Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

removed
diff --git a/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment b/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
deleted file mode 100644
index 38b85b25..00000000
--- a/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
+++ /dev/null
@@ -1,13 +0,0 @@
-[[!comment format=creole
- ip="185.136.166.126"
- claimedauthor="Herbertnat"
- url="http://cialisdxt.com/"
- subject="cialis daily dosage options hag"
- date="2019-05-25T12:50:44Z"
- content="""
-cialis super active tadalafil india pharmacy 
-<a href=\"http://cialisdxt.com/\">buy generic cialis</a> 
-cialis 20 mg tablet price 
-[url=http://cialisdxt.com/]cialis generic[/url] 
-cytotechnology specialist
-"""]]

Added a comment: cialis daily dosage options hag
diff --git a/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment b/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
new file mode 100644
index 00000000..38b85b25
--- /dev/null
+++ b/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
@@ -0,0 +1,13 @@
+[[!comment format=creole
+ ip="185.136.166.126"
+ claimedauthor="Herbertnat"
+ url="http://cialisdxt.com/"
+ subject="cialis daily dosage options hag"
+ date="2019-05-25T12:50:44Z"
+ content="""
+cialis super active tadalafil india pharmacy 
+<a href=\"http://cialisdxt.com/\">buy generic cialis</a> 
+cialis 20 mg tablet price 
+[url=http://cialisdxt.com/]cialis generic[/url] 
+cytotechnology specialist
+"""]]

related to the rant
diff --git a/blog/2018-05-26-kubecon-rant/comment_7_2da35091552acf39b2ddfc957ac69498._comment b/blog/2018-05-26-kubecon-rant/comment_7_2da35091552acf39b2ddfc957ac69498._comment
new file mode 100644
index 00000000..a06e6468
--- /dev/null
+++ b/blog/2018-05-26-kubecon-rant/comment_7_2da35091552acf39b2ddfc957ac69498._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""related"""
+ date="2019-05-25T02:21:53Z"
+ content="""
+
+<https://medium.com/swlh/my-fellow-engineers-it-is-time-for-the-greatest-invention-of-all-f738d8394998>
+"""]]

hard to find fp2 parts
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index dfd794d1..fa19d055 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -161,6 +161,7 @@ Cons:
    of open development
  * runs an unsupported Linux kernel (3.4.0) not mainline
  * lagging behind security updates
+ * actual replacement parts are hard to find
 
 Specifications
 ==============

retirer une coquille
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
index 8f1f1cad..02f79868 100644
--- a/blog/2019-05-15-revolution-tranquille-laicite.mdwn
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -10,7 +10,7 @@ religieuse des enfants en prenant position publiquement sur la réforme
 scolaire. Le banc des accusés est le seul endroit où on devrait
 permettre aux curés de parler de sexualité et de morale.
 
-Notre histoire est irrémédiablement liée à la colonisation {qui inclus}
+Notre histoire est irrémédiablement liée à la colonisation incluant la
 destruction d'une diversité de peuples autochtones et qui continue à
 ce jour. On imagine souvent un vague crime passé mais la réalité est
 que le génocide a continué jusqu'à la fermeture des pensionnats

Added a comment: Ainsi soit-il
diff --git a/blog/2019-05-15-revolution-tranquille-laicite/comment_1_3e28dc879adea450a8ea4d2c38ada149._comment b/blog/2019-05-15-revolution-tranquille-laicite/comment_1_3e28dc879adea450a8ea4d2c38ada149._comment
new file mode 100644
index 00000000..9e822502
--- /dev/null
+++ b/blog/2019-05-15-revolution-tranquille-laicite/comment_1_3e28dc879adea450a8ea4d2c38ada149._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="192.222.230.146"
+ claimedauthor="pretrejobin"
+ subject="Ainsi soit-il"
+ date="2019-05-17T14:10:42Z"
+ content="""
+Amen!
+
+On semble continuer de s'attaquer aux autres religions comme si c'était la nôtre. Détruire le catholicisme parce qu'on a grandi dedans et qu'on en voit ses absurdités, c'est tout à fait justifié. Mais s'attaquer à une religion qu'on ne connais pas avec des subtilités qui sont invisibles à nos yeux, c'est d'un stupide crade.
+"""]]

creating tag page tag/laïcité
diff --git "a/tag/la\303\257cit\303\251.mdwn" "b/tag/la\303\257cit\303\251.mdwn"
new file mode 100644
index 00000000..a4343454
--- /dev/null
+++ "b/tag/la\303\257cit\303\251.mdwn"
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged laïcité"]]
+
+[[!inline pages="tagged(laïcité)" actions="no" archive="yes"
+feedshow=10]]

add tag and title
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
index df4ca47b..8f1f1cad 100644
--- a/blog/2019-05-15-revolution-tranquille-laicite.mdwn
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="Réellement compléter la révolution tranquille"]]
+
 "Compléter l'oeuvre de la révolution tranquille", pour reprendre la
 couverture du Devoir de ce matin, devrait commencer par réparer les
 dommages faits par l'Église catholique au Québec. Les crimes horribles
@@ -44,3 +46,7 @@ des attentats terroristes en Amérique du nord, pourquoi se préoccuper
 des voiles de nos enseignantes? "Place aux nécessités!" L'urgence
 climatique et la montée du fascisme devraient être les sujets
 d'importance au lieu de ces questions vestimentaires.
+
+> Cet article a été refusé au Devoir.
+
+[[!tag politique québec laïcité légal réflexion histoire]]

update audio hardware
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 1faa4f8c..a48b5926 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -190,6 +190,12 @@ We already have a stand and SM58 + cable, so we just need:
    * Music Red One: [EON 610 580$](https://musicredone.com/collections/speakers/products/jbl-eon610), no Yamaha
    * Steve's: [EON 610: 540$](https://stevesmusic.com/en/p-a-live-sound/speakers/jbl-eon-610.html), [DXR10: 760$](https://stevesmusic.com/en/p-a-live-sound/speakers/yamaha-dxr-10-powered-speaker-ea.html), [DBR10 520$](https://stevesmusic.com/en/p-a-live-sound/portable-systems/yamaha-dbr10-active-monitor-ea.html)
 
+Update: got a DBR10 at Steve's, works fine. Forgot the frigging stand
+home, but otherwise good start. Would be nice to have a mike there
+permanently and we are going to have space management issues. Might
+help to help koumbit sort through their cabling with a stack of trays
+or something.
+
 ### Phase II: mono recording, ~650$
 
 This second phase enables recording through the Notepad 102 mixer and

corrections de la famille
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
index 22c14a25..df4ca47b 100644
--- a/blog/2019-05-15-revolution-tranquille-laicite.mdwn
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -1,14 +1,14 @@
 "Compléter l'oeuvre de la révolution tranquille", pour reprendre la
-couverture du Devoir de ce matin, devrait commencer par adresser les
+couverture du Devoir de ce matin, devrait commencer par réparer les
 dommages faits par l'Église catholique au Québec. Les crimes horribles
-des prêtres contre les enfants restent impunis. L'État laisse ici le
-soin à l'Église de s'occupper de ces affaires criminelles. Pendant ce
-temps, les évèques font morale sur l'éducation sexuelle ou religieuse
-des enfants en prenant position publiquement sur la réforme
-scolaire. Le banc des accusés est le seul endroit où les curés
-devraient être permis de parler de sexualité et de morale.
+des prêtres contre les enfants restent impunis. L'état laisse ici le
+soin à l'Église de s'occuper de ces affaires criminelles. Pendant ce
+temps, les évêques font la morale sur l'éducation sexuelle ou
+religieuse des enfants en prenant position publiquement sur la réforme
+scolaire. Le banc des accusés est le seul endroit où on devrait
+permettre aux curés de parler de sexualité et de morale.
 
-Notre histoire est irrémédiablement liée à la colonisation qui inclus
+Notre histoire est irrémédiablement liée à la colonisation {qui inclus}
 destruction d'une diversité de peuples autochtones et qui continue à
 ce jour. On imagine souvent un vague crime passé mais la réalité est
 que le génocide a continué jusqu'à la fermeture des pensionnats
@@ -16,31 +16,31 @@ autochtones à la fin du siècle. La Révolution tranquille n'a
 certainement pas fini ses devoirs, mais pas au sens où l'entend Guy
 Rocher et les défenseurs du projet de loi 21.
 
-J'ai été éduqué à la Commission des Écoles Catoliques de Montréal
+J'ai été éduqué à la Commission des Écoles Catholiques de Montréal
 (CECM). Durant mon séjour dans cette institution, j'ai suivi des cours
-de catéchèse qui est "destinée à faire grandir les enfants [...] dans
+de catéchèse "destinée à faire grandir les enfants [...] dans
 l'intelligence du message chrétien" (Wikipédia). Ce n'était pas
-l'époque de la grande noirceur mais bien des années quatre-vingts, où
-on avait encore le "privilège" d'entrer à l'église durant le
-curriculum standard de l'école primaire. Évidemment, "communier avec
-Dieu" était réservé aux baptisés, groupe d'élite dont je ne faisais
-pas partie. J'ai donc cru important de me faire baptiser à ce jeune
-âge pour tenter de corriger ce faux-pas parental, dans l'espoir
+l'époque de la grande noirceur mais bien des années 80, où on avait
+encore le "privilège" d'entrer à l'église durant le curriculum
+standard de l'école primaire. Évidemment, "communier avec Dieu" était
+réservé aux baptisés, groupe d'élite dont je ne faisais pas
+partie. J'ai donc cru important de me faire baptiser à ce jeune âge
+pour tenter de corriger ce faux-pas parental, dans l'espoir
 d'atteindre l'illumination dans la noirceur du confessionnal.
 
-Étant donc devenu un athé convaincu, je me désole de voir mes
+Étant donc devenu un athée convaincu, je me désole de voir mes
 concitoyens s'entre-déchirer sur les questions religieuses. Compléter
-la véritable Révolution, ça serait de convertir les églises et
-presbytères en centre sociaux au lieu de condos, traduire les prêtres
-en justice au lieu de les passer à la radio, redonner aux peuples que
-nous avons voler et commencer à réparer les erreurs du passé.
+la véritable Révolution serait de convertir les églises et presbytères
+en centre sociaux au lieu de condos, traduire les prêtres en justice
+au lieu de les passer à la radio, redonner aux peuples que nous avons
+volé et commencer à réparer les erreurs du passé.
 
 Comme disait Borduas, il faut opposer le "refus global" à la
 "responsabilité entière". Reconnaître les fautes et les erreurs de
 notre propre culture, et commencer à les réparer, au lieu de
 s'attarder aux vices possible d'une culture que nous ne connaissons
-somme toute pas. Alors que l'extrême droite est la source de la
-majorité des attentats terroristes en amérique du nord, pourquoi se
-préoccuper des hijabs de nos gardiennes? "Place aux nécessités!"
-L'urgence climatique et la montée du fascisme devraient être nos sujet
-d'importance au lieu de ces questions vaguement vestimentaires.
+pas vraiment. Alors que l'extrême droite est la source de la majorité
+des attentats terroristes en Amérique du nord, pourquoi se préoccuper
+des voiles de nos enseignantes? "Place aux nécessités!" L'urgence
+climatique et la montée du fascisme devraient être les sujets
+d'importance au lieu de ces questions vestimentaires.

nouveau rant sur la loi 21
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
new file mode 100644
index 00000000..22c14a25
--- /dev/null
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -0,0 +1,46 @@
+"Compléter l'oeuvre de la révolution tranquille", pour reprendre la
+couverture du Devoir de ce matin, devrait commencer par adresser les
+dommages faits par l'Église catholique au Québec. Les crimes horribles
+des prêtres contre les enfants restent impunis. L'État laisse ici le
+soin à l'Église de s'occupper de ces affaires criminelles. Pendant ce
+temps, les évèques font morale sur l'éducation sexuelle ou religieuse
+des enfants en prenant position publiquement sur la réforme
+scolaire. Le banc des accusés est le seul endroit où les curés
+devraient être permis de parler de sexualité et de morale.
+
+Notre histoire est irrémédiablement liée à la colonisation qui inclus
+destruction d'une diversité de peuples autochtones et qui continue à
+ce jour. On imagine souvent un vague crime passé mais la réalité est
+que le génocide a continué jusqu'à la fermeture des pensionnats
+autochtones à la fin du siècle. La Révolution tranquille n'a
+certainement pas fini ses devoirs, mais pas au sens où l'entend Guy
+Rocher et les défenseurs du projet de loi 21.
+
+J'ai été éduqué à la Commission des Écoles Catoliques de Montréal
+(CECM). Durant mon séjour dans cette institution, j'ai suivi des cours
+de catéchèse qui est "destinée à faire grandir les enfants [...] dans
+l'intelligence du message chrétien" (Wikipédia). Ce n'était pas
+l'époque de la grande noirceur mais bien des années quatre-vingts, où
+on avait encore le "privilège" d'entrer à l'église durant le
+curriculum standard de l'école primaire. Évidemment, "communier avec
+Dieu" était réservé aux baptisés, groupe d'élite dont je ne faisais
+pas partie. J'ai donc cru important de me faire baptiser à ce jeune
+âge pour tenter de corriger ce faux-pas parental, dans l'espoir
+d'atteindre l'illumination dans la noirceur du confessionnal.
+
+Étant donc devenu un athé convaincu, je me désole de voir mes
+concitoyens s'entre-déchirer sur les questions religieuses. Compléter
+la véritable Révolution, ça serait de convertir les églises et
+presbytères en centre sociaux au lieu de condos, traduire les prêtres
+en justice au lieu de les passer à la radio, redonner aux peuples que
+nous avons voler et commencer à réparer les erreurs du passé.
+
+Comme disait Borduas, il faut opposer le "refus global" à la
+"responsabilité entière". Reconnaître les fautes et les erreurs de
+notre propre culture, et commencer à les réparer, au lieu de
+s'attarder aux vices possible d'une culture que nous ne connaissons
+somme toute pas. Alors que l'extrême droite est la source de la
+majorité des attentats terroristes en amérique du nord, pourquoi se
+préoccuper des hijabs de nos gardiennes? "Place aux nécessités!"
+L'urgence climatique et la montée du fascisme devraient être nos sujet
+d'importance au lieu de ces questions vaguement vestimentaires.

update
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 773417c8..ea5bd348 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -1,4 +1,4 @@
-[[!meta title="On free speech at Puri.sm"]]
+[[!meta title="On free speech at Puri.sm and Mastodon"]]
 
 I have been cautiously enthusiastic about [Puri.sm][]. They have done
 interesting work [liberating their own hardware][Coreboot support] from the clutches
@@ -313,6 +313,4 @@ groups?
 
 [scum]: https://en.wiktionary.org/wiki/scum
 [Nazi Scum]: https://www.youtube.com/watch?v=qEEZsvSzG-4
-
 [The Cleaners]: https://www.imdb.com/title/tt7689936/
-
diff --git a/blog/2019-05-13-free-speech/comment_1_631423181d4c74dfa67f42fd80ac14c3._comment b/blog/2019-05-13-free-speech/comment_1_631423181d4c74dfa67f42fd80ac14c3._comment
new file mode 100644
index 00000000..df0a8fe9
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_1_631423181d4c74dfa67f42fd80ac14c3._comment
@@ -0,0 +1,40 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""some updates"""
+ date="2019-05-13T23:30:20Z"
+ content="""
+
+First off, a friend referred to me to this [great cartoon][] that
+should help people deal with idiotic trolls on the internet and real
+life, if only by bringing a smile.
+
+> Exactly. Now read a god damn book.
+
+Moving on.
+
+The other thing that happened is that the founder of Mastodon, [Eugen
+Rochko][], [announced][] that he would only list Mastodon servers on
+[joinmastodon.org][] if they had:
+
+> 1. A server policy against racism, sexism and transphobia
+> 
+> 2. Daily database backups
+> 
+> 3. At least one other person with emergency access to server infrastructure
+> 
+> 4. Commit to giving users at least 3 months advance warning before
+>    closing down your server
+
+I think that's a great step. I'd be happier if the first point was
+explicitely set around a specific code of conduct, and why the
+Covenant one. But it's a great idea anyways.
+
+I'd even go further and say that, like on Twitter and email, it will
+soon become necessary to share block lists of servers we just can't
+accept spam from.
+
+[announced]: https://mastodon.social/@Gargron/102080214355309632
+[joinmastodon.org]: https://joinmastodon.org/
+[Eugen Rochko]: https://mastodon.social/@Gargron
+[great cartoon]: https://existentialcomics.com/comic/289
+"""]]

sigh, fix more links
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 4dd8d2d0..773417c8 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -154,9 +154,6 @@ arguably, human intelligence as well).
 
 [banning Alex Jones]: https://www.theguardian.com/technology/2018/aug/06/apple-removes-podcasts-infowars-alex-jones
 [some claim]: https://motherboard.vice.com/en_us/article/a3xgq5/why-wont-twitter-treat-white-supremacy-like-isis-because-it-would-mean-banning-some-republican-politicians-too
-[The Moderators]: https://www.imdb.com/title/tt6628328/
-[The Cleaners]: https://www.imdb.com/title/tt7689936/
-[this article on The Verge]: https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona
 
 Free speech absolutism and its impacts
 ======================================
@@ -310,10 +307,12 @@ groups?
       cases, naturally.
 
 [^4]: For a good perspective on that gruesome work, I recommend [this
-      article on The Verge][] and there are also two documentaries I'm
+      article on The Verge](https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona) and there are also two documentaries I'm
       aware of that cover the topic as well, [The Cleaners][] and [The
-      Moderators][].
-
+      Moderators](https://www.imdb.com/title/tt6628328/).
 
 [scum]: https://en.wiktionary.org/wiki/scum
 [Nazi Scum]: https://www.youtube.com/watch?v=qEEZsvSzG-4
+
+[The Cleaners]: https://www.imdb.com/title/tt7689936/
+

phrasing
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 3e638f49..4dd8d2d0 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -291,11 +291,11 @@ groups?
 
 ----
 
-> For the sake of transparency, I should state have ordered a laptop
-> from Purism about a month ago and the machine was "dead on arrival"
-> when it arrived last week. I've also been having trouble getting the
-> machine returned although it seems this will might resolve itself
-> today.
+> For the sake of transparency, I should state that I have ordered a
+> laptop from Purism about a month ago and the machine was "dead on
+> arrival" when it arrived last week. I've also been having trouble
+> getting the machine returned although it seems this will might
+> resolve itself today.
 
 [^1]: [scum][], the topmost liquid layer of a cesspool or septic
     tank, a reprehensible person or persons. [Nazi Scum][].

last tweaks
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 1747d31c..3e638f49 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -250,9 +250,9 @@ We can already see this happening in the US and elsewhere:
    [fascist rally in Virginia][]. The perpetrator was previously
    posting neo-nazi memes and symbols on Facebook.
 
- * In 2018, another neo-nazi walked into a synagogue and [murdered
-   eleven people][]. He had previously posted anti-semitic comments on
-   the far-right [Gab social network][].
+ * In 2018, another neo-nazi walked into a synagogue in Pittsburg and
+   [murdered eleven people][]. He had previously posted anti-semitic
+   comments on the far-right [Gab social network][].
 
  * And this year, in 2019, another neo-nazi walked into a Mosque and
    [murdered 51 people][] in New Zealand. He streamed everything on
@@ -269,7 +269,7 @@ We can already see this happening in the US and elsewhere:
 
 This is real. This is now. This is what Purism enables by tolerating
 hate speech. And it's not right. Free speech should never be an
-enabler for such terrorism. We don't tolerate it for [ISIL][] and
+enabler for such horrors. We don't tolerate it for [ISIL][] and
 jihadist terrorism, why should we tolerate it for the white supremacy
 groups?
 
@@ -289,6 +289,8 @@ groups?
 [ISIL]: https://en.wikipedia.org/wiki/Islamic_State_of_Iraq_and_the_Levant
 [Martin Niemöller]: https://en.wikipedia.org/wiki/First_they_came_...
 
+----
+
 > For the sake of transparency, I should state have ordered a laptop
 > from Purism about a month ago and the machine was "dead on arrival"
 > when it arrived last week. I've also been having trouble getting the

fix more stuff
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index b616499a..1747d31c 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -86,8 +86,7 @@ because they don't have a "shared Mastodon[^3] timeline".
 [This post]: https://social.libre.fi/notice/9iZw5AqQ5qKjgFWm5Q
 [Kyle Rankin]: https://kylerank.in/
 
-Indeed you can see for yourself that, in their [code of
-conduct][code-of-conduct], they explicitely state that:
+Concretely, their [code of conduct][code-of-conduct] states that:
 
 > This Code of Conduct is adapted from the [Community Covenant][],
 > The only change made was to remove the list of examples in the
@@ -117,12 +116,13 @@ In comparison, this is how the Purism code begins:
 > experience for everyone. We do not tolerate harassment of
 > participants in any form.
 
-Purism seems to pivot around "legally protected free speech" and argue
-that "harrassment is not legally protected" which is why it's not
-allowed in their code of conduct. Their argument is they shouldn't
-decide what's allowed on their own server and instead seem to delegate
-this to the US constitution and law enforcement. Indeed, in their
-[FAQ][], we can read:
+By removing specific the list of unacceptable behavior, they are
+implicitely allowing it. Purism seem to pivot around "legally
+protected free speech" and argue that "harrassment is not legally
+protected" which is why it's not allowed in their code of
+conduct. Their argument is they shouldn't decide what's allowed on
+their own server and instead seem to delegate this to the US
+constitution and law enforcement. Indeed, their [FAQ][] says:
 
  [FAQ]: https://librem.one/#faq
 
@@ -224,7 +224,7 @@ like. This is also how [XKCD put it][]:
 > And they're showing you the door.
 
 For the record, I used to be a free speech absolutist myself. But I
-have since then reviewed my positions on this: I think free speech,
+have since then reviewed my position on this: I think free speech,
 like any human right, is not absolute, and should take into account
 political and social dynamics. Free speech, right now, is not in
 danger, or at least specifically not right wing fear-mongering, racism
@@ -236,10 +236,9 @@ Hate speech was the prelude to the rise of facism in the early 20th
 century. Those fascists support free speech as long as it serves their
 purpose, but they are the first to destroy it when they are back in
 power. Not only figuratively, through censorship, but litterally, by
-brutally harrassing, beating up, and murdering people. By allowing
-hate speech, we are paving the way for those people to come out of the
-closet and pose more daring actions. Free speech currently favors
-radicalisation of the right wing.
+harrassing, beating up, and murdering people. By allowing hate speech,
+we are paving the way for those people to come out of the closet and
+pose more daring actions.
 
 We can already see this happening in the US and elsewhere:
 
@@ -265,7 +264,7 @@ We can already see this happening in the US and elsewhere:
 [Gab social network]: https://en.wikipedia.org/wiki/Gab_(social_network)
 [murdered eleven people]: https://en.wikipedia.org/wiki/Pittsburgh_synagogue_shooting
 [murdered nine african-americans]: https://en.wikipedia.org/wiki/Charleston_church_shooting
-[fascist rally in Virginia, USA]: https://en.wikipedia.org/wiki/Unite_the_Right_rally
+[fascist rally in Virginia]: https://en.wikipedia.org/wiki/Unite_the_Right_rally
 [Heather Heyer]: https://en.wikipedia.org/wiki/Charlottesville_car_attack
 
 This is real. This is now. This is what Purism enables by tolerating

some typos
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index b93bd5b5..b616499a 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -10,7 +10,7 @@ code of conduct and rinse it down to create a absolutist "free speech
 zone".
 
 This is a serious mistake and will create an escape hatch from
-mainstream social media for neo-nazis, trolls, masculists and other
+mainstream social media for neo-nazis, trolls, masculinists and other
 scum[^1] of the internet. Purism should not be part of this, and if they
 do not revert this stance, I will discourage anyone from doing
 business with them ever again.
@@ -74,19 +74,19 @@ disagree with.
 
 [code-of-conduct]: https://librem.one/conduct/
 
-[This post][][^2] is what brought the problem to my attention. It
-includes screenshots from a conversation with [Kyle Rankin][], the
-Purism Chief Security Officer. Rankin explains they don't need to list
-"bad behaviors" in their code of conduct because "harrassment"
-suffices and also argues that control over content isn't required
-because they won't have a shared Mastodon[^3] timeline.
+[This post][] is what brought the problem to my attention. It includes
+screenshots[^2] from a conversation with [Kyle Rankin][], the Purism
+Chief Security Officer where he claims that Purism doesn't need to
+list "bad behaviors" in their code of conduct because "harrassment"
+suffices. He also argues that control over content isn't required
+because they don't have a "shared Mastodon[^3] timeline".
 
 [2]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/0a7b2b84ec4600decf6fb8e0b243be5204fb63a9513384d9f8aa483f681aadd3.png?name=Screenshot%20from%202019-05-07%2016-36-10.png
 [1]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/ab602faf530926ab984bb33c16cab8055606ea636ee41c4b1efd99aa8ff3ed42.png?name=Screenshot%20from%202019-05-07%2016-36-26.png
 [This post]: https://social.libre.fi/notice/9iZw5AqQ5qKjgFWm5Q
 [Kyle Rankin]: https://kylerank.in/
 
-And inded you can see for yourself that, in their [code of
+Indeed you can see for yourself that, in their [code of
 conduct][code-of-conduct], they explicitely state that:
 
 > This Code of Conduct is adapted from the [Community Covenant][],
@@ -299,8 +299,8 @@ groups?
 [^1]: [scum][], the topmost liquid layer of a cesspool or septic
     tank, a reprehensible person or persons. [Nazi Scum][].
 
-[^2]: The screenshots are broken in the thread, but here are Internet
-      Archive links [1][] [2][].
+[^2]: The screenshots do not display correctly in the thread, but here
+      are Internet Archive links: [1][] [2][].
 
