Recent changes to this wiki. Not to be confused with my history.

Complete source to the wiki is available on gitweb or by cloning this site.

another keyboard to add to the pile
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 52fc1929..d814b9c3 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -83,6 +83,21 @@ The [CODE keyboard](http://codekeyboards.com/) is also made by WASD but has spec
  * no windows logo!
  * 147$USD
 
+Happy Hacker Keyboard
+---------------------
+
+The [HHKB](https://hhkeyboard.us/) is interesting because it goes back to the old "[Sun
+type 3](http://blog.daveastels.com.s3-website-us-west-2.amazonaws.com/2014/12/27/type-3-keyboard.html)" keyboard layout, where the control key is next to the `A`
+key, in place of caps lock. I found this through the [TMK keyboard
+firmware](https://github.com/tmk/tmk_keyboard) project, which features open source firmware for a bunch
+of keyboards, including the HHKB (which, out of the box, is
+unfortunately *not* open).
+
+Their keyboards have weird features like variable actuation points and
+"capacitive switches".
+
+260$USD.
+
 Das Keyboard
 ------------
 

more issues in buster
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index 38c9c2ec..8668e16f 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -149,7 +149,9 @@ Those are packages that are only available in sid or stretch:
      <del>transition failure, probably just needs a punt</del> fixed
    * [[!debpkg torbrowser-launcher]]: was deliberately removed from
      buster, future unclear ([[!debbug 926042]])
-   * [[!debpkg wireguard]]: see above
+   * [[!debpkg virtualbox]]: same ([[!debbug 794466]])
+   * [[!debpkg wireguard]]: same ([[!debbug 849308]])
+   * [[!debpkg xawtv-tools]]: [[!debbug 916114]](
    * [xen](https://tracker.debian.org/pkg/xen): <del>newer in
      stretch</del> fixed ([[!debbug 907835]]!!)
    * [[!debpkg zotero-standalone]] - replaced by a Flatpak, see [the
@@ -263,6 +265,13 @@ The fix was to remove those diversions and reinstall the package:
     dpkg-divert --remove /usr/share/alsa/alsa.conf.d/50-pulseaudio.conf
     apt install --reinstall libasound2-plugins
 
+### Electrum
+
+[Electrum](http://electrum.org/) was [removed from Debian](https://tracker.debian.org/news/1006129/electrum-removed-from-testing/) because of a [serious
+security issue](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921688). I don't have anything in my wallet anymore, but
+it's possible that people send money there, unfortunately. I should
+probably figure a way out of there.
+
 Resolved
 --------
 

mention the secret keyring
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 68b2ce04..722d14af 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -194,7 +194,10 @@ find. Those with the long key ID are those that I could not find on
 the keyservers, for whatever reason. This takes a surprisingly long
 time: neither `gpg --list-packets` or `pgpdump` shows the key
 fingerprint, and I need a much more costly `--show-key` to get the
-actual key fingerprint.)
+actual key fingerprint. I also have a copy of the above keys, in
+flooded version, for testing purposes if people are interested in
+doing research and optimization for them. I won't link to them here to
+avoid confusion.)
 
 How to check for flooded keys
 -----------------------------

expand the list of vulnerable keys from brinkmann
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index f3c59222..68b2ce04 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -74,7 +74,8 @@ well:
     [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
 
  3. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
-    use the custom patch shipped in Debian experimental, see [Debian bug #930665](https://bugs.debian.org/930665))
+    use the custom patch shipped in Debian testing and unstable, see
+    [Debian bug #930665](https://bugs.debian.org/930665) and [bug #932684](https://bugs.debian.org/932684) for stable)
 
  4. `keys.openpgp.org` [does not currently receive updates from the SKS
     pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org
@@ -166,20 +167,34 @@ obviously not work as you probably don't want to delete your own
 key. [Daniel Lange's Cleaning a broken GNUpg (gpg) key](https://daniel-lange.com/archives/159-Cleaning-a-broken-GNUpg-gpg-key.html) article has
 an excellent tutorial on how to deal with that situation, fortunately.
 
-Known vulnerable keys
----------------------
-
-The keys known to be affected by such an attack are, at the time of
-writing:
-
- * Robert J. Hansen: `CC11 BE7C BBED 77B1 20F3 7B01 1DCB DC01 B444 27C7`
- * [Daniel Kahn Gillmor](https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/sr4so3py756t9p5ktpud9menxx1m3g5b): `C4BC 2DDB 38CC E964 85EB  E9C2 F206 9117 9038 E5C6`
- * [Tor Browser Developers (signing key)](https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf): `EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290`
-
-I have linked to a canonical, non-flooded version of the key when
-available on the web. Those are [now](https://trac.torproject.org/projects/tor/ticket/31168) available through WKD, as are
-any `debian.org` and `torproject.org` keys. The [Tor browser
-documentation](https://support.torproject.org/tbb/how-to-verify-signature/) has been updated to follow those instructions.
+Known flooded keys
+------------------
+
+At the time of writing, the keys known to be affected by such an
+attack are, according to [Marcus Brinkmann](https://twitter.com/lambdafu/status/1147216425276325889/photo/1):
+
+ * Yegor Timoshenko (SKS Exploit, 174612 sigs): `EC18 257D B217 46FC 7110  54BE B19C 61D6 1333 360C`
+ * Robert J. Hansen (GnuPG, 149113 sigs): `CC11 BE7C BBED 77B1 20F3 7B01 1DCB DC01 B444 27C7`
+ * Phil Zimmermann (PGP author, 101023 sigs): `055F C78F 1121 9349 2C4F  37AF C746 3639 B2D7 795E`
+ * [Tor Browser Developers (Tor, 100245 sigs)](https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf): `EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290`
+ * Patrick Brunschwig (Enigmail, 100145 sigs): `4F9F 89F5 505A C1D1 A260 631C DB11 87B9 DD5F 693B`
+ * Ryan McGinnis (GnuPG-Users 100001 sigs): `5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD`
+ * Micah Lee (Intercept, 84650 sigs): `927F 419D 7EC8 2C2F 149C  1BD1 403C 2657 CD99 4F73`
+ * [Daniel Kahn Gillmor](https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/sr4so3py756t9p5ktpud9menxx1m3g5b) (Debian, 54616 sigs): `C4BC 2DDB 38CC E964 85EB  E9C2 F206 9117 9038 E5C6`
+ * Patrick Brunschwig (Enigmail, 51343 sigs): `6D67 E781 7D58 8BEA 263F 41B9 EE81 92A6 E443 D6D8`
+ * Lance Cottrell (Mixmaster, 34390 sigs): `33D5 1B56 2195 3173 AB74 B521 BDCA 9F8E 3A6C 1785`
+
+I have linked to a canonical, non-flooded version of the key when I
+found one on the web. Keys on `debian.org` and `torproject.org` are
+[now](https://trac.torproject.org/projects/tor/ticket/31168) available through WKD. The [Tor browser documentation](https://support.torproject.org/tbb/how-to-verify-signature/) has
+been updated to follow those instructions.
+
+(Note that I added the full fingerprint for the keys I could
+find. Those with the long key ID are those that I could not find on
+the keyservers, for whatever reason. This takes a surprisingly long
+time: neither `gpg --list-packets` or `pgpdump` shows the key
+fingerprint, and I need a much more costly `--show-key` to get the
+actual key fingerprint.)
 
 How to check for flooded keys
 -----------------------------

corrections from dkg
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 4b8eba33..f3c59222 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -56,7 +56,8 @@ The first action should only be used in the short term, to give
 yourself time to evaluate your options. It should mitigate the
 problem, but it will mean you will not update your keyring for
 precious revocation certificates users post when their key is
-compromised. It's therefore not an acceptable solution in any way.
+compromised. It's therefore not an acceptable long-term solution in
+any way.
 
 The second action mitigates the problem, but has several downsides as
 well:
@@ -64,9 +65,9 @@ well:
  1. `keys.openpgp.org` does not store UIDs unless they are verified and
     asked for explicitly (workaround: keys can be shipped in-band with
     [Autocrypt](https://autocrypt.org/) or found through other mechanisms like [WKD, Web Key
-    Discovery](https://wiki.gnupg.org/WKD))
+    Directory](https://wiki.gnupg.org/WKD))
 
- 2. `keys.openpgp.org` does not store UID certifications at all, which means it
+ 2. `keys.openpgp.org` does not store third-party UID certifications at all, which means it
     doesn't propagate the "web of trust" (workaround: same as above,
     and you should send signed keys by email anyways to verify
     ownership of the UID, using tools like [caff](https://www.palfrader.org/code/#caff), [pius](https://phildev.net/pius/),
@@ -206,4 +207,11 @@ trouble in all OpenPGP implementations. Thankfully, both pgpdump and
 GnuPG are able to walk the packets fast enough to parse the raw form,
 it's when they are loaded in memory by GnuPG that things go south...
 
+Credits
+-------
+
+A million thanks to Daniel Kahn Gillmor for the incredible work he's
+done bringing sense in the GnuPG upstream but also in reviewing my
+many writings over the years, and of course particularly this one.
+
 [[!tag pgp documentation security news]]

another reference
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 3fb558a0..4b8eba33 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -21,6 +21,7 @@ workflows.
 > * [Gentoo: Impact of SKS keyserver poisoning on Gentoo](https://www.gentoo.org/news/2019/07/03/sks-key-poisoning.html)
 > * [Michał Górny: SKS poisoning, keys.openpgp.org / Hagrid and other
 >   non-solutions](https://blogs.gentoo.org/mgorny/2019/07/04/sks-poisoning-keys-openpgp-org-hagrid-and-other-non-solutions/)
+> * [Julien Voisin: Cleaning up your gpg keyring after the SKS debacle](https://dustri.org/b/cleaning-up-your-gpg-keyring-after-the-sks-debacle.html)
 
 Since the Tor project uses OpenPGP and GnuPG extensively in its
 operations, I figured it was important to let the community know of an

rewrite key parser without gpg, and mention alternatives to GnuPG
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 894c07f5..3fb558a0 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -120,6 +120,29 @@ key](https://dev.gnupg.org/T4591) has been marked as fixed, even though the fix
 ignore all signatures from the keyservers, which is hardly a fix at
 all...
 
+I have high hopes that [sequoia](https://gitlab.com/sequoia-pgp/sequoia) eventually replaces GnuPG as the
+canonical OpenPGP implementation. It has already grown by leaps and
+bounds and seems to have a much better approach to solving the various
+problems:
+
+ 1. it's a library, not only an executable
+ 2. it has a sane commandline interface
+ 3. it's written in a somewhat safer language (Rust)
+
+The downsides?
+
+ 1. it's [not packaged in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929385)
+ 2. it's written in an unusual and fast moving language (Rust)
+ 3. it doesn't have support for smartcard readers and key cards like
+    the Yubikey
+
+I'm sometimes using sequoia through the [Docker image I built](https://gitlab.com/sequoia-pgp/sequoia/merge_requests/157) but
+I am still using GnuPG on a day to day basis.
+
+I did write some [scripts](https://gitlab.com/anarcat/scripts/blob/master/openpgp-key-get) to work around some problems in dirmngr
+as well. Finally, [hOpenPGP](https://salsa.debian.org/clint/hOpenPGP) has some interesting Haskell tools to
+process OpenPGP packets, along with [pgpdump](https://www.mew.org/~kazu/proj/pgpdump/en/).
+
 Recovering from a damaged keyring
 ---------------------------------
 
@@ -163,17 +186,23 @@ To check if your key is affected *without* importing it into your
 keyring, you can use the following command:
 
     FINGERPRINT=0x8DC901CE64146C048AD50FBB792152527B75921E # for example mine
-    KEYSERVER="http://pool.sks-keyservers.net/"
-    URL="$KEYSERVER/pks/lookup?op=get&search=$FINGERPRINT&options=mr&fingerprint=on&exact=on" 
-    curl -sSL "$URL"| gpg --list-packets |  grep -c '^:signature packet:'
+    curl --cacert /usr/share/gnupg/sks-keyservers.netCA.pem -sSL "http://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=$FINGERPRINT&options=mr&fingerprint=on&exact=on" \
+        | pgpdump | grep -E -c '^(Old|New): Signature Packet'
+
+This counts the number of signatures on your key. The key part
+(`pgpdump | grep -E -c '^(Old|New): Signature Packet'`) can be used to
+check any keyring or blob, so it can also be used on your own keyring,
+in `~/.gnupg/pubring.gpg`.
+
+If you do not have `pgpdump` installed, the equivalent in GnuPG would
+be:
 
-This counts the number of signatures on your key. The key part (`gpg
---list-packets |  grep -c '^:signature packet:'`) can be used to check
-any keyring or blob, so it can also be used on your own keyring, in
-`~/.gnupg/pubring.gpg`.
+    gpg --list-packets |  grep -c '^:signature packet:'
 
 A reasonable number is less or around a thousand. dkg's key has now
 around 55 000 signatures on his key, which (naturally) causes some
-trouble in all OpenPGP implementations.
+trouble in all OpenPGP implementations. Thankfully, both pgpdump and
+GnuPG are able to walk the packets fast enough to parse the raw form,
+it's when they are loaded in memory by GnuPG that things go south...
 
 [[!tag pgp documentation security news]]

fix broken markup
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index d829efa5..894c07f5 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -72,8 +72,7 @@ well:
     [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
 
  3. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
-    use the custom patch shipped in Debian experimental, see [Debian bug
-    #930665](https://bugs.debian.org/930665))
+    use the custom patch shipped in Debian experimental, see [Debian bug #930665](https://bugs.debian.org/930665))
 
  4. `keys.openpgp.org` [does not currently receive updates from the SKS
     pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org

add toc, fix list
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
index 67ec3569..d829efa5 100644
--- a/blog/2019-07-30-pgp-flooding-attacks.mdwn
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -1,5 +1,7 @@
 [[!meta title="OpenPGP flooding attack mitigations"]]
 
+[[!toc levels=2]]
+
 TL;DR: stop using keyservers, they're dangerous, at least with
 GnuPG. Start deploying WKD and consider replacing GnuPG in your
 workflows.
@@ -58,22 +60,22 @@ compromised. It's therefore not an acceptable solution in any way.
 The second action mitigates the problem, but has several downsides as
 well:
 
- a. `keys.openpgp.org` does not store UIDs unless they are verified and
+ 1. `keys.openpgp.org` does not store UIDs unless they are verified and
     asked for explicitly (workaround: keys can be shipped in-band with
     [Autocrypt](https://autocrypt.org/) or found through other mechanisms like [WKD, Web Key
     Discovery](https://wiki.gnupg.org/WKD))
 
- b. `keys.openpgp.org` does not store UID certifications at all, which means it
+ 2. `keys.openpgp.org` does not store UID certifications at all, which means it
     doesn't propagate the "web of trust" (workaround: same as above,
     and you should send signed keys by email anyways to verify
     ownership of the UID, using tools like [caff](https://www.palfrader.org/code/#caff), [pius](https://phildev.net/pius/),
     [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
 
- c. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
+ 3. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
     use the custom patch shipped in Debian experimental, see [Debian bug
     #930665](https://bugs.debian.org/930665))
 
- d. `keys.openpgp.org` [does not currently receive updates from the SKS
+ 4. `keys.openpgp.org` [does not currently receive updates from the SKS
     pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org
     directly as well as the SKS pool)
 

new blog post: more PGP madness
diff --git a/blog/2019-07-30-pgp-flooding-attacks.mdwn b/blog/2019-07-30-pgp-flooding-attacks.mdwn
new file mode 100644
index 00000000..67ec3569
--- /dev/null
+++ b/blog/2019-07-30-pgp-flooding-attacks.mdwn
@@ -0,0 +1,178 @@
+[[!meta title="OpenPGP flooding attack mitigations"]]
+
+TL;DR: stop using keyservers, they're dangerous, at least with
+GnuPG. Start deploying WKD and consider replacing GnuPG in your
+workflows.
+
+> This blog post was originally [posted to the tor-project mailing
+> list](https://lists.torproject.org/pipermail/tor-project/2019-June/002377.html). It has been edited to take new information into account. A
+> few other people wrote about this problem since my first email, see
+> also:
+>
+> * [Daniel Kahn Gillmor: OpenPGP Certificate Flooding](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.mdwn.html)
+> * [Daniel Kahn Gillmor: Community Impact of OpenPGP Certificate Flooding](https://dkg.fifthhorseman.net/blog/community-impact-openpgp-cert-flooding.html)
+> * [Robert J. Hansen: SKS Keyserver Network Attack: Consequences](https://gist.github.com/rjhansen/f716c3ff4a7068b50f2d8896e54e4b7e)
+> * [Daniel Lange: Cleaning a broken GNUpg (gpg) key](https://daniel-lange.com/archives/159-Cleaning-a-broken-GNUpg-gpg-key.html)
+> * [Jake Edge: OpenPGP certificate flooding](https://lwn.net/Articles/792366/)
+> * [Filippo Valsorda: Cryptography Dispatches: Hello World, and
+>   OpenPGP Is Broken](https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-hello-world-and-openpgp/)
+> * [Gentoo: Impact of SKS keyserver poisoning on Gentoo](https://www.gentoo.org/news/2019/07/03/sks-key-poisoning.html)
+> * [Michał Górny: SKS poisoning, keys.openpgp.org / Hagrid and other
+>   non-solutions](https://blogs.gentoo.org/mgorny/2019/07/04/sks-poisoning-keys-openpgp-org-hagrid-and-other-non-solutions/)
+
+Since the Tor project uses OpenPGP and GnuPG extensively in its
+operations, I figured it was important to let the community know of an
+ongoing attack against the keyserver infrastructure and GnuPG. The
+longer story is available on [dkg's blog](https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html), but a summary is that at
+least two prominent OpenPGP users have seen their public key flooded
+with thousands of signatures, to the point where their keys are now
+completely unusable.
+
+Note that a *different* attack was fielded against the
+`deb.torproject.org` Debian archive signing key, [back in
+February](https://lists.torproject.org/pipermail/tor-project/2019-February/002194.html). The key was signed by a key with a large UID which made
+GPG's life harder. It's a different attack, but that can be mitigated
+in similar ways. The good key is still available [on the archive site
+itself](https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc).
+
+Mitigation strategies
+---------------------
+
+I recommend you consider taking the following immediate actions, either:
+
+ 1. in the short term, disable automated key refreshes on your keyring
+    (either [Parcimonie](https://gaffer.boum.org/intrigeri/code/parcimonie/) or manual scripts calling `gpg --refresh`
+    in some other way), or;
+
+ 2. switch to the new keys.openpgp.org keyserver, by setting the
+    following in your `gpg.conf`:
+
+        keyserver hkps://keys.openpgp.org/
+
+The first action should only be used in the short term, to give
+yourself time to evaluate your options. It should mitigate the
+problem, but it will mean you will not update your keyring for
+precious revocation certificates users post when their key is
+compromised. It's therefore not an acceptable solution in any way.
+
+The second action mitigates the problem, but has several downsides as
+well:
+
+ a. `keys.openpgp.org` does not store UIDs unless they are verified and
+    asked for explicitly (workaround: keys can be shipped in-band with
+    [Autocrypt](https://autocrypt.org/) or found through other mechanisms like [WKD, Web Key
+    Discovery](https://wiki.gnupg.org/WKD))
+
+ b. `keys.openpgp.org` does not store UID certifications at all, which means it
+    doesn't propagate the "web of trust" (workaround: same as above,
+    and you should send signed keys by email anyways to verify
+    ownership of the UID, using tools like [caff](https://www.palfrader.org/code/#caff), [pius](https://phildev.net/pius/),
+    [gnome-keysign](https://github.com/gnome-keysign/gnome-keysign/) or [monkeysign](https://monkeysign.readthedocs.io/))
+
+ c. GnuPG cannot read refresh keys from keys.openpgp.org (workaround:
+    use the custom patch shipped in Debian experimental, see [Debian bug
+    #930665](https://bugs.debian.org/930665))
+
+ d. `keys.openpgp.org` [does not currently receive updates from the SKS
+    pool](https://gitlab.com/hagrid-keyserver/hagrid/issues/113) (workaround: upload key updates to keys.openpgp.org
+    directly as well as the SKS pool)
+
+Note that `keys.openpgp.org` has been seeded with the global SKS keyserver
+datastore, so it contains all the keys you would expect to be present on
+the latter, except they are sanitized to avoid this problem. The UID
+are also "hidden" from public view until validated by the user.
+
+I encourage users to:
+
+ 1. upload their keys to the `keys.openpgp.org` keyserver if they are
+    not already present
+
+ 2. validate their email address on `keys.openpgp.org`
+
+ 3. either switch to `keys.openpgp.org` by default or carefully
+    review their key update configuration to make sure it is not
+    vulnerable to this attack
+
+ 4. make sure your own keys are not affected by this problem (see
+    below)
+
+Discussion on mitigations in GnuPG itself
+-----------------------------------------
+
+GnuPG [released a new version (2.2.17)](https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html) that supposedly address
+those issues. Unfortunately, the workaround ("Ignore all
+key-signatures received from keyservers") has the same limitation as
+switching to `keys.openpgp.org`, in that it ignores UID
+signatures. The change has already been [reverted in Arch Linux](https://bugs.archlinux.org/task/63147) is
+it broke their authentication chain.
+
+The underlying problem is that GPG has serious performance flaws in
+its implementation, with certain lookups taking O(N^2) where N is the
+number of signatures (or keys?). OpenPGP packets are basically a list
+of blobs, but GnuPG also represents those internally (and on disk) as
+a linked list as well, which has obvious performance limitations.
+
+[Patches have been submitted](https://dev.gnupg.org/T4592) to fix this particular performance
+problem, but have yet to find their way in an official release, for
+some inexplicable reason. The [original bug reported by dkg about his
+key](https://dev.gnupg.org/T4591) has been marked as fixed, even though the fix is actually to
+ignore all signatures from the keyservers, which is hardly a fix at
+all...
+
+Recovering from a damaged keyring
+---------------------------------
+
+If you have fetched an hostile key and GnuPG has become unusable, you
+can recover by deleting the key with:
+
+    gpg --delete-key C4BC2DDB38CCE96485EBE9C2F20691179038E5C6
+
+Note that this may take anywhere from 20 minutes to an hour.
+
+And then fetch dkg's key via WKD:
+
+    gpg --locate-keys dkg@fifthhorseman.net
+
+or his website, <https://dkg.fifthhorseman.net/dkg-openpgp.key>.
+
+If *your* key is the one that has been damaged, the above will
+obviously not work as you probably don't want to delete your own
+key. [Daniel Lange's Cleaning a broken GNUpg (gpg) key](https://daniel-lange.com/archives/159-Cleaning-a-broken-GNUpg-gpg-key.html) article has
+an excellent tutorial on how to deal with that situation, fortunately.
+
+Known vulnerable keys
+---------------------
+
+The keys known to be affected by such an attack are, at the time of
+writing:
+
+ * Robert J. Hansen: `CC11 BE7C BBED 77B1 20F3 7B01 1DCB DC01 B444 27C7`
+ * [Daniel Kahn Gillmor](https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/sr4so3py756t9p5ktpud9menxx1m3g5b): `C4BC 2DDB 38CC E964 85EB  E9C2 F206 9117 9038 E5C6`
+ * [Tor Browser Developers (signing key)](https://openpgpkey.torproject.org/.well-known/openpgpkey/torproject.org/hu/kounek7zrdx745qydx6p59t9mqjpuhdf): `EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290`
+
+I have linked to a canonical, non-flooded version of the key when
+available on the web. Those are [now](https://trac.torproject.org/projects/tor/ticket/31168) available through WKD, as are
+any `debian.org` and `torproject.org` keys. The [Tor browser
+documentation](https://support.torproject.org/tbb/how-to-verify-signature/) has been updated to follow those instructions.
+
+How to check for flooded keys
+-----------------------------
+
+To check if your key is affected *without* importing it into your
+keyring, you can use the following command:
+
+    FINGERPRINT=0x8DC901CE64146C048AD50FBB792152527B75921E # for example mine
+    KEYSERVER="http://pool.sks-keyservers.net/"
+    URL="$KEYSERVER/pks/lookup?op=get&search=$FINGERPRINT&options=mr&fingerprint=on&exact=on" 
+    curl -sSL "$URL"| gpg --list-packets |  grep -c '^:signature packet:'
+
+This counts the number of signatures on your key. The key part (`gpg
+--list-packets |  grep -c '^:signature packet:'`) can be used to check
+any keyring or blob, so it can also be used on your own keyring, in
+`~/.gnupg/pubring.gpg`.
+
+A reasonable number is less or around a thousand. dkg's key has now
+around 55 000 signatures on his key, which (naturally) causes some
+trouble in all OpenPGP implementations.
+
+[[!tag pgp documentation security news]]

pinebook pro now available
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 9e371237..30986b1b 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -118,7 +118,8 @@ https://www.pine64.org/?page_id=3707
 
 First version is apparently too slow for day-to-day usage (and RAM is
 just ludicrously small), but it's cheap. A new one should [come out in
-2019](https://www.omgubuntu.co.uk/2019/01/pinebook-pro-linux-laptop-coming-soon) but alas still with only 4GB RAM.
+2019](https://www.omgubuntu.co.uk/2019/01/pinebook-pro-linux-laptop-coming-soon) but alas still with only 4GB RAM. Update: [Pinebook 64 pro
+now pre-order](https://store.pine64.org/?product=14-pinebook-pro-linux-laptop) (august 2019).
 
 Pyra
 ----

removed
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
deleted file mode 100644
index 11d6c88f..00000000
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="90s floral dress"
- url="http://www.cpbetas.com/90s-floral-dress-dressh"
- subject="90s floral dress"
- date="2019-07-26T23:36:50Z"
- content="""
-<a href=\"http://www.kinkfresno.com/floral-dress-women-knee-length-dressh\">floral dress women knee length</a> <a href=\"http://www.modconsol.com/floral-off-shoulder-maxi-dress-dressh\">floral off shoulder maxi dress</a> <a href=\"http://www.portlandsarl.com/adrianna-papell-plus-elbow-sleeve-floral-dress-dressh\">adrianna papell plus elbow sleeve floral dress</a> <a href=\"http://www.qdoritsharon.com/blue-floral-dress-cap-sleeve-dressh\">blue floral dress cap sleeve</a> <a href=\"http://www.sandyshands.com/coast-floral-dress-2013-dressh\">coast floral dress 2013</a> <a href=\"http://www.shehutrans.com/floral-dresses-by-vesper-dressh\">floral dresses by vesper</a>
-"""]]

removed
diff --git a/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment b/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
deleted file mode 100644
index 6a8cac62..00000000
--- a/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="yumi neon floral dress"
- url="http://www.rimsanmakine.com/yumi-neon-floral-dress-dressh"
- subject="yumi neon floral dress"
- date="2019-07-26T20:06:40Z"
- content="""
-<a href=\"http://www.weissewelt.com/red-herring-blue-floral-dress-dressh\">red herring blue floral dress</a> <a href=\"http://www.wileyhyundai.com/navy-blue-floral-dresses-dressh\">navy blue floral dresses</a> <a href=\"http://www.ariehonders.com/phase-eight-violet-vintage-floral-dress-dressh\">phase eight violet vintage floral dress</a> <a href=\"http://www.axxisdrilling.com/how-to-wear-a-floral-dress-at-night-dressh\">how to wear a floral dress at night</a> <a href=\"http://www.edannaturals.com/basler-three-quarter-sleeve-ruched-floral-print-dress-dressh\">basler three quarter sleeve ruched floral print dress</a> <a href=\"http://www.instabitgram.com/floral-dresses-midi-length-dressh\">floral dresses midi length</a>
-"""]]

removed
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
deleted file mode 100644
index 83175203..00000000
--- a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="torrid floral chiffon dress"
- url="http://www.vtrvideo.com/torrid-floral-chiffon-dress-dressh"
- subject="torrid floral chiffon dress"
- date="2019-07-26T23:36:06Z"
- content="""
-<a href=\"http://www.carlandcodys.com/orleans-navy-and-white-floral-dress-dressh\">orleans navy and white floral dress</a> <a href=\"http://www.creftech.com/ebay-midi-floral-dresses-dressh\">ebay midi floral dresses</a> <a href=\"http://www.desksergeant.com/floral-dresses-tall-dressh\">floral dresses tall</a> <a href=\"http://www.fromuser.com/flower-print-dress-2015-dressh\">flower print dress 2015</a> <a href=\"http://www.giorgiocarusi.com/ralph-lauren-floral-dress-dressh\">ralph lauren floral dress</a> <a href=\"http://www.jserrahockey.com/floral-print-prom-dresses-under-200-dressh\">floral print prom dresses under 200</a>
-"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment b/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
deleted file mode 100644
index ab3d4e41..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="cheap flower girl dresses in uk"
- url="http://www.chocopictures.com/cheap-flower-girl-dresses-in-uk-dressh"
- subject="cheap flower girl dresses in uk"
- date="2019-07-27T04:34:26Z"
- content="""
-<a href=\"http://www.eisenhards.com/zara-blue-floral-dress-ebay-dressh\">zara blue floral dress ebay</a> <a href=\"http://www.essodustade.com/floral-dress-buy-dressh\">floral dress buy</a> <a href=\"http://www.frugstore.com/macy-s-inc-floral-dress-dressh\">macy s inc floral dress</a> <a href=\"http://www.partyhubuk.com/flower-boy-dress-designs-dressh\">flower boy dress designs</a> <a href=\"http://www.prohaarklinik.com/navy-and-pale-pink-floral-dress-dressh\">navy and pale pink floral dress</a> <a href=\"http://www.unclicprod.com/dorothy-perkins-pink-floral-pencil-dress-dressh\">dorothy perkins pink floral pencil dress</a>
-"""]]

removed
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
deleted file mode 100644
index 3ba1e2f7..00000000
--- a/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
+++ /dev/null
@@ -1,9 +0,0 @@
-[[!comment format=mdwn
- ip="36.248.162.84"
- claimedauthor="warehouse blue flower dress"
- url="http://www.hardingmarcom.com/warehouse-blue-flower-dress-dressh"
- subject="warehouse blue flower dress"
- date="2019-07-27T04:23:50Z"
- content="""
-<a href=\"http://www.vaccinebuynet.com/long-floral-boho-dresses-dressh\">long floral boho dresses</a> <a href=\"http://www.akivla.com/lipsy-floral-dress-ebay-dressh\">lipsy floral dress ebay</a> <a href=\"http://www.dastforoush.com/lipsy-long-sleeve-floral-bodycon-dress-dressh\">lipsy long sleeve floral bodycon dress</a> <a href=\"http://www.kleenexformen.com/black-floral-dresses-with-sleeves-dressh\">black floral dresses with sleeves</a> <a href=\"http://www.koreazp.com/multi-floral-occasion-dress-dressh\">multi floral occasion dress</a> <a href=\"http://www.mgazamusic.com/3-4-sleeve-white-floral-dress-dressh\">3 4 sleeve white floral dress</a>
-"""]]

Added a comment: cheap flower girl dresses in uk
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment b/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
new file mode 100644
index 00000000..ab3d4e41
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_6_0931e07f800dcb55b33cddd83734a5c7._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="cheap flower girl dresses in uk"
+ url="http://www.chocopictures.com/cheap-flower-girl-dresses-in-uk-dressh"
+ subject="cheap flower girl dresses in uk"
+ date="2019-07-27T04:34:26Z"
+ content="""
+<a href=\"http://www.eisenhards.com/zara-blue-floral-dress-ebay-dressh\">zara blue floral dress ebay</a> <a href=\"http://www.essodustade.com/floral-dress-buy-dressh\">floral dress buy</a> <a href=\"http://www.frugstore.com/macy-s-inc-floral-dress-dressh\">macy s inc floral dress</a> <a href=\"http://www.partyhubuk.com/flower-boy-dress-designs-dressh\">flower boy dress designs</a> <a href=\"http://www.prohaarklinik.com/navy-and-pale-pink-floral-dress-dressh\">navy and pale pink floral dress</a> <a href=\"http://www.unclicprod.com/dorothy-perkins-pink-floral-pencil-dress-dressh\">dorothy perkins pink floral pencil dress</a>
+"""]]

Added a comment: warehouse blue flower dress
diff --git a/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment b/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
new file mode 100644
index 00000000..3ba1e2f7
--- /dev/null
+++ b/blog/2018-04-12-terminal-emulators-1/comment_5_f7c6c7a65804b4a77907dfe40d446f01._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="warehouse blue flower dress"
+ url="http://www.hardingmarcom.com/warehouse-blue-flower-dress-dressh"
+ subject="warehouse blue flower dress"
+ date="2019-07-27T04:23:50Z"
+ content="""
+<a href=\"http://www.vaccinebuynet.com/long-floral-boho-dresses-dressh\">long floral boho dresses</a> <a href=\"http://www.akivla.com/lipsy-floral-dress-ebay-dressh\">lipsy floral dress ebay</a> <a href=\"http://www.dastforoush.com/lipsy-long-sleeve-floral-bodycon-dress-dressh\">lipsy long sleeve floral bodycon dress</a> <a href=\"http://www.kleenexformen.com/black-floral-dresses-with-sleeves-dressh\">black floral dresses with sleeves</a> <a href=\"http://www.koreazp.com/multi-floral-occasion-dress-dressh\">multi floral occasion dress</a> <a href=\"http://www.mgazamusic.com/3-4-sleeve-white-floral-dress-dressh\">3 4 sleeve white floral dress</a>
+"""]]

Added a comment: 90s floral dress
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
new file mode 100644
index 00000000..11d6c88f
--- /dev/null
+++ b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_19_b7a488adc978e7022b7b31f755823a4c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="90s floral dress"
+ url="http://www.cpbetas.com/90s-floral-dress-dressh"
+ subject="90s floral dress"
+ date="2019-07-26T23:36:50Z"
+ content="""
+<a href=\"http://www.kinkfresno.com/floral-dress-women-knee-length-dressh\">floral dress women knee length</a> <a href=\"http://www.modconsol.com/floral-off-shoulder-maxi-dress-dressh\">floral off shoulder maxi dress</a> <a href=\"http://www.portlandsarl.com/adrianna-papell-plus-elbow-sleeve-floral-dress-dressh\">adrianna papell plus elbow sleeve floral dress</a> <a href=\"http://www.qdoritsharon.com/blue-floral-dress-cap-sleeve-dressh\">blue floral dress cap sleeve</a> <a href=\"http://www.sandyshands.com/coast-floral-dress-2013-dressh\">coast floral dress 2013</a> <a href=\"http://www.shehutrans.com/floral-dresses-by-vesper-dressh\">floral dresses by vesper</a>
+"""]]

Added a comment: torrid floral chiffon dress
diff --git a/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
new file mode 100644
index 00000000..83175203
--- /dev/null
+++ b/blog/2005-11-23-comment-la-tunisie-censure-linternet/comment_18_44bcfcdbf52af7994af20abdbb4dc61f._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="torrid floral chiffon dress"
+ url="http://www.vtrvideo.com/torrid-floral-chiffon-dress-dressh"
+ subject="torrid floral chiffon dress"
+ date="2019-07-26T23:36:06Z"
+ content="""
+<a href=\"http://www.carlandcodys.com/orleans-navy-and-white-floral-dress-dressh\">orleans navy and white floral dress</a> <a href=\"http://www.creftech.com/ebay-midi-floral-dresses-dressh\">ebay midi floral dresses</a> <a href=\"http://www.desksergeant.com/floral-dresses-tall-dressh\">floral dresses tall</a> <a href=\"http://www.fromuser.com/flower-print-dress-2015-dressh\">flower print dress 2015</a> <a href=\"http://www.giorgiocarusi.com/ralph-lauren-floral-dress-dressh\">ralph lauren floral dress</a> <a href=\"http://www.jserrahockey.com/floral-print-prom-dresses-under-200-dressh\">floral print prom dresses under 200</a>
+"""]]

Added a comment: yumi neon floral dress
diff --git a/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment b/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
new file mode 100644
index 00000000..6a8cac62
--- /dev/null
+++ b/blog/2005-11-25-une-marche-dans-la-neige-et-essayer-flickr/comment_1_6eadda936ee9db4d5b2be4e33a51d13c._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ ip="36.248.162.84"
+ claimedauthor="yumi neon floral dress"
+ url="http://www.rimsanmakine.com/yumi-neon-floral-dress-dressh"
+ subject="yumi neon floral dress"
+ date="2019-07-26T20:06:40Z"
+ content="""
+<a href=\"http://www.weissewelt.com/red-herring-blue-floral-dress-dressh\">red herring blue floral dress</a> <a href=\"http://www.wileyhyundai.com/navy-blue-floral-dresses-dressh\">navy blue floral dresses</a> <a href=\"http://www.ariehonders.com/phase-eight-violet-vintage-floral-dress-dressh\">phase eight violet vintage floral dress</a> <a href=\"http://www.axxisdrilling.com/how-to-wear-a-floral-dress-at-night-dressh\">how to wear a floral dress at night</a> <a href=\"http://www.edannaturals.com/basler-three-quarter-sleeve-ruched-floral-print-dress-dressh\">basler three quarter sleeve ruched floral print dress</a> <a href=\"http://www.instabitgram.com/floral-dresses-midi-length-dressh\">floral dresses midi length</a>
+"""]]

one more todo
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 28fca6fc..3f388862 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -149,6 +149,7 @@ the gist of it is we need to implement:
  * `\[[link]]` and `\[[link|parser]]`, hard because we need to figure
    out pagespec? maybe [links and crossferences](https://gohugo.io/content-management/cross-references/) could save us, or
    maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls)
+ * incidentally, backslashed stuff like the above link stuff for example
  * table of contents could be a problem: Hugo only has [support
    through templates](https://gohugo.io/content-management/toc/#usage), not markup (or maybe shortcode would work?)
  * img directives (maybe [this works](https://gohugo.io/content-management/image-processing/)

try to fix markup
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 3e85448f..28fca6fc 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -146,7 +146,7 @@ the gist of it is we need to implement:
  * meta (in progress)
  * foo/ and foo.mdwn rename to foo/_index.mdwn (see also [page
    bundles](https://gohugo.io/content-management/page-bundles/) and [content organization](https://gohugo.io/content-management/organization/))
- * `[[link]]` and `[[link|parser]]`, hard because we need to figure
+ * `\[[link]]` and `\[[link|parser]]`, hard because we need to figure
    out pagespec? maybe [links and crossferences](https://gohugo.io/content-management/cross-references/) could save us, or
    maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls)
  * table of contents could be a problem: Hugo only has [support

more work
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 51f600f5..3e85448f 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -35,6 +35,8 @@ Hugo ultra short primer
  * `hugo serve` does that and serves on localhost, with autoreload
  * `hugo new` to post new stuff
 
+Maybe the [Emacs mode](https://github.com/masasam/emacs-easy-hugo) could be useful.
+
 Results
 =======
 
@@ -142,28 +144,36 @@ Tasks
 the gist of it is we need to implement:
 
  * meta (in progress)
- * foo/ and foo.mdwn rename to foo/_index.mdwn
- * `[[link]]` and `[[link|parser]]`, hard because we need to figure out pagespec?
- * toc
- * img
- * format (shortcodes?)
+ * foo/ and foo.mdwn rename to foo/_index.mdwn (see also [page
+   bundles](https://gohugo.io/content-management/page-bundles/) and [content organization](https://gohugo.io/content-management/organization/))
+ * `[[link]]` and `[[link|parser]]`, hard because we need to figure
+   out pagespec? maybe [links and crossferences](https://gohugo.io/content-management/cross-references/) could save us, or
+   maybe just [relative URLs](https://gohugo.io/content-management/urls/#relative-urls)
+ * table of contents could be a problem: Hugo only has [support
+   through templates](https://gohugo.io/content-management/toc/#usage), not markup (or maybe shortcode would work?)
+ * img directives (maybe [this works](https://gohugo.io/content-management/image-processing/)
+ * format (shortcodes? or [syntax hilighting](https://gohugo.io/content-management/syntax-highlighting/))
  * shortcodes ([dokuwiki converter](https://github.com/wgroeneveld/dokuwiki-to-hugo) also suggests using shortcodes for interwiki)
  * admonitions (same as shortcode?)
  * switch to a branch before making changes?
 
 structural elements needing more thinking:
 
- * consider lektor and pelican and [zola](https://www.getzola.org/)
-   and what else
+ * consider lektor and pelican and [zola](https://www.getzola.org/) and what else (watch out
+   for pelican, another user reports that, with caching, generating a
+   500 page site takes 30 seconds, 2 minutes without caching)
+   ([comparison site](https://www.staticgen.com/), [another](https://staticsitegenerators.net/), and [another](https://www.staticsitegenerator.net/))
+ * [RSS](https://gohugo.io/templates/rss/)
  * frontpage and blog structure (`inline`)
  * same with `map` and `orphan` pages
- * comments
- * tags
+ * [comments](https://gohugo.io/content-management/comments/#readout)
+ * tags (AKA [taxonomies](https://gohugo.io/content-management/taxonomies) in Hugo parlance)
  * 550 non-page files?
  * git-annex stuff
  * a good theme
- * sidebar
+ * sidebar (maybe see [sections](https://gohugo.io/content-management/sections/))
  * blog posts outside of `blog/`
+ * [search](https://gohugo.io/tools/search/)
 
 will be converted by hand:
 
@@ -182,6 +192,7 @@ Other converters
  * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
  * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)
+ * [Upstream list of converters](https://gohugo.io/tools/migrations/)
 
 Why
 ===

moar
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index babf2480..51f600f5 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -153,7 +153,8 @@ the gist of it is we need to implement:
 
 structural elements needing more thinking:
 
- * consider lektor and pelican
+ * consider lektor and pelican and [zola](https://www.getzola.org/)
+   and what else
  * frontpage and blog structure (`inline`)
  * same with `map` and `orphan` pages
  * comments
@@ -162,6 +163,7 @@ structural elements needing more thinking:
  * git-annex stuff
  * a good theme
  * sidebar
+ * blog posts outside of `blog/`
 
 will be converted by hand:
 
@@ -180,3 +182,17 @@ Other converters
  * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
  * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)
+
+Why
+===
+
+ * too slow: ikiwiki takes 30 seconds to refresh even a single page
+ * hard to maintain: my patches to ikiwiki are still not merged and it
+   makes upgrades painful
+ * hard to deploy: it's difficult to tell people to use ikiwiki
+   because it's really hard to install and deploy a new wiki... i had
+   to use ikiwiki-hosting and that just adds another layer of
+   complexity
+ * unusual templating engine: Perl's templates may have been great at
+   some point, but they are definitely showing their age
+   now. something more standard like Jinja or Golang templates

link to previous notes
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
index 72ac1a86..babf2480 100644
--- a/services/wiki/ikiwiki-hugo-conversion.mdwn
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -179,3 +179,4 @@ Other converters
 
  * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
  * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)
+ * [Previous tests](https://gitlab.com/anarcat/wallabako/issues/13)

mention another implementation of this
diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile
index 370059b5..a3a985e1 100644
--- a/.well-known/openpgpkey/Makefile
+++ b/.well-known/openpgpkey/Makefile
@@ -3,4 +3,5 @@
 ADDRESS=anarcat@debian.org
 
 hu:
+	echo "Consider switching to weasel's version in https://kushaldas.in/posts/setting-up-wkd.html"
 	generate-openpgpkey-hu-3 --address $(ADDRESS) --exist-ok

ikiwiki conversion notes
diff --git a/services/wiki/ikiwiki-hugo-conversion.mdwn b/services/wiki/ikiwiki-hugo-conversion.mdwn
new file mode 100644
index 00000000..72ac1a86
--- /dev/null
+++ b/services/wiki/ikiwiki-hugo-conversion.mdwn
@@ -0,0 +1,181 @@
+[[!meta title="Ikiwiki to Hugo conversion notes"]]
+
+I had to rename all files, and move stuff into `content/`, then things
+started generally working "working" (as in "breaking").
+
+I had to clone a theme, the quickstart suggest:
+
+    git submodule add https://github.com/budparr/gohugo-theme-ananke.git themes/ananke
+
+Then I had a failure to parse comments:
+
+    Error: Error building site: "/home/anarcat/wikis/anarc.at/content/blog/2013-02-04-why-i-dont-pulseaudio.md:2:1": starting HTML comment with no end
+
+Workaround, delete all comments:
+
+    505  2019-07-18 17:22:08 grep -l -r -- '<!--' * | grep -e comment  -e '\.md$'  | xargs  sed -i '/<!--/d'
+
+Long term solution might be to [convert to shortcodes](https://discourse.gohugo.io/t/internal-comment-shortcode/6694/2).
+
+I also tried:
+
+    607  2019-07-18 17:11:55 grep -l -r -- '-->$' * | grep -e comment  -e '\.md$'
+    608  2019-07-18 17:12:15 grep -l -r -- '-->$' * | grep -e comment  -e '\.md$' -0 | xargs -0 sed -i 's/-->$/!-->/'
+    609  2019-07-18 17:12:23 grep -l -r -- '-->$' * | grep -e comment  -e '\.md$'  | xargs  sed -i 's/-->$/!-->/'
+
+Another failure is when it finds an HTML file with an unquoted `href`
+argument (e.g. `hardware/phone/htc-one-s/apps.html`).
+
+Hugo ultra short primer
+=======================
+
+ * `apt install hugo` - available in Debian, also there's a newer
+   version in unstable
+ * `hugo` builds stuff
+ * `hugo serve` does that and serves on localhost, with autoreload
+ * `hugo new` to post new stuff
+
+Results
+=======
+
+Result of running hugo build after the renames:
+
+                       | EN   
+    +------------------+-----+
+      Pages            | 734  
+      Paginator pages  |  63  
+      Non-page files   | 549  
+      Static files     |   3  
+      Processed images |   0  
+      Aliases          |  12  
+      Sitemaps         |   1  
+      Cleaned          |   0  
+
+Things generally look like crap:
+
+ * ikiwiki-specific links are not parsed
+ * no directives are parsed, so most content is broken
+ * links are broken
+ * blog posts are not sorted properly and generally look like crap as
+   well
+
+Inventory
+=========
+
+List of directives used in my wiki:
+
+    $ git grep -h '\[\[!' | sed 's/\[\[!/\n[[!/g' | grep '\[\[!' | sed 's/ .*//' | sort | uniq -c | sort -n
+          1 [[!bibtex2html
+    ^ convert by hand
+          1 [[!orphans
+    ^ only in services?
+          1 [[!osm]]
+    ^ false positive, in software/ikiwiki-osm
+          1 [[!toggle
+    ^ in blog, convert by hand
+          1 [[!toggleable
+    ^ same
+          1 [[!wiki
+    ^ shortcode, probably to wikipedia, or an error
+          2 [[!debss
+    ^ shortcode, false positive (in shortcuts)
+          2 [[!google
+    ^ same
+          2 [[!if
+    ^ ikiwiki internal stuff (shortcuts, recentchanges)
+          2 [[!pagestats
+    ^ in tags and monthly reports
+          3 [[!rfc
+    ^ shortcode
+          3 [[!warning
+    ^ admonition
+          3 [[!waypoint
+    ^ false positive, see osm above
+          5 [[!debmsg
+    ^ shortcode
+          5 [[!debwiki
+    ^ shortcode
+          6 [[!important
+    ^ admonition
+          7 [[!man
+    ^ shortcode
+          8 [[!map
+    ^ IMPORTANT, need to figure it out
+          8 [[!note
+    ^ admonition
+          9 [[!tip
+    ^ admonition
+         16 [[!toc]]
+    ^ IMPORTANT, need to figure it out
+         18 [[!img
+    ^ IMPORTANT, need to figure it out
+         22 [[!color
+    ^ services table, rebuild by hand
+         26 [[!iki
+    ^ shortcodes?
+         50 [[!format
+    ^ IMPORTANT, need to figure it out
+         55 [[!shortcut
+    ^ shortcode, false positive (in shortcuts)
+         72 [[!wikipedia
+    ^ shortcode
+         96 [[!toc
+    ^ IMPORTANT, need to figure it out (see aboev)
+        109 [[!debcve
+    ^ shortcode
+        115 [[!debbug
+    ^ shortcode
+        142 [[!debpkg
+    ^ shortcode
+        268 [[!inline
+    mostly used in frontpage and blog, need to figure out
+        335 [[!tag
+    ^ IMPORTANT, need to figure it out
+        358 [[!comment
+    ^ IMPORTANT, need to figure it out
+       1254 [[!meta
+    ^ IMPORTANT, need to figure it out
+
+Tasks
+=====
+
+the gist of it is we need to implement:
+
+ * meta (in progress)
+ * foo/ and foo.mdwn rename to foo/_index.mdwn
+ * `[[link]]` and `[[link|parser]]`, hard because we need to figure out pagespec?
+ * toc
+ * img
+ * format (shortcodes?)
+ * shortcodes ([dokuwiki converter](https://github.com/wgroeneveld/dokuwiki-to-hugo) also suggests using shortcodes for interwiki)
+ * admonitions (same as shortcode?)
+ * switch to a branch before making changes?
+
+structural elements needing more thinking:
+
+ * consider lektor and pelican
+ * frontpage and blog structure (`inline`)
+ * same with `map` and `orphan` pages
+ * comments
+ * tags
+ * 550 non-page files?
+ * git-annex stuff
+ * a good theme
+ * sidebar
+
+will be converted by hand:
+
+ * services table (color)
+ * bibtex
+ * toggle in blog
+ * pagestats in tags and monthly reports tagr
+ * openid.mdwn redirect
+ * `meta` redirections
+
+Work is ongoing in this [conversion script](https://gitlab.com/anarcat/scripts/blob/master/ikiwiki2hugo.py).
+
+Other converters
+================
+
+ * [Drupal 7](https://www.researchut.com/post/drupal-7_to_hugo/)
+ * [Simpler conversion](https://blog.jak-linux.org/2018/10/25/migrated-website-from-ikiwiki-to-hugo/)

fix link to makefile, add fr
diff --git a/contact.mdwn b/contact.mdwn
index 0fdd3ef2..1891219e 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -8,6 +8,13 @@ Vous pouvez également encrypter vos messages avec cette
 [clef PGP](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe). Notez que
 [j'ai changé de clef](../pgp_transition.txt) en 2009.
 
+> Note: vous pouvez également retrouver ma clé avec le protocole WKD:
+>
+>     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
+>
+> Voir ce [makefile](../.well-known/openpgpkey/Makefile) pour plus
+> d'informations sur le comment de la chose.
+
 Les articles de blog acceptent les commentaires, mais sont sujet à
 modération et contrôles anti-spam.
 
@@ -28,7 +35,7 @@ available on key servers and the [Web Key Discover protocol](https://keyserver.m
 >
 >     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
 >
-> See the [[makefile|../.well-known/openpgpkey/Makefile]] for more
+> See the [makefile](../.well-known/openpgpkey/Makefile) for more
 > information on how this was built.
 
 Blog articles accept comments, but are subjected to moderation and

diff --git a/contact.mdwn b/contact.mdwn
index 3082e324..0fdd3ef2 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -28,7 +28,7 @@ available on key servers and the [Web Key Discover protocol](https://keyserver.m
 >
 >     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
 >
-> See the [[makefile|.well-known/openpgpkey/Makefile]] for more
+> See the [[makefile|../.well-known/openpgpkey/Makefile]] for more
 > information on how this was built.
 
 Blog articles accept comments, but are subjected to moderation and

link to makefile and show how to use WKD
diff --git a/contact.mdwn b/contact.mdwn
index 94d9f0c6..3082e324 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -24,5 +24,12 @@ You can also encrypt your messages with this [PGP key](../.well-known/openpgpkey
 available on key servers and the [Web Key Discover protocol](https://keyserver.mattrude.com/guides/web-key-directory/)
 (WKD). Note that I [changed key](../pgp_transition.txt) in 2009.
 
+> Note: this uses the WKD protocol, so you can also fetch my key with:
+>
+>     gpg --auto-key-locate clear,wkd --locate-keys anarcat@anarc.at
+>
+> See the [[makefile|.well-known/openpgpkey/Makefile]] for more
+> information on how this was built.
+
 Blog articles accept comments, but are subjected to moderation and
 anti-spam filtering.

fix broken link to project ara
diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index 25ce0154..f810801c 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -510,7 +510,9 @@ Phoneblocks
 
 [[!wikipedia Phonebloks]] is the idea of a modular phone that could be easily fixable and field-upgradable. It was turned into a [discussion forum](https://phonebloks.com/) around 2013 by Motorola and Google in favor of their [[!wikipedia Project Ara]] scheduled for release in January 2015.
 
-Here's a [pretty homepage](http://www.projectara.com/) while we wait for something to actually happen.
+Here's a [pretty homepage](http://www.projectara.com/) (site dead, [archive](http://web.archive.org/web/20170329161342/https://atap.google.com/ara/) while we wait for something to actually happen.
+
+Update: project was [killed by Google](http://venturebeat.com/2017/01/10/inside-project-ara-googles-revolutionary-modular-phone/), like [so many others](https://killedbygoogle.com/).
 
 Puzzlephone
 -----------

mention that -H is expensive and the simpler, more obvious -a form
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 5a5304e2..0a7f4028 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -8,7 +8,18 @@ grep around this wiki and find other instances, which are never quite
 as good as what I've come up with with the help of my (new) colleague
 [weasel](https://www.palfrader.org/).
 
-The answer, *of course*, is the very intuitive:
+The common answer is "just use `-av`":
+
+    rsync -av A/ B/
+
+... but that has a few limitations:
+
+ * it shows every file transfered, which can overwhelm the terminal
+   for large transfers
+ * it won't transfer hardlinks, ACLs and other extended attributes
+ * it might break if `/etc/password` is not synchronized across hosts
+
+The answer, *of course*, is instead the very intuitive:
 
     rsync -PaSHAX --numeric-ids --info=progress2 A/ B/
 
@@ -30,6 +41,11 @@ Those flags mean:
             --numeric-ids           don't map uid/gid values by user/group name
         -c, --checksum              skip based on checksum, not mod-time & size
 
+<span/><div class="important">
+Keep in mind that `-H` is expensive, which is why it's not included in
+`-a` by default, as the manpage explains.
+</div>
+
 Unrolling some of those, this actually means:
 
         -r, --recursive             recurse into directories

add -S, thanks pabs!
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 54925960..5a5304e2 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -10,7 +10,7 @@ as good as what I've come up with with the help of my (new) colleague
 
 The answer, *of course*, is the very intuitive:
 
-    rsync -PHaAX --numeric-ids --info=progress2 A/ B/
+    rsync -PaSHAX --numeric-ids --info=progress2 A/ B/
 
 <span/><div class="note">
 If you don't trust the filesystem time and files sizes, also throw in
@@ -22,8 +22,9 @@ much slower. (A better hashing algorithm could be [SHA-2](https://en.wikipedia.o
 Those flags mean:
 
         -P                          same as --partial --progress
-        -H, --hard-links            preserve hard links
         -a, --archive               archive mode; equals -rlptgoD (no -H,-A,-X)
+        -S, --sparse                turn sequences of nulls into sparse blocks
+        -H, --hard-links            preserve hard links
         -A, --acls                  preserve ACLs (implies -p)
         -X, --xattrs                preserve extended attributes
             --numeric-ids           don't map uid/gid values by user/group name
@@ -74,9 +75,9 @@ test suite, against, interestingly, rsync. Indeed, [bup](https://github.com/bup/
 rsync](https://github.com/bup/bup/blob/master/t/compare-trees) to check that the files it restores are identical to the
 original. They use the also super-intuitive `-niaHAX` (maybe with
 `-c`), which I find slightly less intuitive than *my* ordering, which
-sounds like "fax".
+sounds like <del>"fax"</del>[pacha](https://fr.wikipedia.org/wiki/Pacha_(titre)) in french.
 
-So there you go. `-PHaAX` is now your new best friend. And don't
+So there you go. `-PaSHAX` is now your new best friend. And don't
 forget the *obvious* `--numeric-ids` (and not `uids`, they talk
 about groups too) and `--info=progress2` (*grrr*) and *maybe*
 `--checksum` if you're nostalgic about the good old MD5 days.
diff --git a/blog/2019-07-07-rsync-oneliner/comment_1_3c79d3ec5dcf8ebda4e57d193c453891._comment b/blog/2019-07-07-rsync-oneliner/comment_1_3c79d3ec5dcf8ebda4e57d193c453891._comment
new file mode 100644
index 00000000..4b33cd18
--- /dev/null
+++ b/blog/2019-07-07-rsync-oneliner/comment_1_3c79d3ec5dcf8ebda4e57d193c453891._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""update: added -S"""
+ date="2019-07-08T14:14:15Z"
+ content="""
+On [pabs](https://bonedaddy.net/pabs3/)'s recommendation, I also added -S, changing the acronym from "fax" (`-PHaAX`) to "pacha(x)" (`-PaSHAX`) which still sounds good *and* is a better mapping to the transliteration...
+"""]]

lowercase weasel
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index dc1b04b1..54925960 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -6,7 +6,7 @@ forgetting the answer to "what if I really want to just transfer
 words, I basically *never* go there to find the answer and instead
 grep around this wiki and find other instances, which are never quite
 as good as what I've come up with with the help of my (new) colleague
-Weasel.
+[weasel](https://www.palfrader.org/).
 
 The answer, *of course*, is the very intuitive:
 

better link
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 41bf16e6..dc1b04b1 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -106,7 +106,7 @@ They ommitted, obviously, that this is also identical:
     rsync -av /src/foo/ /dest/foo/
 
 At this point, I would understand if you want to throw the "fine
-manual" out the window and [yell](https://www.youtube.com/watch?v=rGIY5Vyj4YM).
+manual" out the window and [yell like crazy](https://www.youtube.com/watch?v=ZwMVMbmQBug).
 </div>
 
 [[!tag documentation unix history backup archive]]

ah, and obviously...
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 5ea90b96..41bf16e6 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -81,4 +81,32 @@ forget the *obvious* `--numeric-ids` (and not `uids`, they talk
 about groups too) and `--info=progress2` (*grrr*) and *maybe*
 `--checksum` if you're nostalgic about the good old MD5 days.
 
+<span/><div class="important">
+Notice the trailing slashes at the end of `A/` and `B/`. Those,
+stupidly, matter to rsync. This is one of the most confusing things
+about rsync and I have gotten around that problem by *always*
+specifying a trailing slash to *both* arguments, which gives a
+consistent experience all the time. But, if you want to know all the
+nasty details, try to figure out this bit:
+
+> A trailing slash on the source changes this behavior to avoid
+> creating an additional directory level at the destination. You can
+> think of a trailing / on a source as meaning "copy the contents of
+> this directory" as opposed to "copy the directory by name", but in
+> both cases the attributes of the containing directory are
+> transferred to the containing directory on the destination. In other
+> words, each of the following commands copies the files in the same
+> way, including their setting of the attributes of /dest/foo:
+>
+>     rsync -av /src/foo /dest
+>     rsync -av /src/foo/ /dest/foo
+
+They ommitted, obviously, that this is also identical:
+
+    rsync -av /src/foo/ /dest/foo/
+
+At this point, I would understand if you want to throw the "fine
+manual" out the window and [yell](https://www.youtube.com/watch?v=rGIY5Vyj4YM).
+</div>
+
 [[!tag documentation unix history backup archive]]

fix markup
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
index 584f2995..5ea90b96 100644
--- a/blog/2019-07-07-rsync-oneliner.mdwn
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -12,7 +12,7 @@ The answer, *of course*, is the very intuitive:
 
     rsync -PHaAX --numeric-ids --info=progress2 A/ B/
 
-<span /><div class="note>
+<span/><div class="note">
 If you don't trust the filesystem time and files sizes, also throw in
 `-c` to do a ([MD5!?](https://en.wikipedia.org/wiki/MD5#Security)) checksum of the files instead, but that's
 much slower. (A better hashing algorithm could be [SHA-2](https://en.wikipedia.org/wiki/SHA-2) or

creating tag page tag/unix
diff --git a/tag/unix.mdwn b/tag/unix.mdwn
new file mode 100644
index 00000000..9276f8a0
--- /dev/null
+++ b/tag/unix.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged unix"]]
+
+[[!inline pages="tagged(unix)" actions="no" archive="yes"
+feedshow=10]]

a study on the rsync commandline
diff --git a/blog/2019-07-07-rsync-oneliner.mdwn b/blog/2019-07-07-rsync-oneliner.mdwn
new file mode 100644
index 00000000..584f2995
--- /dev/null
+++ b/blog/2019-07-07-rsync-oneliner.mdwn
@@ -0,0 +1,84 @@
+[[!meta title="rsync oneliner: a study of a complex commandline"]]
+
+It seems silly to make a blog post about this, but I keep on
+forgetting the answer to "what if I really want to just transfer
+*EVERYTHING* with rsync?". Since the [rsync(1) manpage](http://manpages.debian.org/rsync) is 28,000
+words, I basically *never* go there to find the answer and instead
+grep around this wiki and find other instances, which are never quite
+as good as what I've come up with with the help of my (new) colleague
+Weasel.
+
+The answer, *of course*, is the very intuitive:
+
+    rsync -PHaAX --numeric-ids --info=progress2 A/ B/
+
+<span /><div class="note>
+If you don't trust the filesystem time and files sizes, also throw in
+`-c` to do a ([MD5!?](https://en.wikipedia.org/wiki/MD5#Security)) checksum of the files instead, but that's
+much slower. (A better hashing algorithm could be [SHA-2](https://en.wikipedia.org/wiki/SHA-2) or
+[Meow](https://mollyrocket.com/meowhash), obviously.)
+</div>
+
+Those flags mean:
+
+        -P                          same as --partial --progress
+        -H, --hard-links            preserve hard links
+        -a, --archive               archive mode; equals -rlptgoD (no -H,-A,-X)
+        -A, --acls                  preserve ACLs (implies -p)
+        -X, --xattrs                preserve extended attributes
+            --numeric-ids           don't map uid/gid values by user/group name
+        -c, --checksum              skip based on checksum, not mod-time & size
+
+Unrolling some of those, this actually means:
+
+        -r, --recursive             recurse into directories
+        -l, --links                 copy symlinks as symlinks
+        -p, --perms                 preserve permissions
+        -t, --times                 preserve modification times
+        -g, --group                 preserve group
+        -o, --owner                 preserve owner (super-user only)
+        -D                          same as --devices --specials
+            --partial               keep partially transferred files
+            --progress              show progress during transfer
+
+And yes, we need to unroll this *again*:
+
+            --devices               preserve device files (super-user only)
+            --specials              preserve special files
+
+The `--numeric-ids` parameter is really relevant only when you archive
+files across servers that might not share the same UID space. This is
+especially important when restoring from backups because you might be
+creating `/etc/passwd` along the way (!).
+
+The last bit, `--info=progress2` is not directly documented in the
+manpage, at least not in the `--info` section. Strangely, there's some
+information in the `-P` flag where it says:
+
+    outputs statistics based on the whole transfer, rather than
+    individual files.
+
+I found this was extremely useful during large transfers because, by
+default, `-P` (or, more specifically, `--progress`) shows progress for
+*each* individual file. That's fine if you transfer large files, but
+for large *transfers* (with a large *number* of files), that's much
+less useful and possibly incredibly noisy. `--info=progress2`,
+according to `--info=help`, does instead:
+
+    PROGRESS   Mention 1) per-file progress or 2) total transfer progress
+
+... which I admit is not much clearer.
+
+Note that this is similar to how at least one backup system runs its
+test suite, against, interestingly, rsync. Indeed, [bup](https://github.com/bup/bup/) [uses
+rsync](https://github.com/bup/bup/blob/master/t/compare-trees) to check that the files it restores are identical to the
+original. They use the also super-intuitive `-niaHAX` (maybe with
+`-c`), which I find slightly less intuitive than *my* ordering, which
+sounds like "fax".
+
+So there you go. `-PHaAX` is now your new best friend. And don't
+forget the *obvious* `--numeric-ids` (and not `uids`, they talk
+about groups too) and `--info=progress2` (*grrr*) and *maybe*
+`--checksum` if you're nostalgic about the good old MD5 days.
+
+[[!tag documentation unix history backup archive]]

frigging fedex charged me 260$ for shipping for this thing, outrageous
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 4e92c0a8..4ad552c2 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -183,6 +183,15 @@ getting an actual working laptop. FedEx even charged me for the return
 even though Purism actually issued a shipping label, something I still
 haven't quite resolved.
 
+Update: I ended up paying over 260$ in shipping fees to Fedex, in the
+end. I first paid around 70$ for the first laptop sent, then Fedex
+sent me *another* 200$ bill for the *second* laptop. Purism were
+unable to help me with this issue and Fedex has been totally useless
+as well. I've tried to reach to both organizations to get around those
+fees but the time wasted waiting on hold and support has outgrown the
+possible savings I could to by not paying the damn bill, so I just
+paid it now.
+
 Bright LEDs, not accessible when lid closed
 -------------------------------------------
 

d'autres trucs de la famille qui voyage autour du monde
diff --git a/pleinair/liste.mdwn b/pleinair/liste.mdwn
index fc304d24..e755cd79 100644
--- a/pleinair/liste.mdwn
+++ b/pleinair/liste.mdwn
@@ -184,6 +184,8 @@ toujours retourner sur l'ordinateur.
  * Peigne
  * Rasoir
  * Capotes
+ * Détergent
+ * Corde à linge
 
 ## Vêtements
 
@@ -214,6 +216,7 @@ toujours retourner sur l'ordinateur.
  * Tuque
  * Guêtres
  * Gants
+ * Gants de construction
  * Mitaines et sous-mitaines
  * Foulard / Masque facial / Cache-cou
  * Filet anti-moustique
@@ -295,7 +298,7 @@ Médicaments:
  [Loperamide]: https://en.wikipedia.org/wiki/Loperamide
  [Loratadine]: https://en.wikipedia.org/wiki/Loratadine
  [Épinéphrine]: https://en.wikipedia.org/wiki/Epinephrine
- [discussion sur wikipedia]: https://en.wikipedia.org/wiki/Talk:Anaphylaxis#contradiction_with_Benadryl_.2F_Diphenhydramine_article
+ [discussion sur wikipedia]: https://en.wikipedia.org/wiki/Talk:Anaphylaxis#Preferred_post-epipen_medication?
 
 ## Notes
 
@@ -365,6 +368,7 @@ Les différentes sources qui a permis de créer cette page.
  * [Liste pour un voyage de canot-camping avec 2 jours d'approche en vélo][]
  * [Équipement requis de Alexhike.com][]
  * [Trousse d'urgence du MSPQ][]
+ * [Our Around the World Packing List][]
 
  [Liste personnelle de Antoine]: https://anarc.at/pleinair/liste/
  [SuperOli]: https://wiki.koumbit.net/SuperOli
@@ -375,3 +379,4 @@ Les différentes sources qui a permis de créer cette page.
  [Équipement requis de Alexhike.com]: http://www.alexhike.com/informer/equipements-requis/
  [Liste pour un voyage de canot-camping avec 2 jours d'approche en vélo]: https://wiki.koumbit.net/PleinAir/ListeCanotCamping
  [Trousse d'urgence du MSPQ]: https://www.securitepublique.gouv.qc.ca/securite-civile/se-preparer-aux-sinistres/plan-familial-1/trousse-urgence.html
+ [Our Around the World Packing List]: https://www.earthtrekkers.com/around-the-world-packing-list/

removed
diff --git a/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment b/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
deleted file mode 100644
index c4bf8d5a..00000000
--- a/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
+++ /dev/null
@@ -1,11 +0,0 @@
-[[!comment format=creole
- ip="5.188.210.5"
- claimedauthor="w3u6x6o1"
- url="https://buyessayy.us/"
- subject="where to buy essays  nltx"
- date="2019-07-01T21:25:43Z"
- content="""
-<a href=\" https://buyessayy.us/ \">where can i buy an essay online</a>, buy essay paper 
-buy pre written essays - <a href=\" https://buyessayy.us/ \">buy essays cheap</a> 
-https://buyessayy.us/
-"""]]

Added a comment: where to buy essays nltx
diff --git a/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment b/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
new file mode 100644
index 00000000..c4bf8d5a
--- /dev/null
+++ b/blog/2015-12-29-ikiwiki-on-twitter/comment_1_325a105e764e3c180734efc982b5fb51._comment
@@ -0,0 +1,11 @@
+[[!comment format=creole
+ ip="5.188.210.5"
+ claimedauthor="w3u6x6o1"
+ url="https://buyessayy.us/"
+ subject="where to buy essays  nltx"
+ date="2019-07-01T21:25:43Z"
+ content="""
+<a href=\" https://buyessayy.us/ \">where can i buy an essay online</a>, buy essay paper 
+buy pre written essays - <a href=\" https://buyessayy.us/ \">buy essays cheap</a> 
+https://buyessayy.us/
+"""]]

one more time.
diff --git a/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment b/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
deleted file mode 100644
index 94d34971..00000000
--- a/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
+++ /dev/null
@@ -1,34 +0,0 @@
-[[!comment format=mdwn
- ip="201.178.247.43"
- claimedauthor="rick"
- subject="comment 3"
- date="2019-06-21T16:12:45Z"
- content="""
-Hi man,
-no worries about \"censorship\". This is your place and I'm commenting because you posted publicly something you are apparently open to discuss, and me too. So, much appreciate that you took the time to read and edit my text, which I didnt notice was so super long, and I apologize for that. 
-
-My core point was the one illustrated here: https://bloximages.newyork1.vip.townnews.com/newsadvance.com/content/tncms/assets/v3/editorial/3/2f/32fc6138-844c-11e7-8284-0f550f01a651/599741542513d.image.jpg?resize=1200%2C800
-
-I'm not saying \"censorship is wrong\" because I believe in defining boundaries (I would be close to the anarchist definition, but I believe that power \"struggle\" is unavoidable between humans, but power ultimately is conceded from the mind of those who recognize in other, -be the state, be a person, be a corpo- instead of the other way around. Also I dont like *-ism labels)
-
-I just think that censorship doesn't work. I'm talking about results. It hasn't made the world any better. The natzis were even physically defeated, and the history written afterwards made them look like the worst possible evil of all times. I'm not saying \"they are good\", I'm saying \"lets not be that ingenuous, there ALWAYS can be a worse evil\". 
-And here we are, almost year 2020 and still worried about them \"coming back\" (in case you didnt, I recommend you to watch the movie \"Look Who's back\")
-
-Fascist movements (right wing, left wing, religious, whatever) are a symptomes of deeper societal diseases. Lets move on and fight the causes, not the symptoms.
-
-Everyone nowadays seems to think that censoring what they think is wrong, is the solution. Nazis would gladly censor their criticisms. Anti-nazis want to censor nazis. Some feminists wants to censor gender-roles biased content. Some masculinists want to censor feminism. Conservatives want to censor liberals. Science supporters want to censor pseudo-science fans. All of then want to censor \"to protect others from those dangerous opinions!\"
-The only effective outcome for censorship is the \"Straissand effect\" , where trying to hide something actually brings it up to the spotlight. 
-
-My theory is that many young folks -and not so younger- are becoming \"neonazis\" because in perspective you can see nazis as \"victims\", so it's rebellious and politically incorrect to take that stance. That's attractive for inexperienced minds. If something is politically correct in a society you dont feel like you belong, then it's easy to tempt you into something politically incorrect, if selled it properly. That's why fascism and right wing have so much success, they appeal to collective unconsciousness, massive gut feelings.
-
-So are those kids dangerous murderers? 
-They may be wrong from our point of view but they think theirs is _the_ good way. They deny the killings and say \"if news today are fake, of course history can be fake too\". 
-We have to admit  that ultimately, \"knowing the history\" constitutes an act of faith. We pick the version that best matches the idea we want to justify.
-
-Let's not forget that the human being, is not entirely rational. We are mis-educated in a way that first you have and opinion, THEN look for any argument to support it (and avoid any argument that challenge it, because hey, who likes to be intellectualy challenged in this culture of constant self-validation and inmediate satisfaction?). The opinions have root in people's feelings and internet and the media provide enough \"fuel\" to feed any opinion you already have. That's what personalized feeds like FB are doing, giving you what you need to volume up your internal echo-chamber. Then any belief contrary to your own will make you angry and want it silenced. 
-
-The words \"Divide et impera\" are so true today where divisions are each day more individualized, through internet and \"smart\"phones.
-
-In my opinion, if there's something to fight, is that. Truth today is irrelevant, sadly. People ultimately act motivated on feelings, often not very rational. And hate speech may come from any ideology. And utlimately words and opinions dont change nothing. Only actions. You can't blame the \"leader\" because he wouldnt be a leader if no one followed.
-
-"""]]
diff --git a/blog/2019-05-13-free-speech/comment_3_8bde3225985bfb8d5540130d2af6d65f._comment b/blog/2019-05-13-free-speech/comment_3_8bde3225985bfb8d5540130d2af6d65f._comment
new file mode 100644
index 00000000..8df008ff
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_3_8bde3225985bfb8d5540130d2af6d65f._comment
@@ -0,0 +1,40 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""comment 3"""
+ date="2019-06-21T16:20:10Z"
+ content="""
+
+> I just think that censorship doesn't work. 
+
+If it doesn't work, why worry about it? Why did nazis and stalinists and americans use it copiously when they needed to? Why does the US propaganda machine work so well when "ideas do not matter"?
+
+> The words "Divide et impera" are so true today where divisions are each day more individualized, through internet and "smart"phones.
+>
+> In my opinion, if there's something to fight, is that. 
+
+That's your opinion. I believe in a diversity of tactics and while you can punch a nazi in the face, you can also silence their speech. SO many options.
+
+> We have to admit that ultimately, "knowing the history" constitutes an act of faith. We pick the version that best matches the idea we want to justify.
+
+No. History is a science like many others, and it's based on verifiable facts and observations. There is such a thing.
+
+> Truth today is irrelevant, sadly. 
+
+No. Truth is relevant, and we debate it every day. It's the entire point of speech, after all. "Truthers" and conspiracy theorist certainly care about "truth" anyways, even if they have a blatant disregard for basic facts and can't accept reality.
+
+> People ultimately act motivated on feelings, often not very rational.
+
+No, no, and no! While, ultimately, you might be able to say that there's no free will and everything is irrational, we have to behave like we are rational beings. That's one of the cornerstone of living together.
+
+Otherwise we just go to war all the time, because there's no point arguing.
+
+> And hate speech may come from any ideology.
+
+I strongly agree with that assertion. I don't see how anarchism or liberation theology lead to hate speech, to pick somewhat unrelated examples.
+
+> And utlimately words and opinions dont change nothing. Only actions. 
+
+If that would be true, you wouldn't have come back here to put more words.
+
+I have also removed your last post, because it was, again, too long. For what it's worth, it's still availabld in the history of this wiki anyways. :p
+"""]]

Added a comment
diff --git a/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment b/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
new file mode 100644
index 00000000..94d34971
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_3_54cc437c4b31bb4b5d790770a5ea1049._comment
@@ -0,0 +1,34 @@
+[[!comment format=mdwn
+ ip="201.178.247.43"
+ claimedauthor="rick"
+ subject="comment 3"
+ date="2019-06-21T16:12:45Z"
+ content="""
+Hi man,
+no worries about \"censorship\". This is your place and I'm commenting because you posted publicly something you are apparently open to discuss, and me too. So, much appreciate that you took the time to read and edit my text, which I didnt notice was so super long, and I apologize for that. 
+
+My core point was the one illustrated here: https://bloximages.newyork1.vip.townnews.com/newsadvance.com/content/tncms/assets/v3/editorial/3/2f/32fc6138-844c-11e7-8284-0f550f01a651/599741542513d.image.jpg?resize=1200%2C800
+
+I'm not saying \"censorship is wrong\" because I believe in defining boundaries (I would be close to the anarchist definition, but I believe that power \"struggle\" is unavoidable between humans, but power ultimately is conceded from the mind of those who recognize in other, -be the state, be a person, be a corpo- instead of the other way around. Also I dont like *-ism labels)
+
+I just think that censorship doesn't work. I'm talking about results. It hasn't made the world any better. The natzis were even physically defeated, and the history written afterwards made them look like the worst possible evil of all times. I'm not saying \"they are good\", I'm saying \"lets not be that ingenuous, there ALWAYS can be a worse evil\". 
+And here we are, almost year 2020 and still worried about them \"coming back\" (in case you didnt, I recommend you to watch the movie \"Look Who's back\")
+
+Fascist movements (right wing, left wing, religious, whatever) are a symptomes of deeper societal diseases. Lets move on and fight the causes, not the symptoms.
+
+Everyone nowadays seems to think that censoring what they think is wrong, is the solution. Nazis would gladly censor their criticisms. Anti-nazis want to censor nazis. Some feminists wants to censor gender-roles biased content. Some masculinists want to censor feminism. Conservatives want to censor liberals. Science supporters want to censor pseudo-science fans. All of then want to censor \"to protect others from those dangerous opinions!\"
+The only effective outcome for censorship is the \"Straissand effect\" , where trying to hide something actually brings it up to the spotlight. 
+
+My theory is that many young folks -and not so younger- are becoming \"neonazis\" because in perspective you can see nazis as \"victims\", so it's rebellious and politically incorrect to take that stance. That's attractive for inexperienced minds. If something is politically correct in a society you dont feel like you belong, then it's easy to tempt you into something politically incorrect, if selled it properly. That's why fascism and right wing have so much success, they appeal to collective unconsciousness, massive gut feelings.
+
+So are those kids dangerous murderers? 
+They may be wrong from our point of view but they think theirs is _the_ good way. They deny the killings and say \"if news today are fake, of course history can be fake too\". 
+We have to admit  that ultimately, \"knowing the history\" constitutes an act of faith. We pick the version that best matches the idea we want to justify.
+
+Let's not forget that the human being, is not entirely rational. We are mis-educated in a way that first you have and opinion, THEN look for any argument to support it (and avoid any argument that challenge it, because hey, who likes to be intellectualy challenged in this culture of constant self-validation and inmediate satisfaction?). The opinions have root in people's feelings and internet and the media provide enough \"fuel\" to feed any opinion you already have. That's what personalized feeds like FB are doing, giving you what you need to volume up your internal echo-chamber. Then any belief contrary to your own will make you angry and want it silenced. 
+
+The words \"Divide et impera\" are so true today where divisions are each day more individualized, through internet and \"smart\"phones.
+
+In my opinion, if there's something to fight, is that. Truth today is irrelevant, sadly. People ultimately act motivated on feelings, often not very rational. And hate speech may come from any ideology. And utlimately words and opinions dont change nothing. Only actions. You can't blame the \"leader\" because he wouldnt be a leader if no one followed.
+
+"""]]

yolo
diff --git a/services/usbguard.mdwn b/services/usbguard.mdwn
index 1bd198a6..f2d57fe7 100644
--- a/services/usbguard.mdwn
+++ b/services/usbguard.mdwn
@@ -1,4 +1,11 @@
-TL;DR:
+install intel platform key, then reboot, then `--enable-validation`,
+which prompts for a passphrase that will then be required to disable
+validation in the future.
+
+requires way more work to be effective, because right now can be
+bypassed in the bios or grub?
+
+usbguard TL;DR:
 
     sudo apt-get install usbguard usbguard-applet-qt &&
     : populate the policy with the currently connected USB devices &&

summary docs on usbguard
diff --git a/services/usbguard.mdwn b/services/usbguard.mdwn
new file mode 100644
index 00000000..1bd198a6
--- /dev/null
+++ b/services/usbguard.mdwn
@@ -0,0 +1,14 @@
+TL;DR:
+
+    sudo apt-get install usbguard usbguard-applet-qt &&
+    : populate the policy with the currently connected USB devices &&
+    sudo usbguard generate-policy | sudo tee -a /etc/usbguard/rules.conf &&
+    : allow the plugdev group to change policy
+    sudo sed -i '/IPCAllowedGroups=/s/$/ plugdev/' /etc/usbguard/usbguard-daemon.conf &&
+    : optionnally, set default policy to allow:
+    : sudo sed -i -e '/ImplicitPolicyTarget/s/=.*$/=allow/' -e '/PresentDevicePolicy/s/=.*$/=keep/' /etc/usbguard/usbguard-daemon.conf &&
+    sudo systemctl enable usbguard && 
+    sudo systemctl start usbguard &&
+    usbguard-applet-qt
+
+See [bug #928032](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928032#15), [PR #267](https://github.com/USBGuard/usbguard/pull/267#issuecomment-503795269) and [USBGuard homepage](https://usbguard.github.io/).

un autre interview, cette fois à Rad
diff --git a/communication.mdwn b/communication.mdwn
index 33f745b7..7180df9b 100644
--- a/communication.mdwn
+++ b/communication.mdwn
@@ -23,6 +23,9 @@ J'ai donné les interviews suivants, politico-techniques:
 
 <!-- todo: move to a .bib file and add good entries to CV -->
 
+ * sur la vie privée, à [Rad](https://www.rad.ca/dossier/controle-du-web/190/gafam-geant-web-donnees-experimentation) (Radio-Canada), été 2019
+ * sur la vie privée, pour le film documentaire [HAK_MTL](https://www.imdb.com/title/tt10353560/) de
+   Alexandre Sheldon, présenté au Cinéma du Parc au printemps 2019
  * sur la loi C-51, avec [les Alter Citoyens][],
    [The Law of the Land: Qui sont les terroristes?](http://lesaltercitoyens.com/?p=2454)
    ([lien youtube](https://youtu.be/cYiHxmFBZmo)), présenté au
@@ -40,6 +43,7 @@ J'ai donné les interviews suivants, politico-techniques:
  * au sujet de [Tor](http://torproject.org/), à [la radio de Radio-Canada](http://www.radio-canada.ca/emissions/desautels/2010-2011/chronique.asp?idChronique=139708&autoPlay=##commenter) ([[copie locale|blog/files/desautels201103091732_2.spx]]) et [la radio CBC](http://www.cbc.ca/daybreakmontreal/2011/03/hackers-who-help.html) ([[copie locale|blog/files/montrealdaybreak_20110307_46292.mp3]]) (mars 2011)
 
 [les Alter Citoyens]: http://lesaltercitoyens.com/
+
 J'ai participé plus régulièrement à l'émission "En Profondeur", version française de l'émission de nouvelles quotidienne "Off the hour", diffusée tous les lundis à 17h à CKUT, 90.3FM.
 
 Techniques:
@@ -63,7 +67,8 @@ Politiques
  * "Le réseau et vous" au Forum Ouvert de Communautique, [vidéo](https://www.youtube.com/watch?v=sQEoXr_sn7s), [présentation](https://gitlab.com/anarcat/koumbit/blob/master/conferences/infrastructure-internet/reseau-et-vous.html) (décembre 2010, Montréal)
  * "Infrastructure et internet", au cours "Informatique et société" de Stéphane Couture de l'UQAM (deux fois?), version longue de "Le réseau et vous", [présentation](https://gitlab.com/anarcat/koumbit/blob/master/conferences/infrastructure-internet/infrastructure-internet.html) (2008-2009, Montréal, basé sur une présentation de Lunar à Dijon)
 
-J'ai donné plusieurs fois des présentations devant des classes au CEGEP Maisonneuve (informatique) et à l'UQAM (communications) au sujet des logiciels libres et de la neutralité des réseaux.
+Je donne régulièrement des présentations à l'UQAM dans le département
+de communication comme présentateur invité.
 
 Techniques
 ----------

removed
diff --git a/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment b/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
deleted file mode 100644
index 3f4cac16..00000000
--- a/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
+++ /dev/null
@@ -1,62 +0,0 @@
-[[!comment format=mdwn
- ip="201.178.193.76"
- claimedauthor="rick"
- subject="comment 2"
- date="2019-06-18T05:32:29Z"
- content="""
-Hi!
-I will get a little polemic here, I think.
-I always find hard to believe in censorship, yes, even when it comes to \"the natzis\".
-
-There were always extreme ideas, just nowadays they are amplified by the internet phenomen where practically anyone can broadcast them as much as they like. 
-But they were always there. 
-
-What do we win by trying to silence them?
-We are acknoledging that, they are \"dangerous\", and may \"convince\" people?
-
-Well, the solution could never be censor them. Ideas only, are harmless. You would be surprised on how many \"good\" people still believe that the natzis were for a good cause, or that the US dropping atomic bombs was a \"lesser evil\". I dont share either view but I can understand people who hold them.
-
-But opinions have never changed the world. Only actions.
-Actions may be inspired by opinions, but the man who runs amok shooting 15 people, probably would have found any other idea to support his impulse to do it. 
-That behavior comes, I'd say, from something more emotional-related than from ideas or opinions. Of course, they will rationalize and use that ideas to say they're doing crazy shit for some \"noble cause\" or to feel like kind of heroes. 
-I could go full-conspironoic here and say that emotions are injected and amplified by the skilled in communications techniques (and with access to the means), through seemingly innocent content like advertising. Should we censor there, too?
-
-Let's remember the context of the nazism, a big part of population, was kind of angry, looking up to the politics to provide answers or solutions, then ideas starts to spread that the fault is of the jews, muslims, black, gays, whatever. 
-A charismatic, unapologetic and strong willed figure cant do much harm without convincing some masses. 
-What's the easiest way to buy to them? Knowing to read \"what they want\", kind of a \"herd feeling\". So: amplify what they already are starting to believe, in your favor. The dictator still needs some complicity from some part of the population, and they will fight the dissidence themselves. (See the spanish movie \"Lengua de las mariposas\")
-
-Violent people don't need the \"leader\" to say: \"go burn that church\", because they're already wanting to burn something, somebody. 
-Just get enough public exposure, deliver a \"rational\" message, mix with some fallacies to point in your favor, and you can get a mass to burn whoever you point to as the enemy. Would censoring you make things any better? No way. They will defend you as a victim and deepen their beliefs.
-
-So I think we should be growing a cultural context of \"I can read any idea, no matter how far it's from my own, and not feel it has any impact on me\". 
-Educate on the idea of questioning everything, submit to examination, not only those views that are different from mine, but also my own views. Always.
-Critical thinking. 
-That's the antidote against hate speech. Not attacking ideas based on pre-assumed truths.
-Many people dont know anything about the natzis, what happened, or why, still, are the first ones to fight against \"neo nazism\" and use \"nazi\" as an insult or desqualifier for ideas they don't like. Just like in the comic.
-
-People have commited crimes in the name of God. Should we ban God? People have commited crimes in the name of Love, should we ban Love? You get my point?
-Gasoline runs cars but I could burn a house with it. Knifes are for eating but I could hurt severely another person with one.
-
-We have to be smarter than that. Any platform provider should have any conditions they want, of course, so if I don't want to comply with it, I should simply look for another place. That's the idea of internet. But if we push for making every corner of the internet so politically correct as we think we are, we are missing the point. 
-
-And always remember that many of us hold ideas now that would have been censored and condemned in other time, or right now in some place of the world. Often with the same kind of arguments I hear from people today saying we should censor \"the natzis\", the trolls, the masculinists (whats wrong with them anyway?), the scum. The anti-vax, the flat-earthers. The pseudo-sciences.
-See a pattern? They are all considered by some as \"dangerous\", \"harmful\" .
-
-But we could also point many things that now are more socially accepted, that could be dangerous or harmful to some people.
-
-I'm not saying \"anything can be OK\" as those mythical posmarxists or whatever they call it in the comic. I'm saying there are different points of view on different subjects, some based more strongly than others, but what? are we punishing lack of inteligence, are we punishing lack of knowledge? So free speech only for the enlightened?
-
-\"Traditionalists\" feel specially like victims these days because so many \"progressive\" views (I dont like these terms, but I dont like \"right\" or \"left\" either) have become very politically correct. Too many people think they are something-ists only because that's the mainstream, but they dont really know what's it about.
-I can think of feminism as an example, but there are surely others.
-
-We should trascend all that paradigms. 
-Some think that we should \"go back\" to something that WAS good. They reject \"the new ways\"
-Some think we should \"go forward\" to something that WILL be good. They reject \"the old ways\"
-
-But there's a perennial paradigm, of taking what's \"good\", i.e., what really works for us, from either things we've already tried as from trying something new. Pragmatism. Leaving behind any -ism, because words often get attached to many meanings that weren't originally intended to, like a snow ball that grows on and on.
-
-I really like that quote that says \"opposing to something is perpetuating it\". If you want to fight, let's say, \"the natzis\" you NEED them to exist in order to fight them! So if you fight them you are keeping them real. If you don't want them to exist actually the only and best thing you can do is just act like they dont.
-
-Lets just focus on doing the right thing, whatever we think it is, OURSELVES instead of always be looking at what those fucking \"post marxist femi natzi terrorist christian scums\" (i.e. \"OTHERS\") are saying or doing!
-
-"""]]

Added a comment: i'm only going to do this once
diff --git a/blog/2019-05-13-free-speech/comment_3_a68c0fb889371e6fcfa58edb1d70b79e._comment b/blog/2019-05-13-free-speech/comment_3_a68c0fb889371e6fcfa58edb1d70b79e._comment
new file mode 100644
index 00000000..13d3f27e
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_3_a68c0fb889371e6fcfa58edb1d70b79e._comment
@@ -0,0 +1,108 @@
+[[!comment format=mdwn
+ username="anarcat"
+ avatar="https://seccdn.libravatar.org/avatar/741655483dd8a0b4df28fb3dedfa7e4c"
+ subject="i'm only going to do this once"
+ date="2019-06-18T13:27:20Z"
+ content="""
+So I was afraid this article would degenerate in a storm of awful comments. Instead I got one long one, not bad. But I won't go around explaining this a billion times, so here we go.
+
+> What do we win by trying to silence them?
+
+They are silenced. They stop existing publicly.
+
+> We are acknoledging that, they are \"dangerous\", and may \"convince\" people?
+
+Yes. They are dangerous.
+
+> I could go full-conspironoic here and say that emotions are injected and amplified by the skilled in communications techniques (and with access to the means), through seemingly innocent content like advertising. Should we censor there, too?
+
+Oh yes. Advertising (public relations, to be more precise)  is the word we found for \"propaganda\" but we were too afraid to use that because (oh yes) the Nazis were using it:
+
+> > When I came back to the United States, I decided that if you could use
+> > propaganda for war, you could certainly use it for peace. And
+> > \"propaganda\" got to be a bad word because of the Germans using it, so
+> > what I did was to try and find some other words so we found the words
+> > \"public relations\".      -- Edward Bernays
+
+> [People are upset.] What's the easiest way to buy to them?
+
+More Nazi propaganda.
+
+> Violent people don't need the \"leader\" to say: \"go burn that church\"[...]
+
+Sure they do. One way those leaders can do that effectively while still being acceptable to liberals (and how Hitler and Trump do it) is to shift the blame (\"there was violence on both sides\") and legitimize violence. They don't necessarily order the violence at first, but you can be sure that, at the critical moment, they *will* go burn down that immigrant center, ghetto or else. They rarely burn down churches, by the way, because the church is often the ally of fascist movements. That's what anarchists do, not fascists.
+
+> Would censoring you make things any better? 
+
+Yes, it will. 
+
+> \"I can read any idea, no matter how far it's from my own, and not feel it has any impact on me\"
+
+That is just false. The Cambridge Analytica scandal and the most massive social science/psychology researched (also performed at Facebook!) prove that masses can easily be manipulated through what they read, see and hear.
+
+> Critical thinking. That's the antidote against hate speech.
+
+So that's the argument that, ironically, was made to allow anarchists to express their anti-war views at the end of the 19th century, from what I understand.  Lots of liberals, naturally, were against the idea, arguing that their speech was too dangerous to be let out. The argument is that \"we should defeat them in the marketplace of idea\".
+
+I have come to disagree with this, as I explained in the article (poorly, it seems). Some speech is hateful and shouldn't be allowed. Many countries, including Canada, have laws against specifically hate speech. Why shouldn't communities have policies, code of conduct and practices against hate speech as well? Why leave speech for those people at all?
+
+If a douchebag comes to a party in my home and starts harassing people, should I \"debate him in the marketplace of ideas\"? No. Because that's not where the debate is held. I tried that, numerous times. What happens is you get punched in the face. So you overwhelmingly use your power (numbers) to kick those people out of your spaces.
+
+But I'll let Aamer Rahman speak, more eloquently that I ever code:
+
+https://www.youtube.com/watch?v=IKICKcMU3MU
+
+> Not attacking ideas based on pre-assumed truths. 
+
+You're venturing in dangerous territory here. What pre-assumed truths? That Nazis are violent, sexist, racist, dangerous murderers that created the holocaust which killed millions of people? This is not going to be questioned here.
+
+> People have commited crimes in the name of God. Should we ban God?
+
+God doesn't exist, so we can't ban it. We might consider banning organized religion, like Christianity. But considering the religious wars we have fought (and that's most wars, actually), we have reconsidered and instead established freedom of religion to try to fix that problem.
+
+> People have commited crimes in the name of Love, should we ban Love? 
+
+We should definitely ban abusive behavior in relationships, yet. Love is a different thing.
+
+> You get my point?
+
+Yes, you are making a [slippery slope](https://yourlogicalfallacyis.com/slippery-slope) argument.
+
+> We have to be smarter than that. Any platform provider should have any conditions they want, of course, so if I don't want to comply with it, I should simply look for another place. That's the idea of internet.
+
+This is what I am arguing for. Purism has a [social purpose](https://puri.sm/about/social-purpose/) which states, among other things:
+
+> * The Corporation will prioritize privacy, security, and freedom for its customers
+> * The Corporation will design and manufacture hardware that respects users’ rights to privacy, security, and freedom
+> * The Corporation will not discriminate against individuals, groups or fields of endeavor
+
+Some of those are in contradiction: for example, to ensure privacy and security of its users, it will need to discriminate against state actors who maliciously try infiltrate its organization to destroy the privacy of their users. I am arguing that by allowing nazis on their platforms, they allow discrimination against individuals, groups or fields of endeavor.
+
+> But if we push for making every corner of the internet so politically correct as we think we are, we are missing the point. 
+
+I'm not going to every corner. I'm going to this one corner *I already was in* that I want to make sure has no Nazis. Is that really too much to ask?
+
+Or, to reverse your argument, there will be dark corners of the internet where there are Nazis. Do you want to be one of those corners?
+
+> are we punishing lack of inteligence, are we punishing lack of knowledge? So free speech only for the enlightened?
+
+Yes, we are, in a way. Racism, sexism, hatred, those often come from ignorance. We're essentially telling people \"go figure it out and come back when you have\".
+
+> If you want to fight, let's say, \"the natzis\" you NEED them to exist in order to fight them!
+
+I don't want to fight nazis. I want them to stop existing for crying out loud. This is blaming the victim.
+
+> Lets just focus on doing the right thing, whatever we think it is,
+
+Right now, this is fighting Nazis.
+
+You'll thank me later.
+
+PS: I have removed your comment. Before you go crazy and complain about censorship, consider that:
+
+1. it was almost half as long as my original article, 
+2. you deliberately and knowingly made it \"polemic\",
+3. you seem to question the harmfulness of the Nazi ideology, masculinism, the flat-earthers, anti-vaccination promonents and think we should accept pseudo-science
+
+That has no space here.
+"""]]

Added a comment
diff --git a/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment b/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
new file mode 100644
index 00000000..3f4cac16
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_2_e4d48c6c2e2b422dc720fd062a2ad45a._comment
@@ -0,0 +1,62 @@
+[[!comment format=mdwn
+ ip="201.178.193.76"
+ claimedauthor="rick"
+ subject="comment 2"
+ date="2019-06-18T05:32:29Z"
+ content="""
+Hi!
+I will get a little polemic here, I think.
+I always find hard to believe in censorship, yes, even when it comes to \"the natzis\".
+
+There were always extreme ideas, just nowadays they are amplified by the internet phenomen where practically anyone can broadcast them as much as they like. 
+But they were always there. 
+
+What do we win by trying to silence them?
+We are acknoledging that, they are \"dangerous\", and may \"convince\" people?
+
+Well, the solution could never be censor them. Ideas only, are harmless. You would be surprised on how many \"good\" people still believe that the natzis were for a good cause, or that the US dropping atomic bombs was a \"lesser evil\". I dont share either view but I can understand people who hold them.
+
+But opinions have never changed the world. Only actions.
+Actions may be inspired by opinions, but the man who runs amok shooting 15 people, probably would have found any other idea to support his impulse to do it. 
+That behavior comes, I'd say, from something more emotional-related than from ideas or opinions. Of course, they will rationalize and use that ideas to say they're doing crazy shit for some \"noble cause\" or to feel like kind of heroes. 
+I could go full-conspironoic here and say that emotions are injected and amplified by the skilled in communications techniques (and with access to the means), through seemingly innocent content like advertising. Should we censor there, too?
+
+Let's remember the context of the nazism, a big part of population, was kind of angry, looking up to the politics to provide answers or solutions, then ideas starts to spread that the fault is of the jews, muslims, black, gays, whatever. 
+A charismatic, unapologetic and strong willed figure cant do much harm without convincing some masses. 
+What's the easiest way to buy to them? Knowing to read \"what they want\", kind of a \"herd feeling\". So: amplify what they already are starting to believe, in your favor. The dictator still needs some complicity from some part of the population, and they will fight the dissidence themselves. (See the spanish movie \"Lengua de las mariposas\")
+
+Violent people don't need the \"leader\" to say: \"go burn that church\", because they're already wanting to burn something, somebody. 
+Just get enough public exposure, deliver a \"rational\" message, mix with some fallacies to point in your favor, and you can get a mass to burn whoever you point to as the enemy. Would censoring you make things any better? No way. They will defend you as a victim and deepen their beliefs.
+
+So I think we should be growing a cultural context of \"I can read any idea, no matter how far it's from my own, and not feel it has any impact on me\". 
+Educate on the idea of questioning everything, submit to examination, not only those views that are different from mine, but also my own views. Always.
+Critical thinking. 
+That's the antidote against hate speech. Not attacking ideas based on pre-assumed truths.
+Many people dont know anything about the natzis, what happened, or why, still, are the first ones to fight against \"neo nazism\" and use \"nazi\" as an insult or desqualifier for ideas they don't like. Just like in the comic.
+
+People have commited crimes in the name of God. Should we ban God? People have commited crimes in the name of Love, should we ban Love? You get my point?
+Gasoline runs cars but I could burn a house with it. Knifes are for eating but I could hurt severely another person with one.
+
+We have to be smarter than that. Any platform provider should have any conditions they want, of course, so if I don't want to comply with it, I should simply look for another place. That's the idea of internet. But if we push for making every corner of the internet so politically correct as we think we are, we are missing the point. 
+
+And always remember that many of us hold ideas now that would have been censored and condemned in other time, or right now in some place of the world. Often with the same kind of arguments I hear from people today saying we should censor \"the natzis\", the trolls, the masculinists (whats wrong with them anyway?), the scum. The anti-vax, the flat-earthers. The pseudo-sciences.
+See a pattern? They are all considered by some as \"dangerous\", \"harmful\" .
+
+But we could also point many things that now are more socially accepted, that could be dangerous or harmful to some people.
+
+I'm not saying \"anything can be OK\" as those mythical posmarxists or whatever they call it in the comic. I'm saying there are different points of view on different subjects, some based more strongly than others, but what? are we punishing lack of inteligence, are we punishing lack of knowledge? So free speech only for the enlightened?
+
+\"Traditionalists\" feel specially like victims these days because so many \"progressive\" views (I dont like these terms, but I dont like \"right\" or \"left\" either) have become very politically correct. Too many people think they are something-ists only because that's the mainstream, but they dont really know what's it about.
+I can think of feminism as an example, but there are surely others.
+
+We should trascend all that paradigms. 
+Some think that we should \"go back\" to something that WAS good. They reject \"the new ways\"
+Some think we should \"go forward\" to something that WILL be good. They reject \"the old ways\"
+
+But there's a perennial paradigm, of taking what's \"good\", i.e., what really works for us, from either things we've already tried as from trying something new. Pragmatism. Leaving behind any -ism, because words often get attached to many meanings that weren't originally intended to, like a snow ball that grows on and on.
+
+I really like that quote that says \"opposing to something is perpetuating it\". If you want to fight, let's say, \"the natzis\" you NEED them to exist in order to fight them! So if you fight them you are keeping them real. If you don't want them to exist actually the only and best thing you can do is just act like they dont.
+
+Lets just focus on doing the right thing, whatever we think it is, OURSELVES instead of always be looking at what those fucking \"post marxist femi natzi terrorist christian scums\" (i.e. \"OTHERS\") are saying or doing!
+
+"""]]

moar packages
diff --git a/software/packages.yml b/software/packages.yml
index 86108d1d..6cf4e347 100644
--- a/software/packages.yml
+++ b/software/packages.yml
@@ -19,6 +19,7 @@
 # comms
 # desktop
 # developer
+# games
 # gis
 # graphics
 # ham
@@ -190,6 +191,7 @@
       - xterm
       - webext-browserpass
       - webext-ublock-origin
+      - webext-umatrix
       - xournal
       - yubikey-personalization
       - yubikey-manager
@@ -352,6 +354,13 @@
       - virtualbox
       - wget
 
+  - name: install games
+    tags: games
+    apt: name={{item}} state=installed
+    with_items:
+      - endless-sky
+      - freeorion
+
   - name: install GPS tools
     tags: gis
     apt: name={{item}} state=installed

more lens notes
diff --git a/hardware/camera.mdwn b/hardware/camera.mdwn
index ff860544..162b75ff 100644
--- a/hardware/camera.mdwn
+++ b/hardware/camera.mdwn
@@ -227,20 +227,18 @@ Cossins:
 Lentilles:
 
  1. [35mm f/2 R WR ø43](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf35mmf2_r_wr/), [Rockwell](http://www.kenrockwell.com/fuji/x-mount-lenses/35mm-f2.htm), [fstoppers](https://fstoppers.com/gear/fstoppers-reviews-fujifilm-35mm-f2-wr-158227), bonne
-    taille, scellée, 350-400$ sur kijiji , 500$ lozeau
+    taille, scellée, no OIS, 350-400$ sur kijiji , 500$ lozeau
  2. [16-55mm f/2.8 R LM WR ø77](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf16_55mmf28_r_lm_wr/): [Rockwell](http://www.kenrockwell.com/fuji/x-mount-lenses/16-55mm-f28.htm), [Phoblographer](https://www.thephoblographer.com/2015/03/12/review-fujifilm-16-55mm-f2-8-lm-wr-fujifilm-x-mount/), huge
-    but real nice, 900-1400$
- 3. [56mm f/1.2 R ø62mm](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf56mmf12_r/), [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/56mm-f12.htm) ("extraordinary lens",
-    again), [Photography life](https://photographylife.com/reviews/fuji-xf-56mm-f-1-2-r) ("one of the best prime portrait
-    lenses on the market") 900$ sur kijiji, 1175$ lozeau, not so great
-    for macro (70cm min)
- 4. [90mm f/2 R WR](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf90mmf2_r_lm_wr/): [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/90mm-f2.htm), [jokas photography](https://jonasraskphotography.com/2015/05/25/the-fujifilm-xf-90mm-f2-review/)
-    ("amazing lens"), [fstoppers](https://fstoppers.com/originals/fstoppers-reviews-fujifilm-xf-90mm-f20-lens-133836) ("spectacular"), [1300$
-    Lozeau](https://lozeau.com/produits/fr/fujifilm/fujifilm-fujinon-xf-90mm-f-2-0-r-lm-wr-p24751/?search=90mm%20fuji&description=true), looks like a good portrait lens but no OIS
+    but real nice, no OIS, 900-1400$
  5. [80mm f/2.8 R LM OIS WR Macro](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf80mmf28_r_lm_ois_wr_macro/), leur seule vraie lentille
     macro, [1550$ lozeau](https://lozeau.com/produits/fr/fujifilm/fujifilm-fujinon-xf-80mmf2-8-r-lm-ois-wr-macro-p31178/?search=80mm%20fuji&description=true)
  6. une "wide angle", quelques options: [phoblographer](https://www.thephoblographer.com/2017/06/21/best-wide-angle-lenses-for-fujifilm-weve-got-you-covered/), [dpreview
-    forum](https://www.dpreview.com/forums/thread/4049063)
+    forum](https://www.dpreview.com/forums/thread/4049063), [DP review recommends](https://www.dpreview.com/reviews/buying-guide-best-lenses-for-fujifilm-mirrorless-cameras) the XF 10-24mm F4 R OIS
+    ([1200$ lozeau](https://en.lozeau.com/collections/objectifs/products/fujifilm-fujinon-xf-10-24mm-f-4-r-ois))
+ 7. [XF18-135mmF3.5-5.6 R LM OIS WR](https://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf18_135mmf35_56_r_lm_ois_wr/): weather resist, good all
+    around travel lens even if a bit bulky, 28-200mm equivalent,
+    [dpreview recommendation](https://www.dpreview.com/reviews/buying-guide-best-lenses-for-fujifilm-mirrorless-cameras), [800$USD B&H](https://www.bhphotovideo.com/c/product/1058622-REG/fujifilm_16432853_xf_18_135mm_f_3_5_5_6_r.html) [1050$CAD
+    lozeau](https://en.lozeau.com/collections/objectifs/products/fujifilm-fujinon-xf-18-135mm-f-3-5-5-6-r-lm-ois-wr)
 
 Second appareil:
 
@@ -259,12 +257,21 @@ Second appareil:
 Écarté:
 
 
+ * [56mm f/1.2 R ø62mm](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf56mmf12_r/), [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/56mm-f12.htm) ("extraordinary lens",
+   again), [Photography life](https://photographylife.com/reviews/fuji-xf-56mm-f-1-2-r) ("one of the best prime portrait
+   lenses on the market") 900$ sur kijiji, 1175$ lozeau, not so great
+   for macro (70cm min) and apparently "one of the slower-focusing
+   lenses in the system" [according to DP review](https://www.dpreview.com/reviews/buying-guide-best-lenses-for-fujifilm-mirrorless-cameras) which means it's
+   pretty damn slow
+ * [90mm f/2 R WR](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf90mmf2_r_lm_wr/): [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/90mm-f2.htm), [jokas photography](https://jonasraskphotography.com/2015/05/25/the-fujifilm-xf-90mm-f2-review/) ("amazing
+   lens"), [fstoppers](https://fstoppers.com/originals/fstoppers-reviews-fujifilm-xf-90mm-f20-lens-133836) ("spectacular"), [1300$ Lozeau](https://lozeau.com/produits/fr/fujifilm/fujifilm-fujinon-xf-90mm-f-2-0-r-lm-wr-p24751/?search=90mm%20fuji&description=true), looks
+   like a good portrait lens but no OIS
  * [35mm f/1.4 R ø52](http://www.fujifilm.ca/products/digital_cameras/x/fujinon_lens_xf35mmf14_r/), [Rockwell](https://www.kenrockwell.com/fuji/x-mount-lenses/35mm-f14.htm) ("extraordinary lens"),
    700$ new [B&H](https://www.bhphotovideo.com/c/product/839139-REG/Fujifilm_16240755_35mm_f_1_4_XF_R.html), 400-460$ on kijiji. je préfère passer à la f/2,
    qui est tropicalisée.
  * [50mm f/2 R WR ø46](http://www.fujifilm.com/products/digital_cameras/x/fujinon_lens_xf50mmf2_r_wr/), not many reviews. 480$ kijiji, 600$
-    Lozeau, cheaper slower version of the 56mm, [not good for
-    macro](https://www.imaging-resource.com/lenses/fujinon/xf-50mm-f2-r-wr/review/) as small magnification and not much closeup (39cm min)
+   Lozeau, cheaper slower version of the 56mm, [not good for
+   macro](https://www.imaging-resource.com/lenses/fujinon/xf-50mm-f2-r-wr/review/) as small magnification and not much closeup (39cm min)
  * blower are apparently the best solution to clear sensors,
    e.g. [blower on B&H](https://www.bhphotovideo.com/c/buy/Blowers-Compressed-Air/ci/18806/N/4077634545?origSearch=blower), 5-15$. a [red one](https://www.bhphotovideo.com/c/product/838821-REG/sensei_bl_014_bulb_air_blower_cleaning_system.html) is easier to find
    in a bag (8$USD). i already have a blower, so not necessary.

update setup checklist to reflect the actual FP2 setup
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index a874464d..78fa9d66 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -325,27 +325,25 @@ reboots and takes a while to resume (a minute or two).
 Android configuration
 =====================
 
-This is copied from [[htc-one-s]].
-
 Those are things to do when I flash the device, which I seem to
 screwup so often that I actually had to note this down.
 
- 1. Check for updates and install: there's an "updater" app in
-    Fairephon Open
- 2. encrypt the phone (takes ~10 minutes, needs power), see below
+ 1. Check for updates and install
+    * use the "updater" app in Fairephon Open to upgrade the firmware
+    * the recovery (TWRP) is already installed but needs an upgrade
+ 2. encrypt the phone (takes ~10 minutes, needs power)
  3. set lock code (PIN)
  4. go through prefs to tweak everything
-   * enable privacy guard, including on builtin apps
-   * browser: disable a bunch of stuff, enable utf8
- 5. install f-droid using sideloading (see below)
- 5. install and configure [apps](apps.html) (see below)
- 6. import contacts from backups (see below)
- 7. <del>setup fake GCM</del> screw google
- 8. configure all installed apps (see below)
- 9. backup the phone (!) todo!
+ 5. install f-droid using sideloading
+ 6. install, configure and synchronize apps
+ 7. backup the phone (!) todo!
 
 Some of those steps are documented more explicitly below.
 
+This checklist was copied from [[htc-one-s]] but some steps have been
+removed or changed. No Google services were installed, for example,
+which implies that apps like `Transit` do not work.
+
 Upgrading recovery
 ------------------
 

show how to encrypt phone
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index fa19d055..a874464d 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -372,6 +372,77 @@ install a new TWRP image on the phone:
 
 And install it from the `Install` menu.
 
+Encryption
+----------
+
+The Fairphone 2 runs Android 7 now, so it uses that "Encrypt Phone"
+functionality from AOSP. The procedure is as follows:
+
+[[!warning """Before you start, MAKE SURE YOU KNOW YOUR PIN BY HEART!
+    once this process is over, all your data will be encrypted with
+    the pin and won't be recoverable otherwise."""]]
+
+ 1. Charge the phone and keep it plugged in the charger
+ 2. Open the `Settings` app
+ 3. Go to `Security` → `Encrypt phone`
+ 4. Then you get a dialog warning about the process, hit `Encrypt
+    phone`
+ 5. The phone reboots a couple of times and then shows an `Encrypting`
+    dialog that says:
+    
+    > Wait while your phone is being encrypted. Time remaining: 8:00
+
+ 6. ...and then reboots again and asks you for your PIN
+
+In my case, the estimate was around 8 minutes and it took about that
+time to encrypt the phone.
+
+### Stronger encryption password
+
+It is a good idea to set a distinct screen PINs and encryption
+passwords. Built-in support to do this in Android through the GUI is
+still lacking, despite [efforts by Copperhead to implement it](https://copperhead.co/blog/2015/07/08/android-encryption-password). The
+proposed feature was [abandoned in 2015](https://android-review.googlesource.com/c/platform/frameworks/base/+/154841), unfortunately. It might
+be present in LineageOS, but I haven't confirmed that.
+
+A [workaround](https://www.xda-developers.com/how-to-manually-change-your-android-encryption-password/) is to get a root shell, either through `adb root; adb
+shell` when connected over USB, or with a shell directly on the
+phone. Then you can run:
+
+    vdc cryptfs changepw password <current_PIN> password <new_passphrase>
+
+This should show something cryptic like:
+
+    200 25575 0
+
+It's important the first number is `200`. For example, when using the
+wrong commandline, I would get:
+
+    500 25469 Usage: cryptfs changepw default|password|pin|pattern [currentpasswd] default|password|pin|pattern [newpasswd]
+
+Then it's important to verify the passphrase works with:
+
+    vdc cryptfs verifypw <new_passphrase>
+
+Once you are confident you remember the passphrase and/or have saved
+it to your password manager, reboot the phone which will prompt you
+for your passphrase. I recommend using passphrases generated by
+[xkcdpass](https://pypi.org/project/xkcdpass/) or [diceware](https://github.com/ulif/diceware) for this purpose because they are
+easier to type on the phone yet still very strong.
+
+To ensure the passphrase is effective, the phone should reboot after N
+failed attempts on the weaker PIN screen lock. An app called [WrongPIN
+Shutdown](https://f-droid.org/packages/org.nuntius35.wrongpinshutdown/) seems to work on the phone.
+
+<span /><div class="note">
+I previously used [SnooperStopper](https://f-droid.org/en/packages/cz.eutopia.snooperstopper/) to do this but unfortunately,
+that app hasn't seen a [release since 2016](https://github.com/xmikos/SnooperStopper/releases), when it was updated
+for Android 6 support. So I haven't been able to change the password
+with the app on Fairphone's Android 7 ([bug report](https://github.com/xmikos/SnooperStopper/issues/30)). Another app
+supposed to allow you to change the password is [Cryptfs Password](https://f-droid.org/en/packages/org.nick.cryptfs.passwdmanager/)
+but it [fails in a similar way](https://github.com/nelenkov/cryptfs-password-manager/issues/20).
+</div>
+
 Installing the F-Droid privileged extension
 -------------------------------------------
 

add alternatives for live bookmarks
diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index cd2df450..983fd698 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -81,6 +81,8 @@ I am testing those and they might make it to the top list once I'm happy:
  * [View Page Archive & Cache](https://addons.mozilla.org/en-US/firefox/addon/view-page-archive/) (no deb, [source](https://github.com/dessant/view-page-archive/)) - load page in
    one or many page archives. No "save" button unfortunately, but is
    good enough for my purposes.
+ * [Livemarks](https://addons.mozilla.org/en-US/firefox/addon/livemarks/) (no deb, [source](https://github.com/nt1m/livemarks)) or [Awesome RSS](https://addons.mozilla.org/en-US/firefox/addon/awesome-rss/) (no deb,
+   [source](https://github.com/shgysk8zer0/awesome-rss)) - replace the [Live bookmarks removal](https://support.mozilla.org/en-US/kb/live-bookmarks-migration)
 
 [Multi-account containers]: https://github.com/mozilla/multi-account-containers/
 

possible monitors
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 13839e6d..d2aff83c 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -51,6 +51,13 @@ Normal
 ------
 
  * [Viewsonic VP2768](https://www.viewsonic.com/us/monitors/shop/professional-monitors/vp2768.html#specs)
+ * [Dell 27" WQHD 144Hz 1ms GTG TN LED G-SYNC Gaming Monitor
+   (S2716DG) - Black](https://www.bestbuy.ca/en-ca/product/dell-dell-27-wqhd-144hz-3ms-gtg-tn-led-g-sync-gaming-monitor-s2716dg-black-s2716dg/10409157) (bestbuy: 450$)
+ * [DELL 27" 2ms 144Hz AMD FreeSync Gaming Monitor DisplayPort, HDMI,
+   USB 2.0, Built in Speakers Tilt, VESA mount (D2719HGF)](https://www.canadacomputers.com/product_info.php?cPath=22_1195_700_1104&item_id=131528) (Canada
+   computers: 270$)
+ * [Dell U2419H 24" Ultrasharp LED Monitor 1920 x 1080 - IPS](https://www.canadacomputers.com/product_info.php?cPath=22_1195_700_1103&item_id=133314):
+   (Canada computers: $320, special order)
 
 Resources
 =========

the i915 drivver doesn't need the firmware
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 66bca0e1..4e92c0a8 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -113,7 +113,11 @@ Update: I still have some `non-free` packages installed:
 
  * Bluetooth requires [[!debpkg firmware-atheros]]
  
- * some other controller (i915?) also needs [[!debpkg firmware-misc-nonfree]]
+When building the `initramfs`, there are warnings about the `i915`
+graphics controller, which is solved by installing the [[!debpkg
+firmware-misc-nonfree]] package, but the graphics card works without
+the firmware. Apparently, the warnings are harmless and indeed PureOS
+fixed [the bug](https://tracker.pureos.net/T362) by simply [disabling all such warnings](https://source.puri.sm/pureos/core/initramfs-tools/commit/005ca5b834fa7ee44bb913d74b4ff2aa542fc9d1).3
 
 The Debian-specific stuff is also documented in [the Debian wiki](https://wiki.debian.org/InstallingDebianOn/Purism/Librem%2013).
 

link to coreboot upgrade docs
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 500c5cd6..66bca0e1 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -89,6 +89,9 @@ is really impractical.
 Finally, Pureboot doesn't support encrypted `/boot` so it actually
 makes it *harder* to implement trusted boot.
 
+The coreboot stuff needs to be updated, and instructions are available
+[on the Purism website](https://puri.sm/coreboot/).
+
 Excellent Linux support
 -----------------------
 

more documentation of purism laptop
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index ef70ce03..500c5cd6 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -101,11 +101,23 @@ drivers, even for wifi.
 That is just awesome. It's the first device, in a long time, that
 gives me this freedom, so it should be acknowledged and celebrated.
 
-(Update: I still have some `non-free` packages installed, the Intel
-CPU firmware package ([[!debpkg intel-microcode]]) along with
-documentation packages ([[!debpkg doc-rfc]], [[!debpkg
-emacs-common-non-dfsg]], [[!debpkg make-doc]]). It also *seems* like I
-need [[!debpkg firmware-misc-nonfree]] for bluetooth.)
+Update: I still have some `non-free` packages installed:
+
+ * the Intel CPU firmware package ([[!debpkg intel-microcode]])
+ 
+ * I also use some "non-free" documentation packages ([[!debpkg
+   doc-rfc]], [[!debpkg emacs-common-non-dfsg]], [[!debpkg make-doc]])
+
+ * Bluetooth requires [[!debpkg firmware-atheros]]
+ 
+ * some other controller (i915?) also needs [[!debpkg firmware-misc-nonfree]]
+
+The Debian-specific stuff is also documented in [the Debian wiki](https://wiki.debian.org/InstallingDebianOn/Purism/Librem%2013).
+
+Good speakers
+-------------
+
+The builtin speakers sound great.
 
 Issues
 ======
@@ -119,7 +131,17 @@ The [keyboard layout is strange](https://forums.puri.sm/t/keyboard-layout-unable
 instead of sending <kbd>\</kbd> or <kbd>|</kbd>, sends
 "chevrons". This is due to the Purism folks expecting you to pick the
 "US international" keyboard instead of the "US" keyboard, which is a
-very strange pick, as the "US" keyboard seems pretty standard.
+very strange pick, as the "US" keyboard seems pretty standard. The
+workaround is to drop this in your `udev` configuration, say in
+`/etc/udev/hwdb.d/90-purism-pipe-symbol-fix.hwdb`:
+
+    evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism:pnLibrem13v4*
+     KEYBOARD_KEY_56=backslash
+
+Then running:
+
+    sudo systemd-hwdb update
+    sudo udevadm trigger
 
 The keyboard layout, in general, is a little unique: the sound buttons
 are split across the <kbd>F4</kbd> key (mute) and

some firmware is actually required
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 8e9bcf80..ef70ce03 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -101,6 +101,12 @@ drivers, even for wifi.
 That is just awesome. It's the first device, in a long time, that
 gives me this freedom, so it should be acknowledged and celebrated.
 
+(Update: I still have some `non-free` packages installed, the Intel
+CPU firmware package ([[!debpkg intel-microcode]]) along with
+documentation packages ([[!debpkg doc-rfc]], [[!debpkg
+emacs-common-non-dfsg]], [[!debpkg make-doc]]). It also *seems* like I
+need [[!debpkg firmware-misc-nonfree]] for bluetooth.)
+
 Issues
 ======
 

expand keyboard layout information
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn
index 5ce0ad47..52fc1929 100644
--- a/hardware/keyboard.mdwn
+++ b/hardware/keyboard.mdwn
@@ -13,7 +13,10 @@ Requirements
 Layout
 ------
 
-I like the [ANSI layout](https://en.wikipedia.org/wiki/Keyboard_layout#Mechanical.2C_visual_and_functional_layouts), [[!wikipedia QWERTY]] of course. Ideally, I would like to have an ANSI keyboard with the `«»` key added, but this doesn't seem to actually exist, and I don't like the oversized ISO enter key, as I used backslash a lot.
+I like the [ANSI layout](https://en.wikipedia.org/wiki/Keyboard_layout#Mechanical.2C_visual_and_functional_layouts), [[!wikipedia QWERTY]] of course. Ideally,
+I would like to have an ANSI keyboard with the `«»` key added, but
+this doesn't seem to actually exist, and I don't like the oversized
+ISO enter key, as I used backslash a lot.
 
 No numpad
 ---------
@@ -23,6 +26,14 @@ traveling between the keyboard and the mouse, which I still use more
 often than the keypad. I would need to get an external keypad, but
 that's easy to solve - even if it takes an extra USB port.
 
+That's called a "80%", "TKL" ("tenkey-less") or "88" or "87 keys"
+keyboard. Those articles help me figure out the different layouts:
+
+ * [Understand keyboard sizes](https://hobgear.com/understand-keyboard-sizes/)
+ * [Guide to keyboard sizes](https://www.keyboardco.com/blog/index.php/2017/08/full-size-tkl-60-and-more-a-guide-to-mechanical-keyboard-sizes/)
+ * [WASD keyboard products](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard.html?dir=asc&order=name), for example comparing [88-key](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v2-88-key-iso-custom-mechanical-keyboard.html),
+   [87-key](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v2-87-key-custom-mechanical-keyboard.html) and [104-key](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v3-104-key-custom-mechanical-keyboard.html) layouts
+
 Tactile feel
 ------------
 

more cross-refs
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 87b71a4a..9e371237 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -2,9 +2,11 @@
 
 Update: I didn't buy a new, powerful, laptop for my work, but a
 NUC. See [[hardware/curie]] for details. When my travel laptop finally
-died, I bought a X220 as a replacement, see [[hardware/laptop/angela]]
+died, I bought a X220 as a replacement, see [[hardware/angela]]
 for details.
 
+[[!map pages="page(hardware/laptop/*)" show=title]]
+
 Besoins
 =======
 
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index a0eabd7a..8e9bcf80 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -1,7 +1,8 @@
 The [Purism Librem 13](https://puri.sm/products/librem-13/) is a 13" laptop that's similar to the
 Macbook Air but slightly heavier and thicker, from what I
 understand. I have the `v4` means it's the fourth hardware version of
-the device.
+the device. This is the latest incarnation of the [[hardware/angela]]
+node.
 
 [[!toc levels=3]]
 
diff --git a/hardware/laptop/thinkpad-x120e.mdwn b/hardware/laptop/thinkpad-x120e.mdwn
index 98be5359..14d6481b 100644
--- a/hardware/laptop/thinkpad-x120e.mdwn
+++ b/hardware/laptop/thinkpad-x120e.mdwn
@@ -1,6 +1,6 @@
 [[!meta title="Death of a Thinkpad x120e laptop"]]
 
-My laptop named "angela" is (was?) a [Thinkpad x120e](https://www3.lenovo.com/us/en/laptops/thinkpad/x-series/x120e/)
+My laptop named [[hardware/angela]] is (was?) a [Thinkpad x120e](https://www3.lenovo.com/us/en/laptops/thinkpad/x-series/x120e/)
 ([ThinkWiki](https://www.thinkwiki.org/wiki/Category:X120e)). It's a [netbook](https://en.wikipedia.org/wiki/Netbook) model (although they branded it
 a [Ultraportable](https://en.wikipedia.org/wiki/Subnotebook)), which meant back then that it was a small,
 wide, slim laptop with less power, but cheaper. It did its job: I

mention purism on the angela page
diff --git a/hardware/angela.mdwn b/hardware/angela.mdwn
index 4d626f4f..9e19310f 100644
--- a/hardware/angela.mdwn
+++ b/hardware/angela.mdwn
@@ -10,8 +10,11 @@ the Black Panther Party during the Civil Rights Movement.*" -
 >
 > - Angela Davis
 
+First and second generations: Thinkpad
+======================================
+
 It's my travel laptop. It was previously housed in a [[Thinkpad
-X120e|thinkpad-x120e]] body, which I never liked. That computer
+X120e|hardware/laptop/thinkpad-x120e]] body, which I never liked. That computer
 finally "died" after 5 years of use when its screen cracked, at which
 point I replaced the hardware with a Thinkpad X220, after a brief
 interval in a battered old X201 body lent from a friend.
@@ -25,4 +28,14 @@ or [[hardware/server/marcos]] instead.
 See the [X220 install docs](https://wiki.debian.org/InstallingDebianOn/Thinkpad/X220) for issues with running Debian on the
 X220.
 
+Third generation: Purism
+========================
+
+The third body I have given angela is a Purism Librem 13, in may 2019,
+see [[hardware/laptop/purism-librem13v4]] for a detailed review. I
+made the change mostly because of the poor screen resolution on the
+x220, but also because it was somewhat significantly slower than my
+workstation and had limited expansion capabilities. It was also a
+shopping therapy in a difficult year.
+
 [[!tag node]]

again
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 6bfa122f..a0eabd7a 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -165,8 +165,8 @@ useful. Plus, I can afford to have a USB dongle there with a gigabit
 ethernet port, indeed, I already have one of those USB hubs. So not
 that big of a deal.
 
-Cost
-----
+High cost
+---------
 
 Those devices have a hefty price tag! At 1500-1700USD, it's definitely
 not something a student or even I, in my previous job, could

fix headings
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index dbf202fa..6bfa122f 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -35,8 +35,8 @@ Specifications
 The machine came with a 250GB Crucial SSD drive with PureOS
 pre-installed, even if I ordered it without storage.
 
-Power connector
----------------
+Semi-standard power connector
+-----------------------------
 
 The power connector is [somewhat standard](https://learn.sparkfun.com/tutorials/connector-basics/power-connectors): 19V DC on a 5.5mm
 sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki/IEC_60320#C5/C6_coupler) for the AC side
@@ -44,8 +44,12 @@ sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki
 able to find a "universal 19V adpater" for ~60$ at a local store that
 also supported other barrel connectors.
 
-Monitor
--------
+It would be better if the laptop would charge through USB-C,
+naturally, as *that* is slowly becoming the standard for charging
+computing devices, but that will have to do for now.
+
+Good monitor
+------------
 
 The monitor shipped with the Librem is actually quite good by my
 standards (1920x1080 / 1080p / FullHD). It does mean messing around

good linux support in the librem
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 1ff43a97..dbf202fa 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -84,6 +84,18 @@ is really impractical.
 Finally, Pureboot doesn't support encrypted `/boot` so it actually
 makes it *harder* to implement trusted boot.
 
+Excellent Linux support
+-----------------------
+
+On top of the liberated BIOS, it must be said the device has
+*excellent* support for free operating systems. *Every* device on the
+machine has full support in the Linux kernel, even the "older" version
+in Debian stretch (Linux 4.9). No binary blobs, no proprietary
+drivers, even for wifi.
+
+That is just awesome. It's the first device, in a long time, that
+gives me this freedom, so it should be acknowledged and celebrated.
+
 Issues
 ======
 

add toc
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 32fa2c08..1ff43a97 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -3,6 +3,8 @@ Macbook Air but slightly heavier and thicker, from what I
 understand. I have the `v4` means it's the fourth hardware version of
 the device.
 
+[[!toc levels=3]]
+
 Specifications
 ==============
 

prohibitive costs
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
index 490195e1..32fa2c08 100644
--- a/hardware/laptop/purism-librem13v4.mdwn
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -147,6 +147,15 @@ useful. Plus, I can afford to have a USB dongle there with a gigabit
 ethernet port, indeed, I already have one of those USB hubs. So not
 that big of a deal.
 
+Cost
+----
+
+Those devices have a hefty price tag! At 1500-1700USD, it's definitely
+not something a student or even I, in my previous job, could
+afford. It's only because my current work was generous enough to pay
+for this machine that I was able to shell out the cash needed for this
+luxury item, clearly targeting the "high-end" crowd like Apple fans...
+
 Questionable politics
 ---------------------
 

notes on the purism
diff --git a/hardware/laptop.mdwn b/hardware/laptop.mdwn
index 06a7b5c7..87b71a4a 100644
--- a/hardware/laptop.mdwn
+++ b/hardware/laptop.mdwn
@@ -260,10 +260,9 @@ https://puri.sm/products/librem-13/
  * Touch interface: Elantech Multitouch Trackpad
  * Thermal design: Low noise fan
 
-Downside: no ethernet port (WTF seriously) and no power on USB-C. At
-least the power connector is [somewhat standard](https://learn.sparkfun.com/tutorials/connector-basics/power-connectors): 19V DC on a 5.5mm
-sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki/IEC_60320#C5/C6_coupler) for the AC side
-(as opposed to the more standard C13/C14 coupler, mind you).
+Downside: no ethernet port (WTF seriously) and no power on USB-C.
+
+Update: got the device, see [[purism-librem13v4]] for details.
 
 Dell
 ----
diff --git a/hardware/laptop/purism-librem13v4.mdwn b/hardware/laptop/purism-librem13v4.mdwn
new file mode 100644
index 00000000..490195e1
--- /dev/null
+++ b/hardware/laptop/purism-librem13v4.mdwn
@@ -0,0 +1,159 @@
+The [Purism Librem 13](https://puri.sm/products/librem-13/) is a 13" laptop that's similar to the
+Macbook Air but slightly heavier and thicker, from what I
+understand. I have the `v4` means it's the fourth hardware version of
+the device.
+
+Specifications
+==============
+
+ * Operating system: PureOS
+ * TPM: Included
+ * Battery life: Roughly 7 to 9 hours (actual: more like 6h)
+ * Processor: Core i7 7500U (Kabylake)
+ * Display: 13.3" 1920×1080
+ * Graphics: Intel HD Graphics 620
+ * Memory: Up to 32GB, DDR4 at 2133 MHz
+ * Storage: 2.5" SATA + NVMe-capable M.2 slots
+ * Chassis: Black anodized aluminium
+ * Webcam: 720p 1.0 megapixel
+ * Dimensions: 325×219×18mm
+ * Weight: 1.4kg
+ * Wireless: Atheros 802.11n w/ Two Antenna
+ * Radio hardware killswitch: Yes
+ * Mic and cam killswitches: Yes
+ * Audio port: 1 headphone/line output jack
+ * USB ports: 2 USB 3.0 Ports (1 type C, data transfer only)
+ * External monitor output: 1 HDMI Port (4K capable @ 30Hz max)
+ * Card reader: Yes, 2-in-1 SD/MMC
+ * Backlit keyboard: Yes
+ * Touch interface: Elantech Multitouch Trackpad
+ * Thermal design: Low noise fan (actual: not really, quite noisy when
+   all CPUs are maxed)
+
+The machine came with a 250GB Crucial SSD drive with PureOS
+pre-installed, even if I ordered it without storage.
+
+Power connector
+---------------
+
+The power connector is [somewhat standard](https://learn.sparkfun.com/tutorials/connector-basics/power-connectors): 19V DC on a 5.5mm
+sleeve with 2.5 positive pin, with a [C5/C6 cable](https://en.wikipedia.org/wiki/IEC_60320#C5/C6_coupler) for the AC side
+(as opposed to the more standard C13/C14 coupler, mind you). I was
+able to find a "universal 19V adpater" for ~60$ at a local store that
+also supported other barrel connectors.
+
+Monitor
+-------
+
+The monitor shipped with the Librem is actually quite good by my
+standards (1920x1080 / 1080p / FullHD). It does mean messing around
+with [HiDPI](https://wiki.debian.org/MonitorDPI) settings which I haven't quite figured out yet.
+
+[This post](https://vincent.bernat.ch/en/blog/2018-4k-hidpi-dual-screen-linux) seems to have good resources. From what I understand,
+the resolution of the screen is actually 166dpi, which takes some
+configuring to display properly. This can be computed from the aspect
+ratio (16:9), the resolution (1920x1080) and the diagonal of the
+screen (13.3"). According to [this calculator](https://www.sven.de/dpi/), this is the
+formula:
+
+    Display size: 11.59" × 6.52" = 75.59in² (29.44cm × 16.56cm = 487.64cm²) at 165.63 PPI, 0.1534mm dot pitch, 27434 PPI² 
+
+All this does make my old monitor (which I found in the basement) look
+like crap. So I need to find a [new monitor](https://forums.puri.sm/t/suitable-external-monitor-for-librem-13/5627), arguably not a
+problem with the Librem per se of course...
+
+It seems the Librem can drive 1440p, so not "4K UHD" (3840x2160), but
+"QHD" (2560x1440) which should be more than enough.
+
+Liberated boot
+--------------
+
+The Purism folks did a pretty awesome job at liberating their
+BIOS. They run their own version of coreboot they call
+[Pureboot](https://docs.puri.sm/PureBoot.html). In theory, it should be easier to setup a trusted,
+[SecureBoot](http://wiki.debian.org/SecureBoot) but in practice I have yet to set that up.
+
+I did try to configure the laptop with an encrypted `/boot`, but that
+didn't go so well. First, I get a double password prompt: once in
+`grub` and once in the `initramfs`. But more annoying is the `grub`
+prompt has no retry: if you fail, you drop in the rescue shell which
+is really impractical.
+
+Finally, Pureboot doesn't support encrypted `/boot` so it actually
+makes it *harder* to implement trusted boot.
+
+Issues
+======
+
+I have a few issues with the device.
+
+Weird keyboard layout
+---------------------
+
+The [keyboard layout is strange](https://forums.puri.sm/t/keyboard-layout-unable-to-recognize-pipe/2022): the key above <kbd>enter</kbd>,
+instead of sending <kbd>\</kbd> or <kbd>|</kbd>, sends
+"chevrons". This is due to the Purism folks expecting you to pick the
+"US international" keyboard instead of the "US" keyboard, which is a
+very strange pick, as the "US" keyboard seems pretty standard.
+
+The keyboard layout, in general, is a little unique: the sound buttons
+are split across the <kbd>F4</kbd> key (mute) and
+<kbd>-</kbd>/<kbd>=</kbd> (volume up/down keys) for some reason.
+
+The <kbd>PrtSc</kbd> key [can be as SysRq](https://forums.puri.sm/t/does-alt-sysrq-work-on-librem-laptops/5290/9) but is *backwards*
+(<kbd>ScrLk</kbd> <kbd>PrtSc</kbd>) to their usual order
+(<kbd>PrtSc</kbd> <kbd>ScrLk</kbd>).
+
+Limited USB-C port
+------------------
+
+The USB-C port [does not support video](https://forums.puri.sm/t/is-hdmi-over-usb-c-possible-on-13v2/2020) which makes it limited to
+charging and data transfer. It can also not charge the laptop itself,
+as there's a separate power connector, losing many of the benefits
+usually associated with USB-C.
+
+Ideally, a USB-C port might be used as a universal docking port: one
+wire to plug and you have power, video, audio, and USB for keyboard
+and mouse. Unfortunately, I'm still stuck with about 4 wires to plugin
+when I come into the office, something I was hoping to avoid. People
+have [looked for a dock station](https://forums.puri.sm/t/please-recommend-a-port-replicator-docking-station/1115) without success.
+
+Shipping delays, DOA
+--------------------
+
+I waited almost four weeks to have my laptop delivered. Presumably
+this was due to a [warehouse move](https://forums.puri.sm/t/where-was-purism-moving/5799/) but I found that communication
+about the issue could have been better. Worse: the laptop was [dead on
+arrival](https://forums.puri.sm/t/librem-13v3-bricked/5714/19?u=anarcat) (DOA) so I had to return it, adding another week delay for
+getting an actual working laptop. FedEx even charged me for the return
+even though Purism actually issued a shipping label, something I still
+haven't quite resolved.
+
+Bright LEDs, not accessible when lid closed
+-------------------------------------------
+
+There are three leds on the top right of the keyboad: one for wifi,
+battery and power. They are very bright and even though they can
+technically be dimmed, the firmware is not open so there's [no way to
+dim the LEDs](https://forums.puri.sm/t/is-there-a-way-to-dim-the-leds-on-the-13-v2/1172). 
+
+No ethernet port
+----------------
+
+That was a deal breaker for me originally, but I changed my
+mind. First, I don't need gigabit transfer speeds that often. Then my
+office doesn't have wired connectivity yet, so it is not that
+useful. Plus, I can afford to have a USB dongle there with a gigabit
+ethernet port, indeed, I already have one of those USB hubs. So not
+that big of a deal.
+
+Questionable politics
+---------------------
+
+After I bought the device, I found out that Purism wouldn't take a
+stand against racism and nazis on their servers. As a hardware
+manufacturer, that would be only a slight annoyance, but they recently
+got into the business of hosting social networks, emails and so on, so
+this is a big problem. I have written about the rationale in details
+in [[blog/2019-05-13-free-speech]], but I cannot in good faith
+recommend doing business with Purism anymore, unfortunately.

yaafafdhsafdsf
diff --git a/contact.mdwn b/contact.mdwn
index 5a9950d7..94d9f0c6 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -6,7 +6,7 @@ Le meilleur moyen de me rejoindre est par courriel, utilisez l'adresse:
 
 Vous pouvez également encrypter vos messages avec cette
 [clef PGP](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe). Notez que
-[[j'ai changé de clef|../pgp_transition.txt]] en 2009.
+[j'ai changé de clef](../pgp_transition.txt) en 2009.
 
 Les articles de blog acceptent les commentaires, mais sont sujet à
 modération et contrôles anti-spam.

fix broken links
diff --git a/contact.mdwn b/contact.mdwn
index 031b399d..5a9950d7 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -5,8 +5,8 @@ Le meilleur moyen de me rejoindre est par courriel, utilisez l'adresse:
 [anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
 
 Vous pouvez également encrypter vos messages avec cette
-[[clé PGP|pubkey.asc]]. Notez que
-[[j'ai changé de clef|pgp_transition.txt]] en 2009.
+[clef PGP](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe). Notez que
+[[j'ai changé de clef|../pgp_transition.txt]] en 2009.
 
 Les articles de blog acceptent les commentaires, mais sont sujet à
 modération et contrôles anti-spam.
@@ -20,9 +20,9 @@ The best way to reach me is by email, use the address:
 
 [anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
 
-You can also encrypt your messages with this [PGP key](.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe), also
+You can also encrypt your messages with this [PGP key](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe), also
 available on key servers and the [Web Key Discover protocol](https://keyserver.mattrude.com/guides/web-key-directory/)
-(WKD). Note that I [changed key](pgp_transition.txt) in 2009.
+(WKD). Note that I [changed key](../pgp_transition.txt) in 2009.
 
 Blog articles accept comments, but are subjected to moderation and
 anti-spam filtering.

document u2f SNAFU
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index db7f6045..38c9c2ec 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -416,6 +416,14 @@ One downside is that no extensions are currently packaged so we are
 trusting the Mozilla "addons" site for those. Update: this is now
 fixed as ESR landed in buster and the above pin can be removed.
 
+### U2F failure
+
+I mistakenly removed the `libu2f-udev` library during the upgrade,
+which broke U2F in Firefox. Reinstalling the package and restarting
+udev fixed the issue:
+
+    sudo udevadm trigger
+
 References
 ==========
 

add headings for all issues
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index d67b838a..db7f6045 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -107,18 +107,21 @@ also the [noteworthy obsolete packages](https://www.debian.org/releases/buster/a
 Issues
 ======
 
+See also the official list of [known issues](https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html).
+
 Pending
 -------
 
- * The official list of [known issues](https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html)
+### Spurious prompts
+
+I actually tried the upgrade without `DEBIAN_FRONTEND=noninteractive`
+and got prompted for a bunch of irrelevant stuff like `xastir`,
+`libc6` and others. I also got prompted by `ucf` even if I told `dpkg`
+to `--force-confold`, which I would have expected to trickle down.
 
- * I actually tried the upgrade without
-   `DEBIAN_FRONTEND=noninteractive` and got prompted for a bunch of
-   irrelevant stuff like `xastir`, `libc6` and others. I also got
-   prompted by `ucf` even if I told `dpkg` to `--force-confold`, which
-   I would have expected to trickle down.
+### Missing packages
 
- * more packages that are only available in sid or stretch:
+Those are packages that are only available in sid or stretch:
  
    * [android packages](https://tracker.debian.org/pkg/android-platform-system-core): <del>FTBFS with GCC 7</del> fixed!
      ([[!debbug 853310]])
@@ -152,235 +155,266 @@ Pending
    * [[!debpkg zotero-standalone]] - replaced by a Flatpak, see [the
      Debian wiki page on Zotero](https://wiki.debian.org/Zotero) for details
 
- * font rendering changed again:
+### Font rendering changes
+
+Font rendering changed again:
  
-     ![screenshot of the rendering change before and after upgrade](https://paste.anarc.at/snaps/snap-2018.08.22-14.32.44-annotated.png)
+![screenshot of the rendering change before and after upgrade](https://paste.anarc.at/snaps/snap-2018.08.22-14.32.44-annotated.png)
 
-    The difference is subtle, but annoying enough. The NEWS file for
-    the `fontconfig` package said it changed font hinting defaults in
-    2.12 to `hintslight`, but changing it to `Full` (or `None`) does
-    not fix the problem. I've tried all sorts of configurations:
+The difference is subtle, but annoying enough. The NEWS file for the
+`fontconfig` package said it changed font hinting defaults in 2.12 to
+`hintslight`, but changing it to `Full` (or `None`) does not fix the
+problem. I've tried all sorts of configurations:
     
-    ![screenshot of many fontconfig configurations](https://paste.anarc.at/snaps/snap-2018.08.22-16.24.03.png)
+![screenshot of many fontconfig configurations](https://paste.anarc.at/snaps/snap-2018.08.22-16.24.03.png)
 
-    We (thanks @jelly!)  identified that subpixel rendering is not the
-    issue: auto/full/never and auto/full/always are identical:
+We (thanks @jelly!)  identified that subpixel rendering is not the
+issue: auto/full/never and auto/full/always are identical:
     
-    ![comparison of subpixel rendering](https://paste.anarc.at/snaps/snap-2018.08.22-16.26.17.png)
+![comparison of subpixel rendering](https://paste.anarc.at/snaps/snap-2018.08.22-16.26.17.png)
     
-    Turns out the problem is due to an upstream change documented in
-    [bug #866685](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866685). Basically, the way subpixel rendering works has
-    changed in the new version, as it implements a "v40" TrueType
-    rendered, as [explained here](https://www.freetype.org/freetype2/docs/subpixel-hinting.html). A workaround is to set the
-    following environment:
+Turns out the problem is due to an upstream change documented in 
+[bug #866685](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866685). Basically, the way subpixel rendering works has changed
+in the new version, as it implements a "v40" TrueType rendered, as
+[explained here](https://www.freetype.org/freetype2/docs/subpixel-hinting.html). A workaround is to set the following environment:
     
-        FREETYPE_PROPERTIES=truetype:interpreter-version=35
+    FREETYPE_PROPERTIES=truetype:interpreter-version=35
+
+To get the same pixel-level rendering as the original stretch version,
+I also had to pick the settings "Native, Full, Always, No". But after
+a few experiments, I found that the sub-pixel rendering *did* have an
+effect when the workaround was in place, so I picked "Native, Full,
+Auto, No" instead, which gives a more compact font. I have [commented
+on the bug report](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866685#30) to share this and hopefully this will be fixed
+before the buster release somehow...
+
+### APT permission warnings
 
-    To get the same pixel-level rendering as the original stretch
-    version, I also had to pick the settings "Native, Full, Always,
-    No". But after a few experiments, I found that the sub-pixel
-    rendering *did* have an effect when the workaround was in place,
-    so I picked "Native, Full, Auto, No" instead, which gives a more
-    compact font. I have [commented on the bug report](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866685#30) to share
-    this and hopefully this will be fixed before the buster release
-    somehow...
+apt gives me a cryptic warning in the end that are probably harmless,
+but happens on every run:
 
- * apt gives me a cryptic warning in the end that are probably
-   harmless, but happens on every run:
+    W: Download is performed unsandboxed as root as file '/var/cache/apt/archives/partial/libpython3.6-minimal_3.6.6-1_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission non accordée)
 
-        W: Download is performed unsandboxed as root as file '/var/cache/apt/archives/partial/libpython3.6-minimal_3.6.6-1_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission non accordée)
+### SSH configuration changes
 
- * there was an issue with my SSH configuration:
+There was an issue with my SSH configuration:
  
-        Bad SSH2 Mac spec 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com,hmac-sha1-96,hmac-sha1'. 
-
-   I commented out the line, but it would be nice if SSH actually said
-   *which* item in there was the wrong one, instead of having me
-   bisect the damn list.
-
- * mutt is now the official upstream version of mutt, so all settings
-   specific to neomutt or the patched version traditionnally shipped
-   with Debian yield warnings:
-
-        Erreur dans /home/anarcat/.mutt/options, ligne 63 : news_cache_dir : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 66 : news_server : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 75 : catchup_newsgroup : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 76 : nntp_context : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 77 : nntp_load_description : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 78 : nntp_poll : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 79 : post_moderated : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 80 : followup_to_poster : variable inconnue
-        Erreur dans /home/anarcat/.mutt/options, ligne 82 : change-newsgroup : cette fonction n'existe pas dans la table
-        Erreur dans /home/anarcat/.muttrc, ligne 3 : source : erreurs dans /home/anarcat/.mutt/options
-        source : erreurs dans /home/anarcat/.muttrc
-
-    Installing neomutt and removing mutt only solves part of this
-    problem, as some programs just expect the `mutt` command to be
-    available, for example `bts`. Setting the `BTS_MAIL_READER`
-    environment to `neomutt -f %s` fixes that issue, but the
-    [mailscripts](https://git.spwhitton.name/mailscripts/tree/) tools are also a good candidate for replacing
-    `bts show --mbox ###` in my workflow, as they can inject bug
-    reports straight into my normal notmuch workflow...
-
- * I had a weird problem with pulseaudio not starting. it would fail
-   with:
+    Bad SSH2 Mac spec 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com,hmac-sha1-96,hmac-sha1'. 
+
+I commented out the line, but it would be nice if SSH actually said
+*which* item in there was the wrong one, instead of having me bisect
+the damn list.
+
+### mutt binary name change
+
+mutt is now the official upstream version of mutt, so all settings
+specific to neomutt or the patched version traditionnally shipped with
+Debian yield warnings:
+
+    Erreur dans /home/anarcat/.mutt/options, ligne 63 : news_cache_dir : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 66 : news_server : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 75 : catchup_newsgroup : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 76 : nntp_context : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 77 : nntp_load_description : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 78 : nntp_poll : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 79 : post_moderated : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 80 : followup_to_poster : variable inconnue
+    Erreur dans /home/anarcat/.mutt/options, ligne 82 : change-newsgroup : cette fonction n'existe pas dans la table
+    Erreur dans /home/anarcat/.muttrc, ligne 3 : source : erreurs dans /home/anarcat/.mutt/options
+    source : erreurs dans /home/anarcat/.muttrc
+
+Installing neomutt and removing mutt only solves part of this problem,
+as some programs just expect the `mutt` command to be available, for
+example `bts`. Setting the `BTS_MAIL_READER` environment to `neomutt
+-f %s` fixes that issue, but the [mailscripts](https://git.spwhitton.name/mailscripts/tree/) tools are also a
+good candidate for replacing `bts show --mbox ###` in my workflow, as
+they can inject bug reports straight into my normal notmuch
+workflow...
+
+### pulseaudio diversion issue
+
+I had a weird problem with pulseaudio not starting. it would fail
+with:
    
-       $ pulseaudio 
-       E: [pulseaudio] module-alsa-card.c: Failed to find a working profile.
-       E: [pulseaudio] module.c: Failed to load module "module-alsa-card" (argument: "device_id="1" name="pci-0000_00_1f.3" card_name="alsa_card.pci-0000_00_1f.3" namereg_fail=false tsched=yes fixed_latency_range=no ignore_dB=no deferred_volume=yes use_ucm=yes card_properties="module-udev-detect.discovered=1""): initialization failed.
-       E: [pulseaudio] backend-ofono.c: Failed to register as a handsfree audio agent with ofono: org.freedesktop.DBus.Error.ServiceUnknown: The name org.ofono was not provided by any .service files
+    $ pulseaudio 
+    E: [pulseaudio] module-alsa-card.c: Failed to find a working profile.
+    E: [pulseaudio] module.c: Failed to load module "module-alsa-card" (argument: "device_id="1" name="pci-0000_00_1f.3" card_name="alsa_card.pci-0000_00_1f.3" namereg_fail=false tsched=yes fixed_latency_range=no ignore_dB=no deferred_volume=yes use_ucm=yes card_properties="module-udev-detect.discovered=1""): initialization failed.
+    E: [pulseaudio] backend-ofono.c: Failed to register as a handsfree audio agent with ofono: org.freedesktop.DBus.Error.ServiceUnknown: The name org.ofono was not provided by any .service files
 
-   No audio would work, naturally. After running with `-v`, I found
-   the following error:
+No audio would work, naturally. After running with `-v`, I found the
+following error:
     
-       I: [pulseaudio] (alsa-lib)conf.c: cannot access file /etc/alsa/conf.d/50-pulseaudio.conf
+    I: [pulseaudio] (alsa-lib)conf.c: cannot access file /etc/alsa/conf.d/50-pulseaudio.conf
 
-   As it turns out, it seems I had hacked PA to not automatically
-   start for all users or some weird thing, as [documented in the
-   Debian wiki](https://wiki.debian.org/PulseAudio#Dynamically_enable.2Fdisable). This would show up as a diversion when checkout
-   out the target of the above symlink:
+As it turns out, it seems I had hacked PA to not automatically start

(fichier de différences tronqué)
weird pulseaudio issue
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index a3d6be47..d67b838a 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -222,6 +222,36 @@ Pending
     `bts show --mbox ###` in my workflow, as they can inject bug
     reports straight into my normal notmuch workflow...
 
+ * I had a weird problem with pulseaudio not starting. it would fail
+   with:
+   
+       $ pulseaudio 
+       E: [pulseaudio] module-alsa-card.c: Failed to find a working profile.
+       E: [pulseaudio] module.c: Failed to load module "module-alsa-card" (argument: "device_id="1" name="pci-0000_00_1f.3" card_name="alsa_card.pci-0000_00_1f.3" namereg_fail=false tsched=yes fixed_latency_range=no ignore_dB=no deferred_volume=yes use_ucm=yes card_properties="module-udev-detect.discovered=1""): initialization failed.
+       E: [pulseaudio] backend-ofono.c: Failed to register as a handsfree audio agent with ofono: org.freedesktop.DBus.Error.ServiceUnknown: The name org.ofono was not provided by any .service files
+
+   No audio would work, naturally. After running with `-v`, I found
+   the following error:
+    
+       I: [pulseaudio] (alsa-lib)conf.c: cannot access file /etc/alsa/conf.d/50-pulseaudio.conf
+
+   As it turns out, it seems I had hacked PA to not automatically
+   start for all users or some weird thing, as [documented in the
+   Debian wiki](https://wiki.debian.org/PulseAudio#Dynamically_enable.2Fdisable). This would show up as a diversion when checkout
+   out the target of the above symlink:
+   
+       $ dpkg -S usr/share/alsa/alsa.conf.d/50-pulseaudio.conf
+       local diversion from: /usr/share/alsa/alsa.conf.d/50-pulseaudio.conf
+       local diversion to: /usr/share/alsa/alsa.conf.pulse/50-pulseaudio.conf
+       libasound2-plugins:amd64: /usr/share/alsa/alsa.conf.d/50-pulseaudio.conf
+
+   The fix was to remove those diversions and reinstall the package:
+   
+       dpkg-divert --remove /usr/share/alsa/alsa.conf.d/pulse.conf
+       dpkg-divert --remove /usr/share/alsa/alsa.conf.d/99-pulseaudio-default.conf.example
+       dpkg-divert --remove /usr/share/alsa/alsa.conf.d/50-pulseaudio.conf
+       apt install --reinstall libasound2-plugins
+
 Resolved
 --------
 

new removed packages and their statuses
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index e7e50d77..a3d6be47 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -129,6 +129,10 @@ Pending
    * [GRML](https://grml.org/) packages not in the official archive yet
    * [[!debpkg hub]]: <del>waiting for package to be uploaded</del> fixed! ([[!debbug
      807866]])
+   * [[!debpkg jitsi]]: removed from Debian in 2017 ([[!debbug
+     870990]]) nowadays mostly accessible through a web browser,
+     through <https://meet.jit.si/>. the desktop app is even marked as
+     "legacy" on <https://jitsi.org/>
    * [[!debpkg libgnomevfs2-common]]: removed from buster ([[!debbug
      893922]]), removed
    * [[!debpkg monkeysphere]]: <del>needs some love</del> fixed! ([[!debbug 899060]],
@@ -137,11 +141,16 @@ Pending
      899624]]?!), unclear if necessary, removed
    * [[!debpkg python-gconf]]: removed from buster, removed ([[!debbug
      884986]])
+   * [[!debpkg s3-cmd]] - not really used, removed
    * [thunar](https://release.debian.org/transitions/html/auto-thunar.html):
      <del>transition failure, probably just needs a punt</del> fixed
+   * [[!debpkg torbrowser-launcher]]: was deliberately removed from
+     buster, future unclear ([[!debbug 926042]])
    * [[!debpkg wireguard]]: see above
    * [xen](https://tracker.debian.org/pkg/xen): <del>newer in
      stretch</del> fixed ([[!debbug 907835]]!!)
+   * [[!debpkg zotero-standalone]] - replaced by a Flatpak, see [the
+     Debian wiki page on Zotero](https://wiki.debian.org/Zotero) for details
 
  * font rendering changed again:
  

cross-ref disk creation procedures
diff --git a/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn b/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn
index 4f1ffc10..1b416fc0 100644
--- a/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn
+++ b/blog/2019-02-25-new-large-disk-8-year-old-anniversary.mdwn
@@ -124,6 +124,8 @@ Here are the details of each bit:
 
 [mkfs manpage]: https://manpages.debian.org/mkfs
 
+See also [[services/backup]] for another disk configuration procedure.
+
 # Benchmarks
 
 I performed a few benchmarks. It looks like the disk can easily
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 18197d10..abae281c 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -217,6 +217,9 @@ and is aimed at technical users familiar with the commandline.
 
  12. reboot and pray
 
+See also [[blog/2019-02-25-new-large-disk-8-year-old-anniversary]] for
+another hard drive configuration procedure.
+
 Disaster recovery
 -----------------
 

update buster upgrade status
diff --git a/services/upgrades/buster.mdwn b/services/upgrades/buster.mdwn
index 1954c800..e7e50d77 100644
--- a/services/upgrades/buster.mdwn
+++ b/services/upgrades/buster.mdwn
@@ -100,33 +100,17 @@ noticed. This will change during the Buster cycle, naturally.
 | GNOME   | 3.22    | 3.28   |       |
 | Docker  | N/A     | 18     | Finally, Docker is back in Debian? |
 
+Many packages were removed from Buster. I've built an [exhaustive
+list](https://paste.anarc.at/publish/debian-packages-removed-from-buster-without-libs/stdin.txt) on May 16th 2019, but it's probably changed since then. See
+also the [noteworthy obsolete packages](https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages) list.
+
 Issues
 ======
 
 Pending
 -------
 
- * The official list of [known issues](https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html) (not available at the time
-   of writing)
-
- * Firefox is a major upgrade, which I had already performed. In fact,
-   it is the reason I switched back from Chromium, so the work was
-   already done. The new version is *not* yet in Buster at the time of
-   writing, but will be by the time it is released, so a pin like this
-   was necessary to install from sid while still allowing versions
-   from buster to override when ready:
-   
-        Package: firefox-esr
-        Pin: release n=sid
-        Pin-Priority: 501
-
-        Package: firefox-esr
-        Pin: release n=buster
-        Pin: release v=60
-        Pin-Priority: 502
-
-   One downside is that no extensions are currently packaged so we are
-   trusting the Mozilla "addons" site for those.
+ * The official list of [known issues](https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html)
 
  * I actually tried the upgrade without
    `DEBIAN_FRONTEND=noninteractive` and got prompted for a bunch of
@@ -134,48 +118,30 @@ Pending
    prompted by `ucf` even if I told `dpkg` to `--force-confold`, which
    I would have expected to trickle down.
 
- * some error happened during the `linux-headers` upgrade which I
-   still need to parse:
-
-        Paramétrage de linux-headers-4.17.0-1-amd64 (4.17.8-1) ...
-        /etc/kernel/header_postinst.d/dkms:
-        Error! Bad return status for module build on kernel: 4.17.0-1-amd64 (x86_64)
-        Consult /var/lib/dkms/wireguard/0.0.20171017-1/build/make.log for more information.
-
-   Turns out I had installed wireguard from unstable a while ago, and
-   it's still not in buster. So I made this special pin to get it from
-   unstable until it's [ready in buster](https://bugs.debian.org/849308):
-   
-        Package: wireguard*
-        Pin: release n=sid
-        Pin-Priority: 501
-
-        Package: wireguard*
-        Pin: release n=buster
-        Pin-Priority: 502
-
  * more packages that are only available in sid or stretch:
  
-   * [android packages](https://tracker.debian.org/pkg/android-platform-system-core): [[!debbug 853310]]: FTBFS with GCC 7
+   * [android packages](https://tracker.debian.org/pkg/android-platform-system-core): <del>FTBFS with GCC 7</del> fixed!
+     ([[!debbug 853310]])
    * [bitmask](https://bitmask.net/): packages not in the official archive yet
    * [bup](https://tracker.debian.org/pkg/bup): FTBFS fixed upstream, unused, removed
-   * Firefox is not yet in Buster (see above)
+   * <del>Firefox is not yet in Buster (see above)</del> fixed.
    * [[!debpkg gitlint]]: FTBFS ([[!debbug 896070]])
    * [GRML](https://grml.org/) packages not in the official archive yet
-   * [[!debpkg hub]]: waiting for package to be uploaded ([[!debbug
+   * [[!debpkg hub]]: <del>waiting for package to be uploaded</del> fixed! ([[!debbug
      807866]])
    * [[!debpkg libgnomevfs2-common]]: removed from buster ([[!debbug
      893922]]), removed
-   * [[!debpkg monkeysphere]]: needs some love ([[!debbug 899060]],
+   * [[!debpkg monkeysphere]]: <del>needs some love</del> fixed! ([[!debbug 899060]],
      [[!debbug 902318]], [[!debbug 902367]])
    * [[!debpkg oggvideotools]]: maintainer email incorrect ([[!debbug
      899624]]?!), unclear if necessary, removed
    * [[!debpkg python-gconf]]: removed from buster, removed ([[!debbug
      884986]])
-   * [thunar](https://release.debian.org/transitions/html/auto-thunar.html): transition failure, probably just needs a punt
+   * [thunar](https://release.debian.org/transitions/html/auto-thunar.html):
+     <del>transition failure, probably just needs a punt</del> fixed
    * [[!debpkg wireguard]]: see above
-   * [xen](https://tracker.debian.org/pkg/xen): newer in stretch
-     ([[!debbug 907835]]!!)
+   * [xen](https://tracker.debian.org/pkg/xen): <del>newer in
+     stretch</del> fixed ([[!debbug 907835]]!!)
 
  * font rendering changed again:
  
@@ -336,6 +302,47 @@ Resolved
    buster for obvious reasons. (fixed in NMU 1.12.14-1.1, pending
    DELAYED/10)
 
+ * some error happened during the `linux-headers` upgrade which I
+   still need to parse:
+
+        Paramétrage de linux-headers-4.17.0-1-amd64 (4.17.8-1) ...
+        /etc/kernel/header_postinst.d/dkms:
+        Error! Bad return status for module build on kernel: 4.17.0-1-amd64 (x86_64)
+        Consult /var/lib/dkms/wireguard/0.0.20171017-1/build/make.log for more information.
+
+   Turns out I had installed wireguard from unstable a while ago, and
+   it's still not in buster. So I made this special pin to get it from
+   unstable until it's [ready in buster](https://bugs.debian.org/849308):
+   
+        Package: wireguard*
+        Pin: release n=sid
+        Pin-Priority: 501
+
+        Package: wireguard*
+        Pin: release n=buster
+        Pin-Priority: 502
+
+ * Firefox is a major upgrade, which I had already performed. In fact,
+   it is the reason I switched back from Chromium, so the work was
+   already done (see [[software/desktop/firefox]] for details). The
+   new version is *not* yet in Buster at the time of writing, but will
+   be by the time it is released, so a pin like this was necessary to
+   install from sid while still allowing versions from buster to
+   override when ready:
+   
+        Package: firefox-esr
+        Pin: release n=sid
+        Pin-Priority: 501
+
+        Package: firefox-esr
+        Pin: release n=buster
+        Pin: release v=60
+        Pin-Priority: 502
+
+   One downside is that no extensions are currently packaged so we are
+   trusting the Mozilla "addons" site for those. Update: this is now
+   fixed as ESR landed in buster and the above pin can be removed.
+
 References
 ==========
 

show how to run parted
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 36c4f54c..18197d10 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -103,9 +103,13 @@ much easier). It is specific to my setup but could be useful to others
 and is aimed at technical users familiar with the commandline.
 
  1. create parts with parted, mark a 8MB leading part with the
-    `bios_grub` flag. parted complains about the partitions not being
-    optimal, and I haven't figure out how to fix that
-    correctly. Marcos partitions are currently:
+    `bios_grub` flag:
+    
+         parted /dev/sdc mklabel gpt
+         parted -a optimal /dev/sdc mkpart primary 0% 8MB
+         parted -a optimal /dev/sdc mkpart primary 8MB 100%
+    
+    Marcos partitions are currently:
 
          $ sudo lvdisplay -C
          LV   VG        Attr       LSize

removed
diff --git a/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment b/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
deleted file mode 100644
index 38b85b25..00000000
--- a/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
+++ /dev/null
@@ -1,13 +0,0 @@
-[[!comment format=creole
- ip="185.136.166.126"
- claimedauthor="Herbertnat"
- url="http://cialisdxt.com/"
- subject="cialis daily dosage options hag"
- date="2019-05-25T12:50:44Z"
- content="""
-cialis super active tadalafil india pharmacy 
-<a href=\"http://cialisdxt.com/\">buy generic cialis</a> 
-cialis 20 mg tablet price 
-[url=http://cialisdxt.com/]cialis generic[/url] 
-cytotechnology specialist
-"""]]

Added a comment: cialis daily dosage options hag
diff --git a/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment b/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
new file mode 100644
index 00000000..38b85b25
--- /dev/null
+++ b/blog/2018-12-21-large-files-with-git/comment_1_3ae40bfbe7a4d6b451dadd6e7e7ff479._comment
@@ -0,0 +1,13 @@
+[[!comment format=creole
+ ip="185.136.166.126"
+ claimedauthor="Herbertnat"
+ url="http://cialisdxt.com/"
+ subject="cialis daily dosage options hag"
+ date="2019-05-25T12:50:44Z"
+ content="""
+cialis super active tadalafil india pharmacy 
+<a href=\"http://cialisdxt.com/\">buy generic cialis</a> 
+cialis 20 mg tablet price 
+[url=http://cialisdxt.com/]cialis generic[/url] 
+cytotechnology specialist
+"""]]

related to the rant
diff --git a/blog/2018-05-26-kubecon-rant/comment_7_2da35091552acf39b2ddfc957ac69498._comment b/blog/2018-05-26-kubecon-rant/comment_7_2da35091552acf39b2ddfc957ac69498._comment
new file mode 100644
index 00000000..a06e6468
--- /dev/null
+++ b/blog/2018-05-26-kubecon-rant/comment_7_2da35091552acf39b2ddfc957ac69498._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""related"""
+ date="2019-05-25T02:21:53Z"
+ content="""
+
+<https://medium.com/swlh/my-fellow-engineers-it-is-time-for-the-greatest-invention-of-all-f738d8394998>
+"""]]

hard to find fp2 parts
diff --git a/hardware/phone/fairphone2.mdwn b/hardware/phone/fairphone2.mdwn
index dfd794d1..fa19d055 100644
--- a/hardware/phone/fairphone2.mdwn
+++ b/hardware/phone/fairphone2.mdwn
@@ -161,6 +161,7 @@ Cons:
    of open development
  * runs an unsupported Linux kernel (3.4.0) not mainline
  * lagging behind security updates
+ * actual replacement parts are hard to find
 
 Specifications
 ==============

retirer une coquille
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
index 8f1f1cad..02f79868 100644
--- a/blog/2019-05-15-revolution-tranquille-laicite.mdwn
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -10,7 +10,7 @@ religieuse des enfants en prenant position publiquement sur la réforme
 scolaire. Le banc des accusés est le seul endroit où on devrait
 permettre aux curés de parler de sexualité et de morale.
 
-Notre histoire est irrémédiablement liée à la colonisation {qui inclus}
+Notre histoire est irrémédiablement liée à la colonisation incluant la
 destruction d'une diversité de peuples autochtones et qui continue à
 ce jour. On imagine souvent un vague crime passé mais la réalité est
 que le génocide a continué jusqu'à la fermeture des pensionnats

Added a comment: Ainsi soit-il
diff --git a/blog/2019-05-15-revolution-tranquille-laicite/comment_1_3e28dc879adea450a8ea4d2c38ada149._comment b/blog/2019-05-15-revolution-tranquille-laicite/comment_1_3e28dc879adea450a8ea4d2c38ada149._comment
new file mode 100644
index 00000000..9e822502
--- /dev/null
+++ b/blog/2019-05-15-revolution-tranquille-laicite/comment_1_3e28dc879adea450a8ea4d2c38ada149._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ ip="192.222.230.146"
+ claimedauthor="pretrejobin"
+ subject="Ainsi soit-il"
+ date="2019-05-17T14:10:42Z"
+ content="""
+Amen!
+
+On semble continuer de s'attaquer aux autres religions comme si c'était la nôtre. Détruire le catholicisme parce qu'on a grandi dedans et qu'on en voit ses absurdités, c'est tout à fait justifié. Mais s'attaquer à une religion qu'on ne connais pas avec des subtilités qui sont invisibles à nos yeux, c'est d'un stupide crade.
+"""]]

creating tag page tag/laïcité
diff --git "a/tag/la\303\257cit\303\251.mdwn" "b/tag/la\303\257cit\303\251.mdwn"
new file mode 100644
index 00000000..a4343454
--- /dev/null
+++ "b/tag/la\303\257cit\303\251.mdwn"
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged laïcité"]]
+
+[[!inline pages="tagged(laïcité)" actions="no" archive="yes"
+feedshow=10]]

add tag and title
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
index df4ca47b..8f1f1cad 100644
--- a/blog/2019-05-15-revolution-tranquille-laicite.mdwn
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="Réellement compléter la révolution tranquille"]]
+
 "Compléter l'oeuvre de la révolution tranquille", pour reprendre la
 couverture du Devoir de ce matin, devrait commencer par réparer les
 dommages faits par l'Église catholique au Québec. Les crimes horribles
@@ -44,3 +46,7 @@ des attentats terroristes en Amérique du nord, pourquoi se préoccuper
 des voiles de nos enseignantes? "Place aux nécessités!" L'urgence
 climatique et la montée du fascisme devraient être les sujets
 d'importance au lieu de ces questions vestimentaires.
+
+> Cet article a été refusé au Devoir.
+
+[[!tag politique québec laïcité légal réflexion histoire]]

update audio hardware
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 1faa4f8c..a48b5926 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -190,6 +190,12 @@ We already have a stand and SM58 + cable, so we just need:
    * Music Red One: [EON 610 580$](https://musicredone.com/collections/speakers/products/jbl-eon610), no Yamaha
    * Steve's: [EON 610: 540$](https://stevesmusic.com/en/p-a-live-sound/speakers/jbl-eon-610.html), [DXR10: 760$](https://stevesmusic.com/en/p-a-live-sound/speakers/yamaha-dxr-10-powered-speaker-ea.html), [DBR10 520$](https://stevesmusic.com/en/p-a-live-sound/portable-systems/yamaha-dbr10-active-monitor-ea.html)
 
+Update: got a DBR10 at Steve's, works fine. Forgot the frigging stand
+home, but otherwise good start. Would be nice to have a mike there
+permanently and we are going to have space management issues. Might
+help to help koumbit sort through their cabling with a stack of trays
+or something.
+
 ### Phase II: mono recording, ~650$
 
 This second phase enables recording through the Notepad 102 mixer and

corrections de la famille
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
index 22c14a25..df4ca47b 100644
--- a/blog/2019-05-15-revolution-tranquille-laicite.mdwn
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -1,14 +1,14 @@
 "Compléter l'oeuvre de la révolution tranquille", pour reprendre la
-couverture du Devoir de ce matin, devrait commencer par adresser les
+couverture du Devoir de ce matin, devrait commencer par réparer les
 dommages faits par l'Église catholique au Québec. Les crimes horribles
-des prêtres contre les enfants restent impunis. L'État laisse ici le
-soin à l'Église de s'occupper de ces affaires criminelles. Pendant ce
-temps, les évèques font morale sur l'éducation sexuelle ou religieuse
-des enfants en prenant position publiquement sur la réforme
-scolaire. Le banc des accusés est le seul endroit où les curés
-devraient être permis de parler de sexualité et de morale.
+des prêtres contre les enfants restent impunis. L'état laisse ici le
+soin à l'Église de s'occuper de ces affaires criminelles. Pendant ce
+temps, les évêques font la morale sur l'éducation sexuelle ou
+religieuse des enfants en prenant position publiquement sur la réforme
+scolaire. Le banc des accusés est le seul endroit où on devrait
+permettre aux curés de parler de sexualité et de morale.
 
-Notre histoire est irrémédiablement liée à la colonisation qui inclus
+Notre histoire est irrémédiablement liée à la colonisation {qui inclus}
 destruction d'une diversité de peuples autochtones et qui continue à
 ce jour. On imagine souvent un vague crime passé mais la réalité est
 que le génocide a continué jusqu'à la fermeture des pensionnats
@@ -16,31 +16,31 @@ autochtones à la fin du siècle. La Révolution tranquille n'a
 certainement pas fini ses devoirs, mais pas au sens où l'entend Guy
 Rocher et les défenseurs du projet de loi 21.
 
-J'ai été éduqué à la Commission des Écoles Catoliques de Montréal
+J'ai été éduqué à la Commission des Écoles Catholiques de Montréal
 (CECM). Durant mon séjour dans cette institution, j'ai suivi des cours
-de catéchèse qui est "destinée à faire grandir les enfants [...] dans
+de catéchèse "destinée à faire grandir les enfants [...] dans
 l'intelligence du message chrétien" (Wikipédia). Ce n'était pas
-l'époque de la grande noirceur mais bien des années quatre-vingts, où
-on avait encore le "privilège" d'entrer à l'église durant le
-curriculum standard de l'école primaire. Évidemment, "communier avec
-Dieu" était réservé aux baptisés, groupe d'élite dont je ne faisais
-pas partie. J'ai donc cru important de me faire baptiser à ce jeune
-âge pour tenter de corriger ce faux-pas parental, dans l'espoir
+l'époque de la grande noirceur mais bien des années 80, où on avait
+encore le "privilège" d'entrer à l'église durant le curriculum
+standard de l'école primaire. Évidemment, "communier avec Dieu" était
+réservé aux baptisés, groupe d'élite dont je ne faisais pas
+partie. J'ai donc cru important de me faire baptiser à ce jeune âge
+pour tenter de corriger ce faux-pas parental, dans l'espoir
 d'atteindre l'illumination dans la noirceur du confessionnal.
 
-Étant donc devenu un athé convaincu, je me désole de voir mes
+Étant donc devenu un athée convaincu, je me désole de voir mes
 concitoyens s'entre-déchirer sur les questions religieuses. Compléter
-la véritable Révolution, ça serait de convertir les églises et
-presbytères en centre sociaux au lieu de condos, traduire les prêtres
-en justice au lieu de les passer à la radio, redonner aux peuples que
-nous avons voler et commencer à réparer les erreurs du passé.
+la véritable Révolution serait de convertir les églises et presbytères
+en centre sociaux au lieu de condos, traduire les prêtres en justice
+au lieu de les passer à la radio, redonner aux peuples que nous avons
+volé et commencer à réparer les erreurs du passé.
 
 Comme disait Borduas, il faut opposer le "refus global" à la
 "responsabilité entière". Reconnaître les fautes et les erreurs de
 notre propre culture, et commencer à les réparer, au lieu de
 s'attarder aux vices possible d'une culture que nous ne connaissons
-somme toute pas. Alors que l'extrême droite est la source de la
-majorité des attentats terroristes en amérique du nord, pourquoi se
-préoccuper des hijabs de nos gardiennes? "Place aux nécessités!"
-L'urgence climatique et la montée du fascisme devraient être nos sujet
-d'importance au lieu de ces questions vaguement vestimentaires.
+pas vraiment. Alors que l'extrême droite est la source de la majorité
+des attentats terroristes en Amérique du nord, pourquoi se préoccuper
+des voiles de nos enseignantes? "Place aux nécessités!" L'urgence
+climatique et la montée du fascisme devraient être les sujets
+d'importance au lieu de ces questions vestimentaires.

nouveau rant sur la loi 21
diff --git a/blog/2019-05-15-revolution-tranquille-laicite.mdwn b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
new file mode 100644
index 00000000..22c14a25
--- /dev/null
+++ b/blog/2019-05-15-revolution-tranquille-laicite.mdwn
@@ -0,0 +1,46 @@
+"Compléter l'oeuvre de la révolution tranquille", pour reprendre la
+couverture du Devoir de ce matin, devrait commencer par adresser les
+dommages faits par l'Église catholique au Québec. Les crimes horribles
+des prêtres contre les enfants restent impunis. L'État laisse ici le
+soin à l'Église de s'occupper de ces affaires criminelles. Pendant ce
+temps, les évèques font morale sur l'éducation sexuelle ou religieuse
+des enfants en prenant position publiquement sur la réforme
+scolaire. Le banc des accusés est le seul endroit où les curés
+devraient être permis de parler de sexualité et de morale.
+
+Notre histoire est irrémédiablement liée à la colonisation qui inclus
+destruction d'une diversité de peuples autochtones et qui continue à
+ce jour. On imagine souvent un vague crime passé mais la réalité est
+que le génocide a continué jusqu'à la fermeture des pensionnats
+autochtones à la fin du siècle. La Révolution tranquille n'a
+certainement pas fini ses devoirs, mais pas au sens où l'entend Guy
+Rocher et les défenseurs du projet de loi 21.
+
+J'ai été éduqué à la Commission des Écoles Catoliques de Montréal
+(CECM). Durant mon séjour dans cette institution, j'ai suivi des cours
+de catéchèse qui est "destinée à faire grandir les enfants [...] dans
+l'intelligence du message chrétien" (Wikipédia). Ce n'était pas
+l'époque de la grande noirceur mais bien des années quatre-vingts, où
+on avait encore le "privilège" d'entrer à l'église durant le
+curriculum standard de l'école primaire. Évidemment, "communier avec
+Dieu" était réservé aux baptisés, groupe d'élite dont je ne faisais
+pas partie. J'ai donc cru important de me faire baptiser à ce jeune
+âge pour tenter de corriger ce faux-pas parental, dans l'espoir
+d'atteindre l'illumination dans la noirceur du confessionnal.
+
+Étant donc devenu un athé convaincu, je me désole de voir mes
+concitoyens s'entre-déchirer sur les questions religieuses. Compléter
+la véritable Révolution, ça serait de convertir les églises et
+presbytères en centre sociaux au lieu de condos, traduire les prêtres
+en justice au lieu de les passer à la radio, redonner aux peuples que
+nous avons voler et commencer à réparer les erreurs du passé.
+
+Comme disait Borduas, il faut opposer le "refus global" à la
+"responsabilité entière". Reconnaître les fautes et les erreurs de
+notre propre culture, et commencer à les réparer, au lieu de
+s'attarder aux vices possible d'une culture que nous ne connaissons
+somme toute pas. Alors que l'extrême droite est la source de la
+majorité des attentats terroristes en amérique du nord, pourquoi se
+préoccuper des hijabs de nos gardiennes? "Place aux nécessités!"
+L'urgence climatique et la montée du fascisme devraient être nos sujet
+d'importance au lieu de ces questions vaguement vestimentaires.

update
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 773417c8..ea5bd348 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -1,4 +1,4 @@
-[[!meta title="On free speech at Puri.sm"]]
+[[!meta title="On free speech at Puri.sm and Mastodon"]]
 
 I have been cautiously enthusiastic about [Puri.sm][]. They have done
 interesting work [liberating their own hardware][Coreboot support] from the clutches
@@ -313,6 +313,4 @@ groups?
 
 [scum]: https://en.wiktionary.org/wiki/scum
 [Nazi Scum]: https://www.youtube.com/watch?v=qEEZsvSzG-4
-
 [The Cleaners]: https://www.imdb.com/title/tt7689936/
-
diff --git a/blog/2019-05-13-free-speech/comment_1_631423181d4c74dfa67f42fd80ac14c3._comment b/blog/2019-05-13-free-speech/comment_1_631423181d4c74dfa67f42fd80ac14c3._comment
new file mode 100644
index 00000000..df0a8fe9
--- /dev/null
+++ b/blog/2019-05-13-free-speech/comment_1_631423181d4c74dfa67f42fd80ac14c3._comment
@@ -0,0 +1,40 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="""some updates"""
+ date="2019-05-13T23:30:20Z"
+ content="""
+
+First off, a friend referred to me to this [great cartoon][] that
+should help people deal with idiotic trolls on the internet and real
+life, if only by bringing a smile.
+
+> Exactly. Now read a god damn book.
+
+Moving on.
+
+The other thing that happened is that the founder of Mastodon, [Eugen
+Rochko][], [announced][] that he would only list Mastodon servers on
+[joinmastodon.org][] if they had:
+
+> 1. A server policy against racism, sexism and transphobia
+> 
+> 2. Daily database backups
+> 
+> 3. At least one other person with emergency access to server infrastructure
+> 
+> 4. Commit to giving users at least 3 months advance warning before
+>    closing down your server
+
+I think that's a great step. I'd be happier if the first point was
+explicitely set around a specific code of conduct, and why the
+Covenant one. But it's a great idea anyways.
+
+I'd even go further and say that, like on Twitter and email, it will
+soon become necessary to share block lists of servers we just can't
+accept spam from.
+
+[announced]: https://mastodon.social/@Gargron/102080214355309632
+[joinmastodon.org]: https://joinmastodon.org/
+[Eugen Rochko]: https://mastodon.social/@Gargron
+[great cartoon]: https://existentialcomics.com/comic/289
+"""]]

sigh, fix more links
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 4dd8d2d0..773417c8 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -154,9 +154,6 @@ arguably, human intelligence as well).
 
 [banning Alex Jones]: https://www.theguardian.com/technology/2018/aug/06/apple-removes-podcasts-infowars-alex-jones
 [some claim]: https://motherboard.vice.com/en_us/article/a3xgq5/why-wont-twitter-treat-white-supremacy-like-isis-because-it-would-mean-banning-some-republican-politicians-too
-[The Moderators]: https://www.imdb.com/title/tt6628328/
-[The Cleaners]: https://www.imdb.com/title/tt7689936/
-[this article on The Verge]: https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona
 
 Free speech absolutism and its impacts
 ======================================
@@ -310,10 +307,12 @@ groups?
       cases, naturally.
 
 [^4]: For a good perspective on that gruesome work, I recommend [this
-      article on The Verge][] and there are also two documentaries I'm
+      article on The Verge](https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona) and there are also two documentaries I'm
       aware of that cover the topic as well, [The Cleaners][] and [The
-      Moderators][].
-
+      Moderators](https://www.imdb.com/title/tt6628328/).
 
 [scum]: https://en.wiktionary.org/wiki/scum
 [Nazi Scum]: https://www.youtube.com/watch?v=qEEZsvSzG-4
+
+[The Cleaners]: https://www.imdb.com/title/tt7689936/
+

phrasing
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 3e638f49..4dd8d2d0 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -291,11 +291,11 @@ groups?
 
 ----
 
-> For the sake of transparency, I should state have ordered a laptop
-> from Purism about a month ago and the machine was "dead on arrival"
-> when it arrived last week. I've also been having trouble getting the
-> machine returned although it seems this will might resolve itself
-> today.
+> For the sake of transparency, I should state that I have ordered a
+> laptop from Purism about a month ago and the machine was "dead on
+> arrival" when it arrived last week. I've also been having trouble
+> getting the machine returned although it seems this will might
+> resolve itself today.
 
 [^1]: [scum][], the topmost liquid layer of a cesspool or septic
     tank, a reprehensible person or persons. [Nazi Scum][].

last tweaks
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index 1747d31c..3e638f49 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -250,9 +250,9 @@ We can already see this happening in the US and elsewhere:
    [fascist rally in Virginia][]. The perpetrator was previously
    posting neo-nazi memes and symbols on Facebook.
 
- * In 2018, another neo-nazi walked into a synagogue and [murdered
-   eleven people][]. He had previously posted anti-semitic comments on
-   the far-right [Gab social network][].
+ * In 2018, another neo-nazi walked into a synagogue in Pittsburg and
+   [murdered eleven people][]. He had previously posted anti-semitic
+   comments on the far-right [Gab social network][].
 
  * And this year, in 2019, another neo-nazi walked into a Mosque and
    [murdered 51 people][] in New Zealand. He streamed everything on
@@ -269,7 +269,7 @@ We can already see this happening in the US and elsewhere:
 
 This is real. This is now. This is what Purism enables by tolerating
 hate speech. And it's not right. Free speech should never be an
-enabler for such terrorism. We don't tolerate it for [ISIL][] and
+enabler for such horrors. We don't tolerate it for [ISIL][] and
 jihadist terrorism, why should we tolerate it for the white supremacy
 groups?
 
@@ -289,6 +289,8 @@ groups?
 [ISIL]: https://en.wikipedia.org/wiki/Islamic_State_of_Iraq_and_the_Levant
 [Martin Niemöller]: https://en.wikipedia.org/wiki/First_they_came_...
 
+----
+
 > For the sake of transparency, I should state have ordered a laptop
 > from Purism about a month ago and the machine was "dead on arrival"
 > when it arrived last week. I've also been having trouble getting the

fix more stuff
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index b616499a..1747d31c 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -86,8 +86,7 @@ because they don't have a "shared Mastodon[^3] timeline".
 [This post]: https://social.libre.fi/notice/9iZw5AqQ5qKjgFWm5Q
 [Kyle Rankin]: https://kylerank.in/
 
-Indeed you can see for yourself that, in their [code of
-conduct][code-of-conduct], they explicitely state that:
+Concretely, their [code of conduct][code-of-conduct] states that:
 
 > This Code of Conduct is adapted from the [Community Covenant][],
 > The only change made was to remove the list of examples in the
@@ -117,12 +116,13 @@ In comparison, this is how the Purism code begins:
 > experience for everyone. We do not tolerate harassment of
 > participants in any form.
 
-Purism seems to pivot around "legally protected free speech" and argue
-that "harrassment is not legally protected" which is why it's not
-allowed in their code of conduct. Their argument is they shouldn't
-decide what's allowed on their own server and instead seem to delegate
-this to the US constitution and law enforcement. Indeed, in their
-[FAQ][], we can read:
+By removing specific the list of unacceptable behavior, they are
+implicitely allowing it. Purism seem to pivot around "legally
+protected free speech" and argue that "harrassment is not legally
+protected" which is why it's not allowed in their code of
+conduct. Their argument is they shouldn't decide what's allowed on
+their own server and instead seem to delegate this to the US
+constitution and law enforcement. Indeed, their [FAQ][] says:
 
  [FAQ]: https://librem.one/#faq
 
@@ -224,7 +224,7 @@ like. This is also how [XKCD put it][]:
 > And they're showing you the door.
 
 For the record, I used to be a free speech absolutist myself. But I
-have since then reviewed my positions on this: I think free speech,
+have since then reviewed my position on this: I think free speech,
 like any human right, is not absolute, and should take into account
 political and social dynamics. Free speech, right now, is not in
 danger, or at least specifically not right wing fear-mongering, racism
@@ -236,10 +236,9 @@ Hate speech was the prelude to the rise of facism in the early 20th
 century. Those fascists support free speech as long as it serves their
 purpose, but they are the first to destroy it when they are back in
 power. Not only figuratively, through censorship, but litterally, by
-brutally harrassing, beating up, and murdering people. By allowing
-hate speech, we are paving the way for those people to come out of the
-closet and pose more daring actions. Free speech currently favors
-radicalisation of the right wing.
+harrassing, beating up, and murdering people. By allowing hate speech,
+we are paving the way for those people to come out of the closet and
+pose more daring actions.
 
 We can already see this happening in the US and elsewhere:
 
@@ -265,7 +264,7 @@ We can already see this happening in the US and elsewhere:
 [Gab social network]: https://en.wikipedia.org/wiki/Gab_(social_network)
 [murdered eleven people]: https://en.wikipedia.org/wiki/Pittsburgh_synagogue_shooting
 [murdered nine african-americans]: https://en.wikipedia.org/wiki/Charleston_church_shooting
-[fascist rally in Virginia, USA]: https://en.wikipedia.org/wiki/Unite_the_Right_rally
+[fascist rally in Virginia]: https://en.wikipedia.org/wiki/Unite_the_Right_rally
 [Heather Heyer]: https://en.wikipedia.org/wiki/Charlottesville_car_attack
 
 This is real. This is now. This is what Purism enables by tolerating

some typos
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
index b93bd5b5..b616499a 100644
--- a/blog/2019-05-13-free-speech.mdwn
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -10,7 +10,7 @@ code of conduct and rinse it down to create a absolutist "free speech
 zone".
 
 This is a serious mistake and will create an escape hatch from
-mainstream social media for neo-nazis, trolls, masculists and other
+mainstream social media for neo-nazis, trolls, masculinists and other
 scum[^1] of the internet. Purism should not be part of this, and if they
 do not revert this stance, I will discourage anyone from doing
 business with them ever again.
@@ -74,19 +74,19 @@ disagree with.
 
 [code-of-conduct]: https://librem.one/conduct/
 
-[This post][][^2] is what brought the problem to my attention. It
-includes screenshots from a conversation with [Kyle Rankin][], the
-Purism Chief Security Officer. Rankin explains they don't need to list
-"bad behaviors" in their code of conduct because "harrassment"
-suffices and also argues that control over content isn't required
-because they won't have a shared Mastodon[^3] timeline.
+[This post][] is what brought the problem to my attention. It includes
+screenshots[^2] from a conversation with [Kyle Rankin][], the Purism
+Chief Security Officer where he claims that Purism doesn't need to
+list "bad behaviors" in their code of conduct because "harrassment"
+suffices. He also argues that control over content isn't required
+because they don't have a "shared Mastodon[^3] timeline".
 
 [2]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/0a7b2b84ec4600decf6fb8e0b243be5204fb63a9513384d9f8aa483f681aadd3.png?name=Screenshot%20from%202019-05-07%2016-36-10.png
 [1]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/ab602faf530926ab984bb33c16cab8055606ea636ee41c4b1efd99aa8ff3ed42.png?name=Screenshot%20from%202019-05-07%2016-36-26.png
 [This post]: https://social.libre.fi/notice/9iZw5AqQ5qKjgFWm5Q
 [Kyle Rankin]: https://kylerank.in/
 
-And inded you can see for yourself that, in their [code of
+Indeed you can see for yourself that, in their [code of
 conduct][code-of-conduct], they explicitely state that:
 
 > This Code of Conduct is adapted from the [Community Covenant][],
@@ -299,8 +299,8 @@ groups?
 [^1]: [scum][], the topmost liquid layer of a cesspool or septic
     tank, a reprehensible person or persons. [Nazi Scum][].
 
-[^2]: The screenshots are broken in the thread, but here are Internet
-      Archive links [1][] [2][].
+[^2]: The screenshots do not display correctly in the thread, but here
+      are Internet Archive links: [1][] [2][].
 
 [^3]: For context, Mastodon is a Twitter/Twitdeck clone that
       implements standard federated protocol and can interoperate with

rant on free speech bullshit
diff --git a/blog/2019-05-13-free-speech.mdwn b/blog/2019-05-13-free-speech.mdwn
new file mode 100644
index 00000000..b93bd5b5
--- /dev/null
+++ b/blog/2019-05-13-free-speech.mdwn
@@ -0,0 +1,318 @@
+[[!meta title="On free speech at Puri.sm"]]
+
+I have been cautiously enthusiastic about [Puri.sm][]. They have done
+interesting work [liberating their own hardware][Coreboot support] from the clutches
+of [Intel backdoors][neutralizing IME] and are enthusistically creating a [new kind
+of phone][]. Recently, they figured they would also become a [new
+hosting provider][] but that not going as well as one might hope. It
+seems they have decided to rewrite the standard [Community Covenant][]
+code of conduct and rinse it down to create a absolutist "free speech
+zone".
+
+This is a serious mistake and will create an escape hatch from
+mainstream social media for neo-nazis, trolls, masculists and other
+scum[^1] of the internet. Purism should not be part of this, and if they
+do not revert this stance, I will discourage anyone from doing
+business with them ever again.
+
+An introduction to the Purism projects
+======================================
+
+In a private mailing list, I summarized the situation of the Librem
+projects as follows:
+
+[new kind of phone]: https://puri.sm/products/librem-5/
+[new hosting provider]: https://librem.one/
+[Coreboot support]: https://puri.sm/posts/librem-13-coreboot-report-february-25th-2017/
+[neutralizing IME]: https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/
+[Puri.sm]: https://puri.sm
+
+>> Hi all,
+>>
+>> Do people on this list have any opinion about <https://librem.one> ?
+>
+> Overall, I think it's a good idea.
+>
+> Devil is in the details, however. There was some controversy on how
+> Purism has rebranded and forked existing free software projects without
+> giving clear credit in the original announcements. They have responded
+> to this, however, with [something I find somewhat satisfactory][].
+>
+> I'm a little concerned about Purism taking on too much: they started by
+> making laptops and ventured into forking Debian to have their own
+> distribution - a common pattern in hardware manufacturers supporting
+> Debian, same happened with System76. But now they are building a phone,
+> and not content with Android, they are building their own OS, based on
+> Debian, and I worry it will not deliver and disappoint a lot of people.
+>
+> This is another venture that, coming from a hardware manufacturer, I am
+> also somewhat worried about. Launching, simultaneously, an Email, Chat,
+> social networking and VPN provider is a very ambitious goals. Members of
+> our communities have been spending years deploying those services and
+> it's a little frustrating to see Purism just barge in there and offer
+> their services, for a fee on top of that.
+>
+> But I will be the first to recognize that running services comes at a
+> cost: hardware, cooling, real-estate and especially labor are not
+> free. So I think it's fair they charge a price, and a fair one at that
+> too.
+>
+> So I wish them good luck and I am curious to see where it will go. At
+> least they picked federated protocols which interoperate with our stuff:
+> that is good. I'm worried they will undercut other community providers
+> like ours, but I guess the more the merrier...
+
+[something I find somewhat satisfactory]: https://puri.sm/posts/how-purism-works-upstream-and-gives-back/
+
+The Purism code of conduct tolerates Nazis
+==========================================
+
+Now something else came up and that's the [Librem.one code of
+conduct][code-of-conduct] which more less says "Nazis are okay, as long as they
+don't harrass people", a position which I have come to fundamentally
+disagree with.
+
+[code-of-conduct]: https://librem.one/conduct/
+
+[This post][][^2] is what brought the problem to my attention. It
+includes screenshots from a conversation with [Kyle Rankin][], the
+Purism Chief Security Officer. Rankin explains they don't need to list
+"bad behaviors" in their code of conduct because "harrassment"
+suffices and also argues that control over content isn't required
+because they won't have a shared Mastodon[^3] timeline.
+
+[2]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/0a7b2b84ec4600decf6fb8e0b243be5204fb63a9513384d9f8aa483f681aadd3.png?name=Screenshot%20from%202019-05-07%2016-36-10.png
+[1]: https://web.archive.org/web/20190508234147/https://social.libre.fi/media/ab602faf530926ab984bb33c16cab8055606ea636ee41c4b1efd99aa8ff3ed42.png?name=Screenshot%20from%202019-05-07%2016-36-26.png
+[This post]: https://social.libre.fi/notice/9iZw5AqQ5qKjgFWm5Q
+[Kyle Rankin]: https://kylerank.in/
+
+And inded you can see for yourself that, in their [code of
+conduct][code-of-conduct], they explicitely state that:
+
+> This Code of Conduct is adapted from the [Community Covenant][],
+> The only change made was to remove the list of examples in the
+> interest of readability.
+
+[Community Covenant]: https://community-covenant.net
+
+This seems innocuous enough, but the changes go beyond simply
+"readability". This is how the Covenant code of conduct actually
+begins:
+
+> Our pledge
+>
+> In the interest of fostering an open and welcoming environment, we
+> as contributors and maintainers pledge to making participation in
+> our project and our community a harassment-free experience for
+> everyone, regardless of age, body size, disability, ethnicity,
+> gender identity and expression, level of experience, nationality,
+> personal appearance, race, religion, or sexual identity and
+> orientation.
+
+In comparison, this is how the Purism code begins:
+
+> Our goal
+>
+> This community is dedicated to providing a harassment-free
+> experience for everyone. We do not tolerate harassment of
+> participants in any form.
+
+Purism seems to pivot around "legally protected free speech" and argue
+that "harrassment is not legally protected" which is why it's not
+allowed in their code of conduct. Their argument is they shouldn't
+decide what's allowed on their own server and instead seem to delegate
+this to the US constitution and law enforcement. Indeed, in their
+[FAQ][], we can read:
+
+ [FAQ]: https://librem.one/#faq
+
+> How do I report illegal content?
+> 
+> Any illegal content or illegal acts should be reported to the
+> appropriate authorities who are equipped to handle it.
+
+So it's not just a matter of "readability", but also that they don't
+*actually* want to "restrict free speech".  This seems to me, at best
+a cop-out that leaves victims totally on their own, and, at worst,
+creates a "safe space" for neo-nazis to escape the narrowing controls
+imposed on larger platforms like Twitter, Facebook and Reddit. This is
+the same position that "big tech" (as Purism calls its competitors)
+are taking. They are trying really hard to remove themselves from the
+editorial process and claim they are not responsible for content.
+
+In practice, this is a little white lie: Facebook, Twitter and all
+those platforms employ armies of moderators that constantly police
+their network.[^4] The question, therefore, is what that platform
+specifically allows and refuses. Pornography, for example, is
+definitely allowed "legally protected free speech" in the USA, yet
+it's forbidden on Facebook. Some large providers have also started to
+crack down on neo-nazis, like Facebook, Youtube, Apple, and Spotify
+[banning Alex Jones][] from their networks. Twitter seems slower to
+follow and [some claim][] that's because they might they risk banning
+Republicans as well because they confuse artificial intelligence (and,
+arguably, human intelligence as well).
+
+[banning Alex Jones]: https://www.theguardian.com/technology/2018/aug/06/apple-removes-podcasts-infowars-alex-jones
+[some claim]: https://motherboard.vice.com/en_us/article/a3xgq5/why-wont-twitter-treat-white-supremacy-like-isis-because-it-would-mean-banning-some-republican-politicians-too
+[The Moderators]: https://www.imdb.com/title/tt6628328/
+[The Cleaners]: https://www.imdb.com/title/tt7689936/
+[this article on The Verge]: https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona
+
+Free speech absolutism and its impacts
+======================================
+
+The first impact of this is that some Mastodon servers are blocking
+the Purism instance altogether. This makes Purism's claims of
+federation somewhat dishonest:
+
+> Yes, you can follow and fully interact with people inside or outside
+> the librem.one domain. (not locked-in to one technology company)
+
+Of course, that's the nature of federation, but I am not aware of such
+a *company* (especially one which claims to have a [social purpose][])
+blocked right off the bat from the federation.
+
+[social purpose]: https://puri.sm/about/social-purpose/
+
+The second impact, of course, is that free speech fanatics, the
+alt-right, and neo-nazis are soon going to invade that space. The hordes
+of trolls, tired of getting banned on Twitter, will be [happy][] to find a
+safe haven on Librem.one, especially since there will be a juicy
+community of unsuspecting "social justice warriors" like me there to
+troll and brutalize.
+
+[happy]: https://forums.puri.sm/t/librem-social-a-free-speech-zone/5632/
+
+There's a long history of tolerating hate speech in the USA, based on
+the US constitution, at least from state institutions. As a reminder,
+the [first amendment][] says that:
+
+[first amendment]: https://en.wikipedia.org/wiki/First_Amendment_to_the_United_States_Constitution
+
+> Congress shall make no law respecting an establishment of religion,
+> or prohibiting the free exercise thereof; or abridging the freedom
+> of speech, or of the press; or the right of the people peaceably to

(fichier de différences tronqué)
yolo
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index c31acb2d..1faa4f8c 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -178,11 +178,11 @@ Our final setup would look something like this:
 
 So I've spread out the gear acquisition in multiple phases...
 
-### Phase I: just vocals, ~650$
+### Phase I: just vocals, ~600$
 
 We already have a stand and SM58 + cable, so we just need:
 
- * Speaker(s): 650$ (Yamaha DBR12 or DBR10, or JBL EON 610)
+ * Speaker(s): Yamaha DBR12 or DBR10, or JBL EON 610
    * Archambault: rien
    * Diplomate: JBL PRX710 pair for 1450$ (725$ each?)
    * Long & Mcquade: [EON 610: 540$](https://www.long-mcquade.com/87338/Pro-Audio---Recording/PA-Speaker-Cabinets/JBL/EON610-10---Powered-Speaker-w--Bluetooth.htm), [DBR10 10" 520$](https://www.long-mcquade.com/88398/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DBR10-10---2-Way-Powered-Loudspeaker.htm), [DBR12

moar shoppin'
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index a68a19de..c31acb2d 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -183,6 +183,12 @@ So I've spread out the gear acquisition in multiple phases...
 We already have a stand and SM58 + cable, so we just need:
 
  * Speaker(s): 650$ (Yamaha DBR12 or DBR10, or JBL EON 610)
+   * Archambault: rien
+   * Diplomate: JBL PRX710 pair for 1450$ (725$ each?)
+   * Long & Mcquade: [EON 610: 540$](https://www.long-mcquade.com/87338/Pro-Audio---Recording/PA-Speaker-Cabinets/JBL/EON610-10---Powered-Speaker-w--Bluetooth.htm), [DBR10 10" 520$](https://www.long-mcquade.com/88398/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DBR10-10---2-Way-Powered-Loudspeaker.htm), [DBR12
+     12" 1000W 650$](https://www.long-mcquade.com/88406/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DBR12-12---2-Way-1000W-Powered-Loudspeaker.htm), [DXR10: 750$](https://www.long-mcquade.com/94352/Pro-Audio---Recording/PA-Speaker-Cabinets/Yamaha/DXR-10-10---2-Way-1100W-Powered-Speaker.htm)
+   * Music Red One: [EON 610 580$](https://musicredone.com/collections/speakers/products/jbl-eon610), no Yamaha
+   * Steve's: [EON 610: 540$](https://stevesmusic.com/en/p-a-live-sound/speakers/jbl-eon-610.html), [DXR10: 760$](https://stevesmusic.com/en/p-a-live-sound/speakers/yamaha-dxr-10-powered-speaker-ea.html), [DBR10 520$](https://stevesmusic.com/en/p-a-live-sound/portable-systems/yamaha-dbr10-active-monitor-ea.html)
 
 ### Phase II: mono recording, ~650$
 
@@ -214,4 +220,25 @@ and a more elaborate audio interface.
 
 [Soundcraft Notepad 102]: https://www.soundcraft.com/products/notepad-102
 
+Shops
+=====
+
+This list was built mostly for rentals, but also features shops that
+sell the gear:
+
+ * [Archambault](https://www.archambault.ca/Localisateur): 250, Jean-Talon Est, 514 849-8589
+ * <http://boiteamusique.ca>: not much sono stuff, mostly guitar/amps
+   rental
+ * [Diplomate Musique](http://www.musiquediplomate.com/): 311 Beaubien East, 514-274-5413
+ * [Long & McQuade](https://www.long-mcquade.com/locations/Quebec/): 10715, boulevard Pie-IX Phone: 514-388-9259,
+   10h-~17h, ~65$ for mixer/amp/mikes rental
+ * [Music Red One](https://musicredone.com/): 2069 Avenue Chartier, Dorval, +1-514-225-2226
+ * [Nantel](https://www.nantelmusique.ca/default.aspx?pageId=5&lang=fr): same
+ * [Twigg](https://www.twiggmusique.com/fr/service/location-montreal/): same
+ * [Solotech](https://www.solotech.com/contact-us/):  8-17h,  ~140$ for mixer/amp/mikes rental
+ * [Steve's](https://stevesmusic.com/en/contacts/): 150 st-antoine, 97$ for mixer/amp/mikes rental, 15$
+   par mike, 10-17h, 1-877-978-3837
+ * Centre musical Ahuntsic Inc. closed? 8979 rue Lajeunesse, Montréal,
+   H2M 1S1 514 514-388-6001
+
 [[!tag research]]

Archival link:

The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.

Created . Edited .