RecentChanges

diff --git a/blog/2022-06-17-matrix-notes.md b/blog/2022-06-17-matrix-notes.md
index 6eb56bc6..6ddc93f9 100644
--- a/blog/2022-06-17-matrix-notes.md
+++ b/blog/2022-06-17-matrix-notes.md
@@ -670,6 +670,11 @@ Matrix people have also [announced](https://matrix.org/blog/2021/05/06/introduci
 network](https://github.com/matrix-org/pinecone) which aims at solving large, internet-scale routing
 problems. See also [this talk at FOSDEM 2022](https://www.youtube.com/watch?v=diwzQtGgxU8&list=PLl5dnxRMP1hW7HxlJiHSox02MK9_KluLH&index=19).
 
+Update: there is a formal proposal ([MSC3079](https://github.com/matrix-org/matrix-spec-proposals/pull/3079)) about a
+low-bandwidth, UDP-based transport, but it's been stuck at that stage
+for a few years now, because of security issues inherent to the UDP
+protocol, at first glance. There's also a [golang implementation](https://github.com/matrix-org/lb).
+
 # Usability
 
 ## Onboarding and workflow

diff --git a/software/zfs.md b/software/zfs.md
index fcc6fef2..aafea3eb 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -36,8 +36,8 @@ it.
 I've had trouble moving encrypted datasets between pools when trying
 to move the [[hardware/tubman]] `rpool` from HDDs to SSDs. This is a
 problem many people are facing, without good solutions, see also [this
-truenas discussion](https://www.truenas.com/community/threads/cant-zfs-send-between-encrypted-pools.90532/), [this reddit thread](https://www.reddit.com/r/zfs/comments/dkldqr/having_trouble_using_sendreceive_on_encrypted/), [this openzfs docs
-thread](https://github.com/openzfs/openzfs-docs/issues/354), and [this other one](https://github.com/openzfs/openzfs-docs/pull/127#issuecomment-785491091).
+TrueNAS discussion](https://www.truenas.com/community/threads/cant-zfs-send-between-encrypted-pools.90532/), [reddit thread](https://www.reddit.com/r/zfs/comments/dkldqr/having_trouble_using_sendreceive_on_encrypted/), [HN thread](https://news.ycombinator.com/item?id=32340433), [this
+openzfs docs thread](https://github.com/openzfs/openzfs-docs/issues/354), and [this other one](https://github.com/openzfs/openzfs-docs/pull/127#issuecomment-785491091).
 
 Also, native encryption "will not encrypt metadata related to the pool
 structure, including dataset and snapshot names, dataset hierarchy,
@@ -308,6 +308,23 @@ See also [this idea in grml](https://github.com/grml/grml-live/issues/78) and [t
 Also note that Ubuntu actually ships binary packages for ZFS and are
 questioning the incompatibility claims.
 
+## Write amplification
+
+When layering filesystems, you are always at risk of causing "write
+amplification" because of mismatched block sizes or alignment. For
+example, if you have a virtual machine with a filesystem with a 4kB
+block size over a host device with a 8kB block size, the host will
+have to read that 8kB block to get the other 4kB half before writing
+it back.
+
+In ZFS, it's even worse; from what I understand, because of the
+copy-on-write semantics. I'm not exactly clear on the details of this
+unfortunately, but it's something to keep in mind when deploying ZFS
+in complex setups.
+
+In particular, this affects Proxmox which uses 8kB block size zvols
+for virtual machines, which seems to [cause performance problems](https://bugzilla.proxmox.com/show_bug.cgi?id=4190).
+
 # Other documentation
 
 - TODO: document those debugging tools:

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 68c12f0a..f8dd2c12 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2011,6 +2011,8 @@ long road trip across the continental US.
      desktop adapter](https://github.com/whatthefilament/Framework-Desktop-Adapter) to reuse an existing case (from [this
      thread](https://community.frame.work/t/framework-desktop-case-adapter/19126))
    * [mainboard case](https://frame.work/products/cooler-master-mainboard-case) (official!)
+   * battery case (!), [the verge has extra photos of the mainboard
+     and battery cases](https://www.theverge.com/2023/3/23/23652939/framework-cooler-master-sff-pc-case)
    * [tablet mod](https://www.instructables.com/Framework-Tablet-Assembly-Manual/) (kind of clunky, but works!)
    * [keyboard mod](https://www.tindie.com/products/crimier/framework-input-cover-controller/) (i.e. turn the Framework keyboard, touch pad,
      fingerprint reader and power buttons into a "normal" USB keyboard

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index cf5a7367..07e545ef 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -73,6 +73,11 @@ The spec here is at least 65W USB-C with international plugs.
   international plugs, also acts as a 7A international adapter,
   built-in fuse, [mentioned by Wired](https://www.wired.com/gallery/best-travel-adapters/#62f6189c4d6c332046cb7387), 15% off with code
   `OneWorld65_15%Off`
+* The [LinkOn 166W](https://linkon.biz/en/product/748-linkon-ganius-166w-gan-wall-charger.html) looks really promising (2 USB-A 2 USB-C, near
+  universal) but "This charger got certification for 100W but its
+  maximum output when using the two USB C ports and the two USB A
+  ports is 166W", which is fishy: there *are* standards beyond PD 3.0
+  ([power delivery 3.1](https://en.wikipedia.org/wiki/USB_hardware#USB_Power_Delivery) allows for 240W delivery), untested otherwise
 
 ### TOFU power station
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index ca581294..cf5a7367 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -69,6 +69,10 @@ The spec here is at least 65W USB-C with international plugs.
   AU/US/UK/EU Mac-compatible adapters, 3-port 7A power strip (!)
 * [Volta GIGA 130W GAN charger](https://www.voltacharger.com/collections/best-seller-2022/products/giga-130w-gan-charger): 99$ 3 USB-C, 1 USB-A, 5$ extra for
   each international adapter
+* [One World 65](https://oneadaptr.com/products/oneworld-65-international-adapter-with-65w-pd-charger): 69$ 3 USB-C (one with 65W PD), 2 USB-A, slide-out
+  international plugs, also acts as a 7A international adapter,
+  built-in fuse, [mentioned by Wired](https://www.wired.com/gallery/best-travel-adapters/#62f6189c4d6c332046cb7387), 15% off with code
+  `OneWorld65_15%Off`
 
 ### TOFU power station
 
@@ -193,6 +197,23 @@ get extra international adapters for their chargers by email (which
 wasn't obvious from the website). But their charger is currently
 (2023-03-13) marked as "sold out", so I guess I'm stuck there as well.
 
+### One World
+
+I have ordered a [One World 65](https://oneadaptr.com/products/oneworld-65-international-adapter-with-65w-pd-charger) as well. At 69$USD, it boasts 2
+USB-A and 3 USB-C, with one 65W PD. It has slide-out international
+plugs which means it basically works everywhere. It also acts as a 7A
+international adapter as it has this funky array of connectors in the
+back where you can plug other AC devices. It has built-in timeout
+fuse.
+
+I found it on [Tech advisor](https://www.techadvisor.com/article/724320/best-travel-adapters.html) but when I noticed it was quoting
+Wired, I found it was indeed [mentioned by Wired](https://www.wired.com/gallery/best-travel-adapters/#62f6189c4d6c332046cb7387), which also
+provided a promo code `OneWorld65_15%Off`, so this ended up being
+around 50$USD, a bargain.
+
+Ordered on 2023-03-28, we'll see if it ever gets here or if it
+works. I mean to use it as a backup to the TOFU.
+
 ## USB Docks
 
 Specification: 

diff --git a/blog/2022-01-23-chrony.md b/blog/2022-01-23-chrony.md
index e3739f1b..2bbb955c 100644
--- a/blog/2022-01-23-chrony.md
+++ b/blog/2022-01-23-chrony.md
@@ -407,4 +407,10 @@ table][] doesn't mention it, and an [audit by the Core Infrastructure
 Initiative from 2017](https://www.coreinfrastructure.org/blogs/securing-network-time/) doesn't mention it either, even though
 [timesyncd was announced in 2014](https://lists.freedesktop.org/archives/systemd-devel/2014-May/019537.html). (Same with [this blog post from Facebook](https://engineering.fb.com/2020/03/18/production-engineering/ntp-service/).)
 
+Update: now (2023-03-28, about a year later), bookworm is about to
+ship with ntpsec as a replacement package for ntp. There is a
+discussion about an [update to the release notes](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028149) that is relevant
+here; it seems we never clearly announced that `timesyncd` was the
+default, and that there are actually [serious issue](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028149#15) with it.
+
 [[!tag debian-planet python-planet time sysadmin debian ntp]]

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 4a219677..68c12f0a 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -1130,6 +1130,13 @@ tweaks you can make to improve it. Try:
  * latest Linux kernels (6.2) promise power savings as well
    (unverified)
 
+Update: also try to follow the [official optimization guide](https://knowledgebase.frame.work/en_us/optimizing-ubuntu-battery-life-Sye_48Lg3). It
+was made for Ubuntu but will probably also work for your distribution
+of choice with a few tweaks. They recommend using [tlpui](https://github.com/d4nj1/TLPUI) but it's
+[not packaged in Debian](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006598). There is, however, [a Flatpak
+release](https://flathub.org/apps/details/com.github.d4nj1.tlpui). In my case, it resulted in the following diff to
+`tlp.conf`: [[tlp.patch]].
+
 ### Background on CPU architecture
 
 There were power problems in the 11th gen Framework laptop, according
diff --git a/hardware/laptop/framework-12th-gen/tlp.patch b/hardware/laptop/framework-12th-gen/tlp.patch
new file mode 100644
index 00000000..07eaf7fc
--- /dev/null
+++ b/hardware/laptop/framework-12th-gen/tlp.patch
@@ -0,0 +1,136 @@
+diff --git a/tlp.conf b/tlp.conf
+index e7f2c8a..1571e98 100644
+--- a/tlp.conf
++++ b/tlp.conf
+@@ -84,8 +84,8 @@
+ #   changing the governor.
+ # Default: <none>
+ 
+-#CPU_SCALING_GOVERNOR_ON_AC=powersave
+-#CPU_SCALING_GOVERNOR_ON_BAT=powersave
++CPU_SCALING_GOVERNOR_ON_AC=performance
++CPU_SCALING_GOVERNOR_ON_BAT=powersave
+ 
+ # Set the min/max frequency available for the scaling governor.
+ # Possible values depend on your CPU. For available frequencies see
+@@ -113,8 +113,8 @@
+ # - When HWP.EPP is available, EPB is not set
+ # Default: balance_performance (AC), balance_power (BAT)
+ 
+-#CPU_ENERGY_PERF_POLICY_ON_AC=balance_performance
+-#CPU_ENERGY_PERF_POLICY_ON_BAT=balance_power
++CPU_ENERGY_PERF_POLICY_ON_AC=performance
++CPU_ENERGY_PERF_POLICY_ON_BAT=power
+ 
+ # Set Intel CPU P-state performance: 0..100 (%).
+ # Limit the max/min P-state to control the power dissipation of the CPU.
+@@ -123,18 +123,18 @@
+ # newer CPU.
+ # Default: <none>
+ 
+-#CPU_MIN_PERF_ON_AC=0
+-#CPU_MAX_PERF_ON_AC=100
+-#CPU_MIN_PERF_ON_BAT=0
+-#CPU_MAX_PERF_ON_BAT=30
++CPU_MIN_PERF_ON_AC=0
++CPU_MAX_PERF_ON_AC=100
++CPU_MIN_PERF_ON_BAT=0
++CPU_MAX_PERF_ON_BAT=30
+ 
+ # Set the CPU "turbo boost" (Intel) or "turbo core" (AMD) feature:
+ #   0=disable, 1=allow.
+ # Note: a value of 1 does *not* activate boosting, it just allows it.
+ # Default: <none>
+ 
+-#CPU_BOOST_ON_AC=1
+-#CPU_BOOST_ON_BAT=0
++CPU_BOOST_ON_AC=1
++CPU_BOOST_ON_BAT=0
+ 
+ # Set the Intel CPU HWP dynamic boost feature:
+ #   0=disable, 1=enable.
+@@ -142,8 +142,8 @@
+ # 6th gen. or newer CPU.
+ # Default: <none>
+ 
+-#CPU_HWP_DYN_BOOST_ON_AC=1
+-#CPU_HWP_DYN_BOOST_ON_BAT=0
++CPU_HWP_DYN_BOOST_ON_AC=1
++CPU_HWP_DYN_BOOST_ON_BAT=0
+ 
+ # Minimize number of used CPU cores/hyper-threads under light load conditions:
+ #   0=disable, 1=enable.
+@@ -166,8 +166,8 @@
+ # hardware and additional profiles such as: balanced-performance, quiet, cool.
+ # Default: <none>
+ 
+-#PLATFORM_PROFILE_ON_AC=performance
+-#PLATFORM_PROFILE_ON_BAT=low-power
++PLATFORM_PROFILE_ON_AC=performance
++PLATFORM_PROFILE_ON_BAT=low-power
+ 
+ # Define disk devices on which the following DISK/AHCI_RUNTIME parameters act.
+ # Separate multiple devices with spaces.
+@@ -279,12 +279,12 @@
+ # the output of tlp-stat -g.
+ # Default: <none>
+ 
+-#INTEL_GPU_MIN_FREQ_ON_AC=0
+-#INTEL_GPU_MIN_FREQ_ON_BAT=0
+-#INTEL_GPU_MAX_FREQ_ON_AC=0
+-#INTEL_GPU_MAX_FREQ_ON_BAT=0
+-#INTEL_GPU_BOOST_FREQ_ON_AC=0
+-#INTEL_GPU_BOOST_FREQ_ON_BAT=0
++INTEL_GPU_MIN_FREQ_ON_AC=100
++INTEL_GPU_MIN_FREQ_ON_BAT=100
++INTEL_GPU_MAX_FREQ_ON_AC=1300
++INTEL_GPU_MAX_FREQ_ON_BAT=800
++INTEL_GPU_BOOST_FREQ_ON_AC=1300
++INTEL_GPU_BOOST_FREQ_ON_BAT=1000
+ 
+ # AMD GPU power management.
+ # Performance level (DPM): auto, low, high; auto is recommended.
+@@ -313,7 +313,7 @@
+ # Default: off (AC), on (BAT)
+ 
+ #WIFI_PWR_ON_AC=off
+-#WIFI_PWR_ON_BAT=on
++WIFI_PWR_ON_BAT=off
+ 
+ # Disable Wake-on-LAN: Y/N.
+ # Default: Y
+@@ -365,6 +365,7 @@
+ # Default: "mei_me nouveau radeon", use "" to disable completely.
+ 
+ #RUNTIME_PM_DRIVER_DENYLIST="mei_me nouveau radeon"
++RUNTIME_PM_DRIVER_DENYLIST=""
+ 
+ # Permanently enable/disable Runtime PM for listed PCIe device addresses
+ # (independent of the power source). This has priority over all preceding
+@@ -378,7 +379,8 @@
+ # Set to 0 to disable, 1 to enable USB autosuspend feature.
+ # Default: 1
+ 
+-#USB_AUTOSUSPEND=1
++#USB_AUTOSUSPEND=0
++USB_AUTOSUSPEND=1
+ 
+ # Exclude listed devices from USB autosuspend (separate with spaces).
+ # Use lsusb to get the ids.
+@@ -387,6 +389,7 @@
+ # Default: <none>
+ 
+ #USB_DENYLIST="1111:2222 3333:4444"
++USB_DENYLIST="0bda:8156 1050:0116"
+ 
+ # Exclude audio devices from USB autosuspend:
+ #   0=do not exclude, 1=exclude.
+@@ -476,7 +479,7 @@
+ #   bluetooth, nfc, wifi, wwan.
+ # Default: <none>
+ 
+-#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth nfc wifi wwan"
++DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth nfc wifi wwan"
+ 
+ # Battery Care -- Charge thresholds
+ # Charging starts when the charge level is below the START_CHARGE_THRESH value

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index ca608a3e..bb0ccf2c 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -134,10 +134,6 @@ can log back in over a serial console or virtual terminal.
         printf "Press enter to continue, Ctrl-C to abort." &&
         read -r _ &&
         (puppet agent -t || true) &&
-        : reinstall Python packages to follow Python upgrade &&
-        for package in rsendmail ; do
-            cd ~anarcat/src/$package && pip3 install . || echo WARNING: failed to install $package
-        done &&
         : rm -f /etc/apt/apt.conf.d/50unattended-upgrades.dpkg-dist /etc/ca-certificates.conf.dpkg-old /etc/cron.daily/bsdmainutils.dpkg-remove /etc/default/prometheus-apache-exporter.dpkg-dist /etc/default/prometheus-node-exporter.dpkg-dist /etc/logrotate.d/apache2.dpkg-dist /etc/nagios/nrpe.cfg.dpkg-dist /etc/ssh/ssh_config.dpkg-dist /etc/ssh/sshd_config.ucf-dist /etc/unbound/unbound.conf.dpkg-dist &&
         printf "\a" &&
         /home/anarcat/src/koumbit-scripts/vps/clean_conflicts &&
@@ -145,16 +141,6 @@ can log back in over a serial console or virtual terminal.
         printf "End of Step 6\a\n" &&
         shutdown -r +1 "rebooting to get rid of old kernel image..."
 
-    NOTE: the pip install is not great. What I should do instead is:
-
-        pip freeze --local > requirements.txt
-        apt upgrade
-        pip install -r requirements.txt
-        rm -rf .../python3.x # remove old crap
-
-    That way we reinstall what's already setup, and we have pinned
-    versions, but [not checksums](https://github.com/psf/fundable-packaging-improvements/issues/31).
-
  7. Post-upgrade checks:
 
         export LC_ALL=C.UTF-8 &&
@@ -318,6 +304,13 @@ also:
     apt install puppet-module-puppetlabs-cron-core puppet-module-puppetlabs-augeas-core puppet-module-puppetlabs-sshkeys-core
     puppetserver gem install trocla:0.4.0 --no-document
 
+## pip install changes (PEP 668)
+
+This is not yet documented in the Debian release notes ([1033564](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033564)),
+but we are now enforcing [PEP 668][] which means that a simple `pip
+install foo` will fail unless you pass `--break-system-packages` or
+use a virtual environment.
+
 # Issues
 
 See also the official list of [known issues](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html).
@@ -422,6 +415,32 @@ Those packages were removed from bookworm and eventually restored.
  * [tty-clock](https://tracker.debian.org/pkg/tty-clock) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997179), fixed upstream, but orphaned
  * [yubikey-manager](https://tracker.debian.org/pkg/yubikey-manager) - [some policy failure](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012587), fixed
 
+### pip installation
+
+NOTE: this procedure used to advise to use pip to reinstall packages
+but my own packages are all in Debian now, so that is not an issue
+anymore. But in case that problem comes up again in the future, what I
+was doing was:
+
+    : reinstall Python packages to follow Python upgrade &&
+    for package in rsendmail ; do
+        cd ~anarcat/src/$package && pip3 install . || echo WARNING: failed to install $package
+    done
+
+This wasn't great. First, it now doesn't work in bookworm anymore
+because pip forbids installing packages that way, you *must* use
+virtual environments. Second, it doesn't cleanup old things and *will*
+forget stuff that hasn't been added to the procedure. I have
+considered this instead:
+
+    pip freeze --local > requirements.txt
+    apt upgrade
+    pip install -r requirements.txt
+    rm -rf .../python3.x # remove old crap
+
+That way we reinstall what's already setup, and we have pinned
+versions, but [not checksums](https://github.com/psf/fundable-packaging-improvements/issues/31).
+
 # Troubleshooting
 
 ## Upgrade failures

diff --git a/services/archive/rescue.mdwn b/services/archive/rescue.mdwn
index 55c8b432..47e9894b 100644
--- a/services/archive/rescue.mdwn
+++ b/services/archive/rescue.mdwn
@@ -556,8 +556,9 @@ References
 ==========
 
 I'm following the path blazed by [jmtd](https://jmtd.net/) [here](https://jmtd.net/log/imaging_discs/) and
-[here](https://jmtd.net/log/imaging_discs/2). The [forensics wiki](https://www.forensicswiki.org/) also has [docs on ddrescue](https://www.forensicswiki.org/wiki/Ddrescue)
-which were useful.
+[here](https://jmtd.net/log/imaging_discs/2). (Update: [inspired by this very post](https://jmtd.net/log/imaging_discs/3/), jmtd collected
+his notes in a [new page](https://jmtd.net/computing/imaging_discs/).) The [forensics wiki](https://www.forensicswiki.org/) also has [docs
+on ddrescue](https://www.forensicswiki.org/wiki/Ddrescue) which were useful.
 
 Tools used:
 

diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index cd8330f5..09af781c 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -354,7 +354,7 @@ a high TDP power consumption (+30W) but we estimate the total power
 consumption is still well below the PSU's 500W capacity. They also did
 not have the 2400G in stock, for future reference.
 
-## FreeNAS mini
+## TrueNAS mini
 
 The folks behind FreeNAS are offering NAS hardware pre-installed with
 the (FreeBSD-based) distribution:
@@ -368,6 +368,10 @@ It's unclear if I could just migrate marcos to this platform as is,
 and the prices might be slightly higher than what I would get when
 building it from scratch...
 
+Update: FreeNAS is now called [TrueNAS](https://www.truenas.com/) and they have pretty sexy
+cases now, checkout their [TrueNAS mini](https://www.truenas.com/truenas-mini/) boxes. Their 4-bay hotswap
+thing starts at 1000$.
+
 ## Pine 64
 
 They have SBCs of course -- that's how they started -- but also a neat

diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index 6fe8d158..cd8330f5 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -20,14 +20,18 @@ particulier [[services/mail]] et [[services/backup]].
 
 # Specification
 
- * [CSE-733TQ-500B][]: [300$][] (80+ bronze 500W PSU)
- * [ASUS PRIME X470-PRO][]: [187$][] (AM4/PGA 1331 ATX 12"x9.6" 6 SATA
-   Intel® I211-AT chipset, [detailed specs][])
- * Kingston KSM26ED8/16ME (16GB RAM): [114$][]
+ * Case: [CSE-733TQ-500B][] ([300$][]), incl. 80+ bronze 500W PSU,
+   4x3.5" hotswap bays, 2x5.25" bays, 1x3.5" bay, 7" (4U) x 20.9" x
+   16.8" (WxDxL), 17Kg ([manual](https://www.supermicro.com/manuals/chassis/Mid-tower/SC733.pdf))
+ * Motherboard: [ASUS PRIME X470-PRO][]: [187$][] (AM4/PGA 1331 ATX
+   12"x9.6" 6 SATA Intel® I211-AT chipset, [detailed specs][])
+ * Memory: Kingston KSM26ED8/16ME (16GB RAM): [114$][]
  * [AMD Ryzen 5 2600][] - replaced with a [2600x](http://www.atic.ca/index.php?page=details&psku=196096) at same cost (no
    GPU, 6 cores, 95W 3.4GHz): [287$][]
  * Total: 889$CAD
 
+The server is also backed by a UPS, a [APC 1500VA BX1500m](https://www.apc.com/ca/en/product/BX1500M/apc-back-ups-1500-compact-tower-1500va-120v-avr-lcd-10-nema-outlets-5-surge/).
+
 [CSE-733TQ-500B]: https://www.supermicro.com/en/products/chassis/tower/733/SC733TQ-500B
 [300$]: http://www.atic.ca/index.php?page=details&psku=63796
 [ASUS PRIME X470-PRO]: https://www.asus.com/us/Motherboards/PRIME-X470-PRO/

diff --git a/hardware/angela.mdwn b/hardware/angela.mdwn
index 95db3f17..49ca09e9 100644
--- a/hardware/angela.mdwn
+++ b/hardware/angela.mdwn
@@ -88,4 +88,9 @@ this installed" problem and just deal with this as I go along.
 
 See [[hardware/laptop/framework-12th-gen]] for a detailed review.
 
+Note that the monitors are hooked up to angela through a USB-C /
+Thunderbolt dock from [Cable Matters](https://www.cablematters.com/), with the lovely name of
+[201053-SIL](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx). It has issues, see [[this blog
+post|blog/2023-02-10-usb-c]] for an in-depth discussion.
+
 [[!tag node]]
diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index e87a0f10..4a219677 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -1918,6 +1918,13 @@ USB hub) drop keys, lag a lot or hang, and I get visual glitches.
 The fix was to tighten the screws around the CPU on the motherboard
 (!), which is, thankfully, a rather simple repair.
 
+## USB docks are hell
+
+Note that the monitors are hooked up to angela through a USB-C /
+Thunderbolt dock from [Cable Matters](https://www.cablematters.com/), with the lovely name of
+[201053-SIL](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx). It has issues, see [[this blog
+post|blog/2023-02-10-usb-c]] for an in-depth discussion.
+
 # Shipping details
 
 I ordered the Framework in August 2022 and received it about a month
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 65707f9d..2c298eb7 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -43,6 +43,11 @@ right side, really strange. But for diagnostics on servers they are
 great because the stand can be removed easily so they're easy to
 squeeze in places and so on.
 
+Note that the monitors are hooked up to angela through a USB-C /
+Thunderbolt dock from [Cable Matters](https://www.cablematters.com/), with the lovely name of
+[201053-SIL](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx). It has issues, see [[this blog
+post|blog/2023-02-10-usb-c]] for an in-depth discussion.
+
 [HP L2245wg]: https://support.hp.com/ca-en/product/hp-l2245wg-22-inch-widescreen-lcd-monitor/3758498/
 [Toshiba 19AV500U]: https://productz.com/en/toshiba-19av500u/p/eWMGr#full-specs
 [Dell 1704FPvt]: https://www.dell.com/downloads/global/products/monitors/en/spec_1704fp_en.pdf

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 83599a30..65707f9d 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -24,12 +24,13 @@ I somehow managed to collect a ridiculous pile of old monitors. Here's
 what works and doesn't, in descending order of (totally subjective)
 "quality":
 
-| Model                          | Resolution     | Size  | Contrast | Lat  | Connectors              | Notes                            | Status |
-|--------------------------------|----------------|-------|----------|------|-------------------------|----------------------------------|--------|
-| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz | 20"   | 2000:1   | 5ms  | VGA DVI                 | looks great, one dead pixel      | angela |
-| [Acer P186HV][]                | 1366x768@60Hz  | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty              | simon  |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating, flickering     | marcos |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating, flickering     | curie  |
+| Model                          | Resolution     | Size  | Contrast | Lat  | Connectors    | Notes                              | Status |
+|--------------------------------|----------------|-------|----------|------|---------------|------------------------------------|--------|
+| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz | 20"   | 2000:1   | 5ms  | VGA DVI       | looks great, one dead pixel        | angela |
+| [Dell 2208WFP][]               | 1680x1050@?Hz  | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB | looks organge-y, 20$ from recyborg | angela |
+| [Acer P186HV][]                | 1366x768@60Hz  | 18.5" | 5000:1   | 5ms  | VGA           | display looks dusty                | simon  |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB | square, rotating, flickering       | marcos |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB | square, rotating, flickering       | curie  |
 
 The LG takes a long time to return from sleep.
 