 [^3]: For context, Mastodon is a Twitter/Twitdeck clone that
       implements standard federated protocol and can interoperate with

rant on free speech bullshit
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
new file mode 100644
index 00000000..b93bd5b5
--- /dev/null
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -0,0 +1,318 @@
+[[!meta title="On free speech at Puri.sm"]]
+
+I have been cautiously enthusiastic about [Puri.sm][]. They have done
+interesting work [liberating their own hardware][Coreboot support] from the clutches
+of [Intel backdoors][neutralizing IME] and are enthusistically creating a [new kind
+of phone][]. Recently, they figured they would also become a [new
+hosting provider][] but that not going as well as one might hope. It
+seems they have decided to rewrite the standard [Community Covenant][]
+code of conduct and rinse it down to create a absolutist "free speech
+zone".
+
+This is a serious mistake and will create an escape hatch from
+mainstream social media for neo-nazis, trolls, masculists and other
+scum[^1] of the internet. Purism should not be part of this, and if they
+do not revert this stance, I will discourage anyone from doing
+business with them ever again.
+
+An introduction to the Purism projects
+======================================
+
+In a private mailing list, I summarized the situation of the Librem
+projects as follows:
+
+[new kind of phone]: https://puri.sm/products/librem-5/
+[new hosting provider]: https://librem.one/
+[Coreboot support]: https://puri.sm/posts/librem-13-coreboot-report-february-25th-2017/
+[neutralizing IME]: https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/
+[Puri.sm]: https://puri.sm
+
+>> Hi all,
+>>
+>> Do people on this list have any opinion about <https://librem.one> ?
+>
+> Overall, I think it's a good idea.
+>
+> Devil is in the details, however. There was some controversy on how
+> Purism has rebranded and forked existing free software projects without
+> giving clear credit in the original announcements. They have responded
+> to this, however, with [something I find somewhat satisfactory][].
+>
+> I'm a little concerned about Purism taking on too much: they started by
+> making laptops and ventured into forking Debian to have their own
+> distribution - a common pattern in hardware manufacturers supporting
+> Debian, same happened with System76. But now they are building a phone,
+> and not content with Android, they are building their own OS, based on
+> Debian, and I worry it will not deliver and disappoint a lot of people.
+>
+> This is another venture that, coming from a hardware manufacturer, I am
+> also somewhat worried about. Launching, simultaneously, an Email, Chat,
+> social networking and VPN provider is a very ambitious goals. Members of
+> our communities have been spending years deploying those services and
+> it's a little frustrating to see Purism just barge in there and offer
+> their services, for a fee on top of that.
+>
+> But I will be the first to recognize that running services comes at a
+> cost: hardware, cooling, real-estate and especially labor are not
+> free. So I think it's fair they charge a price, and a fair one at that
+> too.
+>
+> So I wish them good luck and I am curious to see where it will go. At
+> least they picked federated protocols which interoperate with our stuff:
+> that is good. I'm worried they will undercut other community providers
+> like ours, but I guess the more the merrier...
+
+[something I find somewhat satisfactory]: https://puri.sm/posts/how-purism-works-upstream-and-gives-back/
+
+The Purism code of conduct tolerates Nazis
+==========================================
+
+Now something else came up and that's the [Librem.one code of
+conduct][code-of-conduct] which more less says "Nazis are okay, as long as they
+don't harrass people", a position which I have come to fundamentally
+disagree with.
+
+[code-of-conduct]: https://librem.one/conduct/
+
+[This post][][^2] is what brought the problem to my attention. It
+includes screenshots from a conversation with [Kyle Rankin][], the
+Purism Chief Security Officer. Rankin explains they don't need to list
+"bad behaviors" in their code of conduct because "harrassment"
+suffices and also argues that control over content isn't required
+because they won't have a shared Mastodon[^3] timeline.
+
+[2]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/0a7b2b84ec4600decf6fb8e0b243be5204fb63a9513384d9f8aa483f681aadd3.png?name=Screenshot%20from%202019-05-07%2016-36-10.png
+[1]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/ab602faf530926ab984bb33c16cab8055606ea636ee41c4b1efd99aa8ff3ed42.png?name=Screenshot%20from%202019-05-07%2016-36-26.png
+[This post]: https://social.libre.fi/notice/9iZw5AqQ5qKjgFWm5Q
+[Kyle Rankin]: https://kylerank.in/
+
+And inded you can see for yourself that, in their [code of
+conduct][code-of-conduct], they explicitely state that:
+
+> This Code of Conduct is adapted from the [Community Covenant][],
+> The only change made was to remove the list of examples in the
+> interest of readability.
+
+[Community Covenant]: https://community-covenant.net
+
+This seems innocuous enough, but the changes go beyond simply
+"readability". This is how the Covenant code of conduct actually
+begins:
+
+> Our pledge
+>
+> In the interest of fostering an open and welcoming environment, we
+> as contributors and maintainers pledge to making participation in
+> our project and our community a harassment-free experience for
+> everyone, regardless of age, body size, disability, ethnicity,
+> gender identity and expression, level of experience, nationality,
+> personal appearance, race, religion, or sexual identity and
+> orientation.
+
+In comparison, this is how the Purism code begins:
+
+> Our goal
+>
+> This community is dedicated to providing a harassment-free
+> experience for everyone. We do not tolerate harassment of
+> participants in any form.
+
+Purism seems to pivot around "legally protected free speech" and argue
+that "harrassment is not legally protected" which is why it's not
+allowed in their code of conduct. Their argument is they shouldn't
+decide what's allowed on their own server and instead seem to delegate
+this to the US constitution and law enforcement. Indeed, in their
+[FAQ][], we can read:
+
+ [FAQ]: https://librem.one/#faq
+
+> How do I report illegal content?
+> 
+> Any illegal content or illegal acts should be reported to the
+> appropriate authorities who are equipped to handle it.
+
+So it's not just a matter of "readability", but also that they don't
+*actually* want to "restrict free speech".  This seems to me, at best
+a cop-out that leaves victims totally on their own, and, at worst,
+creates a "safe space" for neo-nazis to escape the narrowing controls
+imposed on larger platforms like Twitter, Facebook and Reddit. This is
+the same position that "big tech" (as Purism calls its competitors)
+are taking. They are trying really hard to remove themselves from the
+editorial process and claim they are not responsible for content.
+
+In practice, this is a little white lie: Facebook, Twitter and all
+those platforms employ armies of moderators that constantly police
+their network.[^4] The question, therefore, is what that platform
+specifically allows and refuses. Pornography, for example, is
+definitely allowed "legally protected free speech" in the USA, yet
+it's forbidden on Facebook. Some large providers have also started to
+crack down on neo-nazis, like Facebook, Youtube, Apple, and Spotify
+[banning Alex Jones][] from their networks. Twitter seems slower to
+follow and [some claim][] that's because they might they risk banning
+Republicans as well because they confuse artificial intelligence (and,
+arguably, human intelligence as well).
+
+[banning Alex Jones]: https://www.theguardian.com/technology/2018/aug/06/apple-removes-podcasts-infowars-alex-jones
+[some claim]: https://motherboard.vice.com/en_us/article/a3xgq5/why-wont-twitter-treat-white-supremacy-like-isis-because-it-would-mean-banning-some-republican-politicians-too
+[The Moderators]: https://www.imdb.com/title/tt6628328/
+[The Cleaners]: https://www.imdb.com/title/tt7689936/
+[this article on The Verge]: https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona
+
+Free speech absolutism and its impacts
+======================================
+
+The first impact of this is that some Mastodon servers are blocking
+the Purism instance altogether. This makes Purism's claims of
+federation somewhat dishonest:
+
+> Yes, you can follow and fully interact with people inside or outside
+> the librem.one domain. (not locked-in to one technology company)
+
+Of course, that's the nature of federation, but I am not aware of such
+a *company* (especially one which claims to have a [social purpose][])
+blocked right off the bat from the federation.
+
+[social purpose]: https://puri.sm/about/social-purpose/
+
+The second impact, of course, is that free speech fanatics, the
+alt-right, and neo-nazis are soon going to invade that space. The hordes
+of trolls, tired of getting banned on Twitter, will be [happy][] to find a
+safe haven on Librem.one, especially since there will be a juicy
+community of unsuspecting "social justice warriors" like me there to
+troll and brutalize.
+
+[happy]: https://forums.puri.sm/t/librem-social-a-free-speech-zone/5632/
+
+There's a long history of tolerating hate speech in the USA, based on
+the US constitution, at least from state institutions. As a reminder,
+the [first amendment][] says that:
+
+[first amendment]: https://en.wikipedia.org/wiki/First_Amendment_to_the_United_States_Constitution
+
+> Congress shall make no law respecting an establishment of religion,
+> or prohibiting the free exercise thereof; or abridging the freedom
+> of speech, or of the press; or the right of the people peaceably to

(Diff truncated)
yolo
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index c31acb2d..1faa4f8c 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -178,11 +178,11 @@ Our final setup would look something like this:
 
 So I've spread out the gear acquisition in multiple phases...
 
-### Phase I: just vocals, ~650$
+### Phase I: just vocals, ~600$
 
 We already have a stand and SM58 + cable, so we just need:
 
- * Speaker(s): 650$ (Yamaha DBR12 or DBR10, or JBL EON 610)
+ * Speaker(s): Yamaha DBR12 or DBR10, or JBL EON 610
    * Archambault: rien
    * Diplomate: JBL PRX710 pair for 1450$ (725$ each?)
    * Long & Mcquade: [EON 610: 540$](https://www.long-mcquade.com/87338/Pro-Audio---Recording/PA-Speaker-Cabinets/JBL/EON610-10---Powered-Speaker-w--Bluetooth.htm), [DBR10 10" 520$](https://www.long-mcquade.com/88398/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DBR10-10---2-Way-Powered-Loudspeaker.htm), [DBR12

moar shoppin'
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index a68a19de..c31acb2d 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -183,6 +183,12 @@ So I've spread out the gear acquisition in multiple phases...
 We already have a stand and SM58 + cable, so we just need:
 
  * Speaker(s): 650$ (Yamaha DBR12 or DBR10, or JBL EON 610)
+   * Archambault: rien
+   * Diplomate: JBL PRX710 pair for 1450$ (725$ each?)
+   * Long & Mcquade: [EON 610: 540$](https://www.long-mcquade.com/87338/Pro-Audio---Recording/PA-Speaker-Cabinets/JBL/EON610-10---Powered-Speaker-w--Bluetooth.htm), [DBR10 10" 520$](https://www.long-mcquade.com/88398/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DBR10-10---2-Way-Powered-Loudspeaker.htm), [DBR12
+     12" 1000W 650$](https://www.long-mcquade.com/88406/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DBR12-12---2-Way-1000W-Powered-Loudspeaker.htm), [DXR10: 750$](https://www.long-mcquade.com/94352/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DXR-10-10---2-Way-1100W-Powered-Speaker.htm)
+   * Music Red One: [EON 610 580$](https://musicredone.com/collections/speakers/products/jbl-eon610), no Yamaha
+   * Steve's: [EON 610: 540$](https://stevesmusic.com/en/p-a-live-sound/speakers/jbl-eon-610.html), [DXR10: 760$](https://stevesmusic.com/en/p-a-live-sound/speakers/yamaha-dxr-10-powered-speaker-ea.html), [DBR10 520$](https://stevesmusic.com/en/p-a-live-sound/portable-systems/yamaha-dbr10-active-monitor-ea.html)
 
 ### Phase II: mono recording, ~650$
 
@@ -214,4 +220,25 @@ and a more elaborate audio interface.
 
 [Soundcraft Notepad 102]: https://www.soundcraft.com/products/notepad-102
 
+Shops
+=====
+
+This list was built mostly for rentals, but also features shops that
+sell the gear:
+
+ * [Archambault](https://www.archambault.ca/Localisateur): 250, Jean-Talon Est, 514 849-8589
+ * <http://boiteamusique.ca>: not much sono stuff, mostly guitar/amps
+   rental
+ * [Diplomate Musique](http://www.musiquediplomate.com/): 311 Beaubien East, 514-274-5413
+ * [Long & McQuade](https://www.long-mcquade.com/locations/Quebec/): 10715, boulevard Pie-IX Phone: 514-388-9259,
+   10h-~17h, ~65$ for mixer/amp/mikes rental
+ * [Music Red One](https://musicredone.com/): 2069 Avenue Chartier, Dorval, +1-514-225-2226
+ * [Nantel](https://www.nantelmusique.ca/default.aspx?pageId=5&lang=fr): same
+ * [Twigg](https://www.twiggmusique.com/fr/service/location-montreal/): same
+ * [Solotech](https://www.solotech.com/contact-us/):  8-17h,  ~140$ for mixer/amp/mikes rental
+ * [Steve's](https://stevesmusic.com/en/contacts/): 150 st-antoine, 97$ for mixer/amp/mikes rental, 15$
+   par mike, 10-17h, 1-877-978-3837
+ * Centre musical Ahuntsic Inc. closed? 8979 rue Lajeunesse, Montréal,
+   H2M 1S1 514 514-388-6001
+
 [[!tag research]]

headphones updates
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index a264a02a..a68a19de 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -5,8 +5,9 @@ Headphones and mikes
 
 Recommended by a friend:
 
- * [Sennheiser HD 280 PRO](https://en-us.sennheiser.com/hd-280-pro): 100$, replacable pads and jack, no
-   mike, [100$USD B&H](https://www.bhphotovideo.com/c/product/1253444-REG/sennheiser_hd_280_pro_circumaural.html)
+ * [Sennheiser HD 280 PRO](https://en-us.sennheiser.com/hd-280-pro): 100$, <del>replacable pads and
+   jack</del> (don't know where i got that idea), no mike, [100$USD
+   B&H](https://www.bhphotovideo.com/c/product/1253444-REG/sennheiser_hd_280_pro_circumaural.html) (update: bought those at a local store for ~130$CAD)
  * [modmic](https://antlionaudio.com/) (e.g.) [4](https://antlionaudio.com/collections/modmic-for-gaming/products/modmic-4): 50$, juste le mike, s'accroche sur des
    headphones existants, besoin d'un adaptateur TRS/TRRS pour
    "fusionner" les deux, [40$USD B&H](https://www.bhphotovideo.com/c/product/1213105-REG/antlion_audio_gdl_0422_modmic_4_0_cardioid.html)
@@ -19,6 +20,11 @@ Recommended by a friend:
    stress-testing](https://www.youtube.com/watch?v=t5SPvZWgw7M)), apparently indestructible, pads, no mike,
    200EUR (!)
 
+Update: the 280 pro are really awesome headphones. I listened to
+[Girraffes? Giraffes!](https://www.giraffesgiraffes.com/)'s entire [More Skin With Milk-Mouth](https://giraffesgiraffes.bandcamp.com/album/more-skin-with-milk-mouth-2015-remaster) in a
+quasi-transe. They block the outside sound surprisingly well, are
+super comfortable and sound extremely well.
+
 Inventory
 ---------
 

add art of the commandline
diff --git a/services/welcome.mdwn b/services/welcome.mdwn
index b37aa6df..cb43b393 100644
--- a/services/welcome.mdwn
+++ b/services/welcome.mdwn
@@ -71,10 +71,12 @@ commande | utilité
 `mtr`    | trouver le chemin vers un site (control-c pour sortir!)
 
 Voir aussi le tutoriel de [linuxcommand.org][]. Des références plus
-avancées sont également disponibles sur [Learn Linux the Hard Way][],
-[the art of the commandline][] et [the UNIX toolbox][].
+avancées sont également disponibles sur [Introduction to the command
+line][] [Learn Linux the Hard Way][], [the art of the commandline][]
+et [the UNIX toolbox][].
 
  [linuxcommand.org]: http://linuxcommand.org/lc3_learning_the_shell.php
+ [Introduction to the command line]: http://booki.flossmanuals.net/command-line/
  [Learn Linux the Hard Way]: https://nixsrv.com/llthw
  [the art of the commandline]: https://github.com/jlevy/the-art-of-command-line
  [the UNIX toolbox]: http://cb.vu/unixtoolbox.xhtml

expand on some hardware details of the purism
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index d4d5b1fd..06a7b5c7 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -260,8 +260,10 @@ https://puri.sm/products/librem-13/
  * Touch interface: Elantech Multitouch Trackpad
  * Thermal design: Low noise fan
 
-Killed by the lack of an ethernet port (WTF seriously) and custom
-power cable (hard to find parts, WYNO USBC??).
+Downside: no ethernet port (WTF seriously) and no power on USB-C. At
+least the power connector is [somewhat standard](https://learn.sparkfun.com/tutorials/connector-basics/power-connectors): 19V DC on a 5.5mm
+sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki/IEC_60320#C5/C6_coupler) for the AC side
+(as opposed to the more standard C13/C14 coupler, mind you).
 
 Dell
 ----

details on the storage specs
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 634adc52..d4d5b1fd 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -244,7 +244,7 @@ https://puri.sm/products/librem-13/
  * Display: 13.3"
  * Graphics: Intel HD Graphics 620
  * Memory: Up to 16GB, DDR4 at 2133 MHz
- * Storage: Configurable
+ * Storage: 2.5" SATA + NVMe-capable M.2 slots
  * Chassis: Black anodized aluminium
  * Webcam: 720p 1.0 megapixel
  * Dimensions: 325×219×18mm

new monthlies
diff --git a/software/packages.yml b/software/packages.yml
index 12915766..86108d1d 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -190,6 +190,7 @@
       - xterm
       - webext-browserpass
       - webext-ublock-origin
+      - xournal
       - yubikey-personalization
       - yubikey-manager
       - zotero-standalone
@@ -233,6 +234,7 @@
       - elpa-company
       - elpa-company-go
       - elpa-elpy
+      - elpa-flycheck
       - elpa-ledger
       - elpa-magit
       - elpa-mailscripts
@@ -260,6 +262,7 @@
       - git-email
       - git-extras
       - git-mediawiki
+      - git-review
       - git-svn
       - github-backup
       - gitlint
@@ -283,6 +286,7 @@
       - ipython3
       - jq
       - kicad
+      - librarian-puppet
       - libterm-readkey-perl
       - libtext-bibtex-perl
       - libsearch-xapian-perl
@@ -299,6 +303,8 @@
       - pastebinit
       - perl-doc
       - po4a
+      - puppet
+      - puppet-lint
       - pv
       - pypi2deb
       - python

Added a comment: State of collaborative editors in 2019
diff --git a/blog/2018-06-26-collaborative-editors-history/comment_13_e6f10faa08f541c2741961a7c74811a0._comment b/blog/2018-06-26-collaborative-editors-history/comment_13_e6f10faa08f541c2741961a7c74811a0._comment
new file mode 100644
index 00000000..883fcf09
--- /dev/null
+++ b/blog/2018-06-26-collaborative-editors-history/comment_13_e6f10faa08f541c2741961a7c74811a0._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="96.127.232.203"
+ claimedauthor="Robin Millette"
+ url="http://robin.millette.info/"
+ subject="State of collaborative editors in 2019"
+ date="2019-05-07T12:37:19Z"
+ content="""
+Comprehensive article, [State of collaborative editors in 2019](https://juretriglav.si/open-source-collaborative-text-editors/)
+"""]]

split shopping in phases
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 8b2a8865..a264a02a 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -166,19 +166,33 @@ Our final setup would look something like this:
    4-track out or inserts, all analog)
  * Audio interface: [Scarlett 2i2](https://focusrite.com/usb-audio-interface/scarlett/scarlett-2i2) for now, although that's only
    two mono input because our patch cables are mono
- * 4x1' mono patch cables for the interconnect
+ * 4x1' (mono?) patch cables for the interconnect
 
-Of this, I need to get:
+## Shopping list
+
+So I've spread out the gear acquisition in multiple phases...
+
+### Phase I: just vocals, ~650$
+
+We already have a stand and SM58 + cable, so we just need:
 
  * Speaker(s): 650$ (Yamaha DBR12 or DBR10, or JBL EON 610)
+
+### Phase II: mono recording, ~650$
+
+This second phase enables recording through the Notepad 102 mixer and
+Scarlett audio interface. Still need to figure out patch cabling.
+
  * Mikes: 390$ (3xSM58 for two voice, one "drums", nico will provide an extra
    that will serve as an extra for drums or his amp eventually)
- * Stands: 105$ (2 regular voice (2x40=80$), one mini for guitar, ~25$)
+ * Stands: 105$ (2 regular for voice and drums (2x40=80$), one mini for guitar, ~25$)
  * Cabling: 134$ (4xXLR/XLR (4x27=108$), 2xXLR/TRS (2x23=26$) while we
    wait for a new mixer)
- * Total first round: 1279$
 
-Second round would involve:
+### Phase III: four+ track recording, ~800$
+
+This enables stereo or four-track recording, or even more with inserts
+and a more elaborate audio interface.
 
  * [Soundcraft EPM8][]: 430$
  * Something like a [Prosonus Studio 68](https://www.long-mcquade.com/87374/Pro-Audio---Recording/Audio-Interfaces/Presonus/Studio-68-6-In-8-Out-USB-Audio-Interface.htm): 340$ (6 in / 8 out) or
@@ -186,6 +200,9 @@ Second round would involve:
  * Possibly a [8x8 snake](https://www.long-mcquade.com/82662/Pro-Audio---Recording/Cables/Hosa/Insert-Snake-1-4---TRS---Dual-1-4---TS---2-meters.htm) to insert the mixer in the audio console
    (60$) or more [TRS jacks](https://www.long-mcquade.com/3283/Pro_Audio_Recording/Cables/Yorkville_Sound/Link_Audio_Dual_1_4_to_1_4_Cable_-_3_foot.htm) or [TRS stereo jacks](https://www.long-mcquade.com/1665/Pro_Audio_Recording/Cables/Yorkville_Sound/Link_Audio_1_4_TRS-M_to_2x_RCA-M_Y-Cable_-_10_foot.htm), i don't
    frigging know
+
+### Phase IV: better drum mikes and stereo PA, 500-100$+
+
  * Three more mike sets for the drums (~600$)
  * Possibly another speaker for gigs (500$+)
 

one more spam
diff --git a/blog/2015-09-09-bootstrap/comment_12_5da93911c21eec687362b51f804bbc23._comment b/blog/2015-09-09-bootstrap/comment_12_5da93911c21eec687362b51f804bbc23._comment
deleted file mode 100644
index 471f1e25..00000000
--- a/blog/2015-09-09-bootstrap/comment_12_5da93911c21eec687362b51f804bbc23._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.135"
- claimedauthor="fsscas"
- url="http://www.fsscas.com/"
- subject="fsscas"
- date="2019-05-04T09:22:27Z"
- content="""
-<a href=\"http://www.yeliseeva.com/polo-zip-neck-sweater-poloh\">polo zip neck sweater</a> <a href=\"http://www.miembrojr.com/nike-lebron-13-mens-red-shoesi\">nike lebron 13 mens red</a> <a href=\"http://www.faridekhalaf.com/air-jordan-retro-12-grey-pink-shoesk\">air jordan retro 12 grey pink</a> <a href=\"http://www.rawbiofast.com/adidas-ultra-boost-mint-gr%C3%B8nn-obuvq\">adidas ultra boost mint gr酶nn</a> <a href=\"http://www.mabarrel.com/herre-nike-zoom-structure-18-hvid-gul-skoj\">herre nike zoom structure 18 hvid gul</a> <a href=\"http://www.almarsecurity.com/air-jordan-true-flight-rosa-gituttio-scarpeq\">air jordan true flight rosa gituttio</a>
- <a href=\"http://www.fsscas.com/\" >fsscas</a> [url=http://www.fsscas.com/]fsscas[/url]
-"""]]

removed
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_20_43c71dacdccc682af9b11b99fd21b7f8._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_20_43c71dacdccc682af9b11b99fd21b7f8._comment
deleted file mode 100644
index eb075c1d..00000000
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_20_43c71dacdccc682af9b11b99fd21b7f8._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="36.250.185.111"
- claimedauthor="sfcigar"
- url="http://www.sfcigar.com/"
- subject="sfcigar"
- date="2019-05-04T10:27:23Z"
- content="""
-<a href=\"http://www.dowsadvocate.com/mizuno-r%C3%B8d-sko-skoh\">mizuno r酶d sko</a> <a href=\"http://www.laflammesinc.com/femminile-asics-gel-noosa-tri-10-rosa-volt-blu-scarpei\">femminile asics gel noosa tri 10 rosa volt blu</a> <a href=\"http://www.thisisitnyc.com/tutti-grigio-converse-high-tops-scarpej\">tutti grigio converse high tops</a> <a href=\"http://www.tuurulz.com/old-time-hockey-montreal-canadiens-27-alex-galchenyuk-cream-hoodie-nflh\">old time hockey montreal canadiens 27 alex galchenyuk cream hoodie</a> <a href=\"http://www.todotecnicos.com/coach-leatherware-wallet-coachh\">coach leatherware wallet</a> <a href=\"http://www.xaviersarrate.com/nike-air-max-2016-nero-scarpei\">nike air max 2016 nero</a>
- <a href=\"http://www.sfcigar.com/\" >sfcigar</a> [url=http://www.sfcigar.com/]sfcigar[/url]
-"""]]

removed
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_5b7a317e64e0e84a5a8881a7c77bd9ef._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_5b7a317e64e0e84a5a8881a7c77bd9ef._comment
deleted file mode 100644
index 07fcd63b..00000000
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_5b7a317e64e0e84a5a8881a7c77bd9ef._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="112.111.163.141"
- claimedauthor="nike lunarglide 7 mens grey"
- url="http://www.tumbhimall.com/nike-lunarglide-7-mens-grey-shoesk"
- subject="nike lunarglide 7 mens grey"
- date="2019-05-04T07:27:52Z"
- content="""
-<a href=\"http://www.gaiaescort.com/oakley-ten-x-sunglasses-sunglassesh\">oakley ten x sunglasses</a> <a href=\"http://www.hatbest.com/missouri-tigers-cap-hatj\">missouri tigers cap</a> <a href=\"http://www.playcheater.com/maschio-mizuno-wave-prophecy-5-nero-argento-scarpej\">maschio mizuno wave prophecy 5 nero argento</a> <a href=\"http://www.alanyalinks.com/asics-gel-lyte-iii-rosa-schuhei\">asics gel lyte iii rosa</a> <a href=\"http://www.mxclimited.com/kvinders-nike-kd-10-hvid-skoh\">kvinders nike kd 10 hvid</a> <a href=\"http://www.ueaydin.com/houston-rockets-home-jersey-nfli\">houston rockets home jersey</a>
- <a href=\"http://www.tumbhimall.com/nike-lunarglide-7-mens-grey-shoesk\" >nike lunarglide 7 mens grey</a> [url=http://www.tumbhimall.com/nike-lunarglide-7-mens-grey-shoesk]nike lunarglide 7 mens grey[/url]
-"""]]

removed
diff --git a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_6_186ef45075f4c255ea5aada8ff36df80._comment b/blog/2015-02-06-migrating-drupal-ikiwiki/comment_6_186ef45075f4c255ea5aada8ff36df80._comment
deleted file mode 100644
index cb392d07..00000000
--- a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_6_186ef45075f4c255ea5aada8ff36df80._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.219"
- claimedauthor="gcpoloclub"
- url="http://www.gcpoloclub.com/"
- subject="gcpoloclub"
- date="2019-05-04T08:11:11Z"
- content="""
-<a href=\"http://www.imfunniest.com/nero-and-royal-blu-mizuno-volleybtutti-scarpe-scarpei\">nero and royal blu mizuno volleybtutti scarpe</a> <a href=\"http://www.emissariesbc.com/nike-tf-footbtodas-mercurial-victory-v-rosado-negro-zapatosh\">nike tf footbtodas mercurial victory v rosado negro</a> <a href=\"http://www.partnersspa.com/nike-air-max-2015-alle-hvid-skok\">nike air max 2015 alle hvid</a> <a href=\"http://www.antirealtor.com/nike-stefan-janoski-hvit-svart-obuvi\">nike stefan janoski hvit svart</a> <a href=\"http://www.jkjuiceplus.com/nike-air-force-1-low-negro-vivid-azul-zapatosl\">nike air force 1 low negro vivid azul</a> <a href=\"http://www.bkindvending.com/ray-ban-wayfarer-55mm-tortoise-sunglassesh\">ray ban wayfarer 55mm tortoise</a>
- <a href=\"http://www.gcpoloclub.com/\" >gcpoloclub</a> [url=http://www.gcpoloclub.com/]gcpoloclub[/url]
-"""]]

removed
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_e87460f10058d775e41818f15ac63e42._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_e87460f10058d775e41818f15ac63e42._comment
deleted file mode 100644
index 16a96f93..00000000
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_e87460f10058d775e41818f15ac63e42._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="175.44.32.194"
- claimedauthor="cletalover"
- url="http://www.cletalover.com/"
- subject="cletalover"
- date="2018-11-13T01:29:03Z"
- content="""
-<a href=\"http://www.myvetsbest.com/grey-converse-shoesz\">grey converse</a> <a href=\"http://www.manskapsboden.com/kobe-11-shoe-11bhm-runningf\">kobe 11 shoe 11bhm</a> <a href=\"http://www.ericaamadori.com/air-jordan-8-aqua-size-9-skor\">air jordan 8 aqua size 9</a> <a href=\"http://www.heppemobil.com/nike-lebron-11-mens-grey-orange-shoesg\">nike lebron 11 mens grey orange</a> <a href=\"http://www.blickpoy.com/mulberry-hibiscus-lily-mulberryr\">mulberry hibiscus lily</a> <a href=\"http://www.purchasemenu.com/adidas-ultra-boost-hoodie-awards-skog\">adidas ultra boost hoodie awards</a>
- <a href=\"http://www.cletalover.com/\" >cletalover</a> [url=http://www.cletalover.com/]cletalover[/url]
-"""]]

removed
diff --git a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_83194a2fd32b411ac54976302be8998e._comment b/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_83194a2fd32b411ac54976302be8998e._comment
deleted file mode 100644
index 7590563e..00000000
--- a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_5_83194a2fd32b411ac54976302be8998e._comment
+++ /dev/null
@@ -1,10 +0,0 @@
-[[!comment format=mdwn
- ip="36.250.174.104"
- claimedauthor="moldedeps"
- url="http://www.moldedeps.com/"
- subject="moldedeps"
- date="2018-11-05T23:11:36Z"
- content="""
-<a href=\"http://www.turkayambalaj.com/nike-roshe-one-print-womens-shoes-skoe\">nike roshe one print womens shoes</a> <a href=\"http://www.enescomert.com/orange-grey-womens-nike-lebron-ambassador-9-shoes-skoc\">orange grey womens nike lebron ambassador 9 shoes</a> <a href=\"http://www.turkmendili.com/mens-nike-air-max-tailwind-5-blue-red-shoesc\">mens nike air max tailwind 5 blue red</a> <a href=\"http://www.nauticabg.com/billig-nike-payaa-herre-gr%C3%B8n-trainersb\">billig nike payaa herre gr酶n</a> <a href=\"http://www.elisajean.com/nike-kobe-a.d.-nxt-womens-purple-blue-skob\">nike kobe a.d. nxt womens purple blue</a> <a href=\"http://www.aesqpharm.com/air-jordan-12-retro-black-varsity-red-white-knight-sneakerb\">air jordan 12 retro black varsity red white knight</a>
- <a href=\"http://www.moldedeps.com/\" >moldedeps</a> [url=http://www.moldedeps.com/]moldedeps[/url]
-"""]]

Added a comment: sfcigar
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_20_43c71dacdccc682af9b11b99fd21b7f8._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_20_43c71dacdccc682af9b11b99fd21b7f8._comment
new file mode 100644
index 00000000..eb075c1d
--- /dev/null
+++ b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_20_43c71dacdccc682af9b11b99fd21b7f8._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="36.250.185.111"
+ claimedauthor="sfcigar"
+ url="http://www.sfcigar.com/"
+ subject="sfcigar"
+ date="2019-05-04T10:27:23Z"
+ content="""
+<a href=\"http://www.dowsadvocate.com/mizuno-r%C3%B8d-sko-skoh\">mizuno r酶d sko</a> <a href=\"http://www.laflammesinc.com/femminile-asics-gel-noosa-tri-10-rosa-volt-blu-scarpei\">femminile asics gel noosa tri 10 rosa volt blu</a> <a href=\"http://www.thisisitnyc.com/tutti-grigio-converse-high-tops-scarpej\">tutti grigio converse high tops</a> <a href=\"http://www.tuurulz.com/old-time-hockey-montreal-canadiens-27-alex-galchenyuk-cream-hoodie-nflh\">old time hockey montreal canadiens 27 alex galchenyuk cream hoodie</a> <a href=\"http://www.todotecnicos.com/coach-leatherware-wallet-coachh\">coach leatherware wallet</a> <a href=\"http://www.xaviersarrate.com/nike-air-max-2016-nero-scarpei\">nike air max 2016 nero</a>
+ <a href=\"http://www.sfcigar.com/\" >sfcigar</a> [url=http://www.sfcigar.com/]sfcigar[/url]
+"""]]

Added a comment: fsscas
diff --git a/blog/2015-09-09-bootstrap/comment_12_5da93911c21eec687362b51f804bbc23._comment b/blog/2015-09-09-bootstrap/comment_12_5da93911c21eec687362b51f804bbc23._comment
new file mode 100644
index 00000000..471f1e25
--- /dev/null
+++ b/blog/2015-09-09-bootstrap/comment_12_5da93911c21eec687362b51f804bbc23._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="36.248.162.135"
+ claimedauthor="fsscas"
+ url="http://www.fsscas.com/"
+ subject="fsscas"
+ date="2019-05-04T09:22:27Z"
+ content="""
+<a href=\"http://www.yeliseeva.com/polo-zip-neck-sweater-poloh\">polo zip neck sweater</a> <a href=\"http://www.miembrojr.com/nike-lebron-13-mens-red-shoesi\">nike lebron 13 mens red</a> <a href=\"http://www.faridekhalaf.com/air-jordan-retro-12-grey-pink-shoesk\">air jordan retro 12 grey pink</a> <a href=\"http://www.rawbiofast.com/adidas-ultra-boost-mint-gr%C3%B8nn-obuvq\">adidas ultra boost mint gr酶nn</a> <a href=\"http://www.mabarrel.com/herre-nike-zoom-structure-18-hvid-gul-skoj\">herre nike zoom structure 18 hvid gul</a> <a href=\"http://www.almarsecurity.com/air-jordan-true-flight-rosa-gituttio-scarpeq\">air jordan true flight rosa gituttio</a>
+ <a href=\"http://www.fsscas.com/\" >fsscas</a> [url=http://www.fsscas.com/]fsscas[/url]
+"""]]

Added a comment: gcpoloclub
diff --git a/blog/2015-02-06-migrating-drupal-ikiwiki/comment_6_186ef45075f4c255ea5aada8ff36df80._comment b/blog/2015-02-06-migrating-drupal-ikiwiki/comment_6_186ef45075f4c255ea5aada8ff36df80._comment
new file mode 100644
index 00000000..cb392d07
--- /dev/null
+++ b/blog/2015-02-06-migrating-drupal-ikiwiki/comment_6_186ef45075f4c255ea5aada8ff36df80._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="36.248.162.219"
+ claimedauthor="gcpoloclub"
+ url="http://www.gcpoloclub.com/"
+ subject="gcpoloclub"
+ date="2019-05-04T08:11:11Z"
+ content="""
+<a href=\"http://www.imfunniest.com/nero-and-royal-blu-mizuno-volleybtutti-scarpe-scarpei\">nero and royal blu mizuno volleybtutti scarpe</a> <a href=\"http://www.emissariesbc.com/nike-tf-footbtodas-mercurial-victory-v-rosado-negro-zapatosh\">nike tf footbtodas mercurial victory v rosado negro</a> <a href=\"http://www.partnersspa.com/nike-air-max-2015-alle-hvid-skok\">nike air max 2015 alle hvid</a> <a href=\"http://www.antirealtor.com/nike-stefan-janoski-hvit-svart-obuvi\">nike stefan janoski hvit svart</a> <a href=\"http://www.jkjuiceplus.com/nike-air-force-1-low-negro-vivid-azul-zapatosl\">nike air force 1 low negro vivid azul</a> <a href=\"http://www.bkindvending.com/ray-ban-wayfarer-55mm-tortoise-sunglassesh\">ray ban wayfarer 55mm tortoise</a>
+ <a href=\"http://www.gcpoloclub.com/\" >gcpoloclub</a> [url=http://www.gcpoloclub.com/]gcpoloclub[/url]
+"""]]

Added a comment: nike lunarglide 7 mens grey
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_5b7a317e64e0e84a5a8881a7c77bd9ef._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_5b7a317e64e0e84a5a8881a7c77bd9ef._comment
new file mode 100644
index 00000000..07fcd63b
--- /dev/null
+++ b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_5b7a317e64e0e84a5a8881a7c77bd9ef._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="112.111.163.141"
+ claimedauthor="nike lunarglide 7 mens grey"
+ url="http://www.tumbhimall.com/nike-lunarglide-7-mens-grey-shoesk"
+ subject="nike lunarglide 7 mens grey"
+ date="2019-05-04T07:27:52Z"
+ content="""
+<a href=\"http://www.gaiaescort.com/oakley-ten-x-sunglasses-sunglassesh\">oakley ten x sunglasses</a> <a href=\"http://www.hatbest.com/missouri-tigers-cap-hatj\">missouri tigers cap</a> <a href=\"http://www.playcheater.com/maschio-mizuno-wave-prophecy-5-nero-argento-scarpej\">maschio mizuno wave prophecy 5 nero argento</a> <a href=\"http://www.alanyalinks.com/asics-gel-lyte-iii-rosa-schuhei\">asics gel lyte iii rosa</a> <a href=\"http://www.mxclimited.com/kvinders-nike-kd-10-hvid-skoh\">kvinders nike kd 10 hvid</a> <a href=\"http://www.ueaydin.com/houston-rockets-home-jersey-nfli\">houston rockets home jersey</a>
+ <a href=\"http://www.tumbhimall.com/nike-lunarglide-7-mens-grey-shoesk\" >nike lunarglide 7 mens grey</a> [url=http://www.tumbhimall.com/nike-lunarglide-7-mens-grey-shoesk]nike lunarglide 7 mens grey[/url]
+"""]]

link
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 04deb683..8b2a8865 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -147,6 +147,9 @@ suspicious.
 [Thump12A 1300W 12"]: https://www.long-mcquade.com/91763/Pro-Audio---Recording/PA-Speaker-Cabinets/Mackie/Thump12A-1300W-12---Powered-Loudspeaker.htm
 [12" 200W]: https://www.long-mcquade.com/366/Pro_Audio_Recording/PA_Cabinets/Yorkville_Sound/NX_Series_Powered_Loudspeaker_-_12_inch_Woofer_-_200_Watts.htm
 
+Setup
+=====
+
 Our final setup would look something like this:
 
  * Speaker(s): Yamaha DBR12 or DBR10, or JBL EON 610

yolo
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 60890453..04deb683 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -180,6 +180,9 @@ Second round would involve:
  * [Soundcraft EPM8][]: 430$
  * Something like a [Prosonus Studio 68](https://www.long-mcquade.com/87374/Pro-Audio---Recording/Audio-Interfaces/Presonus/Studio-68-6-In-8-Out-USB-Audio-Interface.htm): 340$ (6 in / 8 out) or
    on of the Focusrite, to be reviewed
+ * Possibly a [8x8 snake](https://www.long-mcquade.com/82662/Pro-Audio---Recording/Cables/Hosa/Insert-Snake-1-4---TRS---Dual-1-4---TS---2-meters.htm) to insert the mixer in the audio console
+   (60$) or more [TRS jacks](https://www.long-mcquade.com/3283/Pro_Audio_Recording/Cables/Yorkville_Sound/Link_Audio_Dual_1_4_to_1_4_Cable_-_3_foot.htm) or [TRS stereo jacks](https://www.long-mcquade.com/1665/Pro_Audio_Recording/Cables/Yorkville_Sound/Link_Audio_1_4_TRS-M_to_2x_RCA-M_Y-Cable_-_10_foot.htm), i don't
+   frigging know
  * Three more mike sets for the drums (~600$)
  * Possibly another speaker for gigs (500$+)
 

yet another fucking shopping list
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 2ccb7493..60890453 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -137,6 +137,9 @@ speaker for 390$, suspiciously cheap.
 Yorkville is a little more expensive, [12" 200W][] for 450$ on sale
 at McQuade.
 
+Yamaha seem to have good shit, and is also more expensive. The [DBR12
+12" 1000W](https://www.long-mcquade.com/88406/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DBR12-12---2-Way-1000W-Powered-Loudspeaker.htm) is a whopping 650$.
+
 And of course, Behringer is cheaper than all of those, which makes me
 suspicious.
 
@@ -144,4 +147,42 @@ suspicious.
 [Thump12A 1300W 12"]: https://www.long-mcquade.com/91763/Pro-Audio---Recording/PA-Speaker-Cabinets/Mackie/Thump12A-1300W-12---Powered-Loudspeaker.htm
 [12" 200W]: https://www.long-mcquade.com/366/Pro_Audio_Recording/PA_Cabinets/Yorkville_Sound/NX_Series_Powered_Loudspeaker_-_12_inch_Woofer_-_200_Watts.htm
 
+Our final setup would look something like this:
+
+ * Speaker(s): Yamaha DBR12 or DBR10, or JBL EON 610
+ * Mikes:
+   * 1xSM58, stand and XLR/XLR for voice
+   * 1xSM57, mini-stand and XLR/XLR for guitar
+   * 1xSM58, stand and XLR/XLR for drums (ideally more, but we'll start
+     with that)
+   * 1xXLR/XLR for the bass
+   * 2xXLR/TRS for the guit and bass while we get a larger mixer with
+     enough XLR
+ * Mixer: [Soundcraft Notepad 102][] at first (2XLR, 2TRS stereo), eventually a
+   [Soundcraft EPM8][] for the flexibility (either stereo out or
+   4-track out or inserts, all analog)
+ * Audio interface: [Scarlett 2i2](https://focusrite.com/usb-audio-interface/scarlett/scarlett-2i2) for now, although that's only
+   two mono input because our patch cables are mono
+ * 4x1' mono patch cables for the interconnect
+
+Of this, I need to get:
+
+ * Speaker(s): 650$ (Yamaha DBR12 or DBR10, or JBL EON 610)
+ * Mikes: 390$ (3xSM58 for two voice, one "drums", nico will provide an extra
+   that will serve as an extra for drums or his amp eventually)
+ * Stands: 105$ (2 regular voice (2x40=80$), one mini for guitar, ~25$)
+ * Cabling: 134$ (4xXLR/XLR (4x27=108$), 2xXLR/TRS (2x23=26$) while we
+   wait for a new mixer)
+ * Total first round: 1279$
+
+Second round would involve:
+
+ * [Soundcraft EPM8][]: 430$
+ * Something like a [Prosonus Studio 68](https://www.long-mcquade.com/87374/Pro-Audio---Recording/Audio-Interfaces/Presonus/Studio-68-6-In-8-Out-USB-Audio-Interface.htm): 340$ (6 in / 8 out) or
+   on of the Focusrite, to be reviewed
+ * Three more mike sets for the drums (~600$)
+ * Possibly another speaker for gigs (500$+)
+
+[Soundcraft Notepad 102]: https://www.soundcraft.com/products/notepad-102
+
 [[!tag research]]

add notes about a new monitor
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
new file mode 100644
index 00000000..13839e6d
--- /dev/null
+++ b/hardware/monitor.mdwn
@@ -0,0 +1,58 @@
+[Monitors](https://en.wikipedia.org/wiki/Computer_monitor) are devices that display information visually. They can
+include speakers and other connectors like USB. They were connected
+through [VGA][] connectors for the long time, but that has generally
+been replaced by [HDMI](https://en.wikipedia.org/wiki/HDMI) connectors, with a short period during
+which [DVI][] connectors were produced. Resolutions vary too wildly
+wildly too mention here, see [this article for details][].
+
+[DVI]: https://en.wikipedia.org/wiki/Digital_Visual_Interface
+[VGA]: https://en.wikipedia.org/wiki/VGA_connector
+[this article for details]: https://en.wikipedia.org/wiki/Computer_display_standard
+
+Now I'm buying a new laptop and would love to have an external
+monitor. I can afford something better than the one I have now, but it
+can't quite be 4k yet, according to [this comment](https://forums.puri.sm/t/suitable-external-monitor-for-librem-13/5627/3?u=anarcat). The spec should
+be capped at "1440p at 60Hz", which I assume is 2560×1440 or
+[QuadHD](https://en.wikipedia.org/wiki/Graphics_display_resolution#2560_%C3%97_1440_(QHD,_WQHD)), which is already pretty good.
+
+Current monitor
+===============
+
+HP L2245wg
+----------
+
+ * 1680x1050 @ 60Hz (16:10)
+ * 22" TN Film
+ * 90° swivel, -5 to 35° tilt
+ * 45-65W
+ * VGA, DVI
+ * contrast: 1000:1
+ * 5ms
+ * 2 USB
+ * LCD
+
+[Upstream](https://support.hp.com/us-en/product/hp-l2245wg-22-inch-widescreen-lcd-monitor/3758498/manuals), [manual](http://h10032.www1.hp.com/ctg/Manual/c01555675), [specs](https://www.cnet.com/products/hp-l2245wg/).
+
+Possible monitors
+=================
+
+See also this discussion:
+
+<https://forums.puri.sm/t/suitable-external-monitor-for-librem-13/5627>
+
+See the selector: https://www.tftcentral.co.uk/selector.htm
+
+Full gamut
+----------
+
+ * Dell UP2516D (25") and UP2716D (27"), [1200$ bestbuy](https://m.bestbuy.ca/en-ca/product/dell-monitors-up2716d-27-in-screen-led-lit-monitor/11200611)
+
+Normal
+------
+
+ * [Viewsonic VP2768](https://www.viewsonic.com/us/monitors/shop/professional-monitors/vp2768.html#specs)
+
+Resources
+=========
+
+ * [TFT Central](https://www.tftcentral.co.uk): monitor database and reviews

more research
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index c148169f..2ccb7493 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -81,24 +81,67 @@ complicated:
 Mixers
 ======
 
+A&H seems to be the top of the line in build quality, but it's more
+expensive. The [ZED-12FX](https://www.long-mcquade.com/73151/Pro-Audio---Recording/Mixers/Allen---Heath/ZED-12FX-Mixer-with-USB-Connection-and-Effects.htm) is 700$CAD with 6 XLR/TRS and 3 line in,
+but only one stereo output bus. All lines have inserts.
+
+Prosonus seems to be next, with this [AR12](https://www.long-mcquade.com/74328/Pro-Audio---Recording/Mixers/Presonus/StudioLive-AR12-14-Channel-USB-Hybrid-Performance-and-Recording-Mixer.htm) at 650$ with 8 XLR or 4
+XLR and 4 stereo in (for 12 mono in). Only the first two lines have
+inserts. Builtin sd-card recorder with, apparently, 14/4 (14 in, 4
+out) USB support.
+
+The [Soundcraft EPM8][] is very interesting: 430$, with two stero
+output buses and inserts on all 8 XLR/TRS lines. No USB, for that you
+need to bump up to the [Signature 12MTK](https://www.long-mcquade.com/54582/Pro-Audio---Recording/Mixers/Soundcraft/Signature-12MTK-12-Channel-Mixer-with-14-in-12-out-USB-Interface.htm) at 730$ that has 14/12
+USB.
+
 Behringer had a bad reputation over a decade ago, and it seems that
 reputation is still around. They do provide a cheap alternative
 though. The [X1204USB](https://www.archambault.ca/instruments/console-12-entr%c3%a9es-usb-effets/behringer/x1204usb/) is an okay entry-level mixer with 4 XL jacks
 and 4 ¼ jacks for 290$ at Archambault.
 
-A better alternative might be the [Mackie PROFX12](https://musicredone.com/collections/mixers/products/mackie-profx12-v2) at Music Red One
-for 325$ (260$ with mail in rebate): 6 XLR jacks and 4 ¼ jacks.
+Finally, what used to be a reference, Mackie, has lost quite a few
+feathers and people are now [apparently](https://discourse.ardour.org/t/hardware-mixer-recommendations-for-band-practice/100877/11) saying "No Mackie!" in
+their sound specs. The [Mackie PROFX12](https://musicredone.com/collections/mixers/products/mackie-profx12-v2) at Music Red One for 325$
+(260$ with mail in rebate, also at [McQuade](https://www.long-mcquade.com/58086/Pro-Audio---Recording/Mixers/Mackie/12-Channel-Professional-Effects-Mixer-with-USB.htm)): 6 XLR jacks and 4 ¼
+jacks.
+
+Many mixers have USB outputs but it's unclear to me how the USB output
+will look like on a Linux system: a sound card with multiple inputs?
+Just a stereo input? Proprietary incompatible junk? To be
+researched...
+
+Apparently, there's a "class compliant mode" which is compatible with
+ALSA, but it might be better to just use an analog mixer and feed the
+signal from each unmixed track into an USB audio interface like
+[this](https://www.long-mcquade.com/87374/Pro-Audio---Recording/Audio-Interfaces/Presonus/Studio-68-6-In-8-Out-USB-Audio-Interface.htm), instead of trying to shove everything into a single device.
+
+[Soundcraft EPM8]: https://www.long-mcquade.com/5620/Pro_Audio_Recording/Mixers/Soundcraft/EPM8_-_8X2_Channel_Mixer.htm
 
-Both have USB outputs but it's unclear to me how the USB output will
-look like on a Linux system: a sound card with multiple inputs? Just a
-stereo input? Proprietary incompatible junk? To be researched
+There was a lenghty conversation on the [Ardour forums](https://discourse.ardour.org/) about this
+topic, see:
+
+<https://discourse.ardour.org/t/hardware-mixer-recommendations-for-band-practice/100877/4>
 
 Speakers
 ========
 
-I tend to trust JBL on that one. Red One has a [JBL EON 610 for
-580$](https://musicredone.com/collections/speakers/products/jbl-eon610): 1000W active speaker that's interesting. Diplomate Musique
-has a JBL PRX710 pair for 1450$ that seems rather expensive and the
-setup is strange as each speaker seems to have a stero input.
+Entry level for JBL is the EON 610 for [580$ at Redone][]: 1000W
+active speaker, prices go up as we crack the speaker size. Diplomate
+Musique has a JBL PRX710 pair for 1450$ that seems rather expensive
+and the setup is strange as each speaker seems to have a stero input.
+
+Mackie are definitely cheaper: McQuade has a [Thump12A 1300W 12"][]
+speaker for 390$, suspiciously cheap.
+
+Yorkville is a little more expensive, [12" 200W][] for 450$ on sale
+at McQuade.
+
+And of course, Behringer is cheaper than all of those, which makes me
+suspicious.
+
+[580$ at Redone]: https://musicredone.com/collections/speakers/products/jbl-eon610
+[Thump12A 1300W 12"]: https://www.long-mcquade.com/91763/Pro-Audio---Recording/PA-Speaker-Cabinets/Mackie/Thump12A-1300W-12---Powered-Loudspeaker.htm
+[12" 200W]: https://www.long-mcquade.com/366/Pro_Audio_Recording/PA_Cabinets/Yorkville_Sound/NX_Series_Powered_Loudspeaker_-_12_inch_Woofer_-_200_Watts.htm
 
 [[!tag research]]

note about PDF/X-1A
diff --git a/communication/photo/calendrier-2019.mdwn b/communication/photo/calendrier-2019.mdwn
index a5a87749..a2cad124 100644
--- a/communication/photo/calendrier-2019.mdwn
+++ b/communication/photo/calendrier-2019.mdwn
@@ -865,6 +865,9 @@ Le premier jour de la semaine pourrait être un dimanche ([bogue
 Le colophon pourrait être disposé en colonnes pour mieux utiliser
 l'espace, peut-être avec le package [multicol](https://www.ctan.org/pkg/multicol).
 
+L'imprimeur demande un [PDF/X-1A](https://en.wikipedia.org/wiki/PDF/X), voir s'il est possible d'en
+générer un avec TeX ([exemple](https://tex.stackexchange.com/questions/576/how-to-generate-pdf-a-and-pdf-x)).
+
 # Projets similaires #
 
 Ce projet a été inspiré par d'autres projets [DIY](https://fr.wikipedia.org/wiki/Do_it_yourself), en particulier

add one more onyx device to the list
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index 8c7eb265..b9ae634f 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -403,9 +403,9 @@ sizes:
 
  * 14.3": [A4 paper][]
  * 13.9": [US letter paper][]
- * 13.3": Onyx, Sony DPTS1, [DPT-CP1](https://www.sony.com/electronics/digital-paper-notepads/dpt-series) 
+ * 13.3": Onyx Boox Max, Sony DPTS1, [DPT-CP1](https://www.sony.com/electronics/digital-paper-notepads/dpt-series) 
  * 12.9": [iPad Pro](https://en.wikipedia.org/wiki/IPad_Pro)
- * 10.3": [Sony DPT-RP1](https://www.sony.com/electronics/digital-paper-notepads/dpt-series), [reMarkable][]
+ * 10.3": Onyx Boox Note, [Sony DPT-RP1](https://www.sony.com/electronics/digital-paper-notepads/dpt-series), [reMarkable][]
  * 10.1": [Galaxy Tab 10.1](https://en.wikipedia.org/wiki/Samsung_Galaxy_Tab_10.1)
  * 9.7": original [iPad](https://en.wikipedia.org/wiki/IPad) (Steve Jobs [reportedly said](https://www.huffingtonpost.ca/entry/apples-ipad-2-wont-be-a-s_n_767882) that
    "10-inch screen size is the minimum size required to create great
@@ -415,7 +415,7 @@ sizes:
  * 7": [Kindle Fire](https://en.wikipedia.org/wiki/Kindle_Fire), original [Samsung Galaxy Tab](https://en.wikipedia.org/wiki/Samsung_Galaxy_Tab_series), [Google
    Nexus 7](https://en.wikipedia.org/wiki/Nexus_7_(2012)), [Nook Tablet](https://en.wikipedia.org/wiki/Nook_Tablet)
  * 6.8": Kobo Aura
- * 6": Kobo Glo HD, many e-readers. lower range for tablet sizes,
+ * 6": Kobo Glo HD, and most e-readers. lower range for tablet sizes,
    according to Wikipedia, below which it should probably be called a
    Phablet or a phone
 

new monitors
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index ba6dfc46..8c7eb265 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -88,11 +88,13 @@ Otherwise similar to the Glo HD. Retail price around 180$CAD.
 Onyx
 ----
 
+### Onyx Boox Max 2
+
 The [Onyx Boox Max 2](https://onyxboox.com/boox_max2) is an awesome creature:
 
  * 325 × 237 × 7,5 mm
  * 550g
- * Android 6.0
+ * Android 6.0 (?!)
  * HDMI *input* (!!)
  * 13.3" display (great for PDFs)
  * "low-latency" (as far as e-ink goes) makes it acceptable for typing
@@ -104,14 +106,43 @@ The [Onyx Boox Max 2](https://onyxboox.com/boox_max2) is an awesome creature:
  * Wifi 2.4GHz, Bluetooth
  * 4100mAh battery
  * includes cover case, stylus
+ * 
 
 Downsides:
 
- * so expensive! [1040$CAD](http://www.ectaco.ca/products/onyx-boox-max/) when last checked (2018-09-03)
+ * so expensive!
+   [1040$CAD](http://www.ectaco.ca/products/onyx-boox-max/) when last
+   checked (2018-09-03) - update: new version now 750$USD
  * very big - 13" is almost as large as a regular sheet of paper and
    larger than most tablets
  * no backlight?
 
+Update: the [Onyx Boox Max 2 Pro](https://onyxboox.com/boox_maxpro)
+just came out with an update on the e-ink technology (Mobius) and a
+more powerful processor.
+
+### Onyx Boox Note Pro
+
+The [Onyx Boox Note Pro](https://onyxboox.com/boox_notepro) is
+slightly more reasonable:
+
+ * 249.5×178.8×6.8mm
+ * 390g
+ * 10.3” display with flush bezel
+ * Mobius carta eink, 1872x1404 (300 dpi) 16 gray scale
+ * back/forward buttons
+ * Dual touch, Wacom
+ * Android 6.0 (?!)
+ * Cortex-A17 1.6GHz
+ * 64GB storage
+ * 4GB ram
+ * Front-light with adjustable temperature
+ * Wifi, Bluetooth
+ * USB-C with MTP support
+ * PDF, EPUB , TXT, DJVU, HTML, RTF, FB2, DOC, MOBI, CHM, PNG, JPG,
+   TIFF, BMP, WAV, MP3
+ * 600$USD
+
 reMarkable
 ----------
 

add more e-readers to size comparisons
diff --git a/hardware/tablet.mdwn b/hardware/tablet.mdwn
index 37e554c3..ba6dfc46 100644
--- a/hardware/tablet.mdwn
+++ b/hardware/tablet.mdwn
@@ -380,10 +380,13 @@ sizes:
    "10-inch screen size is the minimum size required to create great
    tablet apps")
  * 8": [Galaxy Tab 8](https://en.wikipedia.org/wiki/Samsung_Galaxy_Tab_3_8.0)
+ * 7.8": [Dasung not-ereader](https://www.indiegogo.com/projects/not-ereader-first-e-ink-mobile-phone-monitor)
  * 7": [Kindle Fire](https://en.wikipedia.org/wiki/Kindle_Fire), original [Samsung Galaxy Tab](https://en.wikipedia.org/wiki/Samsung_Galaxy_Tab_series), [Google
    Nexus 7](https://en.wikipedia.org/wiki/Nexus_7_(2012)), [Nook Tablet](https://en.wikipedia.org/wiki/Nook_Tablet)
- * 6": lower range for tablet sizes, according to Wikipedia, below
-   which it should probably be called a Phablet or a phone
+ * 6.8": Kobo Aura
+ * 6": Kobo Glo HD, many e-readers. lower range for tablet sizes,
+   according to Wikipedia, below which it should probably be called a
+   Phablet or a phone
 
 Most recent Samsung tablets are either 7" or 10" in diagonal, but they
 basically made so many sizes we can't keep track anymore. Apple iPads

good malatesta quote
source: http://www.anarchy.no/malat1.html
diff --git a/fortunes.txt b/fortunes.txt
index 37ee1d2e..3327bd9e 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1108,3 +1108,8 @@ prevent programmers from making bad programs.
 A developed country is not a place where the poor have cars. It's
 where the rich use public transportation.
                         - Gustavo Petro 
+%
+Anarchy is not perfection, it is not the absolute ideal which like the
+horizon recedes as fast as we approach it; but it is the way open to
+all progress and all improvements for the benefit of everybody.
+                        - Errico Malatesta

Added a comment: important update
diff --git a/blog/2019-02-05-debian-build-systems/comment_2_d65caf74da7a6cf4b99443f54cf153a3._comment b/blog/2019-02-05-debian-build-systems/comment_2_d65caf74da7a6cf4b99443f54cf153a3._comment
new file mode 100644
index 00000000..f549b7ea
--- /dev/null
+++ b/blog/2019-02-05-debian-build-systems/comment_2_d65caf74da7a6cf4b99443f54cf153a3._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="important update"
+ date="2019-04-13T15:03:23Z"
+ content="""
+[Lucas Naussbaum](https://www.lucas-nussbaum.net/) finally bit the bullet and made [graphs for the entire history](https://www.lucas-nussbaum.net/blog/?p=9600) for many parameters including DH/CDBS but also patch systems, VCS, hosting, etc. It's a really nice framework for getting more stats about the packages in the long term, and I'm really grateful someone finally did that hard work. thanks lucas! :)
+"""]]

buster guides are up
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index f3dac97a..1954c800 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -42,7 +42,7 @@ Procedure
         apt install apt-show-versions
         apt-show-versions | grep -v /stretch | grep -v 'not installed$'
 
- 3. Check free space, see [this guide to free up space](http://www.debian.org/releases/stretch/amd64/release-notes/ch-upgrading.en.html#sufficient-space) and
+ 3. Check free space, see [this guide to free up space](http://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html#sufficient-space) and
     download packages:
 
         sed -i.orig 's/stretch/buster/g' /etc/apt/sources.list
@@ -340,11 +340,11 @@ References
 ==========
 
 Note: the official upgrade guide and release notes not available at
-the time of writing (2018-08-22) as the documentation is usually
+the time of writing (2019-04-08) as the documentation is usually
 written during the freeze and buster is not there yet.
 
  * [Official guide](https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html)
  * [Release notes](https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html)
  * [Koumbit guide](https://wiki.koumbit.net/BusterUpgrade)
- * [DSA guide](https://dsa.debian.org/howto/upgrade-to-buster/) (not available at the time of writing)
+ * [DSA guide](https://dsa.debian.org/howto/upgrade-to-buster/)
  * [Solution proposal to automate this](https://wiki.debian.org/AutomatedUpgrade)

another quote about cars, found on twitter and goodreads
diff --git a/fortunes.txt b/fortunes.txt
index 4994b0dd..37ee1d2e 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1104,3 +1104,7 @@ another.
 There is no programming language–no matter how structured–that will
 prevent programmers from making bad programs.
                         - Larry Flon
+%
+A developed country is not a place where the poor have cars. It's
+where the rich use public transportation.
+                        - Gustavo Petro 

filed two more supysonic issues
diff --git a/services/radio.mdwn b/services/radio.mdwn
index 07c51299..c020160a 100644
--- a/services/radio.mdwn
+++ b/services/radio.mdwn
@@ -210,6 +210,7 @@ opaque, so it's actually really hard to import those playlists.
 
 Main issues with Supysonic:
 
+ * [tag releases](https://github.com/spl0k/supysonic/issues/147)
  * [WIP: preliminary git-annex support](https://github.com/spl0k/supysonic/issues/146)
  * [should use file modification as import date](https://github.com/spl0k/supysonic/issues/145)
  * [scanner uses a lot of memory](https://github.com/spl0k/supysonic/issues/144)
@@ -220,6 +221,9 @@ Fixed issues:
 
  * [Scan audio files even when they have only some/no tags](https://github.com/spl0k/supysonic/issues/94)
 
+I have also filed a [WNPP bug](https://bugs.debian.org/926457) so the thing is (eventually)
+packaged in Debian.
+
 Old design
 ==========
 

note unicode wtf
diff --git a/services/radio.mdwn b/services/radio.mdwn
index 3c95e8c4..07c51299 100644
--- a/services/radio.mdwn
+++ b/services/radio.mdwn
@@ -143,6 +143,14 @@ sufficient to do the right thing and I also needed the
 [WSGIPythonHome](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIPythonHome.html) thingie. Presumably this would work better in FCGI
 but at that point I was too tired to try *that* out.
 
+Note that the server will crash with the classic:
+
+    UnicodeEncodeError: 'ascii' codec can't encode character u'\xe9' - in position 32: ordinal not in range(128)
+
+Even though the [guide](https://github.com/spl0k/supysonic/#as-an-apache-wsgi-application) tells us to run with a `LANG=C` locale, I
+have found those errors go away if we set a UTF-8 compatible locale in
+`/etc/apache2/envvars`, for example `export LANG=C.UTF-8`.
+
 Next step is to configure the database, which I first did with
 `sqlite`, in `/etc/supysonic`:
 

add supysonic install notes
diff --git a/services/radio.mdwn b/services/radio.mdwn
index 511154a5..3c95e8c4 100644
--- a/services/radio.mdwn
+++ b/services/radio.mdwn
@@ -93,6 +93,125 @@ Todo
  * automatic updates to the container: need to watch updates on the
    packages from the docker manifest (?) and the upstream changelog
 
+Supysonic
+=========
+
+Tired of the complexity of running a gigantic Java app inside a Docker
+container, I figured I would give try to run a smaller Python/Flask
+app in a virtualenv, called [supysonic](https://github.com/spl0k/supysonic), an alternative
+implementation of the Subsonic protocol.
+
+I created a sandbox user for the thing and deployed the code in
+`~supysonic/supysonic`. The I installed it in a virtualenv:
+
+    sudo -u supysonic -i
+    virtualenv ~/.virtualenvs/supysonic
+    ~/.virtualenvs/supysonic/bin/pip install -e .[watcher]
+
+I then followed the instructions to setup a WSGI service by first
+installing the WSGI Apache plugin:
+
+    sudo apt install libapache2-mod-wsgi
+
+But that ended up being a nightmare. My first problem is that I
+originally did the above with a `python3` install, which the Debian
+package doesn't support in stretch. So I redid everything but with a
+Python 2 virtual environment, which noisily warned me about its
+impeding doom next year.
+
+Then I found the following config works:
+
+    WSGIPythonHome /home/supysonic/.virtualenvs/supysonic/
+    <VirtualHost *:443>
+           ServerName supysonic.anarc.at
+           Use common-letsencrypt-ssl supysonic.anarc.at
+           DocumentRoot /var/www/html/
+           ErrorDocument 404 /404.html
+           ProxyPass /.well-known/ !
+           WSGIDaemonProcess supysonic user=supysonic group=supysonic python-home=/home/supysonic/.virtualenvs/supysonic/
+           WSGIScriptAlias / /home/supysonic/supysonic/cgi-bin/supysonic.wsgi
+           <Directory /home/supysonic/supysonic/cgi-bin>
+               WSGIApplicationGroup %{GLOBAL}
+               WSGIPassAuthorization On
+               Require all granted
+           </Directory>
+    </VirtualHost>
+
+It's far from ideal: with the above, all WSGI programs share the same
+virtualenv. For some reason, the [python-home](https://modwsgi.readthedocs.io/en/develop/user-guides/virtual-environments.html#daemon-mode-single-application) directive isn't
+sufficient to do the right thing and I also needed the
+[WSGIPythonHome](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIPythonHome.html) thingie. Presumably this would work better in FCGI
+but at that point I was too tired to try *that* out.
+
+Next step is to configure the database, which I first did with
+`sqlite`, in `/etc/supysonic`:
+
+    [base]
+    database_uri = sqlite:////home/supysonic/supysonic.db
+
+Then the music directory is added and an user is created:
+
+    ~/.virtualenvs/supysonic/bin/supysonic-cli user add admin -a
+    ~/.virtualenvs/supysonic/bin/supysonic-cli folder add mp3 /srv/mp3/
+    ~/.virtualenvs/supysonic/bin/supysonic-cli folder scan mp3
+
+My initial tests recursed into the `.git/annex` directory which led to
+the usual catastrophic horrors of garbled filenames. To fix this,
+supysonic would need to ignore those directories and follow
+symlinks. The latter was [refused in another PR](https://github.com/spl0k/supysonic/pull/48) so I'm not sure
+how to go ahead from here, but I neverthless sent [this PR](https://github.com/spl0k/supysonic/pull/146) that
+fixes the thing for me.
+
+It's ugly as hell, but that's on par for the rest of the scanner. I
+can't fathom why they stopped using `os.walk`, especially since its
+performance significantly improved in later Python releases (thanks to
+the new underlying `os.scandir` function). Ideally, the parser would
+be rewritten with that in mind but since we're stuck in Python 2 land,
+that wouldn't actually help much in the short term.
+
+The folder scan took over 30 minutes with SQLite, which is a pretty
+bad result. Another problem I noticed with the scanner is that it
+loads all entries in memory: it does *not* incrementally add them to
+the database, which means it has a [high memory usage](https://github.com/spl0k/supysonic/issues/144). After
+scanning 40 000 files, it was using 500MB of resident memory according
+to `ps xfu`.
+
+I then tried to switch to MySQL as a backend, first by installing the
+library in the virtualenv:
+
+    ~/.virtualenvs/supysonic/bin/pip install pymysql
+
+And then by tweaking the database path in `/etc/supysonic`. Then I had
+to rescan all songs. But that ended up taking even *longer* than with
+`sqlite`, so (unsurprisingly) the database wasn't the bottleneck. It
+is somewhat useful to have that stuff in MySQL, however, as it's
+easier to interoperate both for me, because of previous experience,
+but also for the webserver and admin, because permissions are
+abstracted by the network connexion.
+
+No [transcoding](https://github.com/spl0k/supysonic/blob/master/docs/transcoding.md) configuration has been performed, so presumably
+movies won't work.
+
+And unfortunately, the "add date" of albums is lost in the import:
+file modification dates are, of course, not considered to determine
+album import dates. The Airsonic/Subsonic database is also too opaque
+for me to import the playlists, users and other metadata so that will
+have to be recreated from scratch. And even worse, Supysonic doesn't
+support [importing playlists](https://github.com/spl0k/supysonic/issues/34) and the database format is pretty
+opaque, so it's actually really hard to import those playlists.
+
+Main issues with Supysonic:
+
+ * [WIP: preliminary git-annex support](https://github.com/spl0k/supysonic/issues/146)
+ * [should use file modification as import date](https://github.com/spl0k/supysonic/issues/145)
+ * [scanner uses a lot of memory](https://github.com/spl0k/supysonic/issues/144)
+ * [Jukebox mode missing](https://github.com/spl0k/supysonic/issues/88)
+ * [no support for creating playlists from m3u files](https://github.com/spl0k/supysonic/issues/34) (*won't fix*)
+
+Fixed issues:
+
+ * [Scan audio files even when they have only some/no tags](https://github.com/spl0k/supysonic/issues/94)
+
 Old design
 ==========
 

typo
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index a77fc83b..634adc52 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -290,7 +290,7 @@ large vendors like Dell, Lenovo or HP. They also have a rather bad
 policy on returns: dead pixels and screen defects are not accepted,
 for example.
 
-### Galaga pro
+### Galago pro
 
 <https://system76.com/laptops/galago>
 

wtf librem 13 no ethernet??
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index b80770fd..a77fc83b 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -260,6 +260,9 @@ https://puri.sm/products/librem-13/
  * Touch interface: Elantech Multitouch Trackpad
  * Thermal design: Low noise fan
 
+Killed by the lack of an ethernet port (WTF seriously) and custom
+power cable (hard to find parts, WYNO USBC??).
+
 Dell
 ----
 

mention jamstash
diff --git a/services/radio.mdwn b/services/radio.mdwn
index 9cc381d6..511154a5 100644
--- a/services/radio.mdwn
+++ b/services/radio.mdwn
@@ -81,7 +81,8 @@ That's pretty much it!
 Todo
 ----
 
- * consider [supysonic](https://github.com/spl0k/supysonic) instead of all this java crap.
+ * consider [supysonic](https://github.com/spl0k/supysonic) instead of all this java crap, wich
+   [Jamstash](http://jamstash.com/) as a web GUI
  * switch to libresonic: subsonic is fun, but there will be ads (!?)
    so let's switch to the libre
    fork. considering [tonipes' container](https://hub.docker.com/r/tonipes/libresonic-docker/~/dockerfile/) since it's (eventually!)

cosmetic: word-wrap confucius
diff --git a/fortunes.txt b/fortunes.txt
index c3c3129a..4994b0dd 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -416,8 +416,7 @@ Never attribute to malice that which can be adequately explained by
 stupidity, but don't rule out malice.
                          - Albert Einstein
 %
-Choose a job you love and you will never have to work a day in your
-life.
+Choose a job you love and you will never have to work a day in your life.
                          - Confucius
 %
 Twenty years from now you will be more disappointed by the things that

more elpa stuff
diff --git a/software/packages.yml b/software/packages.yml
index ef8e1c04..12915766 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -235,11 +235,13 @@
       - elpa-elpy
       - elpa-ledger
       - elpa-magit
+      - elpa-mailscripts
       - elpa-markdown-mode
       - elpa-py-autopep8
       - elpa-rainbow-mode
       - elpa-solarized-theme
       - elpa-use-package
+      - elpa-web-mode
       - elpa-writegood-mode
       - elpa-yaml-mode
       - elpa-yasnippet
@@ -251,6 +253,7 @@
       - fastboot
       - flake8
       - gdb
+      - gettext-el
       - git
       - git-annex
       - git-buildpackage

Added a comment: good advice
diff --git a/blog/2019-03-20-locking-down-registration-mail/comment_2_5af71a1a91bee75f8e815c7e13ebb51e._comment b/blog/2019-03-20-locking-down-registration-mail/comment_2_5af71a1a91bee75f8e815c7e13ebb51e._comment
new file mode 100644
index 00000000..f9dbc513
--- /dev/null
+++ b/blog/2019-03-20-locking-down-registration-mail/comment_2_5af71a1a91bee75f8e815c7e13ebb51e._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="good advice"
+ date="2019-03-21T15:44:16Z"
+ content="""
+That's good advice! As it turns out, the directory was already world/group unreadable, but that's always a good thing to check. :)
+
+Dovecot should definitely do the right thing here. If it doesn't, that's a serious bug, in my opinion. That folders *within* the `Maildir` folder are world-readable is problematic as well, but less so if the parent directory is not executable.
+
+It's possible backup/restore procedure mess with your permissions. Some software, like git for example, are quite bad at handling read-write permissions (git only tracks the executable bit). But stuff like tar and most other backup software should handle this correctly. rsync is an interesting exception in that, by default, it doesn't synchronize mode and you need to give it a flurry of flags (or just `-a` or is it `-aA` or maybe `-aAH`? ha ha! you never know!) to have it do the right thing.
+
+Finally, `mv` should be safe. While `cp` doesn't preserve mode by default (that's what `-p` is for), `mv` *does* preserve mode, even when moving across devices, strangely.
+"""]]

Added a comment: You said advice welcome, so
diff --git a/blog/2019-03-20-locking-down-registration-mail/comment_1_c3fc451b5abefeb2eb5215255e5a30d3._comment b/blog/2019-03-20-locking-down-registration-mail/comment_1_c3fc451b5abefeb2eb5215255e5a30d3._comment
new file mode 100644
index 00000000..d6459719
--- /dev/null
+++ b/blog/2019-03-20-locking-down-registration-mail/comment_1_c3fc451b5abefeb2eb5215255e5a30d3._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ ip="88.119.87.30"
+ claimedauthor="Marius Gedminas"
+ url="https://gedmin.as"
+ subject="You said advice welcome, so"
+ date="2019-03-21T15:23:26Z"
+ content="""
+I would suggest `chmod 0700 ~register/Maildir/`, assuming it wasn't already non-world-readable.
+
+(I checked my own mail server and saw that some subfolders inside my ~/Maildir were world-readable for some reason.  No idea why -- should I blame dovecot?  My own backup/restore procedures?  Anyway it's not too scary: the main ~/Maildir is 0700.  But that protection goes away when you `mv` it elsewhere.)
+"""]]

creating tag page tag/syncmaildir
diff --git a/tag/syncmaildir.mdwn b/tag/syncmaildir.mdwn
new file mode 100644
index 00000000..2f7f65a1
--- /dev/null
+++ b/tag/syncmaildir.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged syncmaildir"]]
+
+[[!inline pages="tagged(syncmaildir)" actions="no" archive="yes"
+feedshow=10]]

new blog post: email registration
diff --git a/blog/2019-03-20-locking-down-registration-mail.mdwn b/blog/2019-03-20-locking-down-registration-mail.mdwn
new file mode 100644
index 00000000..c55bc9c1
--- /dev/null
+++ b/blog/2019-03-20-locking-down-registration-mail.mdwn
@@ -0,0 +1,178 @@
+[[!meta title="Securing registration email"]]
+
+[[!toc levels=2]]
+
+I've been running my own email server basically forever. Recently,
+I've been thinking about possible attack vectors against my personal
+email. There's of course a lot of private information in that email
+address, and if someone manages to compromise my email account, they
+will see a lot of personal information. That's somewhat worrisome, but
+there are possibly more serious problems to worry about.
+
+TL;DR: if you can, create a second email address to register on
+websites and use stronger protections on that account from your
+regular mail.
+
+Hacking accounts through email
+==============================
+
+Strangely what keeps me up at night is more what kind of damage an
+attacker could do to *other* accounts I hold with that email
+address. Because basically *every* online service is backed by an
+email address, if someone controls my email address, they can do a
+password reset on *every* account I have online. In fact, some
+authentication systems just gave up on passwords algother and [use the
+email system itself for authentication](https://ikiwiki.info/todo/emailauth/), essentially using the
+"password reset" feature as the authentication mechanism.
+
+Some services have protections against this: for example, GitHub
+require a 2FA token when doing certain changes which the attacker
+hopefully wouldn't have (although [phishing attacks](https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/) have been
+getting better at bypassing those protections). Other services will
+warn you about the password change which might be useful, except the
+warning is usually sent... to the hacked email address, which doesn't
+help at all.
+
+The solution: a separate mailbox
+================================
+
+I had been using an extension (`anarcat+register@example.com`) to
+store registration mail in a separate folder for a while already. This
+allows me to bypass greylisting on the email address, for
+one. Greylisting is really annoying when you register on a service or
+do a password reset... The extension also allows me to sort those
+annoying emails in a separate folder automatically with a simple
+[Sieve](http://en.wikipedia.org/wiki/Sieve_%28mail_filtering_language%29) rule.
+
+More recently, I have been forced to use a completely different email
+alias (`register@example.com`) on some services that dislike having
+plus signs (`+`) in email address, even though they are perfectly
+valid. That got me thinking about the security problem again: if I
+have a different *alias* why not make it a completely separate
+*account* and harden *that* against intrusion. With a separate
+account, I could enforce things like SSH-only access or 2FA that would
+be inconvenient for my main email address when I travel, because I
+sometimes log into webmail for example. Because I don't frequently
+need access to registration mail, it seemed like a good tradeoff.
+
+So I created a second account, with a locked password and SSH-only
+authentication. That way the only way someone can compromise my
+"registration email" is by hacking my physical machine or the server
+directly, not by just bruteforcing a password.
+
+Now of course I need to figure out which sites I'm registered on with
+a "non-registration" email (`anarcat@example.com`): before I thought
+of using the `register@` alias, I sometimes used my normal address
+instead. So I'll have to track those down and reset those. But it
+seems I already blocked a large attack surface with a very simple
+change and that feels quite satisfying.
+
+Implementation details
+======================
+
+Using [syncmaildir](https://github.com/gares/syncmaildir/) (SMD) to sync my email, the change was fairly
+simple. First I need to create a second SMD profile:
+
+    if [ $(hostname) = "marcos" ]; then
+        exit 1
+    fi
+
+    SERVERNAME=smd-server-register
+    CLIENTNAME=$(hostname)-register
+    MAILBOX_LOCAL=Maildir/.register/
+    MAILBOX_REMOTE=Maildir
+    TRANSLATOR_LR="smd-translate -m move -d LR register"
+    TRANSLATOR_RL="smd-translate -m move -d RL register"
+    EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+
+Very similar to the normal profile, except mails get stored in the
+already existing `Maildir/.register/` and different SSH profile and
+translation rules are used. The new SSH profile is basically identical
+to the previous one:
+
+    # wrapper for smd
+    Host smd-server-register
+        Hostname imap.anarc.at
+        BatchMode yes
+        Compression yes
+        User register
+        IdentitiesOnly yes
+        IdentityFile ~/.ssh/id_ed25519_smd
+
+Then we need to ignore the register folder in the normal configuration:
+
+    diff --git a/.smd/config.default b/.smd/config.default
+    index c42e3d0..74a8b54 100644
+    --- a/.smd/config.default
+    +++ b/.smd/config.default
+    @@ -59,7 +59,7 @@ TRANSLATOR_RL="smd-translate -m move -d RL default"
+     # EXCLUDE_LOCAL="Mail/spam Mail/trash"
+     # EXCLUDE_REMOTE="OtherMail/with%20spaces"
+     #EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+    -EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+    +EXCLUDE="Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/* Maildir/.register/*"
+     #EXCLUDE_LOCAL="$MAILBOX_LOCAL/.notmuch/hooks/* $MAILBOX_LOCAL/.notmuch/xapian/*"
+     #EXCLUDE_REMOTE="$MAILBOX_REMOTE/.notmuch/hooks/* $MAILBOX_REMOTE/.notmuch/xapian/*"
+     #EXCLUDE_REMOTE="Maildir/Koumbit Maildir/Koumbit* Maildir/Koumbit/* Maildir/Koumbit.INBOX.Archives/ Maildir/Koumbit.INBOX.Archives.2012/ Maildir/.notmuch/hooks/* Maildir/.notmuch/xapian/*"
+
+And finally we add the new profile to the systemd services:
+
+    diff --git a/.config/systemd/user/smd-pull.service b/.config/systemd/user/smd-pull.service
+    index a841306..498391d 100644
+    --- a/.config/systemd/user/smd-pull.service
+    +++ b/.config/systemd/user/smd-pull.service
+    @@ -8,6 +8,7 @@ ConditionHost=!marcos
+     Type=oneshot
+     # --show-tags gives email counts
+     ExecStart=/usr/bin/smd-pull --show-tags
+    +ExecStart=/usr/bin/smd-pull --show-tags register
+     
+     [Install]
+     WantedBy=multi-user.target
+    diff --git a/.config/systemd/user/smd-push.service b/.config/systemd/user/smd-push.service
+    index 10d53c7..caa588e 100644
+    --- a/.config/systemd/user/smd-push.service
+    +++ b/.config/systemd/user/smd-push.service
+    @@ -8,6 +8,7 @@ ConditionHost=!marcos
+     Type=oneshot
+     # --show-tags gives email counts
+     ExecStart=/usr/bin/smd-push --show-tags
+    +ExecStart=/usr/bin/smd-push --show-tags register
+     
+     [Install]
+     WantedBy=multi-user.target
+
+That's about it on the client side. On the server, the user is created
+with a locked password the mailbox moved over:
+
+    adduser --disabled-password register
+    mv ~anarcat/Maildir/.register/ ~register/Maildir/
+    chown -R register:register Maildir/
+
+The SSH authentication key is added to `.ssh/authorized_keys`, and the
+alias is reversed:
+
+    --- a/aliases
+    +++ b/aliases
+    @@ -24,7 +24,7 @@ spamtrap: anarcat
+     spampd: anarcat
+     junk: anarcat
+     devnull: /dev/null
+    -register: anarcat+register
+    +anarcat+register: register
+     
+     # various sandboxes
+     anarcat-irc: anarcat
+
+... and the email is also added to
+`/etc/postgrey/whitelist_recipients`.
+
+That's it: I now have a hardened email service! Of course there are
+other ways to harden an email address. [On-disk encryption](https://0xacab.org/riseuplabs/trees) comes
+to mind but that only works with password-based authentication from
+what I understand, which is something I want to avoid to remove
+bruteforce attacks.
+
+Your advice and comments are of course very welcome, as usual
+
+[[!tag debian-planet security python-planet linux passwords hack sieve syncmaildir email]]

ménage kit électronique
diff --git a/pleinair/liste.mdwn b/pleinair/liste.mdwn
index 54e3d4f3..fc304d24 100644
--- a/pleinair/liste.mdwn
+++ b/pleinair/liste.mdwn
@@ -84,26 +84,31 @@ toujours retourner sur l'ordinateur.
 
 ## Électronique
 
- * Téléphone cellulaire + chargeur(s)
- * Radio CB/FM/HF/etc + Antenne + power
+ * Téléphone cellulaire et chargeur
+ * Radio CB/FM/HF/etc, antenne(s) et courant
+ * Adapteur SDR (software-defined Radio)
  * Adaptateurs électriques:
    * AC/AC universel (amerique/europe/etc)
    * DC/DC 12V-USB (allume-cigare)
    * AC/DC 120V-USB (wall wart)
    * DC/AC (onduleur)
  * Chargeur / batterie USB
- * Laptop
- * Acessoires laptop:
-   * Câble ethernet RJ45
+ * Laptop et chargeur
+ * Kit laptop #1:
+   * Mini-câble USB micro, USB mini, USB-C, USB-A, [Lightning](https://en.wikipedia.org/wiki/Lightning_(connector))
+   * Câble USB-A / USB-micro Nokia (2m)
+   * Clé USB 16GB Debian
+   * [Condom USB](https://en.wikipedia.org/wiki/USB_condom)
+   * USB charger (USB-A / [NEMA](https://en.wikipedia.org/wiki/NEMA_connector), 1A / 5V)
+ * Kit laptop #2:
+   * Câble ethernet RJ45 (1m)
+   * Câble vidéo HDMI (1.5m)
+   * Câble audio ⅛" (1.5m)
+   * "Splitter" audio ⅛"
    * Mini powerbar
-   * Video cable (HDMI)
-   * Speaker
- * Kit laptop (devrait être déjà dans un sac):
-   * Audio cable (mini 1/8)
-   * Adaptateurs USB/micro/mini/etc
-   * Écouteurs + Micro
-   * SDR
-
+   * Adaptateur mini-DisplayPort / HDMI
+ * Écouteurs avec micro
+ * Haut-parleur Bluetooth
 
 ## Équipement technique
 

small mixer and speaker research
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 628cc16a..c148169f 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -78,4 +78,27 @@ complicated:
    1222](https://www.bhphotovideo.com/c/product/927278-REG/behringer_qx1222usb_xenyx_x1222usb_16_input_usb.html) has USB, which could be a good solution. below 12
    channels, there's no slider which is annoying
 
+Mixers
+======
+
+Behringer had a bad reputation over a decade ago, and it seems that
+reputation is still around. They do provide a cheap alternative
+though. The [X1204USB](https://www.archambault.ca/instruments/console-12-entr%c3%a9es-usb-effets/behringer/x1204usb/) is an okay entry-level mixer with 4 XL jacks
+and 4 ¼ jacks for 290$ at Archambault.
+
+A better alternative might be the [Mackie PROFX12](https://musicredone.com/collections/mixers/products/mackie-profx12-v2) at Music Red One
+for 325$ (260$ with mail in rebate): 6 XLR jacks and 4 ¼ jacks.
+
+Both have USB outputs but it's unclear to me how the USB output will
+look like on a Linux system: a sound card with multiple inputs? Just a
+stereo input? Proprietary incompatible junk? To be researched
+
+Speakers
+========
+
+I tend to trust JBL on that one. Red One has a [JBL EON 610 for
+580$](https://musicredone.com/collections/speakers/products/jbl-eon610): 1000W active speaker that's interesting. Diplomate Musique
+has a JBL PRX710 pair for 1450$ that seems rather expensive and the
+setup is strange as each speaker seems to have a stero input.
+
 [[!tag research]]

show pgp diff correctly
diff --git a/.well-known/openpgpkey/hu/.gitattributes b/.well-known/openpgpkey/hu/.gitattributes
new file mode 100644
index 00000000..af7c7edc
--- /dev/null
+++ b/.well-known/openpgpkey/hu/.gitattributes
@@ -0,0 +1 @@
+* diff=gpg

add odroid
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 4f5d7e38..fe6fc247 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -214,6 +214,8 @@ requirements (8+GB):
  * [Espressobin](https://espressobin.net/), Marvell ARM Cortex A53, 2GB max
  * [Banana PI](http://www.banana-pi.org/index.html), IMX6 or MediaTek ARM, 1GB max
  * [PC Engines](https://pcengines.ch/apu2.htm), AMD, 4GB max
+ * [ODROID](https://www.hardkernel.com/), Intel and ARM, cheap and powerful
+ * [Macchiatobin](https://macchiatobin.net/product/macchiatobin-single-shot/)...
 
 The [Macchiatobin](https://macchiatobin.net/product/macchiatobin-single-shot/) is interesting because it has a DDR4 socket so
 it supports up to 16GB of ram, but has features I don't need for a

OpenPGP: add tor identity, renew until 2020, new signature
diff --git a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe
index 65ce1bb2..6e4e226c 100644
Binary files a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe and b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe differ

creating tag page tag/phone
diff --git a/tag/phone.mdwn b/tag/phone.mdwn
new file mode 100644
index 00000000..648aef5e
--- /dev/null
+++ b/tag/phone.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged phone"]]
+
+[[!inline pages="tagged(phone)" actions="no" archive="yes"
+feedshow=10]]

publish as a blog post
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 37a547ec..dfd794d1 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -428,3 +428,5 @@ Here are the various tweaks required for each app I currently use:
     its secret key
  8. contacts can be backed up with nextcloud on one device and
     restored on the other fairly easily
+
+[[!tag blog debian-planet documentation hardware phone hacking security linux kernel android]]

mention security issues with the fairphone, title
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 48b56429..37a547ec 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="Hands on with the Fairphone 2"]]
+
 [[!toc levels=2]]
 
 Project overview
@@ -74,6 +76,16 @@ file manager so I installed the [Simple File Manager](https://f-droid.org/en/pac
 because it also includes the basic text editor I needed to copy-paste
 passwords during setup.
 
+Unfortunately, in terms of software, the Fairphone is severely lagging
+behing. It has not shipped the January and February (very critical)
+[Android security bulletins](https://source.android.com/security/bulletin/) which include fixes for remote code
+execution, among other catastrophes. It also runs a completely
+outdated and unsupported Linux 3.4 kernel, which seems on par for the
+course of most Android phones these days, but I still figured I would
+make [some noise about this](https://forum.fairphone.com/t/where-are-the-monthly-security-releases-in-saibon/48994). Thankfully, some of those problems
+might be fixed by running LineageOS, but that would require wiping the
+phone...
+
 The MicroSD card socket is a little weird: there are two pins to keep
 the card from coming out (even though it's behind the plastic cover
 and unlikely to move) and that makes it difficult to swap out. I had
@@ -145,6 +157,10 @@ Cons:
  * bulky and thick
  * low screen/body size ratio
  * disappointing camera 
+ * poor support of the free software community, "source dumps" instead
+   of open development
+ * runs an unsupported Linux kernel (3.4.0) not mainline
+ * lagging behind security updates
 
 Specifications
 ==============

toc
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 45539cca..48b56429 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -1,3 +1,8 @@
+[[!toc levels=2]]
+
+Project overview
+================
+
 The [[!wikipedia Fairphone]] (FP) is a really important project. They
 have already shipped two versions of the phone (FP1 and [FP2](https://shop.fairphone.com/en/)) and
 a third one is at the [concept stage](https://twitter.com/Fairphone/status/1053232949225766912) ([more discussions](https://forum.fairphone.com/t/date-de-lancement-du-fairphone-3/41694/12)).

move first impressions up and complete
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index dab151c4..45539cca 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -24,10 +24,122 @@ ship. It's a guess: the Fairphone 3 (FP3) is [due to come out in
 2019](https://forum.fairphone.com/t/fairphone-3-interview-of-bas-from-frandroid/28529) but I was tired of hacking around really old, unsupported and
 so insecure, locked down phones I had lying around.
 
-Je m'attends à ce que les délais de livraison soient assez long: leur
-estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
-donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
-chez dx.com et compagnie...
+I expected really long delivery delays: packaging time estimate was
+2-4 weeks and 6-14 days delivery, which means between 3 and 6 weeks!
+But in the end, I order the phone on February 26 and had it delivered
+on March 8, which isn't that bad (~2 weeks). I did have to pay an
+extra 90$ in customs and fees to DHL, which made for a total price of
+about 630$CAD.
+
+First impressions
+=================
+
+The phone is huge  compared to the HTC One S, it's kind  of sad: I had
+gotten used  to the  older format.  I wish they  would make  a smaller
+phone,  especially since  that  would  mean it's  [easier  to use  for
+women](https://www.ledevoir.com/societe/549415/les-femmes-les-oubliees-du-design).  But its  size is  similar to  other modern  phones: it  is
+similar  to  the  LG  G3,  although   the  FP2  is  thicker.  And  the
+size-to-screen ratio isn't great: there's  a huge bezel all around the
+screen when compared to the LG G3, which came out a year earlier (2014
+vs 2015).
+
+The device also feels a little "plastiky" and brittle: you feel you
+could just break it in two if you applied enough strength. But that
+might just be a feeling: a friend said it felt sturdy and light.
+
+You need to tear out the back cover (and remove the battery!) to
+install the SIM card and that doesn't feel so great: lots of cracking
+noises. One of the corners already doesn't quite fit right. But this
+is a known weakness of the FP2 that I expected: it used to come with a
+transparent back, but they [stopped shipping it because it was even
+more brittle](https://www.fairphone.com/en/2018/10/08/what-happened-with-our-transparent-cases/).
+
+The device was delivered with an almost empty battery (~5%) which made
+the initial setup challenging: I had to keep it plugged in and even
+had to switch chargers (from my computer to a wall plug) because it
+wouldn't actually charge fast enough to compensate from the huge power
+drain imposed by the many applications being installed and
+synchronizing gigabytes of data over wifi.
+
+It's really nice to have TWRP and root out of the box. I don't think
+any other phone gives you such awesome power. It also ships with
+Firefox Klar instead of Google Chrome, a nice touch although I still
+installed [Fennec F-Droid](https://f-droid.org/en/packages/org.mozilla.fennec_fdroid) instead. Surprisingly, Fairphone OS lacks a
+file manager so I installed the [Simple File Manager](https://f-droid.org/en/packages/com.simplemobiletools.filemanager.pro) instead,
+because it also includes the basic text editor I needed to copy-paste
+passwords during setup.
+
+The MicroSD card socket is a little weird: there are two pins to keep
+the card from coming out (even though it's behind the plastic cover
+and unlikely to move) and that makes it difficult to swap out. I had
+to use a pair of tweezers to get the darn thing out. I also had to
+reboot for the SD card to be detected.
+
+Coincidentally, it told me my SD card was corrupt, which was strange
+but unsurprising: I had trouble with the SD card before on the
+previous phone. I formatted it as "portable" as I will store music and
+maps there. "Portable" [means](https://help.republicwireless.com/hc/en-us/articles/360000156767-What-is-the-Difference-Between-Portable-Storage-and-Internal-Storage-) "non-encrypted", basically.
+
+Battery life is not the best: after moderate use (2 regular phone
+calls, two Signal/wifi calls, wifi on all the time, daily flashcard
+exercises), I'm at 50% battery used after 21 hours, and it estimates
+another 20 hours left, which pegs battery life at 41 hours. Not great,
+but not bad.
+
+The device itself is fast and responsive, and the speaker sounds
+loud. The camera is not great: pretty bad low light performance and
+not very detailed, and that's after an upgrade from the 8 megapixel
+camera, now at 12 MP.
+
+I found the documentation provided with the phone to be slightly
+incomplete: the phone ships with plastic covers on the camera and
+screen and that's undocumented in the papers. I was really distressed
+of the blue tint in pictures before a friend noticed the plastic
+cover. And I had to [ask on the forum for help](https://forum.fairphone.com/t/new-fairphone-2-is-that-a-plastic-screen-cover/48919) to figure out how
+to remove the plastic cover on the screen.
+
+But overall I'm happy: this is the Fair phone. Well, it's not
+*perfectly* fair, but they're trying. And this is the *only* phone
+that I know of that ships with a free OS and is fully repairable.
+
+This is the best we can do.
+
+And as such, it's the state of the art for me. I don't care that Apple
+can make a shiny tiny little iPhone that can recognize my face if I
+can't get inside it and fix it when it breaks. I don't care if
+Samsung's screens go around back and [fold in the middle](https://www.theverge.com/2019/2/20/18231249/samsung-galaxy-fold-folding-phone-features-screen-photos-size-announcement) if I
+can't hack it. That's all junk that'll end up in landfills and that
+spies on you. And as long as we build *and buy* crap like that, we'll
+be part of the problem, not the solution.
+
+So a shout out to the Fairphone people: you're doing an awesome job,
+and I just wish you keep going at it. My wishlist is: make it smaller,
+better camera, and better battery, while keeping everything else the
+same. :)
+
+TL;DR
+-----
+
+Pros:
+
+ * almost fully open: a few binary blobs
+ * comes with [TWRP](https://twrp.me/) rescue pre-installed
+ * comes with Fairphone OS pre-installed, easy to switch to the
+   free-er version
+ * very easy to repair
+ * removable battery
+ * fair-ish
+ * fast and responsive UI
+ * large builtin storage (32GB) with SD card expansion
+ * lightweight
+ * good speaker
+
+Cons:
+
+ * feels brittle
+ * bulky and thick
+ * low screen/body size ratio
+ * disappointing camera 
 
 Specifications
 ==============
@@ -295,40 +407,3 @@ Here are the various tweaks required for each app I currently use:
     its secret key
  8. contacts can be backed up with nextcloud on one device and
     restored on the other fairly easily
-
-First impressions
-=================
-
-The phone is so huge compared to the HTC One S, it's kind of sad. I
-wish they would make a smaller phone, especially since that would mean
-it's [easier to use for women](https://www.ledevoir.com/societe/549415/les-femmes-les-oubliees-du-design).
-
-The device also feels a little "plastiky": you need to tear out the
-back cover (and remove the battery!) to install the SIM card and that
-doesn't feel so great. One of the corners already doesn't quite fit
-right.
-
-Device was delivered with an almost empty battery (~5%) which made the
-initial setup challenging: I had to keep it plugged in and even had to
-switch chargers (from my laptop to a wall plug) because it wouldn't
-actually charge fast enough to compensate from the huge power usage of
-me doing everything at once.
-
-It's really nice to have TWRP and root out of the box. I don't think
-any other phone gives you such awesome power. It also ships with
-Firefox Klar instead of Google Chrome which is a nice touch. Fairphone
-OS surprisingly lacks a file manager so I installed the Simple File
-Manager instead.
-
-The MicroSD card socket is a little weird: there are two pins to keep
-the card from coming out (even though it's behind the plastic cover
-and unlikely to move) and that makes it difficult to swap out. I had
-to use a pair of tweezers to get the damn thing out. I also had to
-reboot for the SD card to be detected. (Incidentally, it told me my SD
-card was corrupt, which is strange. I formatted it as "portable" as I
-will store music and maps there. "Portable" [means](https://help.republicwireless.com/hc/en-us/articles/360000156767-What-is-the-Difference-Between-Portable-Storage-and-Internal-Storage-) "non-encrypted",
-basically.)
-
-The device itself is fast and responsive, and the speaker sounds loud.
-
-Todo cross-reference with, and add stuff from, [this post](https://forum.fairphone.com/t/hockey-canadian-fairphoners/17991/61).

yolo2
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index a0a6acba..dab151c4 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -330,3 +330,5 @@ will store music and maps there. "Portable" [means](https://help.republicwireles
 basically.)
 
 The device itself is fast and responsive, and the speaker sounds loud.
+
+Todo cross-reference with, and add stuff from, [this post](https://forum.fairphone.com/t/hockey-canadian-fairphoners/17991/61).

yolo
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 996d0173..a0a6acba 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -308,5 +308,25 @@ back cover (and remove the battery!) to install the SIM card and that
 doesn't feel so great. One of the corners already doesn't quite fit
 right.
 
-But otherwise the device itself is fast and responsive, and the
-speaker sounds loud.
+Device was delivered with an almost empty battery (~5%) which made the
+initial setup challenging: I had to keep it plugged in and even had to
+switch chargers (from my laptop to a wall plug) because it wouldn't
+actually charge fast enough to compensate from the huge power usage of
+me doing everything at once.
+
+It's really nice to have TWRP and root out of the box. I don't think
+any other phone gives you such awesome power. It also ships with
+Firefox Klar instead of Google Chrome which is a nice touch. Fairphone
+OS surprisingly lacks a file manager so I installed the Simple File
+Manager instead.
+
+The MicroSD card socket is a little weird: there are two pins to keep
+the card from coming out (even though it's behind the plastic cover
+and unlikely to move) and that makes it difficult to swap out. I had
+to use a pair of tweezers to get the damn thing out. I also had to
+reboot for the SD card to be detected. (Incidentally, it told me my SD
+card was corrupt, which is strange. I formatted it as "portable" as I
+will store music and maps there. "Portable" [means](https://help.republicwireless.com/hc/en-us/articles/360000156767-What-is-the-Difference-Between-Portable-Storage-and-Internal-Storage-) "non-encrypted",
+basically.)
+
+The device itself is fast and responsive, and the speaker sounds loud.

first impressions and docs of the FP2
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index 99081ad0..996d0173 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -72,3 +72,241 @@ history](https://en.wikipedia.org/wiki/Android_version_history) for the larger c
 
 There are [more OSes ported to the FP2](https://forum.fairphone.com/t/operating-systems-for-fairphones/11425/1) including Ubuntu Touch and
 Sailfish.
+
+Flashing with Saibon
+====================
+
+The default OS that comes with the Fairphone is, like many Android
+distributions, full of Google tracking software. I dislike those, so I
+installed [Saibon](https://code.fairphone.com/projects/fp-osos/index.html), also known as "Fairphone Open". I followed the
+[installation instructions](https://code.fairphone.com/projects/fp-osos/user/fairphone-open-source-os-installation-instructions.html) to download and install the new version
+which involves running an arbitrary bash script (which I quickly
+reviewd) that basically runs a bunch of `fastboot` commands to flash
+the phone through the USB port.
+
+    anarcat@curie:fp2-sibon-19.02.1-manual-switcher(master)$ sh flash-for-unix.sh
+    ** Fairphone OS 19.02.1 Manual Flashing Script **
+
+    WARNING: Flashing this image wipes all user data and settings on the phone.
+
+    Validating files...
+    Validation complete.
+
+    One Fairphone 2 in fastboot mode found (serial number: [REDACTED]).
+
+    Are you sure you want to wipe all user data and settings on the phone?
+      Type "Yes" to continue: Yes
+
+    Proceeding to flash the device.
+
+    target reported max download size of 536870912 bytes
+    sending 'rpm' (186 KB)...
+    OKAY [  0.009s]
+    writing 'rpm'...
+    OKAY [  0.011s]
+    finished. total time: 0.021s
+    target reported max download size of 536870912 bytes
+    sending 'sbl1' (274 KB)...
+    OKAY [  0.013s]
+    writing 'sbl1'...
+    OKAY [  0.008s]
+    finished. total time: 0.020s
+    target reported max download size of 536870912 bytes
+    sending 'tz' (334 KB)...
+    OKAY [  0.015s]
+    writing 'tz'...
+    OKAY [  0.008s]
+    finished. total time: 0.023s
+    target reported max download size of 536870912 bytes
+    sending 'modem' (57585 KB)...
+    OKAY [  2.052s]
+    writing 'modem'...
+    OKAY [  0.626s]
+    finished. total time: 2.678s
+    target reported max download size of 536870912 bytes
+    sending 'splash' (6075 KB)...
+    OKAY [  0.214s]
+    writing 'splash'...
+    OKAY [  0.073s]
+    finished. total time: 0.287s
+    target reported max download size of 536870912 bytes
+    sending 'aboot' (536 KB)...
+    OKAY [  0.020s]
+    writing 'aboot'...
+    OKAY [  0.016s]
+    finished. total time: 0.036s
+    target reported max download size of 536870912 bytes
+    sending 'boot' (11708 KB)...
+    OKAY [  0.422s]
+    writing 'boot'...
+    OKAY [  0.127s]
+    finished. total time: 0.549s
+    target reported max download size of 536870912 bytes
+    sending 'recovery' (13834 KB)...
+    OKAY [  0.487s]
+    writing 'recovery'...
+    OKAY [  0.159s]
+    finished. total time: 0.646s
+    target reported max download size of 536870912 bytes
+    erasing 'system'...
+    OKAY [  0.379s]
+    sending sparse 'system' 1/2 (520913 KB)...
+    OKAY [ 18.988s]
+    writing 'system' 1/2...
+    OKAY [  8.905s]
+    sending sparse 'system' 2/2 (48631 KB)...
+    OKAY [  1.752s]
+    writing 'system' 2/2...
+    OKAY [  0.794s]
+    finished. total time: 30.817s
+    target reported max download size of 536870912 bytes
+    erasing 'userdata'...
+    OKAY [  3.226s]
+    sending 'userdata' (138997 KB)...
+    OKAY [  4.723s]
+    writing 'userdata'...
+    OKAY [  1.830s]
+    finished. total time: 9.780s
+    target reported max download size of 536870912 bytes
+    erasing 'cache'...
+    OKAY [  0.023s]
+    sending 'cache' (12520 KB)...
+    OKAY [  0.450s]
+    writing 'cache'...
+    OKAY [  0.216s]
+    finished. total time: 0.689s
+
+    Flashing successful!
+    Your Fairphone 2 will now run **Fairphone OS 19.02.1**.
+
+    Press Enter to reboot the device and complete the installation...
+    rebooting...
+
+    finished. total time: 0.052s
+
+That worked pretty well, I must say: it's nice to have support for a
+real OS from the phone manufacturer! Once that's done, the phone
+reboots and takes a while to resume (a minute or two).
+
+Android configuration
+=====================
+
+This is copied from [[htc-one-s]].
+
+Those are things to do when I flash the device, which I seem to
+screwup so often that I actually had to note this down.
+
+ 1. Check for updates and install: there's an "updater" app in
+    Fairephon Open
+ 2. encrypt the phone (takes ~10 minutes, needs power), see below
+ 3. set lock code (PIN)
+ 4. go through prefs to tweak everything
+   * enable privacy guard, including on builtin apps
+   * browser: disable a bunch of stuff, enable utf8
+ 5. install f-droid using sideloading (see below)
+ 5. install and configure [apps](apps.html) (see below)
+ 6. import contacts from backups (see below)
+ 7. <del>setup fake GCM</del> screw google
+ 8. configure all installed apps (see below)
+ 9. backup the phone (!) todo!
+
+Some of those steps are documented more explicitly below.
+
+Upgrading recovery
+------------------
+
+A recovery (TWRP) is already installed on the phone, but it might have
+trouble sideloading apps. I had to upgrade TWRP using the [LineageOS
+docs](https://wiki.lineageos.org/devices/FP2/install):
+
+    gpg --verify twrp-3.2.3-0-FP2.img.asc
+    adb reboot bootloader
+    fastboot flash recovery twrp-3.2.3-0-FP2.img
+
+Once recovery is flashed, **hold the volume UP button** then hit:
+
+    fastboot reboot
+
+This will make sure the phone will reboot in recovery. Otherwise the
+phone will reboot to system which will overwrite the recovery image.
+
+Another method is to boot to recovery (it's already installed!) and
+install a new TWRP image on the phone:
+
+    adb push twrp-3.2.3-0-FP2.img /sdcard
+    adb reboot recovery
+
+And install it from the `Install` menu.
+
+Installing the F-Droid privileged extension
+-------------------------------------------
+
+From TWRP, flash the priviledged F-Droid app, which allows you to turn
+of that "allow untrusted sources" checkbox and enables automated
+upgrades, see the [privileged extension project page][] for more
+information.
+
+[privileged extension project page]: https://gitlab.com/fdroid/privileged-extension
+
+First, download the `.zip` file from the [privileged extension site][]
+and sideload by picking `Advanced` -> `Sideload`, then swipe. TRWP
+will wait then run this on the computer:
+
+    adb sideload org.fdroid.fdroid.privileged.ota_2000.zip
+
+Then swipe to reboot.
+
+If this fails with "Zip signature verification failed", it's because
+you don't have a recent enough version of TWRP. Reflash the recovery,
+and make sure to return to recovery after flashing it.
+
+[privileged extension site]: https://f-droid.org/repository/browse/?fdid=org.fdroid.fdroid.privileged.ota
+
+Apps install and synchronization
+--------------------------------

(Diff truncated)
explain the current workaround as well
diff --git a/services/hosting.mdwn b/services/hosting.mdwn
index 0e3dc71d..9aa93349 100644
--- a/services/hosting.mdwn
+++ b/services/hosting.mdwn
@@ -330,6 +330,10 @@ container. The correct incantation turns out to be:
 
     docker run --name=grafana --user=grafana --env="GF_METRICS_ENABLED=true" --env="GF_ANALYTICS_REPORTING_ENABLED=false" --env="GF_USERS_ALLOW_SIGN_UP=false" --env="GF_ALTERTING_ENABLED=false" --volume="grafana-storage:/var/lib/grafana" -p 3000:3000 --restart=unless-stopped grafana/grafana
 
+For now I'm storing the canonical commandline in a "start-$image"
+script (e.g. `start-airsonic`, `start-grafana`) but that seems
+suboptimal.
+
 Rocket
 ------
 

trick to restart containers
diff --git a/services/hosting.mdwn b/services/hosting.mdwn
index 4d3664db..0e3dc71d 100644
--- a/services/hosting.mdwn
+++ b/services/hosting.mdwn
@@ -310,6 +310,26 @@ Containers are basically a directory stored in
 To restart a container on reboot, use `--restart=unless-stopped` or
 `--restart=always`, as [documented](https://docs.docker.com/engine/admin/start-containers-automatically/).
 
+### Restarting containers
+
+A common problem I have is I forget how I started a given
+container. When it's stopped or crashed or upgraded, I don't know how
+to restart it with the same arguments. There's `docker inspect` that
+will tell me the arguments passed to the container, but not flags like
+environment variables, mountpoints. Those can be *deduced* from the
+JSON output, but it's unclear what's default and what was actually
+specified by hand.
+
+For this, the [runlike](https://github.com/lavie/runlike) tool is useful:
+
+    # docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike grafana
+    docker run --name=grafana --hostname=dd2130c9306c --user=grafana --env="GF_METRICS_ENABLED=true" --env="GF_ANALYTICS_REPORTING_ENABLED=false" --env="GF_USERS_ALLOW_SIGN_UP=false" --env="GF_ALTERTING_ENABLED=false" --env="PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" --env="GF_PATHS_CONFIG=/etc/grafana/grafana.ini" --env="GF_PATHS_DATA=/var/lib/grafana" --env="GF_PATHS_HOME=/usr/share/grafana" --env="GF_PATHS_LOGS=/var/log/grafana" --env="GF_PATHS_PLUGINS=/var/lib/grafana/plugins" --env="GF_PATHS_PROVISIONING=/etc/grafana/provisioning" --volume="grafana-storage:/var/lib/grafana" -p 3000:3000 --restart=unless-stopped --detach=true grafana/grafana
+
+It may be a little verbose, but it's a good basis to restart a
+container. The correct incantation turns out to be:
+
+    docker run --name=grafana --user=grafana --env="GF_METRICS_ENABLED=true" --env="GF_ANALYTICS_REPORTING_ENABLED=false" --env="GF_USERS_ALLOW_SIGN_UP=false" --env="GF_ALTERTING_ENABLED=false" --volume="grafana-storage:/var/lib/grafana" -p 3000:3000 --restart=unless-stopped grafana/grafana
+
 Rocket
 ------
 

new quote, from twitter
diff --git a/fortunes.txt b/fortunes.txt
index bebe767f..c3c3129a 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1101,3 +1101,7 @@ government and peace without violence.
 The ultimate test of your knowledge is your capacity to convey it to
 another.
                         - Richard Feynman
+%
+There is no programming language–no matter how structured–that will
+prevent programmers from making bad programs.
+                        - Larry Flon

fix isis case
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
index 9f768aaf..92ae6d85 100644
--- a/blog/2019-03-05-report.mdwn
+++ b/blog/2019-03-05-report.mdwn
@@ -73,7 +73,7 @@ wrapped up for whoever picks this up next.
 Following a new vulnerability (CVE-2019-6690) disclosed in the
 python-gnupg library, I have [expressed concerns][] at the security
 reliability of the project in future updates, referring to wider issues
-identified by Isis Lovecroft in [this post][]. 
+identified by isis lovecroft in [this post][]. 
 
 I suggested we should simply drop security support for the project,
 citing it didn't have many reverse dependencies. But it seems that

link to a server
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index c3b50cce..4f5d7e38 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -196,7 +196,9 @@ the [721Tq](https://www.supermicro.com/products/chassis/tower/721/SC721TQ-250B)
 and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard backend
 ([235$CAD](http://www.atic.ca/index.php?page=details&psku=122205) at ATIC). It would require building a whole new server
 since marcos is [microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good
-because it fits well with SoC boards (see below).
+because it fits well with SoC boards (see below). A friend
+specifically looked at [this atom server](http://www.atic.ca/index.php?page=details&psku=164534) which has a nice price
+tag (618$CAD).
 
 Supermicro also has what they call [mobile racks](https://www.supermicro.com/products/chassis/mobileRack/) that can fit
 multiple drives in a 5.25" bays.

formatting, again
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
index 38927455..9f768aaf 100644
--- a/blog/2019-03-05-report.mdwn
+++ b/blog/2019-03-05-report.mdwn
@@ -405,14 +405,14 @@ to read it in full, but I'll quote the first post here for posterity:
 > mimetype for email, and remembering it was all backwards and weird and I
 > can't find the reference anymore. If some lazyweb magic person could
 > forward the link to me I would be grateful.
-> [1]: one of so many: https://www.georgedillon.com/web/html_email_is_evil_still.shtml
-> [2]: https://en.wikipedia.org/wiki/Netscape_Communicator
-> [3]: yes my age is showing
-> [4]: to be fair, this article encouraged me quite a bit:
-> https://blog.chaddickerson.com/2019/01/09/replacing-facebook/
-> [5]: not the bass guitar one, unfortunately
-> [6]: https://en.wikipedia.org/wiki/HTML_email#Adoption
-> [7]: https://trey-jackson.blogspot.com/2008/01/emacs-tip-8-markdown.html
+>
+>      [1]: one of so many: https://www.georgedillon.com/web/html_email_is_evil_still.shtml
+>      [2]: https://en.wikipedia.org/wiki/Netscape_Communicator
+>      [3]: yes my age is showing
+>      [4]: to be fair, this article encouraged me quite a bit: https://blog.chaddickerson.com/2019/01/09/replacing-facebook/
+>      [5]: not the bass guitar one, unfortunately
+>      [6]: https://en.wikipedia.org/wiki/HTML_email#Adoption
+>      [7]: https://trey-jackson.blogspot.com/2008/01/emacs-tip-8-markdown.html
 
 I edited the original message to include the latest version of the
 script, which (unfortunately) lives in my private `dotfiles` git

fix formatting error
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
index fe6051dc..38927455 100644
--- a/blog/2019-03-05-report.mdwn
+++ b/blog/2019-03-05-report.mdwn
@@ -177,7 +177,9 @@ start a full time job either, so this might possibly be my last report
 for a while.
 
 Debian work before the freeze
---------------------- uploaded new versions of bitlbee-mastodon ([1.4.1-1](https://tracker.debian.org/news/1030798/accepted-bitlbee-mastodon-141-1-source-into-unstable/)), sopel
+-----------------------------
+
+I uploaded new versions of bitlbee-mastodon ([1.4.1-1](https://tracker.debian.org/news/1030798/accepted-bitlbee-mastodon-141-1-source-into-unstable/)), sopel
 ([6.6.3-1](https://tracker.debian.org/news/1030572/accepted-sopel-663-1-source-into-unstable/) and [6.6.3-2](https://tracker.debian.org/news/1030670/accepted-sopel-663-2-source-all-into-unstable/)) and dateparser ([0.7.1-1](https://tracker.debian.org/news/1030437/accepted-dateparser-071-1-source-into-unstable/)). I've
 also sponsored new uploads of smokeping and tuptime.
 
@@ -373,7 +375,7 @@ to read it in full, but I'll quote the first post here for posterity:
 >  4. inject the HTML version in the HTML part
 > 
 > There's some nasty business with formatting the signature correctly by
-> wrapping it in a <pre> that's going on there - I took that from
+> wrapping it in a `<pre>` that's going on there - I took that from
 > Thunderbird as well.
 > 
 > (For those who *do* read elisp for breakfast, improvements and comments

creating tag page tag/calendes
diff --git a/tag/calendes.mdwn b/tag/calendes.mdwn
new file mode 100644
index 00000000..47f7ec6c
--- /dev/null
+++ b/tag/calendes.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged calendes"]]
+
+[[!inline pages="tagged(calendes)" actions="no" archive="yes"
+feedshow=10]]

new (last?) report
diff --git a/blog/2019-03-05-report.mdwn b/blog/2019-03-05-report.mdwn
new file mode 100644
index 00000000..fe6051dc
--- /dev/null
+++ b/blog/2019-03-05-report.mdwn
@@ -0,0 +1,480 @@
+[[!meta title="February 2019 report: LTS, HTML mail, new phone and new job"]]
+
+[[!toc levels=2]]
+
+Debian Long Term Support (LTS)
+==============================
+
+This is my monthly [Debian LTS][] report. 
+
+[Debian LTS]: https://www.freexian.com/services/debian-lts.html
+
+This is my final LTS report. I have found other work and will
+unfortunately not be able to continue working on the LTS project in
+the foreseeable future. I will continue my volunteer work on Debian
+and might even contribute to LTS in my normal job, but not directly
+part of the LTS team.
+
+It is too bad because that team is doing essential work, and needs
+more help. Security is, at best, lacking everywhere and I do not
+believe the current approach of "minimal viable product, move fast,
+then break things" is sustainable. The people working on Linux
+distributions and also the LTS people are doing hard, dirty work of
+maintaining free software in the long term. It's thankless but I
+believe it's one of the most important jobs out there right now. And I
+suspect there will be only more of it as time goes by.
+
+Legacy systems are not going anywhere: this is the next generation's
+"y2k bug": old, forgotten software no one understands or cares to work
+with that suddenly break or have a critical vulnerability that needs
+patching. Moving faster will not help us fix this problem: it only
+piles up more crap to deal with for real systems running in
+production.
+
+> The survival of humans and other species on planet Earth in my view can
+> only be guaranteed via a timely transition towards a stationary
+> state, a world economy without growth.
+> 
+> -- Peter Custers
+
+## Website work
+
+I again worked on the website this month, doing one more mass import
+([MR 53][]) which was finally merged by Holger Levsen, after I [fixed
+an issue with PGP signatures][] showing up on the website.
+
+[fixed an issue with PGP signatures]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/51
+
+I also polished the misnamed "audit" script that checks for missing
+announcements on the website and published it as [MR 1][] on the
+"cron" project of the webmaster team. It's still a "work in progress"
+because it is still too noisy: there are a few DLAs missing already
+and we haven't published the latest DLAs on the website.
+
+[MR 1]: https://salsa.debian.org/webmaster-team/cron/merge_requests/1
+[MR 53]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/53
+
+The remaining work here is to automate the import of new announcements
+on the website ([bug #859123][]). I've done what is hopefully the
+[last mass import][] and updated the workflow in the wiki.
+
+Finally, I have also done a bit of [cleanup][] on the website that
+was necessary after the mass import which also required [rewrite
+rules][] at the server level. Hopefully, I will have this fairly well
+wrapped up for whoever picks this up next.
+
+[rewrite rules]: https://salsa.debian.org/anarcat/dsa-puppet/merge_requests/1
+[cleanup]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/55
+[last mass import]: https://salsa.debian.org/webmaster-team/webwml/merge_requests/58
+[bug #859123]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859123
+
+## Python GPG concerns
+
+Following a new vulnerability (CVE-2019-6690) disclosed in the
+python-gnupg library, I have [expressed concerns][] at the security
+reliability of the project in future updates, referring to wider issues
+identified by Isis Lovecroft in [this post][]. 
+
+I suggested we should simply drop security support for the project,
+citing it didn't have many reverse dependencies. But it seems that
+wasn't practical and the [response][] was that it was actually
+possible to keep on maintaining it an such an update was issued for
+jessie.
+
+[response]: https://lists.debian.org/20190209103913.e45eqo3gax5g33op@manillaroad.local.home.trueelena.org
+[this post]: https://blog.patternsinthevoid.net/pretty-bad-protocolpeople.html
+[expressed concerns]: https://lists.debian.org/87r2cj4kg2.fsf@curie.anarc.at
+
+## Golang concerns
+
+Similarly, I have [expressed more concerns][] about the maintenance of
+Golang packages following the disclosure of a vulnerability
+(CVE-2019-6486) regarding elliptic curve implementations in the core
+Golang libraries. An update (DLA-1664-1) was issued for the core, but
+because Golang is statically compiled, I was worried the update wasn't
+sufficient: we also needed to upload updates for any build dependency
+using the affected code as well.
+
+[expressed more concerns]: https://lists.debian.org/87sgx0czxg.fsf@curie.anarc.at
+
+Holger asked the golang team for help and i also asked on
+irc. Apparently, all the non-dev packages (with some exceptions) were
+binNMU'd in stretch but the process needs to be clarified.
+
+I also wondered if this maintenance problem could be resolved in the
+long term by switching to dynamic linking. Ubuntu tried to switch to
+dynamic linking but abandoned the effort, so it seems Golang will be
+quite difficult to maintain for security updates in the foreseeable
+future.
+
+## Libarchive updates
+
+I have reproduced the problem described in CVE-2019-1000020 and
+CVE-2019-1000019 in jessie. I published a fix as [DLA-1668-1][]. I had
+to build the update without sbuild's overlay system (in a tar chroot)
+otherwise the cpio tests fail.
+
+[DLA-1668-1]: https://lists.debian.org/20190207192754.GA14483@curie.anarc.at
+
+## Netmask updates
+
+This one was minimal: a patch was [sent by the maintainer][] so I only
+wrote and sent [DLA 1665-1][]. Interestingly, I didn't have access to
+the `.changes` file which made writing the DLA a little harder, as my
+workflow normally involves calling `gen-DLA --save` with the .changes
+file which autopopulates a template. I learned that `.changes` files
+are normally archived on `coccia.debian.org` (specifically in
+`/srv/ftp-master.debian.org/queue/done/`), but not in the case of
+security uploads.
+
+[DLA 1665-1]: https://lists.debian.org/20190206222753.GA28901@curie.anarc.at
+[sent by the maintainer]: https://lists.debian.org/20190206005958.GA7780@debian.org
+
+## Libreoffice
+
+I once again tried to tackle an issue (CVE-2018-16858) with
+Libreoffice. The [last time][] I tried to work on LibreOffice, the
+test suite was failing and the linker was *crashing* after hours of
+compilation and I never got anywhere. But that was wheezy, so I
+figured jessie might be in better shape.
+
+[last time]: https://anarc.at/blog/2017-11-30-free-software-activities-november-2017
+    
+I quickly got into trouble with sbuild: I ran out of space on *both*
+`/` and `/home` so I moved all my photos to external drive (!). The
+patch ended up being trivial. I could reproduce with a simple proof of
+concept, but could not quite get code execution going. It might just
+be I haven't found the right Python module to load, so I assumed the
+code was vulnerable and, given the patch was simple, it was worth
+doing an update.
+
+The build ended up taking close to nine hours and 35GiB of disk
+space. I published [DLA-1669-1][] as a result. 
+
+I also opened a [bug report against dput-ng][] against dput-ng because
+it still doesn't warn users about uploads to security-master the same
+way dput does.
+
+[bug report against dput-ng]: https://bugs.debian.org/921750
+[DLA-1669-1]: https://lists.debian.org/20190208212911.GA10095@curie.anarc.at
+
+## Enigmail
+
+Finally, Enigmail was finally taken off the official support list in
+jessie when the debian-security-support proposed update was
+[approved][].
+
+[approved]: https://lists.debian.org/81f630a358a5c6da6b3a02c3a2c18712@mail.adam-barratt.org.uk
+
+Other free software work
+========================
+
+Since I was going to start that new job in March, I figured I would
+try to take some time off before work starts. I therefore mostly tried
+to wrap things up and didn't do as much volunteer work as I usually
+do. I'm unsure I'll be able to do as much volunteer work now that I
+start a full time job either, so this might possibly be my last report
+for a while.
+
+Debian work before the freeze
+--------------------- uploaded new versions of bitlbee-mastodon ([1.4.1-1](https://tracker.debian.org/news/1030798/accepted-bitlbee-mastodon-141-1-source-into-unstable/)), sopel
+([6.6.3-1](https://tracker.debian.org/news/1030572/accepted-sopel-663-1-source-into-unstable/) and [6.6.3-2](https://tracker.debian.org/news/1030670/accepted-sopel-663-2-source-all-into-unstable/)) and dateparser ([0.7.1-1](https://tracker.debian.org/news/1030437/accepted-dateparser-071-1-source-into-unstable/)). I've
+also sponsored new uploads of smokeping and tuptime.
+
+I also uploaded [convertdate to NEW](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922335) as it was a (missing but
+optional) dependency of dateparser. Unfortunately, it didn't make it
+through NEW in time for the freeze so dateparser won't be totally
+fixed in buster.
+
+I also made two new releases of [feed2exec](https://gitlab.com/anarcat/feed2exec), my programmable feed
+reader, to [fix date parsing on broken feeds](https://github.com/kurtmckee/feedparser/issues/159), add a JSON output
+plugin, and fix an issue with the `ikiwiki_recentchanges` plugin.
+
+New phone
+---------

(Diff truncated)
quote atic
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 2324c409..c3b50cce 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -193,10 +193,10 @@ gnubee (more powerful, among other things).
 Supermicro sells cases as well as motherboards, and some of those
 might be interesting for a home server / NAS solution. For example,
 the [721Tq](https://www.supermicro.com/products/chassis/tower/721/SC721TQ-250B) has four hot-swappable 3.5" bays for SATA hard drives
-and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard
-backend. It would require building a whole new server since marcos is
-[microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good because it fits
-well with SoC boards (see below).
+and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard backend
+([235$CAD](http://www.atic.ca/index.php?page=details&psku=122205) at ATIC). It would require building a whole new server
+since marcos is [microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good
+because it fits well with SoC boards (see below).
 
 Supermicro also has what they call [mobile racks](https://www.supermicro.com/products/chassis/mobileRack/) that can fit
 multiple drives in a 5.25" bays.

mention supermicro
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 804fdc94..2324c409 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -188,6 +188,19 @@ the cluster, as 6 drives going full spin will generate a lot of I/O.
 In pre-order: https://kobol.io/helios4/ Interesting alternative to the
 gnubee (more powerful, among other things).
 
+## Supermicro
+
+Supermicro sells cases as well as motherboards, and some of those
+might be interesting for a home server / NAS solution. For example,
+the [721Tq](https://www.supermicro.com/products/chassis/tower/721/SC721TQ-250B) has four hot-swappable 3.5" bays for SATA hard drives
+and two internal 2.5" bays with a [Mini-ITX](https://en.wikipedia.org/wiki/Mini-ITX) motherboard
+backend. It would require building a whole new server since marcos is
+[microATX](https://en.wikipedia.org/wiki/MicroATX) but the Mini-ITX form factor is good because it fits
+well with SoC boards (see below).
+
+Supermicro also has what they call [mobile racks](https://www.supermicro.com/products/chassis/mobileRack/) that can fit
+multiple drives in a 5.25" bays.
+
 ## Other SoC boards
 
 There are many SoC boards that could be used to create a device from

meilleure docu de l'imprimante
diff --git a/services/print.mdwn b/services/print.mdwn
index 23e95ac0..03878183 100644
--- a/services/print.mdwn
+++ b/services/print.mdwn
@@ -18,3 +18,14 @@ n'ont pas fonctionné alors j'ai partagé l'imprimante sur ma machine,
 ce qui semble, pour l'instant, fonctionner.
 
 [p910n]: https://openwrt.org/docs/guide-user/services/print_server/p910ndprinterserver
+
+Configurer l'imprimante sur une nouvelle machine devrait être
+automatique: elle devrait auto-détecter l'imprimante partagée sur
+`curie`.
+
+Pour configurer `curie`, il faut ajouter une nouvelle imprimante de
+type "AppSocket/HP JetDirect" avec l'URL
+`socket://plastik.anarc.at:9100`. On entre ensuite le nom de
+l'imprimante (`HP-LaserJet-1012`) et on la partage, puis on choisit le
+driver `HP LaserJet 1012 hpijs`, qui est disponible dans le [package
+printer-driver-hpijs](https://tracker.debian.org/printer-driver-hpijs).

consider the librem 13, add size/weight stats to x220 for comparison
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 10a38ecb..b80770fd 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -172,6 +172,7 @@ X220
 <http://thinkwiki.de/X220>
 
  * 12.5" TFT
+ * 305.0mm x 206.5mm x 19-34.6mm, 1.3kg
  * i3-i7
  * 16GB max
  * 2 minipci (incl possible mSATA)
@@ -232,6 +233,33 @@ https://puri.sm/products/
 1500 - 1700$USD... trop cher. mais vraiment intéressant parce qu'ils
 semblent vraiment libérer le matériel.
 
+### Librem 13
+
+https://puri.sm/products/librem-13/
+
+ * Operating system: PureOS
+ * TPM: Included
+ * Battery life: Roughly 7 to 9 hours
+ * Processor: Core i7 7500U (Kabylake)
+ * Display: 13.3"
+ * Graphics: Intel HD Graphics 620
+ * Memory: Up to 16GB, DDR4 at 2133 MHz
+ * Storage: Configurable
+ * Chassis: Black anodized aluminium
+ * Webcam: 720p 1.0 megapixel
+ * Dimensions: 325×219×18mm
+ * Weight: 1.4kg
+ * Wireless: Atheros 802.11n w/ Two Antenna
+ * Radio hardware killswitch: Yes
+ * Mic and cam killswitches: Yes
+ * Audio port: 1 headphone/line output jack
+ * USB ports: 2 USB 3.0 Ports (1 type C),
+ * External monitor output: 1 HDMI Port (4K capable)
+ * Card reader: Yes, 2-in-1 SD/MMC
+ * Backlit keyboard: Yes
+ * Touch interface: Elantech Multitouch Trackpad
+ * Thermal design: Low noise fan
+
 Dell
 ----
 

got the phone finally unlocked
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index e36b8c8f..a60ed375 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1148,7 +1148,10 @@ claim to be able to unlock the phone within "5-90 minutes" but the
 unlocking process actually took a little over 8 hours and was finally
 shipped at 19:50:43 after being delayed an hour by graylisting. The
 code, unfortunately, was not working: the unlock failed with "SIM
-network unlock request unsuccessful".
+network unlock request unsuccessful". The reason for this is unlocking
+works only on stock firmware, so I had to dig the original firmware
+out of my backups and reflash the whole thing (twice) to actually
+unlock the phone. But a day later, it's done!
 
 Future work
 ===========

yolo: switched to new phone, yay
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index 1aaed17e..e36b8c8f 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -56,6 +56,11 @@ uploaded the most recent [snapshots][] and [nightlies on Archive.org][].
 [snapshots]: https://archive.org/details/cmarchive_snapshots
 [nightlies on Archive.org]: https://archive.org/details/cmarchive_nighlies
 [those Reddit folks]: https://www.reddit.com/r/cyanogenmod/comments/5kas0h/complete_cm_snapshots_and_nightlies_archive_xpost/
+
+There's also an [unofficial build](https://forum.xda-developers.com/htc-one-s/development/7-1-lineage14-1-htc-one-s-ville-t3540981) labeled
+`lineage-14.1-20180820-UNOFFICIAL-ville.zip` which is probably much
+better than running a 2 years older build, but it "only works with the
+S4" so I haven't tried it yet.
 """]]
 
 [latest nightly]: https://archive.org/download/cmarchive_nighlies/cm-12.1-20160822-NIGHTLY-ville.zip
@@ -230,6 +235,11 @@ seconds and then release the `Power` button while keeping `Volume
 down` pressed until the bootload comes up (~5-10s?). From there I
 return to TWRP and sideload again the part that failed.
 
+This is also a good time to load other privileged extensions, like
+F-Droid:
+
+    sudo adb sideload org.fdroid.fdroid.privileged.ota_2040.zip
+
 Once the sideloading is complete, you need to flash the `boot.img`
 file in place, by rebooting in the bootloader. Use `Reboot`,
 `Bootloader` from the main menu, not the `Reboot` button from the
@@ -259,23 +269,60 @@ My android configuration
 Those are things to do when I flash the device, which I seem to
 screwup so often that I actually had to note this down.
 
- 1. Check for updates and install: `About phone`, `CyanogenMod
-    updates` if not done automatically
+ 1. <del>Check for updates and install: `About phone`, `CyanogenMod
+    updates` if not done automatically</del> There are no updates
+    anymore, tough luck.
  1. encrypt the phone (takes ~10 minutes, needs power), see below
  2. set lock code (PIN)
  3. go through prefs to tweak everything
    * enable privacy guard, including on builtin apps
    * browser: disable a bunch of stuff, enable utf8
- 4. install f-droid
- 5. install and configure [apps](apps.html)
- 6. import contacts from backups
- 7. setup fake GCM
+ 4. <del>install f-droid</del> done during sideloading, refresh repos
+    and upgrade instead
+ 5. install and configure [apps](apps.html) - note: this can be more easily
+    done by syncing apps with another phone through F-Droid's "nearby"
+    feature
+ 6. import contacts from backups - can be done with nextcloud
+ 7. <del>setup fake GCM</del> screw google
  8. configure all installed apps above
  9. backup the phone
- 10. reimport music using git-annex
- 
+ 10. <del>reimport music using git-annex</del> using Subsonic instead
+
 Some of those steps are documented more explicitly below.
 
+Apps install and synchronization
+--------------------------------
+
+Apps often keep their state only on the phone and don't sync up to
+servers online, which means we need to backup/restore some things
+around.
+
+F-Droid has a very nice interface to install "nearby" apps. The "app
+list" is totally useless in comparison, as the "HTML list" version is
+unusable: the links are broken and formatting is all out of whack.
+
+Here are the various tweaks required for each app I currently use:
+
+ 1. anikdroid: syncs easily with central server
+ 2. antenna pod: syncs with gpodder, but better export/import database
+    through syncthing
+ 3. dSub, lichess, Nextcloud, Wallabag, Linphone and VoIP.SMS all need
+    to have their passwords re-set which is annoying, although the
+    latter two are relevant only for "non-GSM" phones
+ 4. OSMand also doesn't have such a good import/export story - all
+    those little settings need to be redone by hand if there's no
+    backup
+ 5. Signal is, of course, a [frigging catastrophe](https://community.signalusers.org/t/i-lost-my-phone-or-changing-the-master-device-in-signal/1200) as well,
+    althought here is an actually good way to [transfer between two
+    phones](https://support.signal.org/hc/en-us/articles/360007059752) so the story isn't that bad either
+ 7. syncthing takes care of the rest, namely installing Signal from
+    the [APK URL](https://signal.org/android/apk/), my Stellarium backup and so on. it also useful
+    for "copy-pasting" (so to speak) passwords around instead of
+    tapping those stupid strings out, including the Signal backup and
+    its secret key
+ 8. contacts can be backed up with nextcloud on one device and
+    restored on the other fairly easily
+
 Backing up phone
 ----------------
 
@@ -997,6 +1044,11 @@ Boot into TWRP, and push the backup at exactly the right location:
 
     adb push -p HT26PW407343 /sdcard/TWRP/BACKUPS/HT26PW407343
 
+This can also be done with the OTG cable. The backup is in a directory
+called `Stock ROM 2016-03-17--19-17-35` and was last seen on `curie`,
+copied over from the `calyx` external drive, itself moved over from
+`angela`.
+
 Go into Restore and select all options to restore from backup.
 
 Reboot into bootloader and flash the old boot sector backup:
@@ -1010,6 +1062,10 @@ Reboot into bootloader and flash the old boot sector backup:
 
 Reboot.
 
+Update: 
+
+The [HTC dev center](https://www.htcdev.com/devcenter/downloads) only has source code, not official rom files.
+
 Developping for Android
 =======================
 
@@ -1070,27 +1126,8 @@ this phone is Cyanogenmod and that project has died, replaced with
 [LineageOS](https://lineageos.org/) which barely supports *any* HTC device whatsoever. But
 it beats having no phone at all.
 
-I've found nice ways of copying data between the two phones:
-
- 1. anikdroid: syncs easily with central server
- 2. antenna pod: syncs with gpodder, but better export/import database
-    through syncthing
- 3. dSub, lichess, Nextcloud, Wallabag, Linphone and VoIP.SMS all need
-    to have their passwords re-set which is annoying, although the
-    latter two are relevant only for "non-GSM" phones
- 4. OSMand also doesn't have such a good import/export story - all
-    those little settings need to be redone by hand if there's no
-    backup
- 5. Signal is, of course, a [frigging catastrophe](https://community.signalusers.org/t/i-lost-my-phone-or-changing-the-master-device-in-signal/1200) as well
- 6. apps list: f-droid has a very nice interface to install "nearby"
-    apps - the "app list" is totally useless in comparison, as the
-    "HTML list" version is unusable as the formatting is broken
- 7. syncthing takes care of the rest, namely installing Signal from
-    the [APK URL](https://signal.org/android/apk/), my Stellarium backup and so on. it also useful
-    for "copy-pasting" (so to speak) passwords around instead of
-    tapping those stupid strings out
- 8. contacts can be backed up with nextcloud on one device and
-    restored on the other fairly easily
+I've found nice ways of copying data between the two phones, and I
+updated the install procedure above accordingly.
 
 Only problem is the Transit app is not compatible with this older
 Android release.

fix link
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index 89e23858..1aaed17e 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1101,7 +1101,7 @@ online, so I picked some random one ([canadaunlocking.com](https://canadaunlocki
 in a startpage search for "android sim unlock") and paid them 10$USD
 via Paypal for some semblance of security. Worst thing is they have my
 IMEI number mapped to my Paypal account I guess and/or they steal my
-money. Other such sites include [unlockradar.com](and they se) ([suggested by
+money. Other such sites include [unlockradar.com](http://www.unlockradar.com/) ([suggested by
 Quora](https://www.quora.com/What-is-a-Sim-Network-Unlock-Pin?share=1)) and [unlockriver.com](http://unlockriver.com/) (found in [this youtube
 video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
 

update: unlock failed.
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index c09b4c03..89e23858 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1107,7 +1107,11 @@ video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
 
 As of 2019-02-26T11:50:00EST, no mail had arrived from
 canadaunlocking.com. Paypal payment was confirmed on 11:39:26EST. They
-claim to be able to unlock the phone within "5-90 minutes".
+claim to be able to unlock the phone within "5-90 minutes" but the
+unlocking process actually took a little over 8 hours and was finally
+shipped at 19:50:43 after being delayed an hour by graylisting. The
+code, unfortunately, was not working: the unlock failed with "SIM
+network unlock request unsuccessful".
 
 Future work
 ===========

move the fairphone stuff in a subpage
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 52bf873c..25ce0154 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -134,55 +134,13 @@ sont mauvais sur XDA...
 Ceci dit, j'ai découvert que le FP2 est possiblement en vente au
 Canada (voir ci-bas) et j'ai fait une [demande](https://forum.fairphone.com/t/buying-a-fairphone-2-in-canada/48483) pour un usagé.
 
-Update: j'ai acheté un Fairphone 2 chez Ecosto, pour 543.24$CAD. Je
-m'attends à ce que les délais de livraison soient assez long: leur
-estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
-donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
-chez dx.com et compagnie...
+Update: j'ai acheté un Fairphone 2 chez Ecosto, pour ~500$CAD, voir
+[[fairphone2]] pour les détails.
 
 Fairphone 2
 -----------
 
-The [[!wikipedia Fairphone]] (FP) is a really important project. They
-have already shipped two versions of the phone (FP1 and [FP2](https://shop.fairphone.com/en/)) and
-a third one is at the [concept stage](https://twitter.com/Fairphone/status/1053232949225766912) ([more discussions](https://forum.fairphone.com/t/date-de-lancement-du-fairphone-3/41694/12)).
-
-The key with the FP project, is to avoid major human rights issues in
-the source of components and the production of the device, something
-that's way too often overlooked. Many minerals involved in the
-fabrication of modern electronics come from conflict zones or involve
-horrible (child) labour conditions. Fixing those issues should be our
-priority, maybe even before hardware or software freedom.
-
-Even without addressing completely those issues, the fact that it
-scored a [perfect 10][] in iFixit's reparibility score is incredible.
-It seems parts are difficult to find, even in Europe. The phone
-doesn't ship to the Americas from the original website, which makes it
-difficult to buy, but *some* shops *do* ship to Canada, like
-[Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/). So it might still be relevant.
-
-[perfect 10]: https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523
-
-Specs:
-
- * Android 7, [supported in LOS](https://wiki.lineageos.org/devices/FP2) 15.1, will likely be [ported to
-   LOS 16](https://forum.fairphone.com/t/lineage-os-16-x/44213)
- * [perfect 10][] in iFixit repairability
- * 2GB RAM
- * CPU: Quad-core Krait 400 2.26 GHz (Qualcomm MSM8974AB-AB Snapdragon 801)
- * Network: 2G bands: 850 900 1800 1900, 3G bands: 8(900) 2(1900)
-   1(2100), 4G bands: 3(1800) 7(2600) 20(800)
- * Storage: 32GB
- * SD card < 128GB
- * Dual SIM
- * GPS, A-GPS, Glonass
- * compass, FM receiver, etc
- * BT <= 4.0
- * Camera: 12 MP f/2.2
- * 3.5mm audio jack
- * Micro-USB 2.0
- * 5" screen, 143 mm x 73 mm x 11 mm, gorilla glass 3
- * Battery: 2420 mAh at 3.8V (9.2 Wh) - REMOVABLE!!
+Moved to [[fairphone2]].
 
 Purism Librem 5
 ---------------
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
new file mode 100644
index 00000000..99081ad0
--- /dev/null
+++ b/hardware/phone/fairphone2.mdwn
@@ -0,0 +1,74 @@
+The [[!wikipedia Fairphone]] (FP) is a really important project. They
+have already shipped two versions of the phone (FP1 and [FP2](https://shop.fairphone.com/en/)) and
+a third one is at the [concept stage](https://twitter.com/Fairphone/status/1053232949225766912) ([more discussions](https://forum.fairphone.com/t/date-de-lancement-du-fairphone-3/41694/12)).
+
+The key with the FP project, is to avoid major human rights issues in
+the source of components and the production of the device, something
+that's way too often overlooked. Many minerals involved in the
+fabrication of modern electronics come from conflict zones or involve
+horrible (child) labour conditions. Fixing those issues should be our
+priority, maybe even before hardware or software freedom.
+
+Even without addressing completely those issues, the fact that it
+scored a [perfect 10][] in iFixit's reparibility score is incredible.
+It seems parts are difficult to find, even in Europe. The phone
+doesn't ship to the Americas from the original website, which makes it
+difficult to buy, but *some* shops *do* ship to Canada, like
+[Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/).
+
+[perfect 10]: https://www.ifixit.com/Teardown/Fairphone+2+Teardown/52523
+
+I bought a [Fairphone 2]() (FP2) after the [price came down](https://forum.fairphone.com/t/fp2-price-at-399-24-discount-it-contains-24mg-of-gold/45562) for
+~500$CAD at [Ecosto](https://www.ecosto.net/en/catalogue/fairphone-2-alypuhelin_26867/) and I'm waiting for the actual device to
+ship. It's a guess: the Fairphone 3 (FP3) is [due to come out in
+2019](https://forum.fairphone.com/t/fairphone-3-interview-of-bas-from-frandroid/28529) but I was tired of hacking around really old, unsupported and
+so insecure, locked down phones I had lying around.
+
+Je m'attends à ce que les délais de livraison soient assez long: leur
+estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
+donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
+chez dx.com et compagnie...
+
+Specifications
+==============
+
+ * Android 7, [supported in LOS](https://wiki.lineageos.org/devices/FP2) 15.1, will likely be [ported to
+   LOS 16](https://forum.fairphone.com/t/lineage-os-16-x/44213)
+ * [perfect 10][] in iFixit repairability
+ * CPU: Quad-core Krait 400 2.26 GHz (Qualcomm MSM8974AB-AB Snapdragon 801)
+ * 2GB RAM
+ * Network: 2G bands: 850 900 1800 1900, 3G bands: 8(900) 2(1900)
+   1(2100), 4G bands: 3(1800) 7(2600) 20(800)
+ * Storage: 32GB
+ * SD card < 128GB
+ * Dual SIM
+ * GPS, A-GPS, Glonass
+ * compass, FM receiver, etc
+ * BT <= 4.0
+ * Camera: 12 MP f/2.2
+ * 3.5mm audio jack
+ * Micro-USB 2.0
+ * 5" screen, 143 mm x 73 mm x 11 mm, gorilla glass 3
+ * Battery: 2420 mAh at 3.8V (9.2 Wh) - REMOVABLE!!
+
+Operating system
+================
+
+Fairphone comes with "[Fairphone OS](https://code.fairphone.com/projects/fp-osos/#fairphone-os)" a version of Android
+specifically built for the Fairphone. It ships with Google apps and
+all the usual Android nastiness, so there's also a [Fairphone Open](https://code.fairphone.com/projects/fp-osos/#id2)
+(also known as "Sibon") version that consists only of free software
+(minus, naturally, the [proprietary firmware](https://code.fairphone.com/projects/fp-osos/dev/fp2-blobs-download-page.html) required to run the
+hardware).
+
+I will probably [install Fairphone Open](https://code.fairphone.com/projects/fp-osos/user/fairphone-open-source-os-installation-instructions.html) once I get a hold of the
+device. LineageOS (LOS) is [also supported](https://download.lineageos.org/FP2) (see also [this
+discussion](https://forum.fairphone.com/t/you-should-switch-to-open-os-now-why-how/25511)). One advantage LOS has over Fairphone OS (FOS) is it's
+more recent: LOS 15.1 is the latest supported version (which
+[corresponds to Android 8.1](https://en.wikipedia.org/wiki/LineageOS#Version_history)) and it's [being ported to 16](https://forum.fairphone.com/t/lineage-os-16-x/44213)
+(which corresponds to Android 9), while FOS has [just been ported to
+Android 7](https://forum.fairphone.com/t/investing-in-long-lasting-design-android-7-for-the-fairphone-2/44728) (see the [errata](https://forum.fairphone.com/t/android-7-update-most-annoying-bugs-faq-etc/45706)). See also [Android version
+history](https://en.wikipedia.org/wiki/Android_version_history) for the larger context.
+
+There are [more OSes ported to the FP2](https://forum.fairphone.com/t/operating-systems-for-fairphones/11425/1) including Ubuntu Touch and
+Sailfish.

explain when the unlocking was ordered
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index 9b5bc452..c09b4c03 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1106,8 +1106,8 @@ Quora](https://www.quora.com/What-is-a-Sim-Network-Unlock-Pin?share=1)) and [unl
 video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
 
 As of 2019-02-26T11:50:00EST, no mail had arrived from
-canadaunlocking.com. They claim to be able to unlock the phone within
-"5-90 minutes".
+canadaunlocking.com. Paypal payment was confirmed on 11:39:26EST. They
+claim to be able to unlock the phone within "5-90 minutes".
 
 Future work
 ===========

commandé le fairphone
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 3dc271f3..52bf873c 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -134,6 +134,12 @@ sont mauvais sur XDA...
 Ceci dit, j'ai découvert que le FP2 est possiblement en vente au
 Canada (voir ci-bas) et j'ai fait une [demande](https://forum.fairphone.com/t/buying-a-fairphone-2-in-canada/48483) pour un usagé.
 
+Update: j'ai acheté un Fairphone 2 chez Ecosto, pour 543.24$CAD. Je
+m'attends à ce que les délais de livraison soient assez long: leur
+estimé de packaging est de 2-4 semaines et la livraison de 6-14 jours,
+donc ça devrait prendre entre 3 et 6 semaines, digne des commandes
+chez dx.com et compagnie...
+
 Fairphone 2
 -----------
 

update: worked on that stupid htc one S phone again
diff --git a/hardware/phone/htc-one-s.mdwn b/hardware/phone/htc-one-s.mdwn
index e7a56271..9b5bc452 100644
--- a/hardware/phone/htc-one-s.mdwn
+++ b/hardware/phone/htc-one-s.mdwn
@@ -1051,6 +1051,64 @@ Note that I have had better experience with the `fdroidserver` package, but it
 still depends on the Android APK to do anything, so I could only do
 some formatting and cleanup on the pull request.
 
+Update: back from the dead
+==========================
+
+Update: this is back from the dead! I was able to restore wifi
+somehow. The reset procedure was simple, as detailed below:
+
+    sudo fastboot devices
+    sudo adb reboot recovery
+    sudo adb sideload cm-12.1-20160822-NIGHTLY-ville.zip
+    unzip cm-12.1-20160822-NIGHTLY-ville.zip boot.img
+    sudo fastboot flash boot boot.img
+
+Not sure why I couldn't make this work last I tried. Now, of course,
+I'm running an old version of Android that's probably
+insecure. There's no way around this: the last "mod" that supported
+this phone is Cyanogenmod and that project has died, replaced with
+[LineageOS](https://lineageos.org/) which barely supports *any* HTC device whatsoever. But
+it beats having no phone at all.
+
+I've found nice ways of copying data between the two phones:
+
+ 1. anikdroid: syncs easily with central server
+ 2. antenna pod: syncs with gpodder, but better export/import database
+    through syncthing
+ 3. dSub, lichess, Nextcloud, Wallabag, Linphone and VoIP.SMS all need
+    to have their passwords re-set which is annoying, although the
+    latter two are relevant only for "non-GSM" phones
+ 4. OSMand also doesn't have such a good import/export story - all
+    those little settings need to be redone by hand if there's no
+    backup
+ 5. Signal is, of course, a [frigging catastrophe](https://community.signalusers.org/t/i-lost-my-phone-or-changing-the-master-device-in-signal/1200) as well
+ 6. apps list: f-droid has a very nice interface to install "nearby"
+    apps - the "app list" is totally useless in comparison, as the
+    "HTML list" version is unusable as the formatting is broken
+ 7. syncthing takes care of the rest, namely installing Signal from
+    the [APK URL](https://signal.org/android/apk/), my Stellarium backup and so on. it also useful
+    for "copy-pasting" (so to speak) passwords around instead of
+    tapping those stupid strings out
+ 8. contacts can be backed up with nextcloud on one device and
+    restored on the other fairly easily
+
+Only problem is the Transit app is not compatible with this older
+Android release.
+
+Another problem is the phone is actually locked to Telus, so I had to
+do the stupid "network unlock" dance. There are many sites doing this
+online, so I picked some random one ([canadaunlocking.com](https://canadaunlocking.com/), found
+in a startpage search for "android sim unlock") and paid them 10$USD
+via Paypal for some semblance of security. Worst thing is they have my
+IMEI number mapped to my Paypal account I guess and/or they steal my
+money. Other such sites include [unlockradar.com](and they se) ([suggested by
+Quora](https://www.quora.com/What-is-a-Sim-Network-Unlock-Pin?share=1)) and [unlockriver.com](http://unlockriver.com/) (found in [this youtube
+video](https://www.youtube.com/watch?v=nN0ey_XfFwA)).
+
+As of 2019-02-26T11:50:00EST, no mail had arrived from
+canadaunlocking.com. They claim to be able to unlock the phone within
+"5-90 minutes".
+
 Future work
 ===========
 

creating tag page tag/disk
diff --git a/tag/disk.mdwn b/tag/disk.mdwn
new file mode 100644
index 00000000..d5388be6
--- /dev/null
+++ b/tag/disk.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged disk"]]
+
+[[!inline pages="tagged(disk)" actions="no" archive="yes"
+feedshow=10]]

new article
diff --git a/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn b/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn
new file mode 100644
index 00000000..4f1ffc10
--- /dev/null
+++ b/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn
@@ -0,0 +1,217 @@
+[[!meta title="New large hard drive and 8-year old server anniversary"]]
+
+It's the "installation birthday" of my home server on February 22nd:
+
+    /etc/cron.daily/installation-birthday:
+
+                      0   0
+                      |   |
+                  ____|___|____
+               0  |~ ~ ~ ~ ~ ~|   0
+               |  |           |   |
+            ___|__|___________|___|__
+            |/\/\/\/\/\/\/\/\/\/\/\/|
+        0   |       H a p p y       |   0
+        |   |/\/\/\/\/\/\/\/\/\/\/\/|   |
+       _|___|_______________________|___|__
+      |/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/|
+      |                                   |
+      |         B i r t h d a y! ! !      |
+      | ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ |
+      |___________________________________|
+
+    Congratulations, your Debian system "marcos" was installed
+    8 year(s) ago today!
+
+    Best wishes,
+
+    Your local system administrator
+
+I can't believe this machine I built 8 years ago has been running
+continuously all that time. That is far, far beyond the usual 3 or 5
+year depreciation period set in most organizations. It goes to show
+how *some* hardware can be reliable in the long term.
+
+I bought yet another new drive to deal with my ever-increasing disk
+use. I got a [Seagate IronWolf 8TB ST8000VN0022][] at Canada Computers
+(CC) for 290$CAD. I also bought a new enclosure as well, a
+[transparent Orico enclosure][] which is kind of neat. I previously
+bought [this thing][] instead,  it was really hard to fit the hard
+drive in because the bottom was mis-aligned: you had to lift the drive
+slightly to fit it in the SATA connector. Even the salesman at CC
+couldn't figure it out. The new enclosure is a bit better, but also
+doesn't quite close correctly when a hard drive is present.
+
+# Compatibility and reliability
+
+[Seagate IronWolf 8TB ST8000VN0022]: https://www.seagate.com/www-content/product-content/ironwolf/en-us/docs/100807039b.pdf
+
+The first 8TB drive I got last week was [DOA][] (no, not [that
+DOA][]): it was "clicking" and wasn't detected by the kernel. CC took
+it back without questions, after they were able to plug it into
+*something*. I'm not sure that's a good sign for the reliability of
+that drive, but I have another running in a backup server and it has
+worked well so far.
+
+[that DOA]: https://en.wikipedia.org/wiki/D.O.A._(band)
+[DOA]: https://en.wikipedia.org/wiki/Dead_on_arrival
+[this thing]: https://www.canadacomputers.com/product_info.php?cPath=14_203&item_id=100730
+[transparent Orico enclosure]: https://www.canadacomputers.com/product_info.php?cPath=14_203&item_id=108319
+[Seagate IronWolf 8TB ]: https://www.canadacomputers.com/product_info.php?cPath=15_1086_210_212&item_id=100889
+
+I was happily surprised to see the new drive works with my old [Asus
+P5G410-M motherboard][]. My previous attempt at connecting this huge
+drive into older equipment failed in a strange way: when connected in
+a Thermaltake USB-SATA dock, it would only be recognized as 4TB. I
+don't remember if I tried to connect it inside the server, but I do
+remember connecting it to [[hardware/curie]] instead which was kind of
+a mess. So I'm quite happy to see the drive works even on an old SATA
+controller, a testament to the backwards-compatibility requirements of
+the standard.
+
+[Asus P5G410-M motherboard]: https://www.asus.com/Motherboards/P5G41M/specifications/
+
+# Setup
+
+Of course, I used a GUID Partition Table [GPT][] because [MBR][]
+(Master Boot Record) partition tables are limited to 2TiB. I have
+learned about `parted --align optimal` to silence the warnings when
+creating the device:
+
+    parted /dev/sdc mklabel gpt
+    parted -a optimal /dev/sdc mkpart primary 0% 8MB
+    parted -a optimal /dev/sdc mkpart primary 8MB 100%
+
+I have come to like to call `parted` without going into its
+shell. It's clean and easy to copy paste. It also makes me wonder why
+the Debian installer bothers with that complicated partition editor
+after all...
+
+[MBR]: https://en.wikipedia.org/wiki/Master_boot_record
+[GPT]: https://en.wikipedia.org/wiki/GUID_Partition_Table
+
+I have encrypted the drive using Debian stretch's LUKS default, but I
+have given special attention to the filesystem settings, given the
+drive is so big. Here's the commandline I ended using:
+
+    mkfs -t ext4 -j -T largefile -i 65536 -m 1 /dev/mapper/8tb_crypt
+
+Here are the details of each bit:
+
+ * `ext4` - I still don't trust BTRFS enough, and I don't need the
+   extra features
+
+ * `-j` - journaling, probably default, but just in case
+
+ * `-T largefile` - this is where things get interesting. the [mkfs
+   manpage][] says that `-b -1` is supposed to tweak the block size
+   according to the filesystem size, but `mkfs` refuses to parse this,
+   so I had to use the `-T` setting. but it turns out that didn't
+   change the block size anyways, which is still at the eternal 4KiB
+
+ * `-i 65536` ("64 KiB per inode" ratio) - the default mkfs setting
+   would have allowed for around five hundred million (488 281 250)
+   inodes on this disk. given that I have less than a million files to
+   store on there so far, that seemed totally overkill, so I bumped it
+   up.
+
+ * `-m ` - don't reserve as much space for root, as default (5%) would
+   have reserved 400GB. 1% is still too big (80GB), but I can reclaim
+   the space later with `tune2fs -m 0.001 /dev/mapper/8tb_crypt`. it
+   gives me a good "heads up" before it's time to change the drive
+   again. besides, it's not possible to pass lower, non-zero values to
+   mkfs, strangely
+
+[mkfs manpage]: https://manpages.debian.org/mkfs
+
+# Benchmarks
+
+I performed a few benchmarks. It looks like the disk can easily
+saturate the SATA bus, which is limited to 150MB/s (1.5Gbit/s
+unencoded):
+
+    root@marcos:~# dd bs=1M count=512 conv=fdatasync if=/dev/zero of=/mnt/testfile
+    512+0 enregistrements lus
+    512+0 enregistrements écrits
+    536870912 bytes (537 MB, 512 MiB) copied, 3,4296 s, 157 MB/s
+    root@marcos:~# dd bs=1M count=512 if=/mnt/testfile of=/dev/null
+    512+0 enregistrements lus
+    512+0 enregistrements écrits
+    536870912 bytes (537 MB, 512 MiB) copied, 0,367484 s, 1,5 GB/s
+    root@marcos:~# hdparm -Tt /dev/sdc
+
+    /dev/sdc:
+     Timing cached reads:   2514 MB in  2.00 seconds = 1257.62 MB/sec
+     Timing buffered disk reads: 660 MB in  3.00 seconds = 219.98 MB/sec
+
+A SMART test succeeded after 20 hours. Transferring the files over
+from the older disk took even longer: at 3.5TiB used, it's quite a lot
+of data and the older disk does not yield the same performance as the
+new one. `rsync` seems to show numbers between 40 and 50MB/s (or
+MiB/s?), which means the entire transfer takes more than a day to
+complete.
+
+I have considered setting up the new drive as a degraded RAID-1 array
+to facilitate those transfers but it doesn't seem to be worth the
+trouble: this will yield warnings in a few place, adds some overhead
+(including scrubbing, for example) and might make me freak out for
+nothing in the future. This is a single drive, and will probably stay
+that way for the foreseeable future.
+
+The sync is therefore made with good old `rsync`:
+
+    rsync -aAvP /srv/ /mnt/
+
+Some more elaborate tests performed with `fio` also show that random
+read/write performance is somewhat poor (<1MB/s):
+
+    root@marcos:/srv# fio --name=stressant --group_reporting --directory=test --size=100M --readwrite=randrw --direct=1 --numjobs=4
+    stressant: (g=0): rw=randrw, bs=4K-4K/4K-4K/4K-4K, ioengine=psync, iodepth=1
+    ...
+    fio-2.16
+    Starting 4 processes
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    stressant: Laying out IO file(s) (1 file(s) / 100MB)
+    Jobs: 2 (f=2): [_(2),m(2)] [99.4% done] [1097KB/1305KB/0KB /s] [274/326/0 iops] [eta 00m:02s]
+    stressant: (groupid=0, jobs=4): err= 0: pid=10161: Mon Feb 25 12:51:21 2019
+      read : io=205352KB, bw=586756B/s, iops=143, runt=358378msec
+        clat (usec): min=145, max=367185, avg=23237.22, stdev=24300.33
+         lat (usec): min=145, max=367186, avg=23238.42, stdev=24300.31
+        clat percentiles (usec):
+         |  1.00th=[  450],  5.00th=[ 3792], 10.00th=[ 6816], 20.00th=[ 9408],
+         | 30.00th=[12608], 40.00th=[14912], 50.00th=[17280], 60.00th=[19328],
+         | 70.00th=[22656], 80.00th=[27264], 90.00th=[46848], 95.00th=[69120],
+         | 99.00th=[123392], 99.50th=[148480], 99.90th=[238592], 99.95th=[272384],
+         | 99.99th=[329728]
+      write: io=204248KB, bw=583601B/s, iops=142, runt=358378msec
+        clat (usec): min=164, max=322970, avg=4646.01, stdev=10840.13
+         lat (usec): min=165, max=322971, avg=4647.36, stdev=10840.16
+        clat percentiles (usec):
+         |  1.00th=[  195],  5.00th=[  227], 10.00th=[  251], 20.00th=[  310],
+         | 30.00th=[  378], 40.00th=[  494], 50.00th=[  596], 60.00th=[ 2832],
+         | 70.00th=[ 6176], 80.00th=[ 8896], 90.00th=[12480], 95.00th=[15552],

(Diff truncated)
add mandatory protocol file, specifying a version just for kicks
diff --git a/.well-known/openpgpkey/policy b/.well-known/openpgpkey/policy
new file mode 100644
index 00000000..e925bd36
--- /dev/null
+++ b/.well-known/openpgpkey/policy
@@ -0,0 +1 @@
+protocol-version: 7

switch to WKD to publish my OpenPGP key
diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile
new file mode 100644
index 00000000..370059b5
--- /dev/null
+++ b/.well-known/openpgpkey/Makefile
@@ -0,0 +1,6 @@
+.PHONY: hu
+
+ADDRESS=anarcat@debian.org
+
+hu:
+	generate-openpgpkey-hu-3 --address $(ADDRESS) --exist-ok
diff --git a/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe
new file mode 100644
index 00000000..65ce1bb2
Binary files /dev/null and b/.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe differ
diff --git a/contact.mdwn b/contact.mdwn
index 6e78df80..031b399d 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -20,9 +20,9 @@ The best way to reach me is by email, use the address:
 
 [anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
 
-You can also encrypt your messages with this
-[[PGP key|pubkey.asc]]. Note that I
-[[changed key|pgp_transition.txt]] in 2009.
+You can also encrypt your messages with this [PGP key](.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe), also
+available on key servers and the [Web Key Discover protocol](https://keyserver.mattrude.com/guides/web-key-directory/)
+(WKD). Note that I [changed key](pgp_transition.txt) in 2009.
 
 Blog articles accept comments, but are subjected to moderation and
 anti-spam filtering.
diff --git a/pubkey.asc b/pubkey.asc
deleted file mode 100644
index 5e5aeae2..00000000
--- a/pubkey.asc
+++ /dev/null
@@ -1,218 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBEogKJ4BEADHRk8dXcT3VmnEZQQdiAaNw8pmnoRG2QkoAvv42q9Ua+DRVe/y
-AEUd03EOXbMJl++YKWpVuzSFr7IlZ+/lJHOCqDeSsBD6LKBSx/7uH2EOIDizGwfZ
-NF3u7X+gVBMy2V7rTClDJM1eT9QuLMfMakpZkIe2PpGE4g5zbGZixn9er+wEmzk2
-mt20RImMeLK3jyd6vPb1/Ph9+bTEuEXi6/WDxJ6+b5peWydKOdY1tSbkWZgdi+Bu
-p72DLUGZATE3+Ju5+rFXtb/1/po5dZirhaSRZjZA6sQhyFM/ZhIj92mUM8JJrhke
-AC0iJejn4SW8ps2NoPm0kAfVu6apgVACaNmFb4nBAb2k1KWru+UMQnV+VxDVdxhp
-V628Tn9+8oDg6c+dO3RCCmw+nUUPjeGU0k19S6fNIbNPRlElS31QGL4H0IazZqnE
-+kw6ojn4Q44h8u7iOfpeanVumtp0lJs6dE2nRw0EdAlt535iQbxHIOy2x5m9IdJ6
-q1wWFFQDskG+ybN2Qy7SZMQtjjOqM+CmdeAnQGVwxowSDPbHfFpYeCEb+Wzya337
-Jy9yJwkfa+V7e7Lkv9/OysEsV4hJrOh8YXu9a4qBWZvZHnIO7zRbz7cqVBKmdrL2
-iGqpEUv/x5onjNQwpjSVX5S+ZRBZTzah0w186IpXVxsU8dSk0yeQskblrwARAQAB
-tCNBbnRvaW5lIEJlYXVwcsOpIDxhbmFyY2F0QGFuYXJjLmF0PokCVAQTAQgAPgIb
-AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5kFGwEitUPu3khUlJ7dZIe
-BQJazWjGBQkS1vYoAAoJEHkhUlJ7dZIepK8P+gJCwRKwKoXAzVtwyHR8H6YbM2gw
-RU/OrDMOqYF53NMPgsPkYvR8kUXL0PZtHdJdNQdTc8J2tQdxkZrlUwgpILvktEkT
-R9dwlip8jJ0ucIg9X10ICyACM4XuW+kNuUCPs3PrSVicrSX7iAyopSZoueQF4VaA
-s+HwSUjYA1n4oGnBmnblWi59CepCM1yAJPLIQjvs/qq2Iuz2cOpsajEAyCsklNgj
-/irO8a8PxcKN5u7TiWmC7IKB850USi9cIi7wg4XjdRE5nPSkjToKwS5ejMfpm/LZ
-0tQ4BepBp8+cq/T33lps1m0Kc2rkwCp4BVnWq/e6ve/wevl58L94A9jQF/I4nMqL
-+7al+hXDu5Ejwb7sEbo509cIj9i+Qpze/nQ++am3tDxCs2kmeX1wwdvq3QKDtTHy
-mYSn/ByVz33UuThfV23B4xghz7L2K4OqmO2B2o5WqdDIFx88kDFLJrAsT+DNzo1d
-JFKI46etVJbg8fV7B6PX4Y9iAqy1s/2IBLJ9VtT75v7fhrDdwhCRbl6OaahxvnZc
-vtWIv//QF/xoJ+l6iFF/631bUijqWK0inAoVXSjrQs8CILV5byhfPHlJOjSm37k0
-kvHkhpKNNM7d/IB9HOYCGB98esGcOWJp+OE+vkK0Wn2nVQiFC0S1ncSXPyibngOx
-mqXdw31bW38TtM5FtCZBbnRvaW5lIEJlYXVwcsOpIDxhbmFyY2F0QGtvdW1iaXQu
-b3JnPokCVAQTAQgAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5k
-FGwEitUPu3khUlJ7dZIeBQJazWjIBQkS1vYoAAoJEHkhUlJ7dZIeNsMP/jOq7Dz0
-QouK+XfIGQd5y8c8DPipx45KTGPDt9YW7q55MC7+7YBZ/pgk0B5NWErtzxQP00O2
-chk2EZ48iF5QW4pO9J4ZYIBgf+u4KQ2GnikjrtpotdVtwkAKnzFmH29Y1kzqnGjf
-/qStLmvip2xcMWgTPNHZWjNZD7vEmIsswgHnQis55NldlfB/qqvAF+4LAAtJY6hj
-GsJuxJ/0KtkKKGat9+NNNWmPtGhVlAB1xWQSULSJdUghFZRuebVSW9d6jK3dcYMo
-7XN8cdziDQ6E9pnkr1qOJ0dP20pf80P+DlizzD7ywWxqeSZz+bzHA4xCqW0CACeh
-WftXtmLSXRITh/EL4BK17U1wfT1361siuH3Gr93RJKGloa4HJsQQ8q1un2EHsTUL
-aoioG05xXu/ykCr/dPZTcoj5dQoLN1SG0CKxzALBpkodsE1uHy1EFPYRGWmolZcq
-ozzElKwIzqemRyRzbUNCPLPQotZfPtjs0hYIIwfQtGUwIEttZrXf2zF/A9yJankf
-bpvpR+WjdZDVdmAsZNsfbeq5sc8EOKCmPe6/4IpNL44cI1yS8CTlUa0MKcdf417r
-HEISPAn0PcFUi5LVsngekRbWenkK3jWMQ1iM0uvmI24yLmzNbbOoc9U4mGBoIk1x
-saXqfJUKBIeMNtP1EpLXiGUxLJ9A4UxssUCctCpBbnRvaW5lIEJlYXVwcsOpIDxh
-bmFyY2F0QG9yYW5nZXNlZWRzLm9yZz6JAlQEEwEIAD4CGwMFCwkIBwMFFQoJCAsF
-FgIDAQACHgECF4AWIQSNyQHOZBRsBIrVD7t5IVJSe3WSHgUCWs1oyAUJEtb2KAAK
-CRB5IVJSe3WSHh+DEACzlorp/RzyaI2QPOgxxqUBIiLK6V2KEEjDpTWe7VUWZpe7
-i50otpbxFTfHqz0dh7LFsgUyj2VybpOk759oxKpZ/wRJx6+G47NLW1PEV3NfBJDh
-xQvt5DCcUjRYcgSkqCgfQzK9ZOqqsZKXX5vgI6p+4G17y64jvxFTW+wnHjyDOw1n
-zOwlLRGtHXOScVzKrZycZ/GUH6z6IjywxK5SYZI0hUw5JO2HL4tjE6TA4dZsrq4U
-RVmJnrw8Y1rg/dqeMU4iPOaD/UNtQ5bcMSKWPnVkD+F8K6OoiUVCsGYLGFfVweEJ
-5KtCNJhGRj1D17uhC3QX7oxhTE6Czf1DYNPNzbQpsgLipo43QU806muhUbaYnpqF
-l5D/IWZDiG2Jmx6SH+4A1B2JiIc2j0K8+jwfQOmzLSlOIdpGfDgEReTno2FXSal3
-+r1HHAnMHPxTzfJFGYcJazZ07buosbHhpcd0Exx3yi1cbJE8Y/dREezNH5jwovM+
-6vGbZWHEJ8wN+ZeB9zhLybwa6CnyXLU8dnFG3ZQ9SW0mgo0f4a1MabLJk0ljLyBo
-m+DdzAt+yRQfnbTnraM9XZS6zDVY5Uq6YuK6EtCQvx6q8obypGYApJRSs04/gM8Q
-LTLyuv7b18f+OltYPzJcclZ1u/gOm3RJm8WnfYdUMMTnoifq4efwQUNopKnRq7Ql
-QW50b2luZSBCZWF1cHLDqSA8YW5hcmNhdEBkZWJpYW4ub3JnPokCVAQTAQgAPgIb
-AwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBI3JAc5kFGwEitUPu3khUlJ7dZIe
-BQJazWjIBQkS1vYoAAoJEHkhUlJ7dZIe3IUP/3G/keDpoV5OwBct1K3TLNMAZSIC
-cy4Nh+NT6/XQZlsT2FtSZn3zESsw9IaHE/4nUJOW2C6WcJo85h/obDsnsEGl9KfC
-t84jXMeJZQg3o3O26dRLDNZQVSO8iliNzHX6/V8NYtWulZ/x9Hqthhg8HcM9Tor7
-uKuQbNSE5M8SzsNH4cb9aSeKeIqMoOY2OS41eTS4uHyaogCBRpnnj+AAhuv7eUeU
-wzrfkQkzPtq/2y0O6L7Ce8K9u0BPL4ywBFe6zqBafeevTo1kCCLf+95Af42nl/bW
-lbAyCnFPegEkPWqj74wSqFQMHrkYx+er2FykPoI0WYaunq1LZlolk/v95+U5WsNr
-f7uwz7UmyDKADM69x7DTFUEZ1PoExPM1Zo+w5RTXFqfWR5uroKJhw5UkGhYrqg1T
-RSeqbB14DLWnQFZYztdVgTDqDM5g0PJpaA1+COMH5PpyhdRg1UfWET32LZDpbnqx
-6ntiq/AfHQeHp+Ibugu/PO/qD8T+kAs3GVXDzJd+rS8quxLekkKiiQp1S5ZIzCsI
-Tp2fVOqIgTszjlVy/ypGUkLnbDQE/tu22faaksdd6jpzgbupbZUOPSPaywUUVOEA
-jb+EwZPFQWIAzbbTflGY8L10leez1X0HYfcC95hRSEobdBlK9iWtS/7grN/o85RT
-iuuQgoul178m+VnotC1BbnRvaW5lIEJlYXVwcsOpICh3b3JrKSA8YW5hcmNhdEBr
-b3VtYml0Lm9yZz6JAjYEMAEIACAFAlPOcNsZHSByZW1vdmluZyBjb21tZW50IGZp
-ZWxkcwAKCRB5IVJSe3WSHvC/D/sH8ak9X0dom7HTDWyDb9fO4g95jP4MOOGuTL2I
-P7SPn3OoXZtAVaHihgvp+6H7Z0C4S+JiNL8XagcZmv7xZ6cbXyfCWAU6JEd6rTDo
-ZUYC8KJ69eExBZOp2AQMPEM4H3tZ4MV635k1ahwW4aLWXzbyWCzkFBLSBpeOoLn5
-5aa1aQhzlmhCjQhTh158AUlEiCqCB2DllQfCJ0Q5C3dpzIWkDWoMZ3Hgw9Yg+rrL
-p2oFRkijmRFoYmBB9hoP/LgLzhXZCQujhFBmL7FHSWxG07V98PEJK9NZ/xVLf+zw
-J4IDIHI0hrBDkS1Gd82lp7UK7kICZ9ognB2L8m3ObACzg1+9cOsqRLiedjsvGTxT
-sARpgFbzRhB97fuudZG1pK0PWqexIWzsmMzNlm/q+aCj+rYZVg6L+gnIs85bHqh5
-vhW71SfhbljYJBJVNcxJF+2pOtaE71TqvNbICK4UIiCubUtts9ydL/fMHmpternc
-ftxzqT0rSWI3rhywRb6ZiY9OVrbIQ+A0UPcJf5yozEpLyK57eK3U5MNMvtuI5JKs
-On1eZOV30df+70mWVgniTpL4m6Qb5kEVDhFRjk6X2PW2CzwCLGQvfaNI6NwHB0bT
-Dpxhva+pSKyTzwKn7w8L026QGs1NAufaNTZRbPiBSgJ3QIkSR/zN5ubzmoJLovGk
-GdAGNLQuQW50b2luZSBCZWF1cHLDqSAoRGViaWFuKSA8YW5hcmNhdEBkZWJpYW4u
-b3JnPokCNgQwAQgAIAUCU85w3RkdIHJlbW92aW5nIGNvbW1lbnQgZmllbGRzAAoJ
-EHkhUlJ7dZIeXEQP/RXsCNGrjNHcp7pRApNmi1fq9W2xZmy8rrQcCiGoy1pTHOpD
-ixx2vBUtn1W/tscdYiBi8+zWn+rr4+2QqIkRUIrfRK5e+qwHA0bf+YHJvEqVZU1+
-ythNKGzZ+OVezglWsWvCGyE3+4GxSJobCLnwwTLl9UVntYxMwnqJ9octslNAzc9y
-DBhhH77RYUpR/umURv/UH2uszkYu/dPPZ8v5FyfxyY+sbz4un6F3HAgMD8EEwC3K
-X0+E4vGBZkKjsxbLDWC89yAtCOMPEoairhRxFPF5zBnjxxvjLLSceLkZuskAPxe7
-eSHuc8DhOYVjlkg47kp1LmVvIO889ZYlmQyxoEY7PFrv5fqu1uLUdyIHJztSHAOx
-fpb0Hs22prs3iXHIFZXEaifzh3GCXgUrcyrpI8ZITt7bSwHUliHqT2B3OcPASQip
-XWMBBU9wXRBGuHTtOv4HHB7TVblNr4PEbfEJeqttQpQxGK3hrP7jx4XJk17H8VuN
-Iv75+sGZxAVdumOe5a1YFHlShs12t5BLlEzDomDgg0cVQNeTRwPy3zcJ/zNEA8cr
-7bSspkjPBo5Oy9EcLlhOjbI6gUuEmFU0QrfzVrrE2k837FpkxxEYlal8/0hsCOCf
-/mJ9K+0WQnc40c002GCRXQbEBc22XhQX1Ongiz7aHsTNHpVzb7TT2mz11KMCtDhB
-bnRvaW5lIEJlYXVwcsOpIChob21lIGFkZHJlc3MpIDxhbmFyY2F0QGFuYXJjYXQu
-YXRoLmN4PokCNgQwAQgAIAUCU85w3RkdIHJlbW92aW5nIGNvbW1lbnQgZmllbGRz
-AAoJEHkhUlJ7dZIeuvsQALv5rpGEI39KvmQHPrW8Y8ycN+03b1EeCTsGo/OS8wHh
-j8EmCno2HXVPVjauU4dpusEzvQHsiKqIkpknq0heA/oTkUxSrBLz8hRrmL3XN87S
-tNBOVFNkqAgAr2eoIdi2xpm3TAMqsUUj6jjM4K2JOjduIPSvcpfg43vrAo/Y54W4
-rINbhTOyCjRjQkqUhPL7bvVJvAlmpluKSDdS+ON5xEWR38g3loGkCZQvjBdSB4hh
-vaxp49MGanVTwIHzI9RSrb+UtYHM3H0G5a4+AgiVYGuwqIJZc15hI3Vz+cxPoFJ2
-haetoKT9rTwnqxZxknW+JnldH2V7KuyEMvWs5Jo3i8qSFfLCwG1jW3LGuILDBNtc
-+QiMxy7NdOZpP3Lex9bqQ6p7io6FfNK7RN/kbeUyQNvIzLu6RpB0EkMmI2XDtalZ
-cOZ1TUmQ4gP941HQBBjp/uDAUlkoa4/HIFxRwBTDnPspkG19HLub6QDs5/AB3/55
-CGS9pBHrU2EsPQ9cLwzb+zfQmJi2vC2IzcVrbwVcTRpAluHo8kUVlgTHpnbwXOHr
-r40FRuKgex7TREBK1OyAn1gYdQUFVhau+SjdcAz9zEVI8aj23Umu4oTVYVOjcx2f
-lzZCcdzyG6nzd3JQVWm3gpK3TgWo8eC/hNa7s5aIs7ThTofGXh+d5bUtcZx+FbJ5
-uQENBFAGwRgBCADTtdA/YZOdYY35bKWKokkHkXTklnwWKbAMWbcgGaaDbPEMl+0w
-Am75WoBRUF/ZetwbQQ1SlNsbqymeFp2LiwbwU3xFmw7v/TAJrYJxIPEV8fjApIIa
-o7PWzz0o8na+Ocz6w2qKWc1CJkryLT/t/JcUnPsFzlp/nYkOyrS0BqdkNwj9/hSO
-8zB1uaErrtc+TeiUO/Cu6oJ81LR1Rk0sRnHNBQv85W7ORVna+38LENQk05dQLuOx
-yf2c+TbZMJrA2d6VeZwX2hER52N23qOfyAs45f0LQOqmyk8y1BcnRykrmVlsVVgV
-JSBFKDRj6lMPLFrEUG0R5+p15m+W8833VpHnABEBAAGJAh8EGAEIAAkCGyAFAlAG
-53UACgkQeSFSUnt1kh6IexAAsxdz/64hu2YW66drIuVBgvvTcr9YBraZ4DDo5UKX
-ewNJgfLc1nB85uXmbzSVKvAB++LnqmogRE3wRlOH4A004O/i+JOtGQhf1SG6yPFk
-VWBpqvwhJeFiGcYqvw+K9XwuFhoYEP8ngpq8/SSaivH7IAVV2rSYsWfeEw4B+gS6
-bkdOiOAt9RTSyn4QVqIKvnPmOTb60I1tZTUbinEWMifu45m+6f7qqc1oadk9Ic40
-NTHEaiO9liYmq0s3l19BBUSRETlBAvJ7caAiucqHGgYeqgVfXR3Gpy+L+DBvF29g
-7XDxtXgXa8BG0AMVmxO5Ey+UH0gUpJ6azoeAFe4+U5O2q8pi+8tlLXHoLQBHXeoB
-vncZVakeC1kfZT8EzcgwtmpkzRcI5bkFRxMXx6rQqoolWM+m0cVJb95j03bK2Ao7
-S94soo3ofsgWnEoLjXvkILu3pdbmGznOcC1QINxiFDdsDfRyF3CBC6wyo1jRquHu
-qsSYx1ZVc9qHgUsi7A6NIFJ7ZWDozt+4+jn0rmkKvfbiUr+mmlfy5yCAkjjvjWif
-eMbDOkSN7o7VWEsav4WnKRChyuAvGH5kvYNCMYF9+s/H57Isehx3KmLKFLjY3bPA
-EdPUNnATbRR7eQ1B7kr7Q354uEXcW2iD39SpGvyQ4BcIGS3kNS4/m1i7SlbKoVoi
-kwW5AQ0EUAijnwEIALsJjr5pMuWTp6mXX5MrrAhoeDV9qB4R+YoWCf5ii/7aUoUi
-E1GRxbOdBVzJWJWYLuJpmQQh6LWA/37SWux2F7C1MGO+QM3FHXxog5EmyIf3kUWM
-Ui4nQdCOszWM7GJeFBnTEuWeEWTHFryP2XnYdO62lhRTrd7eW9jQIG6qHtC2Qfe6
-fuJPoRqoxHfjIVrbKbflqDy6AxtzMHCdMMlifeqkvyAq7Dcmcin6p1JBvWwZ0twL
-gk3TYTb8hjuLDyXMz3FVpvUiC96YInBLQL8G30uyaELL0AylpUVoBiN6mB0GlKog
-xr/xVyhU6uF0lZ8hzt8u236eM3WqiOw+a6GyvWcAEQEAAYkCHwQYAQgACQUCUAij
-nwIbIAAKCRB5IVJSe3WSHkPXD/4sBuRegkO6GUZeXgZv+lf2gvq2yMJWTdYWuyGD
-GGcxygWNEHupGbtzDW8OgGNr4Uj/NOYxscVvvDRley9b5iHatSqDbkaeMHkjvth/
-G6y3pby4aY9KP4q2llKRotF5i1Cz1fb8XqD3ebcB1+evUnBKX0PkAoZxhSxEJ8VM
-jWgnrK9Jg6mvKlwk6KcgqOzMMmx5UkeiNdZa4GL96waH6y9JF6f7n6BtrX7z3GUE
-DdQWOT+sVUknhptNwzOYfhYnBWqR45Ic2IXfd0u0l8BRqGaPQ895oF1CDw6fmMMg
-F4VQvg1gabQqRMBjZxqtTyUkzINCuCm2SylrgMuuzeXQMCFHcL9G/DNpjwe+rUCz
-JCZO9M0RsC9YEP5zFdsXBLr/rBM1BEvlu3JTOhfos1BMJnWXwNXS+KmGUxW2By+K
-t9LpbG0LeITzImgesdZNA/Ar2a6qH00jg77BqmYQEJYaxVm2SPvcljgeEoh78iI7
-5RYt4atcT7wYaIH3ajD1q44Sg4K/G0x5iVM19oYQakC3q5uARgzZpDfP8aFWWMBZ
-zQ9s97vlnBS6yla3j/U6Zs5WoQvftISffU1HOm2y6XJs14Mss2XseeFwB4w2H8bm
-HSwKRJkpKCISS505yANMjFBfIwF6CLa/5B3mKUxc7wB97IufuV8ZLvy6eHFnrj7k
-a1M+urkBDQRQDuHnAQgAyu2f3s3RGkGG64wXDVTfvFZCKxk3H+sJAwwATeNMd8LS
-QaNM6vQE4x/99dj+xC0B59Q9KcrCG2a9EBfPmPqBHsMYd+l31W+R0Wf/MdoIY91X
-tYbbo9vSlaqwZYjScIloxdeI8hrHMrXsQSo3NVvESFGfSZNYj6T6ryb2T6V/eu3K
-tJAYZA9pOw2kzgDmEDFxoGMqv/kyrvSGBrrDl/Q0Eq9Llbwpi+bgFX+so05ArdnT
-gX/GnwvSYO5tFwAotzABdlfKT67OqTUlf0FpkVMKgjAj7pBIczAVd4TnXTbW16x0
-W8U1XyZT2rgKomN+IDZVeQDu5Bxgh0RK+CG4w5ahzwARAQABiQJnBCgBCABRFiEE
-jckBzmQUbASK1Q+7eSFSUnt1kh4FAlh8Il0zHQNhdXRoZW50aWNhdGlvbiBrZXkg
-ZnJvbSBrb3VtYml0LCBub3QgdXNlZCBhbnltb3JlAAoJEHkhUlJ7dZIecxcP/RUQ
-d6uNQ71leKZgA7WHYyHl0OaTblEdJ+BWlEfadOjw2aWtb+cfeV15Z9YkKbm/8tBV
-5UgbNRfvz+M4M7ftzdf4CRMp5539aZC5z2D2vgJJmuebaai3KAP3g03H7JSL5Oc+
-8oGhoMPmR/U83c8oy/WjEHw+vK0jIqAwrZKm/35pc7IQxTE4CMpXG0snXbp4xU/K
-PZkUfN8Qseg3XK3SHyjPnHdB2iuXQNpO8TVXJz3x18kRkH0NFjwTrJu0fgbp/VOV
-oJd7auMs6+Gfprcka/TzDPKxaLQ7UtViiqrctidkspNMtj8wWvnjmuiUR8jvUATe
-DC9MwpmTD2ct/CiWUepNbCRXmfV7119S1hHIJic57dEEUhLzJ8+UL/LgdbWFjkq4
-J0pNiUVnB+kWh23tMaBTeDpxq2Ne/w02eZUry8qrrjpRX2x69Cvx1Qttap6pBhbC
-QiX5l2gFn9+qo0EfTcdZCkutBD1VR0S667nLc52rfDboyf8dcI81wcm96rySB8EZ
-UwD36Vtmol/1/4xn64E4+8PellLlF0DFZ9u/RSh46xvfmBp97zWRudfSNRb2u/Yf
-COUtdrZ+Atu8H5otxHpFN0yKVibXVzieAzeTWndMxwztrIag6IEzWbl6OwMyGAC3
-sbJs3RwVb+9PyC6UbJZmLfpPM4PnNFHgXeHCaXXbiQIfBBgBCAAJBQJQDuHnAhsg
-AAoJEHkhUlJ7dZIexD0P/1jWAJNK5sWWCpZzLhTBcIsju5FcjozKaOXL3suCnv67
-/b32VsYD1jXDR2BkiJ6xAdOv1u1aaAitaEOaq+YeF3f1zRM004BK9giDfStwZxyu
-yu4zMNWwayXEh3Zn7LZSy8spS8gKNqcped1xQcWb1O01uumQj4JvBnJrQYk1xpIj

(Diff truncated)

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .