7 +122,7 @@ Things I'm still unsure about:
    the camera *is* better in that it can at least *compare* with the
    Pixel and Moto phone, according to [this review](https://tweakers.net/reviews/7290/4/fairphone-3-de-meest-repareerbare-smartphone-hardware-en-camera.html)
 
-On the upside:
+# Major advantages
 
  * headphone jack is still there
  * USB-C, although [without video output](https://forum.fairphone.com/t/fp3-and-hdmi-output-usb3-or-mhl/52511/5)
@@ -111,7 +132,49 @@ On the upside:
    porjects like the Fairphone (namely [Shift](https://www.shiftphones.com/en/) and
    [Teracube](https://myteracube.com/)). update: they did a 10/10 score in the [teardown](https://www.ifixit.com/Teardown/Fairphone+3+Teardown/125573)
 
-Places that might ship in Canada:
+# Why replace the FP2
+
+I bought the [[fairphone2]] in march 2019, and now less than two years
+later, I want to replace it, why? Isn't that device supposed to be
+repairable and last forever? Turns out that's only partly true. Yes,
+you can easily get spare parts for the Fairphone 2... if you live in
+Europe! They do not ship globally, unfortunately. There's something to
+be said about a somewhat generic iPhone or Samsung phone: anywhere in
+the world there will be some geeky electronics corner store that will
+be able to somewhat fix your phone, even if it means it's janky and
+expensive. At least it exists, as much as Apple is fighting against
+those shops of course...
+
+The other big problem I have with the Fairphone 2 is that it's really
+not well supported in Canada. Yes, it works, and sometimes I even get
+4G (or at least HSPA). But coverage is really bad. Sometimes I don't
+get signal at the grocery store or in parts of my house. It's really
+hit and miss. I am hoping the FP3 will be better, but it might also
+have trouble: it's the 4G band 12 and 66 which are used by Fido. Telus
+uses the similar band 13 so maybe changing providers could help. Those
+are the 700MHz bands which are critical to getting good long-range,
+across-buildings signal... Still, it  already gives me 800 and 850MHz
+on 3G, and 850MHz is where HSPA lives, so that might [improve things
+significantly](https://forum.fairphone.com/t/repair-a-fairphone-2-or-buy-a-fairphone-3-in-canada/67434/3).
+
+Finally, the FP2 was a nice experiment in a "screw-less" phone, but
+that design has significant, real-life reliability issues. I often
+need to "squeeze" the camera to get it to work, and sometimes it
+doesn't work at all. The main screen sometimes "burns up" and the
+touch becomes erratic until I squeeze it all over the place and then
+sometimes it returns. I have tried the self-help troubleshooting
+instructions, and they basically tell me to take it apart and back
+together again, which is not really helpful. It's as if the connectors
+between the modules loosen over time and just make the phone
+unreliable.
+
+Again, here, an attempt at making the phone easier to repair actually
+made it harder. The FP3 has actual screws (and comes with a
+screwdriver!) so this could possibly be better.
+
+# Where to buy
+
+Places that might ship the Fairphone 3 in Canada:
 
  * [Clove](https://www.clove.co.uk/collections/smartphones-fairphone) - 350GBP (~600CAD) + ~34CAD shipping + customs
  * [Vireo](https://www.vireo.de/fairphone/fairphone/8725/fairphone-3) - 450EUR (690CAD) + shipping + customs, ships to Kanada (note the
@@ -119,9 +182,16 @@ Places that might ship in Canada:
  * [/e/](https://esolutions.shop/shop/e-os-fairphone-3/) - 480EUR (740CAD) + ship + customs, more expensive, but
    preinstalled with a liberated android! (backorder)
 
+The Fairphone 3+ ([comparison](https://support.fairphone.com/hc/en-us/article_attachments/360075296031/FP3_vs_FP3_Plus_v1.3b.pdf)) is more expensive:
+
+| Shop       | Price  | Converted |
+|------------|--------|-----------|
+| [Clove](https://www.clove.co.uk/collections/smartphones-fairphone/products/fairphone-4) | 338GBP | 584CAD    |
+| [Vireo](https://www.vireo.de/fairphone/fairphone/8786/fairphone-3) | 469EUR | 728CAD    |
+| [/e/](https://esolutions.shop/shop/e-os-fairphone-3-plus/)   | 500EUR | 776CAD    |
+
 [Ecosto](https://www.ecosto.net/en/search/?q=fairphone+3), where I bought the [[fairphone2]], do not <del>yet</del> ship the
 Fairphone 3 -- and has stopped shopping the FP2 as well, so they're
 unlikely to ship the FP3.. See also the [Canadian fairphoners group](https://forum.fairphone.com/t/canadian-fairphoners/17991).
 
 There's also this [third-party case for the FP3](https://annatreurniet.nl/products/fairphone-3-flip-case-book-type-bumper).
-

FP3 updates: LOS official, Android 10, new camera, bands outline
diff --git a/hardware/phone/fairphone3.mdwn b/hardware/phone/fairphone3.mdwn
index 99fa4f56..93d5de34 100644
--- a/hardware/phone/fairphone3.mdwn
+++ b/hardware/phone/fairphone3.mdwn
@@ -1,3 +1,7 @@
+[[!toc levels=2]]
+
+# Overview
+
 The third generation of the fairphone was released in august 2019,
 with pre-orders for October. Here are the hilights from the website:
 
@@ -5,14 +9,14 @@ with pre-orders for October. Here are the hilights from the website:
  * Modular and repairable design
  * Full-day battery life
  * A commitment to fairness
- * Android 9, easy to use
- * 12MP camera, great in low light
+ * Android 9, easy to use (update: now Android 10)
+ * 12MP camera, great in low light (also updated in the FP3+)
  * Qualcomm Snapdragon 632
  * 64GB internal storage
 
 The full specs:
 
- * OS: Android 9
+ * OS: Android <del>9</del>10
  * Qualcomm Snapdragon 632 SoC
  * CPU: Cortex-A53, Qualcomm Kryo 250 (64bit, 8 core, 1.8GHz)
  * GPU: Qualcomm Adreno 506 650MHz
@@ -35,19 +39,18 @@ The full specs:
  * Dual Nano SIM (4FF, Max SAR head (W/kg @ 10g) = 0.388, Max SAR body
    (W/kg @ 10g) = 1.405)
  * Frequencies:
-   * 4G (LTE) Type - Cat. 13, MIMO - 4x2, 2CA Carrier Aggregation,
-     VoLTE + VoWiFi, Bands - 1, 2, 3, 4, 5, 7, 13, 20, 26, Max download
-     300Mbps, Max upload 150Mbps
-   * 3G (HSPA+) HSDPA - Cat 24, HSUPA - Cat 6, Frequencies - 800, 850,
-     900, 1700, 1900, 2100 Mhz, Max download 42Mbps, Max upload 5.76Mbps
-   * 2G (GMS, GPRS, EDGE) Type - Cat. 33 Frequencies - 850, 900, 1800,
-     1900 Mhz
+   |    | Bands                                                      | Technology                                                                                                           |
+   |----|------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
+   | 4G | Bands **1**, **2**, 3, **4**, **5**, 7, **13**, 20, **26** | (LTE)  Type - Cat. 13, MIMO - 4x2, 2CA Carrier Aggregation, VoLTE + VoWiFi, Max download 300Mbps, Max upload 150Mbps |
+   | 3G | **800**, **850**, 900, **1700**, 1900, **2100** Mhz        | (HSPA+) HSDPA - Cat 24, HSUPA - Cat 6 Max download 42Mbps, Max upload 5.76Mbps                                       |
+   | 2G | 850, 900, 1800, 1900 Mhz                                   | GMS, GPRS, EDGE) Type - Cat. 33                                                                                      |
+   Bands in **bold** are new from the [[fairphone2]].
  * USB-C 2.0
  * Sensors: Fingerprint scanner, Ambient Light, Accelerometer,
    Gyroscope, Proximity, Barometer, Compass
  * Headphone jack
  * External speaker loudness: 95db @ 10cm
- * Audio: Miracast support, codecs:    AAC/AAC+/eAAC+, MP3, WMA (v9,
+ * Audio: Miracast support, codecs: AAC/AAC+/eAAC+, MP3, WMA (v9,
    v10), WMALossless, WMAPro 10, AMR-NB, AMR-WB, FLAC, ALAC, Vorbis,
    AIFF, APE
  * Video: HEVC, H.264, MPEG-4, MPEG-2, H.263, VP8, VP9
@@ -63,7 +66,7 @@ There are some problems, however, that I have found with the specs:
 
  * they [dropped support for Fairphone Open](https://support.fairphone.com/hc/en-us/articles/360032971751-Operating-systems-OS-for-the-Fairphone-3), their google-free
    version of Android. that's a real bummer, especially since
-   LineageOS is [not yet supported](https://forum.fairphone.com/t/will-lineageos-be-supported-on-fairphone-3/52528) on the phone. so it's unclear
+   LineageOS is [not yet supported](https://forum.fairphone.com/t/will-lineageos-be-supported-on-fairphone-3/52528) ([LineageOS also has an official port](https://forum.fairphone.com/t/official-lineageos-for-fairphone-3/66978) on the phone. so it's unclear
    you will be able to [use the phone without a google account](https://forum.fairphone.com/t/can-i-use-a-fp3-without-a-google-account/52569) and
    the associated surveillance at all. it's possible a post-launch
    update does provide support for those configurations, however. see
@@ -72,8 +75,7 @@ There are some problems, however, that I have found with the specs:
    (missing LTE, GPS, Updater and selinux) or [/e/](https://forum.fairphone.com/t/e-for-fp3-google-free-os/59328) ([missing
    sensors, camera, gps and fingerprint sensor](https://community.e.foundation/t/fairphone-3-fp3-support-on-e/6438/111)), TWRP has been
    [ported](https://forum.fairphone.com/t/twrp-for-fairphone-3/56995/26) but the port is [still unofficial](https://twrp.me/Devices/Fairphone/)
-   Update: [LineageOS also has an unofficial port](https://forum.fairphone.com/t/rom-unofficial-lineageos-16-0-for-fp3/59849) and [/e/ even
-   *sells* FP3 phones now](https://esolutions.shop/shop/e-os-fairphone-3/)
+   Update: [/e/ *sells* FP3 phones now](https://esolutions.shop/shop/e-os-fairphone-3/)
  * the phone is 10% larger than the FP2 (FP3: 158 x 71.8 x 9.89 mm,
    FP2: 143 x 73 x 11 mm) but 2mm thinner and 1mm narrower
 

updates on google and samsung phones
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 30af9160..0009ba14 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -165,6 +165,9 @@ that made me discard it:
  * no SD card
  * no official build for the latest (Pixel 3)
 
+Update: there are now official builds, but the Pixel phones still
+don't support SD cards.
+
 Motorola
 --------
 
@@ -194,6 +197,11 @@ hasn't been ported to the newer LOS 15.1. The [S9](https://wiki.lineageos.org/de
 also has [good reviews](https://forum.xda-developers.com/galaxy-s9/review) but is much more expensive. It also didn't
 score well (4/10) in the [iFixit teardown](https://www.ifixit.com/Teardown/Samsung+Galaxy+S9+Teardown/104322) and is *huge* (5.8"/6.2").
 
+Update: very tempted by the Samsung devices, but after being unable of
+flashing a Samsung tablet, I'm wary of struggling against my hardware
+manufacturer to have the freedom to install what I want on them. See
+[this post for a hint](https://community.e.foundation/t/glaxay-s9-e-version-confusion/18076/27).
+
 Sony
 ----
 

split fp3 in a separate page
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 63eb52f2..30af9160 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -145,130 +145,7 @@ Moved to [[fairphone2]].
 Fairphone 3
 -----------
 