@@ -50,6 +51,7 @@ squeeze in places and so on.
 [LG Flatron Wide L204WTX-SF]: https://www.lg.com/ca_en/support/product/lg-L204WTX-SF
 [Samsung B2330H]: https://www.samsung.com/us/business/support/owners/product/b2330-series-b2330hd/
 [LG Flatron L1718S]: https://www.lg.com/us/support/product/lg-L1718S-BN.AUS
+[Dell 2208WFP]: https://www.dell.com/support/home/en-ca/product-support/product/dell-2208wfp/docs
 
 ## Retired
 

diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 9b0988cb..3398b446 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -318,6 +318,36 @@ that I version-control into git:
  * `privacy.resistFingerprinting`: true (helps with
    [fingerprinting](https://www.bitestring.com/posts/2023-03-19-web-fingerprinting-is-worse-than-I-thought.html5), but [breaks dark mode](https://bugzilla.mozilla.org/show_bug.cgi?id=1535189), see also [this TB
    bug](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40337))
+ * fixing the scroll bars:
+   * `widget.gtk.overlay-scrollbars.enabled`: false (don't overlay the
+     scrollbars, make it take their own space)
+   * `widget.non-native-theme.scrollbar.style`: 4 ("windows 10"
+     scrollbar style, which is a big, chunky, square-ish scrollbar)
+   * the actual width can be tweaked with
+     `widget.non-native-theme.scrollbar.size.override`, I set it to 10
+   * a better approach might be to [tweak the GTK theme
+     instead](https://unix.stackexchange.com/a/592978/30227)... 
+     
+     I ended up doing `apt install breeze-gtk-theme` which
+     looks a bit better in *other* GTK apps, but somehow Firefox
+     doesn't pick that up argh. I still set the following to have
+     other GTK apps behave:
+     
+         gsettings set org.gnome.desktop.interface gtk-theme Breeze-Dark
+         gsettings set org.gnome.desktop.interface color-scheme prefer-dark
+         gsettings set org.gnome.desktop.interface icon-theme Breeze-Dark
+         gsettings set org.gnome.desktop.interface icon-theme Breeze-Dark
+         gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs"
+         gsettings set org.gnome.desktop.interface font-name "Noto Sans 11"
+         gsettings set org.gnome.desktop.interface document-font-name "Noto Sans 11"
+         gsettings set org.gnome.desktop.interface monospace-font-name "Fira Mono 11" 
+
+     Useful hack:
+
+         gsettings list-recursively org.gnome.desktop.interface | grep -i font
+
+     Source: https://wiki.archlinux.org/title/GTK
+
  * `middlemouse.contentLoadURL` ([ref](http://kb.mozillazine.org/Middlemouse.contentLoadURL)):
    false (got used to chromium not doing that, and it seems too risky:
    passwords can leak in DNS too easily if you miss the field)

diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 52ea848d..9b0988cb 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -313,9 +313,11 @@ that I version-control into git:
  * `network.cookie.cookieBehavior` ([ref](http://kb.mozillazine.org/Network.cookie.cookieBehavior#3_2)):
    1 (no third-party cookies)
  * `browser.in-content.dark-mode`: true (prefer dark CSS, see [this
-   discussion](https://css-tricks.com/dark-modes-with-css/), [new in FF 67](https://blog.logrocket.com/whats-new-in-firefox-67-prefers-color-scheme-and-more-195be81df03f/)), does not work with
-   `privacy.resistFingerprinting`, use `ui.systemUsesDarkTheme` set to
-   `1` instead. see [this doc](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme)
+   discussion](https://css-tricks.com/dark-modes-with-css/), [new in FF 67](https://blog.logrocket.com/whats-new-in-firefox-67-prefers-color-scheme-and-more-195be81df03f/)), also set
+   `ui.systemUsesDarkTheme` to `1`. see [this doc](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme)
+ * `privacy.resistFingerprinting`: true (helps with
+   [fingerprinting](https://www.bitestring.com/posts/2023-03-19-web-fingerprinting-is-worse-than-I-thought.html5), but [breaks dark mode](https://bugzilla.mozilla.org/show_bug.cgi?id=1535189), see also [this TB
+   bug](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40337))
  * `middlemouse.contentLoadURL` ([ref](http://kb.mozillazine.org/Middlemouse.contentLoadURL)):
    false (got used to chromium not doing that, and it seems too risky:
    passwords can leak in DNS too easily if you miss the field)

diff --git a/hardware/curie.mdwn b/hardware/curie.mdwn
index b3678235..3ed1f77a 100644
--- a/hardware/curie.mdwn
+++ b/hardware/curie.mdwn
@@ -22,9 +22,9 @@ I bought it after a failed search for a [[laptop|hardware/laptop]].
 
 # Specification
 
-* SoC: [Intel NUC BOXNUC6I3SYH][] I3-6100U 2xDDR4-2133 SODIMM Slots
-  2.5&M.2 PCIEx4 Slot Mini-DP HDMI 6XUSB SDXC ([technical
-  specification][]): $380
+* SoC: [Intel NUC BOXNUC6I3SYH][] [i3-6100U][] (AKA [Skylake-U][],
+  2.3GHz 4 threads, 15W) 2xDDR4-2133 SODIMM Slots 2.5&M.2 PCIEx4 Slot
+  Mini-DP HDMI 6XUSB SDXC ([technical specification][]): $380
 * Memory: Crucial 16GB DDR4 2133 SODIMM PC4-17000 CL15 Dual Ranked
   1.2V Unbuffered 260PIN Memory: $136
 * Network:
@@ -54,6 +54,9 @@ It works very well and is generally silent unless I manage to max out
 all CPUs for an extended period of time, in which case a small fan
 noise can be heard.
 
+[Skylake-U]: https://en.wikipedia.org/wiki/List_of_Intel_Core_i3_processors#%22Skylake-U%22_(14_nm)
+[i3-6100U]: https://ark.intel.com/content/www/us/en/ark/products/88180/intel-core-i36100u-processor-3m-cache-2-30-ghz.html
+
 # Maintenance log
 
 ## Fan problems

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index d7ae2eda..e87a0f10 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -98,6 +98,29 @@ I have decided to use the Framework as my daily driver, and had to buy
 a [[USB-C dock|blog/2023-02-10-usb-c]] to get my two monitors
 connected, which was own adventure.
 
+Update: Framework just (2023-03-23) just announced a whole bunch of
+new stuff:
+
+ * [AMD Ryzen 7040 and 13th gen Intel board](https://frame.work/blog/framework-laptop-13-with-13th-gen-intel-core-and-amd-ryzen-7040-series)
+ * [16" laptop version](https://frame.work/blog/introducing-the-framework-laptop-16) (pre-order) with an expansion "bay" for an
+   upgradeable graphics module which could also fit M.2 storage
+ * [audio expansion card](https://frame.work/products/audio-expansion-card), since the 16 laptop doesn't have a combo
+   jack
+ * official [mainboard case](https://frame.work/products/cooler-master-mainboard-case) (back-ordered)
+ * official *battery case* (!) (no site yet)
+ * new bezel colors, including [transluscent](https://frame.work/products/bezel?v=FRANCBCP04), green, purple and
+   red (back-ordered)
+ * new, louder (80dB) [speakers](https://frame.work/products/speaker-kit?v=FRANBXFG03)
+ * [new 61Wh battery](https://frame.work/products/battery?v=FRANGWAT01)
+ * [matte display](https://frame.work/products/display-kit?v=FRANFX0001)
+ * [new hinge](https://frame.work/products/hinge-kit-2nd-gen-3-5kg)
+
+The recording is available in [this video](https://www.youtube.com/watch?v=ccpsyRipHlk) and it's not your
+typical keynote. It starts ~25 minutes late, audio is crap, lightning
+and camera are crap, clapping seems to be from whatever staff they
+managed to get together in a room, decor is bizarre, colors are
+shit. It's amazing.
+
 # Specifications
 
 Those are the specifications of the 12th gen, in general terms. Your
@@ -137,9 +160,13 @@ This is the actual build I ordered. Amounts in CAD. (1CAD =
 
 ## Base configuration
 
- * CPU: Intel® Core™ i5-1240P, 1079$
+ * CPU: Intel® Core™ [i5-1240P][] (AKA [Alder Lake P][] 8 4.4GHz
+   P-threads, 8 3.2GHz E-threads, 16 total, 28-64W), 1079$
  * Memory: 16GB (1 x 16GB) DDR4-3200, 104$
 
+[i5-1240P]: https://ark.intel.com/content/www/us/en/ark/products/132221.html
+[Alder Lake P]: https://en.wikipedia.org/wiki/List_of_Intel_Core_i5_processors#%22Alder_Lake-P%22_(Intel_7)
+
 ## Customization
 
  * Keyboard: US English, included
@@ -1969,12 +1996,14 @@ long road trip across the continental US.
    * [desktop mod](https://github.com/whatthefilament/Frame-WorkStation) (from [this discussion](https://www.reddit.com/r/framework/comments/wvzw0m/has_anyone_taken_a_framework_motherboard_and_made/)), also a [normal
      desktop adapter](https://github.com/whatthefilament/Framework-Desktop-Adapter) to reuse an existing case (from [this
      thread](https://community.frame.work/t/framework-desktop-case-adapter/19126))
+   * [mainboard case](https://frame.work/products/cooler-master-mainboard-case) (official!)
    * [tablet mod](https://www.instructables.com/Framework-Tablet-Assembly-Manual/) (kind of clunky, but works!)
    * [keyboard mod](https://www.tindie.com/products/crimier/framework-input-cover-controller/) (i.e. turn the Framework keyboard, touch pad,
      fingerprint reader and power buttons into a "normal" USB keyboard
      and hub)
    * [triple screen laptop mod](https://diyperks.com/diy-perks-triple-screen-laptop/) ([video](https://www.youtube.com/watch?v=aUKpY0o5tMo))
    * [Thinkpad 701C transplant](https://community.frame.work/t/thinkpad-701c-with-a-framework-brain-transplant-work-in-progress/27409)
+   * [Braille laptop](https://www.orbitresearch.com/product/optima/)
 
  * [Debian installation report](https://wiki.debian.org/InstallingDebianOn/FrameWork/12thGen), has good tips on the firmware
    hacks necessary
@@ -2007,6 +2036,9 @@ long road trip across the continental US.
    * [chat is on Discord](https://community.frame.work/t/official-discord/14209/), but [bridged with Matrix](https://matrix.to/#/#framework-space:matrix.org), there's
      [talk of bridging it with IRC as well](https://community.frame.work/t/official-discord/14209/13), for now there's a
      handful of us in `#framework` on <https://libera.chat/>
+   * [GitHub organization](https://github.com/FrameworkComputer/), interesting repositories include the
+     [Expansion Cards](https://github.com/FrameworkComputer/ExpansionCards), [Input Modules](https://github.com/FrameworkComputer/InputModules), [Expansion Bay](https://github.com/FrameworkComputer/ExpansionBay),
+     [mainboard](https://github.com/FrameworkComputer/Mainboard), [EmbeddedController](https://github.com/FrameworkComputer/EmbeddedController)
 
 [[!tag blog debian-planet laptop hardware review debian]]
 

diff --git a/blog/2022-09-25-pourquoi-nationaliser.md b/blog/2022-09-25-pourquoi-nationaliser.md
index f4282bb4..2c32955d 100644
--- a/blog/2022-09-25-pourquoi-nationaliser.md
+++ b/blog/2022-09-25-pourquoi-nationaliser.md
@@ -194,4 +194,11 @@ ans, date après laquelle les clients sont censés payer le prix complet
 par eux-mêmes... Un bon moyen, finalement, de financer le
 développement de la clientèle de ce milliardaire!
 
+## En Ontario, Hydro fait de la fibre
+
+Je viens de découvrir [cette nouvelle de 2021](https://dgtlinfra.com/hydro-one-fiber-telecom-acronym-solutions/) qui montre comment
+[Hydro One](https://www.hydroone.com/), une [compagnie privée](https://en.wikipedia.org/wiki/Hydro_One) a une filiale qui se nomme
+maintenant [Acronym solutions](https://acronymsolutions.com/) qui vend l'accès à son réseau de
+fibre qui connecte, entre autres, Montréal à Toronto.
+
 [[!tag analyse bell histoire "network neutrality" internet politique canada québec ledevoir-rejet]]

diff --git a/fortunes.txt b/fortunes.txt
index b29f5cf3..4bc0ecca 100644
--- a/fortunes.txt
+++ b/fortunes.txt
@@ -1208,3 +1208,7 @@ When machines and computers, profit motives and property rights are
 considered more important than people, the giant triplets of racism,
 extreme materialism and militarism are incapable of being conquered.
                         — Dr. Martin Luther King
+%
+A crank is a very elegant device. It’s small, it’s strong, it’s
+lightweight, energy efficient, and it makes revolutions.
+                        — E. F. Schumacher

diff --git a/blog/2020-03-10-font-changes.mdwn b/blog/2020-03-10-font-changes.mdwn
index 765b023f..dc490ed8 100644
--- a/blog/2020-03-10-font-changes.mdwn
+++ b/blog/2020-03-10-font-changes.mdwn
@@ -266,4 +266,15 @@ for future reshuffling of this work:
  * <https://www.fontsquirrel.com/>
  * <https://www.codingfont.com/>
 
+2023-03-20: [disabled web fonts](https://gitlab.com/anarcat/ikiwiki-bootstrap-anarcat/-/commit/9f960ebc1661959c7dc43823af23daea2cdca591) after reading [Stop Using Custom
+Web Fonts](https://bt.ht/webfonts/). I still suggest Charter, but rely on the system fonts
+and accept fallbacks. I previously had trouble with the "nasty bitmap
+fonts", but it turns out this doesn't seem to be a problem anymore, at
+least not in Firefox. I have also used those tools to figure things
+out a little better:
+
+ * [Fallback Font Generator](https://screenspan.net/fallback)
+ * [Font Style Matcher](https://meowni.ca/font-style-matcher/)
+ * [Modern Font Stacks](https://modernfontstacks.com/)
+
 [[!tag debian-planet python-planet typography meta ikiwiki theming usability]]

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 88383e89..b0be060b 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -141,6 +141,8 @@ Les noms suivants pourraient être utilisés pour de futures machines:
    of Algonquin and Mohawk ancestry"
  * [Hannah Arendt][] - "one of the most important political
    philosophers of the twentieth century"
+ * [Evelyn Berezin][] - inventor of the computer word processor,
+   developed the first computerized banking system
  * [Wendy Carlos][] - trans women, "helped in the development of the
    Moog synthesizer", wrote music for Kubrick's Clockwork Orange, The
    Shining, basically invented electronic music
@@ -160,6 +162,15 @@ Les noms suivants pourraient être utilisés pour de futures machines:
  * [Phillis Wheatley][] - first African-American author of a published
    book of poetry
 
+Space women:
+
+ * Valentina Tereshkova - première femme dans l'espace
+ * Sally Ride - première américaine dans l'espace
+ * Svetlana Savitskaya - première femme à marcher dans l'espace
+ * Mae Jemison - première femme noire dans l'espace
+ * Eileen Collins - première femme commandante de bord et pilote de la
+   navette spaciale
+
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 
 Voir aussi [cette liste][] de femmes moins connues mais peut-être
@@ -178,6 +189,7 @@ tout aussi importantes...
 [first rock and roll record]: https://en.wikipedia.org/wiki/First_rock_and_roll_record
 [Phillis Wheatley]: https://en.wikipedia.org/wiki/Phillis_Wheatley
 [Anahareo]: https://en.wikipedia.org/wiki/Anahareo?wprov=sfla1
+[Evelyn Berezin]: https://en.wikipedia.org/wiki/Evelyn_Berezin
 
 Relié
 =====

diff --git a/blog/2022-04-27-sbuild-qemu.md b/blog/2022-04-27-sbuild-qemu.md
index a0f563fe..de2e5bd4 100644
--- a/blog/2022-04-27-sbuild-qemu.md
+++ b/blog/2022-04-27-sbuild-qemu.md
@@ -101,7 +101,7 @@ later.
  * enter the VM to make test, changes will be discarded  (thanks Nick
    Brown for the `sbuild-qemu-boot` tip!):
  
-        sbuild-qemu-boot /srv/sbuild/qemu/unstable-amd64.img
+        sbuild-qemu-boot /srv/sbuild/qemu/unstable-autopkgtest-amd64.img
 
    That program is shipped only with bookworm and later, an equivalent
    command is:
@@ -113,26 +113,26 @@ later.
  * enter the VM to make *permanent* changes, which will *not* be
    discarded:
 
-        sudo sbuild-qemu-boot --read-write /srv/sbuild/qemu/unstable-amd64.img
+        sudo sbuild-qemu-boot --read-write /srv/sbuild/qemu/unstable-autopkgtest-amd64.img
 
    Equivalent command:
 
-        sudo qemu-system-x86_64 -enable-kvm -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0,id=rng-device0 -m 2048 -nographic /srv/sbuild/qemu/unstable-amd64.img
+        sudo qemu-system-x86_64 -enable-kvm -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0,id=rng-device0 -m 2048 -nographic /srv/sbuild/qemu/unstable-autopkgtest-amd64.img
 
  * update the VM (thanks lavamind):
  
-        sudo sbuild-qemu-update /srv/sbuild/qemu/unstable-amd64.img
+        sudo sbuild-qemu-update /srv/sbuild/qemu/unstable-autopkgtest-amd64.img
 
  * build in a specific VM regardless of the suite specified in the
    changelog (e.g. `UNRELEASED`, `bookworm-backports`,
    `bookworm-security`, etc):
 
-        sbuild --autopkgtest-virt-server-opts="-- qemu /var/lib/sbuild/qemu/bookworm-amd64.img"
+        sbuild --autopkgtest-virt-server-opts="-- qemu /var/lib/sbuild/qemu/bookworm-autopkgtest-amd64.img"
 
    Note that you'd also need to pass `--autopkgtest-opts` if you want
    `autopkgtest` to run in the correct VM as well:
 
-        sbuild --autopkgtest-opts="-- qemu /var/lib/sbuild/qemu/unstable.img" --autopkgtest-virt-server-opts="-- qemu /var/lib/sbuild/qemu/bookworm-amd64.img"
+        sbuild --autopkgtest-opts="-- qemu /var/lib/sbuild/qemu/unstable.img" --autopkgtest-virt-server-opts="-- qemu /var/lib/sbuild/qemu/bookworm-autopkgtest-amd64.img"
 
    You might also need parameters like `--ram-size` if you customized
    it above.

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 129573e0..ca581294 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -128,6 +128,9 @@ Dimensions:
 * 7A auto-reset fuse
 * Cable: 85cm
 
+Update: I found the [main TOFU website](https://zentofu.com/) and [the user manual](https://www.zentofu.com/book/en_TPS-US.pdf)
+which is a little more detailed.
+
 So I *guess* you can only draw 7A from the power source? That would
 mean 700W at 100V, or 1680W at 240V, which I'm a little suspicious of.
 
@@ -159,6 +162,16 @@ when I leave the office, but I'll probably bring a backup for my first
 international travels in case something goes wrong. I'm looking at
 Ugreen and Volta chargers as a backup for those.
 
+Update: in a real-world charging test, the power supply provided a
+about 28W (not 45W!) of charge, so it definitely can't sustain full
+power operation. A [Anker GANPrime](https://www.anker.com/ganprime) charger rated for 65W *also*
+doesn't provide the full 60W and peaks at 38W. This graph shows the
+Framework laptop ([rated for PD 3.0, 100W](https://community.frame.work/t/charger-usb-c-100w/26290/11?u=anarcat)) charging for about 15
+minutes then switching to the Anker charger.
+
+![A graph from the GNOME Power Statistics program showing samples
+oscillating between 24 and 30W and then jumping to about 36W](https://paste.anarc.at/publish/2023-03-16-amcFIf8oTbnxK9CTgo4fxSi0tvMg8J0dvGWpNClD71w/snap-20230316T105040.png)
+
 ### Ugreen
 
 So I was recommended the Ugreen chargers, but unfortunately it seems

diff --git a/blog/mobile-massive-gallery.md b/blog/mobile-massive-gallery.md
index 61833e1d..14cb678c 100644
--- a/blog/mobile-massive-gallery.md
+++ b/blog/mobile-massive-gallery.md
@@ -107,6 +107,22 @@ date.
 
 [PhotoChiotte](https://gitlab.com/LaDaubePhotoChiotte/photochiotte) has an awful name but seems like a clever
 solution. All the logic is inside the mobile app and the server is a
-"dumb" web server with pregenerated thumbnails. Might be interesting.
+"dumb" web server with pregenerated thumbnails. It could be a great
+solution except the user interface is absolute shit. And I don't mind
+using such a strong word since it's literally the name of the software
+in French ("chiotte") so I guess it's self-assuming. It's barely
+usable, even with just local images. There are weird labels (the
+folder names I think?) under each image that take up needless space,
+dragging the images around lets you drag into nothingness, it's
+really, really hard to use. I haven't actually attempted to generate
+the thumbnails.
+
+another solution I tried is to use the plain [Simple Gallery](https://github.com/SimpleMobileTools/Simple-Gallery/) to
+browse a remote folder, but this is [explicitely not supported](https://github.com/SimpleMobileTools/Simple-Gallery/issues/2422) as
+they don't want their app to access the network (and rightly so, I
+guess). But there was [this comment](https://github.com/SimpleMobileTools/Simple-Gallery/issues/2422#issuecomment-1126840645) which pointed me at the [Amaze
+file manager](https://f-droid.org/en/packages/com.amaze.filemanager/) which actually supports SFTP! Unfortunately, in my
+tests it didn't work so well and of course didn't leverage existing
+thumbnails...
 
 [[!tag draft]]

diff --git a/services/dns.mdwn b/services/dns.mdwn
index cbe1a90c..88383e89 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -137,6 +137,8 @@ Potentiels
 
 Les noms suivants pourraient être utilisés pour de futures machines:
 
+ * [Anahareo][] - "writer, animal rights activist and conservationist
+   of Algonquin and Mohawk ancestry"
  * [Hannah Arendt][] - "one of the most important political
    philosophers of the twentieth century"
  * [Wendy Carlos][] - trans women, "helped in the development of the
@@ -153,8 +155,10 @@ Les noms suivants pourraient être utilisés pour de futures machines:
    music", "the original soul sister" and "the Godmother of rock and
    roll", among the first to use distortion on the electric guitar,
    [first rock and roll record][], first interracial duet
- * [Sojourner Truth][] - abolotionist, first black women to win a
+ * [Sojourner Truth][] - abolitionist, first black women to win a
    court case against a black man
+ * [Phillis Wheatley][] - first African-American author of a published
+   book of poetry
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 
@@ -172,6 +176,8 @@ tout aussi importantes...
 [Wendy Carlos]: https://en.wikipedia.org/wiki/Wendy_Carlos
 [Sister Rosetta Tharpe]: https://en.wikipedia.org/wiki/Sister_Rosetta_Tharpe
 [first rock and roll record]: https://en.wikipedia.org/wiki/First_rock_and_roll_record
+[Phillis Wheatley]: https://en.wikipedia.org/wiki/Phillis_Wheatley
+[Anahareo]: https://en.wikipedia.org/wiki/Anahareo?wprov=sfla1
 
 Relié
 =====

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 93fb026b..129573e0 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -61,7 +61,8 @@ Here are the devices I'm considering right now...
 
 The spec here is at least 65W USB-C with international plugs.
 
-* [Anker nano II](https://us.anker.com/pages/ankernano2): 50$USD sold out, not international?
+* [Anker nano II](https://us.anker.com/pages/ankernano2): 50$USD sold out, not international? they have
+  the [PowerPort III](https://www.amazon.com/dp/B0885SPJDZ) (65W, UK/US/EU, not AU), but it's sold out
 * [Ugreen 65W 2 USB-C 1 USB-A UK/US/EU](https://ca.ugreen.com/collections/charger/products/ugreen-65w-nexode-gan-usb-c-3-port-charger-with-us-uk-eu-plug-for-travel): 56$ USD (disappeared?)
 * [Thinkpad power adapter](https://www.lenovo.com/ca/en/p/accessories-and-software/chargers-and-batteries/chargers/gx20p92530): 54$USD, basically your normal ThinkPad charger, meh
 * [TOFU Power station](https://www.elvesfactory.com/worldshop/EN/TPS-UN): 95$USD 2 USB-A (15W), 2 USB-C (30-45W PD),

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 97467566..93fb026b 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -63,10 +63,11 @@ The spec here is at least 65W USB-C with international plugs.
 
 * [Anker nano II](https://us.anker.com/pages/ankernano2): 50$USD sold out, not international?
 * [Ugreen 65W 2 USB-C 1 USB-A UK/US/EU](https://ca.ugreen.com/collections/charger/products/ugreen-65w-nexode-gan-usb-c-3-port-charger-with-us-uk-eu-plug-for-travel): 56$ USD (disappeared?)
-* [Thinkpad power adapter](https://www.lenovo.com/ca/en/p/accessories-and-software/chargers-and-batteries/chargers/gx20p92530): 54$USD, basically your normal thinkpad charger, meh
+* [Thinkpad power adapter](https://www.lenovo.com/ca/en/p/accessories-and-software/chargers-and-batteries/chargers/gx20p92530): 54$USD, basically your normal ThinkPad charger, meh
 * [TOFU Power station](https://www.elvesfactory.com/worldshop/EN/TPS-UN): 95$USD 2 USB-A (15W), 2 USB-C (30-45W PD),
   AU/US/UK/EU Mac-compatible adapters, 3-port 7A power strip (!)
-* [Volta GIGA 130W GAN charger](https://www.voltacharger.com/collections/best-seller-2022/products/giga-130w-gan-charger): 99$ 3 USB-C, 1 USB-A, 5$ extra for each international adapter
+* [Volta GIGA 130W GAN charger](https://www.voltacharger.com/collections/best-seller-2022/products/giga-130w-gan-charger): 99$ 3 USB-C, 1 USB-A, 5$ extra for
+  each international adapter
 
 ### TOFU power station
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 70423a45..97467566 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -149,7 +149,8 @@ Compared to the Framework power supply, which has a 6'8" (203cm) USB-C cable
 and a 3'2" (96cm) power cable (so 9'10" total, or 3 meter long!), it's
 kind of ridiculous. That said, I can easily take the USB-C cable from
 the Framework power supply and carry it alongside the TOFU to get a
-~280cm (~9'2") cable, which is then somewhat reasonable.
+~280cm (~9'2") cable, which is then somewhat reasonable. It feels very
+"crammed" in the carrying case with the longer cable, unfortunately.
 
 At this stage, I'll definitely try this device as my main power source
 when I leave the office, but I'll probably bring a backup for my first

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index f641250f..70423a45 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -62,22 +62,120 @@ Here are the devices I'm considering right now...
 The spec here is at least 65W USB-C with international plugs.
 
 * [Anker nano II](https://us.anker.com/pages/ankernano2): 50$USD sold out, not international?
-* [Ugreen 65W 2 USB-C 1 USB-A UK/US/EU](https://ca.ugreen.com/collections/charger/products/ugreen-65w-nexode-gan-usb-c-3-port-charger-with-us-uk-eu-plug-for-travel): 56$ USD
+* [Ugreen 65W 2 USB-C 1 USB-A UK/US/EU](https://ca.ugreen.com/collections/charger/products/ugreen-65w-nexode-gan-usb-c-3-port-charger-with-us-uk-eu-plug-for-travel): 56$ USD (disappeared?)
 * [Thinkpad power adapter](https://www.lenovo.com/ca/en/p/accessories-and-software/chargers-and-batteries/chargers/gx20p92530): 54$USD, basically your normal thinkpad charger, meh
-* [TOFU Power station](https://www.elvesfactory.com/worldshop/EN/TPS-UN): 95$USD 2 USB-A, 2 USB-C, AU/US/UK/EU adapters, 3-port power strip (!)
+* [TOFU Power station](https://www.elvesfactory.com/worldshop/EN/TPS-UN): 95$USD 2 USB-A (15W), 2 USB-C (30-45W PD),
+  AU/US/UK/EU Mac-compatible adapters, 3-port 7A power strip (!)
+* [Volta GIGA 130W GAN charger](https://www.voltacharger.com/collections/best-seller-2022/products/giga-130w-gan-charger): 99$ 3 USB-C, 1 USB-A, 5$ extra for each international adapter
 
-I particularly like the TOFU, but I am not sure it will deliver... I
-found that weird little thing through [this Twitter post](https://twitter.com/bsdbcr/status/1614887137735737346) from
+### TOFU power station
+
+I found that weird little thing through [this Twitter post](https://twitter.com/bsdbcr/status/1614887137735737346) from
 [Benedict Reuschling](https://twitter.com/bsdbcr), from [this blog post](https://klarasystems.com/articles/openzfs-data-security-vs-integrity/), from [2.5 admins
 episode 127](https://2.5admins.com/2-5-admins-127/) (phew!).
 
-Update: I ordered a TOFU power station today (2023-02-20). I'm a
-little concerned about the power output (45W instead of 65W for the
-Framework charger), but I suspect it will not actually be a problem
-while traveling, since the laptop will keep its charge during the day
-and will charge at night... The device shipped 3 days later, with an
-estimated delivery time of 12 to 15 days, so expect this thing to take
-its sweet time landing on your desk.
+I ordered a TOFU power station in February (2023-02-20) and it landed
+on my doorstep about two weeks later (2023-03-08).
+
+The power output is a little disappointing: my laptop tells me it's
+charging at 30W instead of the rated 45W, which is already less than
+the 65W provided by the normal Framework charger. I suspect it will
+have a hard time keeping up with a full-on, all CPU blaring power
+consumption, so I'm still considering a separate charger. It should be
+fine for charging the laptop overnight during my travels, which is
+basically my use case here.
+
+The "travel" thing is a little plastic contraption that holds three
+different power adapters: [Australian](https://en.wikipedia.org/wiki/AS/NZS_3112), [British](https://en.wikipedia.org/wiki/AC_power_plugs_and_sockets:_British_and_related_types#BS_1363_three-pin_(rectangular)_plugs_and_sockets), [Europe](https://en.wikipedia.org/wiki/Europlug),
+and [USA](https://en.wikipedia.org/wiki/NEMA_connector). The clever thing here is the other end is what looks
+like a [IEC 60320](https://en.wikipedia.org/wiki/IEC_60320) C7/C8 coupler, AKA a "figure-8", "infinity" or
+"shotgun", according to Wikipedia. It seems design to fit with Macbook
+charger cable adapters, but it also seems to physically fit inside a
+classic Thinkpad power supply, which means you can use this thing to
+turn a normal Thinkpad power supply into an international power
+supply, at the cost of removing a good chunk of wire. It is *not*
+compatible with the Framework power supply, which uses a *three* pin,
+grounded, C5/C6 coupler, AKA a "cloverleaf" or "Mickey Mouse"
+connector.
+
+Strangely, the travel adapters also have a *fourth* adapter which is
+not really an adapter, it's a flashlight, rechargeable with Micro USB
+connector.
+
+I'm still a little worried about overload: this thing is supposed to
+be designed as a power bar *and* a charger, but they warn against
+"overloading" it, with a picture of a hair drier... So what is it? Is
+it a full on 15A power bar or not? 220V? There's an odd lack of
+documentation about all of this. The specifications on the cover are:
+
+AC:
+
+* Input: 100V-240V
+* Output: 100V-240V
+
+DC:
+
+* Type-C: 36W/45W (PD)
+* Type-C: 18W (PD)
+* USB-Ax2: 15W (share)
+
+Dimensions:
+
+* 82mm(ø)x28mm(H)
+* Weight: 201g
+* 7A auto-reset fuse
+* Cable: 85cm
+
+So I *guess* you can only draw 7A from the power source? That would
+mean 700W at 100V, or 1680W at 240V, which I'm a little suspicious of.
+
+The specs for the "traveler" are:
+
+Dimensions:
+
+* 3cm x 3.8cm x 5.8cm
+* UK/EU/AU/US
+* Weight: 62g
+
+The two devices come in a small carrying case that is about 5" x 3.75"
+x 2" (or 12.7cm x 9.25cm x 5.08cm), so it's actually pretty bulky once
+everything is packed together. The actual power cable that wraps
+around the device is actually 2'7", or 78.74cm, the 85cm figure about
+probably counts the width of the device itself, which is a little
+disingenuous. There's a USB-C cable provided to actually charge your
+laptop, but it's *tiny*, only about a feet (11⅝") or 30cm. 
+
+Compared to the Framework power supply, which has a 6'8" (203cm) USB-C cable
+and a 3'2" (96cm) power cable (so 9'10" total, or 3 meter long!), it's
+kind of ridiculous. That said, I can easily take the USB-C cable from
+the Framework power supply and carry it alongside the TOFU to get a
+~280cm (~9'2") cable, which is then somewhat reasonable.
+
+At this stage, I'll definitely try this device as my main power source
+when I leave the office, but I'll probably bring a backup for my first
+international travels in case something goes wrong. I'm looking at
+Ugreen and Volta chargers as a backup for those.
+
+### Ugreen
+
+So I was recommended the Ugreen chargers, but unfortunately it seems
+their [international edition](https://ca.ugreen.com/collections/charger/products/ugreen-65w-nexode-gan-usb-c-3-port-charger-with-us-uk-eu-plug-for-travel) just disappeared from their
+website. A first attempt at contacting them yielded no response, and a
+second one yielded a *bounce* from qq.com telling me (in Chinese) "出
+错原因：该邮件内容涉嫌大量群发，并且被多数用户投诉为垃圾邮件。" which
+Google translates to "Reason for error: The content of this email is
+suspected of being mass-sent, and is complained by most users as
+spam."
+
+The Support button on their website does exactly fuckall, so I guess
+that's it for Ugreen.
+
+### Volta
+
+Volta has been a little more helpful and clarified it's possible to
+get extra international adapters for their chargers by email (which
+wasn't obvious from the website). But their charger is currently
+(2023-03-13) marked as "sold out", so I guess I'm stuck there as well.
 
 ## USB Docks
 

diff --git a/blog.mdwn b/blog.mdwn
index d9ac0cf9..8098ba11 100644
--- a/blog.mdwn
+++ b/blog.mdwn
@@ -76,7 +76,7 @@ trail=yes
 > author intentionally gave up early on understanding and simply rants
 > about everything that does not look or work as usual.
 >
-> Would not read again." — [Hacker News](https://news.ycombinator.com/item?id=31383007)
+> Would not read again." — [Hacker News](https://news.ycombinator.com/item?id=31383007), [response](https://anarc.at/blog/2022-05-13-brtfs-notes/#comment-103b2473a5c20f9a170e89b54f6f6b53)
 
 I welcome all feedback, and especially praise, but I also welcome
 constructive criticism. Readers should be warned that there might be

diff --git a/blog.mdwn b/blog.mdwn
index 1c4bedde..d9ac0cf9 100644
--- a/blog.mdwn
+++ b/blog.mdwn
@@ -53,7 +53,7 @@ trail=yes
 
 # Praise and other juicy comments
 
-> "Thoughtful write-up [...]"
+> "Thoughtful write-up"
 
 > "Delightful"
 
@@ -66,7 +66,7 @@ trail=yes
 > who understand it.
 >
 > Thanks for sending it this way! And great to see there are people
-> like you doing this work! Very important work!"xg
+> like you doing this work! Very important work!"
 
 > "Thank for the incredibly detailed review, et merci d’avoir créé un
 > site si intéressant, camarade!" — [Framework Forum](https://community.frame.work/t/intel-12th-gen-frame-work-laptop-consumer-reviews/22123/19?u=anarcat)

diff --git a/blog.mdwn b/blog.mdwn
index 7760c301..1c4bedde 100644
--- a/blog.mdwn
+++ b/blog.mdwn
@@ -51,6 +51,39 @@ trail=yes
  * [Comment contourner la censure en Tunisie](https://anarc.at/blog/2011-01-05-comment-contourner-la-censure-en-tunisie/) (2011, français)
  * [Comment la Tunisie censure l'internet](https://anarc.at/blog/2005-11-23-comment-la-tunisie-censure-linternet/) (2005, français)
 
+# Praise and other juicy comments
+
+> "Thoughtful write-up [...]"
+
+> "Delightful"
+
+> "Great read!"
+
+> "Thanks for undertime, life changing tool"
+
+> "Your article is great because it allows non-experts in technology to
+> understand it. Yet, it has the serious content on it for the people
+> who understand it.
+>
+> Thanks for sending it this way! And great to see there are people
+> like you doing this work! Very important work!"xg
+
+> "Thank for the incredibly detailed review, et merci d’avoir créé un
+> site si intéressant, camarade!" — [Framework Forum](https://community.frame.work/t/intel-12th-gen-frame-work-laptop-consumer-reviews/22123/19?u=anarcat)
+
+> "The article is mostly concerned with the author not understanding
+> BTRFS and ranting about it. To a degree, that one must assume, the
+> author intentionally gave up early on understanding and simply rants
+> about everything that does not look or work as usual.
+>
+> Would not read again." — [Hacker News](https://news.ycombinator.com/item?id=31383007)
+
+I welcome all feedback, and especially praise, but I also welcome
+constructive criticism. Readers should be warned that there might be
+profanity and ranting in my (unpaid) writing. Work that went through
+an editor first (e.g. my [[LWN articles|tag/lwn]]) will necessarily be
+more socially acceptable and less politically controversial.
+
 # Archives
 
 [[!template id="note" text="""

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 335dda00..d7ae2eda 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -321,16 +321,16 @@ confirmed that it should point a [quickstart guide](https://guides.frame.work/Gu
 bizarre twist, they somehow sent me the URL with the plus (`+`) signs
 escaped, like this:
 
-https://guides.frame.work/Guide/Framework\+Laptop\+DIY\+Edition\+Quick\+Start\+Guide/57
+    https://guides.frame.work/Guide/Framework\+Laptop\+DIY\+Edition\+Quick\+Start\+Guide/57
 
 ... which Firefox immediately transforms in:
 
-https://guides.frame.work/Guide/Framework/+Laptop/+DIY/+Edition/+Quick/+Start/+Guide/57
+    https://guides.frame.work/Guide/Framework/+Laptop/+DIY/+Edition/+Quick/+Start/+Guide/57
 
 I'm puzzled as to why they would send the URL that way, the proper URL
 is of course:
 
-https://guides.frame.work/Guide/Framework+Laptop+DIY+Edition+Quick+Start+Guide/57
+    https://guides.frame.work/Guide/Framework+Laptop+DIY+Edition+Quick+Start+Guide/57
 
 (They have also "let the team know about this for feedback and help
 resolve the problem with the link" which is a support code word for
@@ -2012,4 +2012,4 @@ long road trip across the continental US.
 
 
 <!-- posted to the federation on 2023-03-12T23:37:07.116407 -->
-[[!mastodon "https://kolektiva.social/@Anarcat/110013882492956555"]]
\ No newline at end of file
+[[!mastodon "https://kolektiva.social/@Anarcat/110013882492956555"]]

diff --git a/blog/2023-03-10-listening-processes.md b/blog/2023-03-10-listening-processes.md
index e5c9d5bd..3922d282 100644
--- a/blog/2023-03-10-listening-processes.md
+++ b/blog/2023-03-10-listening-processes.md
@@ -124,6 +124,12 @@ listening TCP sockets:
 
     lsof -iTCP -sTCP:LISTEN +c 15 | grep -v localhost | sort
 
+A shorter version from Adam Shand is:
+
+    lsof -i @localhost
+
+... which basically replaces the `grep -v localhost` line.
+
 In theory, this would do the equivalent on UDP
 
     lsof -iUDP -sUDP:^Idle

diff --git a/404.mdwn b/404.mdwn
index 3c0c7151..ea6ce85e 100644
--- a/404.mdwn
+++ b/404.mdwn
@@ -1,7 +1,7 @@
 This page does not exist. If you believe this is an error, please do
-contact me.
+[contact me](/contact).
 
 ----
 
 Cette page n'existe pas. Si vous croyez qu'il s'agit d'une erreur,
-contactez-moi.
+[contactez-moi](/contact).
diff --git a/contact.mdwn b/contact.mdwn
index b52cb608..b057ac43 100644
--- a/contact.mdwn
+++ b/contact.mdwn
@@ -2,9 +2,8 @@
 
 <span /><div class="nocount">
 
-Le meilleur moyen de me rejoindre est par courriel, utilisez l'adresse:
-
-[anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
+Le meilleur moyen de me rejoindre est par courriel, utilisez
+l'adresse: [anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
 
 Vous pouvez également encrypter vos messages avec cette
 [clef PGP](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe). Notez que
@@ -17,8 +16,11 @@ Vous pouvez également encrypter vos messages avec cette
 > Voir ce [makefile](../.well-known/openpgpkey/Makefile) pour plus
 > d'informations sur le comment de la chose.
 
-Les articles de blog acceptent les commentaires, mais sont sujet à
-modération et contrôles anti-spam.
+Les commentaires du blog passent par Mastodon, donc la modération de
+mon serveur Mastodon (et du vôtre!) s'appliquent ici.
+
+Si vous trouvez une erreur sur le site, vous pouvez la [signaler
+ici](https://gitlab.com/anarcat/anarc.at/-/issues/new).
 
 How to contact me
 =================
@@ -26,7 +28,6 @@ How to contact me
 ----
 
 The best way to reach me is by email, use the address:
-
 [anarcat+frontpage@anarc.at](mailto:anarcat+frontpage@anarc.at)
 
 You can also encrypt your messages with this [PGP key](../.well-known/openpgpkey/hu/myctwj4an6ne7htuzyoo8osctuji68xe), also
@@ -40,7 +41,9 @@ available on key servers and the [Web Key Discover protocol](https://keyserver.m
 > See the [makefile](../.well-known/openpgpkey/Makefile) for more
 > information on how this was built.
 
-Blog articles accept comments, but are subjected to moderation and
-anti-spam filtering.
+Blog articles accept comments through Mastodon, so moderation policies
+of that space (including your home server and mine) apply there.
+
+If you found an error on the le site, you can [report it here](https://gitlab.com/anarcat/anarc.at/-/issues/new).
 
 </div>

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index e0cd26d6..335dda00 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -47,7 +47,7 @@ had, in the meantime, reverted back to an old ThinkPad X220, so I
 sometimes compare the Framework with that venerable laptop as well.
 
 This blog post has been maturing for *months* now. It started in
-September 2023 and I declared it completed in March 2023. It's the
+September 2022 and I declared it completed in March 2023. It's the
 longest single article on this entire website, currently clocking at
 about 13,000 words. It will take an average reader a full hour to go
 through this thing, so I don't expect anyone to actually *do*
@@ -299,7 +299,7 @@ place supposedly leading to online instructions.
 
 ## Bad QR codes
 
-Unfortunately, the QR codes I tested (in the expansion card slow, the
+Unfortunately, the QR codes I tested (in the expansion card slot, the
 memory slot and CPU slots) did not actually work so I wonder how
 useful those actually are.
 

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 519abcf5..e0cd26d6 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2009,3 +2009,7 @@ long road trip across the continental US.
      handful of us in `#framework` on <https://libera.chat/>
 
 [[!tag blog debian-planet laptop hardware review debian]]
+
+
+<!-- posted to the federation on 2023-03-12T23:37:07.116407 -->
+[[!mastodon "https://kolektiva.social/@Anarcat/110013882492956555"]]
\ No newline at end of file

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index 8be5396e..519abcf5 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -1,4 +1,5 @@
 [[!meta title="Framework 12th gen laptop review"]]
+[[!meta date="2023-03-12T22:01:55-0400"]]
 
 The [Framework](https://frame.work) is a 13.5" laptop body with swappable parts, which
 makes it somewhat future-proof and certainly easily repairable,

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index ab6d7dbd..8be5396e 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -2007,4 +2007,4 @@ long road trip across the continental US.
      [talk of bridging it with IRC as well](https://community.frame.work/t/official-discord/14209/13), for now there's a
      handful of us in `#framework` on <https://libera.chat/>
 
-[[!tag blog draft debian-planet laptop hardware review debian]]
+[[!tag blog debian-planet laptop hardware review debian]]

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index c41858b5..ab6d7dbd 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -27,12 +27,12 @@ On the downside, there's a bit of proprietary firmware required (WiFi,
 Bluetooth, some graphics) and the Framework ships with a proprietary
 BIOS, with currently [no Coreboot support](https://news.ycombinator.com/item?id=32926736). Expect to need the
 latest kernel, firmware, and hacking around a bunch of things to get
-resolution and keybindings to get the laptop to work right. 
+resolution and keybindings working right. 
 
 Like others, I have first found significant power management issues,
 but many issues can actually be solved with some configuration. Some
 of the expansion ports (HDMI, DP, MicroSD, and SSD) use power when
-idle, so don't expect week-long suspend, or full day battery while
+idle, so don't expect week-long suspend, or "full day" battery while
 those are plugged in.
 
 Finally, the expansion ports are nice, but there's only four of
@@ -45,6 +45,17 @@ Read on for the detailed review. For context, I'm moving from the
 had, in the meantime, reverted back to an old ThinkPad X220, so I
 sometimes compare the Framework with that venerable laptop as well.
 
+This blog post has been maturing for *months* now. It started in
+September 2023 and I declared it completed in March 2023. It's the
+longest single article on this entire website, currently clocking at
+about 13,000 words. It will take an average reader a full hour to go
+through this thing, so I don't expect anyone to actually *do*
+that. This introduction should be good enough for most people, read
+the first section if you intend to actually buy a Framework. Jump
+around the table of contents as you see fit for after you did buy the
+laptop, as it might include some crucial hints on how to make it work
+best for you, especially on (Debian) Linux.
+
 [[!toc levels=5]]
 
 # Advice for buyers
@@ -56,13 +67,15 @@ Those are things I wish I would have known before buying:
     you do want to fill those expansion slots otherwise they snag
     around and feel insecure
 
- 2. you will likely need a dock if you want a two-monitor setup
+ 2. you will likely need a dock or at least a USB hub if you want a
+    two-monitor setup, otherwise you'll run out of ports
 
- 3. you might need to do some serious tuning to get proper (10h+ idle,
-    10 days suspend) power savings
+ 3. you have to do some serious tuning to get proper (10h+ idle, 10
+    days suspend) power savings
 
- 4. beware that the HDMI, DisplayPort and *particularly* the SSD and
-    MicroSD cards *do* take power, up to 2-6W for the latter two
+ 4. in particular, beware that the HDMI, DisplayPort and
+    *particularly* the SSD and MicroSD cards take a significant amount
+    power, even when sleeping, up to 2-6W for the latter two
 
  5. beware that the MicroSD card is what it says: Micro, normal SD
     cards won't fit, and while there might be [full sized](https://community.frame.work/t/i-found-an-sd-card-reader-that-fits/9910) one
@@ -78,10 +91,11 @@ Those are things I wish I would have known before buying:
 # Current status
 
 I have the framework! It's setup with a fresh new Debian bookworm
-installation. I've ran through a large number of tests and burn in and
-I'm satisfied I can use this as a daily driver. I currently only use
-it as a travel laptop however, which means it gets less testing than
-my usual computers.
+installation. I've ran through a large number of tests and burn in.
+
+I have decided to use the Framework as my daily driver, and had to buy
+a [[USB-C dock|blog/2023-02-10-usb-c]] to get my two monitors
+connected, which was own adventure.
 
 # Specifications
 
@@ -156,12 +170,12 @@ the laptop.
 
 ## Pros
 
- * seems easily repairable (qrcodes pointing to [repair guides](https://guides.frame.work/c/Framework_Laptop)!),
-   the 11th gen received a [10/10 score from ifixit.com](https://www.ifixit.com/News/51614/framework-laptop-teardown-10-10-but-is-it-perfect), which
-   they call "exceedingly rare", the 12th gen has a similar hardware
-   design and would probably rate similarly
+ * easily repairable (complete with QR codes pointing to [repair
+   guides](https://guides.frame.work/c/Framework_Laptop)!), the 11th gen received a [10/10 score from
+   ifixit.com](https://www.ifixit.com/News/51614/framework-laptop-teardown-10-10-but-is-it-perfect), which they call "exceedingly rare", the 12th gen
+   has a similar hardware design and would probably rate similarly
 
- * replaceable mainboard!!! can be reused as a NUC-like device, with a
+ * replaceable motherboard!!! can be reused as a NUC-like device, with a
    [3d-printed case](https://github.com/FrameworkComputer/Mainboard), 12th gen board can be bought standalone and
    retrofitted into an 11th gen case
 
@@ -182,11 +196,11 @@ the laptop.
    coreboot" (according to the Fedora developer) and [are testing
    firmware updates over fwupd](https://community.frame.work/t/framework-firmware-on-the-lvfs/4466), [present on LVFS testing](https://community.frame.work/t/bios-3-06-on-lvfs-testing-but-error-trying-to-update-under-fedora-35/11742), but
    [including for the 12th gen](https://knowledgebase.frame.work/en_us/framework-laptop-bios-and-driver-releases-12th-gen-intel-core-Bkx2kosqq), latest BIOS (3.06) was shipped
-   through LVFS!
+   through LVFS
 
  * [excellent documentation of the (proprietary) BIOS](https://community.frame.work/t/bios-guide/4178/1)
 
- * explicitly linux support with [install guides](https://frame.work/ca/en/linux), although you'll
+ * explicit Linux support with [install guides](https://frame.work/ca/en/linux), although you'll
    have to live with a bit of proprietary firmware, and not everything
    works correctly
 
@@ -198,7 +212,7 @@ the laptop.
 
  * the EC (Embedded Controller) is [open source](https://github.com/FrameworkComputer/EmbeddedController) so of course
    people are [hacking at it](https://github.com/lhl/linuxlaptops/wiki/2022-Framework-Laptop-DIY-Edition-12th-Gen-Intel-Batch-1#ectool), [some documentation on what's
-   possible](https://www.howett.net/posts/2021-12-framework-ec/) (e.g. changing led colors, fan curves, etc), [see
+   possible](https://www.howett.net/posts/2021-12-framework-ec/) (e.g. changing LED colors, fan curves, etc), [see
    also](https://github.com/lhl/linuxlaptops/wiki/2022-Framework-Laptop-DIY-Edition-12th-Gen-Intel-Batch-1#ectool)
 
 ## Cons
@@ -254,6 +268,9 @@ the laptop.
  * a bit pricey for the performance, especially when compared to the
    competition (e.g. Dell XPS, Apple M1)
 
+ * 12th gen Intel has glitchy graphics, seems like Intel hasn't fully
+   landed proper Linux support for that chipset yet
+
 # Initial hardware setup
 
 A breeze.
@@ -292,7 +309,7 @@ just don't work at all. I prefer the approach taken by the MNT reform
 here which designed (with the [100 rabbits folks](https://100r.co/)) an [actual paper
 handbook](https://shop.mntmn.com/products/mnt-reform-operator-handbook) ([PDF](https://mntre.com/media/reform_md/mnt-reform2-operator-handbook.pdf)).
 
-The first qrcode that's immediately visible from the back of the
+The first QR code that's immediately visible from the back of the
 laptop, in an expansion cord slot, is a 404. It *seems* to be some
 serial number URL, but I can't actually tell because, well, the page
 is a 404.
@@ -1989,3 +2006,5 @@ long road trip across the continental US.
    * [chat is on Discord](https://community.frame.work/t/official-discord/14209/), but [bridged with Matrix](https://matrix.to/#/#framework-space:matrix.org), there's
      [talk of bridging it with IRC as well](https://community.frame.work/t/official-discord/14209/13), for now there's a
      handful of us in `#framework` on <https://libera.chat/>
+
+[[!tag blog draft debian-planet laptop hardware review debian]]

diff --git a/blog/2023-03-10-listening-processes.md b/blog/2023-03-10-listening-processes.md
index d32494d9..e5c9d5bd 100644
--- a/blog/2023-03-10-listening-processes.md
+++ b/blog/2023-03-10-listening-processes.md
@@ -1,6 +1,6 @@
 [[!meta title="how to audit for open services with iproute2"]]
 
-The computer world has a tendency of reinventing the while once in a
+The computer world has a tendency of reinventing the wheel once in a
 while. I am not a fan of that process, but sometimes I just have to
 bite the bullet and adapt to change. This post explains how I adapted
 to one particular change: the `netstat` to `sockstat` transition.
@@ -188,4 +188,4 @@ Better ideas welcome.
 
 
 <!-- posted to the federation on 2023-03-10T14:17:42.043013 -->
-[[!mastodon "https://kolektiva.social/@Anarcat/110000594079496786"]]
\ No newline at end of file
+[[!mastodon "https://kolektiva.social/@Anarcat/110000594079496786"]]

diff --git a/blog/2022-06-17-matrix-notes.md b/blog/2022-06-17-matrix-notes.md
index 976fa06a..6eb56bc6 100644
--- a/blog/2022-06-17-matrix-notes.md
+++ b/blog/2022-06-17-matrix-notes.md
@@ -815,6 +815,8 @@ there's still a good variety:
  * [matrix-releasetracker](https://github.com/ananace/matrix-releasetracker): track releases on Git, GitLab, GitHub repositories
  * [remarkable-matrix](https://gitlab.com/ptman/remarkable-matrix): [Remarkable](https://remarkable.com/) sync with Matrix
  * [matrix-menu-bot](https://gitlab.com/ptman/matrix-menu-bot): a menu-based bot, derived from polls
+ * [postmoogle](https://gitlab.com/etke.cc/postmoogle): email gateway
+ * [cdj-matrix](https://lab.trax.im/matrix/cdj-to-matrix): bridge with [Class Dojo](https://classdojo.com/)
 
 One thing I haven't found an equivalent for is Debian's
 [MeetBot](https://wiki.debian.org/MeetBot). There's an [archive bot](https://github.com/russelldavies/matrix-archive) but it doesn't have topics

diff --git a/hardware/printer.md b/hardware/printer.md
index bfe714c2..d180855b 100644
--- a/hardware/printer.md
+++ b/hardware/printer.md
@@ -4,29 +4,39 @@
 
  * network port
  * "driverless printing"
- * laser
+ * laser (specifically, cheap per-page prints)
  * stellar Linux support
 
 ## Nice to have
 
  * colors
- * scanner/photocopier
+ * scanner, or at least photocopier
  * double-sided printing, AKA "[duplex printing](https://en.wikipedia.org/wiki/Duplex_printing)"
+ * fits one "ream" ("rame", 500 sheets)
 
 ## Must not have
 
- * ink-jet printing
+ * ink-jet printing, or specifically:
+   * high cost
+   * "drying out", I don't print often and this needs to keep working
 
 # Advice received
 
  * avoid HP (twice), although one concern was with their "printing as
    a service" approach with inkjet printer, which may not apply to me
-   (see also [this HN thread, which also includes laser printers
-   problems](https://news.ycombinator.com/item?id=29850987))
+   (see [this HN thread warning about HP using DRM for their cartridges](https://news.ycombinator.com/item?id=35063208))
  * good words about Canon, which I have a personal chip on the
-   shoulder with
+   shoulder with (see also [this HN thread warning about Canon
+   printers, which also includes laser printers problems](https://news.ycombinator.com/item?id=29850987))
+ * Brother printers have a lot of sympathy all around but *also*
+   started blocking non-OEM cartridges (see [this HN thread](https://news.ycombinator.com/item?id=31860131), yes,
+   again)
  * don't expect scanning to work from Linux, instead scan to a SMB
    share from the device (so look from SMB support)
+ * [Eco Tanks](https://www.epson.com.au/v2/ecotank/) are a bit of a game changer as they provide
+   laser-like price for ink jet printers... the Epson printers that do
+   it do have a hefty upfront cost, and they still seem to suffer from
+   "drying out" problems when not in use
 
 # Options
 
@@ -47,8 +57,21 @@ come to the following conclusion:
 
 <https://www.hp.com/us-en/shop/pdp/hp-color-laserjet-pro-mfp-m479fdw>
 
-recommended by Wirecutters and rtings.com
+Was recommended by [Wirecutters](https://www.nytimes.com/wirecutter/reviews/best-laser-printer/) in 2021 and rtings.com
 
  * [Staples](https://www.staples.ca/products/2946505-en-hp-color-laserjet-pro-mfp-m479dw-printer-w1a77abgj): CAD$699.99, [replacement B&W](https://www.staples.ca/products/24398984-en-hp-414a-w2020a-black-original-laserjet-toner-cartridge): 110$, 0.046$/page
 
 Carefully review this thread before buying anything HP: https://news.ycombinator.com/item?id=29850987
+
+## References
+
+ * [Wirecutters review](https://www.nytimes.com/wirecutter/reviews/best-laser-printer/), updated yearly, currently recommends the
+   [HP Color LaserJet Pro M255dw](https://www.hp.com/us-en/shop/pdp/hp-color-laserjet-pro-m255dw)
+ * [RTINGS](https://www.rtings.com/printer/reviews/best/by-type/laser) also produce a yearly review, currently recomments the
+   [Canon imageCLASS MF743Cdw](https://www.rtings.com/printer/reviews/canon/imageclass-mf743cdw) ([656$ at BestBuy](https://www.bestbuy.ca/fr-ca/produit/13796853), back-order,
+   [656$ at Staples](https://www.staples.ca/products/2948189-en-canon-imageclass-mf743cdw-colour-laser-printer)), 300 sheets only, toner is expensive [200$
+   for black at Staples](https://www.staples.ca/products/3029652-en-fuzion-canon-3020c001-055h-compatible-toner-high-yield-black) but has a high yield (7600 pages,
+   0.026$/sheet)
+ * [Tom's hardware laser vs inkjet](https://www.tomsguide.com/us/inkjet-vs-laser-printers,review-6199.html)
+ * [Digital trends laser vs inkjet](https://www.digitaltrends.com/computing/laser-printer-vs-inkjet/)
+ * [Consumer Reports review](https://www.consumerreports.org/electronics-computers/printers/) is paywalled

diff --git a/blog/2023-03-10-listening-processes.md b/blog/2023-03-10-listening-processes.md
index 5b38f56c..d32494d9 100644
--- a/blog/2023-03-10-listening-processes.md
+++ b/blog/2023-03-10-listening-processes.md
@@ -185,3 +185,7 @@ sure looks nice:
 Better ideas welcome.
 
 [[!tag debian-planet python-planet sysadmin]]
+
+
+<!-- posted to the federation on 2023-03-10T14:17:42.043013 -->
+[[!mastodon "https://kolektiva.social/@Anarcat/110000594079496786"]]
\ No newline at end of file

diff --git a/blog/2023-03-10-listening-processes.md b/blog/2023-03-10-listening-processes.md
new file mode 100644
index 00000000..5b38f56c
--- /dev/null
+++ b/blog/2023-03-10-listening-processes.md
@@ -0,0 +1,187 @@
+[[!meta title="how to audit for open services with iproute2"]]
+
+The computer world has a tendency of reinventing the while once in a
+while. I am not a fan of that process, but sometimes I just have to
+bite the bullet and adapt to change. This post explains how I adapted
+to one particular change: the `netstat` to `sockstat` transition.
+
+I used to do this to show which processes where listening on which
+port on a server:
+
+    netstat -anpe
+
+It was a handy mnemonic as, in France, [ANPE](https://en.wikipedia.org/wiki/Agence_nationale_pour_l%27emploi) was the agency
+responsible for the unemployed (basically). That would list all
+sockets (`-a`), not resolve hostnames (`-n`, because it's slow), show
+processes attached to the socket (`-p`) with extra info like the user
+(`-e`). This still works, but sometimes fail to find the actual
+process hooked to the port. Plus, it lists a whole bunch of UNIX
+sockets *and* non-listening sockets, which are generally irrelevant
+for such an audit.
+
+What I really wanted to use was really something like:
+
+    netstat -pleunt | sort
+
+... which has the "pleut" mnemonic ("rains", but plural, which makes
+no sense and would be badly spelled anyway). That also only lists
+listening (`-l`) and network sockets, specifically UDP (`-u`) and TCP
+(`-t`).
+
+But enough with the legacy, let's try the brave new world of sockstat
+which has the [unfortunate acronym](https://en.wikipedia.org/wiki/Schutzstaffel) `ss`. 
+
+The equivalent sockstat command to the above is:
+
+    ss -pleuntO
+
+It's similar to the above, except we need the `-O` flag otherwise `ss`
+does that confusing thing where it splits the output on multiple
+lines. But I actually use:
+
+    ss -plunt0
+
+... i.e. without the `-e` as the information it gives (cgroup, fd
+number, etc) is not much more useful than what's already provided with
+`-p` (service and UID).
+
+All of the above also show sockets that are not actually a concern
+because they only listen on localhost. Those one should be filtered
+out. So now we embark into that wild filtering ride.
+
+This is going to list all open sockets and show the port number and
+service:
+
+    ss -pluntO --no-header | sed 's/^\([a-z]*\) *[A-Z]* *[0-9]* [0-9]* *[0-9]* */\1/' | sed 's/^[^:]*:\(:\]:\)\?//;s/\([0-9]*\) *[^ ]*/\1\t/;s/,fd=[0-9]*//' | sort -gu
+
+For example on my desktop, it looks like:
+
+    anarcat@angela:~$ sudo ss -pluntO --no-header | sed 's/^\([a-z]*\) *[A-Z]* *[0-9]* [0-9]* *[0-9]* */\1/' | sed 's/^[^:]*:\(:\]:\)\?//;s/\([0-9]*\) *[^ ]*/\1\t/;s/,fd=[0-9]*//' | sort -gu
+    	      [::]:* users:(("unbound",pid=1864))        
+    22	users:(("sshd",pid=1830))           
+    25	users:(("master",pid=3150))        
+    53	users:(("unbound",pid=1864))        
+    323	users:(("chronyd",pid=1876))        
+    500	users:(("charon",pid=2817))        
+    631	users:(("cups-browsed",pid=2744))   
+    2628	users:(("dictd",pid=2825))          
+    4001	users:(("emacs",pid=3578))          
+    4500	users:(("charon",pid=2817))        
+    5353	users:(("avahi-daemon",pid=1423))  
+    6600	users:(("systemd",pid=3461))       
+    8384	users:(("syncthing",pid=232169))   
+    9050	users:(("tor",pid=2857))            
+    21027	users:(("syncthing",pid=232169))   
+    22000	users:(("syncthing",pid=232169))   
+    33231	users:(("syncthing",pid=232169))   
+    34953	users:(("syncthing",pid=232169))   
+    35770	users:(("syncthing",pid=232169))   
+    44944	users:(("syncthing",pid=232169))   
+    47337	users:(("syncthing",pid=232169))   
+    48903	users:(("mosh-client",pid=234126))  
+    52774	users:(("syncthing",pid=232169))   
+    52938	users:(("avahi-daemon",pid=1423))  
+    54029	users:(("avahi-daemon",pid=1423))  
+    anarcat@angela:~$
+
+But that doesn't filter out the localhost stuff, lots of false
+positive (like emacs, above). And this is where it gets... not fun, as
+you need to match "localhost" but we don't resolve names, so you need
+to do some fancy pattern matching:
+
+    ss -pluntO --no-header | \
+        sed 's/^\([a-z]*\) *[A-Z]* *[0-9]* [0-9]* *[0-9]* */\1/;s/^tcp//;s/^udp//' | \
+        grep -v -e '^\[fe80::' -e '^127.0.0.1' -e '^\[::1\]' -e '^192\.' -e '^172\.' | \
+        sed 's/^[^:]*:\(:\]:\)\?//;s/\([0-9]*\) *[^ ]*/\1\t/;s/,fd=[0-9]*//' |\
+        sort -gu
+
+This is kind of horrible, but it works, those are the actually open
+ports on my machine:
+
+    anarcat@angela:~$ sudo ss -pluntO --no-header |         sed 's/^\([a-
+    z]*\) *[A-Z]* *[0-9]* [0-9]* *[0-9]* */\1/;s/^tcp//;s/^udp//' |      
+       grep -v -e '^\[fe80::' -e '^127.0.0.1' -e '^\[::1\]' -e '^192\.' -
+    e '^172\.' |         sed 's/^[^:]*:\(:\]:\)\?//;s/\([0-9]*\) *[^ ]*/\
+    1\t/;s/,fd=[0-9]*//' |        sort -gu
+    22	users:(("sshd",pid=1830))           
+    500	users:(("charon",pid=2817))        
+    631	users:(("cups-browsed",pid=2744))   
+    4500	users:(("charon",pid=2817))        
+    5353	users:(("avahi-daemon",pid=1423))  
+    6600	users:(("systemd",pid=3461))       
+    21027	users:(("syncthing",pid=232169))   
+    22000	users:(("syncthing",pid=232169))   
+    34953	users:(("syncthing",pid=232169))   
+    35770	users:(("syncthing",pid=232169))   
+    48903	users:(("mosh-client",pid=234126))  
+    52938	users:(("avahi-daemon",pid=1423))  
+    54029	users:(("avahi-daemon",pid=1423))
+
+
+Surely there *must* be a better way. It turns out that `lsof` can do
+some of this, and it's relatively straightforward. This lists all
+listening TCP sockets:
+
+    lsof -iTCP -sTCP:LISTEN +c 15 | grep -v localhost | sort
+
+In theory, this would do the equivalent on UDP
+
+    lsof -iUDP -sUDP:^Idle
+
+... but in reality, it looks like lsof on Linux can't figure out the
+state of a UDP socket:
+
+    lsof: no UDP state names available: UDP:^Idle
+
+... which, honestly, I'm baffled by. It's strange because `ss` *can*
+figure out the state of those sockets, heck it's how `-l` vs `-a`
+works after all. So we need something else to show listening UDP
+sockets.
+
+The following actually looks pretty good after all:
+
+    ss -pluO
+
+That will list `localhost` sockets of course, so we can explicitly ask
+`ss` to resolve those and filter them out with something like:
+
+    ss -plurO | grep -v localhost
+
+oh, and look here! `ss` supports pattern matching, so we can actually
+tell it to ignore `localhost` directly, which removes that horrible
+`sed` line we used earlier:
+
+    ss -pluntO '! ( src = localhost )'
+
+That actually gives a pretty readable output. One annoyance is we
+can't really modify the columns here, so we still need some god-awful
+sed hacking on top of that to get a cleaner output:
+
+    ss -nplutO '! ( src = localhost )'  | \
+        sed 's/\(udp\|tcp\).*:\([0-9][0-9]*\)/\2\t\1\t/;s/\([0-9][0-9]*\t[udtcp]*\t\)[^u]*users:(("/\1/;s/".*//;s/.*Address:Port.*/Netid\tPort\tProcess/' | \
+        sort -nu
+
+That looks horrible and is basically impossible to memorize. But it
+sure looks nice:
+
+    anarcat@angela:~$ sudo ss -nplutO '! ( src = localhost )'  | sed 's/\(udp\|tcp\).*:\([0-9][0-9]*\)/\2\t\1\t/;s/\([0-9][0-9]*\t[udtcp]*\t\)[^u]*users:(("/\1/;s/".*//;s/.*Address:Port.*/Port\tNetid\tProcess/' | sort -nu
+
+    Port	Netid	Process
+    22	tcp	sshd
+    500	udp	charon
+    546	udp	NetworkManager
+    631	udp	cups-browsed
+    4500	udp	charon
+    5353	udp	avahi-daemon
+    6600	tcp	systemd
+    21027	udp	syncthing
+    22000	udp	syncthing
+    34953	udp	syncthing
+    35770	udp	syncthing
+    48903	udp	mosh-client
+    52938	udp	avahi-daemon
+    54029	udp	avahi-daemon
+
+Better ideas welcome.
+
+[[!tag debian-planet python-planet sysadmin]]
diff --git a/blog/listening-processes.md b/blog/listening-processes.md
deleted file mode 100644
index 2b37d358..00000000
--- a/blog/listening-processes.md
+++ /dev/null
@@ -1,8 +0,0 @@
-

(fichier de différences tronqué)

diff --git a/blog/mobile-massive-gallery.md b/blog/mobile-massive-gallery.md
new file mode 100644
index 00000000..61833e1d
--- /dev/null
+++ b/blog/mobile-massive-gallery.md
@@ -0,0 +1,112 @@
+
+docker-compose -f compose-nextcloud.yml up -d
+docker-compose -f compose-nextcloud.yml down -v
+
+docker-compose -f compose-nextcloud.yml exec --user www-data app php occ app:enable files_external
+
+docker-compose -f compose-nextcloud.yml exec --user www-data app php occ files_external:create photos local null::null -c datadir=/srv/Photos
+
+
+docker-compose -f compose-nextcloud.yml exec --user www-data app php occ files:scan --all
+root@marcos:/etc/docker# docker-compose -f compose-nextcloud.yml exec --user www-data app php occ files:scan --all
+Starting scan for user 1 out of 1 (admin)
+^CInterrupted by user
++---------+--------+--------------+
+| Folders | Files  | Elapsed time |
++---------+--------+--------------+
+| 103298  | 112298 | 00:16:44     |
++---------+--------+--------------+
+
+root@marcos:/etc/docker# docker-compose -f compose-nextcloud.yml down -v --rmi all
+Stopping docker_app_1 ... done
+Removing docker_app_1 ... done
+Removing network docker_default
+Removing volume docker_nextcloud
+Removing image nextcloud
+
+[Nextcloud Yaga](https://vauvenal5.github.io/yaga-docs/) might be an acceptable alternative?
+
+https://apps.nextcloud.com/apps/previewgenerator
+https://rayagainstthemachine.net/linux%20administration/nextcloud-photos/
+
+https://gitlab.com/steviehs/digipics might help in fixing the "albums"?
+
+possibly alternative by bohwaz https://github.com/kd2org/karadav/
+https://mamot.fr/@bohwaz/109890893734823557
+
+https://www.photoprism.app/
+
+lack of mobile app
+https://github.com/photoprism/photoprism/issues/1666
+
+incompatible flutter app
+https://github.com/thielepaul/photoprism-mobile
+
+
+requires mariadb, sqlite not recommended
+
+
+https://docs.photoprism.app/getting-started/docker-compose/
+
+https://docs.photoprism.app/user-guide/first-steps/
+
+root@marcos:/etc/docker# docker-compose -f /home/anarcat/compose-photoprism.yml exec photoprism photoprism index --cleanup
+
+root@marcos:/etc/docker# docker-compose -f /home/anarcat/compose-photoprism.yml up -d
+
+root@marcos:/etc/docker# docker-compose -f /home/anarcat/compose-photoprism.yml exec photoprism photoprism passwd
+
+INFO[2023-02-20T00:25:26Z] indexed 81,622 files in 3h59m47.915792756s
+
+
+next run:
+
+```
+INFO[2023-02-20T16:15:19Z] cleanup: removed 50 index entries and 100 sidecar files [1.964059441s] 
+INFO[2023-02-20T16:15:19Z] cleanup: searching for orphaned thumbnails   
+INFO[2023-02-20T16:15:20Z] cleanup: removed 449 thumbnail files [766.178938ms] 
+INFO[2023-02-20T16:15:20Z] cleanup: removed 549 files in total [2.930403997s] 
+INFO[2023-02-20T16:15:20Z] indexed 82,628 files in 26m41.307215045s     
+```
+
+noop run:
+
+```
+INFO[2023-02-20T16:21:20Z] indexed 82,628 files in 3m46.58783669s       
+```
+
+calendar issues (missing parts of 2022): https://github.com/photoprism/photoprism/discussions/3214
+
+
+no support for XMP tags: https://github.com/photoprism/photoprism/issues/1143
+or 5-stars https://github.com/photoprism/photoprism/issues/713
+does not write metadata back to disk https://github.com/photoprism/photoprism/issues/402
+
+
+rescan --force 
+
+```
+INFO[2023-02-20T17:54:11Z] indexed 82,692 files in 1h10m28.674348629s   
+```
+
+
+https://arstechnica.com/gadgets/2021/06/the-big-alternatives-to-google-photos-showdown/
+
+https://photonix.org/
+
+interesting, has a [mobile app](https://play.google.com/store/apps/details?id=org.photonix.mobile) (not in f-droid, but [source
+available](https://github.com/photonixapp/photonix-mobile), also [desktop app](https://github.com/photonixapp/photonix-desktop) (probably Electron). main app is
+Python + JS.
+
+https://github.com/LibrePhotos/librephotos [mobile apps](https://docs.librephotos.com/2/mobile/) immature.
+
+[lychee](https://github.com/LycheeOrg/Lychee/) [no mobile app](https://github.com/LycheeOrg/Lychee/issues/1013)
+
+[piwigo](https://github.com/Piwigo/) has a [mobile app](https://github.com/Piwigo/Piwigo-Android) but is struggling to keep it up to
+date.
+
+[PhotoChiotte](https://gitlab.com/LaDaubePhotoChiotte/photochiotte) has an awful name but seems like a clever
+solution. All the logic is inside the mobile app and the server is a
+"dumb" web server with pregenerated thumbnails. Might be interesting.
+
+[[!tag draft]]
diff --git a/blog/secrets-recovery.md b/blog/secrets-recovery.md
new file mode 100644
index 00000000..297376aa
--- /dev/null
+++ b/blog/secrets-recovery.md
@@ -0,0 +1,40 @@
+I've been using PGP for a long time, before it was even called
+OpenPGP. The first PGP key I can find dates from 2000, and I have had
+multiple keys since then.
+
+[paperkey](https://www.jabberwocky.com/software/paperkey/) extracts only the secret bits of an OpenPGP secret key
+and therefore allows you to make a smaller backup of secret key
+material.
+
+Since QR codes can [only store about 3KB of data](https://stackoverflow.com/questions/11065415/how-much-data-information-can-we-save-store-in-a-qr-code), we need
+something more than "just tweak the `qrencode` settings". Something
+like [qr-backup](https://github.com/za3k/qr-backup).
+
+include text: https://github.com/za3k/qr-backup/issues/48
+remove imagemagick dep: https://github.com/za3k/qr-backup/issues/47
+
+qr-backup just fails to print:
+https://github.com/za3k/qr-backup/issues/49
+
+https://github.com/jmlemetayer/gpg2qr only does pgp, less interesting.
+
+https://github.com/intra2net/paperbackup is interesting as well, as it
+has a text copy of the backup, something which qr-backup doesn't do.
+
+paperbackup crashes because python-qrencode is desperately out of
+date:
+
+https://github.com/Arachnid/pyqrencode/issues/13
+
+but also fails to verify because of same bug as qrbackup:
+https://github.com/intra2net/paperbackup/issues/17
+
+it also doesn't include good instructions in the restore:
+
+https://github.com/intra2net/paperbackup/issues/16
+
+nmu'd python-qrencode
+
+https://github.com/intra2net/paperbackup/pull/18
+
+[[!tag draft]]

diff --git a/software/zfs.md b/software/zfs.md
index f78feebf..fcc6fef2 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -249,6 +249,15 @@ tools, fairly minimalist.
 
 Packaged in Debian.
 
+### Other DIY solutions
+
+twb (`#debian-til`) wrote [cyber-zfs-backup](https://github.com/cyberitsolutions/cyber-zfs-backup). It's short (~300
+SLOCC lines of Python, 1600 with comments) and features a MySQL
+"quiescence" hook (another 100 SLOCC).
+
+Another person from the Debian community wrote their own shell script,
+[backup-zfs](https://github.com/ChibaPet/backup-zfs).
+
 # Caveats
 
 ## Empty datasets

diff --git a/services/dns.mdwn b/services/dns.mdwn
index f706675f..cbe1a90c 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -70,6 +70,8 @@ n'est pas clair, dans l'interface, qui a accès à mes domaines.
 | opensrs.net       | 13.00USD | 15.00USD | 15.50USD | 15.00USD | 15.00USD | reseller, bulk pricing                 |
 | porkbun.com       | 9.73USD  | 7.49USD  | 11.48USR | N/A      | N/A      |                                        |
 
+Voir aussi [cette discussion](https://lobste.rs/s/flcpop/what_domain_registrar_is_worth_using).
+
 [vendus]: https://news.gandi.net/en/2019/02/futureofgandi-the-adventure-continues/
 [bis]: https://amp-bourse.lefigaro.fr/fonds/montefiore-investment-cede-sa-participation-dans-gandi-a-total-webhosting-solutions-20230221
 

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index d281e3d4..c41858b5 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -1232,10 +1232,47 @@ The upcoming 6.2 Linux kernel might also improve battery usage when
 idle, see [this Phoronix article for details](https://www.phoronix.com/news/Lazy-RCU-Likely-For-Linux-6.2), likely in early
 2023.
 
+### Idle power usage tests under Wayland
+
 Update: I redid those tests under Wayland, see [[powerstat-wayland]]
 for details. The TL;DR: is that power consumption is either smaller or
 similar.
 
+### Idle power usage tests, 3.06 beta BIOS
+
+I redid the idle tests after the [3.06 beta BIOS update](https://community.frame.work/t/12th-gen-intel-core-bios-3-06-beta/25726) and ended
+up with this results:
+
+| Device           | Minimum | Average | Max   | Stdev | Note                                          |
+|------------------|---------|---------|-------|-------|-----------------------------------------------|
+| Baseline         | 1.96W   | 2.01W   | 2.11W | 30mW  | 1 USB-C, screen off, backlight off, no radios |
+| 2 USB-C          | 1.95W   | 2.16W   | 3.69W | 430mW | USB-C confirmed as mostly passive...          |
+| 3 USB-C          | 1.95W   | 2.16W   | 3.69W | 430mW | ... although with extra stdev                 |
+| 1TB SSD          | 3.72W   | 3.85W   | 4.62W | 200mW | unchanged from before upgrade                 |
+| 1 USB-A          | 1.97W   | 2.18W   | 4.02W | 530mW | unchanged                                     |
+| 2 USB-A          | 1.97W   | 2.00W   | 2.08W | 30mW  | unchanged                                     |
+| 3 USB-A          | 1.94W   | 1.99W   | 2.03W | 20mW  | unchanged                                     |
+| MicroSD w/o card | 3.54W   | 3.58W   | 3.71W | 40mW  | significant improvement! 2-3W power saving!   |
+| MicroSD w/ card  | 3.53W   | 3.72W   | 5.23W | 370mW | new measurement! increased deviation          |
+| DisplayPort      | 2.28W   | 2.31W   | 2.37W | 20mW  | unchanged                                     |
+| 1 HDMI           | 2.43W   | 2.69W   | 4.53W | 460mW | unchanged                                     |
+| 2 HDMI           | 2.53W   | 2.59W   | 2.67W | 30mW  | unchanged                                     |
+| External USB     | 3.85W   | 3.89W   | 3.94W | 30mW  | new result                                    |
+| Ethernet         | 3.60W   | 3.70W   | 4.91W | 230mW | unchanged                                     |
+
+Note that the table summary is different than the previous table: here
+we show the absolute numbers while the previous table was doing a
+confusing attempt at showing relative (to the baseline) numbers.
+
+Conclusion: the 3.06 BIOS update did not significantly change idle
+power usage stats *except* for the MicroSD card which has
+significantly improved.
+
+The new "external USB" test is also interesting: it shows how the
+provided 1TB SSD card performs (admirably) compared to existing
+devices. The other new result is the MicroSD card with a card which,
+interestingly, uses *less* power than the 1TB SSD drive.
+
 ### Standby battery usage
 
 I wrote some [[quick hack to evaluate how much power is used during
@@ -1421,12 +1458,41 @@ Conclusions:
 
 A discussion of those results is in [this forum post](https://community.frame.work/t/expansion-card-standby-battery-usage-tests-results/23711?u=anarcat).
 
-Note: Framework recently (2022-11-07) [announced](https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/commit/f8c29ec91fb8ecdf7429c585b7f0b2fb4b8edf7b) that they will
-publish a firmware upgrade to address some of the USB-C issues,
-including power management. This could positively affect the above
-result, improving both [standby](https://news.ycombinator.com/item?id=33512510) and runtime power usage.
-
-TODO: redo evaluation after the firmware upgrade comes out.
+### Standby expansion cards test results, 3.06 beta BIOS
+
+Framework recently (2022-11-07) [announced](https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/commit/f8c29ec91fb8ecdf7429c585b7f0b2fb4b8edf7b) that they will publish
+a firmware upgrade to address some of the USB-C issues, including
+power management. This could positively affect the above result,
+improving both [standby](https://news.ycombinator.com/item?id=33512510) and runtime power usage. 
+
+The update [came out in December 2022](https://community.frame.work/t/12th-gen-intel-core-bios-3-06-beta/25726) and I redid my analysis with
+the following results:
+
+| Device      | Wattage | Amperage | Days | Note                              |
+|-------------|---------|----------|------|-----------------------------------|
+| baseline    | 0.25W   | 16mA     | 9    | no cards, same as before upgrade  |
+| 1 USB-C     | 0.25W   | 16mA     | 9    | same as before                    |
+| 2 USB-C     | 0.25W   | 16mA     | 9    | same                              |
+| 1 USB-A     | 0.80W   | 62mA     | 3    | +550mW!! *worse* than before      |
+| 2 USB-A     | 1.12W   | 73mA     | <2   | +320mW, on top of the above, bad! |
+| Ethernet    | 0.62W   | 40mA     | 3-4  | new result, decent                |
+| 1TB SSD     | 0.52W   | 34mA     | 4    | a bit worse than before (+2mA)    |
+| MicroSD     | 0.51W   | 22mA     | 4    | same                              |
+| DisplayPort | 0.52W   | 34mA     | 4+   | upgrade improved by 300mW         |
+| 1 HDMI      | ?       | 38mA     | ?    | same                              |
+| 2 HDMI      | ?       | 45mA     | ?    | a bit worse than before (+3mA)    |
+| Normal      | 1.08W   | 70mA     | ~2   | Ethernet, 2 USB-C, USB-A          |
+
+Full results in [[standby-tests-306]]. The big takeaway for me is that
+the update did *not* improve power usage on the USB-A ports which is a
+big problem for my use case. There is a notable improvement on the
+DisplayPort power consumption which brings it more in line with the
+HDMI connector, but it still doesn't properly turn off on suspend
+either.
+
+Even worse, the USB-A ports now sometimes [fails to resume after
+suspend](https://community.frame.work/t/responded-usb-a-expansion-card-stops-working-until-unplugged/26579?u=anarcat), which is pretty annoying. This is a [known problem](https://community.frame.work/t/12th-gen-intel-core-bios-3-06-beta/25726/109?u=anarcat)
+that will hopefully get fixed in the final release.
 
 ### Battery wear protection
 
diff --git a/hardware/laptop/framework-12th-gen/powerstat-306.md b/hardware/laptop/framework-12th-gen/powerstat-306.md
index e322ae84..de885f82 100644
--- a/hardware/laptop/framework-12th-gen/powerstat-306.md
+++ b/hardware/laptop/framework-12th-gen/powerstat-306.md
@@ -1,3 +1,25 @@
+This page documents a set of tests that were performed on the
+Framework 12th gen laptop after the [3.06 beta BIOS upgrade](https://community.frame.work/t/12th-gen-intel-core-bios-3-06-beta/25726/109?u=anarcat).
+
+The summary is basically:
+
+| Device           | Minimum | Average | Max   | Stdev | Note                                          |
+|------------------|---------|---------|-------|-------|-----------------------------------------------|
+| Baseline         | 1.96W   | 2.01W   | 2.11W | 30mW  | 1 USB-C, screen off, backlight off, no radios |
+| 2 USB-C          | 1.95W   | 2.16W   | 3.69W | 430mW | USB-C confirmed as mostly passive...          |
+| 3 USB-C          | 1.95W   | 2.16W   | 3.69W | 430mW | ... although with extra stdev                 |
+| 1TB SSD          | 3.72W   | 3.85W   | 4.62W | 200mW | unchanged from before upgrade                 |
+| 1 USB-A          | 1.97W   | 2.18W   | 4.02W | 530mW | unchanged                                     |
+| 2 USB-A          | 1.97W   | 2.00W   | 2.08W | 30mW  | unchanged                                     |
+| 3 USB-A          | 1.94W   | 1.99W   | 2.03W | 20mW  | unchanged                                     |
+| MicroSD w/o card | 3.54W   | 3.58W   | 3.71W | 40mW  | significant improvement! 2-3W power saving!   |
+| MicroSD w/ card  | 3.53W   | 3.72W   | 5.23W | 370mW | new measurement! increased deviation          |
+| DisplayPort      | 2.28W   | 2.31W   | 2.37W | 20mW  | unchanged                                     |
+| 1 HDMI           | 2.43W   | 2.69W   | 4.53W | 460mW | unchanged                                     |
+| 2 HDMI           | 2.53W   | 2.59W   | 2.67W | 30mW  | unchanged                                     |
+| External USB     | 3.85W   | 3.89W   | 3.94W | 30mW  | new result                                    |
+| Ethernet         | 3.60W   | 3.70W   | 4.91W | 230mW | unchanged                                     |
+
 # Baseline
 
 Those tests were performed in a full multi-user mode Wayland graphical
@@ -5,6 +27,8 @@ session, with this command:
 
     systemctl --user stop swayidle syncthing ; sudo rfkill block all ; brightnessctl set 0% ; sudo powerstat ; brightnessctl set 50%
 
+Those tests were also performed after the [3.06 beta BIOS upgrade](https://community.frame.work/t/12th-gen-intel-core-bios-3-06-beta/25726/109?u=anarcat).
+
 ## No modules, no radios, no backlight, screen off
 
     -------- ----- ----- ----- ----- ----- ---- ------ ------ ---- ---- ---- ------ 
@@ -243,14 +267,6 @@ there.
 
 Before resuming tests here, make sure we validate a baseline.
 
-# MicroSD
-# 1 USB-A
-# 2 USB-A
-# 3 USB-A
-# Ethernet
-# DisplayPort
-# 1 HDMI
-# 2 HDMI
 # 2 usbc 1 usb a ethernet
 
     -------- ----- ----- ----- ----- ----- ---- ------ ------ ---- ---- ---- ------ 
@@ -388,12 +404,8 @@ card, but let's try with two and see what happens...
      Maximum   0.1   0.0   0.1  99.9   0.1  2.0  443.4  215.6 108.0 64.0 107.0   2.67 
     -------- ----- ----- ----- ----- ----- ---- ------ ------ ---- ---- ---- ------
 
-Now that is an improvement however. We were previously adding more
-power as HDMI cards were added, but *this* result seems to show the
-power usage is constant with more cards. 
-
-In other words, the cards are mostly passive, apart from some base
-circuitry that starts up when *any* HDMI card is plugged in.
+This is consistent with the previous results which showed a slight
+bump in power usage (+100mW on the Minimum) as new cards are added.
 
 # back to baseline: success
 

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index a2158502..83599a30 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -26,15 +26,21 @@ what works and doesn't, in descending order of (totally subjective)
 
 | Model                          | Resolution     | Size  | Contrast | Lat  | Connectors              | Notes                            | Status |
 |--------------------------------|----------------|-------|----------|------|-------------------------|----------------------------------|--------|
-| [Samsung B2330H][]             | 1920x1080@60Hz | 23"   | 70000:1  | 5ms  | VGA HDMI DVI            | molten hole in the back          | alexis |
 | [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz | 20"   | 2000:1   | 5ms  | VGA DVI                 | looks great, one dead pixel      | angela |
-| [Acer X193w][]                 | 1440x900@75Hz  | 19"   | 2000:1   | 5ms  | VGA                     | flaky, top partially melted      | angela |
 | [Acer P186HV][]                | 1366x768@60Hz  | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty              | simon  |
-| [HP L2245wg][]                 | 1680x1050@60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W    | simon  |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating                 | marcos |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating                 | curie  |
-| [LG Flatron L1718S][]          | 1280x1024@75Hz | 17"   | 700:1    | ?    | VGA                     | square, 35W                      | lost?  |
-| [Toshiba 19AV500U][]           | 1440x900@?Hz   | 19"   | ?        | ?    | VGA HDMI component coax | it's a TV! not working in Linux? |        |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating, flickering     | marcos |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating, flickering     | curie  |
+
+The LG takes a long time to return from sleep.
+
+A note on the Dell 1704FPvt monitors: they can't be used for
+desktops. Their design resolution is 1280x1024 which is a little low,
+but worse than this it can't actually hold that resolution. The top of
+the monitors has shearing and flickering which make it almost
+unusable. Oddly, 1280x800 actually works, but creates a gap on the
+right side, really strange. But for diagnostics on servers they are
+great because the stand can be removed easily so they're easy to
+squeeze in places and so on.
 
 [HP L2245wg]: https://support.hp.com/ca-en/product/hp-l2245wg-22-inch-widescreen-lcd-monitor/3758498/
 [Toshiba 19AV500U]: https://productz.com/en/toshiba-19av500u/p/eWMGr#full-specs
@@ -45,13 +51,35 @@ what works and doesn't, in descending order of (totally subjective)
 [Samsung B2330H]: https://www.samsung.com/us/business/support/owners/product/b2330-series-b2330hd/
 [LG Flatron L1718S]: https://www.lg.com/us/support/product/lg-L1718S-BN.AUS
 
-Update: I replaced with the LG Flatron Wid L204WTX-SF, on an "arm",
-because the HP was getting finicky: it would "short" and blank out,
-get all "fuzzy" and weird. The new monitor looks *much* better.
+## Retired
+
+Those monitors have problems and will be scrapped eventually:
+
+| Model                          | Resolution     | Size  | Contrast | Lat  | Connectors              | Notes                            | Status |
+|--------------------------------|----------------|-------|----------|------|-------------------------|----------------------------------|--------|
+| [HP L2245wg][]                 | 1680x1050@60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W    | simon  |
+| [Acer X193w][]                 | 1440x900@75Hz  | 19"   | 2000:1   | 5ms  | VGA                     | flaky, top partially melted      | angela |
+
+The HP was retired because it was getting finicky: it would "short"
+and blank out, get all "fuzzy" and weird. The new monitor (the [LG
+Flatron Wide L204WTX-SF][]) looks *much* better anyway.
 
 Extra specs for the HP: [upstream](https://support.hp.com/us-en/product/hp-l2245wg-22-inch-widescreen-lcd-monitor/3758498/manuals), [manual](http://h10032.www1.hp.com/ctg/Manual/c01555675).
 
-Those monitors do not power up at all:
+The Acer was retired because it had some flickering and would
+sometimes fail to return from sleep.
+
+## Scrapped or lost
+
+Those monitors were either scrapped or lost:
+
+| Model                 | Resolution     | Size | Contrast | Lat | Connectors              | Notes                            | Status |
+|-----------------------|----------------|------|----------|-----|-------------------------|----------------------------------|--------|
+| [Toshiba 19AV500U][]  | 1440x900@?Hz   | 19"  | ?        | ?   | VGA HDMI component coax | it's a TV! not working in Linux? | lost?  |
+| [LG Flatron L1718S][] | 1280x1024@75Hz | 17"  | 700:1    | ?   | VGA                     | square, 35W                      | lost?  |
+| [Samsung B2330H][]    | 1920x1080@60Hz | 23"  | 70000:1  | 5ms | VGA HDMI DVI            | molten hole in the back          | alexis |
+
+This monitor did not power up at all:
 
  * Philips 170B
 

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 87c8ddc3..a2158502 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -24,19 +24,19 @@ I somehow managed to collect a ridiculous pile of old monitors. Here's
 what works and doesn't, in descending order of (totally subjective)
 "quality":
 
-| Model                          | Resolution       | Size  | Contrast | Lat  | Connectors              | Notes                            | Status   |
-|--------------------------------|------------------|-------|----------|------|-------------------------|----------------------------------|----------|
-| [Samsung B2330H][]             | 1920x1080@60Hz   | 23"   | 70000:1  | 5ms  | VGA HDMI DVI            | molten hole in the back          | alexis   |
-| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz   | 20"   | 2000:1   | 5ms  | VGA DVI                 | looks great, one dead pixel      | curie    |
-| [Acer X193w][]                 | 1440x900@75Hz    | 19"   | 2000:1   | 5ms  | VGA                     | flaky, top partially melted      | curie    |
-| [Acer P186HV][]                | 1366x768@60Hz    | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty              | simon    |
-| [HP L2245wg][]                 | 1680x1050 @ 60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W    | ex-curie |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating           | marcos   |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating           | spare    |
-| [LG Flatron L1718S][]          | 1280x1024@75Hz   | 17"   | 700:1    | ?    | VGA                     | square, 35W                      | lost?    |
-| [Toshiba 19AV500U][]           | 1440x900@?Hz     | 19"   | ?        | ?    | VGA HDMI component coax | it's a TV! not working in Linux? |          |
-
-[HP L2245wg]: https://www.cnet.com/products/hp-l2245wg/
+| Model                          | Resolution     | Size  | Contrast | Lat  | Connectors              | Notes                            | Status |
+|--------------------------------|----------------|-------|----------|------|-------------------------|----------------------------------|--------|
+| [Samsung B2330H][]             | 1920x1080@60Hz | 23"   | 70000:1  | 5ms  | VGA HDMI DVI            | molten hole in the back          | alexis |
+| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz | 20"   | 2000:1   | 5ms  | VGA DVI                 | looks great, one dead pixel      | angela |
+| [Acer X193w][]                 | 1440x900@75Hz  | 19"   | 2000:1   | 5ms  | VGA                     | flaky, top partially melted      | angela |
+| [Acer P186HV][]                | 1366x768@60Hz  | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty              | simon  |
+| [HP L2245wg][]                 | 1680x1050@60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W    | simon  |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating                 | marcos |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | square, rotating                 | curie  |
+| [LG Flatron L1718S][]          | 1280x1024@75Hz | 17"   | 700:1    | ?    | VGA                     | square, 35W                      | lost?  |
+| [Toshiba 19AV500U][]           | 1440x900@?Hz   | 19"   | ?        | ?    | VGA HDMI component coax | it's a TV! not working in Linux? |        |
+
+[HP L2245wg]: https://support.hp.com/ca-en/product/hp-l2245wg-22-inch-widescreen-lcd-monitor/3758498/
 [Toshiba 19AV500U]: https://productz.com/en/toshiba-19av500u/p/eWMGr#full-specs
 [Dell 1704FPvt]: https://www.dell.com/downloads/global/products/monitors/en/spec_1704fp_en.pdf
 [Acer P186HV]: https://productz.com/en/acer-p186hv/p/JJ3rY

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 55a6c5b1..87c8ddc3 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -24,17 +24,17 @@ I somehow managed to collect a ridiculous pile of old monitors. Here's
 what works and doesn't, in descending order of (totally subjective)
 "quality":
 
-| Model                          | Resolution       | Size  | Contrast | Lat  | Connectors              | Notes                                  | Status   |
-|--------------------------------|------------------|-------|----------|------|-------------------------|----------------------------------------|----------|
-| [Samsung B2330H][]             | 1920x1080@60Hz   | 23"   | 70000:1  | 5ms  | VGA HDMI DVI            | molten hole in the back                | alexis   |
-| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz   | 20"   | 2000:1   | 5ms  | VGA DVI                 | looks great, one dead pixel            | curie    |
-| [Acer X193w][]                 | 1440x900@75Hz    | 19"   | 2000:1   | 5ms  | VGA                     | clean and simple, top partially melted | curie    |
-| [Acer P186HV][]                | 1366x768@60Hz    | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty                    | simon    |
-| [HP L2245wg][]                 | 1680x1050 @ 60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W          | ex-curie |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating                 | marcos   |
-| [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating                 | spare    |
-| [LG Flatron L1718S][]          | 1280x1024@75Hz   | 17"   | 700:1    | ?    | VGA                     | square, 35W                            | lost?    |
-| [Toshiba 19AV500U][]           | 1440x900@?Hz     | 19"   | ?        | ?    | VGA HDMI component coax | it's a TV! not working in Linux?       |          |
+| Model                          | Resolution       | Size  | Contrast | Lat  | Connectors              | Notes                            | Status   |
+|--------------------------------|------------------|-------|----------|------|-------------------------|----------------------------------|----------|
+| [Samsung B2330H][]             | 1920x1080@60Hz   | 23"   | 70000:1  | 5ms  | VGA HDMI DVI            | molten hole in the back          | alexis   |
+| [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz   | 20"   | 2000:1   | 5ms  | VGA DVI                 | looks great, one dead pixel      | curie    |
+| [Acer X193w][]                 | 1440x900@75Hz    | 19"   | 2000:1   | 5ms  | VGA                     | flaky, top partially melted      | curie    |
+| [Acer P186HV][]                | 1366x768@60Hz    | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty              | simon    |
+| [HP L2245wg][]                 | 1680x1050 @ 60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W    | ex-curie |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating           | marcos   |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating           | spare    |
+| [LG Flatron L1718S][]          | 1280x1024@75Hz   | 17"   | 700:1    | ?    | VGA                     | square, 35W                      | lost?    |
+| [Toshiba 19AV500U][]           | 1440x900@?Hz     | 19"   | ?        | ?    | VGA HDMI component coax | it's a TV! not working in Linux? |          |
 
 [HP L2245wg]: https://www.cnet.com/products/hp-l2245wg/
 [Toshiba 19AV500U]: https://productz.com/en/toshiba-19av500u/p/eWMGr#full-specs

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index b1a2caf2..ca608a3e 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -41,6 +41,9 @@ privilege of having a console), you may want to [upgrade SSH first](https://www.
 as it has a longer downtime period, especially if you are on a flaky
 connection.
 
+See the "conflicts resolution" section below for how to handle
+`clean_conflicts` output.
+
 This procedure *will* kill your graphical session, so make sure you
 can log back in over a serial console or virtual terminal.
 
@@ -53,7 +56,7 @@ can log back in over a serial console or virtual terminal.
         : create ttyrec file with adequate permissions &&
         sudo touch /var/log/upgrade-bookworm.ttyrec &&
         sudo chmod 600 /var/log/upgrade-bookworm.ttyrec &&
-        sudo ttyrec -e screen /var/log/upgrade-bookworm.ttyrec
+        sudo ttyrec -a -e screen /var/log/upgrade-bookworm.ttyrec
 
  2. Backups and checks:
 
@@ -100,8 +103,8 @@ can log back in over a serial console or virtual terminal.
         apt-forktracer | sort &&
         printf "End of Step 3\a\n"
 
- 4. Check free space, see [this guide to free up space][] and
-    download packages:
+ 5. Check free space (see [this guide to free up space][]), disable
+    auto-upgrades, and download packages:
 
         systemctl stop apt-daily.timer &&
         sed -i 's#bullseye-security#bookworm-security#' $(ls /etc/apt/sources.list /etc/apt/sources.list.d/*) &&
@@ -171,6 +174,26 @@ can log back in over a serial console or virtual terminal.
         apt-forktracer | sort
         printf "All procedures completed\a\n" &&
 
+## Conflicts resolution
+
+When the `clean_conflicts` script gets run, it asks you to check each
+configuration file that was modified locally but that the Debian
+package upgrade wants to overwrite. You need to make a decision on
+each file. This section aims to provide guidance on how to handle
+those prompts.
+
+Those config files should be manually checked on each host:
+
+         /etc/default/grub.dpkg-dist
+         /etc/initramfs-tools/initramfs.conf.dpkg-dist
+
+If other files come up, they should be added in the above decision
+list, or in an operation in step 2 or 7 of the above procedure, before
+the `clean_conflicts` call.
+
+Files that should be updated in Puppet are mentioned in the Issues
+section below as well.
+
 # Notable changes
 
 Here are some packages with notable version changes that I

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index 49e1b517..b1a2caf2 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -242,19 +242,21 @@ TODO
 Python 2 was completely removed from Debian, a long-term task that had
 already started with bullseye, but not completed.
 
-At the time of this writing (long before the freeze), there's a
-significant number of packages gone from bookworm, which I actually
-want to have installed on my machines:
+At the time of this writing (during freeze), there's a significant
+number of packages gone from bookworm, which I actually wanted to have
+installed on my machines:
 
  * [git-sizer](https://tracker.debian.org/pkg/git-sizer) - [regression on ppc64el](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009690), [FTBFS on ppc64el](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010541)
    (?!)
  * [github-backup](https://tracker.debian.org/pkg/github-backup) - [FTBFS with missing dep](https://bugs.debian.org/1017298)
  * [golint](https://tracker.debian.org/pkg/golint) - [discontinued upstream](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016427)
  * [hopenpgp-tools](https://tracker.debian.org/hopenpgp-tools) - CI regression on armel
- * [magit](https://tracker.debian.org/magit), [magit-todos](https://tracker.debian.org/magit-todos) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020153)
- * [tty-clock](https://tracker.debian.org/pkg/tty-clock) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997179) (wait that's mine!)
  * [xsane]() - unmaintained upstream since 2014 ([bug 1013933](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013933))
 
+Unfortunately, this late in the freeze, it's unlikely they will
+re-enter testing, so in all likelihood, I will learn to live without
+those.
+
 See also the [noteworthy obsolete packages](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages) list.
 
 ## Puppet server upgrade
@@ -391,8 +393,10 @@ Those packages were removed from bookworm and eventually restored.
    1011855](https://bugs.debian.org/1011855)
  * [git-annex](https://tracker.debian.org/git-annex), and [hledger](https://tracker.debian.org/hledger) were blocked because Haskell had
    serious breakage in Debian, fixed!
+ * [magit](https://tracker.debian.org/magit), [magit-todos](https://tracker.debian.org/magit-todos) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020153)
  * [mumble](https://tracker.debian.org/pkg/mumble) - [FTBFS with OpenSSL 3.0](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005719), fixed upstream
  * [onionshare](https://tracker.debian.org/pkg/onionshare) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997499), [insecure](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014966), fixed upstream
+ * [tty-clock](https://tracker.debian.org/pkg/tty-clock) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997179), fixed upstream, but orphaned
  * [yubikey-manager](https://tracker.debian.org/pkg/yubikey-manager) - [some policy failure](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012587), fixed
 
 # Troubleshooting

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index 35121544..49e1b517 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -242,6 +242,19 @@ TODO
 Python 2 was completely removed from Debian, a long-term task that had
 already started with bullseye, but not completed.
 
+At the time of this writing (long before the freeze), there's a
+significant number of packages gone from bookworm, which I actually
+want to have installed on my machines:
+
+ * [git-sizer](https://tracker.debian.org/pkg/git-sizer) - [regression on ppc64el](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009690), [FTBFS on ppc64el](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010541)
+   (?!)
+ * [github-backup](https://tracker.debian.org/pkg/github-backup) - [FTBFS with missing dep](https://bugs.debian.org/1017298)
+ * [golint](https://tracker.debian.org/pkg/golint) - [discontinued upstream](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016427)
+ * [hopenpgp-tools](https://tracker.debian.org/hopenpgp-tools) - CI regression on armel
+ * [magit](https://tracker.debian.org/magit), [magit-todos](https://tracker.debian.org/magit-todos) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020153)
+ * [tty-clock](https://tracker.debian.org/pkg/tty-clock) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997179) (wait that's mine!)
+ * [xsane]() - unmaintained upstream since 2014 ([bug 1013933](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013933))
+
 See also the [noteworthy obsolete packages](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages) list.
 
 ## Puppet server upgrade
@@ -306,21 +319,6 @@ The workaround:
 
 This bug was filed as [bug 1024326](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024326) in the Debian package.
 
-### Packages removed from bookworm
-
-At the time of this writing (long before the freeze), there's a
-significant number of packages gone from bookworm, which I actually
-want to have installed on my machines:
-
- * [git-sizer](https://tracker.debian.org/pkg/git-sizer) - [regression on ppc64el](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009690), [FTBFS on ppc64el](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010541)
-   (?!)
- * [github-backup](https://tracker.debian.org/pkg/github-backup) - [FTBFS with missing dep](https://bugs.debian.org/1017298)
- * [golint](https://tracker.debian.org/pkg/golint) - [discontinued upstream](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016427)
- * [hopenpgp-tools](https://tracker.debian.org/hopenpgp-tools) - CI regression on armel
- * [magit](https://tracker.debian.org/magit), [magit-todos](https://tracker.debian.org/magit-todos) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020153)
- * [tty-clock](https://tracker.debian.org/pkg/tty-clock) - [FTBFS](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997179) (wait that's mine!)
- * [xsane]() - unmaintained upstream since 2014 ([bug 1013933](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013933))
-
 ### MPD fails to start
 
 This one was hard to diagnose because the normal output does not show

diff --git a/software/desktop/firefox.mdwn b/software/desktop/firefox.mdwn
index 5e79890c..52ea848d 100644
--- a/software/desktop/firefox.mdwn
+++ b/software/desktop/firefox.mdwn
@@ -77,10 +77,10 @@ I am testing those and they might make it to the top list once I'm happy:
    good enough for my purposes. [The Archiver](https://addons.mozilla.org/en-US/firefox/addon/the-archiver/) (no deb,
    [source](https://www.cathalmcnally.com/tools/the-archiver/)) is another option that does the reverse: save only, no
    view.
+ * [Clean URLs](https://docs.clearurls.xyz/) (no deb, [source](https://github.com/ClearURLs/Addon)) - remove garbage in URLs
 
 [tridactyl]: https://github.com/tridactyl/tridactyl
 [builtin Firefox shortcuts]: https://support.mozilla.org/en-US/kb/keyboard-shortcuts-perform-firefox-tasks-quickly
-[vimium]: https://github.com/philc/vimium
 [Multi-account containers]: https://github.com/mozilla/multi-account-containers/
 
 Those should probably not be packaged in Debian until they make it to
@@ -227,14 +227,16 @@ And here are the replacements I have found:
  * [web developer](https://addons.mozilla.org/en-US/firefox/addon/web-developer/): ported
  * [vimperator][]: a few [vimperator alternatives][] have popped
    up. [tridactyl][] was the most prominent one, but was also [pulled
-   from AMO][] for a policy violation. [vimium-ff][] and [vim-vixen][]
+   from AMO][] for a policy violation. [vimium-ff][] ([vimium][]) and [vim-vixen][]
    seem like the only working alternatives right now, although the
    vimperator folks say they lack some features, I couldn't figure out
    which. [pentadactyl][] is the father to all of those, but seems to
    have disappeared off the internet. [salsa key][] is one without
    vi-like keybindings. [vimfx][] also did not survive the
-   XULocalypse.
+   XULocalypse. there's also lighter versions like [link hints][] and
+   [key jump](https://addons.mozilla.org/en-US/firefox/addon/key-jump-keyboard-navigation/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search)
 
+[vimium]: https://github.com/philc/vimium
 [vimperator]: https://github.com/vimperator/vimperator-labs
 [vim-vixen]: https://github.com/ueokande/vim-vixen
 [vimfx]: https://github.com/akhodakivskiy/VimFx
@@ -292,6 +294,8 @@ the removal of XUL/XPCOM from Firefox 57:
 It is unclear, however, whether those browsers will be sustainable in
 the long term.
 
+[link hints]: https://addons.mozilla.org/en-US/firefox/addon/linkhints/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search
+
 # Configuration
 
 I have set the following configuration options, in a `user.js` file

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index becee121..d281e3d4 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -1890,6 +1890,7 @@ long road trip across the continental US.
      fingerprint reader and power buttons into a "normal" USB keyboard
      and hub)
    * [triple screen laptop mod](https://diyperks.com/diy-perks-triple-screen-laptop/) ([video](https://www.youtube.com/watch?v=aUKpY0o5tMo))
+   * [Thinkpad 701C transplant](https://community.frame.work/t/thinkpad-701c-with-a-framework-brain-transplant-work-in-progress/27409)
 
  * [Debian installation report](https://wiki.debian.org/InstallingDebianOn/FrameWork/12thGen), has good tips on the firmware
    hacks necessary
@@ -1910,6 +1911,7 @@ long road trip across the continental US.
    * [votes seem to go towards Ethernet and full-sized SD card
      reader](https://community.frame.work/t/what-new-expansion-card-types-do-you-want-to-see-released/193)
    * [3D printed expansion card holder](https://www.printables.com/model/328421-framework-laptop-expansion-card-holder)
+   * [LTE modem card](https://community.frame.work/t/lte-cat-4-cell-modem-card/9454) (design stage)
    * check out [this forum category](https://community.frame.work/c/developer-program/expansion-card/90) for a cornucopia of those
 
  * upstream resources:

diff --git a/services/dns.mdwn b/services/dns.mdwn
index b4f02394..f706675f 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -62,6 +62,7 @@ n'est pas clair, dans l'interface, qui a accès à mes domaines.
 | dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 25.00USD | also hosting                           |
 | gandi.net         | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at               |
 | gandi.net (DD)    | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Debian, [vendus][]              |
+| infomaniak.com    | 11.40EUR | 13.70EUR | 12.45EUR | 13.85EUR | 13.70EUR | promo prices for first year            |
 | joker.com         | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                                        |
 | mythic-beasts.com | £15.00   | £17.50   | £18.50   | £20.50   | £20.50   | previously used by debian.org, trusted |
 | nic.at            | N/A      | N/A      | N/A      | N/A      | 30.00EUR |                                        |

diff --git a/services/backup.mdwn b/services/backup.mdwn
index 92dad073..8f9c841f 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -277,18 +277,27 @@ Web: install apache2 + restore wiki.
  * [Koumbit](https://www.koumbit.org/fr/services/vps): 20$CAD/mth, friends, local, 100Mbps, 1GB RAM, 15GB SSD
 
  * OVH: 3.50$CAD/mth, 100Mbps unlimited, [KVM 2.4GHz, 2GB RAM 20GB
-   SSD](https://www.ovh.com/us/vps/vps-ssd.xml), France, Québec
+   SSD](https://www.ovh.com/us/vps/vps-ssd.xml), France, Québec, very messy
 
  * [Prgmr](https://prgmr.com/aup.html): 5$USD/mth, Xen, no bullshit, ssh console [1.25 GiB RAM, 15
    GiB Disk](https://billing.prgmr.com/index.php/order/main/packages/xen/?group_id=10), 750Mbps, 2.5Mbps "congestion"?, FreeBSD jails, Xen
 
- * [Gandi](https://www.gandi.net/en/cloud): 25$CAD/mth, 1GB RAM, 20GB on SAN, 3TB, hourly billing
+ * [Gandi](https://www.gandi.net/en/cloud): 25$CAD/mth, 1GB RAM, 20GB on SAN, 3TB, hourly billing,
+   acquired then merged
 
  * [Hetzner](https://www.hetzner.com/cloud): 3EUR/mth 2GB RAM, 20GB disk, 20TB traffic (≈60mbps) +
-   1EUR/TB, 10Gbps?, hourly/monthly billing, Germany
+   1EUR/TB, 10Gbps?, hourly/monthly billing, Germany, USA, used at work
 
  * [Tetaneutral](https://www.tetaneutral.net/): 1vCPU, 1024Mo DDR, 20Go SSD, 100Go HDD, Debian Stretch : 5 à 10€/mois
 
+ * [Linode](https://linode.com/): 5$/mth 1vCPU, 1GB RAM, 25GB SSD, 1TB transfer, used
+   2.5admins credit to setup emergency mirrors
+   ([[fumiko|hardware/fumiko]] and [[louise|hardware/louise]]),
+   acquired by Akamai, prices raised 20% in April 2022 (5->6$)
+
+ * [Digital Ocean](https://cloud.digitalocean.com/): 4$/mth for 1vCPU, 1GB RAM, 10GB disk, 500GB
+   transfer, USA, Europe, Canada (although not the 4$ deal in .ca)
+
 ## Large storage options
 
 This was done as part of research for archival in virtual machines.
@@ -309,6 +318,7 @@ Dedicated:
 Backups:
 
 * [Backblaze](https://www.backblaze.com/): 5USD/mth/machine; "cloud storage" at ~5$/TB/mth
+* [rsync.net](https://rsync.net) has deals for Debian developers ([500GB free](https://www.rsync.net/debian.html))
 
 Colo (mostly things that came out of the [GitLab colo plan](https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/727):
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index a9d03753..f641250f 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -1,4 +1,4 @@
-[[!meta title="Picking a USB-C hub and charger"]]
+[[!meta title="Picking a USB-C dock and charger"]]
 
 Dear lazy web, help me pick the right hardware to make my shiny new
 laptop work better. I want a new USB-C dock and travel power supply.

diff --git a/hardware/phone.mdwn b/hardware/phone.mdwn
index ddeb3235..e53e80a3 100644
--- a/hardware/phone.mdwn
+++ b/hardware/phone.mdwn
@@ -506,6 +506,26 @@ Prices:
 * [Pandawill: 120$USD](http://www.pandawill.com/elephone-p6000-pro-smartphone-mtk6753-octa-core-50-inch-lg-screen-2gb-16gb-black-p103180.html) -
   warning: not the same band specs as above!!
 
+## Nokia
+
+Nokia has made very reliable, long-lasting phones forever, but they've
+only recently started making Android phones. The [G22 phone](https://www.nokia.com/phones/en_int/nokia-g-22) has a
+replaceable battery and runs Android 12. It only has support for 3
+years however, but it looks like one of the first "easily repairable"
+phones on the market by a big provider for years...
+
+Also, it's cheap (<200$).
+
+Downside: phablet, 6.5".
+
+News:
+
+ * [The Verge: HMD’s latest Nokia phone is designed to be repaired in
+   minutes](https://www.theverge.com/2023/2/25/23611844/hmd-nokia-g22-repairable-smartphone-ifixit-sustainability)
+ * [The Guardian: Nokia launches DIY repairable budget Android phone](https://www.theguardian.com/technology/2023/feb/25/nokia-launches-diy-repairable-budget-android-phone)
+ * [Digital trends: Why Nokia made an Android phone it wants you to
+   tear apart](https://www.digitaltrends.com/mobile/hmd-global-nokia-g22-quickfix-nokia-c32-nokia-c22-mwc-2023-news/)
+
 Other no-names
 --------------
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 65ec2cfe..a9d03753 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -156,6 +156,10 @@ fun. I suspect foul play inside Sway.
 And yeah, those things are costly! This one goes for 300$ a pop, not
 great.
 
+Update 2: Cable Matters support responded by simply giving me this
+hack that solved it at least for now. Just reverse the USB-C cable,
+and poof, everything works. *Magic*.
+
 # Your turn!
 
 So what's your desktop setup like? Do you have docks? a laptop? a

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 351826dd..b4f02394 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -62,7 +62,6 @@ n'est pas clair, dans l'interface, qui a accès à mes domaines.
 | dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 25.00USD | also hosting                           |
 | gandi.net         | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at               |
 | gandi.net (DD)    | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Debian, [vendus][]              |
-| itich.com         |          |          |          |          |          | à déterminer                           |
 | joker.com         | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                                        |
 | mythic-beasts.com | £15.00   | £17.50   | £18.50   | £20.50   | £20.50   | previously used by debian.org, trusted |
 | nic.at            | N/A      | N/A      | N/A      | N/A      | 30.00EUR |                                        |

diff --git a/services/dns.mdwn b/services/dns.mdwn
index 85f5bd05..351826dd 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -54,16 +54,24 @@ changer tous les contacts du domaine **même s'ils n'étaient pas dans
 la liste des contacts**. C'est assez inquiétant et m'indique qu'il
 n'est pas clair, dans l'interface, qui a accès à mes domaines.
 
-| Registry       | .com     | .org     | .net     | .ca      | .at      | Notes                     |
-|----------------|----------|----------|----------|----------|----------|---------------------------|
-| bookmyname.com |          |          |          |          |          | à déterminer              |
-| cloudflare.com | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                           |
-| easydns.com    | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting              |
-| gandi.net      | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at  |
-| gandi.net (DD) | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Développeur Debian |
-| itich.com      |          |          |          |          |          | à déterminer              |
-| joker.com      | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                           |
-| njal.la        | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme  |
+| Registry          | .com     | .org     | .net     | .ca      | .at      | Notes                                  |
+|-------------------|----------|----------|----------|----------|----------|----------------------------------------|
+| bookmyname.com    |          |          |          |          |          | à déterminer                           |
+| cloudflare.com    | 8.03USD  | 10.11USD | 9.95USD  | N/A      | N/A      |                                        |
+| easydns.com       | 15.00USD | 17.00USD | 15.00USD | 15.00CAD | 22.00USD | also hosting                           |
+| dnssimple.com     | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 25.00USD | also hosting                           |
+| gandi.net         | 15.50USD | 18.50USD | 17.20USD | 13.84USD | 21.60CAD | pas de transfer lock .at               |
+| gandi.net (DD)    | 8.80USD  | 10.50USD | 12.00USD | 8.65USD  | 17.00USD | rabais Debian, [vendus][]              |
+| itich.com         |          |          |          |          |          | à déterminer                           |
+| joker.com         | 13.60USD | 16.88USD | 16.90USD | N/A      | 15.31USD |                                        |
+| mythic-beasts.com | £15.00   | £17.50   | £18.50   | £20.50   | £20.50   | previously used by debian.org, trusted |
+| nic.at            | N/A      | N/A      | N/A      | N/A      | 30.00EUR |                                        |
+| njal.la           | 15.00EUR | 15.00EUR | 15.00EUR | N/A      | N/A      | pas un registry, anonyme               |
+| opensrs.net       | 13.00USD | 15.00USD | 15.50USD | 15.00USD | 15.00USD | reseller, bulk pricing                 |
+| porkbun.com       | 9.73USD  | 7.49USD  | 11.48USR | N/A      | N/A      |                                        |
+
+[vendus]: https://news.gandi.net/en/2019/02/futureofgandi-the-adventure-continues/
+[bis]: https://amp-bourse.lefigaro.fr/fonds/montefiore-investment-cede-sa-participation-dans-gandi-a-total-webhosting-solutions-20230221
 
 Convention de noms
 ==================

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 456162c6..65ec2cfe 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -75,7 +75,9 @@ Update: I ordered a TOFU power station today (2023-02-20). I'm a
 little concerned about the power output (45W instead of 65W for the
 Framework charger), but I suspect it will not actually be a problem
 while traveling, since the laptop will keep its charge during the day
-and will charge at night...
+and will charge at night... The device shipped 3 days later, with an
+estimated delivery time of 12 to 15 days, so expect this thing to take
+its sweet time landing on your desk.
 
 ## USB Docks
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 68bfa97c..456162c6 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -138,7 +138,21 @@ Also: [this post from Big Mess Of Wires](https://www.bigmessowires.com/2019/05/1
 reference however...
 
 Update: I ordered a [this dock from Cable Matters](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx) [from Amazon](https://www.amazon.ca/dp/B07PFFN219)
-(reluctantly).
+(reluctantly). It promises “Linux” support and checked all the boxes
+for me (4x USB-A, audio, network, 2xHDMI).
+
+It kind of works? I tested the USB-A ports, charging, networking, and
+the HDMI ports, all worked the first time. But! When I disconnect and
+reconnect the hub, the HDMI ports stop working. It’s quite infuriating
+especially since there’s very little diagnostics available. It’s
+unclear how the devices show up on my computer, I can’t even tell what
+device provides the HDMI connectors in `lsbusb`.
+
+I’ve also seen the USB keyboard drop keypresses, which is also ... not
+fun. I suspect foul play inside Sway.
+
+And yeah, those things are costly! This one goes for 300$ a pop, not
+great.
 
 # Your turn!
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index f4d2abbe..68bfa97c 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -111,26 +111,35 @@ Options found so far:
    and use something like [Thunderbolt Element hub](https://www.caldigit.com/thunderbolt-4-element-hub/)
    (230$USD). Update: I wrote Caldigit and they don't seem to have any
    Dock that would work for me, they suggest the [TS3 plus](https://www.caldigit.com/ts3-plus/) which
-   only has a single DP connector (!?)
+   only has a single DP connector (!?). The USB-C HDMI dock is
+   actually discontinued and they mentioned that they do have trouble
+   with Linux in general.
 
- * i was also recommended [OWC docks](https://eshop.macsales.com/shop/docks) as well. update: their
-   website is a mess, and live chat has been less than helpful, not
-   sure they have anything that will work
+ * I was also recommended [OWC docks](https://eshop.macsales.com/shop/docks) as well. update: their
+   website is a mess, and live chat has confirmed they do not actually
+   have any device that fits the requirement of two HDMI/DP outputs.
 
  * Anker also has docks (e.g. the [Anker 568 USB-C Docking Station
    11-in-1](https://www.anker.com/products/a8399?variant=42385578393750) looks nice, but holy moly 300$USD... Also, Anker docks
    are not all equal, I've heard reports of some of them being
-   bad. Update: couldn't figure out what standard those docks use,
-   wrote them an email.
+   bad. Update: I reached out to Anker to clarify whether or not their
+   docks will work on Linux and to advise on which dock to use, and
+   their response is that they "do not recommend you use our items
+   with Linux system". So I guess that settles it with Anker.
 
  * [Cable Matters](https://www.cablematters.com/Cable-Matters-Docking-Station.aspx) are promising, and their "[USB-C Docking Station
    with Dual 4K HDMI and 80W Charging for Windows Computers](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx) might
-   just actually work, but it's out of stock
+   just actually work. It was out of stock on their website and Amazon
+   but after reaching out to their support by email, they pointed out
+   a [product page that works in Canada](https://www.amazon.ca/dp/B07PFFN219).
 
 Also: [this post from Big Mess Of Wires](https://www.bigmessowires.com/2019/05/19/explaining-4k-60hz-video-through-usb-c-hub/) has me worried that
 *anything* might work at all. It's where I had the Cable Matters
 reference however...
 
+Update: I ordered a [this dock from Cable Matters](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx) [from Amazon](https://www.amazon.ca/dp/B07PFFN219)
+(reluctantly).
+
 # Your turn!
 
 So what's your desktop setup like? Do you have docks? a laptop? a

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index f11cb43c..fdc11cd2 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -980,19 +980,22 @@ Wayland, or when they do, which one should be used. But for some basic
 tools, it seems the options are actually quite clear. If that's the
 case, they should be listed here:
 
-| X11          | Wayland                             | In Debian |
-|--------------|-------------------------------------|-----------|
-| `arandr`     | [wdisplays][]                       | yes       |
-| `autorandr`  | [kanshi][]                          | yes       |
-| `xdotool`    | [wtype][]                           | yes       |
-| `xev`        | [wev][]                             | yes       |
-| `xlsclients` | `swaymsg -t get_tree`               | yes       |
-| `xprop`      | [wlprop][] or `swaymsg -t get_tree` | no        |
-| `xrandr`     | [wlr-randr][]                       | yes       |
+| X11          | Wayland                               | In Debian |
+|--------------|---------------------------------------|-----------|
+| `arandr`     | [wdisplays][]                         | yes       |
+| `autorandr`  | [kanshi][]                            | yes       |
+| `xdotool`    | [wtype][]                             | yes       |
+| `xev`        | [wev][], `xkbcli interactive-wayland` | yes       |
+| `xlsclients` | `swaymsg -t get_tree`                 | yes       |
+| `xprop`      | [wlprop][] or `swaymsg -t get_tree`   | no        |
+| `xrandr`     | [wlr-randr][]                         | yes       |
 
 [lswt][] is a more direct replacement for `xlsclients` but is not
 packaged in Debian.
 
+`xkbcli interactive-wayland` is part of the `libxkbcommon-tools`
+package.
+
 [lswt]: https://git.sr.ht/~leon_plickat/lswt
 [wev]: https://git.sr.ht/~sircmpwn/wev
 [wlr-randr]: https://sr.ht/~emersion/wlr-randr/

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index f5a9335b..f4d2abbe 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -71,6 +71,12 @@ found that weird little thing through [this Twitter post](https://twitter.com/bs
 [Benedict Reuschling](https://twitter.com/bsdbcr), from [this blog post](https://klarasystems.com/articles/openzfs-data-security-vs-integrity/), from [2.5 admins
 episode 127](https://2.5admins.com/2-5-admins-127/) (phew!).
 
+Update: I ordered a TOFU power station today (2023-02-20). I'm a
+little concerned about the power output (45W instead of 65W for the
+Framework charger), but I suspect it will not actually be a problem
+while traveling, since the laptop will keep its charge during the day
+and will charge at night...
+
 ## USB Docks
 
 Specification: 
@@ -102,13 +108,28 @@ Options found so far:
    Dock](https://www.caldigit.com/usb-c-hdmi-dock/) seems like a good candidate (not on sale in there Canada
    shop), but leaves me wondering whether I want to keep my old analog
    monitors around and instead get proper monitors with USB-C inputs,
-   and use something like [Thunderbolt Element hub](https://www.caldigit.com/thunderbolt-4-element-hub/) (230$USD)
+   and use something like [Thunderbolt Element hub](https://www.caldigit.com/thunderbolt-4-element-hub/)
+   (230$USD). Update: I wrote Caldigit and they don't seem to have any
+   Dock that would work for me, they suggest the [TS3 plus](https://www.caldigit.com/ts3-plus/) which
+   only has a single DP connector (!?)
 
- * i was also recommended [OWC docks](https://eshop.macsales.com/shop/docks) as well
+ * i was also recommended [OWC docks](https://eshop.macsales.com/shop/docks) as well. update: their
+   website is a mess, and live chat has been less than helpful, not
+   sure they have anything that will work
 
  * Anker also has docks (e.g. the [Anker 568 USB-C Docking Station
    11-in-1](https://www.anker.com/products/a8399?variant=42385578393750) looks nice, but holy moly 300$USD... Also, Anker docks
-   are not all equal, I've heard reports of some of them being bad
+   are not all equal, I've heard reports of some of them being
+   bad. Update: couldn't figure out what standard those docks use,
+   wrote them an email.
+
+ * [Cable Matters](https://www.cablematters.com/Cable-Matters-Docking-Station.aspx) are promising, and their "[USB-C Docking Station
+   with Dual 4K HDMI and 80W Charging for Windows Computers](https://www.cablematters.com/pc-1054-127-usb-c-docking-station-with-dual-4k-hdmi-and-80w-charging-for-windows-computers.aspx) might
+   just actually work, but it's out of stock
+
+Also: [this post from Big Mess Of Wires](https://www.bigmessowires.com/2019/05/19/explaining-4k-60hz-video-through-usb-c-hub/) has me worried that
+*anything* might work at all. It's where I had the Cable Matters
+reference however...
 
 # Your turn!
 
@@ -129,4 +150,4 @@ Thanks in advance!
 
 
 <!-- posted to the federation on 2023-02-10T15:10:51.535807 -->
-[[!mastodon "https://kolektiva.social/@Anarcat/109842258417481306"]]
\ No newline at end of file
+[[!mastodon "https://kolektiva.social/@Anarcat/109842258417481306"]]

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index efc264c4..becee121 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -429,10 +429,12 @@ The keyboard backlight can be cycled with <kbd>fn-space</kbd>. The
 dimmer version is dim enough, and the keybinding is easy to find in
 the dark.
 
-A [skinny elephant](https://en.wikipedia.org/wiki/Magic_SysRq_key) would be performed with <kbd>Alt</kbd>
-<kbd>PrtScr</kbd> <kbd>KEY</kbd>, so for example <kbd>Alt</kbd>
-<kbd>PrtScr</kbd> <kbd>b</kbd> should do a hard reset. You might have
-to hold the <kbd>fn</kbd> key as well if you're in fn lock mode.
+A [skinny elephant](https://en.wikipedia.org/wiki/Magic_SysRq_key) would be performed with <kbd>alt</kbd>
+<kbd>PrtScr</kbd> (above <kbd>F11</kbd>) <kbd>KEY</kbd>, so for
+example <kbd>alt</kbd> <kbd>fn</kbd> <kbd>F11</kbd> <kbd>b</kbd>
+should do a hard reset. [This comment](https://community.frame.work/t/how-to-use-the-sysrq-key/10155/9) suggests you need to hold
+the <kbd>fn</kbd> *only* if "function lock" is *on*, but that's
+actually the opposite of my experience.
 
 Out of the box, some of the <kbd>fn</kbd> keys don't work. Mute,
 volume up/down, brightness, monitor changes, and the airplane mode key

diff --git a/recentchanges.mdwn b/recentchanges.mdwn
index ba313e89..50c26cb3 100644
--- a/recentchanges.mdwn
+++ b/recentchanges.mdwn
@@ -5,8 +5,9 @@ Recent changes to this wiki. Not to be confused with my
 [[software/history/]].
 
 Complete source to the wiki is available on
-[gitweb](http://source.anarcat.wiki.orangeseeds.org) or by
-[cloning this site](https://anarc.at/ikiwiki.cgi?do=branchable).
+[GitLab](http://gitlab.com/anarcat/anarc.at):
+
+    git clone http://gitlab.com/anarcat/anarc.at.git
 
 [[!inline pages="internal(recentchanges/change_*) and !*/Discussion
 and !tagged(draft)" 

diff --git a/services/dns.mdwn b/services/dns.mdwn
index a142c6f7..85f5bd05 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -129,6 +129,9 @@ Les noms suivants pourraient être utilisés pour de futures machines:
 
  * [Hannah Arendt][] - "one of the most important political
    philosophers of the twentieth century"
+ * [Wendy Carlos][] - trans women, "helped in the development of the
+   Moog synthesizer", wrote music for Kubrick's Clockwork Orange, The
+   Shining, basically invented electronic music
  * [Claudette Colvin][] - before Rosa [Parks][], there was this rebel!
  * [Viola Desmond][] - challenged racial segregation in Canada
  * [Margaret Hamilton][] - developed the on-board flight software for NASA's Apollo program
@@ -136,6 +139,10 @@ Les noms suivants pourraient être utilisés pour de futures machines:
  * [Grace Hopper][] - inventor of the compiler and linker
  * [Séverine][] - journaliste, féministe, première femme à diriger un
    grand quotidien en France
+ * [Sister Rosetta Tharpe][] - "first great recording star of gospel
+   music", "the original soul sister" and "the Godmother of rock and
+   roll", among the first to use distortion on the electric guitar,
+   [first rock and roll record][], first interracial duet
  * [Sojourner Truth][] - abolotionist, first black women to win a
    court case against a black man
 
@@ -152,6 +159,9 @@ tout aussi importantes...
 [Séverine]: https://fr.wikipedia.org/wiki/S%C3%A9verine
 [Sojourner Truth]: https://en.wikipedia.org/wiki/Sojourner_Truth
 [cette liste]: https://www.hillelwayne.com/important-women-in-cs/
+[Wendy Carlos]: https://en.wikipedia.org/wiki/Wendy_Carlos
+[Sister Rosetta Tharpe]: https://en.wikipedia.org/wiki/Sister_Rosetta_Tharpe
+[first rock and roll record]: https://en.wikipedia.org/wiki/First_rock_and_roll_record
 
 Relié
 =====

diff --git a/services/dns.mdwn b/services/dns.mdwn
index aba4f8e8..a142c6f7 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -9,12 +9,14 @@ Il supporte [[IPv6]].
 Problèmes connus
 ================
 
-Certains noms de domaine ne resolvent pas correctement, particulièrement sur le domaine `debian.org`. On soupçonne que c'est lié à DNSSEC, voir [ce post](http://serverfault.com/questions/405650/why-are-these-udp-packets-being-dropped) pour plus d'information.
+Certains noms de domaine ne resolvent pas correctement, particulièrement sur le domaine `debian.org`. On soupçonne que c'est lié à DNSSEC, voir [ce post][] pour plus d'information.
 
 Un workaround a été installé dans Unbound, le nameserver récursif:
 
     edns-buffer-size: 1280
 
+[ce post]: http://serverfault.com/questions/405650/why-are-these-udp-packets-being-dropped
+
 Domaines disponibles
 ==================
 
@@ -70,21 +72,37 @@ Les noms des machines sur le réseau sont des personalités ou autrices
 inspirantes (politiquement ou autre), préférablement des
 femmes. Exemples utilisés:
 
- * [[hardware/angela]] ([Davis](https://en.wikipedia.org/wiki/Angela_Davis))
- * [[hardware/bell]] ([Hooks](https://en.wikipedia.org/wiki/Bell_hooks))
- * [[hardware/louise]] ([Michel](https://fr.wikipedia.org/wiki/Louise_Michel)
- * ([Margaret](https://en.wikipedia.org/wiki/Margaret_Atwood)) [[hardware/atwood]]
- * ([Marie](https://en.wikipedia.org/wiki/Marie_Curie)) [[hardware/curie]]
- * ([Richard](https://en.wikipedia.org/wiki/Richard_Dawkins)) dawkins
- * [[hardware/emma]] ([Goldman](https://en.wikipedia.org/wiki/Emma_Goldman))
- * ([Subcommandante](https://en.wikipedia.org/wiki/Subcomandante_Marcos)) [[hardware/server/marcos]]
- * [[hardware/octavia]] ([E. Butler](https://en.wikipedia.org/wiki/Octavia_E._Butler))
- * [[hardware/rosa]] ([Luxembourg](https://en.wikipedia.org/wiki/Rosa_Luxemburg) or [Parks](https://en.wikipedia.org/wiki/Rosa_Parks))
- * [[hardware/ursula]] ([K. Le Guin](https://en.wikipedia.org/wiki/Ursula_K._Le_Guin))
- * [[hardware/server/mafalda]] ([yes, the character](https://en.wikipedia.org/wiki/Mafalda))
+ * [[hardware/angela]] ([Davis][])
+ * [[hardware/bell]] ([Hooks][])
+ * [[hardware/louise]] ([Michel][]
+ * ([Margaret][]) [[hardware/atwood]]
+ * ([Marie][]) [[hardware/curie]]
+ * ([Richard][]) dawkins
+ * [[hardware/emma]] ([Goldman][])
+ * ([Subcommandante][]) [[hardware/server/marcos]]
+ * [[hardware/octavia]] ([E. Butler][])
+ * [[hardware/rosa]] ([Luxembourg][] or [Parks][])
+ * [[hardware/ursula]] ([K. Le Guin][])
+ * [[hardware/server/mafalda]] ([yes, the character][])
  * [[hardware/server/plastik]] (a "piece of plastic")
- * ([Harriet](https://en.wikipedia.org/wiki/Harriet_Tubman)) [[hardware/tubman]]
- * [[hardware/fumiko]] ([Fumiko Kaneko](https://en.wikipedia.org/wiki/Fumiko_Kaneko))
+ * ([Harriet][]) [[hardware/tubman]]
+ * [[hardware/fumiko]] ([Fumiko Kaneko][])
+
+[Parks]: https://en.wikipedia.org/wiki/Rosa_Parks
+[Davis]: https://en.wikipedia.org/wiki/Angela_Davis
+[Hooks]: https://en.wikipedia.org/wiki/Bell_hooks
+[Michel]: https://fr.wikipedia.org/wiki/Louise_Michel
+[Margaret]: https://en.wikipedia.org/wiki/Margaret_Atwood
+[Marie]: https://en.wikipedia.org/wiki/Marie_Curie
+[Richard]: https://en.wikipedia.org/wiki/Richard_Dawkins
+[Goldman]: https://en.wikipedia.org/wiki/Emma_Goldman
+[Subcommandante]: https://en.wikipedia.org/wiki/Subcomandante_Marcos
+[E. Butler]: https://en.wikipedia.org/wiki/Octavia_E._Butler
+[Luxembourg]: https://en.wikipedia.org/wiki/Rosa_Luxemburg
+[K. Le Guin]: https://en.wikipedia.org/wiki/Ursula_K._Le_Guin
+[yes, the character]: https://en.wikipedia.org/wiki/Mafalda
+[Harriet]: https://en.wikipedia.org/wiki/Harriet_Tubman
+[Fumiko Kaneko]: https://en.wikipedia.org/wiki/Fumiko_Kaneko
 
 Anciens
 -------
@@ -96,34 +114,45 @@ plus compatibles avec la nouvelle convention.
 
  * [[hardware/server/lenny]] - origin forgotten
  * marvin - origin forgotten
- * mumia ([Abu Jamal](https://en.wikipedia.org/wiki/Mumia_Abu-Jamal))
+ * mumia ([Abu Jamal][])
  * orange
  * tangerine
  * roadkill
  * [[hardware/server/roadkiller]]
 
+[Abu Jamal]: https://en.wikipedia.org/wiki/Mumia_Abu-Jamal
+
 Potentiels
 ----------
 
 Les noms suivants pourraient être utilisés pour de futures machines:
 
- * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - "one of the most important political
+ * [Hannah Arendt][] - "one of the most important political
    philosophers of the twentieth century"
- * [Claudette Colvin](https://en.wikipedia.org/wiki/Claudette_Colvin) - before rosa parks, there was this rebel!
- * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond) - challenged racial segregation in Canada
+ * [Claudette Colvin][] - before Rosa [Parks][], there was this rebel!
+ * [Viola Desmond][] - challenged racial segregation in Canada
  * [Margaret Hamilton][] - developed the on-board flight software for NASA's Apollo program
- * [Ada Lovelace](https://en.wikipedia.org/wiki/Ada_Lovelace) - first programmer
- * [Grace Hopper](https://en.wikipedia.org/wiki/Grace_Hopper) - inventor of the compiler and linker
- * [Séverine](https://fr.wikipedia.org/wiki/S%C3%A9verine) - journaliste, féministe, première femme à diriger un
+ * [Ada Lovelace][] - first programmer
+ * [Grace Hopper][] - inventor of the compiler and linker
+ * [Séverine][] - journaliste, féministe, première femme à diriger un
    grand quotidien en France
- * [Sojourner Truth](https://en.wikipedia.org/wiki/Sojourner_Truth) - abolotionist, first black women to win a
+ * [Sojourner Truth][] - abolotionist, first black women to win a
    court case against a black man
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 
-Voir aussi [cette liste](https://www.hillelwayne.com/important-women-in-cs/) de femmes moins connues mais peut-être
+Voir aussi [cette liste][] de femmes moins connues mais peut-être
 tout aussi importantes...
 
+[Hannah Arendt]: https://en.wikipedia.org/wiki/Hannah_Arendt
+[Claudette Colvin]: https://en.wikipedia.org/wiki/Claudette_Colvin
+[Viola Desmond]: https://en.wikipedia.org/wiki/Viola_Desmond
+[Ada Lovelace]: https://en.wikipedia.org/wiki/Ada_Lovelace
+[Grace Hopper]: https://en.wikipedia.org/wiki/Grace_Hopper
+[Séverine]: https://fr.wikipedia.org/wiki/S%C3%A9verine
+[Sojourner Truth]: https://en.wikipedia.org/wiki/Sojourner_Truth
+[cette liste]: https://www.hillelwayne.com/important-women-in-cs/
+
 Relié
 =====
 
@@ -131,4 +160,6 @@ Relié
  * [[mesh]]
  * [[wifi]]
 
-Voir aussi [Zytrax.com](http://www.zytrax.com/books/dns/), une excellente documentation de BIND.
+Voir aussi [Zytrax.com][], une excellente documentation de BIND.
+
+[Zytrax.com]: http://www.zytrax.com/books/dns/

diff --git a/services/dns.mdwn b/services/dns.mdwn
index c39777e1..aba4f8e8 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -109,6 +109,7 @@ Les noms suivants pourraient être utilisés pour de futures machines:
 
  * [Hannah Arendt](https://en.wikipedia.org/wiki/Hannah_Arendt) - "one of the most important political
    philosophers of the twentieth century"
+ * [Claudette Colvin](https://en.wikipedia.org/wiki/Claudette_Colvin) - before rosa parks, there was this rebel!
  * [Viola Desmond](https://en.wikipedia.org/wiki/Viola_Desmond) - challenged racial segregation in Canada
  * [Margaret Hamilton][] - developed the on-board flight software for NASA's Apollo program
  * [Ada Lovelace](https://en.wikipedia.org/wiki/Ada_Lovelace) - first programmer
@@ -117,7 +118,6 @@ Les noms suivants pourraient être utilisés pour de futures machines:
    grand quotidien en France
  * [Sojourner Truth](https://en.wikipedia.org/wiki/Sojourner_Truth) - abolotionist, first black women to win a
    court case against a black man
- * [Claudette Colvin](https://en.wikipedia.org/wiki/Claudette_Colvin) - before rosa parks, there was this rebel!
 
 [Margaret Hamilton]: https://en.wikipedia.org/wiki/Margaret_Hamilton_(software_engineer)
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 62e6ab33..f5a9335b 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -126,3 +126,7 @@ terminal emulators?
 Thanks in advance!
 
 [[!tag debian-planet hardware]]
+
+
+<!-- posted to the federation on 2023-02-10T15:10:51.535807 -->
+[[!mastodon "https://kolektiva.social/@Anarcat/109842258417481306"]]
\ No newline at end of file

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index bdcfc37c..62e6ab33 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -46,7 +46,7 @@ Should I consider changing to a big monitor with a built-in USB-C dock and power
 
 Ideally, i'd like to just walk in the office, put the laptop down and
 insert a single USB-C cable and be done with it. Does that even work
-with Wayland? I have read reports of [Displaylink not working in
+with [[Wayland|software/desktop/wayland]]? I have read reports of [Displaylink not working in
 Sway](https://gitlab.freedesktop.org/wlroots/wlroots/-/issues/1823) specifically... does that apply to any multi-monitor over a
 single USB-C cable setup?
 

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
index 1f8d2653..bdcfc37c 100644
--- a/blog/2023-02-10-usb-c.md
+++ b/blog/2023-02-10-usb-c.md
@@ -1,3 +1,5 @@
+[[!meta title="Picking a USB-C hub and charger"]]
+
 Dear lazy web, help me pick the right hardware to make my shiny new
 laptop work better. I want a new USB-C dock and travel power supply.
 
@@ -123,4 +125,4 @@ terminal emulators?
 
 Thanks in advance!
 
-[[!tag draft]]
+[[!tag debian-planet hardware]]

diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md
new file mode 100644
index 00000000..1f8d2653
--- /dev/null
+++ b/blog/2023-02-10-usb-c.md
@@ -0,0 +1,126 @@
+Dear lazy web, help me pick the right hardware to make my shiny new
+laptop work better. I want a new USB-C dock and travel power supply.
+
+[[!toc]]
+
+# Background
+
+I need advice on hardware, because my current setup in the office
+doesn't work so well. My new Framework laptop has *four* (4!) USB-C
+ports which is great, but it *only* has those ports (there's a combo
+jack, but I don't use it because it's
+[[noisy|hardware/laptop/framework-12th-gen/#combo-jack-mic-tests]]). So
+right now I have the following setup:
+
+* HDMI: monitor one
+* HDMI: monitor two
+* USB-A: Yubikey
+* USB-C: USB-C hub, which has:
+  * RJ-45 network
+  * USB-A keyboard
+  * USB-A mouse
+  * USB-A headset
+
+... and I'm missing a USB-C port for power! So I get into this
+annoying situation where I need to actually unplug the USB-A Yubikey,
+unplug the USB-A expansion card, plug in the power for a while so it
+can charge, and then do that in reverse when I need the Yubikey again
+(which is: often).
+
+Another option I have is to unplug the headset, but I often need both
+the headset and the Yubikey at once. I also have a pair of earbuds
+that work in the combo jack, but, again, they are noticeably noisy.
+
+So this doesn't work.
+
+I'm thinking I should get a USB-C Dock of some sort. The Framework
+forum has a [long list of supported docks in a "megathread"](https://community.frame.work/t/usb-c-thunderbolt-dock-megathread/1460/1), but I
+figured people here might have their own experience with docks and
+laptop/dock setups.
+
+So what should USB-C Dock should I get?
+
+Should I consider changing to a big monitor with a built-in USB-C dock and power?
+
+Ideally, i'd like to just walk in the office, put the laptop down and
+insert a single USB-C cable and be done with it. Does that even work
+with Wayland? I have read reports of [Displaylink not working in
+Sway](https://gitlab.freedesktop.org/wlroots/wlroots/-/issues/1823) specifically... does that apply to any multi-monitor over a
+single USB-C cable setup?
+
+Oh, and what about travel options? Do you have a fancy small form
+factor USB-C power charger that you really like?
+
+# Current ideas
+
+Here are the devices I'm considering right now...
+
+## USB chargers
+
+The spec here is at least 65W USB-C with international plugs.
+
+* [Anker nano II](https://us.anker.com/pages/ankernano2): 50$USD sold out, not international?
+* [Ugreen 65W 2 USB-C 1 USB-A UK/US/EU](https://ca.ugreen.com/collections/charger/products/ugreen-65w-nexode-gan-usb-c-3-port-charger-with-us-uk-eu-plug-for-travel): 56$ USD
+* [Thinkpad power adapter](https://www.lenovo.com/ca/en/p/accessories-and-software/chargers-and-batteries/chargers/gx20p92530): 54$USD, basically your normal thinkpad charger, meh
+* [TOFU Power station](https://www.elvesfactory.com/worldshop/EN/TPS-UN): 95$USD 2 USB-A, 2 USB-C, AU/US/UK/EU adapters, 3-port power strip (!)
+
+I particularly like the TOFU, but I am not sure it will deliver... I
+found that weird little thing through [this Twitter post](https://twitter.com/bsdbcr/status/1614887137735737346) from
+[Benedict Reuschling](https://twitter.com/bsdbcr), from [this blog post](https://klarasystems.com/articles/openzfs-data-security-vs-integrity/), from [2.5 admins
+episode 127](https://2.5admins.com/2-5-admins-127/) (phew!).
+
+## USB Docks
+
+Specification: 
+
+* must have 2 or more USB-A ports (3 is ideal, otherwise i need a new
+  headset adapter)
+* at least one USB-C port, preferably more
+* works in Linux
+* 2 display support (or one big monitor?), ideally 2x4k for
+  future-proofing, HDMI or Display-Port, ideally *also* with double
+  USB-C/Thunderbolt for future-proofing
+* all on one USB-C wire would be nice
+* power delivery over the USB-C cable
+* not too big, preferably
+
+Note that I move from 4 USB-A ports down to 2 or 3 because I can
+change the USB-A cable on my keyboard for USB-C. But that means I need
+a slot for a USB-C port on the dock of course. I also could live with
+one less USB-A cable if I find a combo jack adapter, but that would
+mean a noisy experience.
+
+Options found so far:
+
+ * [ThinkPad universal dock](https://www.lenovo.com/ca/en/p/accessories-and-software/docking/docking_usb-docks-(universal-cable-docks)/40ay0090us): 300$USD, 65-100W, combo jack, 3x
+   USB3.1, 2x USB2.0, 1x USB-C, 2x Display Port, 1x HDMI Port, 1x
+   Gigabit Ethernet
+   
+ * [Caldigit docks](https://www.caldigit.com/docks/) are apparently good, and the [USB-C HDMI
+   Dock](https://www.caldigit.com/usb-c-hdmi-dock/) seems like a good candidate (not on sale in there Canada
+   shop), but leaves me wondering whether I want to keep my old analog
+   monitors around and instead get proper monitors with USB-C inputs,
+   and use something like [Thunderbolt Element hub](https://www.caldigit.com/thunderbolt-4-element-hub/) (230$USD)
+
+ * i was also recommended [OWC docks](https://eshop.macsales.com/shop/docks) as well
+
+ * Anker also has docks (e.g. the [Anker 568 USB-C Docking Station
+   11-in-1](https://www.anker.com/products/a8399?variant=42385578393750) looks nice, but holy moly 300$USD... Also, Anker docks
+   are not all equal, I've heard reports of some of them being bad
+
+# Your turn!
+
+So what's your desktop setup like? Do you have docks? a laptop? a
+desktop? did you build it yourself? 
+
+Did you solder a USB-C port in the back of your neck and interface
+directly with the matrix and there's no spoon?
+
+Do you have a 4k monitor? Two? A 8k monitor that curves around your
+head in a fully immersive display? Do you work on a [Occulus rift](https://en.wikipedia.org/wiki/Oculus_Rift)
+and only interface the world through 3d virtual reality, including
+terminal emulators?
+
+Thanks in advance!
+
+[[!tag draft]]

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 59a70c45..f11cb43c 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -179,12 +179,12 @@ See a copy of my full [[sway/config|config]] for details.
 
 Other options include:
 
- * [dwl](https://github.com/djpohly/dwl): tiling, minimalist, dwm for Wayland, not in Debian
- * [Hyprland](https://hyprland.org/): tiling, fancy animations, not in Debian
- * [Qtile](https://www.qtile.org/): tiling, extensible, in Python, not in Debian ([1015267](https://bugs.debian.org/1015267))
- * [river](https://github.com/riverwm/river): Zig, stackable, tagging, not in Debian  ([1006593](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006593))
- * [velox](https://github.com/michaelforney/velox): inspired by xmonad and dwm, not in Debian
- * [vivarium](https://github.com/inclement/vivarium): inspired by xmonad, not in Debian
+ * [dwl][]: tiling, minimalist, dwm for Wayland, not in Debian
+ * [Hyprland][]: tiling, fancy animations, not in Debian
+ * [Qtile][]: tiling, extensible, in Python, not in Debian ([1015267][])
+ * [river][]: Zig, stackable, tagging, not in Debian  ([1006593][])
+ * [velox][]: inspired by xmonad and dwm, not in Debian
+ * [vivarium][]: inspired by xmonad, not in Debian
 
 [Sway]: http://swaywm.org/
 [i3 window manager]: https://i3wm.org/
@@ -194,6 +194,14 @@ Other options include:
 [code of conduct]: https://i3wm.org/conduct.html
 [lots more documentation]: https://i3wm.org/docs/
 [test suite]: https://github.com/i3/i3/tree/next/testcases
+[Hyprland]: https://hyprland.org/
+[dwl]: https://github.com/djpohly/dwl
+[Qtile]: https://www.qtile.org/
+[1015267]: https://bugs.debian.org/1015267
+[river]: https://github.com/riverwm/river
+[1006593]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006593
+[velox]: https://github.com/michaelforney/velox
+[vivarium]: https://github.com/inclement/vivarium
 
 ## Status bar: py3status → waybar
 
@@ -1323,6 +1331,39 @@ The [proposed fix](https://github.com/swaywm/sway/pull/6994) for this in Sway is
 and add the `CAP_SYS_NICE` capability to the binary. We'll see how
 that goes in Debian once 1.8 gets released and shipped.
 
+## Output mirroring
+
+Sway does [not support output mirroring](https://github.com/swaywm/sway/issues/1666), a strange limitation
+considering the flexibility that software like [wdisplays][] *seem* to
+offer.
+
+(In practice, if you layout two monitors on top of each other in that
+configuration, they do *not* actually mirror. Instead, sway assigns a
+workspace to each monitor, as if they were next to each other but,
+confusingly, the cursor appears in *both* monitors. It's extremely
+disorienting.)
+
+The bug report has been open since 2018 and has seen a long
+discussion, but basically no progress. Part of the problem is the
+ticket tries to tackle "more complex configurations" as well, not just
+output mirroring, so it's a long and winding road.
+
+Note that other Wayland compositors (e.g. [Hyprland][], GNOME's
+Mutter) *do* support mirroring, so it's not a fundamental limitation
+of Wayland.
+
+One workaround is to use a tool like [wl-mirror](https://github.com/Ferdi265/wl-mirror) to make a window
+that mirrors a specific output and place *that* in a different
+workspace. That way you place the output you want to mirror *to* next
+to the output you want to mirror *from*, and use wl-mirror to copy
+between the two outputs. The problem is that wl-mirror is [not
+packaged in Debian yet](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012684).
+
+Another workaround mentioned in the thread is to use a [[presentation
+tool|blog/2020-09-30-presentation-tools]] which supports mirroring on
+its own, or presenter notes. So far I have generally found workarounds
+for the problem, but it might be a big limitation for others.
+
 # Improvements over i3
 
 ## Tiling improvements

diff --git a/blog/2023-02-08-major-outage.md b/blog/2023-02-08-major-outage.md
index ed48a17f..67397ac6 100644
--- a/blog/2023-02-08-major-outage.md
+++ b/blog/2023-02-08-major-outage.md
@@ -1,7 +1,7 @@
 [[!meta title="Major outage with Oricom uplink"]]
 
 The server that normally serves this page, all my email, and many more
-services was available for about 24 hours. This post explains how and
+services was unavailable for about 24 hours. This post explains how and
 why.
 
 # What happened?

diff --git a/blog/2023-02-08-major-outage.md b/blog/2023-02-08-major-outage.md
index 52a5edfe..ed48a17f 100644
--- a/blog/2023-02-08-major-outage.md
+++ b/blog/2023-02-08-major-outage.md
@@ -150,3 +150,7 @@ you are (and I'm happy to give credit here if you want to be
 deanonymized)!
 
 [[!tag debian-planet debian outage meta fail networking sysadmin]]
+
+
+<!-- posted to the federation on 2023-02-08T13:04:11.596276 -->
+[[!mastodon "https://kolektiva.social/@Anarcat/109830435722436393"]]
\ No newline at end of file

diff --git a/tag/outage.mdwn b/tag/outage.mdwn
new file mode 100644
index 00000000..baf699dd
--- /dev/null
+++ b/tag/outage.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="pages tagged outage"]]
+
+[[!inline pages="tagged(outage)" actions="no" archive="yes"
+feedshow=10]]

diff --git a/blog/2023-02-08-major-outage.md b/blog/2023-02-08-major-outage.md
index 50127d20..52a5edfe 100644
--- a/blog/2023-02-08-major-outage.md
+++ b/blog/2023-02-08-major-outage.md
@@ -149,4 +149,4 @@ Thanks to everyone who supported me through this ordeal, you know who
 you are (and I'm happy to give credit here if you want to be
 deanonymized)!
 
-[[!tag draft]]
+[[!tag debian-planet debian outage meta fail networking sysadmin]]

diff --git a/blog/2023-02-08-major-outage.md b/blog/2023-02-08-major-outage.md
index 02f6d0b9..50127d20 100644
--- a/blog/2023-02-08-major-outage.md
+++ b/blog/2023-02-08-major-outage.md
@@ -1,78 +1,86 @@
 [[!meta title="Major outage with Oricom uplink"]]
 
 The server that normally serves this page, all my email, and many more
-services is currently unavailable until further notice. This website
-was rebuilt on a Linode virtual machine (thanks [2.5admins](https://2.5admins.com) for the
-credits) while I want on Oricom to fix the link.
+services was available for about 24 hours. This post explains how and
+why.
 
 # What happened?
 
 Starting February 2nd, I started seeing intermittent packet loss on
-the link. Every hour or so, the link would go down for one or two
+the network. Every hour or so, the link would go down for one or two
 minutes, then come back up.
 
-I didn't think much of it at first because I was away and could blame
-it on crappy wifi or the uplink I using then. But when I came in the
-office on Monday, the service was indeed confirmed as seriously
-degraded. I could barely work on videoconferencing calls as they would
-cut out after about half an hour.
-
-I opened a ticket with my uplink, Oricom. They replied saying this was
-an issue they couldn't fix on their end and would need someone onsite
-to fix, with the phone number of their tech support.
-
-So, the next day (Tuesday, at around 10EST) I called Oricom support,
-and they had me do a full modem reset, which involves plugging a pin
-in a hole for 15 seconds on the Technicolor TC4400 cable modem. I did
-that, the link went down, this time for good. Oricom then escalated
-this to their upstream (Oricom is a reseller of Videotron, who has
-basically the monopoly on cable in Québec) which dispatched a
-tech. This tech, in turn, arrived some time after lunch and said the
-link worked fine and it was a hardware issue.
+At first, I didn't think much of it because I was away and could blame
+the crappy wifi or the uplink I using. But when I came in the office
+on Monday, the service was indeed seriously degraded. I could barely
+do videoconferencing calls as they would cut out after about half an
+hour.
+
+I opened a ticket with my uplink, [Oricom](https://www.oricom.ca/). They replied that it
+was an issue they couldn't fix on their end and would need someone on
+site to fix.
+
+So, the next day (Tuesday, at around 10EST) I called Oricom again, and
+they made me do a full modem reset, which involves plugging a pin in a
+hole for 15 seconds on the [Technicolor TC4400](https://help.ncf.ca/Technicolor_TC4400) cable modem.  Then
+the link went down, and it didn't come back up at all.
+
+Boom.
+
+Oricom then escalated this to their upstream (Oricom is a reseller of
+Videotron, who has basically the monopoly on cable in Québec) which
+dispatched a tech. This tech, in turn, arrived some time after lunch
+and said the link worked fine and it was a hardware issue.
 
 At this point, Oricom put a new modem in the mail and I started
-deploying mitigations.
+mitigation.
 
-# Mitigations
+# Mitigation
 
 ## Website
 
 The first thing I did, weirdly, was trying to rebuild this blog. I
 figured it should be pretty simple: install ikiwiki and hit rebuild. I
-knew I had some patches on ikiwiki to deploy, but surely those are not
-a deal breaker, right?
-
-Nope. Turns out I wrote a handful of ikiwiki plugins and those still
-don't ship with ikiwiki, despite having been sent upstream a while
-back, some years ago. So I deployed those inside the `.ikiwiki`
-directory of the site in the hope of making things a little more
-"standalone". Unfortunately, that didn't work either because the theme
-must be shipped in the system-wide location: I couldn't figure out how
-to put it to have it bundled with the main repo. At that point I
-mostly gave up because I had spent too much time on this and I had to
-do something about email otherwise it would start to bounce.
+knew I had some [[patches on ikiwiki|services/wiki]] to deploy, but
+surely those are not a deal breaker, right?
+
+Nope. Turns out I wrote many plugins and those still don't ship with
+ikiwiki, despite having been sent upstream a while back, some [years
+ago](https://ikiwiki.info/plugins/contrib/i18nheadinganchors/). 
+
+So I deployed the plugins inside the `.ikiwiki` directory of the site
+in the hope of making things a little more
+"standalone". Unfortunately, that didn't work either because the
+*theme* must be shipped in the system-wide location: I couldn't figure
+out how to put it to have it bundled with the main repository. At that
+point I mostly gave up because I had spent too much time on this and I
+had to do something about email otherwise it would start to bounce.
 
 ## Email
 
-I made a new VM at Linode. This wasn't the best idea, in retrospect,
-because what I did next was really overkill. I started rebuilding the
-whole mail server from scratch: ideally, this would be in Puppet and I
-would just deploy the right profile and the server would be
-rebuilt. Unfortunately, that part of my infrastructure is not
-Puppetized and even if it would, well the Puppet server was also down
-so I would have had to bring that up first.
+So I made a new VM at Linode (thanks [2.5admins](https://2.5admins.com) for the credits)
+to build a new mail server.
 
-At first I figured I would just make a secondary mail exchanger (MX),
+This wasn't the best idea, in retrospect, because it was really
+overkill: I started rebuilding the whole mail server from scratch.
+
+Ideally, this would be in Puppet and I would just deploy the right
+profile and the server would be rebuilt. Unfortunately, that part of
+my infrastructure is not Puppetized and even if it would, well the
+Puppet server was also down so I would have had to bring that up
+first.
+
+At first, I figured I would just make a secondary mail exchanger (MX),
 to spool mail for longer so that I wouldn't lose it. But I decided
-against that: it's pretty hard to make a "proper" MX as it needs to
-also filter mail to avoid backscatter. Might as well just build a
-whole new server. I had a copy of my full mail spool on my laptop, so
-I just started syncing that up and get on with it.
+against that: I thought it was too hard to make a "proper" MX as it
+needs to also filter mail while avoiding backscatter. Might as well
+just build a whole new server! I had a copy of my full mail spool on
+my laptop, so I figured that was *possible*.
 
 I mostly got this right: added a DKIM key, installed Postfix, Dovecot,
 OpenDKIM, OpenDMARC, glue it all together, and voilà, I had a mail
 server. Oh, and spampd. Oh, and I need the training data, oh, and this
-and that... I wasn't completely done and it was time to sleep.
+and... I wasn't done and it was time to sleep.
 
 The mail server went online this morning, and started accepting
 mail. I tried syncing my laptop mail spool against it, but that failed
@@ -82,17 +90,21 @@ failed to sync. I tried to copy the UIDs from the server in the office
 either.
 
 But at least the mail was getting delivered and stored properly. I
-even had the Sieve rules setup so it would get sorted properly too.
+even had the Sieve rules setup so it would get sorted properly
+too. Unfortunately, I didn't hook *that* up properly, so those didn't
+actually get sorted. Thankfully, Dovecot can re-filter emails with the
+[sieve-filter](https://manpages.debian.org/sieve-filter) command, so that was fixed later.
 
 At this point, I started looking for other things to fix.
 
 ## Web, again
 
 I figured I was almost done with the website, might as well publish
-it. So I installed nginx, got a cert with certbot, and added the certs
-to the default config. I rsync'd my build in `/var/www/html` and boom,
-I had a website. The analytics were timing out, but that was easy to
-turn off.
+it. So I installed the [Nginx Debian package](https://tracker.debian.org/nginx), got a cert with
+[certbot](https://github.com/certbot/certbot/), and added the certs to the default configuration. I
+`rsync`'d my build in `/var/www/html` and boom, I had a website. The
+[Goatcounter](https://www.goatcounter.com/) analytics were timing out, but that was easy to turn
+off.
 
 ## Resolution
 
@@ -103,19 +115,38 @@ was back online.
 So this was a *lot* (a lot!) of work for basically nothing. I could
 have just taken the day off and wait for the package to be
 delivered. It would definitely have been better to make a simpler mail
-exchanger to spool the mail to avoid losing it. 
+exchanger to spool the mail to avoid losing it. And in fact, that's
+what I eventually ended up doing: I converted the linode server in a
+[mail relay](https://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup) to continue accepting mail with DNS propagates, but without
+having to sort the mail out of there...
+
+Right now I have about 200 mails in a mailbox that I need to move back
+into marcos. Normally, this would just be a simple rsync, but because
+both servers have accepted mail simultaneously, it's going to be
+simpler to just move those *exact* mails on there. Because dovecot
+helpfully names delivered files with the hostname it's running on,
+it's easy to find those files and transfer them, basically:
+
+    rsync -v -n --files-from=<(ssh colette.anarc.at find Maildir -name '*colette*' ) colette.anarc.at: colette/
+    rsync -v -n --files-from=<(ssh colette.anarc.at find Maildir -name '*colette*' ) colette/ marcos.anarc.at:
+
+Overall, the outage lasted about 24 hours, from 11:00EST (16:00UTC) on
+2023-02-07 to the same time today.
 
 ## Future work
 
-In fact, I'll probably set up a box like this anyways to keep this
-problem from happening again. At first I thought that mail filtering
-would be a problem, but that happens post queue anyways and I don't
-bounce mail based on spamassassin, so backscatter shouldn't be an
-issue.
+I'll probably keep a mail relay to make those situations more
+manageable in the future. At first I thought that mail filtering would
+be a problem, but that happens post queue anyways and I don't bounce

(fichier de différences tronqué)

diff --git a/blog/2023-02-08-major-outage.md b/blog/2023-02-08-major-outage.md
new file mode 100644
index 00000000..02f6d0b9
--- /dev/null
+++ b/blog/2023-02-08-major-outage.md
@@ -0,0 +1,121 @@
+[[!meta title="Major outage with Oricom uplink"]]
+
+The server that normally serves this page, all my email, and many more
+services is currently unavailable until further notice. This website
+was rebuilt on a Linode virtual machine (thanks [2.5admins](https://2.5admins.com) for the
+credits) while I want on Oricom to fix the link.
+
+# What happened?
+
+Starting February 2nd, I started seeing intermittent packet loss on
+the link. Every hour or so, the link would go down for one or two
+minutes, then come back up.
+
+I didn't think much of it at first because I was away and could blame
+it on crappy wifi or the uplink I using then. But when I came in the
+office on Monday, the service was indeed confirmed as seriously
+degraded. I could barely work on videoconferencing calls as they would
+cut out after about half an hour.
+
+I opened a ticket with my uplink, Oricom. They replied saying this was
+an issue they couldn't fix on their end and would need someone onsite
+to fix, with the phone number of their tech support.
+
+So, the next day (Tuesday, at around 10EST) I called Oricom support,
+and they had me do a full modem reset, which involves plugging a pin
+in a hole for 15 seconds on the Technicolor TC4400 cable modem. I did
+that, the link went down, this time for good. Oricom then escalated
+this to their upstream (Oricom is a reseller of Videotron, who has
+basically the monopoly on cable in Québec) which dispatched a
+tech. This tech, in turn, arrived some time after lunch and said the
+link worked fine and it was a hardware issue.
+
+At this point, Oricom put a new modem in the mail and I started
+deploying mitigations.
+
+# Mitigations
+
+## Website
+
+The first thing I did, weirdly, was trying to rebuild this blog. I
+figured it should be pretty simple: install ikiwiki and hit rebuild. I
+knew I had some patches on ikiwiki to deploy, but surely those are not
+a deal breaker, right?
+
+Nope. Turns out I wrote a handful of ikiwiki plugins and those still
+don't ship with ikiwiki, despite having been sent upstream a while
+back, some years ago. So I deployed those inside the `.ikiwiki`
+directory of the site in the hope of making things a little more
+"standalone". Unfortunately, that didn't work either because the theme
+must be shipped in the system-wide location: I couldn't figure out how
+to put it to have it bundled with the main repo. At that point I
+mostly gave up because I had spent too much time on this and I had to
+do something about email otherwise it would start to bounce.
+
+## Email
+
+I made a new VM at Linode. This wasn't the best idea, in retrospect,
+because what I did next was really overkill. I started rebuilding the
+whole mail server from scratch: ideally, this would be in Puppet and I
+would just deploy the right profile and the server would be
+rebuilt. Unfortunately, that part of my infrastructure is not
+Puppetized and even if it would, well the Puppet server was also down
+so I would have had to bring that up first.
+
+At first I figured I would just make a secondary mail exchanger (MX),
+to spool mail for longer so that I wouldn't lose it. But I decided
+against that: it's pretty hard to make a "proper" MX as it needs to
+also filter mail to avoid backscatter. Might as well just build a
+whole new server. I had a copy of my full mail spool on my laptop, so
+I just started syncing that up and get on with it.
+
+I mostly got this right: added a DKIM key, installed Postfix, Dovecot,
+OpenDKIM, OpenDMARC, glue it all together, and voilà, I had a mail
+server. Oh, and spampd. Oh, and I need the training data, oh, and this
+and that... I wasn't completely done and it was time to sleep.
+
+The mail server went online this morning, and started accepting
+mail. I tried syncing my laptop mail spool against it, but that failed
+because Dovecot generated new UIDs for the emails, and isync correctly
+failed to sync. I tried to copy the UIDs from the server in the office
+(which I had still access to locally), but that somehow didn't work
+either.
+
+But at least the mail was getting delivered and stored properly. I
+even had the Sieve rules setup so it would get sorted properly too.
+
+At this point, I started looking for other things to fix.
+
+## Web, again
+
+I figured I was almost done with the website, might as well publish
+it. So I installed nginx, got a cert with certbot, and added the certs
+to the default config. I rsync'd my build in `/var/www/html` and boom,
+I had a website. The analytics were timing out, but that was easy to
+turn off.
+
+## Resolution
+
+Almost at that exact moment, a bang on the door told me mail was here
+and I had the modem. I plugged it in and a few minutes later, marcos
+was back online.
+
+So this was a *lot* (a lot!) of work for basically nothing. I could
+have just taken the day off and wait for the package to be
+delivered. It would definitely have been better to make a simpler mail
+exchanger to spool the mail to avoid losing it. 
+
+## Future work
+
+In fact, I'll probably set up a box like this anyways to keep this
+problem from happening again. At first I thought that mail filtering
+would be a problem, but that happens post queue anyways and I don't
+bounce mail based on spamassassin, so backscatter shouldn't be an
+issue.
+
+I basically need Postfix, OpenDMARC, and Postgrey. I'm not even sure I
+need OpenDKIM as the server won't process outgoing mail, so it doesn't
+need to *sign* anything, just check incoming signatures, which
+OpenDMARC can (probably?) do.
+
+[[!tag draft]]

diff --git a/.ikiwiki/IkiWiki/Plugin/admonition.pm b/.ikiwiki/IkiWiki/Plugin/admonition.pm
deleted file mode 100644
index 85e4858c..00000000
--- a/.ikiwiki/IkiWiki/Plugin/admonition.pm
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/perl
-# Copyright 2016 Antoine Beaupré
-# Released under GPL version 2
-
-package IkiWiki::Plugin::admonition;
-use utf8;
-use strict;
-use warnings;
-use IkiWiki 3.0;
-
-sub import {
-	hook(type => "getsetup", id => "admonition", call => \&getsetup);
-	# ikiwiki doesn't pass the id, so make multiple subs
-	foreach my $directive (qw(warning caution important note tip)) {
-		hook (type => "preprocess", id => $directive, call => sub { preprocess(@_, id => $directive)})
-	}
-}
-
-sub preprocess {
-	my %params = @_;
-	my $text = shift;
-	my $format = pagetype($pagesources{$params{page}});
-        if (!$format) {
-            print STDERR "undetermined format for page $params{page}, defaulting to mdwn\n";
-            $format = 'mdwn';
-        }
-	$text = IkiWiki::preprocess($params{page}, $params{destpage}, $text);
-	$text = IkiWiki::htmlize($params{page}, $params{destpage}, $format, $text);
-	# we use 'id' here instead of class because that's the hook
-	# keyword above, but it's really a class we're setting, so that we
-	# can reuse it multiple times.
-	return "<div class=\"". $params{'id'} . "\">$text</div>";
-}
-
-sub getsetup () {
-	return
-		plugin => {
-			safe => 1,
-			rebuild => undef,
-			section => "core",
-		},
-}
-1;
diff --git a/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm b/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
deleted file mode 100644
index e7bc0f58..00000000
--- a/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/perl
-package IkiWiki::Plugin::bibtex2html;
-use warnings;
-use strict;
-use IkiWiki 3.00;
-use open qw{:utf8 :std};
-
-sub import {
-    hook(type => "getsetup", id => "bibtex2html",  call => \&getsetup);
-    hook(type => "preprocess", id => "bibtex2html", call => \&bibtex2html);
-}
-
-sub getsetup () {
-    return
-        plugin => {
-            safe => 0,
-            rebuild => undef,
-                        section => "core",
-        },
-}
-
-sub bibtex2html {
-    my %params=@_;
-
-    # check the files exist
-    my $file=shift;
-    if (! defined $file) {
-        error sprintf(gettext('file parameter is required'));
-    }
-    my $near = bestlink($params{page}, $file);
-    if (! $near) {
-        error sprintf(gettext('cannot find bestlink for "%s"'), $file);
-    }
-    if (! exists $pagesources{$near}) {
-        error sprintf(gettext('cannot find file "%s"'), $near);
-    }
-    add_depends($params{page}, $near);
-    $near = srcfile($near);
-    my @bibtex_cmd = (qw[bibtex2html -noheader -nofooter -nobibsource -nodoc -q -o -], $near);
-    
-    open(PIPE, "-|", @bibtex_cmd)
-        || error "can't open pipe to @bibtex_cmd: $!";
-    my $html = join("", <PIPE>);
-    close PIPE;
-    debug "ran @bibtex_cmd: $html";
-    return "<div class=\"bibtex2html\">$html<!-- The above was generated with @bibtex_cmd--></div>";
-}
-
-1;
diff --git a/.ikiwiki/IkiWiki/Plugin/bootstrap.pm b/.ikiwiki/IkiWiki/Plugin/bootstrap.pm
deleted file mode 100644
index 54f788dd..00000000
--- a/.ikiwiki/IkiWiki/Plugin/bootstrap.pm
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/perl
-
-# tweak the HTML output to work better with Bootstrap themes
-
-package IkiWiki::Plugin::bootstrap;
-
-use warnings;
-use strict;
-use IkiWiki 3.00;
-
-sub import {
-	hook(type => "getsetup", id => "bootstrap", call => \&getsetup);
-	hook(type => "sanitize", id => "bootstrap", call => \&sanitize);
-}
-
-sub getsetup () {
-	return
-		plugin => {
-			safe => 1,
-			rebuild => undef,
-			section => "chrome",
-		},
-}
-
-sub sanitize (@) {
-	my %params=@_;
-	$params{content} =~ s/<table>/<table class="table">/g;
-	return $params{content};
-}
-
-1;
diff --git a/.ikiwiki/IkiWiki/Plugin/i18nheadinganchors.pm b/.ikiwiki/IkiWiki/Plugin/i18nheadinganchors.pm
deleted file mode 100644
index 9c3a466f..00000000
--- a/.ikiwiki/IkiWiki/Plugin/i18nheadinganchors.pm
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/usr/bin/perl
-# quick HTML heading id adder by Paul Wise
-# modified for better i18n support by Antoine Beaupré
-package IkiWiki::Plugin::i18nheadinganchors;
-
-use warnings;
-use strict;
-use IkiWiki 3.00;
-use utf8;
-use Text::Unidecode;
-
-sub import {
-	hook(type => "getsetup", id => "i18nheadinganchors", call => \&getsetup);
-	hook(type => "sanitize", id => "i18nheadinganchors", call => \&i18nheadinganchors);
-}
-
-sub getsetup () {
-	return
-		plugin => {
-			safe => 1,
-			rebuild => undef,
-			section => "widget",
-		},
-}
-
-# turn given string into a "slug", retaining whitespace and original unicode script
-# taken from https://stackoverflow.com/questions/4009281/how-can-i-generate-url-slugs-in-perl
-sub slugify {
-       my $input = shift;
-
-       $input = unidecode($input);    # turn it into plain latin script
-       $input =~ tr/\000-\177//cd;    # Strip non-ASCII characters (>127)
-       $input =~ s/[^\w\s-]//g;       # Remove all characters that are not word characters (includes _), spaces, or hyphens
-       $input =~ s/^\s+|\s+$//g;      # Trim whitespace from both ends
-       $input = lc($input);           # Lowercase
-       $input =~ s/[-\s]+/-/g;        # Replace all occurrences of spaces and hyphens with a single hyphen
-
-       return $input;
-}
-
-sub i18nheadinganchors (@) {
-	my %params=@_;
-	my $content=$params{content};
-	$content=~s{<h([0-9])(?:.*?)>([^>]*)</h([0-9])>}{'<h'.$1.' id="'.slugify($2).'">'.$2.'</h'.$3.'>'}gie;
-	return $content;
-}
-
-1
diff --git a/.ikiwiki/IkiWiki/Plugin/mastodon.pm b/.ikiwiki/IkiWiki/Plugin/mastodon.pm
deleted file mode 100644
index dbe613e5..00000000
--- a/.ikiwiki/IkiWiki/Plugin/mastodon.pm
+++ /dev/null

(fichier de différences tronqué)

diff --git a/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm b/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
index b6877e0b..e7bc0f58 100644
--- a/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
+++ b/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
@@ -42,7 +42,7 @@ sub bibtex2html {
         || error "can't open pipe to @bibtex_cmd: $!";
     my $html = join("", <PIPE>);
     close PIPE;
-    #debug "ran @bibtex_cmd: $html";
+    debug "ran @bibtex_cmd: $html";
     return "<div class=\"bibtex2html\">$html<!-- The above was generated with @bibtex_cmd--></div>";
 }
 

diff --git a/.gitignore b/.gitignore
index 61ab04e1..f7c1ba3c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
 *.out
 .ikiwiki/lockfile
 .ikiwiki/transient
+.ikiwiki/indexdb

diff --git a/services/mail.mdwn b/services/mail.mdwn
index fd3178cb..fbdeb529 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -735,19 +735,23 @@ Bayes autolearning. Spampd cron jobs:
 
 Fix permissions:
 
-    cd Maildir/
-    chmod -R g+rX .junk/ .ham/
-    sudo chown -R :spampd .junk/ .ham/
-    # chmod +s .junk/* .ham/* # why??
-    chmod +s tmp
-    sudo chown -R :spampd cur new tmp
+    cd Maildir/ &&
+    chmod -R g+rX . .junk/ .ham/ &&
+    sudo chown -R :spampd .junk/ .ham/ &&
+    chmod g+s .junk/* .ham/* &&
+    chmod g+s tmp &&
+    sudo chown -R :spampd cur new tmp &&
     chmod g+rX cur new tmp -R
 
 First training run:
 
-    [1020]anarcat@marcos:Maildir$ sudo -u spampd sa-learn --ham --progress --max-size=1048576 ~anarcat/Maildir/cur/
+    anarcat@marcos:Maildir$ sudo -u spampd sa-learn --ham --progress --max-size=1048576 ~anarcat/Maildir/cur/
      55% [===============================================================                                                   ]  18.61 msgs/sec 03m03s LEFT
 
+Junk training run:
+
+    sudo -u spampd sa-learn --spam --progress --max-size=0 ~anarcat/Maildir/.junk/cur/
+
 To manually check, use:
 
     sudo -u spampd spamassassin -t -d -x <path>
@@ -768,6 +772,8 @@ See also: <https://wiki.apache.org/spamassassin/SiteWideBayesFeedback>
 
     apt install opendmarc
 
+Choose "no" when prompted to configure the database.
+
 The default config is used except for those additions:
 
     --- a/opendmarc.conf
@@ -1197,3 +1203,100 @@ Other providers that could replace this service include:
  * [Cloudflare](https://developers.cloudflare.com/email-routing/): requires CF hosting your DNS
  * [Fastmail](https://www.fastmail.com/): 5$/mth for 30GB and your own domain
  * immerda.ch also does host emails with your own domain
+
+## new VM setup
+
+This, ideally, should be in Puppet, but in the disaster recover, this
+shiny puppet server was actually down.
+
+## Bootstrap
+
+    apt install postfix postfix-pcre 
+    apt install dovecot-imapd dovecot-sieve dovecot-managesieved
+    apt install postgrey
+    apt install opendkim opendkim-tools
+    apt install opendmarc
+    apt install chrony certbot
+
+Append this to `/etc/postfix/main.cf`:
+
+    mailbox_command = /usr/lib/dovecot/dovecot-lda -a "$RECIPIENT"
+    mailbox_size_limit = 0
+    message_size_limit = 50240000
+    milter_default_action = accept
+    milter_protocol = 6
+    non_smtpd_milters = local:opendkim/opendkim.sock local:opendmarc/opendmarc.sock
+    smtp_address_preference = ipv4
+    smtp_dns_support_level = dnssec
+    smtp_tls_cert_file=${smtpd_tls_cert_file}
+    smtp_tls_key_file=${smtpd_tls_key_file}
+    smtp_tls_mandatory_ciphers = high
+    smtp_tls_security_level = dane
+    smtpd_helo_required = yes
+    smtpd_helo_restrictions = reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
+    smtpd_milters = local:opendkim/opendkim.sock local:opendmarc/opendmarc.sock
+    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, reject_non_fqdn_recipient, reject_unauth_destination, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:10023, reject_rbl_client zen.spamhaus.org
+    smtpd_tls_cert_file = /etc/letsencrypt/live/colette.anarc.at/fullchain.pem
+    smtpd_tls_key_file = /etc/letsencrypt/live/colette.anarc.at/privkey.pem
+
+opendkim:
+
+    # write socket inside postfix's chroot
+    Socket                  local:/var/spool/postfix/opendkim/opendkim.sock
+
+    # key/host mappings
+    SigningTable        refile:/etc/opendkim/signing.table
+    KeyTable        /etc/opendkim/key.table
+
+    # Hosts to generate signatures for
+    InternalHosts       /etc/opendkim/internal.hosts
+    # Hosts to ignore when verifying signatures, same as above
+    ExternalIgnoreList  /etc/opendkim/internal.hosts
+
+
+Populate:
+
+    mkdir -p /var/spool/postfix/opendmarc /etc/opendkim/keys /var/spool/postfix/opendkim
+    chown opendmarc /var/spool/postfix/opendmarc
+    chown opendkim /var/spool/postfix/opendkim
+    adduser postfix opendkim
+    adduser postfix opendmarc
+
+Config dovecot in `conf.d/99-$hostname.conf`:
+
+    lda_mailbox_autocreate = yes
+    lda_mailbox_autosubscribe = yes
+    mail_location = maildir:~/Maildir
+
+restore `/etc/postfix/master.cf`, `/etc/postfix/mydestination` and
+`/etc/aliases` from backups. consider restoring `main.cf` as
+well. hell, just restore all of /etc/postfix from backups at this
+point right? make sure you get `/etc/postfix/header_authenticated_redaction`
+
+Get a cert:
+
+    certbot certonly --standalone -d $(hostname -f)
+
+Enable the cert:
+
+    ln -sf /etc/letsencrypt/live/colette.anarc.at/privkey.pem /etc/dovecot/private/dovecot.key
+    ln -sf /etc/letsencrypt/live/colette.anarc.at/cert.pem /etc/dovecot/private/dovecot.pem
+
+Add the register user:
+    
+    adduser --disabled-password register
+
+spamd install and config
+
+    adduser anarcat spampd
+    sed -i s/^CRON=./CRON=1/ /etc/default/spamassassin
+    echo 'ADDOPTS="--maxsize=1024"' >> /etc/default/spampd
+    cat >> /etc/spamassassin/local.cf
+
+    cd Maildir/ &&
+    chmod -R g+rX . .junk/ .ham/ &&
+    sudo chown -R :spampd .junk/ .ham/ &&
+    chmod +gs .junk/* .ham/* &&
+    chmod +gs tmp &&
+    sudo chown -R :spampd cur new tmp &&
+    chmod g+rX cur new tmp -R

diff --git a/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm b/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
index e7bc0f58..b6877e0b 100644
--- a/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
+++ b/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
@@ -42,7 +42,7 @@ sub bibtex2html {
         || error "can't open pipe to @bibtex_cmd: $!";
     my $html = join("", <PIPE>);
     close PIPE;
-    debug "ran @bibtex_cmd: $html";
+    #debug "ran @bibtex_cmd: $html";
     return "<div class=\"bibtex2html\">$html<!-- The above was generated with @bibtex_cmd--></div>";
 }
 

diff --git a/.gitignore b/.gitignore
index 9644188a..61ab04e1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,8 @@
-/.ikiwiki
 /recentchanges
 *.aux
 *.log
 *.bbl
 *.blg
 *.out
+.ikiwiki/lockfile
+.ikiwiki/transient
diff --git a/.ikiwiki/IkiWiki/Plugin/admonition.pm b/.ikiwiki/IkiWiki/Plugin/admonition.pm
new file mode 100644
index 00000000..85e4858c
--- /dev/null
+++ b/.ikiwiki/IkiWiki/Plugin/admonition.pm
@@ -0,0 +1,43 @@
+#!/usr/bin/perl
+# Copyright 2016 Antoine Beaupré
+# Released under GPL version 2
+
+package IkiWiki::Plugin::admonition;
+use utf8;
+use strict;
+use warnings;
+use IkiWiki 3.0;
+
+sub import {
+	hook(type => "getsetup", id => "admonition", call => \&getsetup);
+	# ikiwiki doesn't pass the id, so make multiple subs
+	foreach my $directive (qw(warning caution important note tip)) {
+		hook (type => "preprocess", id => $directive, call => sub { preprocess(@_, id => $directive)})
+	}
+}
+
+sub preprocess {
+	my %params = @_;
+	my $text = shift;
+	my $format = pagetype($pagesources{$params{page}});
+        if (!$format) {
+            print STDERR "undetermined format for page $params{page}, defaulting to mdwn\n";
+            $format = 'mdwn';
+        }
+	$text = IkiWiki::preprocess($params{page}, $params{destpage}, $text);
+	$text = IkiWiki::htmlize($params{page}, $params{destpage}, $format, $text);
+	# we use 'id' here instead of class because that's the hook
+	# keyword above, but it's really a class we're setting, so that we
+	# can reuse it multiple times.
+	return "<div class=\"". $params{'id'} . "\">$text</div>";
+}
+
+sub getsetup () {
+	return
+		plugin => {
+			safe => 1,
+			rebuild => undef,
+			section => "core",
+		},
+}
+1;
diff --git a/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm b/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
new file mode 100644
index 00000000..e7bc0f58
--- /dev/null
+++ b/.ikiwiki/IkiWiki/Plugin/bibtex2html.pm
@@ -0,0 +1,49 @@
+#!/usr/bin/perl
+package IkiWiki::Plugin::bibtex2html;
+use warnings;
+use strict;
+use IkiWiki 3.00;
+use open qw{:utf8 :std};
+
+sub import {
+    hook(type => "getsetup", id => "bibtex2html",  call => \&getsetup);
+    hook(type => "preprocess", id => "bibtex2html", call => \&bibtex2html);
+}
+
+sub getsetup () {
+    return
+        plugin => {
+            safe => 0,
+            rebuild => undef,
+                        section => "core",
+        },
+}
+
+sub bibtex2html {
+    my %params=@_;
+
+    # check the files exist
+    my $file=shift;
+    if (! defined $file) {
+        error sprintf(gettext('file parameter is required'));
+    }
+    my $near = bestlink($params{page}, $file);
+    if (! $near) {
+        error sprintf(gettext('cannot find bestlink for "%s"'), $file);
+    }
+    if (! exists $pagesources{$near}) {
+        error sprintf(gettext('cannot find file "%s"'), $near);
+    }
+    add_depends($params{page}, $near);
+    $near = srcfile($near);
+    my @bibtex_cmd = (qw[bibtex2html -noheader -nofooter -nobibsource -nodoc -q -o -], $near);
+    
+    open(PIPE, "-|", @bibtex_cmd)
+        || error "can't open pipe to @bibtex_cmd: $!";
+    my $html = join("", <PIPE>);
+    close PIPE;
+    debug "ran @bibtex_cmd: $html";
+    return "<div class=\"bibtex2html\">$html<!-- The above was generated with @bibtex_cmd--></div>";
+}
+
+1;
diff --git a/.ikiwiki/IkiWiki/Plugin/bootstrap.pm b/.ikiwiki/IkiWiki/Plugin/bootstrap.pm
new file mode 100644
index 00000000..54f788dd
--- /dev/null
+++ b/.ikiwiki/IkiWiki/Plugin/bootstrap.pm
@@ -0,0 +1,31 @@
+#!/usr/bin/perl
+
+# tweak the HTML output to work better with Bootstrap themes
+
+package IkiWiki::Plugin::bootstrap;
+
+use warnings;
+use strict;
+use IkiWiki 3.00;
+
+sub import {
+	hook(type => "getsetup", id => "bootstrap", call => \&getsetup);
+	hook(type => "sanitize", id => "bootstrap", call => \&sanitize);
+}
+
+sub getsetup () {
+	return
+		plugin => {
+			safe => 1,
+			rebuild => undef,
+			section => "chrome",
+		},
+}
+
+sub sanitize (@) {
+	my %params=@_;
+	$params{content} =~ s/<table>/<table class="table">/g;
+	return $params{content};
+}
+
+1;
diff --git a/.ikiwiki/IkiWiki/Plugin/i18nheadinganchors.pm b/.ikiwiki/IkiWiki/Plugin/i18nheadinganchors.pm
new file mode 100644
index 00000000..9c3a466f
--- /dev/null
+++ b/.ikiwiki/IkiWiki/Plugin/i18nheadinganchors.pm
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+# quick HTML heading id adder by Paul Wise
+# modified for better i18n support by Antoine Beaupré
+package IkiWiki::Plugin::i18nheadinganchors;
+
+use warnings;
+use strict;
+use IkiWiki 3.00;
+use utf8;
+use Text::Unidecode;
+
+sub import {
+	hook(type => "getsetup", id => "i18nheadinganchors", call => \&getsetup);
+	hook(type => "sanitize", id => "i18nheadinganchors", call => \&i18nheadinganchors);
+}
+
+sub getsetup () {
+	return
+		plugin => {
+			safe => 1,
+			rebuild => undef,
+			section => "widget",
+		},
+}
+
+# turn given string into a "slug", retaining whitespace and original unicode script
+# taken from https://stackoverflow.com/questions/4009281/how-can-i-generate-url-slugs-in-perl
+sub slugify {
+       my $input = shift;
+
+       $input = unidecode($input);    # turn it into plain latin script
+       $input =~ tr/\000-\177//cd;    # Strip non-ASCII characters (>127)
+       $input =~ s/[^\w\s-]//g;       # Remove all characters that are not word characters (includes _), spaces, or hyphens
+       $input =~ s/^\s+|\s+$//g;      # Trim whitespace from both ends
+       $input = lc($input);           # Lowercase
+       $input =~ s/[-\s]+/-/g;        # Replace all occurrences of spaces and hyphens with a single hyphen
+
+       return $input;
+}

(fichier de différences tronqué)

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 3dc425b0..59a70c45 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -935,9 +935,10 @@ how many things you were using are tightly bound to X.
    Debian. So I put together [this other bespoke hack][] from
    multiple sources, which works.
 
- * PDF viewer: currently using atril (which supports Wayland), could
-   also just switch to zatura/mupdf permanently, see also [[calibre]]
-   for a discussion on document viewers
+ * PDF viewer: currently using atril and sioyek (both of which
+   supports Wayland), could also just switch to zatura/mupdf
+   permanently, see also [[calibre]] for a discussion on document
+   viewers
 
 See also [this list of useful addons][] and [this other list][] for other app alternatives.
 

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index cb01a02d..3dc425b0 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -113,7 +113,7 @@ notice.)
 
 There were also frustrating glitches in the UI, in general. I actually
 had to setup a compositor alongside i3 to make things bearable at
-all. Video playback in a window was laggy, sluggish, and out of sync.
+all. Video playback in a window was lagging, sluggish, and out of sync.
 
 Wayland fixed all of this.
 
@@ -286,12 +286,13 @@ the above trick doesn't actually work, even if the environment
 (`XDG_SESSION_TYPE`) *is* set correctly, because we don't have
 conditionals in [environment.d(5)][].
 
-(Note that [systemd.environment-generator(7)][] *do* support running
-arbitrary commands to generate environment, but for some some do not
-support user-specific configuration files... Even then it *may* be a
-solution to have a conditional `MOZ_ENABLE_WAYLAND` environment, but
-I'm not sure it would work because ordering between those two isn't
-clear: maybe the `XDG_SESSION_TYPE` wouldn't be set just yet...)
+(Note that [systemd.environment-generator(7)][] *does* support running
+arbitrary commands to generate environment, but for some reason does
+not support user-specific configuration files: it only looks at system
+directories... Even then it *may* be a solution to have a conditional
+`MOZ_ENABLE_WAYLAND` environment, but I'm not sure it would work
+because ordering between those two isn't clear: maybe the
+`XDG_SESSION_TYPE` wouldn't be set just yet...)
 
 At first, I made [this ridiculous script][] to workaround those
 issues. Really, it seems to me Firefox should just parse the
@@ -315,7 +316,7 @@ change to take effect.
 
 Without those tools, it shows the usual permission prompt with "Use
 operating system settings" as the only choice, but when we accept...
-nothing happens. After installing the portals, it actualyl works, and
+nothing happens. After installing the portals, it actually works, and
 works well!
 
 This was tested in Debian bookworm/testing with Firefox ESR 102 and
@@ -361,7 +362,7 @@ To start chrome with the Wayland backend, you need to use:
 If it shows an ugly gray border, check the `Use system title bar and
 borders` setting.
 
-It can do *some* screensharing. Sharing a window and a tab seems to
+It can do *some* screen sharing. Sharing a window and a tab seems to
 work, but sharing a full screen doesn't: it's all black. Maybe not
 ready for prime time. 
 
@@ -448,7 +449,7 @@ Sept. 2022) list the following alternatives:
 
  * [gammastep][]: in Debian, panel indicator, seems good
  * [clight][]: uses the webcam to probe for light
- * [wl-gammaray][]: fork of gammastep, runs as a DBUS service
+ * [wl-gammaray][]: fork of gammastep, runs as a DBus service
  * [wlsunset][]: [WNPP][]
 
 I configured `gammastep` with a simple [[gammastep.service]] file

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index b824542c..cb01a02d 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -970,14 +970,15 @@ Wayland, or when they do, which one should be used. But for some basic
 tools, it seems the options are actually quite clear. If that's the
 case, they should be listed here:
 
-| X11          | Wayland               | In Debian |
-|--------------|-----------------------|-----------|
-| `arandr`     | [wdisplays][]         | yes       |
-| `autorandr`  | [kanshi][]            | yes       |
-| `xdotool`    | [wtype][]             | yes       |
-| `xev`        | [wev][]               | yes       |
-| `xlsclients` | `swaymsg -t get_tree` | yes       |
-| `xrandr`     | [wlr-randr][]         | yes       |
+| X11          | Wayland                             | In Debian |
+|--------------|-------------------------------------|-----------|
+| `arandr`     | [wdisplays][]                       | yes       |
+| `autorandr`  | [kanshi][]                          | yes       |
+| `xdotool`    | [wtype][]                           | yes       |
+| `xev`        | [wev][]                             | yes       |
+| `xlsclients` | `swaymsg -t get_tree`               | yes       |
+| `xprop`      | [wlprop][] or `swaymsg -t get_tree` | no        |
+| `xrandr`     | [wlr-randr][]                       | yes       |
 
 [lswt][] is a more direct replacement for `xlsclients` but is not
 packaged in Debian.
@@ -986,6 +987,7 @@ packaged in Debian.
 [wev]: https://git.sr.ht/~sircmpwn/wev
 [wlr-randr]: https://sr.ht/~emersion/wlr-randr/
 [kanshi]: https://sr.ht/~emersion/kanshi/
+[wlprop]: https://gist.github.com/crispyricepc/f313386043395ff06570e02af2d9a8e0
 
 See also:
 

diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 1db72644..b824542c 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -84,7 +84,7 @@ minor releases are still coming out, e.g. [21.1.4][]). Indeed, it
 seems even core Xorg people have moved on to developing Wayland, or at
 least Xwayland, which was spun off it its own source tree.
 
-X, or at least Xorg, in in maintenance mode and has been for
+X, or at least Xorg, is in maintenance mode and has been for
 years. Granted, the [X Window System][] is getting close to forty
 years old at this point: it got us amazingly far for something that
 was designed around the time the [first][] [graphical

diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn
index 860c0bce..55a6c5b1 100644
--- a/hardware/monitor.mdwn
+++ b/hardware/monitor.mdwn
@@ -28,11 +28,12 @@ what works and doesn't, in descending order of (totally subjective)
 |--------------------------------|------------------|-------|----------|------|-------------------------|----------------------------------------|----------|
 | [Samsung B2330H][]             | 1920x1080@60Hz   | 23"   | 70000:1  | 5ms  | VGA HDMI DVI            | molten hole in the back                | alexis   |
 | [LG Flatron Wide L204WTX-SF][] | 1680x1050@60Hz   | 20"   | 2000:1   | 5ms  | VGA DVI                 | looks great, one dead pixel            | curie    |
-| [Acer X193w][]                 | 1440x900@75Hz    | 19"   | 2000:1   | 5ms  | VGA DVI                 | clean and simple, top partially melted | curie    |
-| [Acer P186HV][]                | 1366x768@60Hz    | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty                    |          |
+| [Acer X193w][]                 | 1440x900@75Hz    | 19"   | 2000:1   | 5ms  | VGA                     | clean and simple, top partially melted | curie    |
+| [Acer P186HV][]                | 1366x768@60Hz    | 18.5" | 5000:1   | 5ms  | VGA                     | display looks dusty                    | simon    |
 | [HP L2245wg][]                 | 1680x1050 @ 60Hz | 22"   | 1000:1   | 5ms  | VGA DVI 2xUSB           | LCD TN Film, rotating, 45-65W          | ex-curie |
 | [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating                 | marcos   |
-| [LG Flatron L1718S][]          | 1280x1024@75Hz   | 17"   | 700:1    | ?    | VGA                     | square, 35W                            |          |
+| [Dell 1704FPvt][]              | 1280x1024@60Hz   | 17"   | 1000:1   | 25ms | VGA DVI 4xUSB           | looks square, rotating                 | spare    |
+| [LG Flatron L1718S][]          | 1280x1024@75Hz   | 17"   | 700:1    | ?    | VGA                     | square, 35W                            | lost?    |
 | [Toshiba 19AV500U][]           | 1440x900@?Hz     | 19"   | ?        | ?    | VGA HDMI component coax | it's a TV! not working in Linux?       |          |
 
 [HP L2245wg]: https://www.cnet.com/products/hp-l2245wg/

diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md
index d1630d8c..efc264c4 100644
--- a/hardware/laptop/framework-12th-gen.md
+++ b/hardware/laptop/framework-12th-gen.md
@@ -1887,6 +1887,7 @@ long road trip across the continental US.
    * [keyboard mod](https://www.tindie.com/products/crimier/framework-input-cover-controller/) (i.e. turn the Framework keyboard, touch pad,
      fingerprint reader and power buttons into a "normal" USB keyboard
      and hub)
+   * [triple screen laptop mod](https://diyperks.com/diy-perks-triple-screen-laptop/) ([video](https://www.youtube.com/watch?v=aUKpY0o5tMo))
 
  * [Debian installation report](https://wiki.debian.org/InstallingDebianOn/FrameWork/12thGen), has good tips on the firmware
    hacks necessary

diff --git a/blog/2023-01-07-bring-back-blogging.md b/blog/2023-01-07-bring-back-blogging.md
index 55d8790f..8222f6a1 100644
--- a/blog/2023-01-07-bring-back-blogging.md
+++ b/blog/2023-01-07-bring-back-blogging.md
@@ -98,4 +98,4 @@ PS: I wish I had time to do a [[review of my visitors like i did for
 2021|blog/2022-01-28-one-year-visitors]] but time is missing.
 
 [[!tag gloating meta debian-planet]]
-[[!mastodon host=kolektiva.social username=Anarcat post=109651820907589631]]
+[[!mastodon https://kolektiva.social/@Anarcat/109651820907589631]]

diff --git a/blog/2021-11-21-mbsync-vs-offlineimap.md b/blog/2021-11-21-mbsync-vs-offlineimap.md
index 53512456..b7f5c044 100644
--- a/blog/2021-11-21-mbsync-vs-offlineimap.md
+++ b/blog/2021-11-21-mbsync-vs-offlineimap.md
@@ -1086,3 +1086,4 @@ about the promises of interimap and mail-sync, but I have ran out of
 time on this project.
 
 [[!tag debian-planet python-planet  email software syncmaildir sysadmin]]
+[[!mastodon https://kolektiva.social/@Anarcat/109784685829819533]]

diff --git a/services/upgrades/bookworm.md b/services/upgrades/bookworm.md
index b066f761..35121544 100644
--- a/services/upgrades/bookworm.md
+++ b/services/upgrades/bookworm.md
@@ -209,21 +209,21 @@ This table summarizes package version changes I find interesting.
 
 TODO
 
-| Package     | Bullseye | Bookworm | Notes |
-|-------------|----------|----------|-------|
-| APT         |          |          |       |
-| Browserpass |          |          |       |
-| Docker      |          |          |       |
-| Emacs       |          |          |       |
-| Firefox     |          |          |       |
-| Ganeti      |          |          |       |
-| GNOME       |          |          |       |
-| Inkscape    |          |          |       |
-| Libreoffice |          |          |       |
-| OpenSSH     |          |          |       |
-| Postgresql  |          |          |       |
-| Python      |          |          |       |
-| Puppet      |          |          |       |
+| Package     | Bullseye | Bookworm | Notes                       |
+|-------------|----------|----------|-----------------------------|
+| APT         |          |          |                             |
+| Browserpass |          |          |                             |
+| Docker      |          |          |                             |
+| Emacs       |          |          |                             |
+| Firefox     |          |          |                             |
+| Ganeti      |          |          |                             |
+| GNOME       |          |          |                             |
+| Inkscape    |          |          |                             |
+| Libreoffice |          |          |                             |
+| OpenSSH     |          |          |                             |
+| Postgresql  |          |          |                             |
+| Python      | 3.9.2    | 3.10     | Python 2 removed completely |
+| Puppet      |          |          |                             |
 
 [apt-2.2]: https://blog.jak-linux.org/2021/02/18/apt-2.2/
 [apt-2.0]: https://blog.jak-linux.org/2020/03/07/apt-2.0/
@@ -239,6 +239,9 @@ list.
 
 TODO
 
+Python 2 was completely removed from Debian, a long-term task that had
+already started with bullseye, but not completed.
+
 See also the [noteworthy obsolete packages](https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages) list.
 
 ## Puppet server upgrade