Recent changes to this wiki:

add news item for github-backup 1.20141031
diff --git a/code/github-backup/news/version_1.20140707.mdwn b/code/github-backup/news/version_1.20140707.mdwn
deleted file mode 100644
index ed63eea..0000000
--- a/code/github-backup/news/version_1.20140707.mdwn
+++ /dev/null
@@ -1,7 +0,0 @@
-github-backup 1.20140707 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Add --exclude to skip backing up a specific repository
-     when backing up a user or organization's repositories.
-     Closes: #[754072](http://bugs.debian.org/754072)
-   * Converted to using optparse-applicative.
-   * Multiple usernames can now be specified to back up at once."""]]
\ No newline at end of file
diff --git a/code/github-backup/news/version_1.20141031.mdwn b/code/github-backup/news/version_1.20141031.mdwn
new file mode 100644
index 0000000..8a79eda
--- /dev/null
+++ b/code/github-backup/news/version_1.20141031.mdwn
@@ -0,0 +1,7 @@
+github-backup 1.20141031 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Adjust cabal file for network-uri split.
+   * Avoid using optparse-applicate's argument combinator, so it will build
+     with 0.11 and older too.
+   * Various updates to internal git and utility libraries shared with
+     git-annex."""]]
\ No newline at end of file

Added a comment
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd/comment_5_057aff1b495bd7f5f58d5a25914382e6._comment b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_5_057aff1b495bd7f5f58d5a25914382e6._comment
new file mode 100644
index 0000000..25b0067
--- /dev/null
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_5_057aff1b495bd7f5f58d5a25914382e6._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawkwGyT-xQG956hj3PjmNMoQb_iqdOALS9Q"
+ nickname="Mantas"
+ subject="comment 5"
+ date="2014-10-28T10:09:34Z"
+ content="""
+I think almost all x86 systems have a RTC with wake support.
+
+The \"\*IgnoreInhibited\" settings shouldn't be needed; they're about the lid overriding normal \"sleep\" inhibitors, not handle-\* ones.
+"""]]

Added a comment: per-user unit
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd/comment_4_225414e1d42e4882c5f6979d66734dec._comment b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_4_225414e1d42e4882c5f6979d66734dec._comment
new file mode 100644
index 0000000..bd808c8
--- /dev/null
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_4_225414e1d42e4882c5f6979d66734dec._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawkk-9UbXJdtsz_3c1Sxjo7TCAPlfm5zE08"
+ nickname="Lennart"
+ subject="per-user unit"
+ date="2014-10-28T09:56:57Z"
+ content="""
+Heya! Unfortunately this wouldn't work as a per-user unit btw, as WakeSystem= timers require privileges.
+
+The Unit=goodmorning.service line is implied btw. Persistent=false is the default, so could be dropped too.
+
+Lennart
+"""]]

Added a comment
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd/comment_3_54c05708f76ff01b74272ce6813aa60e._comment b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_3_54c05708f76ff01b74272ce6813aa60e._comment
new file mode 100644
index 0000000..9224d69
--- /dev/null
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_3_54c05708f76ff01b74272ce6813aa60e._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmeUbp_bTPJg__VA4WR7RFrmocmmkeWwx0"
+ nickname="Franco"
+ subject="comment 3"
+ date="2014-10-28T05:35:03Z"
+ content="""
+crond, this unknown daemon that will do the same in only one line and exists tens of years before systemd...
+"""]]

typo
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
index 062fcce..7963427 100644
--- a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
@@ -66,7 +66,7 @@ available that is.
 
 Also, notice the  `ConditionACPower=true`, which I added once I realized I
 don't want the job to run if I forgot to leave the laptop plugged in
-overnight. Technically, it will still wake up when on batter power, but
+overnight. Technically, it will still wake up when on battery power, but
 then it should go right back to sleep.
 
 Quite a lot of nice peices of systemd all working together here!

reorg
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
index d753641..062fcce 100644
--- a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
@@ -55,15 +55,15 @@ is not to let systemd-inhibit block sleep on lid close.
 
 ## almost too easy
 
+I don't think this would be anywhere near as easy to do without systemd,
+logind, etc. Especially the handling of waking the system at the right
+time, and the behavior around lid sleep inhibiting.
+
 The WakeSystem=true relies on some 
 [hardware support for waking from sleep](https://en.wikipedia.org/wiki/Real-time_clock_alarm);
 my laptop supported it with no trouble but I don't know how broadly
 available that is.
 
-I don't think this would be anywhere near as easy to do without systemd,
-logind, etc. Especially the handling of waking the system at the right
-time, and the behavior around lid sleep inhibiting.
-
 Also, notice the  `ConditionACPower=true`, which I added once I realized I
 don't want the job to run if I forgot to leave the laptop plugged in
 overnight. Technically, it will still wake up when on batter power, but

updates
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
index 83c0837..d753641 100644
--- a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
@@ -15,7 +15,7 @@ This took some time to figure out, but it's surprisingly simple.
 Besides ~/bin/goodmorning, which can be any program/script,
 I needed just two files to configure systemd to do this.
 
-First, `/etc/systemd/system/goodmorning.timer`
+## /etc/systemd/system/goodmorning.timer
 
 <pre>
 [Unit]
@@ -31,7 +31,7 @@ Persistent=false
 WantedBy=multi-user.target
 </pre>
 
-Second, `/etc/systemd/system/goodmorning.service`
+## /etc/systemd/system/goodmorning.service
 
 <pre>
 [Unit]
@@ -42,35 +42,53 @@ ConditionACPower=true
 
 [Service]
 Type=oneshot
-ExecStart=/bin/sh -c 'systemd-inhibit --what=handle-lid-switch --why=goodmorning /bin/su joey -c /home/joey/bin/goodmorning; if ! grep -q open /proc/acpi/button/lid/LID0/state; then systemctl suspend; fi'
+ExecStart=/bin/systemd-inhibit --what=handle-lid-switch --why=goodmorning /bin/su joey -c /home/joey/bin/goodmorning
 </pre>
 
-After installing these files, run (as root): `systemctl enable goodmorning.timer; systemctl start goodmorning.timer`
+## installation
+
+After installing those files, run (as root): `systemctl enable goodmorning.timer; systemctl start goodmorning.timer`
 
 Then, you'll also need to edit `/etc/systemd/logind.conf`, and
 set `LidSwitchIgnoreInhibited=no` -- this overrides the default, which
 is not to let systemd-inhibit block sleep on lid close.
 
-The WakeSystem=true relies on some hardware support for waking from sleep;
+## almost too easy
+
+The WakeSystem=true relies on some 
+[hardware support for waking from sleep](https://en.wikipedia.org/wiki/Real-time_clock_alarm);
 my laptop supported it with no trouble but I don't know how broadly
 available that is.
 
 I don't think this would be anywhere near as easy to do without systemd,
 logind, etc. Especially the handling of waking the system at the right
-time, and the behavior around lid sleep inhibiting. Also, notice the 
-`ConditionACPower=true`, which I added once I realized I don't want
-the job to run if I forgot to leave the laptop plugged in overnight.
+time, and the behavior around lid sleep inhibiting.
+
+Also, notice the  `ConditionACPower=true`, which I added once I realized I
+don't want the job to run if I forgot to leave the laptop plugged in
+overnight. Technically, it will still wake up when on batter power, but
+then it should go right back to sleep.
+
 Quite a lot of nice peices of systemd all working together here!
 
-Unfortunately, xfce4-power-manager reimplements its own lid switch handling,
-overriding systemd's, and this cannot be disabled. That's why the ExecStart
-above checks if the lid is still closed at the end, and manually suspends. That
-hack is not necessary when not using xfce4-power-manager.
+## xfce workaround
+
+If using xfce, xfce4-power-manager takes over handling of lid close from
+systemd, and currently prevents the system from going back to sleep if the
+lid is still closed when goodmorning finishes. Happily, there is an easy
+workaround; this configures xfce to not override the lid switch behavior:
 
-(It would perhaps be better to use the per-user systemd, not the system wide
+`xfconf-query -c xfce4-power-manager -n -p /xfce4-power-manager/logind-handle-lid-switch -t bool -s true`
+
+Other desktop environments may have similar issues.
+
+## why not a per-user unit?
+
+It would perhaps be better to use the per-user systemd, not the system wide
 one. Then I could change the time the alarm runs without using root.
+
 What's prevented me from doing this is that systemd-inhibit uses policykit,
 and policykit prevents it from being used in this situation. It's a lot
-easier to run it as root and use su, than it is to reconfigure policykit.)
+easier to run it as root and use su, than it is to reconfigure policykit.
 
 [[!meta title="a programmable alarm clock using systemd"]]

boo
diff --git a/index.mdwn b/index.mdwn
index 12a7a41..fbe185a 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -45,5 +45,5 @@ input#searchbox {
 show=5 feeds=no archive=yes]]
 """]]
 
-[[!meta openid="https://joeyh.name/"
+[[!meta openid="http://joeyh.name/"
 server="http://openid.kitenet.net:8081/simpleid/"]]

switch to https
diff --git a/index.mdwn b/index.mdwn
index fbe185a..12a7a41 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -45,5 +45,5 @@ input#searchbox {
 show=5 feeds=no archive=yes]]
 """]]
 
-[[!meta openid="http://joeyh.name/"
+[[!meta openid="https://joeyh.name/"
 server="http://openid.kitenet.net:8081/simpleid/"]]

Added a comment
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd/comment_2_3071b3486b4d9f7a2c77a35829f4b5ba._comment b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_2_3071b3486b4d9f7a2c77a35829f4b5ba._comment
new file mode 100644
index 0000000..b819d5b
--- /dev/null
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_2_3071b3486b4d9f7a2c77a35829f4b5ba._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://www.kitenet.net/"
+ ip="67.223.1.203"
+ subject="comment 2"
+ date="2014-10-27T16:26:59Z"
+ content="""
+systemd-inhibit can only be used in a login session, or by root, that's why the command has to run as root.
+"""]]

openid tweak
diff --git a/index.mdwn b/index.mdwn
index 59a79a9..fbe185a 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -45,5 +45,5 @@ input#searchbox {
 show=5 feeds=no archive=yes]]
 """]]
 
-[[!meta openid="http://kitenet.net/"
+[[!meta openid="http://joeyh.name/"
 server="http://openid.kitenet.net:8081/simpleid/"]]

Revert "openid tweak"
This reverts commit cfff21db8880c746c936110efe95f504d81fb8b5.
diff --git a/index.mdwn b/index.mdwn
index fbe185a..59a79a9 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -45,5 +45,5 @@ input#searchbox {
 show=5 feeds=no archive=yes]]
 """]]
 
-[[!meta openid="http://joeyh.name/"
+[[!meta openid="http://kitenet.net/"
 server="http://openid.kitenet.net:8081/simpleid/"]]

openid tweak
diff --git a/index.mdwn b/index.mdwn
index 59a79a9..fbe185a 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -45,5 +45,5 @@ input#searchbox {
 show=5 feeds=no archive=yes]]
 """]]
 
-[[!meta openid="http://kitenet.net/"
+[[!meta openid="http://joeyh.name/"
 server="http://openid.kitenet.net:8081/simpleid/"]]

hack around xfce4-power-manager
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
index 2db93c0..83c0837 100644
--- a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
@@ -42,7 +42,7 @@ ConditionACPower=true
 
 [Service]
 Type=oneshot
-ExecStart=/bin/systemd-inhibit --what=handle-lid-switch --why=goodmorning /bin/su joey -c /home/joey/bin/goodmorning
+ExecStart=/bin/sh -c 'systemd-inhibit --what=handle-lid-switch --why=goodmorning /bin/su joey -c /home/joey/bin/goodmorning; if ! grep -q open /proc/acpi/button/lid/LID0/state; then systemctl suspend; fi'
 </pre>
 
 After installing these files, run (as root): `systemctl enable goodmorning.timer; systemctl start goodmorning.timer`
@@ -62,6 +62,11 @@ time, and the behavior around lid sleep inhibiting. Also, notice the
 the job to run if I forgot to leave the laptop plugged in overnight.
 Quite a lot of nice peices of systemd all working together here!
 
+Unfortunately, xfce4-power-manager reimplements its own lid switch handling,
+overriding systemd's, and this cannot be disabled. That's why the ExecStart
+above checks if the lid is still closed at the end, and manually suspends. That
+hack is not necessary when not using xfce4-power-manager.
+
 (It would perhaps be better to use the per-user systemd, not the system wide
 one. Then I could change the time the alarm runs without using root.
 What's prevented me from doing this is that systemd-inhibit uses policykit,

Added a comment: "su joey"
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd/comment_1_d6ff3f45e50fcb74959a3d359e586a7b._comment b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_1_d6ff3f45e50fcb74959a3d359e586a7b._comment
new file mode 100644
index 0000000..53c7b81
--- /dev/null
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd/comment_1_d6ff3f45e50fcb74959a3d359e586a7b._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="jordi"
+ ip="83.34.195.195"
+ subject="&quot;su joey&quot;"
+ date="2014-10-27T09:03:32Z"
+ content="""
+Just wondering, can't you use \"User/Group=joey\" instead of su joey -c?
+"""]]

update to not run job when off AC power
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
index 7a92662..2db93c0 100644
--- a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
@@ -38,6 +38,7 @@ Second, `/etc/systemd/system/goodmorning.service`
 Description=good morning
 RefuseManualStart=true
 RefuseManualStop=true
+ConditionACPower=true
 
 [Service]
 Type=oneshot
@@ -56,7 +57,10 @@ available that is.
 
 I don't think this would be anywhere near as easy to do without systemd,
 logind, etc. Especially the handling of waking the system at the right
-time, and the behavior around lid sleep inhibiting.
+time, and the behavior around lid sleep inhibiting. Also, notice the 
+`ConditionACPower=true`, which I added once I realized I don't want
+the job to run if I forgot to leave the laptop plugged in overnight.
+Quite a lot of nice peices of systemd all working together here!
 
 (It would perhaps be better to use the per-user systemd, not the system wide
 one. Then I could change the time the alarm runs without using root.

blog update
diff --git a/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
new file mode 100644
index 0000000..7a92662
--- /dev/null
+++ b/blog/entry/a_programmable_alarm_clock_using_systemd.mdwn
@@ -0,0 +1,67 @@
+I've taught my laptop to wake up at 7:30 in the morning. When it does, it
+will run [whatever's in my ~/bin/goodmorning script](http://git.kitenet.net/?p=joey/home.git;a=blob;f=bin/goodmorning;h=567f50f0595c6111bc416c0e5b2dd1de09214790;hb=HEAD). Then, if the lid is
+still closed, it will go back to sleep again.
+
+So, it's a programmable alarm clock that doesn't need the laptop to be left
+turned on to work.
+
+But it doesn't have to make noise and wake me up (I rarely want to be woken
+up by an alarm; the sun coming in the window is a much nicer method).
+It can handle other tasks like downloading my email, before I wake up. When
+I'm at home and on dialup, this tends to take an hour in the morning, so
+it's nice to let it happen before I get up.
+
+This took some time to figure out, but it's surprisingly simple.
+Besides ~/bin/goodmorning, which can be any program/script,
+I needed just two files to configure systemd to do this.
+
+First, `/etc/systemd/system/goodmorning.timer`
+
+<pre>
+[Unit]
+Description=good morning
+
+[Timer]
+Unit=goodmorning.service
+OnCalendar=*-*-* 7:30
+WakeSystem=true
+Persistent=false
+
+[Install]
+WantedBy=multi-user.target
+</pre>
+
+Second, `/etc/systemd/system/goodmorning.service`
+
+<pre>
+[Unit]
+Description=good morning
+RefuseManualStart=true
+RefuseManualStop=true
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemd-inhibit --what=handle-lid-switch --why=goodmorning /bin/su joey -c /home/joey/bin/goodmorning
+</pre>
+
+After installing these files, run (as root): `systemctl enable goodmorning.timer; systemctl start goodmorning.timer`
+
+Then, you'll also need to edit `/etc/systemd/logind.conf`, and
+set `LidSwitchIgnoreInhibited=no` -- this overrides the default, which
+is not to let systemd-inhibit block sleep on lid close.
+
+The WakeSystem=true relies on some hardware support for waking from sleep;
+my laptop supported it with no trouble but I don't know how broadly
+available that is.
+
+I don't think this would be anywhere near as easy to do without systemd,
+logind, etc. Especially the handling of waking the system at the right
+time, and the behavior around lid sleep inhibiting.
+
+(It would perhaps be better to use the per-user systemd, not the system wide
+one. Then I could change the time the alarm runs without using root.
+What's prevented me from doing this is that systemd-inhibit uses policykit,
+and policykit prevents it from being used in this situation. It's a lot
+easier to run it as root and use su, than it is to reconfigure policykit.)
+
+[[!meta title="a programmable alarm clock using systemd"]]

add news item for debhelper 9.20141022
diff --git a/code/debhelper/news/version_9.20140613.mdwn b/code/debhelper/news/version_9.20140613.mdwn
deleted file mode 100644
index 1b3eae3..0000000
--- a/code/debhelper/news/version_9.20140613.mdwn
+++ /dev/null
@@ -1,6 +0,0 @@
-debhelper 9.20140613 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Pass --disable-silent-rules in dh\_auto\_configure if DH\_VERBOSE is set.
-     Closes: #[751207](http://bugs.debian.org/751207). Thanks, Helmut Grohne.
-   * Minor typos. Closes: #[741144](http://bugs.debian.org/741144), #[744176](http://bugs.debian.org/744176)
-   * dh\_installinit: Fix uninitialized value warning when --name is used."""]]
\ No newline at end of file
diff --git a/code/debhelper/news/version_9.20141022.mdwn b/code/debhelper/news/version_9.20141022.mdwn
new file mode 100644
index 0000000..8efa2eb
--- /dev/null
+++ b/code/debhelper/news/version_9.20141022.mdwn
@@ -0,0 +1,4 @@
+debhelper 9.20141022 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * dh\_installdeb: Sort conffile list so there is a stable order for
+     reproducible builds. Closes: #[766384](http://bugs.debian.org/766384) Thanks, Jérémy Bobbio."""]]
\ No newline at end of file

add news item for etckeeper 1.15
diff --git a/code/etckeeper/news/version_1.10.mdwn b/code/etckeeper/news/version_1.10.mdwn
deleted file mode 100644
index 11ef907..0000000
--- a/code/etckeeper/news/version_1.10.mdwn
+++ /dev/null
@@ -1,6 +0,0 @@
-etckeeper 1.10 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Remove lvm/backup from default ignores, because lvm
-     documentation recommends backing that up, for use by
-     vgcfgrestore.
-   * Fix exporting of some git variables. Closes: #[728583](http://bugs.debian.org/728583)"""]]
\ No newline at end of file
diff --git a/code/etckeeper/news/version_1.15.mdwn b/code/etckeeper/news/version_1.15.mdwn
new file mode 100644
index 0000000..4934b76
--- /dev/null
+++ b/code/etckeeper/news/version_1.15.mdwn
@@ -0,0 +1,4 @@
+etckeeper 1.15 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Recommend cron-daemon, rather than cron, as etckeeper only needs
+     cron.daily functionality. Closes: #[762721](http://bugs.debian.org/762721)"""]]
\ No newline at end of file

add news item for debhelper 9.20141010
diff --git a/code/debhelper/news/version_9.20140228.mdwn b/code/debhelper/news/version_9.20140228.mdwn
deleted file mode 100644
index aa2ba79..0000000
--- a/code/debhelper/news/version_9.20140228.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-debhelper 9.20140228 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Fix breakage in no-act mode introduced in last release."""]]
\ No newline at end of file
diff --git a/code/debhelper/news/version_9.20141010.mdwn b/code/debhelper/news/version_9.20141010.mdwn
new file mode 100644
index 0000000..9c6dedc
--- /dev/null
+++ b/code/debhelper/news/version_9.20141010.mdwn
@@ -0,0 +1,11 @@
+debhelper 9.20141010 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * [ Johannes Schauer ]
+   * Depend on libdpkg-perl (&gt;= 1.17.14) for build profiles support. Note to
+     backporters: If you remove that dependency, debhelper will throw an error
+     when a binary package stanza in debian/control has the Build-Profiles
+     field.
+   * Use libdpkg-perl functionality to parse the content of the Build-Profiles
+     field, if there is one. In that case, use libdpkg-perl to evaluate whether
+     the binary package should be built or not.
+     Closes: #[763766](http://bugs.debian.org/763766)"""]]
\ No newline at end of file

switch to hack feed for https feed that has expired cert
diff --git a/grep.mdwn b/grep.mdwn
index 8763807..f13c25e 100644
--- a/grep.mdwn
+++ b/grep.mdwn
@@ -8,6 +8,6 @@ on the net.
 List of feeds:
 
 * [[!aggregate expirecount=25 name="music" feedurl="http://libre.fm/rdf.php?fmt=rss&page=%2Fuser%2Fjoeyhess%2Frecent-tracks" url="http://libre.fm/user/joeyhess"]]
-* [[!aggregate expirecount=25 name="identi.ca posts" feedurl="https://pump2rss.com/feed/joeyh@identi.ca.atom" url="http://identi.ca/joeyh"]]
+* [[!aggregate expirecount=25 name="identi.ca posts" feedurl="http://tmp.kitenet.net/pump.atom" url="http://identi.ca/joeyh"]]
 * [[!aggregate expirecount=25 name="twitter grep" feedurl="http://tmp.kitenet.net/twittergrep.rss" url="https://twitter.com/search/realtime?q=olduse+OR+git-annex+OR+debhelper+OR+etckeeper+OR+ikiwiki+-ashley_ikiwiki"]]
 * [[!aggregate expirecount=25 name="books" feedurl="http://www.goodreads.com/review/list_rss/2159448?key=afd7e8432b3f9e33edab442a7c94e95849af4527&shelf=currently-reading" url="http://www.goodreads.com/user/show/2159448"]]

add news item for debhelper 9.20141003
diff --git a/code/debhelper/news/version_9.20140227.mdwn b/code/debhelper/news/version_9.20140227.mdwn
deleted file mode 100644
index 4b5431d..0000000
--- a/code/debhelper/news/version_9.20140227.mdwn
+++ /dev/null
@@ -1,20 +0,0 @@
-debhelper 9.20140227 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * dh\_compress: Avoid compressing .map files, which may be html
-     usemaps. Closes: #[704443](http://bugs.debian.org/704443)
-   * dh\_installdocs: When doc dirs are symlinked make the dependency
-     versioned per policy. Closes: #[676777](http://bugs.debian.org/676777)
-   * dh\_makeshlibs: Defer propigating dpkg-gensymbols error until
-     all packages have been processed. Closes: #[736640](http://bugs.debian.org/736640)
-   * dh: Reject unknown parameters that are not dashed command-line
-     parameters intended to be passed on to debhelper commands.
-     Closes: #[737635](http://bugs.debian.org/737635)
-   * perl\_build: Use realclean instead of distclean. Closes: #[737662](http://bugs.debian.org/737662)
-   * Initial implementation of support for Build-Profiles fields.
-     Thanks, Daniel Schepler.
-   * dh\_gencontrol: Revert change made in version 4.0.13 that avoided
-     passing -p to dpkg-gencontrol when only operating on one package.
-     There seems to be no benefit to doing that, and it breaks when using
-     Build-Profiles, since while debhelper may know a profile only allows
-     for one package, dpkg-gencontrol may see other packages in the
-     control file."""]]
\ No newline at end of file
diff --git a/code/debhelper/news/version_9.20141003.mdwn b/code/debhelper/news/version_9.20141003.mdwn
new file mode 100644
index 0000000..f5b8bd3
--- /dev/null
+++ b/code/debhelper/news/version_9.20141003.mdwn
@@ -0,0 +1,4 @@
+debhelper 9.20141003 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * dh\_clean: Skip over .git, .svn, .bzr, .hg, and CVS directories
+     and avoid cleaning their contents. Closes: #[760033](http://bugs.debian.org/760033)"""]]
\ No newline at end of file

Added a comment: nice
diff --git a/blog/entry/propellor_is_d-i_2.0/comment_4_039c3a5147cf32bf8b1af523da5bb757._comment b/blog/entry/propellor_is_d-i_2.0/comment_4_039c3a5147cf32bf8b1af523da5bb757._comment
new file mode 100644
index 0000000..c47522e
--- /dev/null
+++ b/blog/entry/propellor_is_d-i_2.0/comment_4_039c3a5147cf32bf8b1af523da5bb757._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="wires"
+ ip="82.161.183.192"
+ subject="nice"
+ date="2014-09-27T10:01:13Z"
+ content="""
+Nice and simple solution again! would love to see this developed further. Also wondering if it is useful to combine this with (parts of) [nix](https://nixos.org/nix/)... 
+"""]]

Added a comment: nice
diff --git a/blog/entry/propellor_is_d-i_2.0/comment_3_1cb9726c4ee5f649025d252f140add3f._comment b/blog/entry/propellor_is_d-i_2.0/comment_3_1cb9726c4ee5f649025d252f140add3f._comment
new file mode 100644
index 0000000..ab804f0
--- /dev/null
+++ b/blog/entry/propellor_is_d-i_2.0/comment_3_1cb9726c4ee5f649025d252f140add3f._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="wires"
+ ip="82.161.183.192"
+ subject="nice"
+ date="2014-09-27T10:00:46Z"
+ content="""
+Nice and simple solution again! would love to see this developed further. Also wondering if it is useful to combine this with (parts of) [nix](https://nixos.org/nix/)... 
+"""]]

update
diff --git a/boxen/diatom.mdwn b/boxen/diatom.mdwn
index 8c6bb7d..d158156 100644
--- a/boxen/diatom.mdwn
+++ b/boxen/diatom.mdwn
@@ -1 +1 @@
-In digital ocean.
+In digital ocean. Stable server.

update
diff --git a/boxen/wren.mdwn b/boxen/wren.mdwn
index 8fbd16d..fed5fc0 100644
--- a/boxen/wren.mdwn
+++ b/boxen/wren.mdwn
@@ -1,26 +1,2 @@
-Wren serves [kitenet.net](http://kitenet.net/) and associated domains, and is
-my main server. However, it's EOL.
-
-Wren is a KVM instance hosted by Steve Kemp at
-[kvm-hosting.org](http://www.xen-hosting.org/), in the UK.
-For a KVM instance, it's fairly large, with 50 gb of disk and 1 gb ram.
-
-## Notes
-
-IPs:
-
-* 80.68.85.49
-* 80.68.85.50 (unused)
-* 80.68.85.51 (unused)
-
-console:
-
-	ssh joey@joey.console.kvm-hosting.net (uses special key)
-
-sibling xen instances:
-
-* [80.68.85.34](http://80.68.85.34)
-* [80.68.85.37](http://80.68.85.37)
-* [80.68.85.40](http://80.68.85.40)
-* [80.68.85.43](http://80.68.85.43)
-* [80.68.85.46](http://80.68.85.46)
+Wren served [kitenet.net](http://kitenet.net/) and associated domains, and was
+my main server. Now retired.

update
diff --git a/links/personal.mdwn b/links/personal.mdwn
index 1c66d9d..bef4558 100644
--- a/links/personal.mdwn
+++ b/links/personal.mdwn
@@ -4,6 +4,3 @@
 [[pics]]  
 [[contact_me|contact]]  
 [[todo]]
-
-Funded in 2014 via  
-[campaign.joeyh.name](https://campaign.joeyh.name/)!

add propellor demo
diff --git a/talks.mdwn b/talks.mdwn
index 23833d3..5309da9 100644
--- a/talks.mdwn
+++ b/talks.mdwn
@@ -89,3 +89,5 @@ by others.
  * "Debian Through a Functional Lens"
     - [[slidish things|debconf-14-debian-through-a-functional-lens]]
     - [video](http://meetings-archive.debian.net/pub/debian-meetings/2014/debconf14/webm/seeing_Debian_through_a_Functional_lens.webm)
+ * "Propellor demo"
+    - [video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm)

add video link
diff --git a/boxen.mdwn b/boxen.mdwn
index 69bc61f..14ab7fd 100644
--- a/boxen.mdwn
+++ b/boxen.mdwn
@@ -32,10 +32,10 @@ Mostly birds.
 * [[dodo]] {*}
 * ostrich
 * [[stork]]
-* [[wren]] {*}
+* [[wren]]
 * bluebird
-* [[hydra]] {*}
-* [[box]] {*}
+* [[hydra]]
+* [[box]]
 * [[finch]]
 * [[pell]] {*}
 * orca
diff --git a/talks.mdwn b/talks.mdwn
index 2387357..23833d3 100644
--- a/talks.mdwn
+++ b/talks.mdwn
@@ -88,3 +88,4 @@ by others.
 
  * "Debian Through a Functional Lens"
     - [[slidish things|debconf-14-debian-through-a-functional-lens]]
+    - [video](http://meetings-archive.debian.net/pub/debian-meetings/2014/debconf14/webm/seeing_Debian_through_a_Functional_lens.webm)

Added a comment: What lenovo model do you use ?
diff --git a/blog/entry/laptop_death/comment_1_02b9da5e7ea80a1b39aeb01accd91aac._comment b/blog/entry/laptop_death/comment_1_02b9da5e7ea80a1b39aeb01accd91aac._comment
new file mode 100644
index 0000000..ffc315a
--- /dev/null
+++ b/blog/entry/laptop_death/comment_1_02b9da5e7ea80a1b39aeb01accd91aac._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="beaufils"
+ ip="109.190.78.125"
+ subject="What lenovo model do you use ?"
+ date="2014-09-13T20:58:12Z"
+ content="""
+I am on a process to change my laptop and it would be helpful to know what laptop debian guys are using and/or recommanding.
+"""]]

Added a comment: Good idea.
diff --git a/blog/entry/propellor_is_d-i_2.0/comment_2_f174ec3b06b9031a3bdedc49aed3d4f9._comment b/blog/entry/propellor_is_d-i_2.0/comment_2_f174ec3b06b9031a3bdedc49aed3d4f9._comment
new file mode 100644
index 0000000..532c91e
--- /dev/null
+++ b/blog/entry/propellor_is_d-i_2.0/comment_2_f174ec3b06b9031a3bdedc49aed3d4f9._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="DaveA"
+ ip="67.41.199.133"
+ subject="Good idea."
+ date="2014-09-09T19:07:55Z"
+ content="""
+I think this is a good idea.  I've thought for a long time that I should start using a configurator (puppet, propellor, something) to manage my personal machines.  Well, I haven't had to do a fresh install and the learning curve has been too high for the time available.
+
+But if the system comes with propellor control out of the box that would make it easy to continue down that path.  I'd just have to learn how to manage with propellor rather than the manual tools.
+
+Thanks!
+Dave
+"""]]

add news item for filters 2.52
diff --git a/code/filters/news/version_2.45.mdwn b/code/filters/news/version_2.45.mdwn
deleted file mode 100644
index 25bf691..0000000
--- a/code/filters/news/version_2.45.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-filters 2.45 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Use debhelper v7; rules file minimisation to 3 lines."""]]
\ No newline at end of file
diff --git a/code/filters/news/version_2.52.mdwn b/code/filters/news/version_2.52.mdwn
new file mode 100644
index 0000000..828febd
--- /dev/null
+++ b/code/filters/news/version_2.52.mdwn
@@ -0,0 +1,4 @@
+filters 2.52 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Rename lolcat to LOLCAT to avoid collision with a fine rainbow colored cat.
+     Closes: #[760910](http://bugs.debian.org/760910)"""]]
\ No newline at end of file

Added a comment: Screenshots?
diff --git a/blog/entry/propellor_is_d-i_2.0/comment_1_6f9e6aca67ebfe24df5777d939849ab9._comment b/blog/entry/propellor_is_d-i_2.0/comment_1_6f9e6aca67ebfe24df5777d939849ab9._comment
new file mode 100644
index 0000000..a78ee4c
--- /dev/null
+++ b/blog/entry/propellor_is_d-i_2.0/comment_1_6f9e6aca67ebfe24df5777d939849ab9._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="foobar"
+ ip="178.3.119.122"
+ subject="Screenshots?"
+ date="2014-09-08T15:58:20Z"
+ content="""
+Hi Joey,
+
+please show screenshots.
+
+Greetings,
+foobar
+"""]]

oh yeah and
diff --git a/blog/entry/propellor_is_d-i_2.0.mdwn b/blog/entry/propellor_is_d-i_2.0.mdwn
index e76de6b..9e9f090 100644
--- a/blog/entry/propellor_is_d-i_2.0.mdwn
+++ b/blog/entry/propellor_is_d-i_2.0.mdwn
@@ -58,6 +58,9 @@ main = Installer.main
 	& User.loginStarts "propellor --installer"
 """]]
 
+* Propellor has a nice display of what it's doing so there is **no freaking
+  progress bar**.
+
 Well, now I know where propellor might end up if I felt like spending a month
 and adding a few thousand lines of code to it.
 

typo
diff --git a/blog/entry/propellor_is_d-i_2.0.mdwn b/blog/entry/propellor_is_d-i_2.0.mdwn
index dc388a7..e76de6b 100644
--- a/blog/entry/propellor_is_d-i_2.0.mdwn
+++ b/blog/entry/propellor_is_d-i_2.0.mdwn
@@ -36,7 +36,7 @@ main :: IO
 main = Installer.main
 	& Installer.partition First "/boot" Ext3 (MiB 256)
 	& Installer.partition Next "/" Ext4 (GiB 5)
-	& Installer.partition Next "/" Ext4 FreeSpace
+	& Installer.partition Next "/home" Ext4 FreeSpace
 	& Installer.grubBoots "hd0"
 	& os (System (Debian Stable) "amd64")
 	& Apt.stdSourcesList

typoen
diff --git a/blog/entry/propellor_is_d-i_2.0.mdwn b/blog/entry/propellor_is_d-i_2.0.mdwn
index b3f2ba5..dc388a7 100644
--- a/blog/entry/propellor_is_d-i_2.0.mdwn
+++ b/blog/entry/propellor_is_d-i_2.0.mdwn
@@ -15,7 +15,7 @@ I'm as suprised as you are, but consider this design:
 
 * Really, no other questions. Not even user name/password! The installed system
   will only allow login via the same method that was used to install it.
-  So an locally installed system will accept console/X login with no
+  So a locally installed system will accept console/X login with no
   password and then a forced password change. Or a system installed via
   ssh will only allow login using the same ssh key that was used to install it.
 
@@ -28,7 +28,7 @@ I'm as suprised as you are, but consider this design:
 
 * Users who want to configure installation in any way write down
   properties of system using a simple propellor config file. I suppose
-  some people still use more than one partion or gnome or some such
+  some people still use more than one partiton or gnome or some such
   customization, so they'd use:
 
 [[!format haskell """

layout
diff --git a/blog/entry/propellor_is_d-i_2.0.mdwn b/blog/entry/propellor_is_d-i_2.0.mdwn
index 22b166c..b3f2ba5 100644
--- a/blog/entry/propellor_is_d-i_2.0.mdwn
+++ b/blog/entry/propellor_is_d-i_2.0.mdwn
@@ -7,7 +7,7 @@ I'm as suprised as you are, but consider this design:
   [[code/propellor]] + web browser.
 
 * Entire installation UI consists of a web-based (and entirely pictographic
-  + prompt based, so does not need to be translated) selection of the
+  and prompt based, so does not need to be translated) selection of the
   installation target.
 
 * Installation target can be local disk, remote system via ssh

blog update
diff --git a/blog/entry/propellor_is_d-i_2.0.mdwn b/blog/entry/propellor_is_d-i_2.0.mdwn
new file mode 100644
index 0000000..22b166c
--- /dev/null
+++ b/blog/entry/propellor_is_d-i_2.0.mdwn
@@ -0,0 +1,64 @@
+I think I've been writing the second system to replace d-i with in my
+spare time for a couple months, and never noticed.
+
+I'm as suprised as you are, but consider this design:
+
+* Installation system consists of debian live + haskell + 
+  [[code/propellor]] + web browser.
+
+* Entire installation UI consists of a web-based (and entirely pictographic
+  + prompt based, so does not need to be translated) selection of the
+  installation target.
+
+* Installation target can be local disk, remote system via ssh
+  (wiping out crufty hacked-up pre-installed debian), local VM, live ISO, etc.
+
+* Really, no other questions. Not even user name/password! The installed system
+  will only allow login via the same method that was used to install it.
+  So an locally installed system will accept console/X login with no
+  password and then a forced password change. Or a system installed via
+  ssh will only allow login using the same ssh key that was used to install it.
+
+* The entire installation process consists of a disk format, followed by
+  debootstrap, followed by running propellor in the target system.
+  This also means that the installed system includes a propellor config file
+  which now describes the properties of the system as installed (so can be
+  edited to tweak the installation, or reused as starting point for next
+  installation).
+
+* Users who want to configure installation in any way write down
+  properties of system using a simple propellor config file. I suppose
+  some people still use more than one partion or gnome or some such
+  customization, so they'd use:
+
+[[!format haskell """
+main :: IO
+main = Installer.main
+	& Installer.partition First "/boot" Ext3 (MiB 256)
+	& Installer.partition Next "/" Ext4 (GiB 5)
+	& Installer.partition Next "/" Ext4 FreeSpace
+	& Installer.grubBoots "hd0"
+	& os (System (Debian Stable) "amd64")
+	& Apt.stdSourcesList
+	& Apt.installed ["task-gnome-desktop"]
+"""]]
+
+* The installation system is itself built using propellor.
+  A free feature given the above design, so basically all it will take to
+  build an installation iso is this code:
+
+[[!format haskell """
+main :: IO
+main = Installer.main
+	& Installer.target CdImage "installer.iso"
+	& os (System (Debian Stable) "amd64")
+	& Apt.stdSourcesList
+	& Apt.installed ["task-xfce-desktop", "ghc", "propellor"]
+	& User.autoLogin "root"
+	& User.loginStarts "propellor --installer"
+"""]]
+
+Well, now I know where propellor might end up if I felt like spending a month
+and adding a few thousand lines of code to it.
+
+[[!meta title="propellor is d-i 2.0"]]

add news item for etckeeper 1.14
diff --git a/code/etckeeper/news/version_1.14.mdwn b/code/etckeeper/news/version_1.14.mdwn
new file mode 100644
index 0000000..e5789d3
--- /dev/null
+++ b/code/etckeeper/news/version_1.14.mdwn
@@ -0,0 +1,9 @@
+etckeeper 1.14 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Handle failure to commit in post-install, pre-install by showing a
+     warning, rather than propigating the error to apt.
+     This avoids breaking the apt run when eg, git is misconfigured and
+     cannot commit.
+     pre-install already did this when it was able to use debconf to display a
+     message, but now debconf is not used, and it always behaves this way.
+     Closes: #[760011](http://bugs.debian.org/760011)"""]]
\ No newline at end of file
diff --git a/code/etckeeper/news/version_1.9.mdwn b/code/etckeeper/news/version_1.9.mdwn
deleted file mode 100644
index 800a8d5..0000000
--- a/code/etckeeper/news/version_1.9.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-etckeeper 1.9 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Fix git update-ignore syntax. Closes: #[721873](http://bugs.debian.org/721873)"""]]
\ No newline at end of file

add news item for github-backup 1.20140831
diff --git a/code/github-backup/news/version_1.20140704.mdwn b/code/github-backup/news/version_1.20140704.mdwn
deleted file mode 100644
index f645de0..0000000
--- a/code/github-backup/news/version_1.20140704.mdwn
+++ /dev/null
@@ -1,6 +0,0 @@
-github-backup 1.20140704 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Avoid making signed commits when committing to the github-backup branch
-     and the user has commit.gpgsign=true.
-     Closes: #[753720](http://bugs.debian.org/753720)
-   * Various updates to internal git and utility libraries shared with git-annex."""]]
\ No newline at end of file
diff --git a/code/github-backup/news/version_1.20140831.mdwn b/code/github-backup/news/version_1.20140831.mdwn
new file mode 100644
index 0000000..9833a15
--- /dev/null
+++ b/code/github-backup/news/version_1.20140831.mdwn
@@ -0,0 +1,3 @@
+github-backup 1.20140831 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Fix build with github 0.10."""]]
\ No newline at end of file

add news item for filters 2.50
diff --git a/code/filters/news/version_2.44.mdwn b/code/filters/news/version_2.44.mdwn
deleted file mode 100644
index ec23268..0000000
--- a/code/filters/news/version_2.44.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-filters 2.44 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Work around dpkg bug #476138. Closes: #[475979](http://bugs.debian.org/475979)
-   * Use CC consistently."""]]
\ No newline at end of file
diff --git a/code/filters/news/version_2.50.mdwn b/code/filters/news/version_2.50.mdwn
new file mode 100644
index 0000000..72a778b
--- /dev/null
+++ b/code/filters/news/version_2.50.mdwn
@@ -0,0 +1,4 @@
+filters 2.50 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Reorganize some code to support building with clang.
+     Closes: #[758450](http://bugs.debian.org/758450) Thanks, Alexander."""]]
\ No newline at end of file

add news item for alien 8.92
diff --git a/code/alien/news/version_8.86.mdwn b/code/alien/news/version_8.86.mdwn
deleted file mode 100644
index b366085..0000000
--- a/code/alien/news/version_8.86.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-alien 8.86 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Filter out illegal characters in version number when building a deb.
-     Closes: #[648531](http://bugs.debian.org/648531)"""]]
\ No newline at end of file
diff --git a/code/alien/news/version_8.92.mdwn b/code/alien/news/version_8.92.mdwn
new file mode 100644
index 0000000..fc8a3c1
--- /dev/null
+++ b/code/alien/news/version_8.92.mdwn
@@ -0,0 +1,4 @@
+alien 8.92 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Remove suggests for lsb-rpm, which no longer exists.
+     Closes: #[756873](http://bugs.debian.org/756873)"""]]
\ No newline at end of file

final
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 9bdec13..3993291 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -171,8 +171,6 @@ comparing debian/control types
 			result not based on /etc/lsb_release or phase of the moon
 		X language lock-in
 			but language lock-in has not been a problem for debian/rules ...
-    
-	... convincing or not, it's worth thinking about!
 
 nixos exploration
 	filesystem layout

update
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index fa6645b..9bdec13 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -95,7 +95,7 @@ a motivating example (haskell-dav)
 		Debian Haskell Group maintains 844+ of these
 		Debian perl Group: 3327+!
 		... that's 20% of the source packages in Debian
-		... and there are probably more
+		... and there are more
 
 nixos equivalent
 	;	# This file was auto-generated by cabal2nix. Please do NOT edit manually!
@@ -153,7 +153,7 @@ comparing debian/control types
 		♥ simple
 		X redundant boilerplate
 		X inflexible
-	control :: IO Control                 -- executable control file
+	control :: IO Control                 -- executable control file         
 		♥ avoids boilerplate
 		♥ no language lock-in
 		X cannot extract Control data w/o running arbitrary code
@@ -164,7 +164,7 @@ comparing debian/control types
 		♥ avoids boilerplate
 		♥ no language lock-in
 		X "this file was auto-generated. Please do NOT edit manually"
-	control :: UpstreamSource -> Control  -- control file as functional code
+	control :: UpstreamSource -> Control  -- control file as functional code 
 		♥ avoids boilerplate
 		♥ purely functional safety
 			control file generates same output given same inputs
@@ -174,7 +174,7 @@ comparing debian/control types
     
 	... convincing or not, it's worth thinking about!
 
-nixos demo
+nixos exploration
 	filesystem layout
 		ldd $(which bash)
 		which bash
@@ -220,6 +220,10 @@ a progression: IO to declarative to FP
 		manual                  -- IO
 		debhelper autoscripts   -- sorta declarative, still lots of IO
 		triggers                -- some declarative, some IO
+		... FP?
+			talked with Russ yesterday about eliminating
+			more maintainer scripts, he suggested an EDSL
+			to simplify debconf config scripts
 	config files
 		just a static file      -- declarative (mostly)
 		debconf generated file  -- IO (oops!)
@@ -227,7 +231,7 @@ a progression: IO to declarative to FP
 	debian/copyright  (a bit of a stretch)
 		prose
 			"This package was downloaded in 1997 from sunsite
-			and it is licensed under the GPL by copyright holder ESR."
+			and it is GPL licensed by ESR."
 		structured
 			Copyright: 2009-2013 J. Random Hacker
 			License: GPL-3+
@@ -237,5 +241,5 @@ a progression: IO to declarative to FP
 	OS configuration
 		apt-get install         -- IO
 		puppet/etc				-- declarative-ish + IO
-		docker					-- declarative (dockerfile) / static (hash)
+		docker					-- declarative-ish (dockerfile)
 		nixos					-- FP

Added a comment: Why another dot directory?
diff --git a/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo/comment_1_15a277f48a6ec2c3851978bfd4154250._comment b/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo/comment_1_15a277f48a6ec2c3851978bfd4154250._comment
new file mode 100644
index 0000000..d5b14be
--- /dev/null
+++ b/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo/comment_1_15a277f48a6ec2c3851978bfd4154250._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="mirabilos"
+ ip="2a01:238:4200:4342:321e:80ff:fe12:4223"
+ subject="Why another dot directory?"
+ date="2014-08-26T15:46:08Z"
+ content="""
+This seems to be the trend, polluting the home directory more and more. Why can't propellor use the XDG basedir specification to have a sensible root directory for its configs?
+"""]]

typo
diff --git a/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo.mdwn b/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo.mdwn
index ceeab3f..c5b739e 100644
--- a/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo.mdwn
+++ b/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo.mdwn
@@ -73,6 +73,6 @@ It would perhaps not be hard to get from here to a full git-backed version of
 ucf. Note that the Debian binary package doesn't *have* to ship a git
 repisitory, it can just as easily ship the current version of the config files
 somewhere in /usr, and check them into a new empty repository as part of the
-generation of the upsteam/master branch.
+generation of the upstream/master branch.
 
 [[!meta title="using a debian package as the remote for a local config repo"]]

blog update
diff --git a/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo.mdwn b/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo.mdwn
new file mode 100644
index 0000000..ceeab3f
--- /dev/null
+++ b/blog/entry/using_a_debian_package_as_the_remote_for_a_local_config_repo.mdwn
@@ -0,0 +1,78 @@
+Today I did something interesting with the Debian packaging for
+[[code/propellor]], which seems like it could
+be a useful technique for other Debian packages as well.
+
+Propellor is configured by a directory, which is maintained as a local git
+repository. In propellor's case, it's `~/.propellor/`. This contains a lot
+of haskell files, in fact the entire source code of propellor! That's
+really unusual, but I think this can be generalized to any package whose
+configuration is maintained in its own git repository on the user's
+system. For now on, I'll refer to this as the config repo.
+
+The config repo is set up the first time a user runs
+propellor. But, until now, I didn't provide an easy way to update
+the config repo when the propellor package was updated. Nothing would
+break, but the old version would be used until the user updated it
+themselves somehow (probably by pulling from a git repository over the
+network, bypassing apt's signature validation).
+
+So, what I wanted was a way to update the config repo, merging in any
+changes from the new version of the Debian package, while preserving the
+user's local modifications. Ideally, the user could just run `git merge
+upstream/master`, where the upstream repo was included in the
+Debian package.
+
+But, that can't work! The Debian package can't reasonably include the
+full git repository of propellor with all its history. So, any git repository
+included in the Debian binary package would need to be a synthetic one, that
+only contains probably one commit that is not connected to anything else. Which
+means that if the config repo was cloned from that repo in version 1.0, then
+when version 1.1 came around, git would see no common parent when merging 1.1
+into the config repo, and the merge would fail horribly.
+
+To solve this, let's assume that the config repo's master branch has
+a parent commit that can be identified, somehow, as coming from a past
+version of the Debian package. It doesn't matter which version, although
+the last one merged with will be best. (The easy way to do this is to set
+`refs/heads/upstream/master` to point to it when creating the config repo.)
+
+Once we have that parent commit, we have three things:
+
+1. The current content of the config repo.
+2. The content from some old version of the Debian package.
+3. The new content of the Debian package.
+
+Now git can be used to merge #3 onto #2, with -Xtheirs, so the result
+is a git commit with parents of #3 and #2, and content of #3. (This can be
+done using a temporary clone of the config repo to avoid touching its contents.)
+
+Such a git commit can be merged into the config repo, without any conflicts
+other than those the user might have caused with their own edits.
+
+So, propellor will tell the user when updates are available, and they can 
+simply run `git merge upstream/master` to get them. The resulting history
+looks like this:
+
+<pre>
+* Merge remote-tracking branch 'upstream/master'
+|\  
+| * merging upstream version
+| |\  
+| | * upstream version
+* | user change
+|/  
+* upstream version
+</pre>
+
+So, generalizing this, if a package has a lot of config files, and 
+creates a git repository containing them when the user uses it
+(or automatically when it's installed), this method can be used to provide
+an easily mergable branch that tracks the files as distributed with the package.
+
+It would perhaps not be hard to get from here to a full git-backed version of
+ucf. Note that the Debian binary package doesn't *have* to ship a git
+repisitory, it can just as easily ship the current version of the config files
+somewhere in /usr, and check them into a new empty repository as part of the
+generation of the upsteam/master branch.
+
+[[!meta title="using a debian package as the remote for a local config repo"]]

add news item for debhelper 9.20140817
diff --git a/code/debhelper/news/version_9.20131227.mdwn b/code/debhelper/news/version_9.20131227.mdwn
deleted file mode 100644
index 517e9ea..0000000
--- a/code/debhelper/news/version_9.20131227.mdwn
+++ /dev/null
@@ -1,7 +0,0 @@
-debhelper 9.20131227 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Guillem Jover ]
-   * dh\_shlibdeps: Use new dpkg-shlibdeps -l option instead of LD\_LIBRARY\_PATH
-     Closes: #[717505](http://bugs.debian.org/717505)
-   * Depend on dpkg-dev (&gt;= 1.17.0), the version that introduced
-     dpkg-shlibdeps -l option."""]]
\ No newline at end of file
diff --git a/code/debhelper/news/version_9.20140817.mdwn b/code/debhelper/news/version_9.20140817.mdwn
new file mode 100644
index 0000000..c3b7589
--- /dev/null
+++ b/code/debhelper/news/version_9.20140817.mdwn
@@ -0,0 +1,6 @@
+debhelper 9.20140817 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Added Portuguese translation of the man pages, by Américo Monteiro.
+     Closes: #[758043](http://bugs.debian.org/758043)
+   * Updated German translation from Chris Leick.
+     Closes: #[735610](http://bugs.debian.org/735610)"""]]
\ No newline at end of file
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 1c64a13..fa6645b 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -156,29 +156,22 @@ comparing debian/control types
 	control :: IO Control                 -- executable control file
 		♥ avoids boilerplate
 		♥ no language lock-in
-		♥ supports package-specific code
 		X cannot extract Control data w/o running arbitrary code
 			seems to completely rule this out!
 	gencontrol :: IO ControlFie           -- pre-generate control file       
 		♥ already available
 			see "debdry - Debian Don't Repeat Yourself"
 		♥ avoids boilerplate
-		X cannot include package-specific code
 		♥ no language lock-in
 		X "this file was auto-generated. Please do NOT edit manually"
 	control :: UpstreamSource -> Control  -- control file as functional code
 		♥ avoids boilerplate
-		♥ supports package-specific code
 		♥ purely functional safety
 			control file generates same output given same inputs
 			result not based on /etc/lsb_release or phase of the moon
 		X language lock-in
 			but language lock-in has not been a problem for debian/rules ...
     
-	why package-specific code?
-		* extract Description or Depends from info in the Source
-		* generate different Packages for different OS builds (ex: emdebian)
-
 	... convincing or not, it's worth thinking about!
 
 nixos demo

update
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 879f2f8..1c64a13 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -125,7 +125,7 @@ nixos equivalent
 	;	})
 	... not exactly ideal, but a lot better
 
-dh-control dream equivalent (take 1)
+debian/control dream equivalent (take 1)
 	;	{ haskell_libraries }
 	;	Section: web
 	;	Standards-Version: 3.9.5
@@ -136,7 +136,7 @@ dh-control dream equivalent (take 1)
 	;	  hdav currently only supports copying a file and associated WebDAV
 	;	  properties from one URL to another.
 
-dh-control dream equivalent (take 2)
+debian/control dream equivalent (take 2)
 	;	-- valid haskell code this time
 	;	source = haskell_source 
 	;		& section Web
@@ -148,84 +148,38 @@ dh-control dream equivalent (take 2)
 	;			, "properties from one URL to another."
 	;			]
 
-dreaming in types
-	Digression: Understanding simple Haskell type signatures
-		func :: Type      -- indicates the type of a function
-		Foo -> Bar        -- a function from type Foo to type Bar
-		Foo -> Bar -> Baz -- a function from a Foo and a Bar to a Baz
-		(Foo, Bar)        -- tuple
-		Set Foo           -- a set of Foo
-		Foo -> IO x       -- a function that take a foo
-		                  -- and returns an IO action of type x
-		.. if I went any further I'd get monad tomatoes tossed at me
-	
-	Current
-	; control :: ControlFile
-	; rules :: ControlFile -> DebianFiles -> UpstreamSource 
-	;          -> IO (SourcePkg, Set DebPkg)
-    
-	Pure functional version
-	; rules :: Control     -> DebianFiles -> UpstreamSource
-	;          -> IO (SourcePkg, Set DebPkg)
-	; data Control = Control CommonControl (Set PackageControl)
-	; control :: UpstreamSource -> Control
-    
-	Which type is better?
+comparing debian/control types
 	control :: ControlFile                -- current                         
 		♥ simple
-		X redundant / boilerplate
+		X redundant boilerplate
 		X inflexible
-	gencontrol :: IO ControlFIe           -- pre-generate control file       
+	control :: IO Control                 -- executable control file
+		♥ avoids boilerplate
+		♥ no language lock-in
+		♥ supports package-specific code
+		X cannot extract Control data w/o running arbitrary code
+			seems to completely rule this out!
+	gencontrol :: IO ControlFie           -- pre-generate control file       
 		♥ already available
 			see "debdry - Debian Don't Repeat Yourself"
-		♥ no boilerplate
+		♥ avoids boilerplate
+		X cannot include package-specific code
 		♥ no language lock-in
 		X "this file was auto-generated. Please do NOT edit manually"
 	control :: UpstreamSource -> Control  -- control file as functional code
-		♥ beautiful?
-		♥ maximum flexibility
-			can do arbitrarily complicated calculation
-			could generate different packages for different OS builds
+		♥ avoids boilerplate
+		♥ supports package-specific code
 		♥ purely functional safety
-			control file generates same outputs given same inputs
+			control file generates same output given same inputs
 			result not based on /etc/lsb_release or phase of the moon
-		♥ no boilerplate
-			can refactor out of control file into libraries
-		X language lock-in?
+		X language lock-in
+			but language lock-in has not been a problem for debian/rules ...
+    
+	why package-specific code?
+		* extract Description or Depends from info in the Source
+		* generate different Packages for different OS builds (ex: emdebian)
 
-a progression: IO to declarative to FP
-	debian/rules
-		manual                  -- IO                   (cp foo bar)
-		debhelper               -- IO, some declarative (debian/install etc)
-		dh                      -- declarative, some IO (override_dh_auto_*)
-		... FP?
-			many debhelper feature requests are now about the
-			limits of declarative configuration
-				"debian/install is too inflexible"
-	maintainer scripts
-		manual                  -- IO
-		debhelper autoscripts   -- sorta declarative, still lots of IO
-		triggers                -- some declarative, some IO
-	config files
-		just a static file      -- declarative (mostly)
-		debconf generated file  -- IO (oops!)
-		file.d					-- FP-ish (Set File -> File)
-	debian/copyright  (a bit of a stretch)
-		prose
-			"This package was downloaded in 1997 from sunsite
-			and it is licensed under the GPL by copyright holder ESR."
-		structured
-			Copyright: 2009-2013 J. Random Hacker
-			License: GPL-3+
-		almost programming
-			"License: $foo with $bar exception"	
-			"License: $X or $Y, and $Z"
-		(BTW, debian/changelog followed a similar path)
-	OS maintenance
-		apt-get install         -- IO
-		puppet/etc				-- declarative-ish
-		docker					-- declarative (dockerfile) / static (hash)
-		nixos					-- FP
+	... convincing or not, it's worth thinking about!
 
 nixos demo
 	filesystem layout
@@ -244,20 +198,51 @@ nixos demo
 		nix-env --rollback
 
 functional runtime
-	: We're seen how OS building/maintenance can move toward
-	: functional programming.
-	
-	: Corollary: The running OS is like the runtime of a functional program.
+	: Increasingly, the running OS is like the runtime
+	: of a functional program.
 	
 	immutable data
 		git commits
 		docker images
 		nix derivations
 	copy on write
-		git tree delta compression
+		git delta compression
 		docker aufs layers
 		nix generations
 	garbage collection
 		git gc
 		docker images -f dangling=true # or something like that
 		nix-env --delete-generations; nix-collect-garbage
+
+a progression: IO to declarative to FP
+	debian/rules
+		manual                  -- IO                   (cp foo bar)
+		debhelper               -- IO, some declarative (debian/install etc)
+		dh                      -- declarative, some IO (override_dh_auto_*)
+		... FP?
+			many debhelper feature requests are now about the
+			limits of declarative configuration
+				"debian/install is too inflexible"
+	maintainer scripts
+		manual                  -- IO
+		debhelper autoscripts   -- sorta declarative, still lots of IO
+		triggers                -- some declarative, some IO
+	config files
+		just a static file      -- declarative (mostly)
+		debconf generated file  -- IO (oops!)
+		file.d					-- FP-ish (Set File -> File)
+	debian/copyright  (a bit of a stretch)
+		prose
+			"This package was downloaded in 1997 from sunsite
+			and it is licensed under the GPL by copyright holder ESR."
+		structured
+			Copyright: 2009-2013 J. Random Hacker
+			License: GPL-3+
+		almost programming
+			"License: $foo with $bar exception"	
+			"License: $X or $Y, and $Z"
+	OS configuration
+		apt-get install         -- IO
+		puppet/etc				-- declarative-ish + IO
+		docker					-- declarative (dockerfile) / static (hash)
+		nixos					-- FP

update
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index f66e6a3..879f2f8 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -228,20 +228,20 @@ a progression: IO to declarative to FP
 		nixos					-- FP
 
 nixos demo
-	note hash at boot
-	vim /etc/nixos/configuration.nix
-	man configuration.nix
-	
-	ldd $(which bash)
-	which bash
-	# explore /run/current-system and /nix briefly
-	
-	nix-env --install git-annex
-	reboot, note hashes
-	nix-env --uninstall git-annex
-	nix-env --list-generations
-	
-	can install a package as non-root, updates ~/.nix
+	filesystem layout
+		ldd $(which bash)
+		which bash
+		find /usr
+		# explore /run/current-system and /nix briefly
+	declarative package management
+		man configuration.nix
+		vim /etc/nixos/configuration.nix, make some changes
+		nixos-rebuild switch
+	generation based package management
+		# as root or non-root (non-root updates ~/.nix)
+		nix-env --install git-annex
+		nix-env --list-generations
+		nix-env --rollback
 
 functional runtime
 	: We're seen how OS building/maintenance can move toward
@@ -260,4 +260,4 @@ functional runtime
 	garbage collection
 		git gc
 		docker images -f dangling=true # or something like that
-		nix-env --delete-generations
+		nix-env --delete-generations; nix-collect-garbage

improve
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index df9ad2f..f66e6a3 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -138,17 +138,15 @@ dh-control dream equivalent (take 1)
 
 dh-control dream equivalent (take 2)
 	;	-- valid haskell code this time
-	;	source = haskell_source
-	;		{ section = Web
-	;		, standardsVersion = 3.9.5
-	;		}
-	;	packages = haskell_libraries `also` (package "hdav")
-	;		{ depends = haskell_depends
-	;		, description = Desc "command-line WebDAV client"
+	;	source = haskell_source 
+	;		& section Web
+	;		& standardsversion 3.9.5
+	;	packages = haskell_libraries `also` package "hdav"
+	;		& depends haskell_depends
+	;		& description "command-line WebDAV client"
 	;			[ "hdav currently only supports copying a file and associated WebDAV"
 	;			, "properties from one URL to another."
 	;			]
-	;		}
 
 dreaming in types
 	Digression: Understanding simple Haskell type signatures

aspell
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 76b303a..df9ad2f 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -97,7 +97,7 @@ a motivating example (haskell-dav)
 		... that's 20% of the source packages in Debian
 		... and there are probably more
 
-nixos equivilant
+nixos equivalent
 	;	# This file was auto-generated by cabal2nix. Please do NOT edit manually!
 	;	{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
 	;	, httpTypes, lens, liftedBase, monadControl, mtl, network
@@ -125,7 +125,7 @@ nixos equivilant
 	;	})
 	... not exactly ideal, but a lot better
 
-dh-control dream equivilant (take 1)
+dh-control dream equivalent (take 1)
 	;	{ haskell_libraries }
 	;	Section: web
 	;	Standards-Version: 3.9.5
@@ -136,7 +136,7 @@ dh-control dream equivilant (take 1)
 	;	  hdav currently only supports copying a file and associated WebDAV
 	;	  properties from one URL to another.
 
-dh-control dream equivilant (take 2)
+dh-control dream equivalent (take 2)
 	;	-- valid haskell code this time
 	;	source = haskell_source
 	;		{ section = Web
@@ -185,7 +185,7 @@ dreaming in types
 		X "this file was auto-generated. Please do NOT edit manually"
 	control :: UpstreamSource -> Control  -- control file as functional code
 		♥ beautiful?
-		♥ maximum flexability
+		♥ maximum flexibility
 			can do arbitrarily complicated calculation
 			could generate different packages for different OS builds
 		♥ purely functional safety
@@ -249,7 +249,7 @@ functional runtime
 	: We're seen how OS building/maintenance can move toward
 	: functional programming.
 	
-	: Corrolary: The running OS is like the runtime of a functional program.
+	: Corollary: The running OS is like the runtime of a functional program.
 	
 	immutable data
 		git commits

update
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 538beea..76b303a 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -1,8 +1,8 @@
 Debian though a functional lens
 	Joey Hess, DebConf14
 	
-		: Using Nix's functional package management as inspiration,
-		: let's look at Debian from a functional programming perspective.
+	: Using Nix's functional package management as inspiration,
+	: let's look at Debian from a functional programming perspective.
 	
 	https://joeyh.name/talks/debconf-14-debian-through-a-functional-lens/
 
@@ -74,7 +74,7 @@ a motivating example (haskell-dav)
 		;	, libghc-xml-conduit-doc
 		; 	, libghc-xml-hamlet-doc
 	boilerplate (repeated 3 times in this package)
-		;	Package: libghc-dav-dev
+		;	Package: libghc-dav-{dev,prof,doc}
 		;	Architecture: any
 		;	Depends: ${shlibs:Depends}
 		;	 , ${haskell:Depends}
@@ -95,8 +95,8 @@ a motivating example (haskell-dav)
 		Debian Haskell Group maintains 844+ of these
 		Debian perl Group: 3327+!
 		... that's 20% of the source packages in Debian
-	
-	... and there are probably more
+		... and there are probably more
+
 nixos equivilant
 	;	# This file was auto-generated by cabal2nix. Please do NOT edit manually!
 	;	{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
@@ -124,8 +124,9 @@ nixos equivilant
 	;	  };
 	;	})
 	... not exactly ideal, but a lot better
+
 dh-control dream equivilant (take 1)
-	;	{ haskell_library use_cabal_description }
+	;	{ haskell_libraries }
 	;	Section: web
 	;	Standards-Version: 3.9.5
 	;	
@@ -134,20 +135,21 @@ dh-control dream equivilant (take 1)
 	;	Description: command-line WebDAV client
 	;	  hdav currently only supports copying a file and associated WebDAV
 	;	  properties from one URL to another.
+
 dh-control dream equivilant (take 2)
 	;	-- valid haskell code this time
-	;	control = haskell_libraries
+	;	source = haskell_source
 	;		{ section = Web
 	;		, standardsVersion = 3.9.5
-	;		} ++
-	;		[ Package "hdav"
-	;			{ depends = haskell_depends
-	;			, descrption = Desc "command-line WebDAV client"
-	;				[ "hdav currently only supports copying a file and associated WebDAV"
-	;				, "properties from one URL to another."
-	;				]
-	;			}
-	;		]
+	;		}
+	;	packages = haskell_libraries `also` (package "hdav")
+	;		{ depends = haskell_depends
+	;		, description = Desc "command-line WebDAV client"
+	;			[ "hdav currently only supports copying a file and associated WebDAV"
+	;			, "properties from one URL to another."
+	;			]
+	;		}
+
 dreaming in types
 	Digression: Understanding simple Haskell type signatures
 		func :: Type      -- indicates the type of a function
@@ -160,37 +162,39 @@ dreaming in types
 		.. if I went any further I'd get monad tomatoes tossed at me
 	
 	Current
-	; rules :: ControlFile -> DebianFiles -> UpstreamSource 
-	;          -> IO (SourcePkg, (Set DebPkg))
 	; control :: ControlFile
+	; rules :: ControlFile -> DebianFiles -> UpstreamSource 
+	;          -> IO (SourcePkg, Set DebPkg)
     
 	Pure functional version
-	; rules :: Control -> DebianFiles -> UpstreamSource
-	;          -> IO (SourcePkg, (Set DebPkg))
+	; rules :: Control     -> DebianFiles -> UpstreamSource
+	;          -> IO (SourcePkg, Set DebPkg)
 	; data Control = Control CommonControl (Set PackageControl)
 	; control :: UpstreamSource -> Control
     
 	Which type is better?
-	control :: Control                    -- current                         
+	control :: ControlFile                -- current                         
 		♥ simple
 		X redundant / boilerplate
 		X inflexible
-	control :: IO Control                 -- pre-generate control file       
-		♥ already available -- see "debdry - Debian Don't Repeat Yourself"
+	gencontrol :: IO ControlFIe           -- pre-generate control file       
+		♥ already available
+			see "debdry - Debian Don't Repeat Yourself"
 		♥ no boilerplate
 		♥ no language lock-in
 		X "this file was auto-generated. Please do NOT edit manually"
 	control :: UpstreamSource -> Control  -- control file as functional code
 		♥ beautiful?
 		♥ maximum flexability
-			control language could do arbitrarily complicated calculation
-			as needed by a package
-			and can refactor out of control file into libraries
+			can do arbitrarily complicated calculation
+			could generate different packages for different OS builds
 		♥ purely functional safety
 			control file generates same outputs given same inputs
 			result not based on /etc/lsb_release or phase of the moon
 		♥ no boilerplate
+			can refactor out of control file into libraries
 		X language lock-in?
+
 a progression: IO to declarative to FP
 	debian/rules
 		manual                  -- IO                   (cp foo bar)
@@ -205,14 +209,26 @@ a progression: IO to declarative to FP
 		debhelper autoscripts   -- sorta declarative, still lots of IO
 		triggers                -- some declarative, some IO
 	config files
-		just a static file      -- declarative
+		just a static file      -- declarative (mostly)
 		debconf generated file  -- IO (oops!)
 		file.d					-- FP-ish (Set File -> File)
-	OS maintanance
-		apt-get install ...     -- IO
+	debian/copyright  (a bit of a stretch)
+		prose
+			"This package was downloaded in 1997 from sunsite
+			and it is licensed under the GPL by copyright holder ESR."
+		structured
+			Copyright: 2009-2013 J. Random Hacker
+			License: GPL-3+
+		almost programming
+			"License: $foo with $bar exception"	
+			"License: $X or $Y, and $Z"
+		(BTW, debian/changelog followed a similar path)
+	OS maintenance
+		apt-get install         -- IO
 		puppet/etc				-- declarative-ish
-		docker					-- declarative (here's the hash)
+		docker					-- declarative (dockerfile) / static (hash)
 		nixos					-- FP
+
 nixos demo
 	note hash at boot
 	vim /etc/nixos/configuration.nix
@@ -226,8 +242,24 @@ nixos demo
 	reboot, note hashes
 	nix-env --uninstall git-annex
 	nix-env --list-generations
-	nic-env --delete-generations
-hash-based gc
-reproducible builds
-	$package-$hash
-conclusion
+	
+	can install a package as non-root, updates ~/.nix
+
+functional runtime
+	: We're seen how OS building/maintenance can move toward
+	: functional programming.
+	
+	: Corrolary: The running OS is like the runtime of a functional program.
+	
+	immutable data
+		git commits
+		docker images
+		nix derivations
+	copy on write
+		git tree delta compression
+		docker aufs layers
+		nix generations
+	garbage collection
+		git gc
+		docker images -f dangling=true # or something like that
+		nix-env --delete-generations

update
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 9e7a257..538beea 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -95,7 +95,8 @@ a motivating example (haskell-dav)
 		Debian Haskell Group maintains 844+ of these
 		Debian perl Group: 3327+!
 		... that's 20% of the source packages in Debian
-		... and there are probably more
+	
+	... and there are probably more
 nixos equivilant
 	;	# This file was auto-generated by cabal2nix. Please do NOT edit manually!
 	;	{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
@@ -123,7 +124,7 @@ nixos equivilant
 	;	  };
 	;	})
 	... not exactly ideal, but a lot better
-dh-control dream equivilant
+dh-control dream equivilant (take 1)
 	;	{ haskell_library use_cabal_description }
 	;	Section: web
 	;	Standards-Version: 3.9.5
@@ -133,6 +134,20 @@ dh-control dream equivilant
 	;	Description: command-line WebDAV client
 	;	  hdav currently only supports copying a file and associated WebDAV
 	;	  properties from one URL to another.
+dh-control dream equivilant (take 2)
+	;	-- valid haskell code this time
+	;	control = haskell_libraries
+	;		{ section = Web
+	;		, standardsVersion = 3.9.5
+	;		} ++
+	;		[ Package "hdav"
+	;			{ depends = haskell_depends
+	;			, descrption = Desc "command-line WebDAV client"
+	;				[ "hdav currently only supports copying a file and associated WebDAV"
+	;				, "properties from one URL to another."
+	;				]
+	;			}
+	;		]
 dreaming in types
 	Digression: Understanding simple Haskell type signatures
 		func :: Type      -- indicates the type of a function
@@ -178,9 +193,9 @@ dreaming in types
 		X language lock-in?
 a progression: IO to declarative to FP
 	debian/rules
-		manual    -- IO                   (cp foo bar)
-		debhelper -- IO, some declarative (debian/install etc)
-		dh        -- declarative, some IO (override_dh_auto_*)
+		manual                  -- IO                   (cp foo bar)
+		debhelper               -- IO, some declarative (debian/install etc)
+		dh                      -- declarative, some IO (override_dh_auto_*)
 		... FP?
 			many debhelper feature requests are now about the
 			limits of declarative configuration

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index f47b476..9e7a257 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -147,6 +147,7 @@ dreaming in types
 	Current
 	; rules :: ControlFile -> DebianFiles -> UpstreamSource 
 	;          -> IO (SourcePkg, (Set DebPkg))
+	; control :: ControlFile
     
 	Pure functional version
 	; rules :: Control -> DebianFiles -> UpstreamSource
@@ -160,18 +161,19 @@ dreaming in types
 		X redundant / boilerplate
 		X inflexible
 	control :: IO Control                 -- pre-generate control file       
-		♥ maximally flexible
 		♥ already available -- see "debdry - Debian Don't Repeat Yourself"
 		♥ no boilerplate
-		X "this file was auto-generated. Please do NOT edit manually"
-		X perhaps too flexible
 		♥ no language lock-in
+		X "this file was auto-generated. Please do NOT edit manually"
 	control :: UpstreamSource -> Control  -- control file as functional code
 		♥ beautiful?
-		♥ just as flexible as it needs to be
+		♥ maximum flexability
+			control language could do arbitrarily complicated calculation
+			as needed by a package
+			and can refactor out of control file into libraries
+		♥ purely functional safety
 			control file generates same outputs given same inputs
 			result not based on /etc/lsb_release or phase of the moon
-			can do arbitrarily complicated calculation
 		♥ no boilerplate
 		X language lock-in?
 a progression: IO to declarative to FP

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index a5f5b2f..f47b476 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -156,24 +156,24 @@ dreaming in types
     
 	Which type is better?
 	control :: Control                    -- current                         
-		(+) simple
-		(-) redundant / boilerplate
-		(-) inflexible
+		♥ simple
+		X redundant / boilerplate
+		X inflexible
 	control :: IO Control                 -- pre-generate control file       
-		(+) maximally flexible
-		(+) already available -- see "debdry - Debian Don't Repeat Yourself"
-		(+) no boilerplate
-		(-) "this file was auto-generated. Please do NOT edit manually"
-		(-) perhaps too flexible
-		(+) no language lock-in
+		♥ maximally flexible
+		♥ already available -- see "debdry - Debian Don't Repeat Yourself"
+		♥ no boilerplate
+		X "this file was auto-generated. Please do NOT edit manually"
+		X perhaps too flexible
+		♥ no language lock-in
 	control :: UpstreamSource -> Control  -- control file as functional code
-		(+) beautiful?
-		(+) just as flexible as it needs to be
+		♥ beautiful?
+		♥ just as flexible as it needs to be
 			control file generates same outputs given same inputs
 			result not based on /etc/lsb_release or phase of the moon
 			can do arbitrarily complicated calculation
-		(+) no boilerplate
-		(-) language lock-in?
+		♥ no boilerplate
+		X language lock-in?
 a progression: IO to declarative to FP
 	debian/rules
 		manual    -- IO                   (cp foo bar)

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index e862826..a5f5b2f 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -145,14 +145,14 @@ dreaming in types
 		.. if I went any further I'd get monad tomatoes tossed at me
 	
 	Current
-	< rules :: ControlFile -> DebianFiles -> UpstreamSource 
-	<          -> IO (SourcePkg, (Set DebPkg))
+	; rules :: ControlFile -> DebianFiles -> UpstreamSource 
+	;          -> IO (SourcePkg, (Set DebPkg))
     
 	Pure functional version
-	< rules :: Control -> DebianFiles -> UpstreamSource
-	<          -> IO (SourcePkg, (Set DebPkg))
-	< data Control = Control CommonControl (Set PackageControl)
-	< control :: UpstreamSource -> Control
+	; rules :: Control -> DebianFiles -> UpstreamSource
+	;          -> IO (SourcePkg, (Set DebPkg))
+	; data Control = Control CommonControl (Set PackageControl)
+	; control :: UpstreamSource -> Control
     
 	Which type is better?
 	control :: Control                    -- current                         

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 461ab82..e862826 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -73,7 +73,7 @@ a motivating example (haskell-dav)
 		;	, libghc-utf8-string-doc
 		;	, libghc-xml-conduit-doc
 		; 	, libghc-xml-hamlet-doc
- 	boilerplate (repeated 3 times in this package)
+	boilerplate (repeated 3 times in this package)
 		;	Package: libghc-dav-dev
 		;	Architecture: any
 		;	Depends: ${shlibs:Depends}
@@ -94,6 +94,8 @@ a motivating example (haskell-dav)
 	massive redundancy and make-work
 		Debian Haskell Group maintains 844+ of these
 		Debian perl Group: 3327+!
+		... that's 20% of the source packages in Debian
+		... and there are probably more
 nixos equivilant
 	;	# This file was auto-generated by cabal2nix. Please do NOT edit manually!
 	;	{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
@@ -131,17 +133,26 @@ dh-control dream equivilant
 	;	Description: command-line WebDAV client
 	;	  hdav currently only supports copying a file and associated WebDAV
 	;	  properties from one URL to another.
-drea
-ming in types
+dreaming in types
+	Digression: Understanding simple Haskell type signatures
+		func :: Type      -- indicates the type of a function
+		Foo -> Bar        -- a function from type Foo to type Bar
+		Foo -> Bar -> Baz -- a function from a Foo and a Bar to a Baz
+		(Foo, Bar)        -- tuple
+		Set Foo           -- a set of Foo
+		Foo -> IO x       -- a function that take a foo
+		                  -- and returns an IO action of type x
+		.. if I went any further I'd get monad tomatoes tossed at me
+	
 	Current
-		< rules :: ControlFile -> DebianFiles -> UpstreamSource 
-		<          -> IO (SourcePkg, (Set DebPkg))
+	< rules :: ControlFile -> DebianFiles -> UpstreamSource 
+	<          -> IO (SourcePkg, (Set DebPkg))
     
 	Pure functional version
-		< data Control = Control CommonControl (Set PackageControl)
-		< rules :: Control -> DebianFiles -> UpstreamSource
-		<          -> IO (SourcePkg, (Set DebPkg))
-		< control :: UpstreamSource -> Control
+	< rules :: Control -> DebianFiles -> UpstreamSource
+	<          -> IO (SourcePkg, (Set DebPkg))
+	< data Control = Control CommonControl (Set PackageControl)
+	< control :: UpstreamSource -> Control
     
 	Which type is better?
 	control :: Control                    -- current                         

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 4efd13a..461ab82 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -1,5 +1,4 @@
-Debi
-an though a functional lens
+Debian though a functional lens
 	Joey Hess, DebConf14
 	
 		: Using Nix's functional package management as inspiration,
@@ -132,14 +131,17 @@ dh-control dream equivilant
 	;	Description: command-line WebDAV client
 	;	  hdav currently only supports copying a file and associated WebDAV
 	;	  properties from one URL to another.
-dreaming in types
-	Current                                                      -- Evil IO
-		< rules :: ControlFile -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
+drea
+ming in types
+	Current
+		< rules :: ControlFile -> DebianFiles -> UpstreamSource 
+		<          -> IO (SourcePkg, (Set DebPkg))
     
 	Pure functional version
-		< data Control = Control CommonControl [PackageControl]
+		< data Control = Control CommonControl (Set PackageControl)
+		< rules :: Control -> DebianFiles -> UpstreamSource
+		<          -> IO (SourcePkg, (Set DebPkg))
 		< control :: UpstreamSource -> Control
-		< rules :: Control -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
     
 	Which type is better?
 	control :: Control                    -- current                         
@@ -177,7 +179,7 @@ a progression: IO to declarative to FP
 	config files
 		just a static file      -- declarative
 		debconf generated file  -- IO (oops!)
-		file.d					-- FP-ish ([File] -> File)
+		file.d					-- FP-ish (Set File -> File)
 	OS maintanance
 		apt-get install ...     -- IO
 		puppet/etc				-- declarative-ish

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index b101736..4efd13a 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -134,12 +134,12 @@ dh-control dream equivilant
 	;	  properties from one URL to another.
 dreaming in types
 	Current                                                      -- Evil IO
-	;	rules :: ControlFile -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
+		< rules :: ControlFile -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
     
 	Pure functional version
-	;	data Control = Control CommonControl [PackageControl]
-	;	control :: UpstreamSource -> Control
-	;	rules :: Control -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
+		< data Control = Control CommonControl [PackageControl]
+		< control :: UpstreamSource -> Control
+		< rules :: Control -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
     
 	Which type is better?
 	control :: Control                    -- current                         

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 1c85d9b..b101736 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -1,10 +1,12 @@
-Debian though a functional lens
+Debi
+an though a functional lens
 	Joey Hess, DebConf14
 	
 		: Using Nix's functional package management as inspiration,
 		: let's look at Debian from a functional programming perspective.
 	
 	https://joeyh.name/talks/debconf-14-debian-through-a-functional-lens/
+
 a motivating example (haskell-dav)
 	(picked because Clint is in the audience)
 	; % wc -l debian/rules debian/control Network/Protocol/HTTP/DAV.hs DAV.cabal
@@ -94,50 +96,50 @@ a motivating example (haskell-dav)
 		Debian Haskell Group maintains 844+ of these
 		Debian perl Group: 3327+!
 nixos equivilant
-	<	# This file was auto-generated by cabal2nix. Please do NOT edit manually!
-	<	{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
-	<	, httpTypes, lens, liftedBase, monadControl, mtl, network
-	<	, optparseApplicative, transformers, transformersBase, xmlConduit
-	<	, xmlHamlet
-	<	}:
-	<	cabal.mkDerivation (self: {
-	<	  pname = "DAV";
-	<	  version = "0.8";
-	<	  sha256 = "0khjid5jaaf4c3xn9cbph8ay4ibqr7pg3b3w7d0kfvci90ksc08r";
-	<	  isLibrary = true;
-	<	  isExecutable = true;
-	<	  buildDepends = [
-	<	    caseInsensitive either errors httpClient httpClientTls httpTypes
-	<	    lens liftedBase monadControl mtl network optparseApplicative
-	<	    transformers transformersBase xmlConduit xmlHamlet
-	<	  ];
-	<	  jailbreak = true;
-	<	  meta = {
-	<	    homepage = "http://floss.scru.org/hDAV";
-	<	    description = "RFC 4918 WebDAV support";
-	<	    license = self.stdenv.lib.licenses.gpl3;
-	<	    platforms = self.ghc.meta.platforms;
-	<	  };
-	<	})
+	;	# This file was auto-generated by cabal2nix. Please do NOT edit manually!
+	;	{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
+	;	, httpTypes, lens, liftedBase, monadControl, mtl, network
+	;	, optparseApplicative, transformers, transformersBase, xmlConduit
+	;	, xmlHamlet
+	;	}:
+	;	cabal.mkDerivation (self: {
+	;	  pname = "DAV";
+	;	  version = "0.8";
+	;	  sha256 = "0khjid5jaaf4c3xn9cbph8ay4ibqr7pg3b3w7d0kfvci90ksc08r";
+	;	  isLibrary = true;
+	;	  isExecutable = true;
+	;	  buildDepends = [
+	;	    caseInsensitive either errors httpClient httpClientTls httpTypes
+	;	    lens liftedBase monadControl mtl network optparseApplicative
+	;	    transformers transformersBase xmlConduit xmlHamlet
+	;	  ];
+	;	  jailbreak = true;
+	;	  meta = {
+	;	    homepage = "http://floss.scru.org/hDAV";
+	;	    description = "RFC 4918 WebDAV support";
+	;	    license = self.stdenv.lib.licenses.gpl3;
+	;	    platforms = self.ghc.meta.platforms;
+	;	  };
+	;	})
 	... not exactly ideal, but a lot better
 dh-control dream equivilant
-	<	{ haskell_library use_cabal_description }
-	<	Section: web
-	<	Standards-Version: 3.9.5
-	<	
-	<	Package: hdav
-	<	Depends: { haskell_depends }
-	<	Description: command-line WebDAV client
-	<	  hdav currently only supports copying a file and associated WebDAV
-	<	  properties from one URL to another.
+	;	{ haskell_library use_cabal_description }
+	;	Section: web
+	;	Standards-Version: 3.9.5
+	;	
+	;	Package: hdav
+	;	Depends: { haskell_depends }
+	;	Description: command-line WebDAV client
+	;	  hdav currently only supports copying a file and associated WebDAV
+	;	  properties from one URL to another.
 dreaming in types
 	Current                                                      -- Evil IO
-	<	rules :: ControlFile -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
+	;	rules :: ControlFile -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
     
 	Pure functional version
-	<	data Control = Control CommonControl [PackageControl]
-	<	control :: UpstreamSource -> Control
-	<	rules :: Control -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
+	;	data Control = Control CommonControl [PackageControl]
+	;	control :: UpstreamSource -> Control
+	;	rules :: Control -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
     
 	Which type is better?
 	control :: Control                    -- current                         

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index e0313b0..1c85d9b 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -13,86 +13,83 @@ a motivating example (haskell-dav)
 	;	444 Network/Protocol/HTTP/DAV.hs
 	;	79  DAV.cabal
 	Build-Depends: debhelper (>= 9)
-		<	, haskell-devscripts (>= 0.8.13)
-		<	, cdbs
-		<	, ghc
-		<	, ghc-prof
-		<	, ghc-ghci
-		<	, libghc-case-insensitive-dev (>= 0.4)
-		<	, libghc-case-insensitive-prof
-		<	, libghc-either-dev (>= 4.1)
-		<	, libghc-either-prof
-		<	, libghc-errors-dev
-		<	, libghc-errors-prof
-		<	, libghc-http-client-dev (>= 0.2)
-		<	, libghc-http-client-prof
-		<	, libghc-http-client-tls-dev (>= 0.2)
-		<	, libghc-http-client-tls-prof
-		<	, libghc-http-types-dev (>= 0.7)
-		<	, libghc-http-types-prof
-		<	, libghc-lens-dev (>= 3.0)
-		<	, libghc-lens-prof
-		<	, libghc-lifted-base-dev (>= 0.1)
-		<	, libghc-lifted-base-prof
-		<	, libghc-monad-control-dev (>= 0.3.2)
-		<	, libghc-monad-control-prof
-		<	, libghc-mtl-dev (>= 2.1)
-		<	, libghc-mtl-prof
-		<	, libghc-network-dev (>= 2.3)
-		<	, libghc-network-prof
-		<	, libghc-optparse-applicative-dev (>= 0.5.0)
-		<	, libghc-optparse-applicative-prof
-		<	, libghc-transformers-dev (>= 0.3)
-		<	, libghc-transformers-prof
-		<	, libghc-transformers-base-dev
-		<	, libghc-transformers-base-prof
-		<	, libghc-utf8-string-dev
-		<	, libghc-utf8-string-prof
-		<	, libghc-xml-conduit-dev (>= 1.0)
-		<	, libghc-xml-conduit-dev (<< 1.3)
-		<	, libghc-xml-conduit-prof
-		<	, libghc-xml-hamlet-dev (>= 0.4)
-		<	, libghc-xml-hamlet-dev (<< 0.5)
-		<	, libghc-xml-hamlet-prof
+		;	, haskell-devscripts (>= 0.8.13)
+		;	, cdbs
+		;	, ghc
+		;	, ghc-prof
+		;	, ghc-ghci
+		;	, libghc-case-insensitive-dev (>= 0.4)
+		;	, libghc-case-insensitive-prof
+		;	, libghc-either-dev (>= 4.1)
+		;	, libghc-either-prof
+		;	, libghc-errors-dev
+		;	, libghc-errors-prof
+		;	, libghc-http-client-dev (>= 0.2)
+		;	, libghc-http-client-prof
+		;	, libghc-http-client-tls-dev (>= 0.2)
+		;	, libghc-http-client-tls-prof
+		;	, libghc-http-types-dev (>= 0.7)
+		;	, libghc-http-types-prof
+		;	, libghc-lens-dev (>= 3.0)
+		;	, libghc-lens-prof
+		;	, libghc-lifted-base-dev (>= 0.1)
+		;	, libghc-lifted-base-prof
+		;	, libghc-monad-control-dev (>= 0.3.2)
+		;	, libghc-monad-control-prof
+		;	, libghc-mtl-dev (>= 2.1)
+		;	, libghc-mtl-prof
+		;	, libghc-network-dev (>= 2.3)
+		;	, libghc-network-prof
+		;	, libghc-optparse-applicative-dev (>= 0.5.0)
+		;	, libghc-optparse-applicative-prof
+		;	, libghc-transformers-dev (>= 0.3)
+		;	, libghc-transformers-prof
+		;	, libghc-transformers-base-dev
+		;	, libghc-transformers-base-prof
+		;	, libghc-utf8-string-dev
+		;	, libghc-utf8-string-prof
+		;	, libghc-xml-conduit-dev (>= 1.0)
+		;	, libghc-xml-conduit-dev (<< 1.3)
+		;	, libghc-xml-conduit-prof
+		;	, libghc-xml-hamlet-dev (>= 0.4)
+		;	, libghc-xml-hamlet-dev (<< 0.5)
+		;	, libghc-xml-hamlet-prof
 	Build-Depends-Indep: ghc-doc
-		<	, libghc-case-insensitive-doc
-		<	, libghc-either-doc
-		<	, libghc-errors-doc
-		<	, libghc-http-client-doc
-		<	, libghc-http-client-tls-doc
-		<	, libghc-http-types-doc
-		<	, libghc-lens-doc
-		<	, libghc-lifted-base-doc
-		<	, libghc-monad-control-doc
-		<	, libghc-mtl-doc
-		<	, libghc-network-doc
-		<	, libghc-optparse-applicative-doc
-		<	, libghc-transformers-doc
-		<	, libghc-transformers-base-doc
-		<	, libghc-utf8-string-doc
-		<	, libghc-xml-conduit-doc
-		<
-		, libghc-xml-hamlet-doc
-	boilerplate
-		<	Package: libghc-dav-dev
-		<	Architecture: any
-		<	Depends: ${shlibs:Depends}
-		<	 , ${haskell:Depends}
-		<	 , ${misc:Depends}
-		<	Recommends: ${haskell:Recommends}
-		<	Suggests: ${haskell:Suggests}
-		<	Provides: ${haskell:Provides}
+		;	, libghc-case-insensitive-doc
+		;	, libghc-either-doc
+		;	, libghc-errors-doc
+		;	, libghc-http-client-doc
+		;	, libghc-http-client-tls-doc
+		;	, libghc-http-types-doc
+		;	, libghc-lens-doc
+		;	, libghc-lifted-base-doc
+		;	, libghc-monad-control-doc
+		;	, libghc-mtl-doc
+		;	, libghc-network-doc
+		;	, libghc-optparse-applicative-doc
+		;	, libghc-transformers-doc
+		;	, libghc-transformers-base-doc
+		;	, libghc-utf8-string-doc
+		;	, libghc-xml-conduit-doc
+		; 	, libghc-xml-hamlet-doc
+ 	boilerplate (repeated 3 times in this package)
+		;	Package: libghc-dav-dev
+		;	Architecture: any
+		;	Depends: ${shlibs:Depends}
+		;	 , ${haskell:Depends}
+		;	 , ${misc:Depends}
+		;	Recommends: ${haskell:Recommends}
+		;	Suggests: ${haskell:Suggests}
+		;	Provides: ${haskell:Provides}
+		;	Description: ${haskell:ShortDescription}${haskell:ShortBlurb}
+		;	   ${haskell:LongDescription}
+		;	   .
+		;	   ${haskell:Blurb}
 	rudimentary control file refactoring
-		<	X-Description: RFC 4918 WebDAV support
-		<	  This is a library for the Web Distributed Authoring and
-		<	  Versioning (WebDAV) extensions to HTTP.  At present it
-		<	  supports a very small subset of client functionality.
-		 
-		<	for [libghc-dav-dev, libghc-dav-prof, libghc-dav-doc] $ \p ->
-		<	  Description: ${haskell:ShortDescription}${haskell:ShortBlurb}
-		<	   ${haskell:LongDescription}
-		<	   .
-		<	   ${haskell:Blurb}
+		;	X-Description: RFC 4918 WebDAV support
+		;	  This is a library for the Web Distributed Authoring and
+		;	  Versioning (WebDAV) extensions to HTTP.  At present it
+		;	  supports a very small subset of client functionality.
 	massive redundancy and make-work
 		Debian Haskell Group maintains 844+ of these
 		Debian perl Group: 3327+!

formatting
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 3e4a44f..e0313b0 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -1,17 +1,17 @@
 Debian though a functional lens
 	Joey Hess, DebConf14
 	
-		Using Nix's functional package management as inspiration,
-		let's look at Debian from a functional programming perspective.
+		: Using Nix's functional package management as inspiration,
+		: let's look at Debian from a functional programming perspective.
 	
 	https://joeyh.name/talks/debconf-14-debian-through-a-functional-lens/
 a motivating example (haskell-dav)
 	(picked because Clint is in the audience)
-	% wc -l debian/rules debian/control Network/Protocol/HTTP/DAV.hs DAV.cabal
-		8   debian/rules
-		126 debian/control
-		444 Network/Protocol/HTTP/DAV.hs
-		79  DAV.cabal
+	; % wc -l debian/rules debian/control Network/Protocol/HTTP/DAV.hs DAV.cabal
+	;	8   debian/rules
+	;	126 debian/control
+	;	444 Network/Protocol/HTTP/DAV.hs
+	;	79  DAV.cabal
 	Build-Depends: debhelper (>= 9)
 		<	, haskell-devscripts (>= 0.8.13)
 		<	, cdbs

formatting
diff --git a/talks.mdwn b/talks.mdwn
index b41f907..2387357 100644
--- a/talks.mdwn
+++ b/talks.mdwn
@@ -87,4 +87,4 @@ by others.
 ## DebConf 14, Portland OR
 
  * "Debian Through a Functional Lens"
-  - [[slidish things|debconf-14-debian-through-a-functional-lens]]
+    - [[slidish things|debconf-14-debian-through-a-functional-lens]]
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
index 7d00950..3e4a44f 100644
--- a/talks/debconf-14-debian-through-a-functional-lens.otl
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -6,160 +6,162 @@ Debian though a functional lens
 	
 	https://joeyh.name/talks/debconf-14-debian-through-a-functional-lens/
 a motivating example (haskell-dav)
-	-- picked because Clint is in the audience
+	(picked because Clint is in the audience)
 	% wc -l debian/rules debian/control Network/Protocol/HTTP/DAV.hs DAV.cabal
 		8   debian/rules
 		126 debian/control
 		444 Network/Protocol/HTTP/DAV.hs
 		79  DAV.cabal
 	Build-Depends: debhelper (>= 9)
-		, haskell-devscripts (>= 0.8.13)
-		, cdbs
-		, ghc
-		, ghc-prof
-		, ghc-ghci
-		, libghc-case-insensitive-dev (>= 0.4)
-		, libghc-case-insensitive-prof
-		, libghc-either-dev (>= 4.1)
-		, libghc-either-prof
-		, libghc-errors-dev
-		, libghc-errors-prof
-		, libghc-http-client-dev (>= 0.2)
-		, libghc-http-client-prof
-		, libghc-http-client-tls-dev (>= 0.2)
-		, libghc-http-client-tls-prof
-		, libghc-http-types-dev (>= 0.7)
-		, libghc-http-types-prof
-		, libghc-lens-dev (>= 3.0)
-		, libghc-lens-prof
-		, libghc-lifted-base-dev (>= 0.1)
-		, libghc-lifted-base-prof
-		, libghc-monad-control-dev (>= 0.3.2)
-		, libghc-monad-control-prof
-		, libghc-mtl-dev (>= 2.1)
-		, libghc-mtl-prof
-		, libghc-network-dev (>= 2.3)
-		, libghc-network-prof
-		, libghc-optparse-applicative-dev (>= 0.5.0)
-		, libghc-optparse-applicative-prof
-		, libghc-transformers-dev (>= 0.3)
-		, libghc-transformers-prof
-		, libghc-transformers-base-dev
-		, libghc-transformers-base-prof
-		, libghc-utf8-string-dev
-		, libghc-utf8-string-prof
-		, libghc-xml-conduit-dev (>= 1.0)
-		, libghc-xml-conduit-dev (<< 1.3)
-		, libghc-xml-conduit-prof
-		, libghc-xml-hamlet-dev (>= 0.4)
-		, libghc-xml-hamlet-dev (<< 0.5)
-		, libghc-xml-hamlet-prof
+		<	, haskell-devscripts (>= 0.8.13)
+		<	, cdbs
+		<	, ghc
+		<	, ghc-prof
+		<	, ghc-ghci
+		<	, libghc-case-insensitive-dev (>= 0.4)
+		<	, libghc-case-insensitive-prof
+		<	, libghc-either-dev (>= 4.1)
+		<	, libghc-either-prof
+		<	, libghc-errors-dev
+		<	, libghc-errors-prof
+		<	, libghc-http-client-dev (>= 0.2)
+		<	, libghc-http-client-prof
+		<	, libghc-http-client-tls-dev (>= 0.2)
+		<	, libghc-http-client-tls-prof
+		<	, libghc-http-types-dev (>= 0.7)
+		<	, libghc-http-types-prof
+		<	, libghc-lens-dev (>= 3.0)
+		<	, libghc-lens-prof
+		<	, libghc-lifted-base-dev (>= 0.1)
+		<	, libghc-lifted-base-prof
+		<	, libghc-monad-control-dev (>= 0.3.2)
+		<	, libghc-monad-control-prof
+		<	, libghc-mtl-dev (>= 2.1)
+		<	, libghc-mtl-prof
+		<	, libghc-network-dev (>= 2.3)
+		<	, libghc-network-prof
+		<	, libghc-optparse-applicative-dev (>= 0.5.0)
+		<	, libghc-optparse-applicative-prof
+		<	, libghc-transformers-dev (>= 0.3)
+		<	, libghc-transformers-prof
+		<	, libghc-transformers-base-dev
+		<	, libghc-transformers-base-prof
+		<	, libghc-utf8-string-dev
+		<	, libghc-utf8-string-prof
+		<	, libghc-xml-conduit-dev (>= 1.0)
+		<	, libghc-xml-conduit-dev (<< 1.3)
+		<	, libghc-xml-conduit-prof
+		<	, libghc-xml-hamlet-dev (>= 0.4)
+		<	, libghc-xml-hamlet-dev (<< 0.5)
+		<	, libghc-xml-hamlet-prof
 	Build-Depends-Indep: ghc-doc
-		, libghc-case-insensitive-doc
-		, libghc-either-doc
-		, libghc-errors-doc
-		, libghc-http-client-doc
-		, libghc-http-client-tls-doc
-		, libghc-http-types-doc
-		, libghc-lens-doc
-		, libghc-lifted-base-doc
-		, libghc-monad-control-doc
-		, libghc-mtl-doc
-		, libghc-network-doc
-		, libghc-optparse-applicative-doc
-		, libghc-transformers-doc
-		, libghc-transformers-base-doc
-		, libghc-utf8-string-doc
-		, libghc-xml-conduit-doc
+		<	, libghc-case-insensitive-doc
+		<	, libghc-either-doc
+		<	, libghc-errors-doc
+		<	, libghc-http-client-doc
+		<	, libghc-http-client-tls-doc
+		<	, libghc-http-types-doc
+		<	, libghc-lens-doc
+		<	, libghc-lifted-base-doc
+		<	, libghc-monad-control-doc
+		<	, libghc-mtl-doc
+		<	, libghc-network-doc
+		<	, libghc-optparse-applicative-doc
+		<	, libghc-transformers-doc
+		<	, libghc-transformers-base-doc
+		<	, libghc-utf8-string-doc
+		<	, libghc-xml-conduit-doc
+		<
 		, libghc-xml-hamlet-doc
 	boilerplate
-		Package: libghc-dav-dev
-		Architecture: any
-		Depends: ${shlibs:Depends}
-		  , ${haskell:Depends}
-		  , ${misc:Depends}
-		Recommends: ${haskell:Recommends}
-		Suggests: ${haskell:Suggests}
-		Provides: ${haskell:Provides}
+		<	Package: libghc-dav-dev
+		<	Architecture: any
+		<	Depends: ${shlibs:Depends}
+		<	 , ${haskell:Depends}
+		<	 , ${misc:Depends}
+		<	Recommends: ${haskell:Recommends}
+		<	Suggests: ${haskell:Suggests}
+		<	Provides: ${haskell:Provides}
 	rudimentary control file refactoring
-		X-Description: RFC 4918 WebDAV support
-		  This is a library for the Web Distributed Authoring and
-		  Versioning (WebDAV) extensions to HTTP.  At present it
-		  supports a very small subset of client functionality.
-		for [libghc-dav-dev, libghc-dav-prof, libghc-dav-doc] $ \p ->
-		  Description: ${haskell:ShortDescription}${haskell:ShortBlurb}
-		   ${haskell:LongDescription}
-		   .
-		   ${haskell:Blurb}
+		<	X-Description: RFC 4918 WebDAV support
+		<	  This is a library for the Web Distributed Authoring and
+		<	  Versioning (WebDAV) extensions to HTTP.  At present it
+		<	  supports a very small subset of client functionality.
+		 
+		<	for [libghc-dav-dev, libghc-dav-prof, libghc-dav-doc] $ \p ->
+		<	  Description: ${haskell:ShortDescription}${haskell:ShortBlurb}
+		<	   ${haskell:LongDescription}
+		<	   .
+		<	   ${haskell:Blurb}
 	massive redundancy and make-work
 		Debian Haskell Group maintains 844+ of these
 		Debian perl Group: 3327+!
 nixos equivilant
-		# This file was auto-generated by cabal2nix. Please do NOT edit manually!
-		{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
-		, httpTypes, lens, liftedBase, monadControl, mtl, network
-		, optparseApplicative, transformers, transformersBase, xmlConduit
-		, xmlHamlet
-		}:
-		cabal.mkDerivation (self: {
-		  pname = "DAV";
-		  version = "0.8";
-		  sha256 = "0khjid5jaaf4c3xn9cbph8ay4ibqr7pg3b3w7d0kfvci90ksc08r";
-		  isLibrary = true;
-		  isExecutable = true;
-		  buildDepends = [
-		    caseInsensitive either errors httpClient httpClientTls httpTypes
-		    lens liftedBase monadControl mtl network optparseApplicative
-		    transformers transformersBase xmlConduit xmlHamlet

(Diff truncated)
add
diff --git a/talks.mdwn b/talks.mdwn
index 05baa96..b41f907 100644
--- a/talks.mdwn
+++ b/talks.mdwn
@@ -83,3 +83,8 @@ by others.
 * "ikiwiki BOF"
   - video [low](http://meetings-archive.debian.net/pub/debian-meetings/2013/debconf13/low/1060_ikiwiki_BoF.ogv)
     [high](http://meetings-archive.debian.net/pub/debian-meetings/2013/debconf13/high/1060_ikiwiki_BoF.ogv)
+
+## DebConf 14, Portland OR
+
+ * "Debian Through a Functional Lens"
+  - [[slidish things|debconf-14-debian-through-a-functional-lens]]

add
diff --git a/talks/debconf-14-debian-through-a-functional-lens.otl b/talks/debconf-14-debian-through-a-functional-lens.otl
new file mode 100644
index 0000000..7d00950
--- /dev/null
+++ b/talks/debconf-14-debian-through-a-functional-lens.otl
@@ -0,0 +1,202 @@
+Debian though a functional lens
+	Joey Hess, DebConf14
+	
+		Using Nix's functional package management as inspiration,
+		let's look at Debian from a functional programming perspective.
+	
+	https://joeyh.name/talks/debconf-14-debian-through-a-functional-lens/
+a motivating example (haskell-dav)
+	-- picked because Clint is in the audience
+	% wc -l debian/rules debian/control Network/Protocol/HTTP/DAV.hs DAV.cabal
+		8   debian/rules
+		126 debian/control
+		444 Network/Protocol/HTTP/DAV.hs
+		79  DAV.cabal
+	Build-Depends: debhelper (>= 9)
+		, haskell-devscripts (>= 0.8.13)
+		, cdbs
+		, ghc
+		, ghc-prof
+		, ghc-ghci
+		, libghc-case-insensitive-dev (>= 0.4)
+		, libghc-case-insensitive-prof
+		, libghc-either-dev (>= 4.1)
+		, libghc-either-prof
+		, libghc-errors-dev
+		, libghc-errors-prof
+		, libghc-http-client-dev (>= 0.2)
+		, libghc-http-client-prof
+		, libghc-http-client-tls-dev (>= 0.2)
+		, libghc-http-client-tls-prof
+		, libghc-http-types-dev (>= 0.7)
+		, libghc-http-types-prof
+		, libghc-lens-dev (>= 3.0)
+		, libghc-lens-prof
+		, libghc-lifted-base-dev (>= 0.1)
+		, libghc-lifted-base-prof
+		, libghc-monad-control-dev (>= 0.3.2)
+		, libghc-monad-control-prof
+		, libghc-mtl-dev (>= 2.1)
+		, libghc-mtl-prof
+		, libghc-network-dev (>= 2.3)
+		, libghc-network-prof
+		, libghc-optparse-applicative-dev (>= 0.5.0)
+		, libghc-optparse-applicative-prof
+		, libghc-transformers-dev (>= 0.3)
+		, libghc-transformers-prof
+		, libghc-transformers-base-dev
+		, libghc-transformers-base-prof
+		, libghc-utf8-string-dev
+		, libghc-utf8-string-prof
+		, libghc-xml-conduit-dev (>= 1.0)
+		, libghc-xml-conduit-dev (<< 1.3)
+		, libghc-xml-conduit-prof
+		, libghc-xml-hamlet-dev (>= 0.4)
+		, libghc-xml-hamlet-dev (<< 0.5)
+		, libghc-xml-hamlet-prof
+	Build-Depends-Indep: ghc-doc
+		, libghc-case-insensitive-doc
+		, libghc-either-doc
+		, libghc-errors-doc
+		, libghc-http-client-doc
+		, libghc-http-client-tls-doc
+		, libghc-http-types-doc
+		, libghc-lens-doc
+		, libghc-lifted-base-doc
+		, libghc-monad-control-doc
+		, libghc-mtl-doc
+		, libghc-network-doc
+		, libghc-optparse-applicative-doc
+		, libghc-transformers-doc
+		, libghc-transformers-base-doc
+		, libghc-utf8-string-doc
+		, libghc-xml-conduit-doc
+		, libghc-xml-hamlet-doc
+	boilerplate
+		Package: libghc-dav-dev
+		Architecture: any
+		Depends: ${shlibs:Depends}
+		  , ${haskell:Depends}
+		  , ${misc:Depends}
+		Recommends: ${haskell:Recommends}
+		Suggests: ${haskell:Suggests}
+		Provides: ${haskell:Provides}
+	rudimentary control file refactoring
+		X-Description: RFC 4918 WebDAV support
+		  This is a library for the Web Distributed Authoring and
+		  Versioning (WebDAV) extensions to HTTP.  At present it
+		  supports a very small subset of client functionality.
+		for [libghc-dav-dev, libghc-dav-prof, libghc-dav-doc] $ \p ->
+		  Description: ${haskell:ShortDescription}${haskell:ShortBlurb}
+		   ${haskell:LongDescription}
+		   .
+		   ${haskell:Blurb}
+	massive redundancy and make-work
+		Debian Haskell Group maintains 844+ of these
+		Debian perl Group: 3327+!
+nixos equivilant
+		# This file was auto-generated by cabal2nix. Please do NOT edit manually!
+		{ cabal, caseInsensitive, either, errors, httpClient, httpClientTls
+		, httpTypes, lens, liftedBase, monadControl, mtl, network
+		, optparseApplicative, transformers, transformersBase, xmlConduit
+		, xmlHamlet
+		}:
+		cabal.mkDerivation (self: {
+		  pname = "DAV";
+		  version = "0.8";
+		  sha256 = "0khjid5jaaf4c3xn9cbph8ay4ibqr7pg3b3w7d0kfvci90ksc08r";
+		  isLibrary = true;
+		  isExecutable = true;
+		  buildDepends = [
+		    caseInsensitive either errors httpClient httpClientTls httpTypes
+		    lens liftedBase monadControl mtl network optparseApplicative
+		    transformers transformersBase xmlConduit xmlHamlet
+		  ];
+		  jailbreak = true;
+		  meta = {
+		    homepage = "http://floss.scru.org/hDAV";
+		    description = "RFC 4918 WebDAV support";
+		    license = self.stdenv.lib.licenses.gpl3;
+		    platforms = self.ghc.meta.platforms;
+		  };
+		})
+	       ... not exactly ideal, but a lot better
+dh-control dream equivilant
+		{ haskell_library use_cabal_description }
+		Section: web
+		Standards-Version: 3.9.5
+		
+		Package: hdav
+		Depends: { haskell_depends }
+		Description: command-line WebDAV client
+		  hdav currently only supports copying a file and associated WebDAV
+		  properties from one URL to another.
+dreaming in types
+	-- Current                                      -- Evil IO
+	rules :: ControlFile -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
+    
+	-- Pure functional version
+	data Control = Control CommonControl [PackageControl]
+	control :: UpstreamSource -> Control
+	rules :: Control -> DebianFiles -> UpstreamSource -> IO (SourcePkg, [DebPkg])
+    
+	-- Which type is better?
+	control :: Control                    -- current
+		+ simple
+		- redundant / boilerplate
+		- inflexible
+	control :: IO Control                 -- generate control file
+		+ maximally flexible
+		+ already available -- see "debdry - Debian Don't Repeat Yourself"
+		+ no boilerplate
+		- "this file was auto-generated. Please do NOT edit manually"
+		- perhaps too flexible
+		+ no language lock-in
+	control :: UpstreamSource -> Control  -- control file as functional code
+		+ beautiful?
+		+ just as flexible as it needs to be
+			control file generates same outputs given same inputs
+			result not based on /etc/lsb_release or phase of the moon
+			can do arbitrarily complicated calculation
+		+ no boilerplate
+		- language lock-in?
+a progression: IO to declarative to FP
+	debian/rules
+		manual    -- IO                   (cp foo bar)
+		debhelper -- IO, some declarative (debian/install etc)
+		dh        -- declarative, some IO (override_dh_auto_*)
+		... FP?
+			many debhelper feature requests are now about the
+			limits of declarative configuration
+				"debian/install is too inflexible"
+	maintainer scripts
+		manual                  -- IO
+		debhelper autoscripts   -- sorta declarative, still lots of IO
+		triggers                -- some declarative, some IO
+	config files
+		just a static file      -- declarative
+		debconf generated file  -- IO (oops!)
+		file.d					-- FP-ish ([File] -> File)
+	OS maintanance
+		apt-get install ...     -- IO
+		puppet/etc				-- declarative-ish
+		docker					-- declarative (here's the hash)
+		nixos					-- FP
+nixos demo
+	note hash at boot
+	vim /etc/nixos/configuration.nix
+	man configuration.nix
+	
+	ldd $(which bash)
+	which bash
+	# explore /run/current-system and /nix briefly
+	
+	nix-env --install git-annex

(Diff truncated)
add news item for etckeeper 1.13
diff --git a/code/etckeeper/news/version_1.13.mdwn b/code/etckeeper/news/version_1.13.mdwn
new file mode 100644
index 0000000..1bd3b79
--- /dev/null
+++ b/code/etckeeper/news/version_1.13.mdwn
@@ -0,0 +1,7 @@
+etckeeper 1.13 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Ignore check-mk-agent-logwatch's FHS violating
+     /etc/check\_mk/logwatch.state. Closes: #[753903](http://bugs.debian.org/753903)
+   * Only allow [-a-z\_] in etckeeper commands to avoid any possible directory
+     traversal etc issues.
+   * update-ignore, uninit: Fix parsing of ignore files containing '\'"""]]
\ No newline at end of file
diff --git a/code/etckeeper/news/version_1.8.mdwn b/code/etckeeper/news/version_1.8.mdwn
deleted file mode 100644
index 380444b..0000000
--- a/code/etckeeper/news/version_1.8.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-etckeeper 1.8 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Avoid listing .gitignored files in .etckeeper file. Closes: #[607665](http://bugs.debian.org/607665)
-     Thanks, Zdenek Crha"""]]
\ No newline at end of file

add news item for pdmenu 1.3.3
diff --git a/code/pdmenu/news/version_1.2.98.mdwn b/code/pdmenu/news/version_1.2.98.mdwn
deleted file mode 100644
index 2d3a117..0000000
--- a/code/pdmenu/news/version_1.2.98.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-pdmenu 1.2.98 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Spanish translation from Juan Ramón Jiménez García."""]]
\ No newline at end of file
diff --git a/code/pdmenu/news/version_1.3.3.mdwn b/code/pdmenu/news/version_1.3.3.mdwn
new file mode 100644
index 0000000..2105b05
--- /dev/null
+++ b/code/pdmenu/news/version_1.3.3.mdwn
@@ -0,0 +1,5 @@
+pdmenu 1.3.3 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Added autotools-dev to the build to update config.{guess,sub},
+     and do it before the clean target. Closes: #[756569](http://bugs.debian.org/756569)
+     Thanks, Fernando Seiti Furusato."""]]
\ No newline at end of file

add news item for debhelper 9.20140809
diff --git a/code/debhelper/news/version_9.20131213.mdwn b/code/debhelper/news/version_9.20131213.mdwn
deleted file mode 100644
index de0b42e..0000000
--- a/code/debhelper/news/version_9.20131213.mdwn
+++ /dev/null
@@ -1,9 +0,0 @@
-debhelper 9.20131213 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ Joey Hess ]
-   * cmake: Configure with -DCMAKE\_BUILD\_TYPE=None
-     Closes: #[701233](http://bugs.debian.org/701233)
- * [ Andreas Beckmann ]
-   * dh\_installdeb: Add support for dpkg-maintscript-helper commands
-     symlink\_to\_dir and dir\_to\_symlink that were added in dpkg 1.17.2.
-     Closes: #[731723](http://bugs.debian.org/731723)"""]]
\ No newline at end of file
diff --git a/code/debhelper/news/version_9.20140809.mdwn b/code/debhelper/news/version_9.20140809.mdwn
new file mode 100644
index 0000000..4774c3f
--- /dev/null
+++ b/code/debhelper/news/version_9.20140809.mdwn
@@ -0,0 +1,7 @@
+debhelper 9.20140809 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * dh\_perl: Add perlapi-* dependency on packages installed to
+     $Config{vendorarch} Closes: #[751684](http://bugs.debian.org/751684)
+   * dh\_perl: Use vendorlib and vendorarch from Config instead of
+     hardcoding their values. Closes: #[750021](http://bugs.debian.org/750021)
+   * Typo: Closes: #[755237](http://bugs.debian.org/755237)"""]]
\ No newline at end of file

add news item for github-backup 1.20140807
diff --git a/code/github-backup/news/version_1.20131203.mdwn b/code/github-backup/news/version_1.20131203.mdwn
deleted file mode 100644
index 6c286d9..0000000
--- a/code/github-backup/news/version_1.20131203.mdwn
+++ /dev/null
@@ -1,11 +0,0 @@
-github-backup 1.20131203 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Now also backs up the repos a user has starred, when run with a user's
-     name.
-   * Now finds and backs up the parent repository that a repository got forked
-     from.
-   * Uses authentication for all API calls.
-   * Fairer ordering of requests when backing up many repositories at once.
-   * Avoid making requests for data that has already been backed up until
-     after new data has been backed up. Handles API rate limiting much better.
-     Closes: #[723859](http://bugs.debian.org/723859)"""]]
\ No newline at end of file
diff --git a/code/github-backup/news/version_1.20140807.mdwn b/code/github-backup/news/version_1.20140807.mdwn
new file mode 100644
index 0000000..a71336c
--- /dev/null
+++ b/code/github-backup/news/version_1.20140807.mdwn
@@ -0,0 +1,4 @@
+github-backup 1.20140807 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Fix build with github 0.9.
+   * Fix creation of github branch."""]]
\ No newline at end of file

add
diff --git a/blog/entry/abram__39__s_2014.mdwn b/blog/entry/abram__39__s_2014.mdwn
new file mode 100644
index 0000000..e5133fa
--- /dev/null
+++ b/blog/entry/abram__39__s_2014.mdwn
@@ -0,0 +1,4 @@
+[[!img pics/abrams2014.png size=1024x alt="pics from trip to Abram's Falls"]]
+
+The trail to Abram's Falls seems more trecherous as we get older, but the sights
+and magic of the place are unchanged in our first visit in years.
diff --git a/blog/pics/abrams2014.png b/blog/pics/abrams2014.png
new file mode 100644
index 0000000..a6b3135
Binary files /dev/null and b/blog/pics/abrams2014.png differ

Added a comment: mkimage.sh is in (jessie) /usr/share/docker.io/contrib/
diff --git a/blog/entry/docker_run_debian/comment_1_4eb62c71f6a98dbedd796b45fef13cfa._comment b/blog/entry/docker_run_debian/comment_1_4eb62c71f6a98dbedd796b45fef13cfa._comment
new file mode 100644
index 0000000..8660db8
--- /dev/null
+++ b/blog/entry/docker_run_debian/comment_1_4eb62c71f6a98dbedd796b45fef13cfa._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="OlivierBerger"
+ ip="86.201.115.185"
+ subject="mkimage.sh is in (jessie) /usr/share/docker.io/contrib/"
+ date="2014-07-28T14:46:59Z"
+ content="""
+The mkimage.sh and its accompanying mkimage/debootstrap script are in /usr/share/docker.io/contrib/ as part of docker.io Debian package.
+
+So I guess this answers some of your questions.
+
+See https://wiki.debian.org/Cloud/CreateDockerImage for some hints on their usage.
+"""]]

fix link
diff --git a/blog.mdwn b/blog.mdwn
index fa344a6..86c6f0b 100644
--- a/blog.mdwn
+++ b/blog.mdwn
@@ -28,7 +28,7 @@ My other blogs:
 
 * [git-annex dev blog](http://git-annex.branchable.com/design/assistant/blog)
 * [olduse.net blog](http://olduse.net/blog/)
-* [after 1 minute on my modem](http://http://1-minute-modem.branchable.com)
+* [after 1 minute on my modem](http://1-minute-modem.branchable.com)
 
 Other feeds:
 

add news item for github-backup 1.20140721
diff --git a/code/github-backup/news/version_1.20131101.mdwn b/code/github-backup/news/version_1.20131101.mdwn
deleted file mode 100644
index 6d3ef4e..0000000
--- a/code/github-backup/news/version_1.20131101.mdwn
+++ /dev/null
@@ -1,11 +0,0 @@
-github-backup 1.20131101 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Now also backs up the repos a user is watching, when run with a user's
-     name. Useful if you want to back up repositories that you have not forked;
-     just watch them and run github-backup.
-   * Can now log in to github, to avoid increasingly small API rate limits.
-     Set GITHUB\_USER and GITHUB\_PASSWORD environment to enable.
-     Note that a few api calls don't use authentication; see
-     https://github.com/fpco/github/issues/40
-   * Build-Depend on git. Closes: #[728481](http://bugs.debian.org/728481)
-   * Don't include tmp directory in files stored in the github branch."""]]
\ No newline at end of file
diff --git a/code/github-backup/news/version_1.20140721.mdwn b/code/github-backup/news/version_1.20140721.mdwn
new file mode 100644
index 0000000..db35154
--- /dev/null
+++ b/code/github-backup/news/version_1.20140721.mdwn
@@ -0,0 +1,3 @@
+github-backup 1.20140721 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Fix typo in fix for url parsing. Closes: #[755261](http://bugs.debian.org/755261)"""]]
\ No newline at end of file

add news item for github-backup 1.20140720
diff --git a/code/github-backup/news/version_1.20131006.mdwn b/code/github-backup/news/version_1.20131006.mdwn
deleted file mode 100644
index 77b4373..0000000
--- a/code/github-backup/news/version_1.20131006.mdwn
+++ /dev/null
@@ -1,7 +0,0 @@
-github-backup 1.20131006 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Ported to Windows.
-   * Improve error message when it fails to query github for repositories
-     belonging to a user. Closes: #[705084](http://bugs.debian.org/705084)
-   * Various updates to internal git and utility libraries shared with git-annex.
-   * Makefile now uses cabal to build."""]]
\ No newline at end of file
diff --git a/code/github-backup/news/version_1.20140720.mdwn b/code/github-backup/news/version_1.20140720.mdwn
new file mode 100644
index 0000000..5d8f796
--- /dev/null
+++ b/code/github-backup/news/version_1.20140720.mdwn
@@ -0,0 +1,5 @@
+github-backup 1.20140720 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Deal with trailing slashes on github repo urls. Closes: #[755261](http://bugs.debian.org/755261)
+   * Fix bug introduced by change to embedded git libraries
+     in last release. Closes: #[755262](http://bugs.debian.org/755262)"""]]
\ No newline at end of file

ocracode
diff --git a/blog/entry/laptop_death.mdwn b/blog/entry/laptop_death.mdwn
index 63bcd35..085e383 100644
--- a/blog/entry/laptop_death.mdwn
+++ b/blog/entry/laptop_death.mdwn
@@ -54,3 +54,10 @@ Toshiba passport USB drive, this new one refuses to recognize it unless I
 plug it into a USB 1.0 hub. Oh well..
 
 [[!meta title="laptop death"]]
+
+---
+
+Update: [[Ocracode]] for this trip:
+
+OBX1.1 P6 L7 SA3d+++b+c++ U2(rearended,laptop death) T4f2b1 R2T Bb+m++++n++  
+F+++u++ SC+s-g6 H+f0i3 V+++s++m0 E++r+
diff --git a/ocracode.mdwn b/ocracode.mdwn
index 627fb04..d4d7903 100644
--- a/ocracode.mdwn
+++ b/ocracode.mdwn
@@ -2,7 +2,7 @@ This is the Ocracoke beach camping trip code. To construct the code
 sequence representing your vacation on Ocracoke, write down code sequences
 for each quality of the trip, separating each code sequence with a space
 (or newline at the end of a line). 
-!
+
 You may want to explain part of a code sequence, if so put a short
 explaination (of one or two words) in parentheses immediatly after the part
 of the code it is qualifiying, with no extra whitespace.
@@ -105,3 +105,13 @@ describe your camping trip to Ocracoke.
 * Description of examples of various ratings, all levels
 * Nostalgia factor
 * Bug: Sb indicates back of campground but also burr factor.
+
+# Years
+
+* [[2005, 2006|blog/entry/beach_trip]]
+* [[2007|blog/entry/another_week_at_the_beach]]
+* [[2008|blog/entry/vacation]]
+* [[2009|blog/entry/vacation2]]
+* [[2010|blog/entry/at_the_beach]]
+* [[2011|blog/entry/summer_trips_wrapup]]
+* [[2013|blog/entry/laptop_death]]

Revert "foo"
This reverts commit 8dcedf96bb015f9abf91c32d1daa3bdfaa928b04.
diff --git a/ocracode.mdwn b/ocracode.mdwn
new file mode 100644
index 0000000..627fb04
--- /dev/null
+++ b/ocracode.mdwn
@@ -0,0 +1,107 @@
+This is the Ocracoke beach camping trip code. To construct the code
+sequence representing your vacation on Ocracoke, write down code sequences
+for each quality of the trip, separating each code sequence with a space
+(or newline at the end of a line). 
+!
+You may want to explain part of a code sequence, if so put a short
+explaination (of one or two words) in parentheses immediatly after the part
+of the code it is qualifiying, with no extra whitespace.
+
+If the trip had multiple distinct parts, you can indicate this by writing
+down the main letter for the code and then describing the individual parts,
+separated by a slash (`/`).
+
+Some sections of the code involve rating things with plusses or minuses;
+here is a general scale:
+
+* `--` - Abysmal.
+* `-` - Below average.
+* `++` - Average.
+* `+++` - Excellent.
+* `++++` - Special.
+
+Sample code: 
+
+	OBX1.1 P1/7 L7 SA5s++b++c+++/A17d++b-c-- U4(setup alone,Kai,Daddy swims)
+	T6f2-b0 R1w Bn-b++m++ F++u++ SC++s++g1 H+++f2i5 V+++ E+++r++
+
+* `OBX1.1` - This indicates the beginning of an Ocracoke code block and
+  gives the version number.
+* `P` - Number of people. Follow with number of people in party.
+* `L` - Length of trip. Follow with number of days.
+* `S` - Site number. Following the number can be a letter code describing
+  the site's location:
+
+  * `d` - Dune site.
+  * `b` - Too near bathrooms.
+  * `s` - Too near showers.
+  * `b` - At back of campground.
+
+  The overall quality of the site is indicated with plusses/minuses after the
+  number.
+
+  The burr and cactus level of the site can be indicated with a `b` (for
+  burrs) and a `c` (cactus), followed by the same plusses/minuses.
+
+* `U` - Uniqueness factor of trip. Count up things that are unique about
+  the trip and write down the number.
+* `T` - Tradition factor. Count up the approximate number of Ocracoke
+  traditions that were done again this year and write down the number.
+
+  * `f` - Success at feeding the ranger. Count up number of times fed and
+    write down number. Write a minus for each failure too.
+  * `b` - Number of ranger badges obtained.
+
+* `R` - Rain factor. Count up number of days of rain and write down the
+  number. Can also be followed with letter codes describing the weather:
+
+  * `h` - Left due to hurricane.
+  * `t` - Tent destroyed.
+  * `c` - Slept in car.
+  * `T` - Thunderstorms.
+  * `d` - Dry as a bone.
+  * `s` - Too cold to swim.
+  * `w` - Lots of wind.
+
+* `B` - Bug factor. Rate the number/ferocity of biting flies (`b`),
+  mosquitoes (`m`) and no-see-ums (`n`) with plusses/minuses. More are
+  "better".
+
+* `F` - Food factor. Rate the quality/quantity of food.
+
+  * `u` - Food uniqueness subfactor. Was the food consumed the same meals
+    as always (which is average), or new and special or a new restaurant,
+    etc? Rate it.
+
+* `SC` - Sociability factor. Were new friends made, or did we just hang out
+  in the usual group (the average)? Rate it.
+
+  * `s` - Solitude sub-factor. Was there time for quiet walks on the beach,
+    space for swimming alone, etc? Rate it.
+  * `g` - Games sub-factor. Approximate number of card, board, etc games
+    played.
+
+* `H` - Heat factor. Rate the average heat level of the trip. (Hotter is
+  better.)
+
+  * `f` - Number of ferrys taken to escape the heat.
+  * `i` - Approximate number of 10 lb bags of ice melted per day.
+
+* `V` - View factor. How pleasant was the scenery this time around.
+
+  * `s` - How good was the stargazing? See the Milky Way?
+  * `m` - Number of meteors seen.
+
+* `E` - Overall enjoyment of trip.
+
+  * `r` - Relaxation subfactor. How relaxed will you be coming back? Or
+     will you need a vacation from the vacation?
+
+This page is in a wiki so feel free to edit it to add codes necessary to
+describe your camping trip to Ocracoke.
+
+# TODO
+
+* Description of examples of various ratings, all levels
+* Nostalgia factor
+* Bug: Sb indicates back of campground but also burr factor.

add news item for github-backup 1.20140707
diff --git a/code/github-backup/news/version_1.20130622.mdwn b/code/github-backup/news/version_1.20130622.mdwn
deleted file mode 100644
index 5ebe7ea..0000000
--- a/code/github-backup/news/version_1.20130622.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-github-backup 1.20130622 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Add missing unix-compat build dependency. Closes: #[713279](http://bugs.debian.org/713279)"""]]
\ No newline at end of file
diff --git a/code/github-backup/news/version_1.20140707.mdwn b/code/github-backup/news/version_1.20140707.mdwn
new file mode 100644
index 0000000..ed63eea
--- /dev/null
+++ b/code/github-backup/news/version_1.20140707.mdwn
@@ -0,0 +1,7 @@
+github-backup 1.20140707 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Add --exclude to skip backing up a specific repository
+     when backing up a user or organization's repositories.
+     Closes: #[754072](http://bugs.debian.org/754072)
+   * Converted to using optparse-applicative.
+   * Multiple usernames can now be specified to back up at once."""]]
\ No newline at end of file

blog update
diff --git a/blog/entry/laptop_death.mdwn b/blog/entry/laptop_death.mdwn
new file mode 100644
index 0000000..63bcd35
--- /dev/null
+++ b/blog/entry/laptop_death.mdwn
@@ -0,0 +1,56 @@
+So I was at Ocracoke island, camping with family, and I brought my laptop
+along as I've done probably half a dozen times before. An enormous
+thuderstorm came up. It rained for 8 hours and thundered for 3 of those.
+Some lightning cracks quite close by as we crouched in the food tent, our
+feet up off the increasingly wet ground "just in case". The campground
+flooded. Luckily we were camped in the dunes and tents mostly avoided being
+flooded with 2-3 inches of water. (That was just the warmup; a hurricane
+hit a week after we left.)
+
+My laptop was in my tent when this started, and I got soaked to the skin
+just running over there and throwing it up on the thermarest to keep it out
+of any flooding and away from any drips. It seemed ok, so best not to try
+to move it to the car in that downpour.
+
+Next time I checked, it turned out the top vent of the tent was slightly
+open and dripping. The laptop bag was damp. But inside it seemed ok. Rain
+had slackened to just heavy, so I ran it down to the car. Laptop appeared
+barely damp, but it was hard to tell as I had quite forgotten what "dry"
+was. Turned it on for 10 seconds to check the time. It was 7:30 and
+we still had to cook dinner in this mess. Transferred it to a dry bag.
+
+(By the way, in some situations, discovering you have a single dry towel
+you didn't know you had is the best gift in the world!)
+
+Next morning, the laptop was dead. When powered on, the fan came on full,
+the screen stayed black, and after a few seconds it turned itself back off.
+
+I need this for work, so it was a crash priority to get it fixed or a
+replacement. Before I even got home, I had logged onto Lenovo's website to
+check warantee status and found 2 things:
+
+1. They needed some number from a sticker on the bottom of my laptop.
+   Which was no longer there.
+2. The process required some stange login on an entirely
+   different IBM website.
+
+At this point, I had a premonition of how the beuracracy would go. Reading 
+Sesse's [Blehnovo](http://blog.sesse.net/blog/tech/2014-07-07-23-47_blehnovo.html),
+I see I was right. I didn't even try. I ordered a replacement with priority
+shipping.
+
+When I got home, I pulled the laptop apart to try to debug it.
+I still don't know what's wrong with it. The SSD may be damaged; it seems
+to cause anything I put it into to fail to work.
+
+New laptop arrived in 2 days. Since this model is now a year old, it was
+a few hundred dollars cheaper this time around. And now I have an extra
+power supply, and a replacment keyboard, and a replacement fan etc. And
+I've escaped the dead USB port and broken rocker switch of the old laptop
+too.
+
+The only weird thing is that, while my old laptop had no problem with my
+Toshiba passport USB drive, this new one refuses to recognize it unless I
+plug it into a USB 1.0 hub. Oh well..
+
+[[!meta title="laptop death"]]

update
diff --git a/boxen.mdwn b/boxen.mdwn
index 0a58485..69bc61f 100644
--- a/boxen.mdwn
+++ b/boxen.mdwn
@@ -26,7 +26,7 @@ Mostly mythical creatures.
 
 Mostly birds.
 
-* [[kite]]
+* [[kite]] {*}
 * chicken
 * [[turtle]] {*}
 * [[dodo]] {*}
@@ -40,7 +40,7 @@ Mostly birds.
 * [[pell]] {*}
 * orca
 * [[clam]] {*}
-* diatom {*}
+* [[diatom]] {*}
 * [[elephant]] {*}
 
 ## small machines
diff --git a/boxen/diatom.mdwn b/boxen/diatom.mdwn
new file mode 100644
index 0000000..8c6bb7d
--- /dev/null
+++ b/boxen/diatom.mdwn
@@ -0,0 +1 @@
+In digital ocean.
diff --git a/boxen/kite.mdwn b/boxen/kite.mdwn
index 8fc2124..3ae04c2 100644
--- a/boxen/kite.mdwn
+++ b/boxen/kite.mdwn
@@ -1,4 +1,2 @@
-Kite was my main server, but has been retired.
-
-[[wren]] is sometimes referred to as "kite", since it serves the
-kitenet.net domain.
+Kite is the main server for kitenet.net. (Replacing wren, which replaced a
+previous kite.)
diff --git a/boxen/wren.mdwn b/boxen/wren.mdwn
index 7f8bdfe..8fbd16d 100644
--- a/boxen/wren.mdwn
+++ b/boxen/wren.mdwn
@@ -1,5 +1,5 @@
 Wren serves [kitenet.net](http://kitenet.net/) and associated domains, and is
-my main server.
+my main server. However, it's EOL.
 
 Wren is a KVM instance hosted by Steve Kemp at
 [kvm-hosting.org](http://www.xen-hosting.org/), in the UK.

add news item for github-backup 1.20140704
diff --git a/code/github-backup/news/version_1.20130618.mdwn b/code/github-backup/news/version_1.20130618.mdwn
deleted file mode 100644
index 27d2d63..0000000
--- a/code/github-backup/news/version_1.20130618.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-github-backup 1.20130618 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Much better creation and committing to the github branch."""]]
\ No newline at end of file
diff --git a/code/github-backup/news/version_1.20140704.mdwn b/code/github-backup/news/version_1.20140704.mdwn
new file mode 100644
index 0000000..f645de0
--- /dev/null
+++ b/code/github-backup/news/version_1.20140704.mdwn
@@ -0,0 +1,6 @@
+github-backup 1.20140704 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Avoid making signed commits when committing to the github-backup branch
+     and the user has commit.gpgsign=true.
+     Closes: #[753720](http://bugs.debian.org/753720)
+   * Various updates to internal git and utility libraries shared with git-annex."""]]
\ No newline at end of file

link
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index 2d30178..de63850 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -27,8 +27,8 @@ and
 mkimage.sh -t tianon/debian:wheezy -d . debootstrap --variant=minbase --components=main --include=inetutils-ping,iproute wheezy http://http.debian.net/debian
 </pre>
 
-I don't know where `mkimage.sh` is. And anyway, I have no reason to trust
-that this image is built the way it claims to be built. So, the question
+I don't know where `mkimage.sh` is. [Update: Probably /usr/share/docker.io/contrib/mkimage-debootstrap.sh or a modified version]
+And anyway, I have no reason to trust that this image is built the way it claims to be built. So, the question
 remains: What is in this image?
 
 To find out, I did a `debootstap --variant=minbase stable` and diffed

update
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index bc529dd..2d30178 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -130,7 +130,7 @@ Here are some ideas for things Debian could do to improve this:
 
 * Make a package that can build docker images of Debian, in a fully
   reproducible fashion. Ie, same versions of debs in, same byte
-  stream out. (See also [#746394](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746394)
+  stream out.
 * If it makes sense for the docker image to not contain
   all the packages in a standard debootstrap (maybe leaving out init systems),
   or to contain other packages, write down the rationalle for this,
@@ -143,6 +143,7 @@ Here are some ideas for things Debian could do to improve this:
   debs.
 * Provide some way to verify, through gpg signatures, that docker
   has pulled an actual trusted image and not some https-MITMed thing.
+  (See also [#746394](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746394)
 
 PS, if this wasn't enough fun, just consider the tweaks made to the "Debian"
 images on all the VPS hosts out there.

update
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index 6206fd7..bc529dd 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -130,7 +130,7 @@ Here are some ideas for things Debian could do to improve this:
 
 * Make a package that can build docker images of Debian, in a fully
   reproducible fashion. Ie, same versions of debs in, same byte
-  stream out.
+  stream out. (See also [#746394](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746394)
 * If it makes sense for the docker image to not contain
   all the packages in a standard debootstrap (maybe leaving out init systems),
   or to contain other packages, write down the rationalle for this,

updates
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index 310a554..6206fd7 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -98,13 +98,10 @@ it hangs while trying to run initctl.
 
 ## missing devices
 
-Several devices are missing, including `/dev/full`, `/dev/null`,
-`/dev/zero`, `/dev/[u]random`, `/dev/shm`, and `/dev/loopN`. Docker
-probably fixes some of these up when running the image, but it certianly
-works ok with an image with all these missing devices present, so I don't
-know the rationalle for omitting them.
+Some versions of the debian image are missing things in `/dev`. See
+[this bug](https://github.com/tianon/docker-brew-debian/issues/5).
 
-(See also [this bug](https://github.com/tianon/docker-brew-debian/issues/5))
+(I had listed some device files that I thought were missing, but I was wrong.)
 
 ## some gpg thing is different
 
@@ -135,8 +132,9 @@ Here are some ideas for things Debian could do to improve this:
   reproducible fashion. Ie, same versions of debs in, same byte
   stream out.
 * If it makes sense for the docker image to not contain
-  all the packages in a standard debootstrap, or to contain other packages,
-  write down the rationalle for this, and make a --variant=docker.
+  all the packages in a standard debootstrap (maybe leaving out init systems),
+  or to contain other packages, write down the rationalle for this,
+  and make a --variant=docker.
 * Make a package that provides appropriate tweaks for Debian
   in a container. This might include a policy-rc.d that allows restarting
   daemons on upgrade if they're already running in the container, and

update
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index 2346dd5..310a554 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -127,7 +127,7 @@ on an x86 system thanks to qemu). But I'm not going to link to them,
 because again, you should only trust docker images you built yourself. To
 help increase your mistrust of me, I present this IRC snippet:
 
-> <joeyh> I'll bet I could publish an image that just did a killall5 as root on startup and get plenty of people to nuke their container hosts
+	<joeyh> I'll bet I could publish an image that just did a killall5 as root on startup and get plenty of people to nuke their container hosts
 
 Here are some ideas for things Debian could do to improve this:
 

update
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index abce096..2346dd5 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -27,7 +27,7 @@ and
 mkimage.sh -t tianon/debian:wheezy -d . debootstrap --variant=minbase --components=main --include=inetutils-ping,iproute wheezy http://http.debian.net/debian
 </pre>
 
-I don't know where `mkimage.sh` is. And I anyway, I have no reason to trust
+I don't know where `mkimage.sh` is. And anyway, I have no reason to trust
 that this image is built the way it claims to be built. So, the question
 remains: What is in this image?
 

update
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index 7cf4a03..abce096 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -1,6 +1,6 @@
 [[!meta title="what does docker.io run -it debian sh run?"]]
 
-When you run `docker.io run -it debian sh` it goes off and gets
+When you type `docker.io run -it debian sh`, it goes off and gets
 "debian" and runs it. But what is in this "debian" image? How was it built?
 
 The docker hub [does not really say](https://registry.hub.docker.com/_/debian/).

blog
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
index 32a4f01..7cf4a03 100644
--- a/blog/entry/docker_run_debian.mdwn
+++ b/blog/entry/docker_run_debian.mdwn
@@ -1,20 +1,18 @@
-[[!meta title="what does docker.io run -it debian bash run?"]]
+[[!meta title="what does docker.io run -it debian sh run?"]]
 
-When you run `docker.io run -it debian bash` it goes off and gets
-"debian" and runs it. But what is in this image? How was it built?
+When you run `docker.io run -it debian sh` it goes off and gets
+"debian" and runs it. But what is in this "debian" image? How was it built?
 
 The docker hub [does not really say](https://registry.hub.docker.com/_/debian/).
 All it tells us is this is a "(Semi) Official Debian base image"
-and that its sources.list uses http.debian.net for geolocation. There's a
-link to <https://github.com/dotcloud/stackbrew/blob/master/library/debian>
-which in turn uses a very strange git repository,
-<http://github.com/tianon/docker-brew-debian> 
-"Git is not a fan of what we're doing here." (This repository was put
-together by Debian maintainer Tianon Gravi.)
-
-No wonder, since the actual content of that git repository is a
-succession of compressed "rootfs" tarballs in git branches.
-(Oddly, this compression defeats git deltas.)
+and that its sources.list uses http.debian.net for geolocation. 
+
+There's a link to <https://github.com/dotcloud/stackbrew/blob/master/library/debian>
+which in turn uses a very strange git repository, owned by Debian
+maintainer Tianon Gravi, that contains compressed
+tarballs of Debian: <http://github.com/tianon/docker-brew-debian>
+"Git is not a fan of what we're doing here."
+
 The "source", such as it is, that is used to build this image consists of:
 
 <pre>
@@ -40,10 +38,14 @@ from which I found the following interesting differences.
 ## added packages
 
 The image has iputils-ping and netbase and iproute added. These are not in
-a minbase debootstrap, but are in a regular debootstrap. I actually
-think it's quite weird that the docker image is based on a minbase debootstrap,
-since this means they have to add back important stuff like this on an ad-hoc
-basis.
+a minbase debootstrap, but are in a regular debootstrap. It's
+rather weird that the docker image is based on a minbase debootstrap,
+since this means they have to add back important stuff like this on an
+ad-hoc basis.
+
+> If the expectation is that an experienced Unix person who found it missing
+> would say "What on earth is going on, where is 'foo'?", it must be an
+> 'important' package. -- Debian Policy
 
 ## apt hooks
 
@@ -62,10 +64,12 @@ to avoid wasting disk space, even at the expense of making apt slower (by
 disabling caches) and losing translations.
 
 I am curious if apt might ever invoke the DPkg::Post-Invoke twice in an
-apt run in which it runs apt twice. I'm also curious whether deleting
+upgrade in which it runs dpkg twice. I'm also curious whether deleting
 `/var/cache/apt/archives/lock` could cause a problem.
 
-(dpkg is also configured to use unsafe-io)
+## unsafe-io
+
+dpkg is configured to use unsafe-io.
 
 ## motd
 
@@ -73,27 +77,74 @@ apt run in which it runs apt twice. I'm also curious whether deleting
 Linux viper 3.12.20-gentoo #1 SMP Sun May 18 12:36:24 MDT 2014 x86_64
 </pre>
 
+Yes, that's "gentoo". Presumably this tells us something about the
+build host.
+
 ## policy-rc.d
 
-/usr/sbin/policy-rc.d contains "exit 101", which prevents daemons from
-being automatically started after they are `apt-get install`ed.
+`/usr/sbin/policy-rc.d` contains "exit 101", which prevents daemons from
+being automatically started after they are installed. This may or may
+not be desirable, depending on what you're doing with docker.
 
 It notably also prevents restarting running daemons in this container if
 they're upgraded for eg, a security fix. It would almost certianly be better
-if this script allowed restarting daemons.
+if this script allowed restarting running daemons.
 
 ## diversions
 
-`/sbin/initctl` is diverted and replaced with /bin/true. This is a workaround
-for what is IMHO a bug in sysvinit; when upgraded inside a docker container
+`/sbin/initctl` is diverted and replaced with /bin/true. This is a
+workaround for a bug in sysvinit; when upgraded inside a docker container
 it hangs while trying to run initctl.
 
 ## missing devices
 
+Several devices are missing, including `/dev/full`, `/dev/null`,
+`/dev/zero`, `/dev/[u]random`, `/dev/shm`, and `/dev/loopN`. Docker
+probably fixes some of these up when running the image, but it certianly
+works ok with an image with all these missing devices present, so I don't
+know the rationalle for omitting them.
+
+(See also [this bug](https://github.com/tianon/docker-brew-debian/issues/5))
+
+## some gpg thing is different
+
+> Binary files pure-debootstrap/etc/apt/trustdb.gpg and from-docker/etc/apt/trustdb.gpg differ
+
+Oh well, that can't be important.. Or can it? I did not check.
+
+## conclusions
+
+I would hardly consider this to be an "(Semi) Official Debian image".
+Some of the changes are quite dubious. The build environment is not Debian.
+There is no guarantee you'll get the same image I examined. Diffing
+thousands of lines of filesystem changes is not particularly fun or
+reliable way to spot accidental or malicious changes.
 
+I'd recommend only trusting docker images you build yourself. I have some
+docker images published somewhere that are built with 100% straight
+debootstrap with no modifications (and even an armel image that can be used
+on an x86 system thanks to qemu). But I'm not going to link to them,
+because again, you should only trust docker images you built yourself. To
+help increase your mistrust of me, I present this IRC snippet:
 
-## conclusion
+> <joeyh> I'll bet I could publish an image that just did a killall5 as root on startup and get plenty of people to nuke their container hosts
 
+Here are some ideas for things Debian could do to improve this:
 
+* Make a package that can build docker images of Debian, in a fully
+  reproducible fashion. Ie, same versions of debs in, same byte
+  stream out.
+* If it makes sense for the docker image to not contain
+  all the packages in a standard debootstrap, or to contain other packages,
+  write down the rationalle for this, and make a --variant=docker.
+* Make a package that provides appropriate tweaks for Debian
+  in a container. This might include a policy-rc.d that allows restarting
+  daemons on upgrade if they're already running in the container, and
+  otherwise prevents running daemons.
+* Make a `low-disk-space` package that eg, prevents apt from caching
+  debs.
+* Provide some way to verify, through gpg signatures, that docker
+  has pulled an actual trusted image and not some https-MITMed thing.
 
-[[!meta title="docker run debian"]]
+PS, if this wasn't enough fun, just consider the tweaks made to the "Debian"
+images on all the VPS hosts out there.

blog update
diff --git a/blog/entry/docker_run_debian.mdwn b/blog/entry/docker_run_debian.mdwn
new file mode 100644
index 0000000..32a4f01
--- /dev/null
+++ b/blog/entry/docker_run_debian.mdwn
@@ -0,0 +1,99 @@
+[[!meta title="what does docker.io run -it debian bash run?"]]
+
+When you run `docker.io run -it debian bash` it goes off and gets
+"debian" and runs it. But what is in this image? How was it built?
+
+The docker hub [does not really say](https://registry.hub.docker.com/_/debian/).
+All it tells us is this is a "(Semi) Official Debian base image"
+and that its sources.list uses http.debian.net for geolocation. There's a
+link to <https://github.com/dotcloud/stackbrew/blob/master/library/debian>
+which in turn uses a very strange git repository,
+<http://github.com/tianon/docker-brew-debian> 
+"Git is not a fan of what we're doing here." (This repository was put
+together by Debian maintainer Tianon Gravi.)
+
+No wonder, since the actual content of that git repository is a
+succession of compressed "rootfs" tarballs in git branches.
+(Oddly, this compression defeats git deltas.)
+The "source", such as it is, that is used to build this image consists of:
+
+<pre>
+FROM scratch
+ADD rootfs.tar.xz /
+CMD ["/bin/bash"]
+</pre>
+
+and 
+
+<pre>
+mkimage.sh -t tianon/debian:wheezy -d . debootstrap --variant=minbase --components=main --include=inetutils-ping,iproute wheezy http://http.debian.net/debian
+</pre>
+
+I don't know where `mkimage.sh` is. And I anyway, I have no reason to trust
+that this image is built the way it claims to be built. So, the question
+remains: What is in this image?
+
+To find out, I did a `debootstap --variant=minbase stable` and diffed
+the entire docker debian image against it. The diff was 6738 lines,
+from which I found the following interesting differences.
+
+## added packages
+
+The image has iputils-ping and netbase and iproute added. These are not in
+a minbase debootstrap, but are in a regular debootstrap. I actually
+think it's quite weird that the docker image is based on a minbase debootstrap,
+since this means they have to add back important stuff like this on an ad-hoc
+basis.
+
+## apt hooks
+
+<pre>
+DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };
+APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };
+
+Dir::Cache::pkgcache "";
+Dir::Cache::srcpkgcache "";
+
+Acquire::Languages "none";
+</pre>
+
+These are some strange modifications to apt's config. The intent is clearly
+to avoid wasting disk space, even at the expense of making apt slower (by
+disabling caches) and losing translations.
+
+I am curious if apt might ever invoke the DPkg::Post-Invoke twice in an
+apt run in which it runs apt twice. I'm also curious whether deleting
+`/var/cache/apt/archives/lock` could cause a problem.
+
+(dpkg is also configured to use unsafe-io)
+
+## motd
+
+<pre>
+Linux viper 3.12.20-gentoo #1 SMP Sun May 18 12:36:24 MDT 2014 x86_64
+</pre>
+
+## policy-rc.d
+
+/usr/sbin/policy-rc.d contains "exit 101", which prevents daemons from
+being automatically started after they are `apt-get install`ed.
+
+It notably also prevents restarting running daemons in this container if
+they're upgraded for eg, a security fix. It would almost certianly be better
+if this script allowed restarting daemons.
+
+## diversions
+
+`/sbin/initctl` is diverted and replaced with /bin/true. This is a workaround
+for what is IMHO a bug in sysvinit; when upgraded inside a docker container
+it hangs while trying to run initctl.
+
+## missing devices
+
+
+
+## conclusion
+
+
+
+[[!meta title="docker run debian"]]

poll vote (watched it all, liked it)
diff --git a/blog/entry/watch_me_code_for_half_an_hour.mdwn b/blog/entry/watch_me_code_for_half_an_hour.mdwn
index 3b778ab..85dda47 100644
--- a/blog/entry/watch_me_code_for_half_an_hour.mdwn
+++ b/blog/entry/watch_me_code_for_half_an_hour.mdwn
@@ -14,6 +14,6 @@ Not shown is the hour I spent the next day changing the "optimize"
 subcommand implemented here into "--auto" options that can be passed to
 [[code/git-annex]]'s get and drop commands.
 
-[[!poll 38 "watched it all, liked it" 8 "watched some, boring" 3 "too long for me" 14 "too haskell for me" 12 "not interested"]]
+[[!poll 39 "watched it all, liked it" 8 "watched some, boring" 3 "too long for me" 14 "too haskell for me" 12 "not interested"]]
 
 [[!meta title="watch me program for half an hour"]]

add news item for etckeeper 1.12
diff --git a/code/etckeeper/news/version_1.12.mdwn b/code/etckeeper/news/version_1.12.mdwn
new file mode 100644
index 0000000..54084cf
--- /dev/null
+++ b/code/etckeeper/news/version_1.12.mdwn
@@ -0,0 +1,7 @@
+etckeeper 1.12 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Portability fixes. Thanks, Harald Dunkel.
+   * Add support for pushing to multiple remote repositories.
+     Thanks, Rouben.
+   * Fix handling of git ignores like dir/*
+     Thanks, Pim van den Berg"""]]
\ No newline at end of file
diff --git a/code/etckeeper/news/version_1.7.mdwn b/code/etckeeper/news/version_1.7.mdwn
deleted file mode 100644
index ecd3540..0000000
--- a/code/etckeeper/news/version_1.7.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-etckeeper 1.7 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Fix hilarious typo hardcoding my name. Closes: #[718425](http://bugs.debian.org/718425)"""]]
\ No newline at end of file

add news item for alien 8.91
diff --git a/code/alien/news/version_8.85.mdwn b/code/alien/news/version_8.85.mdwn
deleted file mode 100644
index 1c74f4f..0000000
--- a/code/alien/news/version_8.85.mdwn
+++ /dev/null
@@ -1,3 +0,0 @@
-alien 8.85 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * Avoid breaking on spaces in filenames. Closes: #[618636](http://bugs.debian.org/618636)"""]]
\ No newline at end of file
diff --git a/code/alien/news/version_8.91.mdwn b/code/alien/news/version_8.91.mdwn
new file mode 100644
index 0000000..cadb314
--- /dev/null
+++ b/code/alien/news/version_8.91.mdwn
@@ -0,0 +1,5 @@
+alien 8.91 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Support other deb data.tar compression schemes in fallback code.
+     Closes: #[718364](http://bugs.debian.org/718364)
+     Thanks, Guillem Jover"""]]
\ No newline at end of file

add news item for debhelper 9.20140613
diff --git a/code/debhelper/news/version_9.20131127.mdwn b/code/debhelper/news/version_9.20131127.mdwn
deleted file mode 100644
index f89a21d..0000000
--- a/code/debhelper/news/version_9.20131127.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-debhelper 9.20131127 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
-   * dh\_compress: Exclude several more compressed file formats.
-     Closes: #[730483](http://bugs.debian.org/730483)"""]]
\ No newline at end of file
diff --git a/code/debhelper/news/version_9.20140613.mdwn b/code/debhelper/news/version_9.20140613.mdwn
new file mode 100644
index 0000000..1b3eae3
--- /dev/null
+++ b/code/debhelper/news/version_9.20140613.mdwn
@@ -0,0 +1,6 @@
+debhelper 9.20140613 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * Pass --disable-silent-rules in dh\_auto\_configure if DH\_VERBOSE is set.
+     Closes: #[751207](http://bugs.debian.org/751207). Thanks, Helmut Grohne.
+   * Minor typos. Closes: #[741144](http://bugs.debian.org/741144), #[744176](http://bugs.debian.org/744176)
+   * dh\_installinit: Fix uninitialized value warning when --name is used."""]]
\ No newline at end of file

add
diff --git a/screencasts/git-annex_views_demo.mdwn b/screencasts/git-annex_views_demo.mdwn
new file mode 100644
index 0000000..b0bed18
--- /dev/null
+++ b/screencasts/git-annex_views_demo.mdwn
@@ -0,0 +1,11 @@
+A quick screencast demoing an experimental new git-annex feature,
+<a href="https://git-annex.branchable.com/tips/metadata_driven_views">metadata driven views</a>.
+
+<video controls src="https://downloads.kitenet.net/videos/git-annex/git-annex_views_demo.ogg"></video>
+
+[video](https://downloads.kitenet.net/videos/git-annex/git-annex_views_demo.ogg)
+
+Credits: 
+
+* RichiH for <https://github.com/RichiH/conference_proceedings>
+* Michi for keyboard cat cameo