-The third generation of the fairphone was released in august 2019,
-with pre-orders for October. Here are the hilights from the website:
-
- * Recycled and fair materials
- * Modular and repairable design
- * Full-day battery life
- * A commitment to fairness
- * Android 9, easy to use
- * 12MP camera, great in low light
- * Qualcomm Snapdragon 632
- * 64GB internal storage
-
-The full specs:
-
- * OS: Android 9
- * Qualcomm Snapdragon 632 SoC
- * CPU: Cortex-A53, Qualcomm Kryo 250 (64bit, 8 core, 1.8GHz)
- * GPU: Qualcomm Adreno 506 650MHz
- * 4GB RAM
- * 64GB internal storage
- * MicroSD card ([precise specs unknonwn](https://forum.fairphone.com/t/fp3-microsd-controller-specs-a1-or-a2/52368), <=200GB)
- * 3060mAH battery (300 hours idle, 20h calls, 3.5h charge time)
- * 5.65" Full HD+ 18:9 LCD (IPS) touchscreen,  2160 x 1080 resolution,
-   427ppi, Gorilla Glass 5, 16 million colors
- * Rear camera: 12MP f/1.8, 1/2.55" sensor, phase detection autofocus,
-   Sony IMX363 sensor, digital image stabilization, dual LED flash, 8x
-   digital zoom, 3840x2160 video resolution, 4k@30fps, 1080p@30fps,
-   720p@60fps
- * Front camera: 8MP f/2.0, 1/4" sensor, Digital Image Stabilization,
-   8x digital zoom
- * Wifi: 2.4 & 5 GHz, 802.11 a/b/g/n/ac, Wifi direct
- * Bluetooth 5 + LE
- * NFC
- * GNSS standards: GPS, Glonass, Galileo, A-GPS support
- * Dual Nano SIM (4FF, Max SAR head (W/kg @ 10g) = 0.388, Max SAR body
-   (W/kg @ 10g) = 1.405)
- * Frequencies:
-   * 4G (LTE) Type - Cat. 13, MIMO - 4x2, 2CA Carrier Aggregation,
-     VoLTE + VoWiFi, Bands - 1, 2, 3, 4, 5, 7, 13, 20, 26, Max download
-     300Mbps, Max upload 150Mbps
-   * 3G (HSPA+) HSDPA - Cat 24, HSUPA - Cat 6, Frequencies - 800, 850,
-     900, 1700, 1900, 2100 Mhz, Max download 42Mbps, Max upload 5.76Mbps
-   * 2G (GMS, GPRS, EDGE) Type - Cat. 33 Frequencies - 850, 900, 1800,
-     1900 Mhz
- * USB-C 2.0
- * Sensors: Fingerprint scanner, Ambient Light, Accelerometer,
-   Gyroscope, Proximity, Barometer, Compass
- * Headphone jack
- * External speaker loudness: 95db @ 10cm
- * Audio: Miracast support, codecs:    AAC/AAC+/eAAC+, MP3, WMA (v9,
-   v10), WMALossless, WMAPro 10, AMR-NB, AMR-WB, FLAC, ALAC, Vorbis,
-   AIFF, APE
- * Video: HEVC, H.264, MPEG-4, MPEG-2, H.263, VP8, VP9
- * Dark Translucent body and cover
-   * Length 158 mm
-   * Width 71.8 mm
-   * Thickness 9.89 mm
-   * Weight: 189g
-   * IP54 certification
- * Again, [10/10 iFixit score](https://www.ifixit.com/Teardown/Fairphone+3+Teardown/125573)
-
-There are some problems, however, that I have found with the specs:
-
- * they [dropped support for Fairphone Open](https://support.fairphone.com/hc/en-us/articles/360032971751-Operating-systems-OS-for-the-Fairphone-3), their google-free
-   version of Android. that's a real bummer, especially since
-   LineageOS is [not yet supported](https://forum.fairphone.com/t/will-lineageos-be-supported-on-fairphone-3/52528) on the phone. so it's unclear
-   you will be able to [use the phone without a google account](https://forum.fairphone.com/t/can-i-use-a-fp3-without-a-google-account/52569) and
-   the associated surveillance at all. it's possible a post-launch
-   update does provide support for those configurations, however. see
-   also [this discussion](https://forum.fairphone.com/t/fp3-fairphone-open-os/52301). For now, the solution seems to be either
-   [GSI](https://forum.fairphone.com/t/how-to-flash-a-custom-rom-on-fp3-with-gsi/57074) (Generic System Images, AKA plain AOSP), [LineageOS](https://forum.fairphone.com/t/lineageos-16-for-fp3-development/59849)
-   (missing LTE, GPS, Updater and selinux) or [/e/](https://forum.fairphone.com/t/e-for-fp3-google-free-os/59328) ([missing
-   sensors, camera, gps and fingerprint sensor](https://community.e.foundation/t/fairphone-3-fp3-support-on-e/6438/111)), TWRP has been
-   [ported](https://forum.fairphone.com/t/twrp-for-fairphone-3/56995/26) but the port is [still unofficial](https://twrp.me/Devices/Fairphone/)
-   Update: [LineageOS also has an unofficial port](https://forum.fairphone.com/t/rom-unofficial-lineageos-16-0-for-fp3/59849) and [/e/ even
-   *sells* FP3 phones now](https://esolutions.shop/shop/e-os-fairphone-3/)
- * the phone is 10% larger than the FP2 (FP3: 158 x 71.8 x 9.89 mm,
-   FP2: 143 x 73 x 11 mm) but 2mm thinner and 1mm narrower
-
-Things I'm still unsure about:
-
- * [no 4G support in the US](https://support.fairphone.com/hc/en-us/articles/360032577632-Connectivity-of-the-FP3-outside-of-Europe) - that's pretty dramatic, and is a
-   blocker for a huge market, I don't understand how they made that
-   decision. but you have to select *some* bands and it seems the
-   range is [wider than it was with the FP2](https://forum.fairphone.com/t/fairphone-3-canada/52358/5?u=anarcat), so it might actually
-   be *better* than the FP2, which *does* work (somewhat) in
-   Canada. Apparently, it [works fine with Fizz/Vidéotron](https://forum.fairphone.com/t/canadian-fairphoners/17991/78?u=anarcat).
- * "full day battery life" sounds like they haven't fixed the poor
-   battery life of the FP2 I have witnessed. the advice on how to
-   "[extend the battery life of your FP3](https://support.fairphone.com/hc/en-us/articles/360032857671-Extend-the-battery-life-of-your-Fairphone-3)" are stock "battery
-   saver, etc" advice that worry me. but the specs say "300h standby
-   time" so that could be much better than what I currently get, which
-   is about 30-40h standby. see also [this discussion](https://forum.fairphone.com/t/fp3-vs-fp2-autonomy-and-durability/52407) and [this
-   very positive report](https://forum.fairphone.com/t/fp3-battery-life-experiences/52936) (~10 days standby).
- * they say they have a "great" 12MP camera in "low light", but I'm
-   not convinced that 12MP is that great for a camera phone at this
-   point. it's the same resolution as the *older* fairphone 2 so I
-   don't understand how they could give that an upgrade... apparently,
-   the camera *is* better in that it can at least *compare* with the
-   Pixel and Moto phone, according to [this review](https://tweakers.net/reviews/7290/4/fairphone-3-de-meest-repareerbare-smartphone-hardware-en-camera.html)
-
-On the upside:
-
- * headphone jack is still there
- * USB-C, although [without video output](https://forum.fairphone.com/t/fp3-and-hdmi-output-usb3-or-mhl/52511/5)
- * transluscent cover is back
- * [positive first impressions from iFixit](https://www.ifixit.com/News/the-fairphone-3-is-here-and-its-not-the-only-sustainable-phone-on-the-way) although they do
-   mention problems with US networks and that there are now other
-   porjects like the Fairphone (namely [Shift](https://www.shiftphones.com/en/) and
-   [Teracube](https://myteracube.com/)). update: they did a 10/10 score in the [teardown](https://www.ifixit.com/Teardown/Fairphone+3+Teardown/125573)
-
-Places that might ship in Canada:
-
- * [Clove](https://www.clove.co.uk/collections/smartphones-fairphone) - 350GBP (~600CAD) + ~34CAD shipping + customs
- * [Vireo](https://www.vireo.de/fairphone/fairphone/8725/fairphone-3) - 450EUR (690CAD) + shipping + customs, ships to Kanada (note the
-   K instead of C!)
- * [/e/](https://esolutions.shop/shop/e-os-fairphone-3/) - 480EUR (740CAD) + ship + customs, more expensive, but
-   preinstalled with a liberated android! (backorder)
-
-[Ecosto](https://www.ecosto.net/en/search/?q=fairphone+3), where I bought the [[fairphone2]], do not <del>yet</del> ship the
-Fairphone 3 -- and has stopped shopping the FP2 as well, so they're
-unlikely to ship the FP3.. See also the [Canadian fairphoners group](https://forum.fairphone.com/t/canadian-fairphoners/17991).
-
-There's also this [third-party case for the FP3](https://annatreurniet.nl/products/fairphone-3-flip-case-book-type-bumper).
+Moved to [[fairphone3]].
 
 Purism Librem 5
 ---------------
diff --git a/hardware/phone/fairphone3.mdwn b/hardware/phone/fairphone3.mdwn
new file mode 100644
index 00000000..99fa4f56
--- /dev/null
+++ b/hardware/phone/fairphone3.mdwn
@@ -0,0 +1,125 @@
+The third generation of the fairphone was released in august 2019,
+with pre-orders for October. Here are the hilights from the website:
+
+ * Recycled and fair materials
+ * Modular and repairable design
+ * Full-day battery life
+ * A commitment to fairness
+ * Android 9, easy to use
+ * 12MP camera, great in low light
+ * Qualcomm Snapdragon 632
+ * 64GB internal storage
+
+The full specs:
+
+ * OS: Android 9
+ * Qualcomm Snapdragon 632 SoC
+ * CPU: Cortex-A53, Qualcomm Kryo 250 (64bit, 8 core, 1.8GHz)
+ * GPU: Qualcomm Adreno 506 650MHz
+ * 4GB RAM
+ * 64GB internal storage
+ * MicroSD card ([precise specs unknonwn](https://forum.fairphone.com/t/fp3-microsd-controller-specs-a1-or-a2/52368), <=200GB)
+ * 3060mAH battery (300 hours idle, 20h calls, 3.5h charge time)
+ * 5.65" Full HD+ 18:9 LCD (IPS) touchscreen,  2160 x 1080 resolution,
+   427ppi, Gorilla Glass 5, 16 million colors
+ * Rear camera: 12MP f/1.8, 1/2.55" sensor, phase detection autofocus,
+   Sony IMX363 sensor, digital image stabilization, dual LED flash, 8x
+   digital zoom, 3840x2160 video resolution, 4k@30fps, 1080p@30fps,
+   720p@60fps
+ * Front camera: 8MP f/2.0, 1/4" sensor, Digital Image Stabilization,
+   8x digital zoom
+ * Wifi: 2.4 & 5 GHz, 802.11 a/b/g/n/ac, Wifi direct
+ * Bluetooth 5 + LE
+ * NFC
+ * GNSS standards: GPS, Glonass, Galileo, A-GPS support
+ * Dual Nano SIM (4FF, Max SAR head (W/kg @ 10g) = 0.388, Max SAR body
+   (W/kg @ 10g) = 1.405)
+ * Frequencies:
+   * 4G (LTE) Type - Cat. 13, MIMO - 4x2, 2CA Carrier Aggregation,
+     VoLTE + VoWiFi, Bands - 1, 2, 3, 4, 5, 7, 13, 20, 26, Max download
+     300Mbps, Max upload 150Mbps
+   * 3G (HSPA+) HSDPA - Cat 24, HSUPA - Cat 6, Frequencies - 800, 850,
+     900, 1700, 1900, 2100 Mhz, Max download 42Mbps, Max upload 5.76Mbps
+   * 2G (GMS, GPRS, EDGE) Type - Cat. 33 Frequencies - 850, 900, 1800,
+     1900 Mhz
+ * USB-C 2.0
+ * Sensors: Fingerprint scanner, Ambient Light, Accelerometer,
+   Gyroscope, Proximity, Barometer, Compass
+ * Headphone jack
+ * External speaker loudness: 95db @ 10cm
+ * Audio: Miracast support, codecs:    AAC/AAC+/eAAC+, MP3, WMA (v9,
+   v10), WMALossless, WMAPro 10, AMR-NB, AMR-WB, FLAC, ALAC, Vorbis,
+   AIFF, APE
+ * Video: HEVC, H.264, MPEG-4, MPEG-2, H.263, VP8, VP9
+ * Dark Translucent body and cover
+   * Length 158 mm
+   * Width 71.8 mm
+   * Thickness 9.89 mm
+   * Weight: 189g

(Diff truncated)
approve comment
diff --git a/blog/2020-07-13-not-recommending-purism/comment_1_bcf32b99d8cdbf46456553d460f4d707._comment b/blog/2020-07-13-not-recommending-purism/comment_1_bcf32b99d8cdbf46456553d460f4d707._comment
new file mode 100644
index 00000000..72df5e66
--- /dev/null
+++ b/blog/2020-07-13-not-recommending-purism/comment_1_bcf32b99d8cdbf46456553d460f4d707._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="5.18.204.28"
+ claimedauthor="Daniil"
+ subject="System76 peace of sh*"
+ date="2020-11-27T13:23:15Z"
+ content="""
+Sorry, but I have the same negative experience with System76.
+System76 don't have anything on their own, they are just put stickers on the laptop and in the box. And when the ordered laptop has some defects, they are trying to charge from you money if you want to give them back they non-working peace of shit (motivating this by the fact that they will not be able to re-sell it - do you understand the level of their hypocrisy). All laptop models created by Clevo.
+"""]]

ajouter ma presentation sur le packaging
diff --git a/communication.mdwn b/communication.mdwn
index 7180df9b..b13a6ff4 100644
--- a/communication.mdwn
+++ b/communication.mdwn
@@ -75,6 +75,8 @@ Techniques
 
 <!-- todo: move to a .bib file and add good entries to CV -->
 
+ * [Debian packaging 101 at the Toronto BSP (video)](https://www.youtube.com/watch?v=O83rIRRJysA&feature=youtu.be) (mai 2019)
+ * [Debian packaging 101 at Debconf Montreal](https://debconf17.debconf.org/talks/161/), no video (août 2017)
  * Formation en sécurité informatique pour l'ASSÉ (~novembre 2013)
  * [DrupalCon London 2011: AEGIR: ONE DRUPAL TO RULE THEM ALL!](http://london2011.drupal.org/conference/sessions/aegir-one-drupal-rule-them-all.html) avec Steven Jones, [video](https://www.youtube.com/watch?v=Uub18h_9PMY) (mars 2011)
  * [DrupalCamp Montreal 2010: Aegir: One Drupal to Rule Them All](http://community.aegirproject.org/drupalcamp-montreal-2010-antoine-beaupr%C3%A9-aegir-one-drupal-rule-them-all) (octobre 2010)
diff --git a/software/debian-development.mdwn b/software/debian-development.mdwn
index 9293ea0f..0e6ca196 100644
--- a/software/debian-development.mdwn
+++ b/software/debian-development.mdwn
@@ -2,7 +2,9 @@
 
 [[!toc levels=2]]
 
-[[!note "This guide is also available under the URL <https://deb.li/quickdev>."]]
+[[!note "This guide is also available under the URL
+<https://deb.li/quickdev> and as a video presentation
+<https://www.youtube.com/watch?v=O83rIRRJysA>."]]
 
 This guides aims to kickstart people with working in existing Debian
 packages, either to backport software, patch existing packages or work

fix and expand lte links and lists
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 090745bc..63eb52f2 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -822,21 +822,21 @@ Also known as `LTE`, `E-UTRA`, this is where it gets pretty messy.
 * Australia: 1800, 2300 (bands 3, 40)
 * America: 700, 750, 800, 850, 1900, 1700/2100 (AWS/[Vidéotron][]), 2500, 2600
   ([Rogers][], [Bell][]) (bands 2, 4, 7, 12, 13, 17, 25,
-  26, 41)
+  26, 41, 66)
 * S. America: 2500
 
-See also the
-[source](https://en.wikipedia.org/wiki/LTE_(telecommunication)#Frequency_bands)
-for the above and the
-[explicit deployment chart](https://en.wikipedia.org/wiki/E-UTRA#Deployments_by_region). Basically,
-we need one (or many?) of those:
+See also the [source][lte-frequency-bands] for the above and the [explicit deployment
+chart](https://en.wikipedia.org/wiki/LTE_frequency_bands#Deployments_by_region). Basically, we need one (or many?) of those:
+
+[lte-frequency-bands]: https://en.wikipedia.org/wiki/LTE_(telecommunication)#Frequency_bands
 
 * base 4, 7 (1700/2100, 2600 MHz: [Bell][], [Rogers][]/[Fido][], others?)
 * base 10 (700 MHz: [Vidéotron][])
 * base 13 (700 MHz: [Bell][], [Vidéotron][], Telus)
 * base 17 (700 MHz: [Bell][], [Rogers][]?/[Fido][])
 
-See also [this post on koodoo](https://community.koodomobile.com/koodo/topics/the_big_three_canadian_network_frequencies).
+See also [this post on koodoo](https://community.koodomobile.com/koodo/topics/the_big_three_canadian_network_frequencies) (dead link, no archive). [This
+inventory of bands per provider in Canada/US](https://www.signalbooster.com/pages/what-are-the-cellular-frequencies-of-cell-phone-carriers-in-usa-canada) is useful as well.
 
  [Fido]: http://www.fido.ca/web/content/phonewarranty/configure_unlocked_device_guide&lang=fr
  [Rogers]: http://www.rogers.com/web/support/wireless/unlock/479?setLanguage=en

gitwatch is not generic
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 4fef872a..d8807abb 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -86,15 +86,6 @@ https://github.com/tinkershack/fluffy
  * [Debian package](https://tracker.debian.org/pkg/gamin) since 2005
  * not a commandline tool
 
-## gitwatch
-
-<https://github.com/gitwatch/gitwatch>
-
- * 2012-2020
- * GPLv3
- * relies on inotifywait
- * just commits to git after a delay
-
 ## incron
 
 <https://github.com/ar-/incron>
@@ -312,6 +303,15 @@ am aware of:
  * [git-annex](https://git-annex.branchable.com/)
  * [syncthing](https://syncthing.net/)
 
+## gitwatch
+
+<https://github.com/gitwatch/gitwatch>
+
+ * 2012-2020
+ * GPLv3
+ * relies on inotifywait
+ * just commits and pushes to git after a delay
+
 ## inosync
 
 <https://github.com/hollow/inosync>

more references
diff --git a/blog/2020-03-10-font-changes/comment_3_ee8eb8616c1a8002082526233ca172ac._comment b/blog/2020-03-10-font-changes/comment_3_ee8eb8616c1a8002082526233ca172ac._comment
new file mode 100644
index 00000000..6c19cf98
--- /dev/null
+++ b/blog/2020-03-10-font-changes/comment_3_ee8eb8616c1a8002082526233ca172ac._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""more design hints"""
+ date="2020-11-23T17:09:18Z"
+ content="""
+I found more web sites that could be relevant for future reshuffling of this work:
+
+ * [dev fonts comparator](https://devfonts.gafi.dev/)
+ * [What’s the best font size for the web?](https://www.imarc.com/blog/best-font-size-for-any-device)
+ * [Building a color palette](https://refactoringui.com/previews/building-your-color-palette/)
+"""]]

more sites
diff --git a/services/dns.mdwn b/services/dns.mdwn
index db7223af..ac76dfda 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -54,10 +54,12 @@ n'est pas clair, dans l'interface, qui a accès à mes domaines.
 
 | Registry       | .com     | .org     | .net     | .ca      | .at      | Notes                     |
 |----------------|----------|----------|----------|----------|----------|---------------------------|
+| bookmyname.com |          |          |          |          |          | à déterminer              |
 | cloudflare.com | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                           |
 | easydns.com    | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting              |
 | gandi.net      | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at  |
 | gandi.net (DD) | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Développeur Debian |
+| itich.com      |          |          |          |          |          | à déterminer              |
 | joker.com      | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                           |
 | njal.la        | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme  |
 

more tools
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 18f98ef4..4fef872a 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -86,6 +86,15 @@ https://github.com/tinkershack/fluffy
  * [Debian package](https://tracker.debian.org/pkg/gamin) since 2005
  * not a commandline tool
 
+## gitwatch
+
+<https://github.com/gitwatch/gitwatch>
+
+ * 2012-2020
+ * GPLv3
+ * relies on inotifywait
+ * just commits to git after a delay
+
 ## incron
 
 <https://github.com/ar-/incron>
diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index 1082cef3..e1b67adc 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -64,6 +64,7 @@ This also overlaps with bookmarking software like:
  * [Turtl](https://turtlapp.com/)
  * [Wallabag](https://wallabag.org/)
  * [seelink](https://www.seelink.app/)
+ * [Shaarli](https://github.com/shaarli/Shaarli)
 
 ... and archival software in the [[WARC ecosystem|services/archive]].
 

ajout prix .org/.net
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 1eee85e5..db7223af 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -52,13 +52,14 @@ changer tous les contacts du domaine **même s'ils n'étaient pas dans
 la liste des contacts**. C'est assez inquiétant et m'indique qu'il
 n'est pas clair, dans l'interface, qui a accès à mes domaines.
 
-| Registry       | .com     | .ca      | .at      | Notes                    |
-|----------------|----------|----------|----------|--------------------------|
-| cloudflare.com | 8.03USD  | N/A      | N/A      |                          |
-| easydns.com    | 15USD    | 15CAD    | 22USD    | also hosting             |
-| gandi.net      | 21.70CAD | 19.38CAD | 21.60CAD | pas de transfer lock .at |
-| joker.com      | 13.60CAD | N/A      | 15.31USD |                          |
-| njal.la        | 15EUR    | N/A      | N/A      | pas un registry, anonyme |
+| Registry       | .com     | .org     | .net     | .ca      | .at      | Notes                     |
+|----------------|----------|----------|----------|----------|----------|---------------------------|
+| cloudflare.com | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                           |
+| easydns.com    | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting              |
+| gandi.net      | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at  |
+| gandi.net (DD) | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Développeur Debian |
+| joker.com      | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                           |
+| njal.la        | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme  |
 
 Convention de noms
 ==================

gandi alternatives
diff --git a/services/dns.mdwn b/services/dns.mdwn
index d0ad2501..1eee85e5 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -33,6 +33,33 @@ Documentation locale
  * [[dnssec]] - la validation des noms de domaines
  * [[migration]] - comment migrer vers une nouvelle IP
 
+Autres fournisseurs
+===================
+
+Je considère des alternatives à Gandi. Le temps où Gandi était une
+bande d'anarchistes prêt à foutre le feu au système de noms de domaine
+est largement révolu: la seule chose qu'ils ont gardé après la vente
+est un slogan pourri, en anglais. Leur interface "v5" est parfaitement
+infecte, difficile à utiliser, et n'a pas la flexibilité de l'ancienne
+interface (qui permettait par example à un tier de payer un nom de
+domaine).
+
+J'ai d'ailleurs eu une expérience étrange cette semaine: un nom de
+domaine d'un ancien client (enfin, un client de Koumbit) s'est
+retrouvé dans ma liste de domaine, avec moi comme contact
+partout. J'ai informé Koumbit et, bizarrement, ils ont été capables de
+changer tous les contacts du domaine **même s'ils n'étaient pas dans
+la liste des contacts**. C'est assez inquiétant et m'indique qu'il
+n'est pas clair, dans l'interface, qui a accès à mes domaines.
+
+| Registry       | .com     | .ca      | .at      | Notes                    |
+|----------------|----------|----------|----------|--------------------------|
+| cloudflare.com | 8.03USD  | N/A      | N/A      |                          |
+| easydns.com    | 15USD    | 15CAD    | 22USD    | also hosting             |
+| gandi.net      | 21.70CAD | 19.38CAD | 21.60CAD | pas de transfer lock .at |
+| joker.com      | 13.60CAD | N/A      | 15.31USD |                          |
+| njal.la        | 15EUR    | N/A      | N/A      | pas un registry, anonyme |
+
 Convention de noms
 ==================
 

yet another tool
diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn
index 730659f8..1082cef3 100644
--- a/services/bookmarks.mdwn
+++ b/services/bookmarks.mdwn
@@ -63,6 +63,7 @@ This also overlaps with bookmarking software like:
  * [Shiori](https://github.com/RadhiFadlillah/shiori)
  * [Turtl](https://turtlapp.com/)
  * [Wallabag](https://wallabag.org/)
+ * [seelink](https://www.seelink.app/)
 
 ... and archival software in the [[WARC ecosystem|services/archive]].
 

anotehr option
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index e8f1c1bc..70046f2e 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -292,7 +292,8 @@ Calibre is...
    that protocol is quite useful to browse books on the fly from
    hacked Kobo readers (running [Koreader](http://koreader.rocks/), but [not Plato](https://github.com/baskerville/plato/issues/69)) or
    Android devices (running [Document Viewer](https://f-droid.org/packages/org.sufficientlysecure.viewer/) or Koreader)... There
-   is an OPDS [test server](http://feedbooks.github.io/opds-test-catalog/), see also my [2016 analysis](https://github.com/wallabag/wallabag/issues/1253#issuecomment-204996640).
+   is an OPDS [test server](http://feedbooks.github.io/opds-test-catalog/), see also my [2016
+   analysis](https://github.com/wallabag/wallabag/issues/1253#issuecomment-204996640). Update: [Ubooquity](https://vaemendis.net/ubooquity/) is a thing as well.
 
 [Liber]: https://git.autistici.org/ale/liber
 [Trantor]: https://gitlab.com/trantor/trantor

anotehr option
diff --git a/software/debian-development.mdwn b/software/debian-development.mdwn
index cd0a336e..9293ea0f 100644
--- a/software/debian-development.mdwn
+++ b/software/debian-development.mdwn
@@ -934,6 +934,7 @@ are the alternatives I am aware of:
  * [debspawn][] - system-nspawn builder
  * [docker-buildpackage][] - Docker builder
  * [qemubuilder][] - qemu builder
+ * [qemu-sbuild-utils][] - qemu + sbuild + autopkgtest
 
 Take, for example, [Whalebuilder][], which uses Docker to build
 packages instead of `pbuilder` or `sbuild`. Docker provides more
@@ -956,6 +957,7 @@ which would greatly reduce their complexity.
 [qemubuilder]: https://wiki.debian.org/qemubuilder
 [sbuild plugin]: https://lists.debian.org/debian-devel/2018/08/msg00005.html
 [whalebuilder]: https://www.uhoreg.ca/programming/debian/whalebuilder
+[qemu-sbuild-utils]: https://www.kvr.at/posts/qemu-sbuild-utils-01-sbuild-with-qemu/
 
 This guide should be integrated into the official documentation or the
 Debian wiki. It is eerily similar to [this guide][] which itself is a

sort reformat
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index d1db4394..b9a97c80 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -347,10 +347,12 @@ Other converters
 
 Consider alternative SSGs:
 
- * lektor: used at Tor
- * pelican: watch out for pelican, another user reports that, with caching, generating a 500 page site takes 30 seconds, 2 minutes without caching)
+ * [11ty](https://www.11ty.dev/): [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
+ * [lektor](https://www.getlektor.com/): used at Tor
+ * [pelican](https://getpelican.com/): watch out for pelican, another user reports that,
+   with caching, generating a 500 page site takes 30 seconds, 2
+   minutes without caching
  * [zola](https://www.getzola.org/)
- * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
 
 See also those comparisons:
 

merge the ssg alternatives in one place
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index e0cfce59..d2b99546 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -96,6 +96,8 @@ Here are some things I'm thinking of doing on the website:
  * improve spam control, consider the [mediawiki tricks](https://m.mediawiki.org/wiki/Manual:Combating_spam), [friendly
    captcha](https://friendlycaptcha.com/), the [Tornevall blocklist](https://www.tornevall.net/about/) and other RBLs, and [the
    ikiwiki discussion](https://ikiwiki.info/todo/anti-spam_protection/)
+ * consider migrating away from ikiwiki, see
+   [[ikiwiki-hugo-conversion]] for details
 
 [TufteCSS]: https://edwardtufte.github.io/tufte-css/
 [controlpanel]: http://anarc.at/ikiwiki.cgi?do=controlpanel
@@ -207,11 +209,6 @@ dropped:
 We're now running upstream (`0.20180719-1`), which hopefully still
 works.
 
-Other SSG options:
-
- * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
- * TODO: compare with other SSGs
-
 ## 2017-06-19: major upgrade
 
 upgraded to the upstream 3.20170111 release using backports in
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 80f983a8..d1db4394 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -255,10 +255,6 @@ the gist of it is we need to implement:
 
 structural elements needing more thinking:
 
- * consider lektor and pelican and [zola](https://www.getzola.org/) and what else (watch out
-   for pelican, another user reports that, with caching, generating a
-   500 page site takes 30 seconds, 2 minutes without caching)
-   ([comparison site](https://www.staticgen.com/), [another](https://staticsitegenerators.net/), and [another](https://www.staticsitegenerator.net/))
  * [RSS](https://gohugo.io/templates/rss/)
  * frontpage and blog structure (`inline`)
  * same with `map` and `orphan` pages
@@ -347,3 +343,16 @@ Other converters
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
  * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)
  * [Upstream list of converters](https://gohugo.io/tools/migrations/)
+# Other alternatives
+
+Consider alternative SSGs:
+
+ * lektor: used at Tor
+ * pelican: watch out for pelican, another user reports that, with caching, generating a 500 page site takes 30 seconds, 2 minutes without caching)
+ * [zola](https://www.getzola.org/)
+ * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
+
+See also those comparisons:
+
+ * <https://www.staticgen.com/
+ * <https://staticsitegenerators.net/>

settext/atx
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index db1e26fd..e0cfce59 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -10,8 +10,7 @@ Voir aussi [[hosted]] pour les sites statiques hébergés hors de la ferme de wi
 
 [[!toc levels=2]]
 
-Fonctionnement
-==============
+# Fonctionnement
 
 Les wikis fonctionnent sous l'excellent logiciel [[ikiwiki]], et les wikis sont gérés avec l'extension [ikiwiki-hosting](http://ikiwiki-hosting.branchable.com/).
 
@@ -19,13 +18,11 @@ Chaque wiki a sont propre dépôt [[git]] indépendant qui garde l'historique de
 
 Un [[!wikipedia stylesheet]] peut être installé par les utilisateurs, et un thème complet (tel [[night city|night_city/README]] qui formait la jolie présentation ici) peut être installé sur demande.
 
-Tips
-====
+# Tips
 
 Petits conseils d'utilisation supplémentaire de ikiwiki. Voir [[ikiwiki]] pour l'aide régulière.
 
-Migrating from Moinmoin markup to markdown regexes
---------------------------------------------------
+## Migrating from Moinmoin markup to markdown regexes
 
  * titles: `^== \(.*\) ==$` to `## \1`
  * preformatted areas: `{{{` to `[[!format txt """` and `}}}` to `"""]]`
@@ -33,8 +30,7 @@ Migrating from Moinmoin markup to markdown regexes
 
 Those are probably not being rendered properly, see [[!iki tips/convert_moinmoin_to_ikiwiki]] for a more complete solution.
 
-Renaming a wiki
----------------
+## Renaming a wiki
 
 Normally:
 
@@ -68,8 +64,7 @@ mv a-test a-testwiki
 sudo ikisite changesetup testwiki.anarc.at --rebuild
 ```
 
-Todo list
-=========
+# Todo list
 
 Here are some things I'm thinking of doing on the website:
 
@@ -120,13 +115,11 @@ Here are some things I'm thinking of doing on the website:
 [ikiwikihosting-dns]: http://ikiwiki-hosting.branchable.com/ikidns/
 [ikiwiki-hosting let's encrypt integration]: http://ikiwiki-hosting.branchable.com/todo/letsencrypt_support/
 
-Update log
-==========
+# Update log
 
 Various operations on the service documented here.
 
-Patches to apply
-----------------
+## Patches to apply
 
 On any given upgrade, the following patches need to be applied:
 
@@ -186,8 +179,7 @@ below is missing at least the geo scheme stuff. !!!
     git diff $release..admonitions doc/style.css | ( cd /usr/share/ikiwiki/basewiki ; sudo patch -p2 --dry-run ) &&
     git diff $release..admonitions doc/style.css | ( cd /usr/share/ikiwiki/basewiki ; sudo patch -p2 )
 
-2019-10-02: major upgrade
--------------------------
+## 2019-10-02: major upgrade
 
 Upgraded the entire server to buster. The following patches were
 dropped:
@@ -220,15 +212,13 @@ Other SSG options:
  * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
  * TODO: compare with other SSGs
 
-2017-06-19: major upgrade
--------------------------
+## 2017-06-19: major upgrade
 
 upgraded to the upstream 3.20170111 release using backports in
 preperation for the stretch upgrade. patches reapplied as they are not
 factored in upstream yet.
 
-2017-04-19: ikiwiki-hosting upgrade
------------------------------------
+## 2017-04-19: ikiwiki-hosting upgrade
 
 Followed the upstream 0.20161219 release from stretch. Had to apply
 the following patches:
@@ -243,8 +233,7 @@ The following patches were dropped:
    seems like there's a workaround...
  * dev/usercreate_fails: not reported upstream, werid use case
 
-2017-01-14: security upgrade
-----------------------------
+## 2017-01-14: security upgrade
 
 Upstream did a security update in Jessie from
 [3.20141016.3](https://tracker.debian.org/news/671435) to
@@ -254,47 +243,39 @@ still useful.
 
 I dropped the [[!iki bugs/notifyemail fails with some openid providers]] patch because of the impeding doom of OpenID.
 
-2016-05-08: security upgrade
------------------------------
+## 2016-05-08: security upgrade
 
 Upstream did a security update in Jessie from [3.20141016.2](https://tracker.debian.org/news/671435) to [3.20141016.3](https://tracker.debian.org/media/packages/i/ikiwiki/changelog-3.20141016.3). I decided to drop the  [[!iki bugs/notifyemail fails with some openid providers]] patch because it's probably not really in use and OpenID is dying anyways. I did reapply the git-annex patch since that is still useful.
 
-2015-02-06: blog migrated from Drupal
--------------------------------------
+## 2015-02-06: blog migrated from Drupal
 
 See [[blog/2015-02-06-migrating-drupal-ikiwiki/]].
 
-2015-04-02: security upgrade
-----------------------------
+## 2015-04-02: security upgrade
 
 Upstream just rerolled an upgrade to work around an XSS issue in the
 OpenID plugin.
 
-2015-03-30: git-annex support
------------------------------
+## 2015-03-30: git-annex support
 
 I started working on [[!iki todo/git-annex_support]]. Ikiwiki and ikiwiki-hosting have been locally patched to support this, but manual interventions are required for any wiki that wants to have annexed files. So far only this wiki has such support. See [[!iki todo/git-annex_support]] for more information on how this works.
 
-2015-02-03: minor upgrade
--------------------------
+## 2015-02-03: minor upgrade
 
 It seems there were some ikiwiki criticial bugs in jessie that warranted a [3.20141016.1 release](https://tracker.debian.org/news/671435). Debian is now diverging from [upstream](https://ikiwiki.info/news/) which is unfortunate, but I guess necessary to have stables.
 
 My openid patch is still not in, but I believe the [SSL issue](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761635) is finally fixed. See the [3.20141016.1 upload](https://tracker.debian.org/news/671435) for release notes.
 
-2014-??-??: ikiwiki-hosting upgrade?
-------------------------------------
+## 2014-??-??: ikiwiki-hosting upgrade?
 
 At some point during the year, ikiwiki-hosting was upgraded to
 0.20140613 (or just installed?).
 
-2014-10-28: minor upgrade
--------------------------
+## 2014-10-28: minor upgrade
 
 Hopefully last upgrade for the lifetime of the next Debian stable release, the [[!iki news/version_3.20141016]] release still hasn't factored in my patch and I'll probably have to port it to the end. But it's the only patch remaining. See [[!iki news/3.20141016]] for changelog.
 
-2014-09-28: minor upgrade
--------------------------
+## 2014-09-28: minor upgrade
 
 Upgraded to the latest release, only one patch left, and it seems it is here to stay... :/ See [[!iki bugs/notifyemail fails with some openid providers]].
 
@@ -306,8 +287,7 @@ At least those patches were merged in / fixed:
 
 The changes cover this [changelog](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=debian/changelog;hb=HEAD) between versions `3.20140227` and `3.20140916`.
 
-2014-06-01: minor upgrade
--------------------------
+## 2014-06-01: minor upgrade
 
 Upgraded to the february release, only two patches left to apply! Those patches were merged in:
 
@@ -318,8 +298,7 @@ I didn't re-enable the pagedown and album plugins for now. We would need to avoi
 
 The changes cover this [changelog](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=debian/changelog;hb=HEAD), version `3.20140227`.
 
-2014-02-03: jessie upgrade
---------------------------
+## 2014-02-03: jessie upgrade
 
 I upgraded to [[services/upgrades/jessie]], and I had to reapply the patches. I mostly followed the procedure above.
 
@@ -327,8 +306,7 @@ See the following changelogs for details:
 
 The changes cover this [changelog](http://source.ikiwiki.branchable.com/?p=source.git;a=blob;f=debian/changelog;hb=HEAD) between versions `3.20140102` and `3.20140125`.
 
-2013-11-29: Backport upgrade
-----------------------------
+## 2013-11-29: Backport upgrade
 
 I upgraded to the current version in `jessie`, that is `3.20130904.1`. This deals with [problems with uncommitted changes from the web interface](http://ikiwiki.info/bugs/changes_from_the_web_interface_fail_to_get_committed/) and also factors in a few patches that were applied locally, as well as lots of bugfixes.
 
@@ -369,8 +347,7 @@ patching file templates/albumprev.tmpl
 patching file templates/albumviewer.tmpl
 """]]
 
-2013-09-08? Migration à ikiwiki-hosting
----------------------------------------
+## 2013-09-08? Migration à ikiwiki-hosting
 
 Ikiwiki-hosting est en utilisation depuis peut-être 2011, puisque
 c'est là que me premières contributions arrivent dans le projet. Mais

(Diff truncated)
very late corrections to the GnuTLS audit article
Obviously, if those had been addressed to me directly instead of the
Hacker News public at large, they would have been fixed faster... Only
because I looked at my analytics and noticed the popularity of this
article did I realize that I might want to look at Hacker News for
comments... Sigh.
diff --git a/blog/2020-06-10-gnutls-audit.mdwn b/blog/2020-06-10-gnutls-audit.mdwn
index 80d97e89..9ca63c94 100644
--- a/blog/2020-06-10-gnutls-audit.mdwn
+++ b/blog/2020-06-10-gnutls-audit.mdwn
@@ -133,6 +133,20 @@ after which the ticket gets cycled and properly initialized. But that
 is [apparently 6 hours by default](https://twitter.com/__agwa/status/1270054740559384576) so it is going to protect only
 really long-lasting TLS sessions, which are uncommon, I would argue.
 
+> Update: [according to the Tweet's author](https://news.ycombinator.com/item?id=23964740):
+>
+> > The author of this blog post is misinterpreting the problem. It's
+> > not the session ticket which is rotated after 6 hours, but the
+> > session ticket encryption key (STEK). This has nothing to do with
+> > the length of the TLS session, but rather the lifetime of the
+> > process using GnuTLS. For the first 6 hours, connections made to the
+> > GnuTLS server are vulnerable. After the process has been running for
+> > 6 hours, new connections are safe (assuming there's no other GnuTLS
+> > vulnerability). This reduces the impact of the vulnerability
+> > considerably (although it's still really bad).
+>
+> I stand corrected.
+
 My audit is limited. For example, it might have been better to walk
 the shared library dependencies directly, instead of relying on Debian
 package dependencies.
@@ -194,6 +208,15 @@ away from GnuTLS and instead think of other TLS libraries like
 [mbedtls](https://tls.mbed.org/) (previously known as PolarSSL), [NSS](https://en.wikipedia.org/wiki/Network_Security_Services), [BoringSSL](https://boringssl.googlesource.com/boringssl/),
 [LibreSSL](https://www.libressl.org/) and so on. Not that those are totally sinless either...
 
+> Correction, OpenSSL is [actually what those people have in mind](https://news.ycombinator.com/item?id=23964740):
+>
+> > No, OpenSSL is exactly what we have in mind, including Filippo:
+> > https://twitter.com/FiloSottile/status/1270130358634283008
+> >
+> > OpenSSL isn't perfect but it has improved considerably since
+> > Heartbleed and has the resources (funding and competent people) that
+> > a crypto project needs.
+
 "This is fine", as they say...
 
 [Heartbleed]: https://en.wikipedia.org/wiki/Heartbleed

response
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_6_100da9bc31931e3aab2c034a28219eca._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_6_100da9bc31931e3aab2c034a28219eca._comment
new file mode 100644
index 00000000..45fecd0a
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_6_100da9bc31931e3aab2c034a28219eca._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""Re: Is sum() over a gauge correct?"""
+ date="2020-11-11T17:47:58Z"
+ content="""
+The actual query right now in the dashboard is:
+
+    sum(probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}) by (instance)
+
+Honestly, I don't remember anymore: I fiddled with those queries for a
+while, but notice the `instance` parameter in the labels there, which
+might make the `sum()` part a noop, so the actual query might be better expressed as:
+
+    probe_icmp_duration_seconds{phase="rtt",instance=~"$instance"}
+
+Would love to have some more experience PromQL people fix my ugly queries. :)
+"""]]

approve comment
diff --git a/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_70d3d6596d76e0511acaaab4d5cb0a48._comment b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_70d3d6596d76e0511acaaab4d5cb0a48._comment
new file mode 100644
index 00000000..61797e7d
--- /dev/null
+++ b/blog/2020-06-04-replacing-smokeping-prometheus/comment_1_70d3d6596d76e0511acaaab4d5cb0a48._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="75.58.8.11"
+ claimedauthor="yegle"
+ url="yegle.net"
+ subject="Is sum() over a gauge correct?"
+ date="2020-11-11T03:11:41Z"
+ content="""
+I'm new to PromQL, but sum() a gauge doesn't sound right to me... Shouldn't you use avg()/min()/max() (or their _over_time variant), or just use quantile()?
+"""]]

calibre workaround
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 5500b79c..e8f1c1bc 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -382,3 +382,13 @@ up to date in Debian (although for the server side of things that
 shouldn't really matter). I tried to make systemd detect changes to
 the database and reload the service, but it failed, so maybe i'll need
 to look at another [[filesystem monitoring tool|blog/2019-11-20-file-monitoring-tools]].
+
+If you get a weird error about "Failed to communicate", it might be
+because the database is not writable by Calibre. Here I had to make it
+owned by a shared group and writable:
+
+    chown :media metadata*
+    chmod g+w metadata*
+
+I also added that in `.git/hooks/post-checkout` for my future self,
+although `git-annex` might overwrite that eventually...

more SSGs
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index 0a1615f0..db1e26fd 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -215,6 +215,11 @@ dropped:
 We're now running upstream (`0.20180719-1`), which hopefully still
 works.
 
+Other SSG options:
+
+ * [11ty](https://www.11ty.dev/) - [picked by mozilla](https://hacks.mozilla.org/2020/10/to-eleventy-and-beyond/), javascript
+ * TODO: compare with other SSGs
+
 2017-06-19: major upgrade
 -------------------------
 

another monitoring tool
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index f79f5cd8..18f98ef4 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -21,6 +21,15 @@ Those tools an watch files or trees of files and execute whatever.
  * No Debian package
  * requires a TOML config file
 
+## chokidar
+
+<https://github.com/kimmobrunfeldt/chokidar-cli>
+
+ * 2015-2019
+ * Javascript
+ * MIT
+ * No Debian package
+
 ## direvent
 
 <https://www.gnu.org.ua/software/direvent/>

spam tricks
diff --git a/services/wiki.mdwn b/services/wiki.mdwn
index 6bd053bd..0a1615f0 100644
--- a/services/wiki.mdwn
+++ b/services/wiki.mdwn
@@ -98,6 +98,9 @@ Here are some things I'm thinking of doing on the website:
     * makesite - pour la création de nouveaux sites
     * missingsite - pour montrer un site même pour les sites manquants
     * parked - pour les sites désactivés
+ * improve spam control, consider the [mediawiki tricks](https://m.mediawiki.org/wiki/Manual:Combating_spam), [friendly
+   captcha](https://friendlycaptcha.com/), the [Tornevall blocklist](https://www.tornevall.net/about/) and other RBLs, and [the
+   ikiwiki discussion](https://ikiwiki.info/todo/anti-spam_protection/)
 
 [TufteCSS]: https://edwardtufte.github.io/tufte-css/
 [controlpanel]: http://anarc.at/ikiwiki.cgi?do=controlpanel

another san option
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 538c7d76..d97e00f9 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -374,6 +374,10 @@ It's unclear if I could just migrate marcos to this platform as is,
 and the prices might be slightly higher than what I would get when
 building it from scratch...
 
+## Ten64
+
+https://www.crowdsupply.com/traverse-technologies/ten64/updates/building-a-nas-with-ten64-and-rockstor-and-new-turnkey-nas-bundle
+
 ## Other SoC boards
 
 There are many SoC boards that could be used to create a device from

add crdt.el
diff --git a/blog/2018-06-26-collaborative-editors-history.mdwn b/blog/2018-06-26-collaborative-editors-history.mdwn
index 21093289..4f6e663d 100644
--- a/blog/2018-06-26-collaborative-editors-history.mdwn
+++ b/blog/2018-06-26-collaborative-editors-history.mdwn
@@ -41,6 +41,7 @@ notable feature or implementation detail.
 | [Qill](https://quilljs.com/)                  | 2013-now   | Web, Node.JS      | Rich text editor, also javascript. Not sure it is really collaborative.                                                                                                                                                                                                                                                    |
 | [Teletype](https://teletype.atom.io/)              | 2017-now   | WebRTC, Node.JS   | For the GitHub's [Atom editor](https://atom.io), introduces "portal" idea that makes guests follow what the host is doing across multiple docs. p2p with webRTC after visit to introduction server, CRDT based.                                                                                                                          |
 | [Tandem](http://typeintandem.com/)                | 2018-now   | Node.JS?          | Plugins for atom, vim, neovim, sublime... uses a relay to setup p2p connexions CRDT based. [Dubious license issues](https://github.com/typeintandem/tandem/issues/131) were resolved thanks to the involvement of Debian developers, which makes it a promising standard to follow in the future.                                                                          |
+| [crdt.el](https://code.librehq.com/qhong/crdt.el/)               | 2020-now   | Emacs             | First CRDT plugin for Emacs, Emacs-only                                                                                                                                                                                                                                                                                    |
 
 Other lists
 ===========

align table
diff --git a/blog/2018-06-26-collaborative-editors-history.mdwn b/blog/2018-06-26-collaborative-editors-history.mdwn
index 76969203..21093289 100644
--- a/blog/2018-06-26-collaborative-editors-history.mdwn
+++ b/blog/2018-06-26-collaborative-editors-history.mdwn
@@ -19,28 +19,28 @@ So without further ado, here is the list of notable collaborative
 editors that I could find. By "notable" i mean that they introduce a
 notable feature or implementation detail.
 
-| Project          | Date       | Platform | Notes |
-| ---------------- | ---------- | -------- | ----- |
-| [SubEthaEdit](https://www.codingmonkeys.de/subethaedit/) | 2003-2015? | Mac-only | first collaborative, real-time, multi-cursor editor I could find. An [reverse-engineering attempt in Emacs](https://www.emacswiki.org/emacs/SubEthaEmacs) failed to produce anything. |
-| [DocSynch](http://docsynch.sourceforge.net/) |  2004-2007 | ? | built on top of IRC! |
-| [Gobby](https://gobby.github.io/) | 2005-now | C, multi-platform | first open, solid and reliable implementation and still around! The protocol ("[libinfinoted](http://infinote.0x539.de/libinfinity/API/libinfinity/)") is notoriously hard to port to other editors (e.g. [Rudel](https://www.emacswiki.org/emacs/Rudel) failed to implement this in Emacs). 0.7 release in jan 2017 adds possible python bindings that might improve this. Interesting plugins: autosave to disk. |
-| [Ethercalc](https://ethercalc.net/) | 2005-now | Web, Javascript | First spreadsheet, along with [Google docs](https://en.wikipedia.org/wiki/Google_docs) |
-| [moonedit](https://web.archive.org/web/20060423192346/http://www.moonedit.com:80/) | 2005-2008? | ? | Original website died. Other user's cursors visible and emulated keystrokes noises. Included a calculator and music sequencer! |
-| [synchroedit](http://www.synchroedit.com/) | 2006-2007 | ? | First web app. |
-| [Inkscape](http://wiki.inkscape.org/wiki/index.php/WhiteBoard) | 2007-2011 | C++ | First graphics editor with collaborative features backed by the "whiteboard" plugin built on top of Jabber, now defunct. |
-| [Abiword](https://en.wikipedia.org/wiki/AbiWord) | 2008-now | C++ | First word processor |
-| [Etherpad](http://etherpad.org/) | 2008-now | Web | First solid web app. Originally developped as a heavy Java app in 2008, acquired and opensourced by Google in 2009, then rewritten in Node.js in 2011. Widely used. |
-| [Wave](https://en.wikipedia.org/wiki/Apache_Wave) | 2009-2010 | Web, Java | Failed attempt at a grand protocol unification |
-| [CRDT](https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type) | 2011 | Specification | Standard for replicating a document's datastructure among different computers reliably.|
-| [Operational transform](http://operational-transformation.github.io/) | 2013 | Specification | Similar to CRDT, yet, well, different. |
-| [Floobits](https://floobits.com/) | 2013-now | ? | Commercial, but opensource plugins for different editors |
-| [LibreOffice Online](https://wiki.documentfoundation.org/Development/LibreOffice_Online) | 2015-now | Web | free Google docs equivalent, now integrated in [Nextcloud](https://nextcloud.com/collaboraonline/) |
-| [HackMD](https://hackmd.io/) | 2015-now | ? | Commercial but [opensource](https://github.com/hackmdio/hackmd). Inspired by hackpad, which was bought up by Dropbox. |
-| [Cryptpad](https://cryptpad.fr/) | 2016-now | web? | spin-off of xwiki. encrypted, "zero-knowledge" on server |
-| [Prosemirror](https://prosemirror.net/) | 2016-now | Web, Node.JS | "Tries to bridge the gap between Markdown text editing and classical WYSIWYG editors." Not really an editor, but something that can be used to build one. |
-| [Qill](https://quilljs.com/) | 2013-now | Web, Node.JS | Rich text editor, also javascript. Not sure it is really collaborative. |
-| [Teletype](https://teletype.atom.io/) | 2017-now | WebRTC, Node.JS | For the GitHub's [Atom editor](https://atom.io), introduces "portal" idea that makes guests follow what the host is doing across multiple docs. p2p with webRTC after visit to introduction server, CRDT based. |
-| [Tandem](http://typeintandem.com/) | 2018-now | Node.JS? | Plugins for atom, vim, neovim, sublime... uses a relay to setup p2p connexions CRDT based. [Dubious license issues](https://github.com/typeintandem/tandem/issues/131) were resolved thanks to the involvement of Debian developers, which makes it a promising standard to follow in the future. |
+| Project                    | Date       | Platform          | Notes                                                                                                                                                                                                                                                                                                                      |
+|----------------------------|------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| [SubEthaEdit](https://www.codingmonkeys.de/subethaedit/)           | 2003-2015? | Mac-only          | first collaborative, real-time, multi-cursor editor I could find. An [reverse-engineering attempt in Emacs](https://www.emacswiki.org/emacs/SubEthaEmacs) failed to produce anything.                                                                                                                                                                                 |
+| [DocSynch](http://docsynch.sourceforge.net/)              | 2004-2007  | ?                 | built on top of IRC!                                                                                                                                                                                                                                                                                                       |
+| [Gobby](https://gobby.github.io/)                 | 2005-now   | C, multi-platform | first open, solid and reliable implementation and still around! The protocol ("[libinfinoted](http://infinote.0x539.de/libinfinity/API/libinfinity/)") is notoriously hard to port to other editors (e.g. [Rudel](https://www.emacswiki.org/emacs/Rudel) failed to implement this in Emacs). 0.7 release in jan 2017 adds possible python bindings that might improve this. Interesting plugins: autosave to disk. |
+| [Ethercalc](https://ethercalc.net/)             | 2005-now   | Web, Javascript   | First spreadsheet, along with [Google docs](https://en.wikipedia.org/wiki/Google_docs)                                                                                                                                                                                                                                                                             |
+| [moonedit](https://web.archive.org/web/20060423192346/http://www.moonedit.com:80/)              | 2005-2008? | ?                 | Original website died. Other user's cursors visible and emulated keystrokes noises. Included a calculator and music sequencer!                                                                                                                                                                                             |
+| [synchroedit](http://www.synchroedit.com/)           | 2006-2007  | ?                 | First web app.                                                                                                                                                                                                                                                                                                             |
+| [Inkscape](http://wiki.inkscape.org/wiki/index.php/WhiteBoard)              | 2007-2011  | C++               | First graphics editor with collaborative features backed by the "whiteboard" plugin built on top of Jabber, now defunct.                                                                                                                                                                                                   |
+| [Abiword](https://en.wikipedia.org/wiki/AbiWord)               | 2008-now   | C++               | First word processor                                                                                                                                                                                                                                                                                                       |
+| [Etherpad](http://etherpad.org/)              | 2008-now   | Web               | First solid web app. Originally developped as a heavy Java app in 2008, acquired and opensourced by Google in 2009, then rewritten in Node.js in 2011. Widely used.                                                                                                                                                        |
+| [Wave](https://en.wikipedia.org/wiki/Apache_Wave)                  | 2009-2010  | Web, Java         | Failed attempt at a grand protocol unification                                                                                                                                                                                                                                                                             |
+| [CRDT](https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type)                  | 2011       | Specification     | Standard for replicating a document's datastructure among different computers reliably.                                                                                                                                                                                                                                    |
+| [Operational transform](http://operational-transformation.github.io/) | 2013       | Specification     | Similar to CRDT, yet, well, different.                                                                                                                                                                                                                                                                                     |
+| [Floobits](https://floobits.com/)              | 2013-now   | ?                 | Commercial, but opensource plugins for different editors                                                                                                                                                                                                                                                                   |
+| [LibreOffice Online](https://wiki.documentfoundation.org/Development/LibreOffice_Online)    | 2015-now   | Web               | free Google docs equivalent, now integrated in [Nextcloud](https://nextcloud.com/collaboraonline/)                                                                                                                                                                                                                                                              |
+| [HackMD](https://hackmd.io/)                | 2015-now   | ?                 | Commercial but [opensource](https://github.com/hackmdio/hackmd). Inspired by hackpad, which was bought up by Dropbox.                                                                                                                                                                                                                                       |
+| [Cryptpad](https://cryptpad.fr/)              | 2016-now   | web?              | spin-off of xwiki. encrypted, "zero-knowledge" on server                                                                                                                                                                                                                                                                   |
+| [Prosemirror](https://prosemirror.net/)           | 2016-now   | Web, Node.JS      | "Tries to bridge the gap between Markdown text editing and classical WYSIWYG editors." Not really an editor, but something that can be used to build one.                                                                                                                                                                  |
+| [Qill](https://quilljs.com/)                  | 2013-now   | Web, Node.JS      | Rich text editor, also javascript. Not sure it is really collaborative.                                                                                                                                                                                                                                                    |
+| [Teletype](https://teletype.atom.io/)              | 2017-now   | WebRTC, Node.JS   | For the GitHub's [Atom editor](https://atom.io), introduces "portal" idea that makes guests follow what the host is doing across multiple docs. p2p with webRTC after visit to introduction server, CRDT based.                                                                                                                          |
+| [Tandem](http://typeintandem.com/)                | 2018-now   | Node.JS?          | Plugins for atom, vim, neovim, sublime... uses a relay to setup p2p connexions CRDT based. [Dubious license issues](https://github.com/typeintandem/tandem/issues/131) were resolved thanks to the involvement of Debian developers, which makes it a promising standard to follow in the future.                                                                          |
 
 Other lists
 ===========

another fs watcher, in rust
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 8dd40fb7..f79f5cd8 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -11,6 +11,16 @@ find in a search engine.
 
 Those tools an watch files or trees of files and execute whatever.
 
+## caretaker
+
+<https://github.com/grego/caretaker>
+
+ * 2020
+ * Rust
+ * MIT
+ * No Debian package
+ * requires a TOML config file
+
 ## direvent
 
 <https://www.gnu.org.ua/software/direvent/>

settext -> atx
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index c5e3b09a..8dd40fb7 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -7,13 +7,11 @@ find in a search engine.
 
 [[!toc levels=3]]
 
-Generic
-=======
+# Generic
 
 Those tools an watch files or trees of files and execute whatever.
 
-direvent
---------
+## direvent
 
 <https://www.gnu.org.ua/software/direvent/>
 
@@ -23,8 +21,7 @@ direvent
  * [Debian package](https://tracker.debian.org/pkg/direvent), since 2015 (stretch), out of date (5.1 vs 5.2)
  * requires a config file to operate
 
-entr
-----
+## entr
 
 <http://eradman.com/entrproject/>
 
@@ -39,8 +36,7 @@ entr
  * has special hacks to reload browser
  * can clear screen between calls
 
-fluffy
-------
+## fluffy
 
 https://github.com/tinkershack/fluffy
 
@@ -52,8 +48,7 @@ https://github.com/tinkershack/fluffy
  * Streams events to standard output
  * also a library
 
-fswatch
--------
+## fswatch
 
 <http://emcrisostomo.github.io/fswatch/>
 
@@ -64,8 +59,7 @@ fswatch
  * outputs changesets using a specific syntax, so requires more
    commandline voodoo
 
-gamin
------
+## gamin
 
 <https://people.gnome.org/~veillard/gamin/>
 
@@ -73,8 +67,7 @@ gamin
  * [Debian package](https://tracker.debian.org/pkg/gamin) since 2005
  * not a commandline tool
 
-incron
-------
+## incron
 
 <https://github.com/ar-/incron>
 
@@ -86,8 +79,7 @@ incron
    obscure](https://manpages.debian.org/incrontab.5)) syntax
  * no event deduplication
 
-inoticoming
------------
+## inoticoming
 
 <https://tracker.debian.org/pkg/inoticoming>
 
@@ -100,8 +92,7 @@ inoticoming
  * built for [reprepro](https://tracker.debian.org/pkg/reprepro)
  * no event deduplication
 
-inotify-hookable
-----------------
+## inotify-hookable
 
 <https://metacpan.org/pod/App::Inotify::Hookable>
 
@@ -113,8 +104,7 @@ inotify-hookable
  * no event deduplication, but can "buffer" multiple events together
    with a timeout
 
-inotify-tools
--------------
+## inotify-tools
 
 <https://github.com/rvoicilas/inotify-tools/>
 
@@ -126,8 +116,7 @@ inotify-tools
  * somewhat [difficult commandline interface](https://manpages.debian.org/buster/inotify-tools/inotifywait.1.en.html)
  * no event deduplication
 
-systemd .path units
---------------------
+## systemd .path units
 
 <https://www.freedesktop.org/software/systemd/man/systemd.path.html>
 
@@ -156,8 +145,7 @@ somehow it didn't work:
 ... ie. it doesn't restart the service on changes to any of those
 files.
 
-watchexec
----------
+## watchexec
 
 <https://github.com/watchexec/watchexec>
 
@@ -178,8 +166,7 @@ watchexec
    elegantly avoided the loops I have had in watchman because of the
    files generated by tox
 
-watchman
---------
+## watchman
 
 <http://facebook.github.io/watchman/>
 
@@ -201,8 +188,7 @@ watchman
    constantely runs the tests, because there's [no way to ignore](https://github.com/facebook/watchman/issues/769)
    files in `watchman-make`.
 
-Web development
-===============
+# Web development
 
 ## grip (markdown)
 
@@ -240,8 +226,7 @@ examples:
    so more smartly
  * [iPython](https://ipython.org/) - has a [autoreload](https://ipython.org/ipython-doc/3/config/extensions/autoreload.html) extension
 
-Unit tests
-==========
+# Unit tests
 
 ## autotest
 
@@ -288,8 +273,7 @@ Unit tests
  * Perl only
  * No Debian package
 
-File synchronization
-====================
+# File synchronization
 
 I will not go through a list of all the file synchronization tools
 here. Most of them have some sort of "wake-up" system to notify file
@@ -322,8 +306,7 @@ am aware of:
  * spawns rsync on file changes
  * Lua configuration can be leveraged to do other things than sync
 
-Intrusion detection
-===================
+# Intrusion detection
 
 Here again, there are many filesystem integrity checkers and intrusion
 detection systems (IDS), but they are not relevant here unless they
@@ -371,8 +354,7 @@ to fit a square peg in this round hole:
  * [Debian package](https://tracker.debian.org/pkg/sshguard) since 2007, out of date
  * similar to fail2ban
 
-Other
-=====
+# Other
 
 ## kfmon (kobo launcher)
 

add toc
diff --git a/blog/2020-10-19-google-authenticator-libpam.mdwn b/blog/2020-10-19-google-authenticator-libpam.mdwn
index 488ecdd6..3ac2e1b0 100644
--- a/blog/2020-10-19-google-authenticator-libpam.mdwn
+++ b/blog/2020-10-19-google-authenticator-libpam.mdwn
@@ -18,6 +18,8 @@ After some fiddling, it turns out I was right and you *can*
 authenticate with a Yubikey over SSH. Here's that procedure so you
 don't have to second-guess it yourself.
 
+[[!toc]]
+
 Installation
 ============
 

fix formatting
diff --git a/blog/2020-10-19-google-authenticator-libpam.mdwn b/blog/2020-10-19-google-authenticator-libpam.mdwn
index fd985122..488ecdd6 100644
--- a/blog/2020-10-19-google-authenticator-libpam.mdwn
+++ b/blog/2020-10-19-google-authenticator-libpam.mdwn
@@ -86,7 +86,7 @@ def convert_b32_b16(data_b32):
         # pad to 20 bytes
         data_b16 += b"\x00" * (20 - len(data_b16))
     return binascii.hexlify(data_b16).decode("ascii")
-"""]
+"""]]
 
 Note that the code assumes a certain token length and will not work
 correctly for other sizes. To use the program, simply call it with:

libpam google authenticator + ssh 2FA + yubikey
diff --git a/blog/2015-12-14-yubikey-howto.mdwn b/blog/2015-12-14-yubikey-howto.mdwn
index fbe6e7c5..c21c8a16 100644
--- a/blog/2015-12-14-yubikey-howto.mdwn
+++ b/blog/2015-12-14-yubikey-howto.mdwn
@@ -304,6 +304,26 @@ for now.
 Using OATH
 ===========
 
+google-authenticator-libpam
+---------------------------
+
+I switched from libpam-oath (below) to another (better maintained)
+plugin, see the procedure in [[this article instead|2020-10-19-google-authenticator-libpam]].
+
+I switched away from libpam-oath because [users couldn't edit their
+own 2FA tokens](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807992) and I had to patch it to [avoid forcing 2FA on all
+users](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807990). The latter was merged in the Debian package, but never
+upstream, and the former was never fixed at all. It seems the library
+is not as well maintained as the Google Authenticator one, so I feel
+more confident using the latter in the future.
+
+libpam-oath
+-----------
+
+WARNING: those are the old instructions I used before I realized I
+could use the above "Google Authenticator" plugin. They are kept only
+for historical reference.
+
 This is pretty neat: it allows you to add two factor authentication to a *lot* of things. For example, PAM has such a module, which I will configure here to allow myself to login to my server from untrusted machines. While I will expose my main password to keyloggers, the OTP password will prevent that from being reused. This is a simplified version of [this OATH tutorial][].
 
 We install the PAM module with:
diff --git a/blog/2020-10-19-google-authenticator-libpam.mdwn b/blog/2020-10-19-google-authenticator-libpam.mdwn
new file mode 100644
index 00000000..fd985122
--- /dev/null
+++ b/blog/2020-10-19-google-authenticator-libpam.mdwn
@@ -0,0 +1,126 @@
+[[!meta title="SSH 2FA with Google Authenticator and Yubikey"]]
+
+About a lifetime ago (5 years), I wrote a [[tutorial on how to
+configure my Yubikey for OpenPGP signing, SSH authentication and SSH
+2FA|2015-12-14-yubikey-howto]]. In there, I used the [libpam-oath](http://www.nongnu.org/oath-toolkit/)
+PAM plugin for authentication, but it turns out that had too many
+problems: [users couldn't edit their own 2FA tokens](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807992) and I had to
+patch it to [avoid forcing 2FA on all users](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807990). The latter was merged
+in the Debian package, but never upstream, and the former was never
+fixed at all. So I started looking at alternatives and found the
+[Google Authenticator libpam plugin](https://github.com/google/google-authenticator-libpam/). A priori, it's designed to
+work with phones and the [Google Authenticator app](https://en.wikipedia.org/wiki/Google_Authenticator), but there's no
+reason why it shouldn't work with hardware tokens like the
+Yubikey. Both use the [standard HOTP protocol](https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_algorithm) so it should "just
+work".
+
+After some fiddling, it turns out I was right and you *can*
+authenticate with a Yubikey over SSH. Here's that procedure so you
+don't have to second-guess it yourself.
+
+Installation
+============
+
+On Debian, the PAM module is shipped in the [google-authenticator](https://tracker.debian.org/pkg/google-authenticator)
+source package:
+
+    apt install libpam-google-authenticator
+
+Then you need to add the module in your PAM stack somewhere. Since I
+only use it for SSH, I added this line on top of `/etc/pam.d/sshd`:
+
+    auth required pam_google_authenticator.so nullok
+
+I also used `no_increment_hotp debug` while debugging to avoid having
+to renew the token all the time and have more information about
+failures in the logs.
+
+Then reload ssh (not sure that's actually necessary):
+
+    service ssh reload
+
+Creating or replacing tokens
+============================
+
+To create a new key, run this command on the server:
+
+    google-authenticator -c
+
+This will prompt you for a bunch of questions. To get them all right,
+I prefer to just call the right ones on the commandline directly:
+
+    google-authenticator --counter-based --qr-mode=NONE --rate-limit=1 --rate-time=30 --emergency-codes=1 --window-size=3
+
+Those are actually the defaults, if my memory serves me right, except
+for the `--qr-mode` and `--emergency-codes` (which can't be disabled
+so I only print one). I disable the QR code display because I won't be
+using the codes on my phone, but you would obviously keep it if you
+want to use the app.
+
+Converting to a Yubikey-compatible secret
+=========================================
+
+Unfortunately, the encoding ([base32](https://tools.ietf.org/html/rfc3548#section-5)) produced by the
+`google-authenticator` command is not compatible with the token
+expected by the `ykpersonalize` command used to configure the Yubikey
+([base16](https://tools.ietf.org/html/rfc3548#page-8) AKA "hexadecimal", with a fixed 20 bytes length). So you
+need a way to convert between the two. I wrote a program called
+[oath-convert](https://gitlab.com/anarcat/scripts/blob/master/oath-convert) which basically does this:
+
+    read base32
+    add padding
+    convert to hex
+    print
+
+Or, in Python:
+
+[[!format python """
+def convert_b32_b16(data_b32):
+    remainder = len(data_b32) % 8
+    if remainder > 0:
+        # XXX: assume 6 chars are missing, the actual padding may vary:
+        # https://tools.ietf.org/html/rfc3548#section-5
+        data_b32 += "======"
+    data_b16 = base64.b32decode(data_b32)
+    if len(data_b16) < 20:
+        # pad to 20 bytes
+        data_b16 += b"\x00" * (20 - len(data_b16))
+    return binascii.hexlify(data_b16).decode("ascii")
+"""]
+
+Note that the code assumes a certain token length and will not work
+correctly for other sizes. To use the program, simply call it with:
+
+    head -1 .google_authenticator | oath-convert
+
+Then you paste the output in the prompt:
+
+    $ ykpersonalize -1 -o oath-hotp -o append-cr -a
+    Firmware version 3.4.3 Touch level 1541 Program sequence 2
+     HMAC key, 20 bytes (40 characters hex) : [SECRET GOES HERE]
+
+    Configuration data to be written to key configuration 1:
+
+    fixed: m:
+    uid: n/a
+    key: h:[SECRET REDACTED]
+    acc_code: h:000000000000
+    OATH IMF: h:0
+    ticket_flags: APPEND_CR|OATH_HOTP
+    config_flags: 
+    extended_flags: 
+
+    Commit? (y/n) [n]: y
+
+Note that you must NOT pass the `-o oath-hotp8` parameter to the
+`ykpersonalize` commandline, which we used to do in the [[Yubikey
+howto|2015-12-14-yubikey-howto]]. That is because Google Authenticator
+tokens are shorter: it's less secure, but it's an acceptable tradeoff
+considering the plugin is actually maintained. There's actually a
+[feature request to support 8-digit codes](https://github.com/google/google-authenticator-libpam/issues/20) so that limitation might
+eventually be fixed as well.
+
+Thanks to the [Google Authenticator people](https://github.com/google/google-authenticator-libpam/issues/186) and [Yubikey people](https://github.com/Yubico/yubikey-personalization/issues/169)
+for their support in establishing this procedure.
+
+[[!tag debian-planet python-planet geek software debian hacking security crypto hardware]]

new list
diff --git a/services/dns.mdwn b/services/dns.mdwn
index a7809cbc..d0ad2501 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -96,6 +96,9 @@ Les noms suivants pourraient être utilisés pour de futures machines:
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 
+Voir aussi [cette liste](https://www.hillelwayne.com/important-women-in-cs/) de femmes moins connues mais peut-être
+tout aussi importantes...
+
 Relié
 =====
 

set title
diff --git a/blog/2020-10-18-cdpath-replacement.mdwn b/blog/2020-10-18-cdpath-replacement.mdwn
index 193a98e3..d5df2142 100644
--- a/blog/2020-10-18-cdpath-replacement.mdwn
+++ b/blog/2020-10-18-cdpath-replacement.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="CDPATH replacements"]]
+
 after reading [this post](https://www.kvr.at/posts/my-new-favorite-utility-autojump/) I figured I might as well bite the bullet
 and improve on my CDPATH-related setup, especially because it does not
 work with Emacs. so i looked around for autojump-related alternatives

creating tag page tag/shell
diff --git a/tag/shell.mdwn b/tag/shell.mdwn
new file mode 100644
index 00000000..58d1268f
--- /dev/null
+++ b/tag/shell.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged shell"]]
+
+[[!inline pages="tagged(shell)" actions="no" archive="yes"
+feedshow=10]]

publish cdpath review
diff --git a/blog/cdpath-replacement.mdwn b/blog/2020-10-18-cdpath-replacement.mdwn
similarity index 98%
rename from blog/cdpath-replacement.mdwn
rename to blog/2020-10-18-cdpath-replacement.mdwn
index c34fd651..193a98e3 100644
--- a/blog/cdpath-replacement.mdwn
+++ b/blog/2020-10-18-cdpath-replacement.mdwn
@@ -103,4 +103,4 @@ references
 
 https://www.emacswiki.org/emacs/LocateFilesAnywhere
 
-[[!tag draft]]
+[[!tag debian-planet python-planet shell review emacs]]

finalize cdpath
diff --git a/blog/cdpath-replacement.mdwn b/blog/cdpath-replacement.mdwn
index 661319ae..c34fd651 100644
--- a/blog/cdpath-replacement.mdwn
+++ b/blog/cdpath-replacement.mdwn
@@ -3,6 +3,20 @@ and improve on my CDPATH-related setup, especially because it does not
 work with Emacs. so i looked around for autojump-related alternatives
 that do.
 
+What I use now
+==============
+
+I currently have this in my `.shenv` (sourced by `.bashrc`):
+
+    export CDPATH=".:~:~/src:~/dist:~/wikis:~/go/src:~/src/tor"
+
+This allows me to quickly jump into projects from my home dir, or the
+"source code" (`~/src`), "work" (`src/tor`), or wiki checkouts
+(`~/wikis`) directories. It works well from the shell, but
+unfortunately it's very static: if I want a new directory, I need to
+edit my config file, restart shells, etc. It also doesn't work from my
+text editor.
+
 Shell jumpers
 =============
 
@@ -16,48 +30,37 @@ Some of those may or may not have integration in Emacs.
 autojump
 --------
 
-https://github.com/wting/autojump 
-
-not in emacs, just in eshell
-https://github.com/coldnew/eshell-autojump
-
-https://stackoverflow.com/questions/25277748/use-z-jump-around-in-emacs-to-find-directories
+ * [home page](https://github.com/wting/autojump )
+ * not in emacs, but [works in eshell](https://github.com/coldnew/eshell-autojump)
+ * [this might work though](https://stackoverflow.com/questions/25277748/use-z-jump-around-in-emacs-to-find-directories)
 
 fasd
 ----
 
-https://github.com/clvv/fasd
-
-upstream packaged in debian, but those emacs extensions:
-
- * helm integration: https://github.com/ajsalminen/helm-fasd (not in melpa?)
- * more direct: https://framagit.org/steckerhalter/emacs-fasd
+ * [home page](https://github.com/clvv/fasd)
+ * upstream packaged in Debian
+ * emacs extensions, not in Debian:
+   * [helm integration](https://github.com/ajsalminen/helm-fasd) (not in melpa?)
+   * [more direct](https://framagit.org/steckerhalter/emacs-fasd)
 
 z
 -
 
-ungooglable.
-
-https://github.com/rupa/z
-
-not in debian at all.
-
-helm integration: https://melpa.org/#/helm-z
-eshell integration: https://github.com/xuchunyang/eshell-z
+ * [home page](https://github.com/rupa/z)
+ * ungooglable
+ * not in Debian
+ * [helm integration](https://melpa.org/#/helm-z)
+ * [eshell integration](https://github.com/xuchunyang/eshell-z)
 
 fzf
 ---
 
-https://github.com/junegunn/fzf
-
-the original "fuzzer". uses `find` by default, so no notion of
-frequency.
-
-emacs integration: https://github.com/bling/fzf.el
-
-similar projects: https://github.com/junegunn/fzf/wiki/Related-projects
-
-see also https://github.com/ajeetdsouza/zoxide
+ * [home page](https://github.com/junegunn/fzf)
+ * the original "fuzzer". uses `find` by default, so no notion of
+ frequency.
+ * [emacs integration](https://github.com/bling/fzf.el)
+ * [similar projects](https://github.com/junegunn/fzf/wiki/Related-projects)
+ * [rust implementation](https://github.com/ajeetdsouza/zoxide)
 
 Emacs plugins not integrated with the shell
 ===========================================
@@ -69,19 +72,32 @@ functionality in the shell.
 projectile
 ----------
 
-https://github.com/bbatsov/projectile
+ * [home page](https://github.com/bbatsov/projectile)
+ * supports ido, ivy, or helm.
 
-supports ido, ivy, or helm.
+elpy
+----
 
-elpy?
------
+ * [home page](https://elpy.readthedocs.io/)
+ * elpy has a notion of [projects](https://elpy.readthedocs.io/en/latest/ide.html#projects), so, by default, will find files
+   in the current "project" with <kbd>C-c C-f</kdb> which is useful
 
 bookmarks.el
 ------------
 
+ * built-in
+ * [home page](https://www.emacswiki.org/emacs/BookMarks)
+ * "Bookmarks record locations so you can return to them later"
+
 recentf
 -------
 
+ * built-in
+ * [home page](https://www.emacswiki.org/emacs/RecentFiles)
+ * "builds a list of recently opened files. This list is is
+   automatically saved across sessions on exiting Emacs - you can then
+   access this list through a command or the menu"
+
 references
 ==========
 

xref
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 594c47c6..5500b79c 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -379,4 +379,6 @@ configuration file:
 
 Calibre is installed [through Flatpak](https://flathub.org/apps/details/com.calibre_ebook.calibre) because that version is more
 up to date in Debian (although for the server side of things that
-shouldn't really matter).
+shouldn't really matter). I tried to make systemd detect changes to
+the database and reload the service, but it failed, so maybe i'll need
+to look at another [[filesystem monitoring tool|blog/2019-11-20-file-monitoring-tools]].

bug with .path files
diff --git a/blog/2019-11-20-file-monitoring-tools.mdwn b/blog/2019-11-20-file-monitoring-tools.mdwn
index 57454827..c5e3b09a 100644
--- a/blog/2019-11-20-file-monitoring-tools.mdwn
+++ b/blog/2019-11-20-file-monitoring-tools.mdwn
@@ -137,6 +137,25 @@ systemd .path units
  * [Debian package](https://tracker.debian.org/pkg/systemd/) since 2010
  * activates a system or user "unit" on inotify changes
 
+Update: I tried to make this work for [[software/desktop/calibre]] but
+somehow it didn't work:
+
+    # this doesn't actually work. either it doesn't notices changes from git, or it
+    # doesn't notify calibre-server.service, or it does and that doesn't trigger a
+    # restart, but the thing doesn't restart as i would expect
+    [Path]
+    PathModified=/srv/books/metadata.db
+    PathModified=/srv/books
+    PathChanged=/srv/books/metadata.db
+    PathChanged=/srv/books
+
+    [Unit]
+    Description=calibre content server
+    After=network.target
+
+... ie. it doesn't restart the service on changes to any of those
+files.
+
 watchexec
 ---------
 

OPDS server
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 1f5c08de..594c47c6 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -328,3 +328,55 @@ independent from the Calibre project and talks directly to the
 database using SQLAlchemy. It does use calibre components to convert
 books but it might be an interesting alternative to the web interface
 shipped with Calibre.
+
+Update 3: I ended up setting up calibre on the server side of things
+to have an OPDS directory to more easily transfer books from my
+e-reader, now that I have an Android tablet (running "Document Viewer"
+or "Koreader", both of which support OPDS), or Koreader on my Kobo
+(which works much better than before, thanks to NickelMenu. I setup
+the service using this `.service` file:
+
+    [Service]
+    Type=simple
+    User=calibre-sandbox
+    Group=media
+    # this exposes the service to local users, which isn't great. socket activation
+    # would be better, but is not documented upstream and, well, it's only books and
+    # /srv/books is readable anyways..
+    ExecStart=/usr/bin/calibre-server --disable-fallback-to-detected-interface --listen-on 127.0.0.1 --port 4341 /srv/books
+
+    [Install]
+    WantedBy=multi-user.target
+
+The server is made publicly visible with authentication (because I
+don't trust calibre's builtin auth) thanks to this Apache
+configuration file:
+
+    <VirtualHost *:80>
+        ServerName calibre.anarc.at
+        Redirect / https://calibre.anarc.at/
+        DocumentRoot /var/www/html/
+    </VirtualHost>
+
+    <VirtualHost *:443>
+        ServerName calibre.anarc.at
+        Use common-letsencrypt-ssl calibre.anarc.at
+        DocumentRoot /var/www/html/
+        AllowEncodedSlashes On
+        ProxyPreserveHost On
+        ProxyPass /.well-known/ !
+            # 43 41 is ASCII hex for C A (L I B R E)
+            ProxyPass / http://127.0.0.1:4341/
+            ProxyPassReverse / http://127.0.0.1:4341/
+
+            <Location />
+            AuthType Basic
+            AuthName "Restricted Content"
+            AuthUserFile /etc/apache2/htpasswd.calibre
+            Require valid-user
+        </Location>
+    </VirtualHost>
+
+Calibre is installed [through Flatpak](https://flathub.org/apps/details/com.calibre_ebook.calibre) because that version is more
+up to date in Debian (although for the server side of things that
+shouldn't really matter).

tried google authenticator
diff --git a/blog/2015-12-14-yubikey-howto/comment_3_f5611c9d076c0dadfc8a448c428470df._comment b/blog/2015-12-14-yubikey-howto/comment_3_f5611c9d076c0dadfc8a448c428470df._comment
new file mode 100644
index 00000000..693be1d8
--- /dev/null
+++ b/blog/2015-12-14-yubikey-howto/comment_3_f5611c9d076c0dadfc8a448c428470df._comment
@@ -0,0 +1,18 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""tried google authenticator"""
+ date="2020-10-14T14:21:56Z"
+ content="""
+Because I suspect it is better maintained, I tried the [google-authenticator-libpam](https://github.com/google/google-authenticator-libpam) plugin which *claims* to also support HOTP/OATH so hit should just work. Unfortunately, I wasn't able to make it work:
+
+ 1. the secret is formatted differently, with base32 that `base32 -d` cannot parse
+ 2. even if it would, it uses a different secret length
+
+I tried this magic piece of Python to generate a secret that would work in both:
+
+    secret = secrets.token_bytes(20)
+    print(binascii.hexlify(secret).decode('ascii'))
+    print(base64.b32encode(secret).decode('ascii'))
+
+.. but it doesn't work. Details in <https://github.com/Yubico/yubikey-personalization/issues/169>
+"""]]

crazy glue might solve this?
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 1f8df52d..b9e0224a 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -540,3 +540,4 @@ The timeline of that laptop's hardware problems looks like this:
  * 2020-08-07: laptop delivered
  * 2020-09-20: bottom left "pad" drops off
  * 2020-10-10: asked support@ about the pad
+ * 2020-10-11: support response: crazy glue and [spare pads](https://shop.puri.sm/shop/rubber-feet/) (good)

notified support of hw problem again
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index e56e1e36..1f8df52d 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -539,3 +539,4 @@ The timeline of that laptop's hardware problems looks like this:
  * 2020-08-06: laptop shipped
  * 2020-08-07: laptop delivered
  * 2020-09-20: bottom left "pad" drops off
+ * 2020-10-10: asked support@ about the pad

two more suggestions from the fediverse
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 909ab5a5..66e3d222 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -65,6 +65,12 @@ keep up to date.
  * [Source code](https://github.com/impress/impress.js), [demo](https://impress.js.org/)
  * [Hekyll](https://github.com/bmcmurray/hekyll) uses [Jekyll](https://github.com/mojombo/jekyll) as a backend
 
+## Impressive
+
+ * simply displays PDFs or images
+ * page transitions, overview screen, highlighting
+ * [Home page](http://impressive.sourceforge.net/)
+
 ## Libreoffice Impress
 
  * Powerpoint clone
@@ -80,10 +86,11 @@ keep up to date.
  * no release since 2008
  * [Home page](http://member.wide.ad.jp/wg/mgp/)
 
-## mdp
+## mdp and lookatme (commandline)
 
  * Commandline-only, markdown
  * [Home page](https://github.com/visit1985/mdp)
+ * [lookatme](https://github.com/d0c-s4vage/lookatme) is similar
 
 ## Pandoc
 

forgot a previous rant on this topic
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index b61f2f46..909ab5a5 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -51,6 +51,13 @@ keep up to date.
  * see also [powerdot](https://www.ctan.org/pkg/powerdot/)
  * [Home page](https://ctan.org/pkg/beamer)
 
+## Darkslide
+
+ * HTML, Javascript
+ * presenter notes, table of contents, Markdown, RST, Textile, themes,
+   code samples, auto-reload
+ * [Home page](https://github.com/ionelmc/python-darkslide), [demo](https://ionelmc.github.io/python-darkslide/#slide:1)
+
 ## Impress.js
 
  * Javascript
@@ -116,10 +123,40 @@ keep up to date.
    python-docutils
  * [Home page](http://meyerweb.com/eric/tools/s5), [demo](https://meyerweb.com/eric/tools/s5/s5-intro.html)
 
+## sent
+
+ * X11 only
+ * plain text, black on white, image support, and that's it
+ * from the [suckless.org](https://suckless.org/) elitists
+ * [Home page](https://tools.suckless.org/sent/)
+
 ## Sozi
 
  * Entire presentation is one poster, zooming and jumping around
  * SVG + Javascript
  * [Home page](https://sozi.baierouge.fr/), [demo](https://sozi.baierouge.fr/pages/10-about.html)
 
+## Other options
+
+Another option I have seriously considered is just generate a series
+of images with good resolution, hopefully matching the resolution (or
+at least aspect ratio) of the output device. Then you flip through a
+series of images one by one. In that case, any of those image viewers
+(not an exhaustive list) would work:
+
+ * [Geeqie](http://geeqie.org/)
+ * GNOME's [eog](https://wiki.gnome.org/Apps/EyeOfGnome/)
+ * [pho](http://shallowsky.com/software/pho/)
+ * [feh](https://feh.finalrewind.org/)
+ * [fim](https://www.nongnu.org/fbi-improved/)
+ * [sxiv](https://github.com/muennich/sxiv)
+
+Update: it turns out I already wrote a somewhat similar thing when I
+did a recent presentation. If you're into rants, you might enjoy [the
+README file accompanying the Kubecon rant presentation][]. TL;DR:
+"makes me want to scream" and "yet another unsolved problem space,
+sigh" (refering to "display images full-screen" specifically).
+
+[the README file accompanying the Kubecon rant presentation]: https://gitlab.com/anarcat/presentation-ethics/-/blob/master/README.md
+
 [[!tag debian-planet python-planet software review]]

toc
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 1e51ae05..b61f2f46 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -6,6 +6,8 @@ I shouldn't share this (even if for myself!).
 
 So here it is. What's your favorite presentation tool?
 
+[[!toc levels=2]]
+
 # Tips
 
  * if you have some text to present, **outline keywords** so that you

title
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 03297fb0..1e51ae05 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="Presentation tools"]]
+
 I keep forgetting how to make presentations. I had a list of tools in
 a wiki from a previous job, but that's now private and I don't see why
 I shouldn't share this (even if for myself!).

link to coms
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 5264c376..03297fb0 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -34,6 +34,9 @@ Some of my presentations are available [in my GitLab.com account](https://gitlab
  * [Presentation about the Maple Spring, at OHM2013](https://gitlab.com/anarcat/ohm2013/)
  * [First presentation at Tor](https://gitlab.torproject.org/anarcat/onion-tex/-/tree/main/src/pandoc/anarcat-demo-2020)
 
+See also my [list of talks and presentations](/communication) which I can't seem to
+keep up to date.
+
 # Tools
 
 ## Beamer (LaTeX)

tag, add list of presentations
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
index 5df346fc..5264c376 100644
--- a/blog/2020-09-30-presentation-tools.mdwn
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -25,6 +25,15 @@ for most slides, because PDFs are more reliable and portable than web
 pages. I've also used Libreoffice, Pinpoint, and S5 (through RST) in
 the past. I miss Pinpoint, too bad that it died.
 
+Some of my presentations are available [in my GitLab.com account](https://gitlab.com/users/anarcat/projects):
+
+ * [Presentations while I worked at Koumbit](https://gitlab.com/anarcat/presentations-koumbit)
+ * [Short presentation about PRISM](https://gitlab.com/anarcat/presentation-prism)
+ * [Security training](https://gitlab.com/anarcat/presentation-security)
+ * [Ethics in computing](https://gitlab.com/anarcat/presentation-ethics), based on [this blog post](https://anarc.at/blog/2018-05-26-kubecon-rant/)
+ * [Presentation about the Maple Spring, at OHM2013](https://gitlab.com/anarcat/ohm2013/)
+ * [First presentation at Tor](https://gitlab.torproject.org/anarcat/onion-tex/-/tree/main/src/pandoc/anarcat-demo-2020)
+
 # Tools
 
 ## Beamer (LaTeX)
@@ -105,3 +114,5 @@ the past. I miss Pinpoint, too bad that it died.
  * Entire presentation is one poster, zooming and jumping around
  * SVG + Javascript
  * [Home page](https://sozi.baierouge.fr/), [demo](https://sozi.baierouge.fr/pages/10-about.html)
+
+[[!tag debian-planet python-planet software review]]

presentation tools
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn
new file mode 100644
index 00000000..5df346fc
--- /dev/null
+++ b/blog/2020-09-30-presentation-tools.mdwn
@@ -0,0 +1,107 @@
+I keep forgetting how to make presentations. I had a list of tools in
+a wiki from a previous job, but that's now private and I don't see why
+I shouldn't share this (even if for myself!).
+
+So here it is. What's your favorite presentation tool?
+
+# Tips
+
+ * if you have some text to present, **outline keywords** so that you
+   can present your subject **without reading every word**
+ * ideally, **don't read from your slides** - they are there to help
+   people follow, not for people to read
+ * even better: make your slides **pretty** with only a few words, or
+   **don't make slides at all**
+
+Further advice:
+
+ * [7 tips by Jeffrey Veen](http://veen.com/jeff/archives/000483.html)
+ * [10 tips by Neil Patel](http://www.quicksprout.com/2007/09/01/10-tips-for-a-killer-presentation/)
+ * [The Art of Presenting by Matt Westgate](https://www.lullabot.com/blog/art-presenting) (video)
+ * [Presenting You by Emma Jane Hogbin](http://dc2009.drupalcon.org/session/presenting-you.html) (video)
+
+I'm currently using Pandoc with PDF input (with a trip through LaTeX)
+for most slides, because PDFs are more reliable and portable than web
+pages. I've also used Libreoffice, Pinpoint, and S5 (through RST) in
+the past. I miss Pinpoint, too bad that it died.
+
+# Tools
+
+## Beamer (LaTeX)
+
+ * LaTeX class
+ * Do not use directly unless you are a LaTeX expert or masochist, see
+   Pandoc below
+ * see also [powerdot](https://www.ctan.org/pkg/powerdot/)
+ * [Home page](https://ctan.org/pkg/beamer)
+
+## Impress.js
+
+ * Javascript
+ * Zooms in and out, 3D support
+ * [Source code](https://github.com/impress/impress.js), [demo](https://impress.js.org/)
+ * [Hekyll](https://github.com/bmcmurray/hekyll) uses [Jekyll](https://github.com/mojombo/jekyll) as a backend
+
+## Libreoffice Impress
+
+ * Powerpoint clone
+ * Makes my life miserable
+ * PDF export, presenter notes, outline view, etc
+ * [Home page](https://libreoffice.org/discover/impress/), [screenshots](https://libreoffice.org/discover/screenshots/)
+
+## Magicpoint
+
+ * ancestor of everyone else (1997!)
+ * text input format, image support, talk timer, slide guides,
+   HTML/Postscript export, draw on slides, X11 output
+ * no release since 2008
+ * [Home page](http://member.wide.ad.jp/wg/mgp/)
+
+## mdp
+
+ * Commandline-only, markdown
+ * [Home page](https://github.com/visit1985/mdp)
+
+## Pandoc
+
+ * Allows converting from basically whatever into slides, including
+   Beamer, DZSlides, reveal.js, slideous, slidy, Powerpoint
+ * PDF, HTML, Powerpoint export, presentation notes, full screen
+   background images
+ * nice plain text or markdown input format
+ * [Home page](https://pandoc.org/), [documentation](https://pandoc.org/MANUAL.html#producing-slide-shows-with-pandoc)
+
+## PDF Presenter
+
+ * PDF presentation tool, shows presentation notes
+ * basically "Keynote for Linux"
+ * [Home page](https://pdfpc.github.io/), pdf-presenter-console in Debian
+
+## Pinpoint
+
+ * Native GNOME app
+ * Full screen slides, PDF export, live change, presenter notes, pango
+   markup, video, image backgrounds
+ * [Home page](https://wiki.gnome.org/Attic/Pinpoint)
+ * Abandoned since at least 2019
+
+## Reveal.js
+
+ * HTML, Javascript
+ * PDF export, Markdown, LaTeX support, syntax-highlighting, nested
+   slides, speaker notes
+ * [Source code](https://github.com/hakimel/reveal.js), [demo](https://revealjs.com/)
+
+## S5
+
+ * HTML, CSS
+ * incremental, bookmarks, keyboard controls
+ * can be transformed from ReStructuredText (RST) with `rst2s5` with
+   python-docutils
+ * [Home page](http://meyerweb.com/eric/tools/s5), [demo](https://meyerweb.com/eric/tools/s5/s5-intro.html)
+
+## Sozi
+
+ * Entire presentation is one poster, zooming and jumping around
+ * SVG + Javascript
+ * [Home page](https://sozi.baierouge.fr/), [demo](https://sozi.baierouge.fr/pages/10-about.html)

add delivery date
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 1d27f7f2..e56e1e36 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -537,4 +537,5 @@ The timeline of that laptop's hardware problems looks like this:
    next week by the end of next week"
  * 2020-08-04: replacement ready, prompted for address again
  * 2020-08-06: laptop shipped
+ * 2020-08-07: laptop delivered
  * 2020-09-20: bottom left "pad" drops off

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .