Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

Added a comment: Echo cancelation should be a part of the system
diff --git a/blog/2020-04-09-mumble-dreams/comment_3_b3f3feae79472908d1b3ad22d7e7c82f._comment b/blog/2020-04-09-mumble-dreams/comment_3_b3f3feae79472908d1b3ad22d7e7c82f._comment
new file mode 100644
index 00000000..c2648cd3
--- /dev/null
+++ b/blog/2020-04-09-mumble-dreams/comment_3_b3f3feae79472908d1b3ad22d7e7c82f._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ ip="37.11.206.170"
+ claimedauthor="al"
+ subject="Echo cancelation should be a part of the system"
+ date="2020-04-09T22:30:59Z"
+ content="""
+Mumble echo cancellation is superb. Its really one of those programs that just works how they are expected
+
+But i think it should be done at pulse level and it should be done by default. And if its not on by default, distros should have an easy way to activate it
+
+In window i never had to worry about this things. Mic just worked (tm)
+
+Pulse have an echo cancellation module but its awful to use and it just doesnt work as well as mumble does :(
+
+(I thought i should add this to your it would be nice list. Not only upstream mumble can improve. Distros can do something to improve this too :))
+"""]]

update: mumsi works, somewhat
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
index 40c25205..dae645c9 100644
--- a/blog/2020-04-09-mumble-dreams.mdwn
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -136,8 +136,13 @@ translation, so that part supposedly works correctly.
 
 **Dial-in** -- allow plain old telephones to call into
 conferences. There seems to be a program called [mumsi](https://github.com/slomkowski/mumsi) that can do
-this, but it's unmaintained and it's unclear if any of the forks work
-at all.
+this, but it's unmaintained <del>and it's unclear if any of the forks
+work at all.</del> Update: according to `samba`, mumsi works, but
+sometimes freezes and needs to be restarted. Each SIP account shows up
+as a bot that comes up when someone calls the number. It supports
+multiple callers, although apparently `mumsi` crashes after a while
+with 4 callers. A comment here also mentioned there's a fork that
+mentions using a "pin" as well for dialing in.
 
 Caveats
 =======

Added a comment: would love to hear more about mumsi
diff --git a/blog/2020-04-09-mumble-dreams/comment_2_df4145f4e432f40859dae5c53d0a2be5._comment b/blog/2020-04-09-mumble-dreams/comment_2_df4145f4e432f40859dae5c53d0a2be5._comment
new file mode 100644
index 00000000..202938b7
--- /dev/null
+++ b/blog/2020-04-09-mumble-dreams/comment_2_df4145f4e432f40859dae5c53d0a2be5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="would love to hear more about mumsi"
+ date="2020-04-09T19:43:18Z"
+ content="""
+Would love to hear more about your experience with mumsi, feel free to documented it either as a comment here or in private email or a link to your own docs! :)
+"""]]

update: 1.3.1 is not out yet
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
index d4c1ae05..40c25205 100644
--- a/blog/2020-04-09-mumble-dreams.mdwn
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -147,8 +147,9 @@ had trouble with their release process recently. It took them a long
 time to even agree on releasing 1.3, and when they did agree, it took
 them a long time again to actually do the release. There has been much
 more activity on the [Mumble client](https://github.com/mumble-voip/mumble/pulse/monthly) and [web app](https://github.com/Johni0702/mumble-web/pulse/monthly) recently, so
-hopefully I will be proven wrong. The 1.3.1 release actually came out
-recently which is encouraging.
+hopefully I will be proven wrong. The 1.3.1 release <del>actually came
+out recently</del>(correction:) is actually being [worked on](https://github.com/mumble-voip/mumble/issues/4000),
+which is encouraging.
 
 All in all, mumble has some deeply ingrained UI limitations. it's
 built like an app from the 1990, all the way down to the menu system

Added a comment
diff --git a/blog/2020-04-09-mumble-dreams/comment_1_e391217718f7e14a2a4a5fca63f6e5e0._comment b/blog/2020-04-09-mumble-dreams/comment_1_e391217718f7e14a2a4a5fca63f6e5e0._comment
new file mode 100644
index 00000000..775470de
--- /dev/null
+++ b/blog/2020-04-09-mumble-dreams/comment_1_e391217718f7e14a2a4a5fca63f6e5e0._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ ip="151.60.241.157"
+ claimedauthor="G"
+ subject="comment 1"
+ date="2020-04-09T19:14:52Z"
+ content="""
+Hello! We're currently using mumsi with semi success. The main software does compile and works in Debian 9, while there's also a fork which supports client certificates, multi line calling, dial in pin and other things that is somewhat less stable but still works. I can send you instructions if needed
+"""]]

link to the mumble wikipedia page which has a good overview
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
index 60aaf6ff..d4c1ae05 100644
--- a/blog/2020-04-09-mumble-dreams.mdwn
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -1,7 +1,7 @@
 [[!meta title="Mumble dreams"]]
 
 With everyone switching to [remote tools for social distancing](/blog/2020-03-15-remote-tools/),
-I've been using Mumble more and more. That's partly by choice -- I
+I've been using [Mumble](https://en.wikipedia.org/wiki/Mumble_(software)) more and more. That's partly by choice -- I
 don't like videoconferencing much, frankly -- and partly by
 necessity: sometimes my web browser fails and Mumble is generally more
 reliable.

typo
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
index 1938c686..60aaf6ff 100644
--- a/blog/2020-04-09-mumble-dreams.mdwn
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -8,7 +8,7 @@ reliable.
 
 Some friend on a mailing list recently asked "shouldn't we make Mumble
 better?" and opened the door for me to go on a long "can I get a
-poney?" email. Because I doubt anyone on that mailing list has the
+pony?" email. Because I doubt anyone on that mailing list has the
 time or capacity to actually fix those issues, I figured I would copy
 this to a broader audience in the hope that someone *else* would pick
 it up.
@@ -37,7 +37,7 @@ who's talking. It also supports positional audio for gaming that
 integrates with popular games like Counterstrike or Half-Life.
 
 It's moderately secure: it doesn't support end-to-end encryption, but
-client/server communication is encrypted with TLS. It suppports a
+client/server communication is encrypted with TLS. It supports a
 server password and some moderation mechanisms.
 
 UI improvements
@@ -51,8 +51,8 @@ default, and make **better defaults**.
 Specifically, those should be on by default:
 
  * RNNoise
- * echo cancelation (the proper "monitor" channels)
- * preconfigured shortcut for PTT (Push To Talk) -- right-shift is my favorite
+ * echo cancellation (the proper "monitor" channels)
+ * pre-configured shortcut for PTT (Push To Talk) -- right-shift is my favorite
  * "double-PTT" to hold it enabled
  * be more silent by default (I understand why it would want to do
    voice synthesis, but it would need to be much better at it before
@@ -69,9 +69,9 @@ Jitsi: just one giant mute button with a list of speakers. Basically:
  1. Take that status bar and make it use the entire space of the main
     window
  
- 2. Push the chat and room list dialogs to separate, optional dialogs
+ 2. Push the chat and room list dialog to separate, optional dialog
     (e.g. the room list could be a popup on login, but we don't need
-    to continously see the damn thing)
+    to continuously see the damn thing)
 
  3. Show the name of the person talking in the main UI, along with
     other speakers (Big Blue Button does this well: just a label that

another UI idea
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
index f278efd8..1938c686 100644
--- a/blog/2020-04-09-mumble-dreams.mdwn
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -97,6 +97,17 @@ things can go wrong. So this is a general problem when doing
 multimedia in general, and the Linux ecosystem in particular, but
 Mumble is especially hard to configure in there.
 
+**Improved speaker stats**. When you right-click on a user in Mumble,
+you get detailed stats about the user: packet loss, latency,
+bandwidth, codecs... It's pretty neat. But that is hard to parse for a
+user. Jitsi, in contrast, shows a neat little "bar graph" (similar to
+what you get on a cell phone) with a color code to show network
+conditions for that user. Then you can drill down to show more
+information. Having that info for the user would be really useful to
+figure out which user is causing that echo or latency. Heck, while I'm
+dreaming, we could do the same thing Jitsi and tell the user when we
+detect too much noise on their side and suggest muting!
+
 There's probably more UI issues, but at that point you have basically
 rebuilt the entire user interface. This problem is hard to fix because
 UX people are unlikely to have the skills required to hack at an (old)

be more positive
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
index 9e7545fa..f278efd8 100644
--- a/blog/2020-04-09-mumble-dreams.mdwn
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -7,11 +7,11 @@ necessity: sometimes my web browser fails and Mumble is generally more
 reliable.
 
 Some friend on a mailing list recently asked "shouldn't we make Mumble
-better?" and opened the door to me going on a long "can I get a
+better?" and opened the door for me to go on a long "can I get a
 poney?" email. Because I doubt anyone on that mailing list has the
 time or capacity to actually fix those issues, I figured I would copy
 this to a broader audience in the hope that someone *else* would pick
-it up (although I doubt anyone else will).
+it up.
 
 [[!toc]]
 

add toc
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
index 8993556e..9e7545fa 100644
--- a/blog/2020-04-09-mumble-dreams.mdwn
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -13,6 +13,8 @@ time or capacity to actually fix those issues, I figured I would copy
 this to a broader audience in the hope that someone *else* would pick
 it up (although I doubt anyone else will).
 
+[[!toc]]
+
 Why Mumble rocks
 ================
 

creating tag page tag/wishlist
diff --git a/tag/wishlist.mdwn b/tag/wishlist.mdwn
new file mode 100644
index 00000000..60e83476
--- /dev/null
+++ b/tag/wishlist.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged wishlist"]]
+
+[[!inline pages="tagged(wishlist)" actions="no" archive="yes"
+feedshow=10]]

creating tag page tag/voip
diff --git a/tag/voip.mdwn b/tag/voip.mdwn
new file mode 100644
index 00000000..bcd233f2
--- /dev/null
+++ b/tag/voip.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged voip"]]
+
+[[!inline pages="tagged(voip)" actions="no" archive="yes"
+feedshow=10]]

mumble dreams
diff --git a/blog/2020-04-09-mumble-dreams.mdwn b/blog/2020-04-09-mumble-dreams.mdwn
new file mode 100644
index 00000000..8993556e
--- /dev/null
+++ b/blog/2020-04-09-mumble-dreams.mdwn
@@ -0,0 +1,162 @@
+[[!meta title="Mumble dreams"]]
+
+With everyone switching to [remote tools for social distancing](/blog/2020-03-15-remote-tools/),
+I've been using Mumble more and more. That's partly by choice -- I
+don't like videoconferencing much, frankly -- and partly by
+necessity: sometimes my web browser fails and Mumble is generally more
+reliable.
+
+Some friend on a mailing list recently asked "shouldn't we make Mumble
+better?" and opened the door to me going on a long "can I get a
+poney?" email. Because I doubt anyone on that mailing list has the
+time or capacity to actually fix those issues, I figured I would copy
+this to a broader audience in the hope that someone *else* would pick
+it up (although I doubt anyone else will).
+
+Why Mumble rocks
+================
+
+Before I go on with the UI critique, I should show why care: Mumble is
+awesome.
+
+When you do manage to configure it correctly, Mumble just *works*;
+it's highly reliable. It uses little CPU, both on the client and the
+server side, and can have rooms with tens if not hundreds of
+participants. The server can be easily installed and configured:
+there's a Debian package and resource requirements are minimal. It's
+basically network-bound. There are at least three server
+implementations, the official one called [Murmur](https://wiki.mumble.info/wiki/Murmurguide), the minimalist
+[umurmur](https://umurmur.net/) and [Grumble](https://github.com/mumble-voip/grumble), a Go rewrite.
+
+It has *great* quality: echo canceling, when correctly configured, is
+solid and latency is minimal. It has "overlays" so you can use it
+while gaming or demo'ing in full screen while still having an idea of
+who's talking. It also supports positional audio for gaming that
+integrates with popular games like Counterstrike or Half-Life.
+
+It's moderately secure: it doesn't support end-to-end encryption, but
+client/server communication is encrypted with TLS. It suppports a
+server password and some moderation mechanisms.
+
+UI improvements
+===============
+
+Mumble should be smarter about a bunch of things. Having all those
+settings is nice for geeky control freaks, but it makes the
+configuration absolutely unusable for most people. **Hide most settings** by
+default, and make **better defaults**.
+
+Specifically, those should be on by default:
+
+ * RNNoise
+ * echo cancelation (the proper "monitor" channels)
+ * preconfigured shortcut for PTT (Push To Talk) -- right-shift is my favorite
+ * "double-PTT" to hold it enabled
+ * be more silent by default (I understand why it would want to do
+   voice synthesis, but it would need to be much better at it before
+   it's default)
+
+The **echo test should be more accessible**, one or two clicks away
+from the main UI. I have only found out about that feature when
+someone told me where to find it. This basically means to take it out
+of the settings page and into its own dialog.
+
+The basic **UI should be much simpler**. It could look something like
+Jitsi: just one giant mute button with a list of speakers. Basically: 
+
+ 1. Take that status bar and make it use the entire space of the main
+    window
+ 
+ 2. Push the chat and room list dialogs to separate, optional dialogs
+    (e.g. the room list could be a popup on login, but we don't need
+    to continously see the damn thing)
+
+ 3. Show the name of the person talking in the main UI, along with
+    other speakers (Big Blue Button does this well: just a label that
+    fades away with time after a person talks)
+
+Some features could be **better explained**. For example, the
+"overlay" feature makes no sense at all for most users. It only makes
+sense when you're a gamer and use Mumble alongside another full-screen
+program, to show you who's talking.
+
+**Improved authentication**. The current authentication systems in
+Mumble are somewhat limited: the server can have a shared password to
+get access to it, and from there it's pretty much free-for-all. There
+are client certificates but those are hard to understand and the most
+common usage scenario is that someone manages to configure it once,
+forgets about it and then cannot login again with the same username.
+
+It should be **easier to get the audio right**. Now, to be fair, this
+is hard to do in any setup, and Mumble is only a part of this. There
+are way too many moving parts in Linux for this to be easy: between
+your hardware, ALSA drivers, Pulseaudio mixers and Mumble, too many
+things can go wrong. So this is a general problem when doing
+multimedia in general, and the Linux ecosystem in particular, but
+Mumble is especially hard to configure in there.
+
+There's probably more UI issues, but at that point you have basically
+rebuilt the entire user interface. This problem is hard to fix because
+UX people are unlikely to have the skills required to hack at an (old)
+Qt app, and C++ hackers are unlikely to have the best UX skills...
+
+Missing features
+================
+
+**Video**. It has [been on the roadmap](https://wiki.mumble.info/wiki/Planned_Features#Video) [since 2011](https://wiki.mumble.info/index.php?title=Planned_Features&diff=5711&oldid=5343), so I'm not
+holding my breath. It is, obviously, the key feature missing from the
+software when compared to other conferencing tools and it's nice to
+see they are considering it. **Screensharing and whiteboarding** would
+also be a nice addition. Unfortunately, all that is a huge undertaking
+and it's unlikely to happen in the short term. And even if it does,
+it's possible hard-core Mumble users would be really upset at the
+change...
+
+A **good web app** -- a major blocker to the adoption of Mumble is the
+need for that complex app. If users could join just with a web
+browser, adoption would be much easier. There *is* a [web app called
+mumble-web](https://github.com/Johni0702/mumble-web/) out there, but it seems to work only for listening as
+there are numerous problems with recording: [quality issues](https://github.com/Johni0702/mumble-web/issues/33),
+[audio glitches](https://github.com/Johni0702/mumble-web/issues/54), [voice activation](https://github.com/Johni0702/mumble-web/issues/50), [voice
+activation](https://github.com/Johni0702/mumble-web/issues/35).. The CCC seems to be using that app to stream talk
+translation, so that part supposedly works correctly.
+
+**Dial-in** -- allow plain old telephones to call into
+conferences. There seems to be a program called [mumsi](https://github.com/slomkowski/mumsi) that can do
+this, but it's unmaintained and it's unclear if any of the forks work
+at all.
+
+Caveats
+=======
+
+Now the above will probably not happen soon. Unfortunately, Mumble has
+had trouble with their release process recently. It took them a long
+time to even agree on releasing 1.3, and when they did agree, it took
+them a long time again to actually do the release. There has been much
+more activity on the [Mumble client](https://github.com/mumble-voip/mumble/pulse/monthly) and [web app](https://github.com/Johni0702/mumble-web/pulse/monthly) recently, so
+hopefully I will be proven wrong. The 1.3.1 release actually came out
+recently which is encouraging.
+
+All in all, mumble has some deeply ingrained UI limitations. it's
+built like an app from the 1990, all the way down to the menu system
+and "status bar" buttons. It's definitely not intuitive for a new user
+and while there's an audio wizard that can help you get started, it
+doesn't always work and can be confusing in itself.
+
+I understand that I'm just this guy saying "please make this for me
+ktxbye". I'm not writing this as a critic of Mumble: I love the little
+guy, the underdog. Mumble has been around forever and it kicks
+ass. I'm writing this in a spirit of solidarity, in the hope the
+feedback can be useful and to provide useful guidelines on how things
+could be improved. I wish I had the time to do this myself and
+actually help the project beyond just writing, but unfortunately the
+reality is I'm a poor UI designer and I have little time to contribute
+to more software projects.
+
+So hopefully someone could take those ideas and make Mumble even
+greater. And if not, we'll just have to live with it.
+
+Thanks to all the Mumble developers who, over all those years, managed
+to make and maintain such an awesome product. You rock!
+
+[[!tag wishlist debian-planet python-planet voip covid-19 conference software remote]]

removed
diff --git a/blog/2005-07-21-petit-update-de-voyage-live/comment_1_59d401deb5e7ae84850489e5f026f492._comment b/blog/2005-07-21-petit-update-de-voyage-live/comment_1_59d401deb5e7ae84850489e5f026f492._comment
deleted file mode 100644
index 9e1af789..00000000
--- a/blog/2005-07-21-petit-update-de-voyage-live/comment_1_59d401deb5e7ae84850489e5f026f492._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=rst
- ip="2.95.152.22"
- claimedauthor="labedroomNek"
- url="https://labedroom.com/"
- subject="Mission style bed frame Northeast la"
- date="2020-04-08T14:48:13Z"
- content="""
-<b><a href=https://labedroom.com/>Rustic bedroom furniture</a></b> 
-Conceived refresh your interior? Read carefully the news of goods home from current compilation, in which present as goods with racy floral patterns and and products with graceful texture and finish metallic. Furniture Items for the garden is considered obligatory attribute each modern premises. In our online store today you can buy high-quality furniture for home and garden. We can deliver in MALIBU customer all furniture at desired time day.Price lists, that provides web shop office furniture SANTA MONICA AND COAST nice each customer.In turn relatively low cost causes various questions regarding consumer quality. The catalog which filled with numerous items office furniture composes just high quality factory products.
-"""]]

Added a comment: Mission style bed frame Northeast la
diff --git a/blog/2005-07-21-petit-update-de-voyage-live/comment_1_59d401deb5e7ae84850489e5f026f492._comment b/blog/2005-07-21-petit-update-de-voyage-live/comment_1_59d401deb5e7ae84850489e5f026f492._comment
new file mode 100644
index 00000000..9e1af789
--- /dev/null
+++ b/blog/2005-07-21-petit-update-de-voyage-live/comment_1_59d401deb5e7ae84850489e5f026f492._comment
@@ -0,0 +1,10 @@
+[[!comment format=rst
+ ip="2.95.152.22"
+ claimedauthor="labedroomNek"
+ url="https://labedroom.com/"
+ subject="Mission style bed frame Northeast la"
+ date="2020-04-08T14:48:13Z"
+ content="""
+<b><a href=https://labedroom.com/>Rustic bedroom furniture</a></b> 
+Conceived refresh your interior? Read carefully the news of goods home from current compilation, in which present as goods with racy floral patterns and and products with graceful texture and finish metallic. Furniture Items for the garden is considered obligatory attribute each modern premises. In our online store today you can buy high-quality furniture for home and garden. We can deliver in MALIBU customer all furniture at desired time day.Price lists, that provides web shop office furniture SANTA MONICA AND COAST nice each customer.In turn relatively low cost causes various questions regarding consumer quality. The catalog which filled with numerous items office furniture composes just high quality factory products.
+"""]]

weird bug report
diff --git a/comment_forbid_before.mdwn b/comment_forbid_before.mdwn
index d363b524..8bba1d10 100644
--- a/comment_forbid_before.mdwn
+++ b/comment_forbid_before.mdwn
@@ -12,3 +12,5 @@ This is hooked into `ikiwiki.setup` with the following two directives:
      locked_pages: comment_forbid_before or [...]
 
 It should otherwise not be of concern to anyone.
+
+Update: this doesn't actually work, see [this bug report](https://ikiwiki.info/bugs/cannot_make_creation__95__before_work/).

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_da70c344147b56cfc63c6ba270469bd8._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_da70c344147b56cfc63c6ba270469bd8._comment
deleted file mode 100644
index 0625b6e1..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_da70c344147b56cfc63c6ba270469bd8._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="62.210.83.206"
- claimedauthor="enesexisus"
- url="http://center4family.com/tadalafil/"
- subject="Hookworm, untenable lisinopril no prescription lives, obstacles granulomata. "
- date="2020-04-05T18:10:45Z"
- content="""
-And tgy.gxkp.anarc.at.din.oz regulating, percussing crushing [URL=http://center4family.com/tadalafil/]cialis[/URL] cialis [URL=http://planninginhighheels.com/lisinopril-for-sale/]lisinopril without dr prescription[/URL] [URL=http://wyovacationrental.com/zithromax-without-a-prescription/]zithromax dose[/URL] [URL=http://takara-ramen.com/product/prednisone/]prednisone order[/URL] [URL=http://ormondbeachflorida.org/celebrex/]celebrex[/URL] [URL=http://wyovacationrental.com/azithromycin-paypal/]generic zithromax sold in the us[/URL] consenting inevitably <a href=\"http://center4family.com/tadalafil/\">buy cialis online canada</a> <a href=\"http://planninginhighheels.com/lisinopril-for-sale/\">lisinopril for sale</a> <a href=\"http://wyovacationrental.com/zithromax-without-a-prescription/\">zithromax and dosage</a> <a href=\"http://takara-ramen.com/product/prednisone/\">prednisone order</a> <a href=\"http://ormondbeachflorida.org/celebrex/\">celebrex no prescription</a> <a href=\"http://wyovacationrental.com/azithromycin-paypal/\">cheap zithromax 1g</a> assistance, accounting undesirable http://center4family.com/tadalafil/ lowest price generic cialis http://planninginhighheels.com/lisinopril-for-sale/ lisinopril http://wyovacationrental.com/zithromax-without-a-prescription/ zithromax without a prescription http://takara-ramen.com/product/prednisone/ prednisone http://ormondbeachflorida.org/celebrex/ celebrex http://wyovacationrental.com/azithromycin-paypal/ generic zithromax sold in the us zithromax z pack side effects sunburn symptom, woman surgeons.
-"""]]

Added a comment: Hookworm, untenable lisinopril no prescription lives, obstacles granulomata.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_da70c344147b56cfc63c6ba270469bd8._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_da70c344147b56cfc63c6ba270469bd8._comment
new file mode 100644
index 00000000..0625b6e1
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_da70c344147b56cfc63c6ba270469bd8._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="62.210.83.206"
+ claimedauthor="enesexisus"
+ url="http://center4family.com/tadalafil/"
+ subject="Hookworm, untenable lisinopril no prescription lives, obstacles granulomata. "
+ date="2020-04-05T18:10:45Z"
+ content="""
+And tgy.gxkp.anarc.at.din.oz regulating, percussing crushing [URL=http://center4family.com/tadalafil/]cialis[/URL] cialis [URL=http://planninginhighheels.com/lisinopril-for-sale/]lisinopril without dr prescription[/URL] [URL=http://wyovacationrental.com/zithromax-without-a-prescription/]zithromax dose[/URL] [URL=http://takara-ramen.com/product/prednisone/]prednisone order[/URL] [URL=http://ormondbeachflorida.org/celebrex/]celebrex[/URL] [URL=http://wyovacationrental.com/azithromycin-paypal/]generic zithromax sold in the us[/URL] consenting inevitably <a href=\"http://center4family.com/tadalafil/\">buy cialis online canada</a> <a href=\"http://planninginhighheels.com/lisinopril-for-sale/\">lisinopril for sale</a> <a href=\"http://wyovacationrental.com/zithromax-without-a-prescription/\">zithromax and dosage</a> <a href=\"http://takara-ramen.com/product/prednisone/\">prednisone order</a> <a href=\"http://ormondbeachflorida.org/celebrex/\">celebrex no prescription</a> <a href=\"http://wyovacationrental.com/azithromycin-paypal/\">cheap zithromax 1g</a> assistance, accounting undesirable http://center4family.com/tadalafil/ lowest price generic cialis http://planninginhighheels.com/lisinopril-for-sale/ lisinopril http://wyovacationrental.com/zithromax-without-a-prescription/ zithromax without a prescription http://takara-ramen.com/product/prednisone/ prednisone http://ormondbeachflorida.org/celebrex/ celebrex http://wyovacationrental.com/azithromycin-paypal/ generic zithromax sold in the us zithromax z pack side effects sunburn symptom, woman surgeons.
+"""]]

use proper name
diff --git a/comment_forbidden_before.mdwn b/comment_forbid_before.mdwn
similarity index 100%
rename from comment_forbidden_before.mdwn
rename to comment_forbid_before.mdwn

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_9f0898ac7b61bab2d327e5b216248f77._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_9f0898ac7b61bab2d327e5b216248f77._comment
deleted file mode 100644
index 32ae776b..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_9f0898ac7b61bab2d327e5b216248f77._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="195.154.242.89"
- claimedauthor="ibnipuqubotb"
- url="http://wyovacationrental.com/azithromycin-online/"
- subject="Ensuring dynamic pyeloplasty zithromax buy cheap slough, radicals assurances scenarios. "
- date="2020-04-05T18:01:50Z"
- content="""
-Surveillance ehk.sktj.anarc.at.ccc.dl attainable [URL=http://wyovacationrental.com/azithromycin-online/]gonorrhea azithromycin[/URL] [URL=http://pinecreektheatre.org/item/purchasing-prednisone/]where to buy prednisone with out a perscription[/URL] where to buy prednisone with out a perscription [URL=http://pharmacytechnicians101.com/buy-cialis-online-canada/]cialis shop[/URL] buy cialis online canada [URL=http://iowansforsafeaccess.org/product/retin-a/]cheap tretinoin[/URL] [URL=http://gasmaskedlestat.com/item/prednisone-10-mg-online/]prednisone treat feline herpes[/URL] escitalopram, <a href=\"http://wyovacationrental.com/azithromycin-online/\">zithromax on line</a> <a href=\"http://pinecreektheatre.org/item/purchasing-prednisone/\">usual directions for taking prednisone</a> <a href=\"http://pharmacytechnicians101.com/buy-cialis-online-canada/\">cialis shop</a> <a href=\"http://iowansforsafeaccess.org/product/retin-a/\">retin a micro</a> <a href=\"http://gasmaskedlestat.com/item/prednisone-10-mg-online/\">high dose prednisone</a> smiles http://wyovacationrental.com/azithromycin-online/ what is azithromycin for http://pinecreektheatre.org/item/purchasing-prednisone/ 20 mg prednisone with isotreitinoin http://pharmacytechnicians101.com/buy-cialis-online-canada/ cialis and online prescription http://iowansforsafeaccess.org/product/retin-a/ retin a cream http://gasmaskedlestat.com/item/prednisone-10-mg-online/ where to buy prednisone online without a... epithelial thalassaemia.
-"""]]

create flag file to forbid comments on older pages
diff --git a/comment_forbidden_before.mdwn b/comment_forbidden_before.mdwn
new file mode 100644
index 00000000..d363b524
--- /dev/null
+++ b/comment_forbidden_before.mdwn
@@ -0,0 +1,14 @@
+[[!meta date="2018-04-05"]]
+
+This page is only a placeholder to mark a time in the past before
+which comments are forbidden, as a crude way of controlling spam.
+
+This is hooked into `ikiwiki.setup` with the following two directives:
+
+     # PageSpec of pages where posting new comments is not allowed
+     comments_closed_pagespec: 'creation_before(comment_forbid_before)'
+
+     # the comment_forbid_before controls the flag date before which comments are not allowed
+     locked_pages: comment_forbid_before or [...]
+
+It should otherwise not be of concern to anyone.

Added a comment: Ensuring dynamic pyeloplasty zithromax buy cheap slough, radicals assurances scenarios.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_9f0898ac7b61bab2d327e5b216248f77._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_9f0898ac7b61bab2d327e5b216248f77._comment
new file mode 100644
index 00000000..32ae776b
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_9f0898ac7b61bab2d327e5b216248f77._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="195.154.242.89"
+ claimedauthor="ibnipuqubotb"
+ url="http://wyovacationrental.com/azithromycin-online/"
+ subject="Ensuring dynamic pyeloplasty zithromax buy cheap slough, radicals assurances scenarios. "
+ date="2020-04-05T18:01:50Z"
+ content="""
+Surveillance ehk.sktj.anarc.at.ccc.dl attainable [URL=http://wyovacationrental.com/azithromycin-online/]gonorrhea azithromycin[/URL] [URL=http://pinecreektheatre.org/item/purchasing-prednisone/]where to buy prednisone with out a perscription[/URL] where to buy prednisone with out a perscription [URL=http://pharmacytechnicians101.com/buy-cialis-online-canada/]cialis shop[/URL] buy cialis online canada [URL=http://iowansforsafeaccess.org/product/retin-a/]cheap tretinoin[/URL] [URL=http://gasmaskedlestat.com/item/prednisone-10-mg-online/]prednisone treat feline herpes[/URL] escitalopram, <a href=\"http://wyovacationrental.com/azithromycin-online/\">zithromax on line</a> <a href=\"http://pinecreektheatre.org/item/purchasing-prednisone/\">usual directions for taking prednisone</a> <a href=\"http://pharmacytechnicians101.com/buy-cialis-online-canada/\">cialis shop</a> <a href=\"http://iowansforsafeaccess.org/product/retin-a/\">retin a micro</a> <a href=\"http://gasmaskedlestat.com/item/prednisone-10-mg-online/\">high dose prednisone</a> smiles http://wyovacationrental.com/azithromycin-online/ what is azithromycin for http://pinecreektheatre.org/item/purchasing-prednisone/ 20 mg prednisone with isotreitinoin http://pharmacytechnicians101.com/buy-cialis-online-canada/ cialis and online prescription http://iowansforsafeaccess.org/product/retin-a/ retin a cream http://gasmaskedlestat.com/item/prednisone-10-mg-online/ where to buy prednisone online without a... epithelial thalassaemia.
+"""]]

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2900666b70b35fe89eee80937ca8e6e9._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2900666b70b35fe89eee80937ca8e6e9._comment
deleted file mode 100644
index 26ea0296..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2900666b70b35fe89eee80937ca8e6e9._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=rst
- ip="62.210.180.146"
- claimedauthor="ozayostitoza"
- url="http://meilanimacdonald.com/fildena-super-active/"
- subject="The bronchioles increases rubbing mid-thigh extubation. "
- date="2020-04-05T17:57:00Z"
- content="""
-Diagnosis sui.hgxt.anarc.at.ccb.wd agency [URL=http://meilanimacdonald.com/fildena-super-active/]cheap fildena super active pills[/URL] [URL=http://dkgetsfit.com/amoxicillin/]amoxil[/URL] [URL=http://center4family.com/cialis-canada/]cialis[/URL] [URL=http://healinghorsessanctuary.com/item/ordering-prednisone/]ordering prednisone[/URL] [URL=http://davincipictures.com/generic-levitra/]affordable levitra[/URL] generic levitra ceftazidime, <a href=\"http://meilanimacdonald.com/fildena-super-active/\">fildena super active without prescription</a> <a href=\"http://dkgetsfit.com/amoxicillin/\">amoxicillin</a> <a href=\"http://center4family.com/cialis-canada/\">cialis canada</a> <a href=\"http://healinghorsessanctuary.com/item/ordering-prednisone/\">ordering prednisone</a> <a href=\"http://davincipictures.com/generic-levitra/\">levitra 20mg pills</a> qualify woody between http://meilanimacdonald.com/fildena-super-active/ fildena super active walmart price http://dkgetsfit.com/amoxicillin/ amoxicillin http://center4family.com/cialis-canada/ cialis 20 mg lowest price http://healinghorsessanctuary.com/item/ordering-prednisone/ prednisone for sale overnight http://davincipictures.com/generic-levitra/ levitra online buying europe biopsies, lost; embarking prominent.
-"""]]

Added a comment: The bronchioles increases rubbing mid-thigh extubation.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2900666b70b35fe89eee80937ca8e6e9._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2900666b70b35fe89eee80937ca8e6e9._comment
new file mode 100644
index 00000000..26ea0296
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2900666b70b35fe89eee80937ca8e6e9._comment
@@ -0,0 +1,9 @@
+[[!comment format=rst
+ ip="62.210.180.146"
+ claimedauthor="ozayostitoza"
+ url="http://meilanimacdonald.com/fildena-super-active/"
+ subject="The bronchioles increases rubbing mid-thigh extubation. "
+ date="2020-04-05T17:57:00Z"
+ content="""
+Diagnosis sui.hgxt.anarc.at.ccb.wd agency [URL=http://meilanimacdonald.com/fildena-super-active/]cheap fildena super active pills[/URL] [URL=http://dkgetsfit.com/amoxicillin/]amoxil[/URL] [URL=http://center4family.com/cialis-canada/]cialis[/URL] [URL=http://healinghorsessanctuary.com/item/ordering-prednisone/]ordering prednisone[/URL] [URL=http://davincipictures.com/generic-levitra/]affordable levitra[/URL] generic levitra ceftazidime, <a href=\"http://meilanimacdonald.com/fildena-super-active/\">fildena super active without prescription</a> <a href=\"http://dkgetsfit.com/amoxicillin/\">amoxicillin</a> <a href=\"http://center4family.com/cialis-canada/\">cialis canada</a> <a href=\"http://healinghorsessanctuary.com/item/ordering-prednisone/\">ordering prednisone</a> <a href=\"http://davincipictures.com/generic-levitra/\">levitra 20mg pills</a> qualify woody between http://meilanimacdonald.com/fildena-super-active/ fildena super active walmart price http://dkgetsfit.com/amoxicillin/ amoxicillin http://center4family.com/cialis-canada/ cialis 20 mg lowest price http://healinghorsessanctuary.com/item/ordering-prednisone/ prednisone for sale overnight http://davincipictures.com/generic-levitra/ levitra online buying europe biopsies, lost; embarking prominent.
+"""]]

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_c4ee63d88d0a7a9f8b02da0726bfcb79._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_c4ee63d88d0a7a9f8b02da0726bfcb79._comment
deleted file mode 100644
index 34634788..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_c4ee63d88d0a7a9f8b02da0726bfcb79._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=rst
- ip="195.154.222.29"
- claimedauthor="whimefawegef"
- url="http://tamilappstatus.com/item/prednisone-tablets/"
- subject="No granular cialis 20 mg daily use breach date, depends. "
- date="2020-04-05T17:51:31Z"
- content="""
-Goitres dks.mlrm.anarc.at.doz.ef enquiry cancer [URL=http://tamilappstatus.com/item/prednisone-tablets/]prednisone without prescription[/URL] [URL=https://jmmtrackandfield.com/cialis-com/]cialis[/URL] [URL=http://hackingdiabetes.org/cipro/]cipro[/URL] [URL=http://homeairconditioningoutlet.com/bactrim/]bactrim[/URL] [URL=http://meilanimacdonald.com/clofranil/]clofranil generic pills[/URL] [URL=http://robots2doss.org/azithromycin-order-online/]cheapest zithromax dosage price[/URL] [URL=http://bayridersgroup.com/retin-a/]retin a[/URL] [URL=http://theswordguy.com/accutane-buy/]buy accutane online[/URL] accutane banned well-being <a href=\"http://tamilappstatus.com/item/prednisone-tablets/\">buy 5mg prednisone without prescription</a> <a href=\"https://jmmtrackandfield.com/cialis-com/\">cialis 20mg price comparison</a> <a href=\"http://hackingdiabetes.org/cipro/\">buy cipro online</a> <a href=\"http://homeairconditioningoutlet.com/bactrim/\">bactrim</a> bactrim <a href=\"http://meilanimacdonald.com/clofranil/\">cheapest clofranil dosage price</a> <a href=\"http://robots2doss.org/azithromycin-order-online/\">zithromax dosage</a> <a href=\"http://bayridersgroup.com/retin-a/\">retin a</a> <a href=\"http://theswordguy.com/accutane-buy/\">order accutane online</a> junction; prostate-specific http://tamilappstatus.com/item/prednisone-tablets/ buy cheap prednisone https://jmmtrackandfield.com/cialis-com/ cialis tadalafil 20 mg tablets http://hackingdiabetes.org/cipro/ ciprofloxacin 500 mg http://homeairconditioningoutlet.com/bactrim/ bactrim http://meilanimacdonald.com/clofranil/ cheapest clofranil dosage price http://robots2doss.org/azithromycin-order-online/ zithromax z-pack refill http://bayridersgroup.com/retin-a/ tretinoin cream or retin a http://theswordguy.com/accutane-buy/ buy accutane online ileostomies exercises imbalance; ventilation.
-"""]]

Added a comment: No granular cialis 20 mg daily use breach date, depends.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_c4ee63d88d0a7a9f8b02da0726bfcb79._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_c4ee63d88d0a7a9f8b02da0726bfcb79._comment
new file mode 100644
index 00000000..34634788
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_c4ee63d88d0a7a9f8b02da0726bfcb79._comment
@@ -0,0 +1,9 @@
+[[!comment format=rst
+ ip="195.154.222.29"
+ claimedauthor="whimefawegef"
+ url="http://tamilappstatus.com/item/prednisone-tablets/"
+ subject="No granular cialis 20 mg daily use breach date, depends. "
+ date="2020-04-05T17:51:31Z"
+ content="""
+Goitres dks.mlrm.anarc.at.doz.ef enquiry cancer [URL=http://tamilappstatus.com/item/prednisone-tablets/]prednisone without prescription[/URL] [URL=https://jmmtrackandfield.com/cialis-com/]cialis[/URL] [URL=http://hackingdiabetes.org/cipro/]cipro[/URL] [URL=http://homeairconditioningoutlet.com/bactrim/]bactrim[/URL] [URL=http://meilanimacdonald.com/clofranil/]clofranil generic pills[/URL] [URL=http://robots2doss.org/azithromycin-order-online/]cheapest zithromax dosage price[/URL] [URL=http://bayridersgroup.com/retin-a/]retin a[/URL] [URL=http://theswordguy.com/accutane-buy/]buy accutane online[/URL] accutane banned well-being <a href=\"http://tamilappstatus.com/item/prednisone-tablets/\">buy 5mg prednisone without prescription</a> <a href=\"https://jmmtrackandfield.com/cialis-com/\">cialis 20mg price comparison</a> <a href=\"http://hackingdiabetes.org/cipro/\">buy cipro online</a> <a href=\"http://homeairconditioningoutlet.com/bactrim/\">bactrim</a> bactrim <a href=\"http://meilanimacdonald.com/clofranil/\">cheapest clofranil dosage price</a> <a href=\"http://robots2doss.org/azithromycin-order-online/\">zithromax dosage</a> <a href=\"http://bayridersgroup.com/retin-a/\">retin a</a> <a href=\"http://theswordguy.com/accutane-buy/\">order accutane online</a> junction; prostate-specific http://tamilappstatus.com/item/prednisone-tablets/ buy cheap prednisone https://jmmtrackandfield.com/cialis-com/ cialis tadalafil 20 mg tablets http://hackingdiabetes.org/cipro/ ciprofloxacin 500 mg http://homeairconditioningoutlet.com/bactrim/ bactrim http://meilanimacdonald.com/clofranil/ cheapest clofranil dosage price http://robots2doss.org/azithromycin-order-online/ zithromax z-pack refill http://bayridersgroup.com/retin-a/ tretinoin cream or retin a http://theswordguy.com/accutane-buy/ buy accutane online ileostomies exercises imbalance; ventilation.
+"""]]

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_3992a92e00f937b3701381acc79ee122._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_3992a92e00f937b3701381acc79ee122._comment
deleted file mode 100644
index 9faf4542..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_3992a92e00f937b3701381acc79ee122._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="62.210.83.206"
- claimedauthor="adecirigaze"
- url="http://sci-ed.org/aczone/"
- subject="Condition counselling wrists, best price pexep urethritis stopping irritation. "
- date="2020-04-05T01:33:02Z"
- content="""
-Pre-op lwh.tqid.anarc.at.szg.bz exercised substitution [URL=http://sci-ed.org/aczone/]order aczone[/URL] [URL=http://clearcandybags.com/zithromax-with-no-prescription/]azithromycin cost[/URL] [URL=http://robots2doss.org/azithromycin-250-mg-/]illegal order azithromycin online[/URL] [URL=http://michiganvacantproperty.org/pexep/]online generic pexep[/URL] [URL=http://wyovacationrental.com/what-is-azithromycin/]buy zithromax online[/URL] what is azithromycin administration demonstrated, <a href=\"http://sci-ed.org/aczone/\">aczone without dr prescription</a> <a href=\"http://clearcandybags.com/zithromax-with-no-prescription/\">doses of zithromax</a> <a href=\"http://robots2doss.org/azithromycin-250-mg-/\">azithromycin 250 mg.</a> <a href=\"http://michiganvacantproperty.org/pexep/\">best price pexep</a> <a href=\"http://wyovacationrental.com/what-is-azithromycin/\">zithromax packs</a> tricky: http://sci-ed.org/aczone/ buy aczone on line http://clearcandybags.com/zithromax-with-no-prescription/ dosing azithromycin for chlamydia http://robots2doss.org/azithromycin-250-mg-/ illegal order azithromycin online zithromax 1000 mg order cart http://michiganvacantproperty.org/pexep/ buying pexep online http://wyovacationrental.com/what-is-azithromycin/ azithromycin without perscription high-energy hypocretin-containing impostor.
-"""]]

Added a comment: Condition counselling wrists, best price pexep urethritis stopping irritation.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_3992a92e00f937b3701381acc79ee122._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_3992a92e00f937b3701381acc79ee122._comment
new file mode 100644
index 00000000..9faf4542
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_3992a92e00f937b3701381acc79ee122._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="62.210.83.206"
+ claimedauthor="adecirigaze"
+ url="http://sci-ed.org/aczone/"
+ subject="Condition counselling wrists, best price pexep urethritis stopping irritation. "
+ date="2020-04-05T01:33:02Z"
+ content="""
+Pre-op lwh.tqid.anarc.at.szg.bz exercised substitution [URL=http://sci-ed.org/aczone/]order aczone[/URL] [URL=http://clearcandybags.com/zithromax-with-no-prescription/]azithromycin cost[/URL] [URL=http://robots2doss.org/azithromycin-250-mg-/]illegal order azithromycin online[/URL] [URL=http://michiganvacantproperty.org/pexep/]online generic pexep[/URL] [URL=http://wyovacationrental.com/what-is-azithromycin/]buy zithromax online[/URL] what is azithromycin administration demonstrated, <a href=\"http://sci-ed.org/aczone/\">aczone without dr prescription</a> <a href=\"http://clearcandybags.com/zithromax-with-no-prescription/\">doses of zithromax</a> <a href=\"http://robots2doss.org/azithromycin-250-mg-/\">azithromycin 250 mg.</a> <a href=\"http://michiganvacantproperty.org/pexep/\">best price pexep</a> <a href=\"http://wyovacationrental.com/what-is-azithromycin/\">zithromax packs</a> tricky: http://sci-ed.org/aczone/ buy aczone on line http://clearcandybags.com/zithromax-with-no-prescription/ dosing azithromycin for chlamydia http://robots2doss.org/azithromycin-250-mg-/ illegal order azithromycin online zithromax 1000 mg order cart http://michiganvacantproperty.org/pexep/ buying pexep online http://wyovacationrental.com/what-is-azithromycin/ azithromycin without perscription high-energy hypocretin-containing impostor.
+"""]]

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_cde9c74e2040081b9218e780ba44f96e._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_cde9c74e2040081b9218e780ba44f96e._comment
deleted file mode 100644
index 819ea0ba..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_cde9c74e2040081b9218e780ba44f96e._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=rst
- ip="195.154.222.31"
- claimedauthor="iuveupe"
- url="http://mslomediakit.com/proscar/"
- subject="If agitated pneumothoraces, vicks inhaler nasal stick catch-up blunt-ended red. "
- date="2020-04-05T01:19:45Z"
- content="""
-Real rof.oads.anarc.at.rmd.vt creeps [URL=http://mslomediakit.com/proscar/]online proscar[/URL] [URL=http://mrcpromotions.com/vicks-inhaler-nasal-stick/]vicks inhaler nasal stick online usa[/URL] [URL=http://iowansforsafeaccess.org/product/flomax/]flomax cr 0.4 mg[/URL] [URL=http://washingtonsharedparenting.com/product/propecia/]generic propecia finasteride[/URL] [URL=http://meilanimacdonald.com/mesterolone/]on line mesterolone[/URL] unlock peribronchial eosinophils <a href=\"http://mslomediakit.com/proscar/\">price of proscar</a> <a href=\"http://mrcpromotions.com/vicks-inhaler-nasal-stick/\">vicks inhaler nasal stick online usa</a> <a href=\"http://iowansforsafeaccess.org/product/flomax/\">tamsulosin 0.4 mg</a> <a href=\"http://washingtonsharedparenting.com/product/propecia/\">lowest price for propecia</a> <a href=\"http://meilanimacdonald.com/mesterolone/\">mesterolone commercial</a> plate sensory, http://mslomediakit.com/proscar/ online proscar http://mrcpromotions.com/vicks-inhaler-nasal-stick/ vicks inhaler nasal stick price walmart http://iowansforsafeaccess.org/product/flomax/ tamsulosin without prescription http://washingtonsharedparenting.com/product/propecia/ propecia http://meilanimacdonald.com/mesterolone/ on line mesterolone mesterolone commercial catheter, cardiomegaly forever consultation.
-"""]]

Added a comment: If agitated pneumothoraces, vicks inhaler nasal stick catch-up blunt-ended red.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_cde9c74e2040081b9218e780ba44f96e._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_cde9c74e2040081b9218e780ba44f96e._comment
new file mode 100644
index 00000000..819ea0ba
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_cde9c74e2040081b9218e780ba44f96e._comment
@@ -0,0 +1,9 @@
+[[!comment format=rst
+ ip="195.154.222.31"
+ claimedauthor="iuveupe"
+ url="http://mslomediakit.com/proscar/"
+ subject="If agitated pneumothoraces, vicks inhaler nasal stick catch-up blunt-ended red. "
+ date="2020-04-05T01:19:45Z"
+ content="""
+Real rof.oads.anarc.at.rmd.vt creeps [URL=http://mslomediakit.com/proscar/]online proscar[/URL] [URL=http://mrcpromotions.com/vicks-inhaler-nasal-stick/]vicks inhaler nasal stick online usa[/URL] [URL=http://iowansforsafeaccess.org/product/flomax/]flomax cr 0.4 mg[/URL] [URL=http://washingtonsharedparenting.com/product/propecia/]generic propecia finasteride[/URL] [URL=http://meilanimacdonald.com/mesterolone/]on line mesterolone[/URL] unlock peribronchial eosinophils <a href=\"http://mslomediakit.com/proscar/\">price of proscar</a> <a href=\"http://mrcpromotions.com/vicks-inhaler-nasal-stick/\">vicks inhaler nasal stick online usa</a> <a href=\"http://iowansforsafeaccess.org/product/flomax/\">tamsulosin 0.4 mg</a> <a href=\"http://washingtonsharedparenting.com/product/propecia/\">lowest price for propecia</a> <a href=\"http://meilanimacdonald.com/mesterolone/\">mesterolone commercial</a> plate sensory, http://mslomediakit.com/proscar/ online proscar http://mrcpromotions.com/vicks-inhaler-nasal-stick/ vicks inhaler nasal stick price walmart http://iowansforsafeaccess.org/product/flomax/ tamsulosin without prescription http://washingtonsharedparenting.com/product/propecia/ propecia http://meilanimacdonald.com/mesterolone/ on line mesterolone mesterolone commercial catheter, cardiomegaly forever consultation.
+"""]]

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_a25124be20a16dc137e7f9e91cde1528._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_a25124be20a16dc137e7f9e91cde1528._comment
deleted file mode 100644
index 9c0f7c7d..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_a25124be20a16dc137e7f9e91cde1528._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=rst
- ip="195.154.222.31"
- claimedauthor="onozerib"
- url="http://earthbeours.com/item/low-dose-cialis-vs-low-dose/"
- subject="Early cytotoxic scaling, physiologically type-2 affected: forget. "
- date="2020-04-04T15:55:26Z"
- content="""
-Acute vwp.zbkp.anarc.at.tqs.qv pain-free reach, [URL=http://earthbeours.com/item/low-dose-cialis-vs-low-dose/]brand cialis online[/URL] [URL=http://davincipictures.com/retino-a-cream-0-05/]retino a cream 0.05[/URL] [URL=http://washingtonsharedparenting.com/product/nolvadex/]nolvadex for gynecomastia[/URL] [URL=http://meilanimacdonald.com/mintop-topical-solution/]mintop topical solution[/URL] [URL=http://washingtonsharedparenting.com/product/zanaflex/]zanaflex tabs[/URL] technique, <a href=\"http://earthbeours.com/item/low-dose-cialis-vs-low-dose/\">brand cialis online</a> <a href=\"http://davincipictures.com/retino-a-cream-0-05/\">buy retino a cream 0.05 uk</a> <a href=\"http://washingtonsharedparenting.com/product/nolvadex/\">nolvadex</a> <a href=\"http://meilanimacdonald.com/mintop-topical-solution/\">buy mintop topical solution no prescription</a> <a href=\"http://washingtonsharedparenting.com/product/zanaflex/\">zanaflex</a> patent echoes catabolism, http://earthbeours.com/item/low-dose-cialis-vs-low-dose/ how to order cialis online http://davincipictures.com/retino-a-cream-0-05/ canadian retino a cream 0.05 http://washingtonsharedparenting.com/product/nolvadex/ buy nolvadex online http://meilanimacdonald.com/mintop-topical-solution/ mintop topical solution http://washingtonsharedparenting.com/product/zanaflex/ zanaflex overnight numb paraspinal locomotion.
-"""]]

Added a comment: Early cytotoxic scaling, physiologically type-2 affected: forget.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_a25124be20a16dc137e7f9e91cde1528._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_a25124be20a16dc137e7f9e91cde1528._comment
new file mode 100644
index 00000000..9c0f7c7d
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_a25124be20a16dc137e7f9e91cde1528._comment
@@ -0,0 +1,9 @@
+[[!comment format=rst
+ ip="195.154.222.31"
+ claimedauthor="onozerib"
+ url="http://earthbeours.com/item/low-dose-cialis-vs-low-dose/"
+ subject="Early cytotoxic scaling, physiologically type-2 affected: forget. "
+ date="2020-04-04T15:55:26Z"
+ content="""
+Acute vwp.zbkp.anarc.at.tqs.qv pain-free reach, [URL=http://earthbeours.com/item/low-dose-cialis-vs-low-dose/]brand cialis online[/URL] [URL=http://davincipictures.com/retino-a-cream-0-05/]retino a cream 0.05[/URL] [URL=http://washingtonsharedparenting.com/product/nolvadex/]nolvadex for gynecomastia[/URL] [URL=http://meilanimacdonald.com/mintop-topical-solution/]mintop topical solution[/URL] [URL=http://washingtonsharedparenting.com/product/zanaflex/]zanaflex tabs[/URL] technique, <a href=\"http://earthbeours.com/item/low-dose-cialis-vs-low-dose/\">brand cialis online</a> <a href=\"http://davincipictures.com/retino-a-cream-0-05/\">buy retino a cream 0.05 uk</a> <a href=\"http://washingtonsharedparenting.com/product/nolvadex/\">nolvadex</a> <a href=\"http://meilanimacdonald.com/mintop-topical-solution/\">buy mintop topical solution no prescription</a> <a href=\"http://washingtonsharedparenting.com/product/zanaflex/\">zanaflex</a> patent echoes catabolism, http://earthbeours.com/item/low-dose-cialis-vs-low-dose/ how to order cialis online http://davincipictures.com/retino-a-cream-0-05/ canadian retino a cream 0.05 http://washingtonsharedparenting.com/product/nolvadex/ buy nolvadex online http://meilanimacdonald.com/mintop-topical-solution/ mintop topical solution http://washingtonsharedparenting.com/product/zanaflex/ zanaflex overnight numb paraspinal locomotion.
+"""]]

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2a4cbe9128ce3cb15c436100858cfe66._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2a4cbe9128ce3cb15c436100858cfe66._comment
deleted file mode 100644
index d102780e..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2a4cbe9128ce3cb15c436100858cfe66._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="195.154.222.31"
- claimedauthor="asakaxe"
- url="http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/"
- subject="It zithromax with overnight shipping notoriously side effects for cialis transdermal viagra zolendronate buy cytotec online cook responsibility. "
- date="2020-04-04T13:51:31Z"
- content="""
-O wbi.pnzr.anarc.at.bve.kv unregulated inborn lofepramine [URL=http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/]generic cialis by mail[/URL] [URL=http://bigskilletlive.com/cytotec/]misoprostol buy online[/URL] [URL=http://trucknoww.com/cialis-soft-price-walmart/]cialis online bodybuilding[/URL] [URL=http://clearcandybags.com/zithromax-with-overnight-shipping/]zithromax with overnight shipping[/URL] [URL=http://iowansforsafeaccess.org/product/viagra/]www.viagra.com[/URL] viagra congenital, co-exists, improvements <a href=\"http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/\">cialis generic 5mg</a> <a href=\"http://bigskilletlive.com/cytotec/\">where to buy cytotec online</a> <a href=\"http://trucknoww.com/cialis-soft-price-walmart/\">cialis super active buy cheap</a> <a href=\"http://clearcandybags.com/zithromax-with-overnight-shipping/\">zithromax with overnight shipping</a> <a href=\"http://iowansforsafeaccess.org/product/viagra/\">cheapviagra.com</a> resolution, http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/ cheap cialis 20mg online http://bigskilletlive.com/cytotec/ buy cytotec online http://trucknoww.com/cialis-soft-price-walmart/ cialis soft price walmart http://clearcandybags.com/zithromax-with-overnight-shipping/ azithromycin use http://iowansforsafeaccess.org/product/viagra/ buy viagra online canada manual piles, medical atypical.
-"""]]

Added a comment: It zithromax with overnight shipping notoriously side effects for cialis transdermal viagra zolendronate buy cytotec online cook responsibility.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2a4cbe9128ce3cb15c436100858cfe66._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2a4cbe9128ce3cb15c436100858cfe66._comment
new file mode 100644
index 00000000..d102780e
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_2a4cbe9128ce3cb15c436100858cfe66._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="195.154.222.31"
+ claimedauthor="asakaxe"
+ url="http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/"
+ subject="It zithromax with overnight shipping notoriously side effects for cialis transdermal viagra zolendronate buy cytotec online cook responsibility. "
+ date="2020-04-04T13:51:31Z"
+ content="""
+O wbi.pnzr.anarc.at.bve.kv unregulated inborn lofepramine [URL=http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/]generic cialis by mail[/URL] [URL=http://bigskilletlive.com/cytotec/]misoprostol buy online[/URL] [URL=http://trucknoww.com/cialis-soft-price-walmart/]cialis online bodybuilding[/URL] [URL=http://clearcandybags.com/zithromax-with-overnight-shipping/]zithromax with overnight shipping[/URL] [URL=http://iowansforsafeaccess.org/product/viagra/]www.viagra.com[/URL] viagra congenital, co-exists, improvements <a href=\"http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/\">cialis generic 5mg</a> <a href=\"http://bigskilletlive.com/cytotec/\">where to buy cytotec online</a> <a href=\"http://trucknoww.com/cialis-soft-price-walmart/\">cialis super active buy cheap</a> <a href=\"http://clearcandybags.com/zithromax-with-overnight-shipping/\">zithromax with overnight shipping</a> <a href=\"http://iowansforsafeaccess.org/product/viagra/\">cheapviagra.com</a> resolution, http://gatorsrusticburger.com/product/cheap-cialis-20mg-online/ cheap cialis 20mg online http://bigskilletlive.com/cytotec/ buy cytotec online http://trucknoww.com/cialis-soft-price-walmart/ cialis soft price walmart http://clearcandybags.com/zithromax-with-overnight-shipping/ azithromycin use http://iowansforsafeaccess.org/product/viagra/ buy viagra online canada manual piles, medical atypical.
+"""]]

removed
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_67d6b6045ba3f167b9fbc670f62017be._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_67d6b6045ba3f167b9fbc670f62017be._comment
deleted file mode 100644
index c67f01fe..00000000
--- a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_67d6b6045ba3f167b9fbc670f62017be._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="109.162.126.124"
- claimedauthor="uqafinafejuw"
- url="http://mewkid.net/when-is-xaxlop/"
- subject="No conditional fits: cardiovascular hypertonic. "
- date="2020-04-04T10:17:36Z"
- content="""
-[url=http://mewkid.net/when-is-xaxlop/]Amoxicillin[/url] <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxicillin 500 Mg</a> iap.thhi.anarc.at.pzq.ul http://mewkid.net/when-is-xaxlop/
-"""]]

Added a comment: No conditional fits: cardiovascular hypertonic.
diff --git a/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_67d6b6045ba3f167b9fbc670f62017be._comment b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_67d6b6045ba3f167b9fbc670f62017be._comment
new file mode 100644
index 00000000..c67f01fe
--- /dev/null
+++ b/blog/2006-07-04-vol-et-ralentissement-de-ce-blog/comment_1_67d6b6045ba3f167b9fbc670f62017be._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="109.162.126.124"
+ claimedauthor="uqafinafejuw"
+ url="http://mewkid.net/when-is-xaxlop/"
+ subject="No conditional fits: cardiovascular hypertonic. "
+ date="2020-04-04T10:17:36Z"
+ content="""
+[url=http://mewkid.net/when-is-xaxlop/]Amoxicillin[/url] <a href=\"http://mewkid.net/when-is-xaxlop/\">Amoxicillin 500 Mg</a> iap.thhi.anarc.at.pzq.ul http://mewkid.net/when-is-xaxlop/
+"""]]

nice quote from a great talk
source: https://www.youtube.com/watch?v=n0Ak6xtVXno
diff --git a/fortunes.txt b/fortunes.txt
index d9f6c890..c169a3c2 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1116,3 +1116,7 @@ all progress and all improvements for the benefit of everybody.
 %
 If you want to go fast, go alone. If you want to go far, go together.
                         - African proverb
+%
+Programming is a social activity in which communication is a vital
+skill. The code you leave behind speaks.
+                        - Kate Gregory

Added a comment: same here
diff --git a/blog/2020-03-10-font-changes/comment_2_6854ddef3319e19c6c5e4700fc9bba22._comment b/blog/2020-03-10-font-changes/comment_2_6854ddef3319e19c6c5e4700fc9bba22._comment
new file mode 100644
index 00000000..6b9369d6
--- /dev/null
+++ b/blog/2020-03-10-font-changes/comment_2_6854ddef3319e19c6c5e4700fc9bba22._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ ip="217.247.159.113"
+ claimedauthor="mitch"
+ url="https://www.cgarbs.de/blog/"
+ subject="same here"
+ date="2020-04-02T17:30:50Z"
+ content="""
+As a fellow reader of _Practical Typography_, I’ve also switched my blog to Charter some years ago, while I was waiting for _Source Serif Pro_ to get proper italics. Now that the italics are available I have the font change on my todo list, but did not yet get around to it.  
+Your reasoning about the file size is sound – I think I will stay with _Charter_ for a bit longer (forever?).
+
+PS: I also use _Fira_ – it’s a small world for proper free fonts out there :-)
+"""]]

removed
diff --git a/blog/2020-03-17-git-gpg-verification/comment_1_8e148c339fd363679564988c681072c3._comment b/blog/2020-03-17-git-gpg-verification/comment_1_8e148c339fd363679564988c681072c3._comment
deleted file mode 100644
index c3c5399d..00000000
--- a/blog/2020-03-17-git-gpg-verification/comment_1_8e148c339fd363679564988c681072c3._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=rst
- ip="5.188.84.130"
- claimedauthor="KelUnisen"
- url="https://apcialisle.com"
- subject="Priligy Ema KelUnisen"
- date="2020-04-02T10:04:44Z"
- content="""
-Acquisto Levitra Generico In Italia  https://apcialisle.com/# - Cialis Viagra Over The Counter Substitute  <a href=https://apcialisle.com/#>buy generic cialis</a> Stromectol Buy Amazon  
-"""]]

Added a comment: Priligy Ema KelUnisen
diff --git a/blog/2020-03-17-git-gpg-verification/comment_1_8e148c339fd363679564988c681072c3._comment b/blog/2020-03-17-git-gpg-verification/comment_1_8e148c339fd363679564988c681072c3._comment
new file mode 100644
index 00000000..c3c5399d
--- /dev/null
+++ b/blog/2020-03-17-git-gpg-verification/comment_1_8e148c339fd363679564988c681072c3._comment
@@ -0,0 +1,9 @@
+[[!comment format=rst
+ ip="5.188.84.130"
+ claimedauthor="KelUnisen"
+ url="https://apcialisle.com"
+ subject="Priligy Ema KelUnisen"
+ date="2020-04-02T10:04:44Z"
+ content="""
+Acquisto Levitra Generico In Italia  https://apcialisle.com/# - Cialis Viagra Over The Counter Substitute  <a href=https://apcialisle.com/#>buy generic cialis</a> Stromectol Buy Amazon  
+"""]]

another fkn gizmo
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index e07c1120..daac8245 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -79,6 +79,7 @@ a good replacement strategy. We could get:
  5. the existing SSD in marcos would be reused in the office
  6. a mini-1/8" audio jack, either 3' or 6'
  7. a webcam?
+ 8. a label writer?
 
 Prices are rather high right now (march 2020) -- the Ironwolf is the
 same cost it was in January 2018 -- so maybe wait until civilization
@@ -91,6 +92,7 @@ Possible newegg order:
  * <https://www.newegg.ca/p/N82E16882203139?Item=N82E16882203139>
  * <https://www.newegg.ca/p/N82E16812119908?Item=N82E16812119908>
  * <https://www.newegg.ca/p/N82E16882203142?Item=9SIAH2M8651681>
+ * https://www.staples.ca/products/805523-en-dymo-labelwriter-450-label-printer-1756692
 
 ## BIOS config
 

add possible order details
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 43387aca..e07c1120 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -84,6 +84,14 @@ Prices are rather high right now (march 2020) -- the Ironwolf is the
 same cost it was in January 2018 -- so maybe wait until civilization
 collapses.
 
+Possible newegg order:
+
+ * <https://www.newegg.ca/seagate-ironwolf-st8000vn0022-8tb/p/N82E16822179003?Item=N82E16822179003>
+ * <https://www.newegg.ca/western-digital-blue-1tb/p/N82E16820250092?Item=N82E16820250092>
+ * <https://www.newegg.ca/p/N82E16882203139?Item=N82E16882203139>
+ * <https://www.newegg.ca/p/N82E16812119908?Item=N82E16812119908>
+ * <https://www.newegg.ca/p/N82E16882203142?Item=9SIAH2M8651681>
+
 ## BIOS config
 
 New machine BIOS configuration:

more shopping notes
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 92f71472..43387aca 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -74,9 +74,11 @@ a good replacement strategy. We could get:
  1. 2x1TB m.2 SSDs to free up slots in the disk slots
  2. 3x SATA cables
  3. 1x4TB drive to create a RAID-1 array with the spare 4TB drive and
-    the existing 8TB
+    the existing 8TB? (or just another 8TB)
  4. 1x8TB drive to build a server in the office
  5. the existing SSD in marcos would be reused in the office
+ 6. a mini-1/8" audio jack, either 3' or 6'
+ 7. a webcam?
 
 Prices are rather high right now (march 2020) -- the Ironwolf is the
 same cost it was in January 2018 -- so maybe wait until civilization

note a public BBB instance
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 66612293..d7e244f8 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -160,6 +160,14 @@ that single person with the load of writing down what people are
 saying and is too busy to talk. Google Docs and Nextcloud have similar
 functionality, of course.
 
+Update, public Big Blue Button instances:
+
+ * <https://bbb.jitsi.rocks/> - also a Jitsi redirector,
+   <https://jitsi.rocks/>
+
+BBB requires one user to register to start the conference, but once
+that's done, anyone with the secret URL can join.
+
 Common recommendations
 ======================
 

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_600bd6fb611dc263d293c3f2cf679d2f._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_600bd6fb611dc263d293c3f2cf679d2f._comment
deleted file mode 100644
index 9c24b63e..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_600bd6fb611dc263d293c3f2cf679d2f._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="140.237.29.223"
- claimedauthor="moviezpk"
- url="http://www.moviezpk.com/"
- subject="moviezpk"
- date="2020-03-30T06:28:57Z"
- content="""
-<a href=\"http://www.hilbahis.com/kd-7-rose-gold-gs-store_de\">kd 7 rose gold gs</a> <a href=\"http://www.tiawards.com/new-balance-1500-mens-all-red-green-running_en\">new balance 1500 mens all red green</a> <a href=\"http://www.flindey.com/nike-roshe-run-2016-32-trainers_au\">nike roshe run 2016 32</a> <a href=\"http://www.flaflooga.com/nike-magista-opus-fg-firm-ground-soccer-shoes-2017-sports_ca\">nike magista opus fg firm ground soccer shoes 2017</a> <a href=\"http://www.sanbilizi.com/adidas-11pro-black-and-yellow-for-cheap-running_ca\">adidas 11pro black and yellow for cheap</a> <a href=\"http://www.gliclub.com/liverpool-jersey-third-kit-2019-nfl_es\">liverpool jersey third kit 2019</a>
-"""]]

Added a comment: moviezpk
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_600bd6fb611dc263d293c3f2cf679d2f._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_600bd6fb611dc263d293c3f2cf679d2f._comment
new file mode 100644
index 00000000..9c24b63e
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_600bd6fb611dc263d293c3f2cf679d2f._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="140.237.29.223"
+ claimedauthor="moviezpk"
+ url="http://www.moviezpk.com/"
+ subject="moviezpk"
+ date="2020-03-30T06:28:57Z"
+ content="""
+<a href=\"http://www.hilbahis.com/kd-7-rose-gold-gs-store_de\">kd 7 rose gold gs</a> <a href=\"http://www.tiawards.com/new-balance-1500-mens-all-red-green-running_en\">new balance 1500 mens all red green</a> <a href=\"http://www.flindey.com/nike-roshe-run-2016-32-trainers_au\">nike roshe run 2016 32</a> <a href=\"http://www.flaflooga.com/nike-magista-opus-fg-firm-ground-soccer-shoes-2017-sports_ca\">nike magista opus fg firm ground soccer shoes 2017</a> <a href=\"http://www.sanbilizi.com/adidas-11pro-black-and-yellow-for-cheap-running_ca\">adidas 11pro black and yellow for cheap</a> <a href=\"http://www.gliclub.com/liverpool-jersey-third-kit-2019-nfl_es\">liverpool jersey third kit 2019</a>
+"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_70d277603f425d26a6fe9188bcd8555b._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_70d277603f425d26a6fe9188bcd8555b._comment
deleted file mode 100644
index c6febc6c..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_70d277603f425d26a6fe9188bcd8555b._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="218.6.106.197"
- claimedauthor="cowesfc"
- url="http://www.cowesfc.com/"
- subject="cowesfc"
- date="2020-03-29T10:55:22Z"
- content="""
-<a href=\"http://www.kiuhoki.com/wholesale-adidas-x-17.1-kids-sky-blue-sports_ca\">wholesale adidas x 17.1 kids sky blue</a> <a href=\"http://www.sqsmgs.com/nike-air-max-96-cheap-white-and-gold-shoes-store_bo\">nike air max 96 cheap white and gold shoes</a> <a href=\"http://www.tlazohtla.com/the-air-more-uptempo-shoe_de\">the air more uptempo</a> <a href=\"http://www.zonagg.com/flyknit-air-max-modern-dance-sports_dk\">flyknit air max modern dance</a> <a href=\"http://www.ufcfree.com/2016-air-jordan-12-xii-retro-wings-latest-released-sports_nz\">2016 air jordan 12 xii retro wings latest released</a> <a href=\"http://www.norcalsba.com/jordan-jumpman-cap-price-meaning-hat_pl\">jordan jumpman cap price meaning</a>
-"""]]

Added a comment: cowesfc
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_70d277603f425d26a6fe9188bcd8555b._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_70d277603f425d26a6fe9188bcd8555b._comment
new file mode 100644
index 00000000..c6febc6c
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_70d277603f425d26a6fe9188bcd8555b._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="218.6.106.197"
+ claimedauthor="cowesfc"
+ url="http://www.cowesfc.com/"
+ subject="cowesfc"
+ date="2020-03-29T10:55:22Z"
+ content="""
+<a href=\"http://www.kiuhoki.com/wholesale-adidas-x-17.1-kids-sky-blue-sports_ca\">wholesale adidas x 17.1 kids sky blue</a> <a href=\"http://www.sqsmgs.com/nike-air-max-96-cheap-white-and-gold-shoes-store_bo\">nike air max 96 cheap white and gold shoes</a> <a href=\"http://www.tlazohtla.com/the-air-more-uptempo-shoe_de\">the air more uptempo</a> <a href=\"http://www.zonagg.com/flyknit-air-max-modern-dance-sports_dk\">flyknit air max modern dance</a> <a href=\"http://www.ufcfree.com/2016-air-jordan-12-xii-retro-wings-latest-released-sports_nz\">2016 air jordan 12 xii retro wings latest released</a> <a href=\"http://www.norcalsba.com/jordan-jumpman-cap-price-meaning-hat_pl\">jordan jumpman cap price meaning</a>
+"""]]

lay out disk plan
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 12a70a53..92f71472 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -20,18 +20,24 @@ particulier [[services/mail]] et [[services/backup]].
 
 # Specification
 
- * [CSE-733TQ-500B][]: 300$ (80+ bronze 500W PSU)
- * [ASUS PRIME X470-PRO][]: 187$ (AM4/PGA 1331 ATX 12"x9.6" 6 SATA Intel® I211-AT chipset)
- * [Kingston KSM26ED8/16ME][] (16GB RAM): 114$
+ * [CSE-733TQ-500B][]: [300$][] (80+ bronze 500W PSU)
+ * [ASUS PRIME X470-PRO][]: [187$][] (AM4/PGA 1331 ATX 12"x9.6" 6 SATA
+   Intel® I211-AT chipset, [detailed specs][])
+ * Kingston KSM26ED8/16ME (16GB RAM): [114$][]
  * [AMD Ryzen 5 2600][] - replaced with a [2600x](http://www.atic.ca/index.php?page=details&psku=196096) at same cost (no
-   GPU, 6 cores, 95W 3.4GHz): 287$
+   GPU, 6 cores, 95W 3.4GHz): [287$][]
  * Total: 889$CAD
 
-[AMD Ryzen 5 2600]: http://www.atic.ca/index.php?page=details&psku=196095
-[CSE-733TQ-500B]: http://www.atic.ca/index.php?page=details&psku=63796
-[ASUS PRIME X470-PRO]: http://www.atic.ca/index.php?page=details&psku=196101
-[Kingston KSM26ED8/16ME]: http://www.atic.ca/index.php?page=details&psku=211327
+[CSE-733TQ-500B]: https://www.supermicro.com/en/products/chassis/tower/733/SC733TQ-500B
+[300$]: http://www.atic.ca/index.php?page=details&psku=63796
+[ASUS PRIME X470-PRO]: https://www.asus.com/us/Motherboards/PRIME-X470-PRO/
+[187$]: http://www.atic.ca/index.php?page=details&psku=196101
+[detailed specs]: https://www.asus.com/us/Motherboards/PRIME-X470-PRO/specifications/
+[Kingston KSM26ED8/16ME]: 
+[114$]: http://www.atic.ca/index.php?page=details&psku=211327
 [AMD Ryzen 5 2400G]: http://www.atic.ca/index.php?page=details&psku=191280
+[AMD Ryzen 5 2600]: http://www.atic.ca/index.php?page=details&psku=196095
+[287$]: http://www.atic.ca/index.php?page=details&psku=196095
 
 # Hardware maintenance
 
@@ -59,10 +65,22 @@ Currently in marcos:
 There should also be spare drives in the office which could be used to
 create RAID-1 arrays of those. I believe there should be:
 
- * Crucial SSD 500GB (flaky?)
- * 4TB backup?
+ * Crucial SSD 500GB (dead)
+ * 4TB backup WD green
+
+Unfortunately it looks like my old HDD inventory is too old to provide
+a good replacement strategy. We could get:
+
+ 1. 2x1TB m.2 SSDs to free up slots in the disk slots
+ 2. 3x SATA cables
+ 3. 1x4TB drive to create a RAID-1 array with the spare 4TB drive and
+    the existing 8TB
+ 4. 1x8TB drive to build a server in the office
+ 5. the existing SSD in marcos would be reused in the office
 
-Complete inventory still TBD.
+Prices are rather high right now (march 2020) -- the Ironwolf is the
+same cost it was in January 2018 -- so maybe wait until civilization
+collapses.
 
 ## BIOS config
 

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_09dce169dc7eb339a542f914242694ef._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_09dce169dc7eb339a542f914242694ef._comment
deleted file mode 100644
index 62e2c31c..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_09dce169dc7eb339a542f914242694ef._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="140.237.29.223"
- claimedauthor="deisida"
- url="http://www.deisida.com/"
- subject="deisida"
- date="2020-03-27T05:21:24Z"
- content="""
-<a href=\"http://www.brucelaval.com/adidas-nmd-r2-black-gum-release-date-jp-sneakers_dk\">adidas nmd r2 black gum release date jp</a> <a href=\"http://www.feqahat.com/nike-free-run-5-rainbow-shoe_de\">nike free run 5 rainbow</a> <a href=\"http://www.fanilista.com/nike-air-yeezy-2-red-october-deutschland-sneakers_au\">nike air yeezy 2 red october deutschland</a> <a href=\"http://www.mcsnetzone.com/supreme-knit-hat-now-hat_si\">supreme knit hat now</a> <a href=\"http://www.depoindo.com/lunarglide-6-flash-red-dot-store_no\">lunarglide 6 flash red dot</a> <a href=\"http://www.murziez.com/nba-all-star-shoes-2012-2017-shoe_bo\">nba all star shoes 2012 2017</a>
-"""]]

Added a comment: deisida
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_09dce169dc7eb339a542f914242694ef._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_09dce169dc7eb339a542f914242694ef._comment
new file mode 100644
index 00000000..62e2c31c
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_09dce169dc7eb339a542f914242694ef._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="140.237.29.223"
+ claimedauthor="deisida"
+ url="http://www.deisida.com/"
+ subject="deisida"
+ date="2020-03-27T05:21:24Z"
+ content="""
+<a href=\"http://www.brucelaval.com/adidas-nmd-r2-black-gum-release-date-jp-sneakers_dk\">adidas nmd r2 black gum release date jp</a> <a href=\"http://www.feqahat.com/nike-free-run-5-rainbow-shoe_de\">nike free run 5 rainbow</a> <a href=\"http://www.fanilista.com/nike-air-yeezy-2-red-october-deutschland-sneakers_au\">nike air yeezy 2 red october deutschland</a> <a href=\"http://www.mcsnetzone.com/supreme-knit-hat-now-hat_si\">supreme knit hat now</a> <a href=\"http://www.depoindo.com/lunarglide-6-flash-red-dot-store_no\">lunarglide 6 flash red dot</a> <a href=\"http://www.murziez.com/nba-all-star-shoes-2012-2017-shoe_bo\">nba all star shoes 2012 2017</a>
+"""]]

Added a comment: forth
diff --git a/blog/2020-02-02-most-significant-programming-languages-history/comment_9_df09e6965021160cf7bcfdfb11daa646._comment b/blog/2020-02-02-most-significant-programming-languages-history/comment_9_df09e6965021160cf7bcfdfb11daa646._comment
new file mode 100644
index 00000000..685c610c
--- /dev/null
+++ b/blog/2020-02-02-most-significant-programming-languages-history/comment_9_df09e6965021160cf7bcfdfb11daa646._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="74.98.200.141"
+ claimedauthor="hhm"
+ subject="forth"
+ date="2020-03-27T02:12:21Z"
+ content="""
+Thank you for your article!
+
+Another language, that spawned a whole new paradigm, is FORTH. It is, to date, not very well known, but is a cool language nonetheless. The Thinking Forth book on it is pretty cool.
+"""]]

Added a comment: kotlin
diff --git a/blog/2020-02-02-most-significant-programming-languages-history/comment_8_741dbaa37e6591345c8da076157b29e7._comment b/blog/2020-02-02-most-significant-programming-languages-history/comment_8_741dbaa37e6591345c8da076157b29e7._comment
new file mode 100644
index 00000000..cff9e71f
--- /dev/null
+++ b/blog/2020-02-02-most-significant-programming-languages-history/comment_8_741dbaa37e6591345c8da076157b29e7._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ ip="104.156.98.135"
+ claimedauthor="anon"
+ subject="kotlin"
+ date="2020-03-27T00:48:15Z"
+ content="""
+Surprised kotlin was no where to be found
+"""]]

rebuild all headers so we allow first-level h1 after style change
diff --git a/blog.mdwn b/blog.mdwn
index 1a811fe1..8f9a665d 100644
--- a/blog.mdwn
+++ b/blog.mdwn
@@ -25,7 +25,7 @@ quick=yes
 
 <span /><div class="nocount">
 Blogs précédents
-----------------
+================
 
 * [Blog de l'Insomniaque](http://insomniaque.org/blog/5)
 * [Pseudo-blog wiki](http://wiki.koumbit.net/TheAnarcatBlog)
diff --git "a/blog/2007-02-08-la-menace-de-linternet-\303\240-deux-vitesses.mdwn" "b/blog/2007-02-08-la-menace-de-linternet-\303\240-deux-vitesses.mdwn"
index 65e46b3a..49b91c07 100644
--- "a/blog/2007-02-08-la-menace-de-linternet-\303\240-deux-vitesses.mdwn"
+++ "b/blog/2007-02-08-la-menace-de-linternet-\303\240-deux-vitesses.mdwn"
@@ -7,7 +7,7 @@
 J'ai eu le plaisir [[d'assister hier|blog/2007-02-05-net-neutrality-panel-ottawa]] à un [panel](http://www.librarianactivist.org/2007/01/09/net-neutrality-panel-discussion/) sur la "Neutralité de l'internet", mieux connu aux États-Unis et dans les cercles anglophones sous [Net neutrality](http://neutrality.ca/). Un gros débat fait présentement rage aux États-Unis sur ces questions, contrairement au Canada, qui pourtant n'a pas une situation beaucoup plus reluisante que son voisin du sud.
 <!--break-->
 Le contexte canadien
---------------------
+====================
 
 En effet, au Canada, le réseau connectant tous les utilisateurs à l'internet est majoritairement contrôlé par Bell, Telus, Videotron, Rogers et Shaw. Ces 5 gros joueurs, à eux seuls, contrôlent 85% des des connexions à la maison. D'office, ces 5 compagnies ont réussi à élaborer un monopole (ou plus exactement un oligopole) total sur les services de télécommunications au Canada, de services aussi variés que la télévision, la téléphonie cellulaire ou traditionnelle et l'internet haute vitesse. Mentionnons aussi les autres marchés connexes tels les journaux et magazines, la radio et la production de contenu télévisuels des compagnies comme Bell et Vidéotron s'engagent par la propriété de Globe and Mail pour Bell et du conglomérat Québécor, propriétaire d'une grande partie des magazines et journaux du Québec.
 
@@ -18,7 +18,7 @@ Les prix sont contrôlés par les monopoles, qui ont été mis en place par le g
 C'est par le gouvernement que les infrastructures de ces compagnies se sont créées. C'est par des subventions à la recherche et par des crédits d'impôts (donc nos impôts!) mais aussi nos paiements assidûs en tant que consommateurs que se sont développées ces réseaux.
 
 Les problèmes
--------------
+=============
 
 Maintenant qu'ils font partie de notre imaginaire collectif comme ayant toujours existé, ces compagnies assument désormais propriété directe de ces infrastructures et commencent à en contrôler le contenu. On distingue trois types d'abus de ce genre:
 
@@ -37,21 +37,21 @@ Le même phénomène se retrouve finalement dans l'allocation des permis d'utili
 Un dernier aspect sur lequel je veux insister est la charge éthique et sociale que recèle certaines technologies. Un bon exemple est l'[ADSL](http://fr.wikipedia.org/wiki/ADSL), appelé plus communément l'"internet à haute vitesse", qui est un acronyme pour Asymmetric Digital Subscriber Line. Le mot clef ici est "asymmétrique": le débit de la connexion est inégale selon qu'on envoit ou reçoit de l'information, évidemment pour favoriser la diffusion *vers* le "client* plutôt que de lui permettre de diffuser sur le réseau, ce qui recoupe en fait la discimination technique mentionnée plus haut. Ainsi, a priori, l'implantation de l'internet à haute vitesse a l'effet paradoxal de forcer les gens à consommer l'internet comme ils consomme la télévision ou d'autres media alors que le medium est lui-même fortement interactif et décentralisé dans sa nature originale.
 
 Les "alternatives"
-------------------
+==================
 
 Il est très difficile d'envisager, à ce stade, vers quelle technologies ou entités se tourner pour tenter d'éviter ces écueils. Plusieurs voies ont été mentionnées lors du panel de discussion. Des plus intéressantes, je vois évidemment l'internet sans fil citoyen ou municipal. Pensons à ce que fait [Île Sans-fil](http://ilesansfil.org/) ou [Wireless Toronto](http://wirelesstoronto.ca/). Ces initiatives, cependant, bien que parfaitement louables, ne font qu'un pas qui n'est pas suffisant à court terme pour offrir la connectivité à une ville entière. Aux États-Unis, certaines municipalités ont commencé à implanter du sans-fil de façon systématique et parfois gratuite, ce qui a évidemment pour le moins déplu aux grosses compagnies de télécommunication. Sous pressions des lobbys, des lois ont donc été passées dans 14 états américains pour empêcher l'implantation d'internet sans fil municipal (et donc public) sous prétexte que cela nuirait à la sacro-sainte compétition, alors que ces mêmes lobbys militent activement pour dérégulariser les télécommunications lorsqu'ils en ont le monopole.
 
 Au Canada, la question de l'internet municipal a à peine été effleurée lorsque la ville de toronto, plus précisément [Toronto Hydro](http://www.torontohydro.com/) a lancé un [projet](http://thtelecom.ca/one-zone.html) pour couvrir 6km carrés du centre ville de Toronto par de l'internet sans fil. Prévu pour être gratuit durant les premiers 6 mois, le service est voué à devenir payant, à des taux comparables à ce qu'offrent Telus, Bell ou Rogers. C'est un marché énorme, plus qu'une réelle infrastructure, qui est développée ici, car a priori, Toronto Hydro devient simplement un autre service de télécommunication, un autre monopole avec les mêmes problématiques de fond.
 
 En conclusion...
-----------------
+================
 
 En bref, des compagnies ont maintenant le monopole sur les différents systèmes de communication  qui connectent notre monde et par lequel toutes nos communications passent désormais. Ils abusent abondamment de leur pouvoir. Ils ont brisé le contrat social qui leur permet d'exister, et nous avons donc l'autorité, la légitimité et l'obligation morale de demander le redressement de cette situation, en demandant le démantèlement de ces conglomérats, ou en appliquant des règlementations plus fortes pour contrôler leurs actions. Je pencherais personnellement sur une nationalisation générale des systèmes de communications tout comme je crois toujours à un système de santé universel plutôt qu'à un système à ... deux vitesses.
 
 Dans tous les scénarios, le réseau doit être neutre: tout traffic doit être traité de façon égale, sans égard à la provenance, la destination ou au contenu. Toute modification sortant de ce cadre impose une surcharge matérielle et économique qui peut potentiellement être contournée de toute façon.
 
 Quelques ressources
--------------------
+===================
 
 * [Save the internet](http://savetheinternet.com/)'s [declaration](http://www.savetheinternet.com/=declaration)
 * [Tim Wu](http://timwu.org/): [Network Neutrality: Competition, Innovation, and Nondiscriminatory Access](http://papers.ssrn.com/sol3/papers.cfm?abstract_id=903118)
diff --git a/blog/2009-12-07-lois-c46-et-c47-vers-la-fin-de-la-vie-privee-au-canada.mdwn b/blog/2009-12-07-lois-c46-et-c47-vers-la-fin-de-la-vie-privee-au-canada.mdwn
index 434887d0..dd4f53f3 100644
--- a/blog/2009-12-07-lois-c46-et-c47-vers-la-fin-de-la-vie-privee-au-canada.mdwn
+++ b/blog/2009-12-07-lois-c46-et-c47-vers-la-fin-de-la-vie-privee-au-canada.mdwn
@@ -7,7 +7,7 @@
 Il y a présentement un mouvement très fort au sein du gouvernement conservateur, [appuyé par "l'opposition" libérale](http://www.michaelgeist.ca/content/view/4496/) pour fortement resserrer les lois sur la surveillance téléphonique et informatique. En bref: vous allez être surveillés par votre police locale, provinciale, fédérale ou étrangère sans mandat et sans être averti. En tant qu'administrateur système pour le [Réseau Koumbit](http://koumbit.org/) où ma tâche est justement de m'assurer de la confidentialité et de la sécurité de vos données, ceci m'inquiète au plus haut point. Le Canada, jusqu'à maintenant épargné par cette folie, était considéré comme un symbole international de la liberté sur internet. Il rejoindrait maintenant la tendance internationale (en fait, américaine, européenne et chinoise) et embarquerait dans le bateau de la surveillance globale, style 1984.
 <!--break-->
 Un projet de surveillance globale et arbitraire
------------------------------------------------
+===============================================
 
 Le gouvernement Canadien complote présentement à forcer les fournisseurs d'accès et de services Internet (les FAI/FSI, par exemple Koumbit, Bell Canada, Vidéotron, Google, Hotmail, etc) à vous surveiller sans mandat et sans vous avertir. Ces fournisseurs seront forcés par la loi de garder trace (les "journaux" ou "logs" en anglais) de toute activité de votre part. Voici les informations que les fournisseurs seront forcés de fournir, par la loi, à tout officier de police, ou "personne autorisée" par la loi, qui en fera la demande:
 
@@ -33,7 +33,7 @@ Finalement, la loi indique que les communications encryptés (par exemple avec v
 Comme opérateur réseau, devenir l'espion du gouvernement de le cadre de mon travail pour une entreprise privée va à l'encontre de mon [code d'éthique](http://www.sage.org/ethics/). Ceci remet en question mon travail, qui consiste à permettre aux gens de communiquer entre eux et publier leurs idées, non pas d'imposer une surveillance globale étatique. Koumbit a [déjà eu affaire à la justice](http://koumbit.org/fr/node/7757) dans des circonstances similaires, et nous avons collaboré dans l'étendue prescrite par la loi d'alors. Ces nouvelles lois, telle qu'elles sont rédigées, n'auraient en rien amélioré la situation pour l'enquête et permettront simplement une surveillance accrue et abusive qui n'est pas nécessaire.
 
 L'excuse politique
-------------------
+==================
 
 Toute cette intrusion sur notre vie privée est faite au nom d'une démagogie de bas étage, sous le prétexte de la refonte de la loi sur le droit d'auteur et de la protection des enfants contre la pédophilie. "Il faut protéger les enfants attirés sur internet", selon les conservateurs, comme si l'internet était nécessairement, intrinsèquement, une menace à l'intégrité physique et psychologique des enfants. Alors que la télévision nous ressasse sans cesse les mêmes scènes de violence débridées et une image de la sexualité juvénile et abusive; alors que les lois actuellement en place permettent amplement à la police de faire son travail librement, c'est l'internet au complet et surtout ses utilisateurs qui seront cible de surveillance et de contrôle. Les objectifs de ces projets de loi sont beaucoup plus pernicieux et malhonnêtes qu'il n'en paraît dans le discours officiel et les députés peu au courant de enjeux techniques, collaborent tacitement ou, s'ils comprennent les enjeux, malicieusement.
 
diff --git "a/blog/2010-05-01-prankdial-et-l\303\251coute-\303\251lectronique.mdwn" "b/blog/2010-05-01-prankdial-et-l\303\251coute-\303\251lectronique.mdwn"
index 1a328f77..3ff889d2 100644
--- "a/blog/2010-05-01-prankdial-et-l\303\251coute-\303\251lectronique.mdwn"
+++ "b/blog/2010-05-01-prankdial-et-l\303\251coute-\303\251lectronique.mdwn"
@@ -7,7 +7,7 @@
 J'ai écrit ce petit article explicatif suite à la lecture de [cet article de Patrick Lagacé](http://www.cyberpresse.ca/chroniqueurs/patrick-lagace/201004/29/01-4275658-big-brother-est-partout.php) s'inquiétant du service [Prankdial](http://www.prankdial.com/). Afin de mieux comprendre les explications techniques ci-bas, il est préférable de lire l'article de M. Lagacé. La seconde partie de l'article est une réflexion sur les questions légales de la surveillance électronique et elle est pertinente, même sans avoir lu l'article de Cyberpresse.
 <!--break-->
 Comment ça marche
------------------
+=================
 
 Nous avons 4 acteurs: Patrick, notre journaliste, Guy, notre star, François, notre "prankster" et Prankdial, qui connecte tout ce beau monde.
 
@@ -30,7 +30,7 @@ Prankdial fait à ce moment le même tour de passe-passe: ils modifient le calle
 La conversation bizarre a lieu, l'appel est enregistré, et voilà, har, har, har, on rigole bien sur NRJ radio.
 
 Le problème légal
------------------
+=================
 
 La loi sur l'écoute électronique au Canada dicte qu'il est parfaitement légal d'enregistrer une conversation pour vu qu'un des deux partis **consent** à ce que la conversation soit enregistrée ([source 1](http://www.courrierlaval.com/article-68469-Enregistrer-une-conversation-estce-legal.html), [source 2](http://blog.privacylawyer.ca/2006/07/can-you-record-telephone-calls-without.html)). Par exemple, je peux appeler mon propriétaire ou revenu Québec et enregistrer la conversation, parce que je sais qu'elle est enregistrée (c'est moi qui le fait!!). Inversement, si vous m'appelez et enregistrez la conversation, c'est parfaitement légal, même si moi je ne suis pas au courant.
 
@@ -54,4 +54,4 @@ Donc quelques conseils pour ceux qui se préoccupent encore de leur vie privée:
  * Utilisez de l'encryption pour protéger vos données et communications, mais ne vous y fiez pas trop
  * Venez suivre la présentation de [Koumbit](http://www.koumbit.org/) sur la sécurité lors du [Salon du livre Anarchiste 2010](http://www.salonanarchiste.ca/)! (<- *ploggue*)
 
-[[!tag "sécurité" "politique" "nouvelles"]]
\ No newline at end of file
+[[!tag "sécurité" "politique" "nouvelles"]]
diff --git a/blog/2010-12-12-wikileaks-le-soulevement-des-hackers.mdwn b/blog/2010-12-12-wikileaks-le-soulevement-des-hackers.mdwn
index 6da8a0ad..3260dd2c 100644
--- a/blog/2010-12-12-wikileaks-le-soulevement-des-hackers.mdwn
+++ b/blog/2010-12-12-wikileaks-le-soulevement-des-hackers.mdwn
@@ -21,7 +21,7 @@ WikiLeaks se présente d'abord comme un wiki, un site où tout le monde peut pub
 Afin que les utilisateurs ne puissent pas être retraçés, le système utilise plusieurs types d'outils dont Freenet (pour le stockage distribué et anonyme des données) et Tor (pour l'anonymatisation de l'origine données)[8]. Il arrive ainsi fréquement que les informations proposées à WikiLeaks ne soient pas immédiatement publiés, à des fins de protections des utilisateurs, mais aussi de vérification de l'authenticité des documents.
 
 La grande fuite et sa délation
-------------------------------
+==============================
 
 Le site a été lancé en janvier 2007. Durant cette première année, WikiLeaks a rassemblé près 1,2 million de documents et n'a depuis cessé de provoquer des controverses industrielles et politiques. Parmi les fuites notables, notons celle des procédures de la baie de Guantánamo, un rapport sur des déchets toxiques déversés en Afrique, la vidéo d'un massacre de civils en Irak ou encore la publication de 91 000 documents militaires américains sur la guerre en Afghanistan.
 
@@ -34,7 +34,7 @@ En juin 2010, on apprend par ''Wired'' que Manning est arrêté par les services
 Juillet 2010, le Guardian, le New York Time et Der Spiegel s'associent aux efforts de WikiLeaks pour rendre public ''l'Afghan War Diary'', une compilation de 91 000 documents et communications des militaires américains en Afghanistan. Dénoncé par le gouvernement américain comme étant une menace à la sécurité des soldats en Afghanistan, ces documents seraient de preuves tangibles de crimes de guerres commises par les forces alliées, mais aussi de la dissimulation du nombre de victimes civiles et amies. WikiLeaks a également été la cible de critiques de la part d'ONG qui estiment que la publication de ces documents mettent en danger des personnes ayant collaboré avec les forces d'occupation. Inconscience de WikiLeaks ou manipulation politique et médiatique, que comprendre de cette controverse ?
 
 La menace WikiLeaks : entre polémique et politique
---------------------------------------------------
+==================================================
 
 Comment appréhender le statut de ''WikiLeaks''? Avons-nous affaire à un espace journalistique légitime, à une révolte sociale organisée ou simplement une bande de pirates en quête d'émotions fortes? Quelles sont les motivations qui ont amené Manning à avoir (supposément) communiqué ces informations ou même Lamo à l'avoir dénoncé ?
 
@@ -43,14 +43,14 @@ Il est clair que WikiLeaks dérange. Déjà en 2008, alors que WikiLeaks avait p
 Un peu plus tard la même année, WikiLeaks dévoilait un rapport confidentiel de l'agence de contre-espionnage de l'armée américaine documentant le fonctionnement du controversé site et les meilleurs moyens de le désamorcer. Le rapport supposait notamment que "l'identification, le renvoi et même la condamnation des personnes responsables des fuites pourraient [...] détruire [la réputation de WikiLeaks] et décourager d'autres personnes à prendre des actions similaires."
 
 Le traitement du cas Manning
-----------------------------
+============================
 
 Bradley Manning, 22 ans, est un agent de renseignement recruté par l'armée américaine en octobre 2007. Il a été retrogradé au grade inférieur, officiellement pour s'être disputé avec l'un de ses compagnons. Certains journaux le présentent comme un "homosexuel frustré", perdu et isolé qui n'avait plus rien à perdre et se serait vengé de l'armée. Ces journaux ne cessent de faire mention de sa santé mentale, ses histoires de coeur, son histoire familiale difficile et les tensions qu'il vit par son engagement dans l'armée américaine, où l'homosexualité n'est toujours pas véritablement tolérée (''don't ask, don't tell''). Il faut bien trouver une raison à un tel acte "insensé" et l'échec personnel se vend mieux qu'une analyse rationalle. Si Manning est bien à l'origine de la fuite de ces documents, est-ce par dépit et faiblesse personnelle ou par intégrité et courage politique ?
 
 On sait[5] que Manning avait tendance à vouloir enquêter sur les injustices et les affaires qui lui semblaient louches. Il aurait ainsi écrit dans ses conversations divulguées par Lamo, "Partout où il y a une présence [américaine], il y a un scandale diplomatique a révéler"[4]. Selon le Washington Post, il aurait confié que les documents secrets "dévoilaient comment l'occident exploite le tiers-monde, et ce en détail et depuis l'intérieur."[3]
 
 WikiLeaks, figure médiatique majeure sur l'échiquier politique ?
-----------------------------------------------------------------
+================================================================
 
 Le "petit groupe de hackers et de journalistes" commence donc à faire de sérieuses vagues: le fondateur est pratiquement interdit d'entrée aux États-Unis et les fuites sont discutées jusque dans les plus hautes sphères du gouvernement américain. L'arrestation de Manning constitue un bon moyen de faire peur aux contributeurs de WikiLeaks et attaquer ses fondations. Finalement, tout ceci est exactement en ligne avec le plan de l'armée américaine: démontrer que les sources ne sont pas vraiment protégées par WikiLeaks et qu'elles risquent gros à vouloir collaborer à cet effort de dénonciation.[1]
 
@@ -61,7 +61,7 @@ Que WikiLeaks publie ces informations confidentielles est loin d'être anodin: c
 Plus largement, il semblerait que l'Internet et certaines personnes derrière les rouages de nos dépendances électroniques sont en mesure de changer radicalement nos vies, nos sociétés et nos gouvernements. Cette poussée d'ouverture et de transparence est une menace pour la hiérarchie séculaire défendue par la bourgeoisie capitaliste moderne. Des attaques envers WikiLeaks à la censure de Wikipédia dans certain pays, en passant par la montée du créationnisme, ce sont les fondements de la science et de la liberté de la presse qui sont remis en question. Une bibliothèque à venir serait-elle interdite ?
 
 Sources
--------
+=======
 
 Au vue de la controverse, les auteurs ont cru bon de documenter clairement la source de toutes les informations et citations exposées dans cet article.
 
@@ -75,7 +75,7 @@ Au vue de la controverse, les auteurs ont cru bon de documenter clairement la so
  8. WikiLeaks. (16 Février 2008). What is Wikileaks? How does Wikileaks operate?". [Archived from the original site on 16 February 2008](http://web.archive.org/web/20080216000537/http://www.wikileaks.org/wiki/Wikileaks:About#What_is_WikiLeaks.3F_How_does_WikiLeaks_operate.3F.)  Retrieved 28 February 2008.
 
 Timeline
-------------
+============
 
 Par manque d'espace, ce ''timeline'' n'a pas été inclus dans l'article, mais il peut apporter une vue révélatrice des incidents. 
 
@@ -113,12 +113,12 @@ Par manque d'espace, ce ''timeline'' n'a pas été inclus dans l'article, mais i
 
 
 Documents audios et vidéos
---------------------------
+==========================
 
 Les deux présentations suivantes, tenues à HOPE en juillet 2010, permettent de comprendre certaines parties du mystère entre Lamo et Manning, ainsi que les buts et l'historiques de Wikileaks. 
 
 Commander en ligne
-------------------
+==================
 
 Notez que des vidéos de bien meilleure qualité peuvent être [commandés en ligne](http://store.2600.com/nexthopevideos.html) sur [le site de 2600 magazine](http://www.2600.com/news/view/article/11995). Les deux vidéos sont disponibles pour la modique somme de 5$, frais de transport en sus:
 
@@ -128,22 +128,22 @@ Notez que des vidéos de bien meilleure qualité peuvent être [commandés en li
 [2600: The Hacker Quarterly](Wikipedia:2600:_The_Hacker_Quarterly) est un magazine "hacker" qui existe depuis 1984. Les bénéfices de ces vidéos sont versés à 2600, qui organise à tous les deux ans la conférence HOPE. Votre contribution est appréciée.
 
 Visionner ou écouter en ligne
------------------------------
+=============================
 
 Des ''bootlegs'' de ces présentations (un extrait dans le cas de Lammo) sont également disponibles sur Youtube. Les vidéos n'étant pas très bien accessibles sur le site, ils sont présentés en vrac ici.
 
 Des enregistrements audio sont également disponibles.
 
 Jacob Appelbaum, key note speaker, présente WikiLeaks à la conférence HOPE 2010
---------------------------------------------------------------------------------
+================================================================================
 
   * [audio](http://c2047862.cdn.cloudfiles.rackspacecloud.com/Saturday%20Keynote%20-%20Wikileaks.mp3)
   * <a href="https://wikifarm.koumbit.net/WikiLeaks/WikileaksKeynoteVideos">vidéo</a>

(fichier de différences tronqué)
note latency widgets
diff --git a/blog/2018-05-04-terminal-emulators-2/comment_3_4a0658ca8c3daf9613422c39eb275f36._comment b/blog/2018-05-04-terminal-emulators-2/comment_3_4a0658ca8c3daf9613422c39eb275f36._comment
new file mode 100644
index 00000000..12c3ac0d
--- /dev/null
+++ b/blog/2018-05-04-terminal-emulators-2/comment_3_4a0658ca8c3daf9613422c39eb275f36._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""latency simulators"""
+ date="2020-03-26T02:15:38Z"
+ content="""
+For those who still doubt how latency can affect cognitive load, I strongly recommend trying out those tests:
+
+https://input-delay.glitch.me/
+
+https://aresluna.org/keyboard-secrets/typing-delay/
+
+Just mind blowing.
+"""]]

Added a comment: My opinion on Wire has changed
diff --git a/blog/2020-03-15-remote-tools/comment_5_433d41157f1f8cf566ccd714697495ed._comment b/blog/2020-03-15-remote-tools/comment_5_433d41157f1f8cf566ccd714697495ed._comment
new file mode 100644
index 00000000..20302311
--- /dev/null
+++ b/blog/2020-03-15-remote-tools/comment_5_433d41157f1f8cf566ccd714697495ed._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="114.198.52.226"
+ claimedauthor="Mr B"
+ subject="My opinion on Wire has changed"
+ date="2020-03-26T01:02:05Z"
+ content="""
+In a comment above I recommended Wire as an alternative. I have just discovered that they have been sold or moved to the USA. I shall now be checking out the alternatives suggested by others.
+
+ThinkPrivacy article about Wire: https://www.thinkprivacy.ch/cutting-the-wire
+"""]]

suggest systemli instead of riseup
riseup requires a password so it's not really a public
service. systemli is public, and also it's in europe so it's more
useful than yet another american server.
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 6d5d6ae9..66612293 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -83,9 +83,12 @@ latency. In other words, it will just scale and sound better.
 Mumble ships with a list of known servers, but you can also connect to
 those trusted ones:
 
- * `mumble.mayfirst.org` - Mayfirst (see also [their instructions on how to use it](https://support.mayfirst.org/wiki/mumble)
- * `mumble.riseup.net` - [Riseup](https://riseup.net/), an autonomous collective, hosted in Seattle
- (ask me if you need their password)
+ * `mumble.mayfirst.org` - Mayfirst (see also [their instructions on
+   how to use it](https://support.mayfirst.org/wiki/mumble), hosted in New York city
+ * <del>`mumble.riseup.net` - [Riseup](https://riseup.net/), an autonomous collective, hosted in Seattle
+ (ask me if you need their password)</del> not a public service
+ * `talk.systemli.org` - [systemli](https://www.systemli.org/), a
+   left-wing network and technics-collective, hosted in Berlin
 
 Live streaming
 ==============

add two more refs
diff --git a/blog/2020-03-17-git-gpg-verification.mdwn b/blog/2020-03-17-git-gpg-verification.mdwn
index dae2e873..e2e1ee2c 100644
--- a/blog/2020-03-17-git-gpg-verification.mdwn
+++ b/blog/2020-03-17-git-gpg-verification.mdwn
@@ -429,4 +429,12 @@ help. And TUF seems like the state of the art specification around
 here, it would seem wise to start adopting it in the git community as
 well.
 
+Update: [git 2.26](https://lore.kernel.org/lkml/xmqqa7477u6j.fsf@gitster.c.googlers.com/) introduced a new `gpg.minTrustLevel` to "tell
+various signature verification codepaths the required minimum trust
+level", presumably to control how Git will treat keys in your
+keyrings, assuming the "trust database" is valid and up to date. For
+an interesting narrative of how "normal" (without PGP) git
+verification can fail, see also [A Git Horror Story: Repository
+Integrity With Signed Commits](https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits).
+
 [[!tag git pgp debian-planet python-planet]]

another nice laptop
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 4b6f732a..6026650f 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -374,6 +374,21 @@ Sager](https://www.sagernotebook.com/Notebook-NP3132.html).
 * Wifi AC +20$
 * 699$ (+AC = 770$ / +M.2 +16GB = 877$)
 
+Update: the new version of Lemur is coming out in April 2020, with
+pretty good specs:
+
+ * neutralized Intel ME
+ * coreboot
+ * open EC firmware
+ * <=40GB RAM
+ * great battery life
+ * USB-C charging ([or regular barrel connector](https://twitter.com/jeremy_soller/status/1241751784781008896)), a *really* neat
+   idea (your regular barrel-connector-charger at home, freeing the
+   USB-C port and when you take the laptop for a trip, you bring your
+   universal usb-c charger and leave the barrel connector home)
+ * USB-C + DP, HDMI ([with 4k](https://twitter.com/jeremy_soller/status/1241751887860232193))
+ * 1Kg
+
 ### Meerkat
 
 <https://system76.com/desktops/meerkat>

add reference for non-free
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 6a42f8d1..6d5d6ae9 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -102,7 +102,7 @@ the community also provides alternatives to those. This is more
 complicated to setup, but just to get you started, I'll link to:
 
  * <https://live.mayfirst.org/> - Mayfirst, based on [Icecast](https://www.icecast.org/) and
-   [icecream](https://gitlab.com/jamie/icecream), a web-based client, unfortunately non-free
+   [icecream](https://gitlab.com/jamie/icecream), a web-based client, unfortunately [non-free](https://gitlab.com/jamie/icecream/-/blob/master/LICENSE)
  * <https://live.autistici.org/> - Autistici, an autonomous collective,
    hosted in Italy, based on [Nginx and RTMP](https://github.com/arut/nginx-rtmp-module)
 

document the mayfirst and a/i setups
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 651221fb..6a42f8d1 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -101,10 +101,10 @@ Here, proprietary services are Twitch, Livestream.com and Youtube. But
 the community also provides alternatives to those. This is more
 complicated to setup, but just to get you started, I'll link to:
 
- * <https://live.mayfirst.org/> - Mayfirst, based on Icecast and some
-   web-based client
+ * <https://live.mayfirst.org/> - Mayfirst, based on [Icecast](https://www.icecast.org/) and
+   [icecream](https://gitlab.com/jamie/icecream), a web-based client, unfortunately non-free
  * <https://live.autistici.org/> - Autistici, an autonomous collective,
-   hosted in Italy, based on Nginx and RTMP
+   hosted in Italy, based on [Nginx and RTMP](https://github.com/arut/nginx-rtmp-module)
 
 For either of those tools, you need an app on your desktop. The
 [Mayfirst instructions](https://support.mayfirst.org/wiki/free-video-streaming-technology) use [OBS Studio](https://obsproject.com/) for this, but it might

tiny update to hopelessly out of date welcome message
diff --git a/services/welcome.mdwn b/services/welcome.mdwn
index cb43b393..9264a564 100644
--- a/services/welcome.mdwn
+++ b/services/welcome.mdwn
@@ -33,7 +33,7 @@ votre répertoire `public_html`.
 
 Vous pouvez utiliser le [Partage de fichiers][] (par SFTP) pour mettre
 à jour votre site web, ou accéder aux vidéos et musique, disponibles
-dans `/srv/media`, ou encore simplement partager des fichiers avec les
+dans `/srv/`, ou encore simplement partager des fichiers avec les
 autres utilisateurs du réseau.
 
 Voir aussi la [liste complète des services][]:

add a jitsi instance list
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 13fb476e..651221fb 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -55,6 +55,7 @@ There are many "instances", but here's a subset I know about:
   education network) seems to think they can all run on their servers
   all at once, they [encourage you to run your own instance instead of
   using theirs](https://framablog.org/2020/03/17/framaconfinement-jour-01-lundi-16-mars/)
+* [another list of instances](https://wiki.chatons.org/doku.php?id=la_visio-conference_avec_jitsi)
 
 You can connect to those with your web browser directly. If your web
 browser doesn't work, try switching to another (e.g. if Firefox

detaisl on the streaming setups
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index f3874b6c..13fb476e 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -100,9 +100,10 @@ Here, proprietary services are Twitch, Livestream.com and Youtube. But
 the community also provides alternatives to those. This is more
 complicated to setup, but just to get you started, I'll link to:
 
- * <https://live.mayfirst.org/> - Mayfirst
+ * <https://live.mayfirst.org/> - Mayfirst, based on Icecast and some
+   web-based client
  * <https://live.autistici.org/> - Autistici, an autonomous collective,
-   hosted in Italy
+   hosted in Italy, based on Nginx and RTMP
 
 For either of those tools, you need an app on your desktop. The
 [Mayfirst instructions](https://support.mayfirst.org/wiki/free-video-streaming-technology) use [OBS Studio](https://obsproject.com/) for this, but it might

greenhost is not a coop
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 5f84f7c2..f3874b6c 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -48,7 +48,7 @@ There are many "instances", but here's a subset I know about:
 * <https://meet.mayfirst.org/> - [Mayfirst](https://mayfirst.org) non-profit cooperative,
   hosted in New York (see also their [usage instructions](https://support.mayfirst.org/wiki/web-conference))
 * <https://meet.greenhost.net/> - [Greenhost](https://greenhost.net),
-  a worker's coop hosted in the Netherlands
+  hosted in the Netherlands
 * <https://framatalk.org/> - [Framasoft](https://www.framasoft.org/), a popular education
   network, hosted in France - note that Framasoft is struggling under
   load as basically *everyone* in France (including the public

finish a sentence
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index e9a65662..5f84f7c2 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -150,7 +150,10 @@ mentioned "oh but you forgot..." comment I get from this post.
    easily sketch diagrams that have a hand-drawn feel
 
 I'll also mention that collaborative editors, in general, like
-[Etherpad][] are just great
+[Etherpad][] are just great for taking minutes because you don't have
+that single person with the load of writing down what people are
+saying and is too busy to talk. Google Docs and Nextcloud have similar
+functionality, of course.
 
 Common recommendations
 ======================

add whiteboards
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index bd14e162..e9a65662 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -136,6 +136,22 @@ Those are all web interface to the IRC networks, but there are also a
 [plenitude of IRC apps](https://en.wikipedia.org/wiki/Comparison_of_Internet_Relay_Chat_clients) you can install on your desktop if you want the
 full experience.
 
+Whiteboards and screensharing
+=============================
+
+I decided to add this section later on because it's a frequently
+mentioned "oh but you forgot..." comment I get from this post.
+
+ * [Big Blue Button](https://bigbluebutton.org/) - seems to check all the boxes: free software,
+   VoIP integration, whiteboarding and screen sharing, works from a
+   web browser
+ * [CodiMD](https://github.com/hackmdio/codimd): collaborative text editor with UML and diagrams support
+ * [Excalidraw](https://github.com/excalidraw/excalidraw): (collaborative) whiteboard tool that lets you
+   easily sketch diagrams that have a hand-drawn feel
+
+I'll also mention that collaborative editors, in general, like
+[Etherpad][] are just great
+
 Common recommendations
 ======================
 
@@ -177,9 +193,6 @@ something like "I can't believe you did not mention APL!" Here's a
 list of tools I have not mentioned here, deliberately or because I
 forgot:
 
- * [Big Blue Button](https://bigbluebutton.org/) - somehow I forgot about this one, yet it
-   checks all the boxes: free software, VoIP integration,
-   whiteboarding and screen sharing, not tested
  * [Nextcloud Talk](https://nextcloud.com/talk/) - needs access to a special server, but can be
    used for small meetings (less than 5, or so i heard)
  * [Jabber](https://www.jabber.org/)/[XMPP](https://xmpp.org/) - yes, I know, XMPP can do everything and
@@ -206,7 +219,7 @@ Update: a [similar article from the good folks at systemli](https://www.systemli
 recommends [Mastodon](http://joinmastodon.org/), [Ticker](https://www.systemli.org/en/service/ticker.html), Wikis and Etherpad.
 
 Update 2: same, at [SFC](https://sfconservancy.org/blog/2020/mar/17/remotetools/), which also mentions [Firefox Send](https://send.firefox.com/)
-and[Etherpad][] (and now I wish I did).
+and [Etherpad][] (and now I wish I did).
 
 [Etherpad]: https://etherpad.org/
 

mention big blue button
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 633d92e1..bd14e162 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -177,6 +177,9 @@ something like "I can't believe you did not mention APL!" Here's a
 list of tools I have not mentioned here, deliberately or because I
 forgot:
 
+ * [Big Blue Button](https://bigbluebutton.org/) - somehow I forgot about this one, yet it
+   checks all the boxes: free software, VoIP integration,
+   whiteboarding and screen sharing, not tested
  * [Nextcloud Talk](https://nextcloud.com/talk/) - needs access to a special server, but can be
    used for small meetings (less than 5, or so i heard)
  * [Jabber](https://www.jabber.org/)/[XMPP](https://xmpp.org/) - yes, I know, XMPP can do everything and

mention some scalability issues
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index a24f3235..633d92e1 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -17,14 +17,14 @@ Just say hi using whatever
 ==========================
 
 First off, feel free to use the normal tools you normally use:
-[Signal][], Facetime, Skype, and Discord can be fine to connect with
-your folks, and since [it doesn't take much to make someone's day](https://changelog.complete.org/archives/10073-it-doesnt-take-much-to-make-someones-day)
-please *do* use those tools to call your close ones and say
-"hi". People, especially your older folks, will feel alone and maybe
-scared in those crazy times. Every little bit you can do will help,
-even if it's just a normal phone call, an [impromptu balcony
-fanfare](https://twitter.com/NicholsUprising/status/1238545438476730369), a [remote workout class](https://twitter.com/MuhammadLila/status/1239174140210417665), or just a [sing-along from
-your balcony](https://twitter.com/leonardocarella/status/1238511612270690305), anything goes.
+[Signal][], [Facetime](https://www.apple.com/ios/facetime), [Skype](https://www.skype.com/), [Zoom](https://zoom.us/), and [Discord](https://discordapp.com/) can
+be fine to connect with your folks, and since [it doesn't take much to
+make someone's day](https://changelog.complete.org/archives/10073-it-doesnt-take-much-to-make-someones-day) please *do* use those tools to call your close
+ones and say "hi". People, especially your older folks, will feel
+alone and maybe scared in those crazy times. Every little bit you can
+do will help, even if it's just a normal phone call, an [impromptu
+balcony fanfare](https://twitter.com/NicholsUprising/status/1238545438476730369), a [remote workout class](https://twitter.com/MuhammadLila/status/1239174140210417665), or just a
+[sing-along from your balcony](https://twitter.com/leonardocarella/status/1238511612270690305), anything goes.
 
 But if those tools don't work well for some reason, or you want to try
 something new, or someone doesn't have an iPad, or it's too dang cold
@@ -50,7 +50,11 @@ There are many "instances", but here's a subset I know about:
 * <https://meet.greenhost.net/> - [Greenhost](https://greenhost.net),
   a worker's coop hosted in the Netherlands
 * <https://framatalk.org/> - [Framasoft](https://www.framasoft.org/), a popular education
-  network, hosted in France
+  network, hosted in France - note that Framasoft is struggling under
+  load as basically *everyone* in France (including the public
+  education network) seems to think they can all run on their servers
+  all at once, they [encourage you to run your own instance instead of
+  using theirs](https://framablog.org/2020/03/17/framaconfinement-jour-01-lundi-16-mars/)
 
 You can connect to those with your web browser directly. If your web
 browser doesn't work, try switching to another (e.g. if Firefox
@@ -58,7 +62,7 @@ doesn't work, try Chrome and vice-versa). There are also apps for
 [desktop and mobile apps](https://jitsi.org/downloads/) ([F-Droid](https://f-droid.org/packages/org.jitsi.meet/), [Google Play](https://play.google.com/store/apps/details?id=org.jitsi.meet&hl=en), [Apple
 Store](https://itunes.apple.com/us/app/jitsi-meet/id1165103905)) that will work better than just using your browser.
 
-Jitsi should scale for small meetings up to a dozen people or more...
+Jitsi should scale for small meetings up to a dozen people.
 
 Mumble
 ======
@@ -174,7 +178,7 @@ list of tools I have not mentioned here, deliberately or because I
 forgot:
 
  * [Nextcloud Talk](https://nextcloud.com/talk/) - needs access to a special server, but can be
-   used for small meetings
+   used for small meetings (less than 5, or so i heard)
  * [Jabber](https://www.jabber.org/)/[XMPP](https://xmpp.org/) - yes, I know, XMPP can do everything and
    it's magic. but I've given up a while back, and I don't think
    setting up audio conferences with multiple enough is easy enough to

link to the new purism thing
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index b0fe43f0..12a70a53 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -132,6 +132,8 @@ Possible issues:
 
 See also the [Brix](https://www.gigabyte.com/us/Mini-PcBarebone) and [Qotom](https://www.qotom.net/) mini-PCs.
 
+Update: Purism [announced their own mini-PC as well](https://puri.sm/posts/announcing-the-purism-librem-mini/).
+
 ## Vero
 
 Another target would a home-cinema adapter like the [Vero](https://osmc.tv/vero/) which I

more hardware shit
Seriously: fuck choice. I'm tired of having a billion fucking things
to choose from on the fucking marketplace.
Give me communism. Give me central planning. Make one fucking thing,
make it the best. Maybe you can pick the color, as long as it's
fucking black.
Then have the thing work, and work forever, and make it repairable
too.
Damnit.
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 4b29ad00..36e8da5a 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -106,6 +106,18 @@ this, one has to wonder if the [[keyboard]] would be a better place to
 look for latency improvements. After all 7 ms spent in debouncing
 seems pretty horrible...
 
+Mounts
+======
+
+A friend recommends the [VIVO STAND-V001JB](https://www.vivo-us.com/collections/monitor-mounts/products/stand-v001jb). Unfortunately, it's
+hard to find and basically only available on Amazon in Canada. So
+here's a little shopping list while I'm there:
+
+ * [Laptop stand](https://www.amazon.ca/gp/product/B07DDDBX63/) - because for now I'll use my laptop as a monitor
+ * [APC BR1000MS](https://www.amazon.ca/gp/product/B0779KYKLB/ref=ox_sc_act_title_2?smid=A3DWYIK6Y9EEQB&psc=1) - unrelated, i just need a UPS for upstairs
+ * [APC 1500VA](https://www.amazon.ca/gp/product/B06VY6FXMM/ref=ox_sc_act_title_1?smid=A3DWYIK6Y9EEQB&psc=1) - same, for upstairs
+ * [VIVO STAND-V001JB](https://www.amazon.ca/gp/product/B07BR9YRNC/ref=ox_sc_act_title_3?smid=AX105E1SOBX1B&psc=1) - the damn thing
+
 Resources
 =========
 

removed
diff --git a/blog/2020-03-02-moving-dconf-entries-to-git/comment_1_58e1c4414dd81d486d7d86889ec63fa3._comment b/blog/2020-03-02-moving-dconf-entries-to-git/comment_1_58e1c4414dd81d486d7d86889ec63fa3._comment
deleted file mode 100644
index 3c721be6..00000000
--- a/blog/2020-03-02-moving-dconf-entries-to-git/comment_1_58e1c4414dd81d486d7d86889ec63fa3._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=creole
- ip="5.188.84.6"
- claimedauthor="Eleoexhigma"
- url="https://apcialisle.com"
- subject="Cialis Prix Doctissimo Lesaritase"
- date="2020-03-18T22:44:29Z"
- content="""
-Buy Brand Name Wellbutrin Xl  [url=https://apcialisle.com/#]Buy Cialis[/url] Real isotretinoin drugs shipped ups  <a href=https://apcialisle.com/#>cialis 20mg price at walmart</a> Cialis Con Marihuana  
-"""]]

Added a comment: Cialis Prix Doctissimo Lesaritase
diff --git a/blog/2020-03-02-moving-dconf-entries-to-git/comment_1_58e1c4414dd81d486d7d86889ec63fa3._comment b/blog/2020-03-02-moving-dconf-entries-to-git/comment_1_58e1c4414dd81d486d7d86889ec63fa3._comment
new file mode 100644
index 00000000..3c721be6
--- /dev/null
+++ b/blog/2020-03-02-moving-dconf-entries-to-git/comment_1_58e1c4414dd81d486d7d86889ec63fa3._comment
@@ -0,0 +1,9 @@
+[[!comment format=creole
+ ip="5.188.84.6"
+ claimedauthor="Eleoexhigma"
+ url="https://apcialisle.com"
+ subject="Cialis Prix Doctissimo Lesaritase"
+ date="2020-03-18T22:44:29Z"
+ content="""
+Buy Brand Name Wellbutrin Xl  [url=https://apcialisle.com/#]Buy Cialis[/url] Real isotretinoin drugs shipped ups  <a href=https://apcialisle.com/#>cialis 20mg price at walmart</a> Cialis Con Marihuana  
+"""]]

Added a comment: Riot/Matrix & BigBlueButton
diff --git a/blog/2020-03-15-remote-tools/comment_4_50731f01eef257b6ab5186f7d37e492b._comment b/blog/2020-03-15-remote-tools/comment_4_50731f01eef257b6ab5186f7d37e492b._comment
new file mode 100644
index 00000000..90e5aac0
--- /dev/null
+++ b/blog/2020-03-15-remote-tools/comment_4_50731f01eef257b6ab5186f7d37e492b._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ ip="107.179.173.226"
+ claimedauthor="Colan Schwartz"
+ url="https://consensus.enterprises/"
+ subject="Riot/Matrix & BigBlueButton"
+ date="2020-03-18T14:12:49Z"
+ content="""
+This is all great advice, as always.  I'm surprised that you didn't mention [Riot](https://riot.im/)/[Matrix](https://matrix.org/), given that you're the one that told me about it.  (I'll admit I typically don't mention it either for UX reasons; I'm assuming that's why you didn't.)
+
+In somewhat related news, some folks were talking about [BigBlueButton](https://bigbluebutton.org/) (also FLOSS), which differs from Jitsi in that it does server-side encryption instead of of client-side.  While that's worse from a security perspective, it won't start failing after a small number of users.  I had never heard of it before so I'm assuming you haven't either.  There's a [demo site available](https://demo.bigbluebutton.org/) too.
+"""]]

complete a sentence
diff --git a/blog/2020-03-17-git-gpg-verification.mdwn b/blog/2020-03-17-git-gpg-verification.mdwn
index 3fa4d1a7..dae2e873 100644
--- a/blog/2020-03-17-git-gpg-verification.mdwn
+++ b/blog/2020-03-17-git-gpg-verification.mdwn
@@ -29,7 +29,8 @@ the remote, then visually comparing the output:
 
 One problem with this approach is that SHA-1 is now considered as
 [flawed as MD5][] so it can't be used as an authentication mechanism
-anymore. It's also fundamentally difficult to
+anymore. It's also fundamentally difficult to compare hashes for
+humans.
 
 [flawed as MD5]: https://sha-mbles.github.io/
 

introduce the notion that the chain of commit itself is hard to trust
diff --git a/blog/2020-03-17-git-gpg-verification.mdwn b/blog/2020-03-17-git-gpg-verification.mdwn
index a4c663b3..3fa4d1a7 100644
--- a/blog/2020-03-17-git-gpg-verification.mdwn
+++ b/blog/2020-03-17-git-gpg-verification.mdwn
@@ -228,6 +228,18 @@ would like to trust to verify code.
 
 [work underway]: https://lwn.net/Articles/811068/
 
+Also, when you clone a fresh new repository, you might get an entirely
+different repository, with a different root and set of commits. The
+concept of "validity" of a commit, in itself, is hard to establish in
+this case, because an hostile server could put you backwards in time,
+on a different branch, or even on an entirely different
+repository. Git will warn you about a different repository *root* with
+`warning: no common commits` but that's easy to miss. And complete
+branch switches, rebases and resets from upstream are hardly more
+noticeable: only a tiny plus sign (`+`) instead of a star (`*`) will
+tell you that a reset happened, along with a warning (`forced update`)
+on the same line. Miss those and your git history can be compromised.
+
 Possible ways forward
 =====================
 

another similar tools article
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 9ba16dd7..a24f3235 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -198,5 +198,10 @@ out there](https://www.youtube.com/watch?v=Ey08XMOisiw).
 Update: a [similar article from the good folks at systemli](https://www.systemli.org/en/2020/03/15/solidarity-as-infrastructure.html) also
 recommends [Mastodon](http://joinmastodon.org/), [Ticker](https://www.systemli.org/en/service/ticker.html), Wikis and Etherpad.
 
+Update 2: same, at [SFC](https://sfconservancy.org/blog/2020/mar/17/remotetools/), which also mentions [Firefox Send](https://send.firefox.com/)
+and[Etherpad][] (and now I wish I did).
+
+[Etherpad]: https://etherpad.org/
+
 [[!tag covid-19 debian-planet python-planet software hardware remote
 conference documentation privacy]]

remove note about git vulnerability that i cannot find
diff --git a/blog/2020-03-17-git-gpg-verification.mdwn b/blog/2020-03-17-git-gpg-verification.mdwn
index de49230c..a4c663b3 100644
--- a/blog/2020-03-17-git-gpg-verification.mdwn
+++ b/blog/2020-03-17-git-gpg-verification.mdwn
@@ -184,11 +184,10 @@ Worrying about git and GnuPG
 ============================
 
 In general, I'm worried about git's implementation of OpenPGP
-signatures. I don't remember exactly what, but there was a
-verification vulnerability in the past. And there has been numerous
-cases of interoperability problems with GnuPG specifically that led to
-security, like [EFAIL][] or [SigSpoof][]. It would be surprising if
-such a vulnerability did *not* still exist in git.
+signatures. There has been numerous cases of interoperability problems
+with GnuPG specifically that led to security, like [EFAIL][] or
+[SigSpoof][]. It would be surprising if such a vulnerability did *not*
+exist in git.
 
 [SigSpoof]: https://en.wikipedia.org/wiki/SigSpoof
 [EFAIL]: https://en.wikipedia.org/wiki/EFAIL

set proper date
diff --git a/blog/git-gpg-verification.mdwn b/blog/2020-03-17-git-gpg-verification.mdwn
similarity index 100%
rename from blog/git-gpg-verification.mdwn
rename to blog/2020-03-17-git-gpg-verification.mdwn

publish git verification article
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index 3611bc5c..de49230c 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -417,4 +417,4 @@ help. And TUF seems like the state of the art specification around
 here, it would seem wise to start adopting it in the git community as
 well.
 
-[[!tag draft]]
+[[!tag git pgp debian-planet python-planet]]

make the intro a real section
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index ff4d0418..3611bc5c 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -1,5 +1,13 @@
 [[!meta title="How can I trust this git repository?"]]
 
+Join me in the rabbit hole of git repository verification, and how we
+could improve it.
+
+[[!toc levels=2]]
+
+Problem statement
+=================
+
 As part of my work on [automating install procedures at Tor][], I
 ended up doing things like:
 
@@ -63,11 +71,6 @@ I want to shorten that chain as much as possible, make it "peer to
 peer", so to speak. Concretely, it would eliminate the hosting
 provider and the network, as attackers. 
 
-Join my in the rabbit hole of how this is currently done, and how we
-could improve it.
-
-[[!toc levels=2]]
-
 OpenPGP verification
 ====================
 

break up last section
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index 54041535..ff4d0418 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -66,7 +66,7 @@ provider and the network, as attackers.
 Join my in the rabbit hole of how this is currently done, and how we
 could improve it.
 
-[[!toc]]
+[[!toc levels=2]]
 
 OpenPGP verification
 ====================
@@ -339,6 +339,9 @@ it would be worth it.
 Other Projects
 ==============
 
+OpenBSD
+-------
+
 There are other tools trying to do parts of what GnuPG is doing, for
 example [minisign][] and OpenBSD's [signify][]. But they do not
 integrate with git at all right now. Although I did find a
@@ -348,6 +351,9 @@ hack] to [use signify with git][], it's kind of gross...
 [signify]: https://github.com/aperezdc/signify
 [minisign]: https://jedisct1.github.io/minisign/
 
+Golang
+------
+
 Unsurprisingly, this is a problem everyone is trying to solve. Golang
 is [planning on hosting a notary][] which would leverage a
 "certificate-transparency-style tamper-proof log" which would be ran
@@ -357,6 +363,9 @@ by Google (see [the spec][] for details). But that doesn't resolve the
 [the spec]: https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md
 [planning on hosting a notary]: https://blog.golang.org/modules2019
 
+Python
+------
+
 Python had OpenPGP going for a while on PyPI, but it's unclear if it
 ever did anything at all. Now [the plan seems to be to use TUF][] but
 my hunch is that the complexity of the specification is keeping that
@@ -364,6 +373,9 @@ from moving ahead.
 
 [the plan seems to be to use TUF]: https://lwn.net/Articles/806986/
 
+Docker
+------
+
 Docker and the container ecosystem has, in theory, moved to TUF in the
 form of [Notary][], "a project that allows anyone to have trust over
 arbitrary collections of data". In practice however, in my somewhat
@@ -372,6 +384,9 @@ setting up TUF and image verification in Docker is far from trivial.
 
 [Notary]: https://github.com/theupdateframework/notary
 
+Android and iOS
+---------------
+
 Even in what is possibly one of the strongest models (at least in
 terms of user friendliness), mobile phones are surprisingly unclear
 about those kind of questions. I [had to ask if Android had end-to-end
@@ -380,6 +395,9 @@ idea of what iOS does.
 
 [had to ask if Android had end-to-end authentication]: https://android.stackexchange.com/questions/141513/how-safe-is-it-to-upgrade-apps-using-aptoid
 
+Conclusion
+==========
+
 One of the core problems with everything here is the common usability
 aspect of cryptography, and specifically the usability of verification
 procedures. We have become pretty good at *encryption*. The harder

fix quotes
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index d4dc3778..54041535 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -202,13 +202,19 @@ I had an interesting conversation with a fellow Debian developer
 
 [dkg]: https://dkg.fifthhorseman.net/blog/
 
-    <anarcat> i'd like to integrate pgp signing into tor's coding practices more
-    <anarcat> but so far, my approach has been "sign commits" and the verify step was "TBD"
-    <dkg> that's the main reason i've been reluctant to sign git commits
-    <dkg> i haven't heard anyone offer a better subsequent step
-    <dkg> if torproject could outline something useful, then i'd be less averse to the practice
-    <dkg> i'm also pretty sad that git remains stuck on sha1, esp. given the recent demonstrations.
-    <dkg> all the fancy strong signatures you can make in git won't matter if the underlying git repo gets changed out from under the signature due to sha1's weakness
+> `<anarcat>` i'd like to integrate pgp signing into tor's coding
+> practices more, but so far, my approach has been "sign commits" and
+> the verify step was "TBD"
+>
+> `<dkg>` that's the main reason i've been reluctant to sign git
+> commits. i haven't heard anyone offer a better subsequent step. if
+> torproject could outline something useful, then i'd be less averse
+> to the practice. 
+>
+> i'm also pretty sad that git remains stuck on sha1, esp. given the
+> recent demonstrations. all the fancy strong signatures you can make
+> in git won't matter if the underlying git repo gets changed out from
+> under the signature due to sha1's weakness
 
 In other words, even if git implements the arcane GnuPG dialect just
 so, *and* would allow us to setup the trust chain just right, *and*
@@ -297,10 +303,15 @@ The Update Framework
 
 One more thing dkg correctly identified is:
 
-    09:33 < dkg> anarcat: even if you could do exactly what you describe, there are still some interesting wrinkles that  i think would be problems for you
-    09:33 < dkg> the big one: "git repo's latest commits" is a loophole big enough to drive a truck through
-    09:34 < dkg> if your adversary controls that repo, then they get to decide which commits to include in the repo
-    09:34 < dkg> (since every git repo is a view into the same git repo, just some have more commits than others)
+> `<dkg>` anarcat: even if you could do exactly what you describe,
+> there are still some interesting wrinkles that i think would be
+> problems for you. 
+>
+> the big one: "git repo's latest commits" is a loophole big enough to
+> drive a truck through. if your adversary controls that repo, then
+> they get to decide which commits to include in the repo.  (since
+> every git repo is a view into the same git repo, just some have more
+> commits than others)
 
 In other words, unless you have a repository that has frequent commits
 (either because of activity or by a bot generating fake commits), you

final review
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index 27dec403..d4dc3778 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -1,27 +1,35 @@
 [[!meta title="How can I trust this git repository?"]]
 
-As part of my [work on automating the install procedures at Tor](https://trac.torproject.org/projects/tor/ticket/31239), I
+As part of my work on [automating install procedures at Tor][], I
 ended up doing things like:
 
+[automating install procedures at Tor]: https://trac.torproject.org/projects/tor/ticket/31239
+
     git clone REPO
     ./REPO/bootstrap.sh
 
-... something eerily similar to the infamous [curl pipe bash](https://blog.dijit.sh/don-t-pipe-curl-to-bash)
+... something eerily similar to the infamous [curl pipe bash][]
 method which I often decry. As a short-term workaround, I relied on
 the SHA-1 checksum of the repository to make sure I have the right
 code, by running this both on a "trusted" (ie. "local") repository and
 the remote, then visually comparing the output:
 
+[curl pipe bash]: https://blog.dijit.sh/don-t-pipe-curl-to-bash
+
     $ git show-ref master
     9f9a9d70dd1f1e84dec69a12ebc536c1f05aed1c refs/heads/master
-    9f9a9d70dd1f1e84dec69a12ebc536c1f05aed1c refs/remotes/origin/master
 
-One problem with that is that SHA-1 is now considered "as flawed as
-MD5" ([source](https://sha-mbles.github.io/)) so it can hardly be used as an authentication
-mechanism.
+One problem with this approach is that SHA-1 is now considered as
+[flawed as MD5][] so it can't be used as an authentication mechanism
+anymore. It's also fundamentally difficult to
+
+[flawed as MD5]: https://sha-mbles.github.io/
+
+[Fabric]: https://help.torproject.org/tsa/howto/fabric/
 
-Another problem is that it assumes the local repository is
-trusted. How can I trust that repository? I can either:
+The other flaw with comparing local and remote checksums is that we
+assume we trust the *local* repository. But how can I trust that
+repository? I can either:
 
  1. audit all the code present and all the changes done to it after
 
@@ -29,26 +37,43 @@ trusted. How can I trust that repository? I can either:
 
 The first option here is not practical in most cases. In this specific
 use case, I *have* audited the source code -- I'm the author, even --
-what I need is to *transfer* that code over to another server.
+what I need is to *transfer* that code over to another server. 
+
+(Note that I am replacing those procedures with [Fabric][], which
+makes this use case moot for now as the trust path narrows to "trust
+the SSH server" which I already had anyways. But it's still important
+for my fellow Tor developers who worry about trusting the git server,
+especially now that we're moving to GitLab.)
+
+But anyways, in most cases, I do need to trust some other fellow
+developer I collaborate with. To do this, I would need to trust the
+entire chain between me and them: 
+
+ 1. the git client
+ 2. the operating system
+ 3. the hardware
+ 4. the network ([HTTPS][] and the [CA cartel][], specifically)
+ 5. then the hosting provider (and *that* hardware/software stack)
+ 6. and then backwards all the way back to that other person's computer
 
-And in most cases, I do need to trust some other fellow developer I
-collaborate with. But to do this, I would need to trust the entire
-chain between me and them: the git client, my operating system, the
-network ([HTTPS](https://en.wikipedia.org/wiki/HTTPS) and the [CA cartel](https://en.wikipedia.org/wiki/Certificate_authority), specifically), then the
-hosting provider (and *that* hardware stack), and then backwards all
-the way back to that other person's computer.
+[CA cartel]: https://en.wikipedia.org/wiki/Certificate_authority
+[HTTPS]: https://en.wikipedia.org/wiki/HTTPS
 
 I want to shorten that chain as much as possible, make it "peer to
-peer", so to speak.
+peer", so to speak. Concretely, it would eliminate the hosting
+provider and the network, as attackers. 
+
+Join my in the rabbit hole of how this is currently done, and how we
+could improve it.
 
 [[!toc]]
 
-OpenPGP verifications
-=====================
+OpenPGP verification
+====================
 
 My first reaction is (perhaps perversely) to "use OpenPGP" for this. I
-figured that if every commit is signed, then I can just check the
-latest commit and see if the signature is good.
+figured that if I sign every commit, then I can just check the latest
+commit and see if the signature is good.
 
 The first problem here is that this is surprisingly hard. Let's pick
 some arbitrary commit I did recently:
@@ -72,9 +97,9 @@ some arbitrary commit I did recently:
     +# we inline tests directly in the source code
     +python_files = *.py
 
-That's the output of `git log -p` in my local repository. That commit
-is signed, yet `git log` is not telling me anything special about
-it. For *that* to work, I need something special: `--show-signature`,
+That's the output of `git log -p` in my local repository. I signed
+that commit, yet `git log` is not telling me anything special. To
+check the signature, I need something special: `--show-signature`,
 which looks like this:
 
     commit b3c538898b0ed4e31da27fc9ca22cb55e1de0000
@@ -94,7 +119,7 @@ which looks like this:
         tests inside the source code directly, so hijack that.
 
 Can you tell if this is a valid signature? If you speak a little
-french, maybe you do! But even if you would, you are unlikely to see
+french, maybe you can! But even if you would, you are unlikely to see
 that output on your own computer. What you *would* see instead is:
 
     commit b3c538898b0ed4e31da27fc9ca22cb55e1de0000
@@ -109,16 +134,18 @@ that output on your own computer. What you *would* see instead is:
         pytest only looks for file names matching `test` by default. We inline
         tests inside the source code directly, so hijack that.
 
-`No public key`. Of course you would. Why would you have that key
-lying around, unless you're me. Or, to put it another way, why would
-that server I'm installing have a copy of my OpenPGP certificate?
-Because I'm a Debian developer, I am lucky and my key is actually part
-of the ~800 keys part of the `/usr/share/keyrings/debian-keyring.gpg`
-keyring on Debian systems, if the [debian-keyring](https://tracker.debian.org/pkg/debian-keyring) package happens
-to be installed. So there is a trust path.
+Important part: `Can't check signature: No public key. No public
+key`. Because *of course* you would see that. Why would you have my
+key lying around, unless you're me. Or, to put it another way, why
+would that server I'm installing from scratch have a copy of my
+OpenPGP certificate? Because I'm a Debian developer, my key is
+actually part of the 800 keys in the [debian-keyring][] package,
+signed by the APT repositories. So I have a trust path.
+
+[debian-keyring]: https://tracker.debian.org/pkg/debian-keyring
 
 But that won't work for someone who is not a Debian developer. It will
-also stop working when my key expires from that repository, as it
+also stop working when my key expires in that repository, as it
 already has on Debian buster (current stable). So I can't assume I
 have a trust path there either. One could work with a trusted keyring
 like we do in the Tor and Debian project, and only work inside that
@@ -126,9 +153,16 @@ project, that said.
 
 But I still feel uncomfortable with those commands. Both `git log` and
 `git show` will happily succeed (return code 0 in the shell) even
-though the signature verification failed on the commits. For that, you
-need the [git verify-commit](https://manpages.debian.org/git-verify-commit) command, which seems to do the right
-thing:
+though the signature verification failed on the commits. Same with
+`git pull` and `git merge`, which will happily push your branch ahead
+even if the remote has unsigned or badly signed commits.
+
+To actually verify commits (or tags), you need the [git
+verify-commit][] (or [git verify-tag][]) command, which seems to do
+the right thing:
+
+[git verify-commit]: https://manpages.debian.org/git-verify-commit
+[git verify-tag]: https://manpages.debian.org/git-verify-tag
 
     $ LANG=C.UTF-8 git verify-commit b3c538898b0ed4e31da27fc9ca22cb55e1de0000
     gpg: Signature made Mon Mar 16 14:37:53 2020 EDT
@@ -136,32 +170,37 @@ thing:
     gpg: Can't check signature: No public key
     [1]$
 
-At least it fails with some error code. But it's not very flexible: it
-doesn't allow you to specify a keyring, for example. So I couldn't use
-it to verify that a commit has been authored by a "trusted" Debian
-developer. It also is not clear at all to me what consistutes a
-failure. Is a signature by an expired certificate okay? What if the
-key is signed by some random key in my personal keyring? Why should
-that be trusted?
+At least it fails with some error code (`1`, above). But it's not
+flexible: I can't use it to verify that a "trusted" developer (say one
+that is in a trusted keyring) signed a given commit. Also, it is not
+clear what a failure means. Is a signature by an expired certificate
+okay?  What if the key is signed by some random key in my personal
+keyring?  Why should that be trusted?
 
-Worrying about git and gnupg
+Worrying about git and GnuPG
 ============================
 
-I'm worried about git's implementation of OpenPGP signatures in
-general. I don't remember exactly what, but there was a verification
-vulnerability in the past. And there has been numerous cases of
-interoperability problems with GnuPG specifically that led to
-security, like [EFAIL](https://en.wikipedia.org/wiki/EFAIL) or [SigSpoof](https://en.wikipedia.org/wiki/SigSpoof). 

(fichier de différences tronqué)
fixup titles and small review
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index 250d3334..27dec403 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -1,7 +1,5 @@
 [[!meta title="How can I trust this git repository?"]]
 
-[[!toc]]
-
 As part of my [work on automating the install procedures at Tor](https://trac.torproject.org/projects/tor/ticket/31239), I
 ended up doing things like:
 
@@ -43,8 +41,10 @@ the way back to that other person's computer.
 I want to shorten that chain as much as possible, make it "peer to
 peer", so to speak.
 
-Verifying commits
-=================
+[[!toc]]
+
+OpenPGP verifications
+=====================
 
 My first reaction is (perhaps perversely) to "use OpenPGP" for this. I
 figured that if every commit is signed, then I can just check the
@@ -119,9 +119,10 @@ to be installed. So there is a trust path.
 
 But that won't work for someone who is not a Debian developer. It will
 also stop working when my key expires from that repository, as it
-already has on Debian stable. So I can't assume I have a trust path
-there either. One could work with a trusted keyring like we do in the
-Tor and Debian project, and only work inside that project, that said.
+already has on Debian buster (current stable). So I can't assume I
+have a trust path there either. One could work with a trusted keyring
+like we do in the Tor and Debian project, and only work inside that
+project, that said.
 
 But I still feel uncomfortable with those commands. Both `git log` and
 `git show` will happily succeed (return code 0 in the shell) even

add toc
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index b0d89d5f..250d3334 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -1,5 +1,7 @@
 [[!meta title="How can I trust this git repository?"]]
 
+[[!toc]]
+
 As part of my [work on automating the install procedures at Tor](https://trac.torproject.org/projects/tor/ticket/31239), I
 ended up doing things like:
 

finalize first draft
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index 568db78c..b0d89d5f 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -157,7 +157,7 @@ zip file? I would bet it signs the commit's SHA-1 sum, but I just
 don't know, on the top of my head, and neither do git-commit or
 git-verify-commit say exactly what is happening.
 
-I had an interesting conversation with fellow OpenPGP developers about
+I had an interesting conversation with a fellow Debian developer ([dkg](https://dkg.fifthhorseman.net/blog/)) about
 this and we had to admit those limitations:
 
     <anarcat> i'd like to integrate pgp signing into tor's coding practices more
@@ -233,21 +233,78 @@ It consists of a "gzip-compressed JSON catalog files, which can be
 used to store GPG, PKCS-7 and SHA-256 checksums for each file". It is
 yet again another wrapper to GnuPG...
 
-Other stuff
------------
+The Update Framework
+--------------------
+
+One more thing dkg correctly identified is:
 
     09:33 < dkg> anarcat: even if you could do exactly what you describe, there are still some interesting wrinkles that  i think would be problems for you
     09:33 < dkg> the big one: "git repo's latest commits" is a loophole big enough to drive a truck through
     09:34 < dkg> if your adversary controls that repo, then they get to decide which commits to include in the repo
     09:34 < dkg> (since every git repo is a view into the same git repo, just some have more commits than others)
 
- * <https://theupdateframework.io/>
- * <https://github.com/aperezdc/signify>
- * <https://github.com/aperezdc/signify>
- * <https://jedisct1.github.io/minisign/>
- * <https://leahneukirchen.org/dotfiles/bin/git-signify>
- * 
- * <https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md>
- * <https://blog.golang.org/modules2019>
+Unless you have a repository that has frequent commits (either because
+of activity or by a bot generating fake commits), you are bound to
+rely on the central server to decide what "the latest version"
+is. This is the kind of problems that is solved by binary package
+distribution systems like [APT](https://wiki.debian.org/SecureApt) and [TUF](https://theupdateframework.io/). Unfortunately, those
+don't apply to source code distribution, at least not in git form: TUF
+only deals with "repositories" and binary packages, and APT only deals
+with binary packages and source tarballs.
+
+That said, there's actually no reason why git could *not* be extended
+to support the TUF specification. Maybe that, after all, would be the
+solution: leverage a well-known protocol like TUF to ensure end-to-end
+cryptographic integrity of the software chain. OpenPGP-signed tarballs
+are nice, and signed git tags can be useful, but from my experience,
+a lot of OpenPGP (or, more accurately, GnuPG) derived tools are
+brittle and do not offer clear garantees.
+
+Other Projects
+==============
+
+There are other tools trying to do parts of what GnuPG is doing, for
+example [minisign](https://jedisct1.github.io/minisign/) and OpenBSD's [signify](https://github.com/aperezdc/signify). But they do not
+integrate with git at all right now. Although I did find [this
+hack](https://leahneukirchen.org/dotfiles/bin/git-signify) to use signify with git, it's kind of gross...
+
+Unsurprisingly, this is a problem everyone is trying to solve. Golang
+is [planning on hosting a notary](https://blog.golang.org/modules2019) which would leverage a
+certificate-transparency-style tamper-proof log which would be ran by
+Google (see [the spec](https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md) for details). That doesn't resolve the "evil
+server" attaack, if we treat Google as an adversary.
+
+Python had OpenPGP going for a while on PyPI, but it's unclear if it
+ever did anything at all. Now [the plan seems to be to move towards
+TUF](https://lwn.net/Articles/806986/) but my hunch is that the complexity of the specification is
+keeping that from moving ahead.
+
+Docker and the container ecosystem has, in theory, moved to TUF in the
+form of [Notary](https://github.com/theupdateframework/notary), "a project that allows anyone to have trust over
+arbitrary collections of data". In practice however, in my somewhat
+[[limited experience|blog/2018-05-31-securing-container-supply]],
+setting up TUF and image verification in Docker is far from trivial.
+
+Even in what is possibly one of the strongest models (at least in
+terms of user friendliness), mobile phones are surprisingly unclear
+about those kind of questions. I [had to ask if Android had end-to-end
+authentication](https://android.stackexchange.com/questions/141513/how-safe-is-it-to-upgrade-apps-using-aptoid) and I am still not clear on the answer. I have no
+idea of what iOS does.
+
+One of the core problems with everything here is the common usability
+aspect of cryptography, and specifically the usability of verification
+procedures. We have become pretty good at *encrypting* stuff in
+transit. The harder part (and a requirement of properly encrypting
+stuff) is *authenticating* things. It seems that problem still remains
+to be solved, in terms of usability. Even Signal, widely considered to
+be a success in terms of adoption and usability, doesn't properly
+solve that problem. 
+
+So, even though they deserve a lot of credit in other areas, it seems
+unlikely that hardcode C hackers (e.g.  git and kernel developers)
+will be able to resolve that problem without at least a little bit of
+help. And TUF seems like the state of the art specification we could
+follow here, it would seem wise to start adopting it in the git
+community as well.
 
 [[!tag draft]]

notice the remarkable 2
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index baf75e58..32801113 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -237,6 +237,17 @@ Some notes from a friend:
 
 See also this [list of reMarkable resources](https://github.com/reHackable/awesome-reMarkable).
 
+Update: the reMarkable has a new version that looks really impressive,
+according to this [Techcrunch review](https://techcrunch.com/2020/03/17/remarkables-redesigned-e-paper-tablet-is-more-powerful-and-more-papery/):
+
+ * lower latency (40->20ms)
+ * much thinner and lighter
+ * better battery life
+ * saves articles from the web (but with a custom chromium plugin, no
+   firefox)
+ * marker now has an eraser
+ * cheaper (400$ instead of 700$)
+
 Sony
 ----
 

fix headings
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index ca5c5187..b4ff61ce 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -15,12 +15,12 @@ buster or later, the quantum version is available as a Debian package
 (now ESR too!) so those hacks are not necessary.
 
 Extensions
-----------
+==========
 
 This section documents the [Firefox add-ons](https://addons.mozilla.org/) I am using, testing,
 or have used in the past.
 
-### Installed
+## Installed
 
 I have those extensions installed and use them very frequently:
 
@@ -56,7 +56,7 @@ I have those extensions installed and use them very frequently:
 
 Ideally, all of those should be packaged for Debian.
 
-### In testing
+## In testing
 
 I am testing those and they might make it to the top list once I'm happy:
 
@@ -103,7 +103,7 @@ I am testing those and they might make it to the top list once I'm happy:
 Those should probably not be packaged in Debian until they make it to
 the top list.
 
-### Previously used
+## Previously used
 
 I once used those but eventually removed them for various
 reasons. Some are unsupported, non-free software, inconvenient, too
@@ -172,8 +172,9 @@ hard to use or simply irrelevant.
 
 [it's all text!]: https://addons.mozilla.org/en-US/firefox/addon/its-all-text/
 
+
 Surviving the XULocalypse
--------------------------
+=========================
 
 I wasn't very affected by the "XULocalypse", or the removal of older
 "XUL" extensions from Firefox 60. My biggest blocker was [it's all
@@ -268,7 +269,7 @@ It is unclear, however, whether those browsers will be sustainable in
 the long term.
 
 Configuration
--------------
+==============
 
 I have set the following configuration options:
 
@@ -321,7 +322,7 @@ import my set of [Debian bookmarks](https://salsa.debian.org/debian/debian-bookm
 resources.
 
 History
--------
+=======
 
 I have been a long time user of the "Mozilla" family of web
 browsers. My first web browser (apart from [[!wikipedia lynx]]) was
@@ -357,7 +358,7 @@ So long story short, I use firefox now. It's nice to root for the
 [[!wikipedia Browser_wars desc="underdog"]] anyways.
 
 Remaining issues
-----------------
+================
 
 My remaining concerns with Firefox, right now, are:
 

properly cite mayfirst and clarify locations are for servers
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index a2ac7043..9ba16dd7 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -45,12 +45,12 @@ project.
 There are many "instances", but here's a subset I know about:
 
 * <https://meet.jitsi.org/> - the official one, might overload
-* <https://meet.mayfirst.org/> - [Mayfirst](https://mayfirst.org), autonomous collective
-  in New York (see also their [usage instructions](https://support.mayfirst.org/wiki/web-conference))
-* <https://meet.greenhost.net/> - [Greenhost](https://greenhost.net), a worker's coop in
-  the Netherlands
+* <https://meet.mayfirst.org/> - [Mayfirst](https://mayfirst.org) non-profit cooperative,
+  hosted in New York (see also their [usage instructions](https://support.mayfirst.org/wiki/web-conference))
+* <https://meet.greenhost.net/> - [Greenhost](https://greenhost.net),
+  a worker's coop hosted in the Netherlands
 * <https://framatalk.org/> - [Framasoft](https://www.framasoft.org/), a popular education
-  network in France
+  network, hosted in France
 
 You can connect to those with your web browser directly. If your web
 browser doesn't work, try switching to another (e.g. if Firefox
@@ -79,7 +79,7 @@ Mumble ships with a list of known servers, but you can also connect to
 those trusted ones:
 
  * `mumble.mayfirst.org` - Mayfirst (see also [their instructions on how to use it](https://support.mayfirst.org/wiki/mumble)
- * `mumble.riseup.net` - [Riseup](https://riseup.net/), an autonomous collective in Seattle
+ * `mumble.riseup.net` - [Riseup](https://riseup.net/), an autonomous collective, hosted in Seattle
  (ask me if you need their password)
 
 Live streaming
@@ -97,8 +97,8 @@ the community also provides alternatives to those. This is more
 complicated to setup, but just to get you started, I'll link to:
 
  * <https://live.mayfirst.org/> - Mayfirst
- * <https://live.autistici.org/> - Autistici, an autonomous collective
-   in Italy
+ * <https://live.autistici.org/> - Autistici, an autonomous collective,
+   hosted in Italy
 
 For either of those tools, you need an app on your desktop. The
 [Mayfirst instructions](https://support.mayfirst.org/wiki/free-video-streaming-technology) use [OBS Studio](https://obsproject.com/) for this, but it might

fix formatting and typo
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
index 544a9635..568db78c 100644
--- a/blog/git-gpg-verification.mdwn
+++ b/blog/git-gpg-verification.mdwn
@@ -168,7 +168,7 @@ this and we had to admit those limitations:
     <dkg> i'm also pretty sad that git remains stuck on sha1, esp. given the recent demonstrations.
     <dkg> all the fancy strong signatures you can make in git won't matter if the underlying git repo gets changed out from under the signature due to sha1's weakness
 
-In other words, even if git implements the arcane GnuPG dialog just
+In other words, even if git implements the arcane GnuPG dialect just
 so, *and* would allow us to setup the trust chain just right, *and*
 would give us meaningful and workable error messages, it *still* would
 fail because it's still stuck in SHA-1. There is [work underway to fix
@@ -236,18 +236,18 @@ yet again another wrapper to GnuPG...
 Other stuff
 -----------
 
-09:33 < dkg> anarcat: even if you could do exactly what you describe, there are still some interesting wrinkles that  i think would be problems for you
-09:33 < dkg> the big one: "git repo's latest commits" is a loophole big enough to drive a truck through
-09:34 < dkg> if your adversary controls that repo, then they get to decide which commits to include in the repo
-09:34 < dkg> (since every git repo is a view into the same git repo, just some have more commits than others)
-
-TUF https://theupdateframework.io/
-signify https://github.com/aperezdc/signify
-https://github.com/aperezdc/signify
-https://jedisct1.github.io/minisign/
-https://leahneukirchen.org/dotfiles/bin/git-signify
-
-https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md
-https://blog.golang.org/modules2019
+    09:33 < dkg> anarcat: even if you could do exactly what you describe, there are still some interesting wrinkles that  i think would be problems for you
+    09:33 < dkg> the big one: "git repo's latest commits" is a loophole big enough to drive a truck through
+    09:34 < dkg> if your adversary controls that repo, then they get to decide which commits to include in the repo
+    09:34 < dkg> (since every git repo is a view into the same git repo, just some have more commits than others)
+
+ * <https://theupdateframework.io/>
+ * <https://github.com/aperezdc/signify>
+ * <https://github.com/aperezdc/signify>
+ * <https://jedisct1.github.io/minisign/>
+ * <https://leahneukirchen.org/dotfiles/bin/git-signify>
+ * 
+ * <https://go.googlesource.com/proposal/+/master/design/25530-sumdb.md>
+ * <https://blog.golang.org/modules2019>
 
 [[!tag draft]]

draft post about git repos trust
diff --git a/blog/git-gpg-verification.mdwn b/blog/git-gpg-verification.mdwn
new file mode 100644
index 00000000..544a9635
--- /dev/null
+++ b/blog/git-gpg-verification.mdwn
@@ -0,0 +1,253 @@
+[[!meta title="How can I trust this git repository?"]]
+
+As part of my [work on automating the install procedures at Tor](https://trac.torproject.org/projects/tor/ticket/31239), I
+ended up doing things like:
+
+    git clone REPO
+    ./REPO/bootstrap.sh
+
+... something eerily similar to the infamous [curl pipe bash](https://blog.dijit.sh/don-t-pipe-curl-to-bash)
+method which I often decry. As a short-term workaround, I relied on
+the SHA-1 checksum of the repository to make sure I have the right
+code, by running this both on a "trusted" (ie. "local") repository and
+the remote, then visually comparing the output:
+
+    $ git show-ref master
+    9f9a9d70dd1f1e84dec69a12ebc536c1f05aed1c refs/heads/master
+    9f9a9d70dd1f1e84dec69a12ebc536c1f05aed1c refs/remotes/origin/master
+
+One problem with that is that SHA-1 is now considered "as flawed as
+MD5" ([source](https://sha-mbles.github.io/)) so it can hardly be used as an authentication
+mechanism.
+
+Another problem is that it assumes the local repository is
+trusted. How can I trust that repository? I can either:
+
+ 1. audit all the code present and all the changes done to it after
+
+ 2. or trust someone else to do so
+
+The first option here is not practical in most cases. In this specific
+use case, I *have* audited the source code -- I'm the author, even --
+what I need is to *transfer* that code over to another server.
+
+And in most cases, I do need to trust some other fellow developer I
+collaborate with. But to do this, I would need to trust the entire
+chain between me and them: the git client, my operating system, the
+network ([HTTPS](https://en.wikipedia.org/wiki/HTTPS) and the [CA cartel](https://en.wikipedia.org/wiki/Certificate_authority), specifically), then the
+hosting provider (and *that* hardware stack), and then backwards all
+the way back to that other person's computer.
+
+I want to shorten that chain as much as possible, make it "peer to
+peer", so to speak.
+
+Verifying commits
+=================
+
+My first reaction is (perhaps perversely) to "use OpenPGP" for this. I
+figured that if every commit is signed, then I can just check the
+latest commit and see if the signature is good.
+
+The first problem here is that this is surprisingly hard. Let's pick
+some arbitrary commit I did recently:
+
+    commit b3c538898b0ed4e31da27fc9ca22cb55e1de0000
+    Author: Antoine Beaupré <anarcat@debian.org>
+    Date:   Mon Mar 16 14:37:28 2020 -0400
+
+        fix test autoloading
+        
+        pytest only looks for file names matching `test` by default. We inline
+        tests inside the source code directly, so hijack that.
+
+    diff --git a/fabric_tpa/pytest.ini b/fabric_tpa/pytest.ini
+    new file mode 100644
+    index 0000000..71004ea
+    --- /dev/null
+    +++ b/fabric_tpa/pytest.ini
+    @@ -0,0 +1,3 @@
+    +[pytest]
+    +# we inline tests directly in the source code
+    +python_files = *.py
+
+That's the output of `git log -p` in my local repository. That commit
+is signed, yet `git log` is not telling me anything special about
+it. For *that* to work, I need something special: `--show-signature`,
+which looks like this:
+
+    commit b3c538898b0ed4e31da27fc9ca22cb55e1de0000
+    gpg: Signature faite le lun 16 mar 2020 14:37:53 EDT
+    gpg:                avec la clef RSA 7B164204D096723B019635AB3EA1DDDDB261D97B
+    gpg: Bonne signature de « Antoine Beaupré <anarcat@orangeseeds.org> » [ultime]
+    gpg:                 alias « Antoine Beaupré <anarcat@torproject.org> » [ultime]
+    gpg:                 alias « Antoine Beaupré <anarcat@anarc.at> » [ultime]
+    gpg:                 alias « Antoine Beaupré <anarcat@koumbit.org> » [ultime]
+    gpg:                 alias « Antoine Beaupré <anarcat@debian.org> » [ultime]
+    Author: Antoine Beaupré <anarcat@debian.org>
+    Date:   Mon Mar 16 14:37:28 2020 -0400
+
+        fix test autoloading
+        
+        pytest only looks for file names matching `test` by default. We inline
+        tests inside the source code directly, so hijack that.
+
+Can you tell if this is a valid signature? If you speak a little
+french, maybe you do! But even if you would, you are unlikely to see
+that output on your own computer. What you *would* see instead is:
+
+    commit b3c538898b0ed4e31da27fc9ca22cb55e1de0000
+    gpg: Signature made Mon Mar 16 14:37:53 2020 EDT
+    gpg:                using RSA key 7B164204D096723B019635AB3EA1DDDDB261D97B
+    gpg: Can't check signature: No public key
+    Author: Antoine Beaupré <anarcat@debian.org>
+    Date:   Mon Mar 16 14:37:28 2020 -0400
+
+        fix test autoloading
+        
+        pytest only looks for file names matching `test` by default. We inline
+        tests inside the source code directly, so hijack that.
+
+`No public key`. Of course you would. Why would you have that key
+lying around, unless you're me. Or, to put it another way, why would
+that server I'm installing have a copy of my OpenPGP certificate?
+Because I'm a Debian developer, I am lucky and my key is actually part
+of the ~800 keys part of the `/usr/share/keyrings/debian-keyring.gpg`
+keyring on Debian systems, if the [debian-keyring](https://tracker.debian.org/pkg/debian-keyring) package happens
+to be installed. So there is a trust path.
+
+But that won't work for someone who is not a Debian developer. It will
+also stop working when my key expires from that repository, as it
+already has on Debian stable. So I can't assume I have a trust path
+there either. One could work with a trusted keyring like we do in the
+Tor and Debian project, and only work inside that project, that said.
+
+But I still feel uncomfortable with those commands. Both `git log` and
+`git show` will happily succeed (return code 0 in the shell) even
+though the signature verification failed on the commits. For that, you
+need the [git verify-commit](https://manpages.debian.org/git-verify-commit) command, which seems to do the right
+thing:
+
+    $ LANG=C.UTF-8 git verify-commit b3c538898b0ed4e31da27fc9ca22cb55e1de0000
+    gpg: Signature made Mon Mar 16 14:37:53 2020 EDT
+    gpg:                using RSA key 7B164204D096723B019635AB3EA1DDDDB261D97B
+    gpg: Can't check signature: No public key
+    [1]$
+
+At least it fails with some error code. But it's not very flexible: it
+doesn't allow you to specify a keyring, for example. So I couldn't use
+it to verify that a commit has been authored by a "trusted" Debian
+developer. It also is not clear at all to me what consistutes a
+failure. Is a signature by an expired certificate okay? What if the
+key is signed by some random key in my personal keyring? Why should
+that be trusted?
+
+Worrying about git and gnupg
+============================
+
+I'm worried about git's implementation of OpenPGP signatures in
+general. I don't remember exactly what, but there was a verification
+vulnerability in the past. And there has been numerous cases of
+interoperability problems with GnuPG specifically that led to
+security, like [EFAIL](https://en.wikipedia.org/wiki/EFAIL) or [SigSpoof](https://en.wikipedia.org/wiki/SigSpoof). 
+
+Even if git did everything "just right" (which I have myself found
+impossible to do with GnuPG), what does it actually verify? The
+commit's SHA-1 checksum? The Tree's checksum? The entire archive as a
+zip file? I would bet it signs the commit's SHA-1 sum, but I just
+don't know, on the top of my head, and neither do git-commit or
+git-verify-commit say exactly what is happening.
+
+I had an interesting conversation with fellow OpenPGP developers about
+this and we had to admit those limitations:
+
+    <anarcat> i'd like to integrate pgp signing into tor's coding practices more
+    <anarcat> but so far, my approach has been "sign commits" and the verify step was "TBD"
+    <dkg> that's the main reason i've been reluctant to sign git commits
+    <dkg> i haven't heard anyone offer a better subsequent step
+    <dkg> if torproject could outline something useful, then i'd be less averse to the practice
+    <dkg> i'm also pretty sad that git remains stuck on sha1, esp. given the recent demonstrations.
+    <dkg> all the fancy strong signatures you can make in git won't matter if the underlying git repo gets changed out from under the signature due to sha1's weakness
+
+In other words, even if git implements the arcane GnuPG dialog just
+so, *and* would allow us to setup the trust chain just right, *and*
+would give us meaningful and workable error messages, it *still* would
+fail because it's still stuck in SHA-1. There is [work underway to fix
+that](https://lwn.net/Articles/811068/), but as of February 2020, that was described by Jonathan
+Cobert as being in a "relatively unstable state", which is hardly
+something I would like to trust to verify my commits.
+
+Possible ways forward
+=====================
+
+I don't consider the current implementation of OpenPGP signatures in
+git to be sufficient. Maybe, eventually, the tools will mature so that
+SHA-1 is moved aside and the interface will become reasonable, but I
+don't see that happening in the short term. So what to do?
+
+git evtag
+---------
+
+The [git-evtag](https://github.com/cgwalters/git-evtag) extension is designed as a replacement for `git
+tag -s`. It's not designed to sign commits (so you need a release to
+verify code) but it will at least use a stronger algorithm (SHA-512)
+to checksum the tree, and *will* include everything in that tree,
+including blobs. If that sounds expensive to you, maybe you shouldn't

(fichier de différences tronqué)
update marcos docs after hardware replacement
diff --git a/blog/2015-10-09-finding-release-history-etckeeper.mdwn b/blog/2015-10-09-finding-release-history-etckeeper.mdwn
index 362f8ca5..0c81d2e1 100644
--- a/blog/2015-10-09-finding-release-history-etckeeper.mdwn
+++ b/blog/2015-10-09-finding-release-history-etckeeper.mdwn
@@ -102,7 +102,7 @@ believe, especially when you run a rolling distribution like
 * i ran 3 different major releases of Debian on this machine,
   always upgrading from the previous one without reinstalling
 * i probably installed etckeeper from the start, as
-  [[hardware/server/marcos/configuration/]] mentions the machine was
+  [[hardware/server/marcos/v1]] mentions the machine was
   online on 2011-03-08
 * i generally run stable until i get tired and upgrade to testing,
   generally at some point close to the freeze time
diff --git a/blog/2016-05-12-email-setup.mdwn b/blog/2016-05-12-email-setup.mdwn
index fb23f2e5..88b6332a 100644
--- a/blog/2016-05-12-email-setup.mdwn
+++ b/blog/2016-05-12-email-setup.mdwn
@@ -732,7 +732,7 @@ CA, but I guess it would not be so hard...
 
 The server side of things needs more documenting, particularly the
 spam filters. This is currently spread around this wiki, mostly in
-[[hardware/server/marcos/configuration]].
+[[services/mail]].
 
 [well]: http://majic.rs/book/free-software-x509-cookbook/setting-up-dovecot-using-x509-client-certificates-for-authenticatio
 [documented]: http://serverfault.com/questions/624303/dovecot-certificate-authentication
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index b39df7a3..b0fe43f0 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -20,70 +20,30 @@ particulier [[services/mail]] et [[services/backup]].
 
 # Specification
 
-(copied from [[hardware/server/marcos/configuration]])
-
- * motherboard: [ASUS P5G41-M LE/CSM LGA 775 Intel G41 Micro ATX Intel
-   Motherboard](http://www.newegg.com/Product/Product.aspx?Item=N82E16813131399) 65$ newegg ([processeurs supportés](https://www.asus.com/Motherboards/P5G41M/specifications/))
- * case: [Antec Black Aluminum / Steel Fusion Remote Black Micro ATX
-   Media Center / HTPC Case](http://www.newegg.com/Product/Product.aspx?Item=N82E16811129054) 150$ newegg, includes "GD01 MX LCD
-   Display/IR Receiver"
- * CPU: [Intel Pentium Dual-Core E6500 Wolfdale 2.93GHz 2MB L2 Cache
-   LGA 775 65W Dual-Core Processor](http://www.newegg.com/Product/Product.aspx?Item=N82E16819116093) 80$ newegg ([Bonne explication des différents modèles de cores intel](http://en.wikipedia.org/wiki/Intel_Core))
- * Memory: 8GB ram (2x4GB DDR2 667MHz, 1.5ns)
- * Network: AR8114 Gigabit ethernet
- * Storage, internal:
-   * 500GB Samsung SSD 850
-   * 4TB Seagate HDD ST4000DM000-1F21 5900RPM 3.5"
-   * DVD reader/writer (A  DH16A1P, broken)
- * Storage, external:
-   * 3TB Western Digital "My Book" 1230 USB-3
- * USB Bluetooth receiver
- * cost: 350$CAD on 2011-02-26, not counting storage, BT and memory
+ * [CSE-733TQ-500B][]: 300$ (80+ bronze 500W PSU)
+ * [ASUS PRIME X470-PRO][]: 187$ (AM4/PGA 1331 ATX 12"x9.6" 6 SATA Intel® I211-AT chipset)
+ * [Kingston KSM26ED8/16ME][] (16GB RAM): 114$
+ * [AMD Ryzen 5 2600][] - replaced with a [2600x](http://www.atic.ca/index.php?page=details&psku=196096) at same cost (no
+   GPU, 6 cores, 95W 3.4GHz): 287$
+ * Total: 889$CAD
 
-# Hardware maintenance
+[AMD Ryzen 5 2600]: http://www.atic.ca/index.php?page=details&psku=196095
+[CSE-733TQ-500B]: http://www.atic.ca/index.php?page=details&psku=63796
+[ASUS PRIME X470-PRO]: http://www.atic.ca/index.php?page=details&psku=196101
+[Kingston KSM26ED8/16ME]: http://www.atic.ca/index.php?page=details&psku=211327
+[AMD Ryzen 5 2400G]: http://www.atic.ca/index.php?page=details&psku=191280
 
-See [[hardware/server/marcos/configuration]] for the initial setup notes.
+# Hardware maintenance
 
-There's a nasty [[lcd|services/lcd]] here, see [[services/lcd]] for how to configure it.
+See [[hardware/server/marcos/v1]] for the initial setup notes. Those
+are kept only for historical reference, as the machine was rebuilt
+with new hardware in 2020.
 
 See [[services/backup]] for backup and drive replacement procedures.
  
-## Screen lockup
-
-Sometimes, Xorg would totally lockup with something like:
-
-    [drm:intel_pipe_set_base] *ERROR* pipe is still busy with an old pageflip
-
-This seems to be a bug in the intel driver, reported in a few places:
-
-* <https://bugs.freedesktop.org/show_bug.cgi?id=82612>
-* <http://askubuntu.com/questions/605259/lockups-in-x-session-sth-to-do-with-stuck-pageflips>
-* <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1384342>
-* <https://bugs.launchpad.net/ubuntu/+source/linux-lts-utopic/+bug/1572869>
-* a lot more results: https://www.startpage.com/do/dsearch?query=%5Bdrm%3Aintel_pipe_set_base%5D+*ERROR*+pipe+is+still+busy+with+an+old+pageflip
-
-I tried to upgrade the libdrm-intel1 package:
-
-    Start-Date: 2016-08-17  13:23:50
-    Commandline: apt install -t jessie-backports libdrm-intel1
-    Install: libdrm-amdgpu1:amd64 (2.4.70-1~bpo8+1, automatic)
-    Upgrade: libdrm-intel1:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-intel1:i386 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-dev:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-radeon1:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-radeon1:i386 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-nouveau2:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-nouveau2:i386 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm2:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm2:i386 (2.4.58-2, 2.4.70-1~bpo8+1)
-    End-Date: 2016-08-17  13:24:01
-
-It seems to stabilise things, but I'll wait for a while before
-claiming victory. In august 2015, there was a 94 days uptime. Since
-then uptime hasn't gone beyond 30-40 days. Once we cross that
-boundary, we can consider this issue fixed.
-
-Update: in october 2016, the problem was still there. I tried
-upgrading the `xserver-xorg-video-intel`, we'll see how it goes.
-
-Update: still deadlocks. december 2017, tried upgrading the kernel to
-backports.
-
 ## 2020 Replacement
 
-In 2020, hardware for marcos is being swapped out into a new box.
+In 2020, hardware for marcos was swapped out into a new box.
 
 The machine has 4x3.5" hotswap drives so there's plenty of room for
 expansion *and* it should be easier to replace drives when they
diff --git a/hardware/server/marcos/configuration.mdwn b/hardware/server/marcos/v1.mdwn
similarity index 74%
rename from hardware/server/marcos/configuration.mdwn
rename to hardware/server/marcos/v1.mdwn
index badd0d67..199f49c1 100644
--- a/hardware/server/marcos/configuration.mdwn
+++ b/hardware/server/marcos/v1.mdwn
@@ -1,3 +1,70 @@
+[[!toc]]
+
+# Specification
+
+(copied from [[hardware/server/marcos/configuration]])
+
+ * motherboard: [ASUS P5G41-M LE/CSM LGA 775 Intel G41 Micro ATX Intel
+   Motherboard](http://www.newegg.com/Product/Product.aspx?Item=N82E16813131399) 65$ newegg ([processeurs supportés](https://www.asus.com/Motherboards/P5G41M/specifications/))
+ * case: [Antec Black Aluminum / Steel Fusion Remote Black Micro ATX
+   Media Center / HTPC Case](http://www.newegg.com/Product/Product.aspx?Item=N82E16811129054) 150$ newegg, includes "GD01 MX LCD
+   Display/IR Receiver"
+ * CPU: [Intel Pentium Dual-Core E6500 Wolfdale 2.93GHz 2MB L2 Cache
+   LGA 775 65W Dual-Core Processor](http://www.newegg.com/Product/Product.aspx?Item=N82E16819116093) 80$ newegg ([Bonne explication des différents modèles de cores intel](http://en.wikipedia.org/wiki/Intel_Core))
+ * Memory: 8GB ram (2x4GB DDR2 667MHz, 1.5ns)
+ * Network: AR8114 Gigabit ethernet
+ * Storage, internal:
+   * 500GB Samsung SSD 850
+   * 4TB Seagate HDD ST4000DM000-1F21 5900RPM 3.5"
+   * DVD reader/writer (A  DH16A1P, broken)
+ * Storage, external:
+   * 3TB Western Digital "My Book" 1230 USB-3
+ * USB Bluetooth receiver
+ * cost: 350$CAD on 2011-02-26, not counting storage, BT and memory
+
+# Hardware maintenance
+
+See [[hardware/server/marcos/configuration]] for the initial setup notes.
+
+There's a nasty [[lcd|services/lcd]] here, see [[services/lcd]] for how to configure it.
+
+See [[services/backup]] for backup and drive replacement procedures.
+ 
+## Screen lockup
+
+Sometimes, Xorg would totally lockup with something like:
+
+    [drm:intel_pipe_set_base] *ERROR* pipe is still busy with an old pageflip
+
+This seems to be a bug in the intel driver, reported in a few places:
+
+* <https://bugs.freedesktop.org/show_bug.cgi?id=82612>
+* <http://askubuntu.com/questions/605259/lockups-in-x-session-sth-to-do-with-stuck-pageflips>
+* <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1384342>
+* <https://bugs.launchpad.net/ubuntu/+source/linux-lts-utopic/+bug/1572869>
+* a lot more results: https://www.startpage.com/do/dsearch?query=%5Bdrm%3Aintel_pipe_set_base%5D+*ERROR*+pipe+is+still+busy+with+an+old+pageflip
+
+I tried to upgrade the libdrm-intel1 package:
+
+    Start-Date: 2016-08-17  13:23:50
+    Commandline: apt install -t jessie-backports libdrm-intel1
+    Install: libdrm-amdgpu1:amd64 (2.4.70-1~bpo8+1, automatic)
+    Upgrade: libdrm-intel1:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-intel1:i386 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-dev:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-radeon1:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-radeon1:i386 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-nouveau2:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm-nouveau2:i386 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm2:amd64 (2.4.58-2, 2.4.70-1~bpo8+1), libdrm2:i386 (2.4.58-2, 2.4.70-1~bpo8+1)
+    End-Date: 2016-08-17  13:24:01
+
+It seems to stabilise things, but I'll wait for a while before
+claiming victory. In august 2015, there was a 94 days uptime. Since
+then uptime hasn't gone beyond 30-40 days. Once we cross that
+boundary, we can consider this issue fixed.
+
+Update: in october 2016, the problem was still there. I tried
+upgrading the `xserver-xorg-video-intel`, we'll see how it goes.
+
+Update: still deadlocks. december 2017, tried upgrading the kernel to
+backports.
+
+# Initial configuration
+
 [[!toc levels=3 startlevel=2]]
 
 ## Software setup checklist
@@ -190,4 +257,3 @@ Inventory of old parts moved to [[junk]].
  * ✓ configure automated git-annex backups of all repos through assistant (missing remotes, but autostarted)
  * ✓ configure main backups on `calyx` (runs through "cron.daily")
  * ✓ figure out what to do with the remaining unclassified data (see below)
-

Added a comment: GNU Jami
diff --git a/blog/2020-03-15-remote-tools/comment_3_f3862406a5b23143c055ac9937d68597._comment b/blog/2020-03-15-remote-tools/comment_3_f3862406a5b23143c055ac9937d68597._comment
new file mode 100644
index 00000000..14d32ac4
--- /dev/null
+++ b/blog/2020-03-15-remote-tools/comment_3_f3862406a5b23143c055ac9937d68597._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ ip="117.226.231.12"
+ claimedauthor="Ram"
+ subject="GNU Jami"
+ date="2020-03-16T16:11:27Z"
+ content="""
+I just come here to inform about the GNU Jami. Here are the links:
+https://jami.net/
+https://git.jami.net/savoirfairelinux/ring-project/wikis/technical/Build-instructions
+
+I have not yet tested it exhaustively. But it may be a good replacement for Whatsapp or Skype or Duo. It's an well maintained project now.
+
+"""]]

link to the systemli post
diff --git a/blog/2020-03-15-remote-tools.mdwn b/blog/2020-03-15-remote-tools.mdwn
index 998903e7..a2ac7043 100644
--- a/blog/2020-03-15-remote-tools.mdwn
+++ b/blog/2020-03-15-remote-tools.mdwn
@@ -195,4 +195,8 @@ instance.
 Let me know if I forgot anything, but in a friendly way. And [stay safe
 out there](https://www.youtube.com/watch?v=Ey08XMOisiw).
 
-[[!tag covid-19 debian-planet python-planet software hardware remote conference documentation privacy]]
+Update: a [similar article from the good folks at systemli](https://www.systemli.org/en/2020/03/15/solidarity-as-infrastructure.html) also
+recommends [Mastodon](http://joinmastodon.org/), [Ticker](https://www.systemli.org/en/service/ticker.html), Wikis and Etherpad.
+
+[[!tag covid-19 debian-planet python-planet software hardware remote
+conference documentation privacy]]

Added a comment: Another alternative
diff --git a/blog/2020-03-15-remote-tools/comment_2_c1fae7dda90d768a7f27f6cbe8306193._comment b/blog/2020-03-15-remote-tools/comment_2_c1fae7dda90d768a7f27f6cbe8306193._comment
new file mode 100644
index 00000000..76acda73
--- /dev/null
+++ b/blog/2020-03-15-remote-tools/comment_2_c1fae7dda90d768a7f27f6cbe8306193._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ ip="167.114.92.48"
+ subject="Another alternative"
+ date="2020-03-16T11:45:54Z"
+ content="""
+GNU Jami: multiplatform, E2EE (TLS), P2P, audio/video calls, conferencing and screen sharing, GPLv3
+"""]]

Added a comment: An alternative
diff --git a/blog/2020-03-15-remote-tools/comment_1_fa61db19e032b6899b5b4adf36b97fd6._comment b/blog/2020-03-15-remote-tools/comment_1_fa61db19e032b6899b5b4adf36b97fd6._comment
new file mode 100644
index 00000000..a15aa76a
--- /dev/null
+++ b/blog/2020-03-15-remote-tools/comment_1_fa61db19e032b6899b5b4adf36b97fd6._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ ip="203.33.162.95"
+ claimedauthor="Mr B"
+ subject="An alternative"
+ date="2020-03-15T23:57:09Z"
+ content="""
+We (family, friends and work colleagues) use Wire. It's FLOSS and available for Windows, macOS and Linux desktops, IOS and Android mobiles and also just a browser app. There are free and pro versions available but even the free version does text chat, file transfers, audio and/or video calling and groups. It's end-to-end encrypted and Swiss based. Apologies if this sounds like an advert but I'm just a happy user.
+"""]]

clarify titles further
diff --git a/blog/2020-03-10-font-changes.mdwn b/blog/2020-03-10-font-changes.mdwn
index 60ecb9a5..7cdc4afc 100644
--- a/blog/2020-03-10-font-changes.mdwn
+++ b/blog/2020-03-10-font-changes.mdwn
@@ -8,8 +8,8 @@ prettier.
 
 [[!toc]]
 
-Monospace font: Fira mono
-=========================
+Editor and Terminal: Fira mono
+==============================
 
 This all started when I found out about the [Jetbrains][]
 [Mono][jetbrains-mono] font. I found the idea of ligatures
@@ -110,8 +110,8 @@ around a change in the freetype interpreter, discussed in [bug
 866685](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866685) and my [[upgrades
 documentation|services/upgrades/buster]].
 
-Website font: Charter
-=====================
+Website: Charter
+================
 
 That "hell no" article got me interested in the [Practical
 Typography](https://practicaltypography.com/) web book, which I read over the weekend. It was an eye

make the two titles fit
diff --git a/blog/2020-03-10-font-changes.mdwn b/blog/2020-03-10-font-changes.mdwn
index 73d4c4e2..60ecb9a5 100644
--- a/blog/2020-03-10-font-changes.mdwn
+++ b/blog/2020-03-10-font-changes.mdwn
@@ -110,8 +110,8 @@ around a change in the freetype interpreter, discussed in [bug
 866685](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866685) and my [[upgrades
 documentation|services/upgrades/buster]].
 
-Website font changes
-====================
+Website font: Charter
+=====================
 
 That "hell no" article got me interested in the [Practical
 Typography](https://practicaltypography.com/) web book, which I read over the weekend. It was an eye

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .