12 files changed, 1370 insertions, 13 deletions
diff --git a/content/blog/archlinux-macbook-a1211.md b/content/blog/archlinux-macbook-a1211.md
new file mode 100644
index 0000000..f0c5ec7
--- /dev/null
+++ b/content/blog/archlinux-macbook-a1211.md
@@ -0,0 +1,373 @@
++++
+title = "Archlinux on a MacBook Pro 15'' Model A1211"
+categories = [ "Operating System", "Archlinux", "MacBook" ]
+date = "2018-11-12T16:55:39+01:00"
+thumbnail = "/images/blog/archlinux-macbook-a1211/macbook-A1211.jpg"
++++
+
+## History
+
+I got an old Mac from a collegue at work. Apple decided not to
+support those devices anymore, anyway, they date back to 2006.
+I think, it's a pitty, because this Mac has a solid case, a pretty fast
+64-bit processor (sorry Archlinux32, no test machine for you) and
+a graphic chip which is not melting away like in later models
+(I don't name brand names here)..
+
+Here the specifications:
+
+* 2.3 GHz Intel Core 2 Duo
+* 2GB 667 DDR2 SDRAM
+* OSX 10.6.8
+* ATI Radeon X1600 256 MB RAM, 1440x900, 32 bit
+
+I didn't try any Sierra OS X hacks (or installing a Capitan, rumours are,
+it works even on such an old laptop) on old hardware and besides,
+Archlinux is a better choice for a developer on a Mac. Although
+there are still MacPorts for OS X 10.6.x (no Brew though), it can be
+quite painful to get something compiled on a Mac OS that old.
+
+As we will see later, we want to keep OS X around to be able to
+change some settings, extract some firmware, etc.
+
+## Installation
+
+### Prepare for dual installation
+
+We have a whooping 120 GB hard disk space, so I shrank the OS X partition to 64 GB.
+This can be done in the *Disk Utility.app*, just leave EFI in peace, set OSX to
+64 GB and assign the rest of the hard disk as free space.
+
+Prepare the USB stick for installation, I had no luck with the standard ISO,
+but a hand-crafted USB-stick worked:
+
+```
+hdiutil convert -format UDRW -o archlinux-2018.09.01-x86_64.img archlinux-2018.09.01-x86_64.iso 
+dd if=archlinux-2018.09.01-x86_64.dmg of=/dev/disk2 bs=1m
+```
+
+### EFI boot
+
+I used [ReFIT for MAC](http://refit.sourceforge.net/) to improve the
+somewhat limited EFI environment of an early Mac (don't get me wrong, it's
+pretty impressive that such an old machine already had EFI, but nowadays this
+EFI shows its age).
+
+The firmware is a 32-bit EFI without a proper command line mode,
+causing trouble all along. I didn't take ReFind as I didn't expect the 
+32-bit EFI to be currently supported, especially as I see Tianocore
+failing to build with more modern 32-bit binutils and gcc.
+
+I installed a 32-bit GRUB onto the EFI partition as a second boot option
+along to OSX. This one then boots ArchLinux. This is easier than trying
+to load a 64-bit kernel with kernel EFI stub support from an 32-bit
+EFI environemnt with systemd-boot.
+
+### ATI VESA BIOS
+
+I didn't want to boot into legacy mode to make the VGA BIOS visible, so
+I got a nice problem during KMS switching during early boot: the
+graphical output just froze. The irony here is that modern Linux and Xorg
+don't care at all about the old VGA/VESA BIOS, but they do so for KMS,
+where the kernel has to rely on 16-bit firmware functions in the video
+BIOS to program the video chip for graphics mode.
+
+All I got was the following kernel and Xorg error messages:
+
+```
+[2.052705] [drm] initializing kernel modesetting (RV530 0x1002:0x71C5 0x106B:0x0080 0x00).
+[2.052742] radeon 0000:01:00.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0xa1a1
+[2.052817] [drm:radeon_get_bios [radeon]] *ERROR* Unable to locate a BIOS ROM
+[2.052825] radeon 0000:01:00.0: Fatal error during GPU init
+[2.053037] radeon: probe of 0000:01:00.0 failed with error -22
+...
+[31.041] (EE) open /dev/dri/card0: No such file or directory
+```
+
+So this basically translates to: "I don't have a direct rendering interface,
+because there is no video card, because there is no BIOS for that card".
+
+The key idea was to extract the VESA BIOS on a distribution which handles
+the KMS switching correctly (in my case an old Ubuntu 10).
+
+```
+dd if=/dev/mem of=vbios.bin bs=65536 skip=12 count=1
+```
+
+Verify that you actually got the right firmware. There is an error message
+when booting the kernel saying:
+
+```
+[2.052742] radeon 0000:01:00.0: Invalid PCI ROM header signature: expecting 0xaa55, got 0xa1a1
+```
+
+so we expect to find that signature at the beginning of the *vbios.bin* file:
+
+```
+hexdump -C vbios.bin | head -n 1
+00000000  55 aa 7d e9 7f 02 00 00  00 00 00 00 00 00 00 00  |U.}.............|
+```
+
+This firmware comes into */lib/firmware/radeon/vbios.bin* to be available during
+boot.
+
+The next problem was that the radeon module in the Linux kernel doesn't
+know about this firmware. There is a patch in https://bugs.freedesktop.org/show_bug.cgi?id=26891
+for older kernels, but it translates easily to the latest kernel. All
+it does is to load the *vbios.bin* file from the right place, when all the other
+options fail.
+
+My version of the module is [here](/text/blog/archlinux-macbook-a1211/radeon_bios.c), check
+out function *radeon_read_bios_from_firmware* and the code calling that function.
+
+
+In order to use the Radeon driver for KMS as early as possible,
+I put it into the init-RAM-disk:
+
+So, I added to */etc/mkinitcpio.conf* and rebuilt the ram disks:
+
+```
+MODULES=(radeon)
+FILES=(/usr/lib/firmware/radeon/vbios.bin)
+```
+
+### "Total Darkness" after 10 minutes
+
+Everything was running smoothly.. for about 10 minutes. Then my LCD display
+just went pitch black.
+
+Setting the brightness manually didn't help:
+
+```
+xrandr --output LVDS --brightness 1
+```
+
+(it did work later though to set the brightness between 0.0 and 1.0)
+
+The trick is to tell the radeon module to handle the LCD backlight, not
+one of the Apple brightness modules. In */etc/modprobe.d/radeon.conf* put:
+
+```
+options radeon backlight=1
+```
+
+Also handy is the https://aur.archlinux.org/packages/brightd/, though
+I think also systemd-backlight can nowadays at least save the brightness
+across reboots and suspends.
+
+### Function keys or special keys
+
+If you don't need the special keys for controlling the volume and brightness but instead the old
+Fxx function keys, add the following to */etc/modprobe.d/hid_apple.conf*:
+
+```
+options hid_apple fnmode=2
+```
+
+### Camera
+
+Here we come to iSight and why we need OS X around to extract the proper
+firmware.
+
+https://wiki.archlinux.org/index.php/Mac#Webcam has a really nice walkthrough.
+
+Shortly, you need https://aur.archlinux.org/packages/hfsprogs/ to mount the HFS
+partition. There you will find a file called *AppleUSBVideoSupport* in
+*/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/AppleUSBVideoSupport.kext/Contents/MacOS*.
+
+You will also need https://aur.archlinux.org/packages/isight-firmware-tools/.
+It contains tools to extract the file containg the firmware called *isight.fw*
+from *AppleUSBVideoSupport*.
+
+Finally it contains an udev rule in */etc/udev/rules.d/isight.rules* which then makes
+sure the firmware is also loaded on startup during detection of the camera via udev.
+
+### Wifi
+
+The wireless card was supported without any problems. Just some channels
+were not visible.
+
+Install *wireless-regdb* and make sure to enable the proper regulatory domain in
+*/etc/conf.d/wireless-regdom*:
+
+```
+WIRELESS_REGDOM="CH"
+```
+
+The regulatory domain has to be set properly, put it into */etc/modprobe.d/regdom.conf*:
+
+```
+options cfg80211 ieee80211_regdom=CH
+```
+
+(CH is for Switzerland, pick your own country here)
+
+Note: I think my method is deprecated and you can also specify the
+regulatory domain directly in wpa_supplicant.conf, but then how
+to use systemd-networkd with that?
+
+### Fans and sensors
+
+[macfanctl](https://aur.archlinux.org/packages/macfanctld/) from the AUR works nicely,
+also lm_sensors had no problems to get the sensor data.
+
+### Power consumption
+
+cpupower seems to work fine. Just make sure the 'p4-clockmod' module is loaded
+at boot.
+
+Note: I didn't try powertop or other tweaks. I got some worriesome ticking
+noises of the hard disk after a suspend and my battery is not that powerful
+anyway, so I'll run mostly on net power.
+
+### Mouse buttons
+
+Managers might like to use only one mouse button. Also keyboard fanatics may
+be happy by just switching off the mousepad completly.
+
+The one button mouse is a disaster for people being used to Xorg copy-
+paste or Oberon enthusiasts used to three mouse buttons.
+
+Scrolling with two fingers is nice, but per default they are enabled only for up and down.
+I enabled also scrolling to the left and right. Besides, the keyboard is missing
+PageUp, PageDown keys, which is a usability nightmare when you want to
+scroll bigger source code files or web pages (yes, I know there is Fn-Page,
+but having Ctrl, Alt, Meta and Fn all on the same spot doesn't make it
+easier to find the right one).
+
+Side note: I'm using *Fn* for keyboard scrolling (PgUp, PgDown), *Ctrl* for Wordstar short-cuts, "Alt" for
+Notion (window manager) shortcuts, and they are really _CLOSE_ together..
+
+Change */etc/X11/xorg.conf.d/50-synaptics.conf* as follows to your likings:
+```
+Section "InputClass"
+	Identifier "Touchpad Catchall"
+	Driver "synaptics"
+	MatchIsTouchpad "on"
+	Option "TapButton1" "0"
+	Option "TapButton2" "3"
+	Option "TapButton3" "2"
+	Option "VertTwoFingerScroll" "1"
+	Option "HorizTwoFingerScroll" "1"
+	Option "ClickFinger2" = 0
+	Option "ClickFinger3" = 0
+EndSection
+```
+
+*TabButton1=1* only leads to all kind of frantic behaviour, because I
+touch the touchpad by accident too often. *ClickButton* and *TapButton*
+for the second and third button are just completly useless. Either no menu
+appears for TapButton or a menu appears for ClickFinger, but I can no
+longer do copy-pastes.
+
+The default modifiers Ctrl, Alt, Meta don't do anything with the mouse
+or just very weird stuff, like Alt-2-fingers jumps to the beginning of
+my text.
+
+For now, I choose TapButtons for copy-paste, as this is the function
+I need most often.
+
+I might add some Ctrl, Meta modifiers to get 2, 3 mouse button clicks later.
+
+## Philosophical Outro
+
+In a world where companies try hard to get people into their ecosystem (controlling
+what users can do with the products they bought and own, what they can repair or let repair, what kind
+of operating system and software they are supposed to use), I think, it's the
+duty of any tech professional to invest some time to give old hardware back some
+purpose (hence I'm also working on the Archlinux32 project). Also, throwing
+away barely used machines, just because a company wants to earn billions, is an
+ecological disaster. Remember, companies have been invented to make money, don't
+get fooled by "we are there to make the world a better place" or any other marketing bs.
+As the company which should not be named is quite good at this kind of business, I
+expect all major vendors to follow soon. So that's why I keep a park of old machines
+around and I'm not buying new machines since 10 years (I do buy old ones from Ebay though).
+
+## References
+
+* https://everymac.com/systems/apple/macbook_pro/specs/macbook-pro-core-2-duo-2.33-15-specs.html :
+  specifications of the A1211 model
+* [https://bugs.freedesktop.org/show_bug.cgi?id=26891](https://bugs.freedesktop.org/show_bug.cgi?id=26891): the patch to radeon.ko,
+  enabling loading of file as VESA bios
+* [https://bbs.archlinux.org/viewtopic.php?id=139511](https://bbs.archlinux.org/viewtopic.php?id=139511): some discussions about
+  the VESA radeon topic in the Archlinux forum.
+* https://wiki.archlinux.org/index.php/Mac#Webcam: how to make the camera work
+
+## Addendum 19.2.2021
+
+For kernel 5.7.6 updated version [here](/text/blog/archlinux-macbook-a1211/radeon_bios-5.7.6.c) .
+
+Also a small walkthrough on how to update the module (in a most likely not too official way):
+
+```
+wget https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.6.tar.xz
+tar xf linux-5.7.6.tar.xz
+cd linux-5.7.6
+make mrproper
+# use the the configuration of the new kernel!
+zcat /proc/config.gz > .config
+sed -i 's/.*CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION="-arch1-1"/g' .config
+sed -i 's/.*CONFIG_LOCALVERSION_AUTO.*/# CONFIG_LOCALVERSION_AUTO is not set/g' .config
+make oldconfig
+make scripts prepare modules_prepare
+# copy radeon_bios.c to drivers/gpu/drm/radeon
+make -C . M=drivers/gpu/drm/radeon
+rm -f /lib/modules/5.7.6-arch1-1/kernel/drivers/gpu/drm/radeon/radeon.ko.xz
+xz -c drivers/gpu/drm/radeon/radeon.ko \
+        > /lib/modules/5.7.6-arch1-1/kernel/drivers/gpu/drm/radeon/radeon.ko.xz 
+depmod -av
+mkinitcpio -P
+cp /boot/initramfs-linux.img /mnt/efi/.
+cp /boot/initramfs-linux-fallback.img /mnt/efi/.
+
+# Archlinux kernel compilation
+https://wiki.archlinux.org/index.php/Kernel/Traditional_compilation#Download_the_kernel_source
+# build just one module
+https://yoursunny.com/t/2018/one-kernel-module/
+```
+
+Where /mnt/efi is the VFAT rEFIt EFI partition which contains grub and the kernel
+image and RAM disk.
+
+## Addendum 18.6.2023
+
+For kernel 6.3.8 updated version [here](/text/blog/archlinux-macbook-a1211/radeon_bios-6.3.8.c) .
+
+## Addendum 22.10.2023
+
+Tried a kernel 6.5.8 (still working with the 6.3.8 version of the radeon_bios patch avaiable
+[here](/text/blog/archlinux-macbook-a1211/radeon_bios-6.3.8.c)).
+
+Here is also another way to build the kernel and the patched radeon module:
+
+```
+mount /mnt/efi (before updating the kernel!)
+pacman -Syyu
+cp /boot/vmlinuz-linux /mnt/efi/vmlinuz-linux
+cp /boot/initramfs-linux.img /mnt/efi/initramfs-linux.img
+cp /boot/initramfs-linux-fallback.img /mnt/efi/initramfs-linux-fallback.img
+
+pkgctl repo clone linux
+cd linux
+makepkg -do
+cp ~/radeon_bios-6.3.8.c src/linux-6.5.8/drivers/gpu/drm/radeon/radeon_bios.c 
+makepkg -s
+
+cp pkg/linux/usr/lib/modules/6.5.8-arch1-1/kernel/drivers/gpu/drm/radeon/radeon.ko.zst \
+  /lib/modules/6.5.8-arch1-1/kernel/drivers/gpu/drm/radeon/radeon.ko.zst 
+depmod -av
+mkinitcpio -P
+cp /boot/initramfs-linux.img /mnt/efi/initramfs-linux.img
+cp /boot/initramfs-linux-fallback.img /mnt/efi/initramfs-linux-fallback.img
+```
+
+## Addendum 1.5.2024
+
+Updated to kernel 6.6.8, using `MODULES=(amdgpu)` in `/etc/mkinitcpio.conf`
+produces a working framebuffer. Atlernatively  using `nomodeset` results
+also in a working text output during boot and switching to graphical mode
+works. Xorg just works using the RADEON driver (xf86-video-ati). The machine
+got a lot more boring (from a hacker perspective). ;-)
+
+I found setting the backlight brightness to be the next challenge, so far no
+tool I tried worked..
diff --git a/content/blog/bacula-lto4-backup.md b/content/blog/bacula-lto4-backup.md
new file mode 100644
index 0000000..6a91978
--- /dev/null
+++ b/content/blog/bacula-lto4-backup.md
@@ -0,0 +1,253 @@
++++
+date = "2021-08-04T12:10:05+01:00"
+description = ""
+title = "LTO-4 Backup with Bacula"
+categories = [ "Backup", "Bacula", "Tape", "LTO-4" ]
+thumbnail = "/images/blog/bacula-lto4-backup/lto4.jpg"
++++
+
+## Intro
+
+With Archlinux32 reaching some terabytes of data to backup I needed
+something "modern", like a tape. Now, big tapes like LTO-8 are close
+to unaffordable, LTO-4 drives and tapes on the other hand can be
+aqcuired on the cheap. They get thrown out of servers rooms at the moment.
+
+An LTO-4 tape can take 800 GB uncompressed data and the drive can be bought
+on Ebay for 200 to 300 CHF. Media is affordable at ca. 40 CHF per tape.
+
+# Tape Drive
+
+My first drive I ordered was advertised as working, which proved to
+be more the kind of drive only able to produce squealing noises and
+to be really hungry for tapes (and killing them). Well, my plan was
+to be under 1000 CHF for a backup solution, so I simply ordered a
+second one, keeping the first one for spare parts. Both drives are a
+HP Ultrium 1840.
+
+The second drive turned out to work just fine. But now, trying to connect, it
+showed some issues. The tape drive comes in a noisy black box, which
+I definitely don't want to run 24 hours a day. So I decided to remove
+the drive and squeeze it (quite literaly) into a machine.
+
+# Tape Media
+
+After ordering quite the wrong tape (LTO-4 WORM, which costs more and
+can be written only once, but has "smartness" built in to be tamperfree,
+oh well), I got boxes and boxes of old tapes from Ricardo from somebody
+desperately trying to get rid of them. Which is cool with me. The
+price per tape dropped to around 20 CHF this way and I have more tapes
+than I could ever have wished for.
+
+# Connectivity Issues
+
+I tried several SCSI cards to connect to the drive. The drive uses
+the last generation of parallel SCSI, which is quite a nuisance to
+find cards for. Either SCSI cards are server-grade (PCI-X) or they
+are not fast enough. Some cards (like dedicated backup SCA host
+adapters) work fine in some machines, but not in others. The SCSI
+cables are prone to transmition errors, especially a 4 meter long
+external SCSI cable with 320 MHz (external or internal 68-pin LVDS)
+is somehow not really reliable at this high speed.
+
+I went with a short shielded internal SCSI cable and putting the drive
+as close to the SCA host adapter as possible. This provided the best
+results.
+
+The result looks like this:
+
+{{< figure src="/images/blog/bacula-lto4-backup/fitting.jpg" alt="LTO-4 drive fitting the machine" >}}
+
+# Manual Backups and Tools
+
+## tar
+
+Most people nowadays don't know anymore what the 't' in 'tar' stands
+for - you guessed it: '***t***ape ***ar***chive'. :-)
+
+There are other formats but usually the "rule-of-least-surprise" applies
+here, the simpler the command line parameters used and the more widespread
+the format, the more likely somebody else (or even you yourself) is able
+to actually read and restore the data.
+
+## mt
+
+The old magnetic tape tool is no longer available as binary package
+on Archlinux, but there is an AUR package 'mt-st-git' providing the
+'mt-st' binary.
+
+This tool you need to do basic operations on the tape like positioning,
+ejecting, setting compression levels, etc.
+
+## Some use cases
+
+### Rewind and eject
+
+```
+mt-st -f /dev/nst0 rewoffl
+```
+
+### Erasing tapes
+
+```
+mt-st -f /dev/nst0 defcompression 0
+mt-st -f /dev/nst0 compression 0
+mt-st -f /dev/nst0 rewind
+tar -cvf /dev/nst0 /dev/null
+mt-st -f /dev/nst0 rewind
+```
+
+***Note***
+
+I'm disabling compression on the tapes for several reasons:
+* with compression on I'm not able to deliver enough data, resuling in shoe-shining
+* the remaining size of a tape is so much more predictable
+* I have enough tapes anyway. :-)
+
+### Append to end of data
+
+```
+mt-st -f /dev/nst0 eom
+tar zcvf /dev/nst0 *
+```
+
+### Status of the drive, current position of the tape
+
+```
+mt-st -f /dev/nst0 status
+```
+
+## sg_logs
+
+This tool can give you all kind of internal information like
+temperature, I/O errors of the drive, media information.
+
+The first page of information serves as sort of an index, of
+what the drive can report:
+
+```
+shell> sg_logs /dev/nst0 -p 0
+
+    HP        Ultrium 4-SCSI    B32D
+Supported log pages  [0x0]:
+    0x00        Supported log pages [sp]
+    0x02        Write error [we]
+    0x03        Read error [re]
+    0x0c        Sequential access device [sad]
+    0x0d        Temperature [temp]
+    0x11        DT Device status [dtds]
+    0x12        Tape alert response [tar]
+    0x13        Requested recovery [rr]
+    0x18        Protocol specific port [psp]
+    0x2e        Tape alert [ta]
+    0x30        Tape usage (lto-5, 6) [tu_]
+    0x31        Tape capacity (lto-5, 6) [tc_]
+    0x32        Data compression (lto-5) [dc_]
+    0x33        Write errors (lto-5) [we_]
+    0x34        Read forward errors (lto-5) [rfe_]
+    0x35        DT Device Error (lto-5, 6) [dtde_]
+    0x3e        Device Status (lto-5, 6) [ds_]
+```
+
+For instance I can get the temperature of the drive with:
+
+```
+shell> sg_logs /dev/nst0 -p 13
+
+    HP        Ultrium 4-SCSI    B32D
+Temperature page  [0xd]
+  Current temperature = 47 C
+  Reference temperature = <not available>
+
+```
+
+This could be meshed into a nagios check script, checking the sanity
+of the drive, but then I have to manually unmount the tape pool in
+bacula-sd before each check.
+
+## socat
+
+socat is like netcat and more. It allows to build tunnels between
+machines, so that the 'tar' command can pack files on one machine
+and send them to another machine, where the tape write command is
+attached to a listening socat.
+
+```
+# on the machine with the files to backup
+tar cvf - * | socat - TCP4:<server_with_tape>:8080
+# on the machine where the tape is
+socat TCP4-LISTEN:8080 - | dd of=/dev/nst0 bs=10240 status=progress
+```
+
+***Note***
+
+If using dd I set the blocksize manually to 20*512=10240, this seems
+to be the standard blocksize of 'tar' on Linux.
+
+## mbuffer
+
+Writting directly to the tape has some drawbacks as the tape drive
+is very fast and you cannot deliver data fast enough over a 1GBit/s
+network. So here 'mbuffer' helps to at least buffer data for some time
+and then flash it in one burst to the tape drive. This avoids the
+dreadful "shoe-shining" which not only drives you crazy (the sounds of it),
+but also reduces the lifetime of the components (or at least of the
+mechanics of the tape drive):
+
+```
+tar cvf - * | mbuffer -m 2G -P100% | \
+	socat - TCP4:<server_with_tape>:8080
+socat TCP4-LISTEN:8080 - | mbuffer -m 2G -P100% | \
+	dd of=/dev/nst0 bs=10240 status=progress
+```
+
+Buffering on either side is possible, not sure if having a buffer on both sides
+improves anything.
+
+# Use Cases
+
+## Full Backup
+
+I did a full backup of everything onto 10 tapes with the
+'tar/socat/mbuffer/dd' method.
+
+This is data which is quite stable and never changes, so I'll just keep
+it on some tapes with the write protection label on. It doesn't make
+much sense to put them into a bacula job, as the retention period is
+basically 30 years or so - or till the tape dies.
+
+The index of the tape is a simple text file, noting the kind of data,
+the size, the tape number, the file number (offset on tape) and the
+date of the backup:
+
+```
+doc             946M    1       0       17.4.2021
+Attic           13G     1       1       17.4.2021
+bilder          19G     1       2       17.4.2021
+projects        29G     1       3       18.4.2021
+ARCHIVE         16G     1       5       18.4.2021
+BACKUPS         122G    1       6       18.4.2021
+...
+music           154G    4       0       19.4.2021
+movies part1    547G    5       0       19.4.2021
+movies part2    785G    6       0       20.4.2021
+```
+
+## Bacula
+
+I use bacula for the daily incremental and full backups now for tape
+and offline cloud storage.
+
+bacula-sd just works fine and integrates with the rest of my backup system
+(the master bacula-dir is still living on an old Raspberry Pi). The only
+thing I was missing is to be able to copy a bacula job to two different
+media, one being the remote cloud storage and the other one the tape.
+Sort of a bacula 'tee' would be nice to have.
+
+# References
+
+* http://cdrtools.sourceforge.net/private/portability-of-tar-features.html:
+  on tar formats and compatibility
+* https://copyconstruct.medium.com/socat-29453e9fc8a6: blog about socat
+* https://www.commandlinefu.com/commands/view/13582/backup-to-lto-tape-with-progress-checksums-and-buffering
+* https://aur.archlinux.org/packages/mt-st-git/
diff --git a/content/blog/mail-disaster.md b/content/blog/mail-disaster.md
new file mode 100644
index 0000000..ab6d452
--- /dev/null
+++ b/content/blog/mail-disaster.md
@@ -0,0 +1,287 @@
++++
+title = "Mail Problems"
+categories = [ "Mail", "Linux", "Security" ]
+date = "2019-03-29T12:58:31+01:00"
+thumbnail = "/images/blog/mail-disaster/mail-disaster.png"
++++
+
+## History
+
+It was a beautiful day. My mailserver on the Raspberry Pi B was running
+without any issues for some time now.
+
+In the evening of March 12th I got a nice email from my external DNS
+provider:
+
+```
+The BuddyNS janitor writing. A safety notification on your BuddyNS account:
+
+    Your zones reached 60% of your account's traffic quota.
+
+Details:
+* Total traffic produced this month: 181 Thousand queries.
+* Current traffic quota: 0.3 Million queries/month.
+```
+
+Well, fine, I thought, finally somebody is checking on my web page and I
+went to sleep.
+
+Of course this was not the case: I had a weak password in one of the accounts
+of my mailserver (which allowed any legitimate Linux user to send
+emails). This caused all those DNS lookups for my domain on the
+BuddyNS DNS servers.
+
+So, my thinking went along the lines: well, some weeks ago
+I replaced the SD card, because the old one was worn out, I cannot
+remember whether I replaced all standard passwords. My suspicion got
+confirmed when I saw the following line in the my mail log:
+
+```
+From: "George"<alarm@andreasbaumann.cc>
+```
+
+Swearing big times about my own stupidity (the default password for the
+'alarm' account is - well - weak) I started cleaning up the mess.
+
+Checking my mail server logs I found that all attacks went via one single
+IP (185.228.80.18). So just blocking the firewall was the fastest way to
+fix the tousands of spam email being sent via my now defacto open mail relay.
+
+## Checking status
+
+There are various helpfull tools to check the status of your mail
+server. I picked https://mxtoolbox.com/. This is what I got:
+
+```
+ dmarc  andreasbaumann.cc  DNS Record not found   
+ blacklist  smtp.andreasbaumann.cc  127.0.0.2   
+ blacklist  smtp.andreasbaumann.cc  Blacklisted by JUNKEMAIL
+ blacklist  smtp.andreasbaumann.cc  Blacklisted by NIXSPAM   
+ blacklist  smtp.andreasbaumann.cc  Blacklisted by TRUNCATE   
+ blacklist  smtp.andreasbaumann.cc  Blacklisted by UCEPROTECTL1   
+ blacklist  smtp.andreasbaumann.cc  Blacklisted by WPBL   
+ mx  andreasbaumann.cc  No DMARC Record found
+ mx  andreasbaumann.cc  DMARC Quarantine/Reject policy not enabled   
+```
+
+I also like the results from ~~[http://zy0.de/q/83.150.2.48](http://zy0.de/q/83.150.2.48)~~:
+
+{{< figure src="/images/blog/mail-disaster/zy0_de.png" alt="zy0_de check resulst for 83.150.2.48" >}}
+
+Especially it shows you headers of SPAM mails, which are quite helpful
+to detect, what went wrong:
+
+```
+Spam samples A small selection
+
+ 12.03.2019 02:03 (Z) (date of processing)
+
+Return-Path: <alarm@andreasbaumann.cc>
+X-Original-To: cindy@SPAMTRAP.INVALID
+Received: from smtp.andreasbaumann.cc (smtp.andreasbaumann.cc [83.150.2.48])
+ by mail.ixlab.de (Spamtrap) with ESMTP
+ for <cindy@SPAMTRAP.INVALID>; Tue, 12 Mar 2019 03:03:20 +0100 (CET)
+Received: from User (unknown [185.228.80.18])
+ by smtp.andreasbaumann.cc (Postfix) with ESMTPA id 909CD77F2A;
+ Tue, 12 Mar 2019 01:22:20 +0100 (CET)
+Reply-To: <gg828579@gmail.com>
+From: "George"<alarm@andreasbaumann.cc>
+Subject: Good Day!!
+Date: Mon, 11 Mar 2019 17:22:27 -0700
+MIME-Version: 1.0
+Content-Type: text/html;
+ charset="Windows-1251"
+Content-Transfer-Encoding: 7bit
+X-Priority: 3
+X-MSMail-Priority: Normal
+X-Mailer: Microsoft Outlook Express 6.00.2600.0000
+X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
+X-NiX-Spam-Hash2: 5994f93f698c55d5b527b1da55f31611
+X-NiX-Spam-Source-IP: 83.150.2.48
+X-NiX-Spam-MX: mail.ixlab.de
+X-NiX-Spam-Listed: yes
+```
+
+## Blacklisting
+
+Mail servers can ask blacklists for bad IPs or domains and then block
+incoming mails.
+
+Most blacklists give you a home page, where they explain, how they 
+manage the list. There you might also find the status of your IP or domain.
+
+There are basically three ways you can try to get off such a list:
+
+* you can fill in a form, usually describing what went wrong and how
+  you solved the problem.
+* you have to send an email with basically the same kind of information
+* you can do nothing, the delisting happens automatically
+
+Keep in mind, that humans read those messages, be polite and be open
+about what went wrong. I never had a problem getting delisted, when
+I described, what I did wrong in the past and how I will enforce better
+security in the future.
+
+Also note: you usually don't get any email or feedback. Give people time
+and they will consider the case. If they think, you deserve to send
+emails again, they will delist you from the blacklist.
+
+Find below short descriptions of what I had to do in the individual cases.
+
+### JumkMailFilter
+
+Visited the "remove from the list" for at:
+
+https://ipadmin.junkemailfilter.com/remove.php
+
+Entered my IP and some text, why I got onto the list.
+
+### DNSBL
+
+~~[http://www.dnsbl.manitu.net/remove.php?value=83.150.2.48](http://www.dnsbl.manitu.net/remove.php?value=83.150.2.48)~~
+
+I had to fill in a form and describe, what went wrong on my side and
+how I fixed the problem.
+
+### TRUNCATE
+
+http://www.gbudb.com/truncate/index.jsp
+
+Had nothing to do here, but wait:
+
+```
+"Maintenance of this list is completely automated and there are no
+provisions for the manual addition or removal of entries."
+```
+
+### UCEPROTECTL1
+
+```
+"This blacklist does not offer any form of manual request to delist. 
+Your IP Address will either automatically expire from listing after
+a given timeframe, or after time expires from the last receipt of
+spam into their spamtraps from your IP Address.
+
+There is an express delisting for 89 CHF
+```
+
+For a personal domain I can wait for seven days sending out no spam.
+
+For a business domain I would most likely pay the 89 CHF. :-)
+
+### WPBL
+
+~~[http://www.wpbl.info/](http://www.wpbl.info/)~~
+
+```
+IP addresses are automatically removed with time, after
+spam stops arriving. For example, a lone spam sighting
+will only get an IP listed for 7 days. You can also
+remove an IP address using the Lookup facility at the 
+top of the page. This no-questions-asked, instant removal
+facility is provided for the benefit of administrators
+who feel that the record is in error or have fixed the
+security problem that allowed spam to be sent through
+their hosts. Access to the removal facility may be
+restricted if there is any abuse of our system, including
+attempts to automate removal of multiple IPs using
+scripts. Removed records still remain in database backups. 
+```
+
+Clicking on:
+
+http://www.wpbl.info/cgi-bin/remove.cgi
+
+I got:
+
+```
+Found IP address 83.150.2.48 in database, marking for removal.
+Record removed. The published list is updated hourly, so changes may not show immediately. 
+```
+
+### SPAMCOP
+
+https://www.spamcop.net/w3m?action=checkblock&ip=83.150.2.48
+
+I filled in the provided form.
+
+### IBM DNS
+
+This is a nice security product called 'IBM-X-Forge-Exchange', 
+so I had to log in with my IBM Id.
+
+{{< figure src="/images/blog/mail-disaster/ibm.png" alt="entries in IBM-X-Forge-Exchange" >}}
+
+I also had to describe my case to get delisted.
+
+### Gmail
+
+Now this one was tricky. Google has a not-so-great postmaster tool, hard
+to find forms to fill in and some confusing documentation.
+
+I tried here:
+
+https://glockapps.com/blog/remove-ip-address-gmail-blacklist/
+
+https://support.google.com/mail/contact/msgdelivery
+
+The postmaster tools are not a big help, really, I registered nonetheless.
+
+I got reject till March 28th, as far as I can tell the domain reputation below
+is one of the worst ones you can get and the only option is to wait some weeks
+after filling in the forms:
+
+```
+Our system has detected that this message
+is 550-5.7.1 likely suspicious due to the very low
+reputation of the sending 550-5.7.1 domain
+```
+
+## Course of Action for a better mail service
+
+I made sure, I have some security standards in place, so that
+at least faking the domain in the 'From:' field is not so simple:
+
+* [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework): Sender Policy Framework
+* [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail): Domain Keys Identified Mail
+* [DMARC](https://en.wikipedia.org/wiki/DMARC): Domain-based Message Authentication, Reporting and Conformance
+
+Those things don't help against a broken account on the mail server,
+as in my case, but they provide positive rating for emails being
+judged in the future, and they are simple to implement.
+
+I also added a list of accounts/emails to the postfix configuration.
+Only those accounts are allowed to send emails from the host.
+Even if this means you have to generate the entry in '/etc/passwd'
+and another one in that postfix list. This makes sure,
+no "rogue" Linux account can be abused for sending emails, when
+compromised.
+
+I added myself to the [DNSWL](https://www.dnswl.org) white list too.
+
+And of course, I deleted the 'alarm' account on the machine. :-)
+
+### Update 4.4.2019
+
+Gmail is still blocking me (or again?). So is bluewin.ch. The mess is
+not over, so I can only recommend everybody to make sure not to get
+into this situation in the first place.
+
+Added [Fail2Ban](https://www.fail2ban.org) to filter for common Postfix
+and Postfix SASL errors, like password-breach attempts via SASL. This
+works like a charm.
+
+Added [Spamassassin](https://spamassassin.apache.org/) and
+[Razor](http://razor.sourceforge.net/) to get rid of spam.
+
+### Update 15.4.2019
+
+Gmail likes us again.. :-)
+
+## References
+
+* https://mxtoolbox.com/
+* http://zy0.de/
+* https://en.wikipedia.org/wiki/Sender_Policy_Framework
+* https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
+* https://en.wikipedia.org/wiki/DMARC
diff --git a/content/blog/no-github.md b/content/blog/no-github.md
index 1d9d56d..f5641f1 100644
--- a/content/blog/no-github.md
+++ b/content/blog/no-github.md
@@ -14,3 +14,14 @@ The reasons should be obvious:
 Find my software on http://git.andreasbaumann.cc/cgit/.
 
 If you want to collaborate or supply a patch, you can contact me via email.
+
+### Update 22.2.2024
+
+I started to make exceptions to the rule above: when forking and working on existing
+projects which happen to be on Github already. Or when I push a read-only copy
+to Github from personal repos, just to increase the visibility of the project.
+
+
+Or if I want my code to be used in Copilot as example how to do good (or maybe bad)
+coding. ;-)
+
diff --git a/content/blog/openbsd-firewall-and-securityrouter.org.md b/content/blog/openbsd-firewall-and-securityrouter.org.md
index 178b827..b58a070 100644
--- a/content/blog/openbsd-firewall-and-securityrouter.org.md
+++ b/content/blog/openbsd-firewall-and-securityrouter.org.md
@@ -5,5 +5,5 @@ categories = [ "OpenBSD", "Security" ]
 thumbnail = "/images/blog/openbsd-firewall-and-securityrouter/openbsd-firewall-and-securityrouter.png"
 +++
 
-Found a really nice new router appliance based on OpenBSD 6.0, http://securityrouter.org. I’m still missing some features like a split-horizon DNS, so I will not abandon the script-based project http://github.com/andreasbaumann/OpenBSD-firewall just for now.
+Found a really nice new router appliance based on OpenBSD 6.0, http://securityrouter.org. I’m still missing some features like a split-horizon DNS, so I will not abandon the script-based project http://git.andreasbaumann.cc/cgit/OpenBSD-firewall just for now.
 
diff --git a/content/blog/openbsd-firewall-appliance-intro.md b/content/blog/openbsd-firewall-appliance-intro.md
index c9b73d2..31a805c 100644
--- a/content/blog/openbsd-firewall-appliance-intro.md
+++ b/content/blog/openbsd-firewall-appliance-intro.md
@@ -203,7 +203,7 @@ I would like to test more things around the following topics:
   stuff it into a floppy to compact flash adapter, write the image, put
   it back. This is tedious. :-)
 
-## Github
+## Git
 
 The whole project can be found here:
 
@@ -212,10 +212,4 @@ http://git.andreasbaumann.cc/cgit/OpenBSD-firewall/
 
 Feedback welcome. :-)
 
-## Note on Github
-
-There is a version on https://github.com/Eurospider/OpenBSD-firewall. This
-is the original version and I don't plan to update it anymore.
-Further development happens on my personal repo (as I'm basically the only
-one using it anyway).
 
diff --git a/content/blog/retro-computing-unisys.md b/content/blog/retro-computing-unisys.md
index a3f39fa..28ee60d 100644
--- a/content/blog/retro-computing-unisys.md
+++ b/content/blog/retro-computing-unisys.md
@@ -98,14 +98,25 @@ series on Youtube by Andres Ramos.
 ## Future plans
 
 I want to be able to boot a modern Linux kernel and distribution on
-it. Currently I'm working on a "port" of [Archlinux32](http://www.archlinux32.org)
+it. Currently I'm working on a "port" of [Archlinux32](https://www.archlinux32.org)
 to the i486 architecture using the [crosstool-ng](https://crosstool-ng.github.io/)
-toolchain (see [bootstrap32](https://github.com/archlinux32/bootstrap32)).
+toolchain (see [bootstrap32](https://git.archlinux32.org/bootstrap32)).
 
 The installation process has to be something over iPXE, as a 1.44MB floppy
 really doesn't hold a kernel 4.15.x anymore. iPXE itself will need some
 patching for i486 too.
 
+### Update 26.11.2022
+
+Had to set up the machine again, either the SD card died or my Linux experiments
+nuked the MBR. Found [mTCP](http://www.brutman.com/mTCP/) to be a very nice 
+alternative networking package, also having a FTP and HTTP server.
+
+Also the sentence about not being able to boot a modern Linux from floppy is wrong.
+In the meantime I can boot it with the
+[Archlinux32 i486 Floppy](https://git.archlinux32.org/archi486/tree/floppy), just the
+NEx000 drivers in modern kernels are currently quite misbehaving somehow.
+
 ## Videos and Links
 
 * LGR: [My Smallest 486 Desktop PC: Unisys CWD-4002](https://www.youtube.com/watch?v=ddgmzmw6_qE)
@@ -135,6 +146,9 @@ patching for i486 too.
 * [DOS drivers for the NE2000](http://www.georgpotthast.de/sioux/packet.htm), the NE2000.EXE package driver
 * [Vibra 16 Soundblaster drivers on Vogons.org](http://www.vogonsdrivers.com/getfile.php?fileid=33&menustate=0)
 
+### DOS software
+* http://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/net/wget/: wget for DOS
+
 ### Windows 3.1 drivers
 
 * [Cirrus Logic GD5424](http://www.vogonsdrivers.com/index.php?catid=47)
@@ -154,5 +168,5 @@ patching for i486 too.
 
 ### Other Links
 
-* [Index of Interesting DOS programs](http://www.opus.co.tt/dave/indexall.htm)
+* ~~[Index of Interesting DOS programs](http://www.opus.co.tt/dave/indexall.htm)~~
 
diff --git a/content/blog/retro-computing-vintage-computer-festival-zurich-2019.md b/content/blog/retro-computing-vintage-computer-festival-zurich-2019.md
new file mode 100644
index 0000000..98b9f28
--- /dev/null
+++ b/content/blog/retro-computing-vintage-computer-festival-zurich-2019.md
@@ -0,0 +1,111 @@
++++
+title = "Retro Computing - Vintage Computer Festival Zürich 2019"
+categories = [ "Retro Computing", "Vintage Computer Festival", "VCF" ]
+date = "2019-12-08T09:37:22+01:00"
+thumbnail = "/images/blog/retro-computing-vintage-computer-festival-zurich-2019/retro-computing-vintage-computer-festival-zurich-2019.jpg"
++++
+
+## Intro
+
+My first visit to an exhibition of old computers. It was held on 
+November 30th and December 1st in Zürich in the "Rote Fabrik".
+Given my collection of not-so-old computers I wanted to see a collection
+of really old computers.
+
+## PDP-11
+
+The first thing which catched my attention was a PDP-11 emulator with
+frontend also simulating a Tektronix 4010 graphical terminal. It's
+running on a Raspberry-PI fully emulating a PDP-11 running BSD 2.11.
+I was aware of old Unix V6 or V7 versions running on emulators, but
+a BSD 2.11 with a TCP/IP-stack is so much nicer.
+
+The following is a real desktop PDP-11 with some emulators for things
+like tapes and external devices:
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2019/retro-computing-vintage-computer-festival-zurich-2019-PDP-11.jpg" alt="PDP-11" >}}
+
+## Apple ][
+
+I brought some old floppies and was astonished they were booting the
+oldest Apple machines without any problems. Even the chess program
+worked (one of my earliest encounters with a computer was playing
+chess in the computer room back at my high school on an Apple \]\[).
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2019/retro-computing-vintage-computer-festival-zurich-2019-Apple-2.jpg" alt="Apple \]\[" >}}
+
+I was also able to run a "games disk" with a menu system I once typed
+in from a book during my holidays back in school (yes, floppies where
+too expensive back then and you learned BASIC as a bonus while typing).
+
+Obviously too excited this still worked I didn't take any photos of it,
+so here is a placeholer, the original book with the program listings:
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2019/retro-computing-vintage-computer-festival-zurich-2019-apple-games-book.jpg" alt="Apple Game Book" >}}
+
+## old PCS
+
+While everybody else at the exhibitation was showing off their machines,
+the IBM-PC guys were trying to make sure that monitors didn't explode
+(one did) and building up a network, so they were constantly busy
+doing something on those machines. I was able to run a Flight Simulator 4
+from Microsoft on an EGA-based machine, really nice:
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2019/retro-computing-vintage-computer-festival-zurich-2019-FS4.jpg" alt="Fligh Simulator 4" >}}
+
+## SoftVGA
+
+Really interesting speech on how to implement a VGA "card" on an Atmel-based
+board. This catched my interest because I'm all in for minimalistic
+hardware and software on an FPGA.
+
+## Fluxengine
+
+This was more out of personal interest, as I still own 100nds of Apple \]\[,
+CP/M and PC-disks reaching back into the mid-80ies. My oldest two machines
+(an IMC-2001 Taiwanese Apple/CPM-clone and the Olivetti M290) are not working
+anymore and I can hardly find a floppy connector on the already old machines
+I own.
+
+Fluxenine reads floppy images via a 5V FPGA on a stick, one side is an
+old floppy connector, the oder side a normal USB connection.
+
+I brought some old floppies I could donate (in form of an image) for
+future analysis.
+
+## What else
+
+SGI, a Next, IBM/360 on an FPGA, Amiga, Commodore, tons of Apple/Macintosh,
+ZX Spectrum, ...
+
+## What not
+
+I personally missed some CP/M-based machines (not counting the electronic
+type writer running CP/M and running games from a small tape drive, which
+was interesting to see). Closest (from the outer appearance) came the
+following IBM portable:
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2019/retro-computing-vintage-computer-festival-zurich-2019-IBM-5155.jpg" alt="IBM 5155 Portable" >}}
+
+Also I missed some Atari (like the ST TT series) machines (or maybe 
+I just didn't see them).
+
+## Important Lessons Learned
+
+Talk to everybody! Every single one is an enthusiast and has an interesting
+history. If you just walk through the hall and stare at the machines, most
+things will not be impressive at all. Also the talks I can recommend.
+
+## Links
+
+* general links
+  * [Vintage Computer Festival Zurich](http://vcfe.ch/doku.php): official Webpage with exhibitors and schedule of speeches held
+  * [Event Information "Rote Fabrik"](https://rotefabrik.ch/#/events/5084?utm_medium=display&utm_source=kulturzueri.ch&utm_campaign=kulturzueri#/events/5084):
+    event information
+  * [Wikipedia entry on vintage Computer Festival](https://de.wikipedia.org/wiki/Vintage_Computer_Festival): history and purpose of the event
+  * [Gallery 2019](https://www.skv-net.ch/mobilegallery/gallery.php?a=456)
+* PDP-11/Tektronik:
+  * [Tek4010](https://github.com/rricharz/Tek4010)
+  * [BSD 2.11](https://github.com/RetroBSD/2.11BSD)
+* [SoftVGA](http://neil.franklin.ch/Projects/SoftVGA/)
+* [Fluxengine](http://cowlark.com/fluxengine): the FPGA-based USB-floppy reader
diff --git a/content/blog/retro-computing-vintage-computer-festival-zurich-2021.md b/content/blog/retro-computing-vintage-computer-festival-zurich-2021.md
new file mode 100644
index 0000000..58d7158
--- /dev/null
+++ b/content/blog/retro-computing-vintage-computer-festival-zurich-2021.md
@@ -0,0 +1,87 @@
++++
+
+title = "Retro Computing - Vintage Computer Festival Zürich 2021"
+categories = [ "Retro Computing", "Vintage Computer Festival", "VCF" ]
+date = "2021-11-29T06:43:34+01:00"
+thumbnail = "/images/blog/retro-computing-vintage-computer-festival-zurich-2021/retro-computing-vintage-computer-festival-zurich-2021.jpg"
++++
+
+## Intro
+
+First of all, quite amazing it could even happen given the pandemic
+situation, thanks to all organizers and exhibitors. It was held on
+November 27th/28th in Zürich in the "Rote Fabrik".
+
+No talks were held this year, also for obvious reasons. There were
+not many people there presumably also due to the pandemic situation.
+
+## Tektronix 4010
+
+2019 I saw a PDP-11 emulator along with an emulated Tektronix 4010
+graphical terminal. This time there was the real thing. Really impressive,
+and a phenomenal keyboard. (The image below is unintentionally blured
+due to the subpar photographic skills of the author):
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2021/retro-computing-vintage-computer-festival-zurich-2021-tektronix-4010.jpg" alt="Tektronix 4010" >}}
+
+## Soviet computers
+
+There were all kinds of Soviet computers, something we don't get to
+see very often here.
+
+For instance the Agat computer based on a 6502:
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2021/retro-computing-vintage-computer-festival-zurich-2021-agat.jpg" alt="Agat" >}}
+
+The BK-0010-01 Soviet computer was really nice, being roughly a PDB-11 clone
+with an impressive dual-head monitor setup:
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2021/retro-computing-vintage-computer-festival-zurich-2021-BK-0010-01.jpg" alt="BK-0010-01" >}}
+
+## Lilith and Ceres
+
+For the first time I saw the "portable" version of the Lilith and sadly
+non-working versions of the Ceres 1 and 3 workstations. I did my studies
+on the Ceres 3 when back at ETH Zurich from 1992 to 1997. Mr Gutknecht was
+around to explain things.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2021/retro-computing-vintage-computer-festival-zurich-2021-ceres3.jpg" alt="Ceres 3 Workstation" >}}
+
+I brought along my old school books, so that people had at least the chance
+to read a little bit about the system.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2021/retro-computing-vintage-computer-festival-zurich-2021-oberon-books.jpg" alt="Programming in Oberon and The Oberon System" >}}
+
+
+## OLPC XO-1
+
+I was exhibiting my OLPC XO-1 computer in a series of communication devices
+from enter.ch.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2021/retro-computing-vintage-computer-festival-zurich-2021-olpc-xo-1.jpg" alt="OLPC XO-1" >}}
+
+## Important Lessons Learned
+
+My machines are not old or rare enough. I should really try to get the IMC-2001 running again
+doing some 6502-Apple2, Z80-CP/M stuff. Or the Olivetti with a 286 board inside or the 386..
+
+## Links
+
+* general links
+  * [Vintage Computer Festival Zurich](https://vintagecomputerfestival.ch): official webpage
+* PDP-11/Tektronik:
+  * [Tektronix 4010](https://en.wikipedia.org/wiki/Tektronix_4010)
+* Soviet Computers:
+  * [BK-0010-01 Soviet computer](https://wiki.vcfb.de/2020/en:soviet_computers)
+  * [Agat](https://en.wikipedia.org/wiki/Agat_(computer))
+* OLPC XO-1
+  * [OLPC XO-1](https://www.eguide.ch/en/objekt/xo-1-one-laptop-per-child/)
+* Computermuseum
+  * [Enter.ch](https://www.enter.ch)
+* Ceres/Lilith/Oberon:
+  * [Project Oberon 2013](http://www.projectoberon.com/): second edition, with a RISC-5 CPU done on FPGA
+  * https://verhoeven272.nl/fruttenboel/Oberon: all kind of information and nice links
+  * http://www.ethistory.ethz.ch/rueckblicke/departemente/dinfk/forschung/weitere_seiten/lilith/index_DE/popupfriendly/:
+    some nice screenshots of the machines
+    
+  
diff --git a/content/blog/retro-computing-vintage-computer-festival-zurich-2022.md b/content/blog/retro-computing-vintage-computer-festival-zurich-2022.md
new file mode 100644
index 0000000..2edbf62
--- /dev/null
+++ b/content/blog/retro-computing-vintage-computer-festival-zurich-2022.md
@@ -0,0 +1,100 @@
++++
+
+title = "Retro Computing - Vintage Computer Festival Zürich 2022"
+categories = [ "Retro Computing", "Vintage Computer Festival", "VCF" ]
+date = "2022-11-21T07:56:22+01:00"
+thumbnail = "/images/blog/retro-computing-vintage-computer-festival-zurich-2022/retro-computing-vintage-computer-festival-zurich-2022-lisa-harddisk.jpg"
++++
+
+## Intro
+
+This is the last vintage computer festival in Zürich in the "Rote Fabrik"
+(which has to be restorated after a bad fire back in 2012) - at least
+for now. It was held on November 19th/20th.
+
+It was back to what it was before the pandemic in terms of exhibits,
+the amount of people attending, the talks (which where held again this year).
+
+It's an ever growing community of exhibitors, most of them try to
+attend every year, so I'm just pointing out the new things, which
+catched my attention (the others can be seen on older blog entries
+of the series).
+
+This year we had challenges, so visitors could try their skills by
+solving puzzles or programming tasks at the exhibition desks. This
+is a good idea to get visitors more involved and it's not just a
+museum then, where exhibitors have to say 20 times the same stuff
+or people are just walking by the computers and making photos.
+
+I was sceptical in the beginning (basically because I don't like
+puzzling), but in the end I also did one or two of the challenges:
+trying to use a Lisa desktop and trying to get a message to Mastodon
+from an old Unix System V.
+
+## Local Heroes
+
+Again we had the ETHZ Lilith and Ceres as local Zürich computers, but
+this time also the group around Prof. Jean-Daniel Nicoud from the EPFL
+Lausanne. He showed some really interesting things.
+
+### Teaching Electronics
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2022/retro-computing-vintage-computer-festival-zurich-2022-electronics-teaching.jpg" alt="Teaching Electronics" >}}
+
+Those blocks are basically 74xxx series logic chips in a block with
+schematics on top. You use cables to connect them and form logical
+blocks like for instance a small adder with carry. This is much nicer
+to deal with than with breadboards and the real logic chips.
+
+### Smaky
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2022/retro-computing-vintage-computer-festival-zurich-2022-smaky-100.jpg" alt="Smaky 100" >}}
+
+This is a series of 8-bit computers, the first one based on Intel 8080, later on Z80.
+This one is based on a 68k processor. The really nice thing is the graphical interface,
+the keyboard and the mouse which feel absolutely modern.
+
+### Self-made computers
+
+On Youtube you can find a lot of people doing their own computer
+projects based on 6502 and Z80 CPUs. This one is a really early example
+of it (and totally without Youtube - the green one on the left with
+the high voltage sign and the cards sticking out as in a toaster):
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2022/retro-computing-vintage-computer-festival-zurich-2022-self-made.jpg" alt="Self made computers" >}}
+
+## Apple Lisa
+
+This is a computer you usually see not running and only behind some centimeters of glas.
+At the VCF you had the chance to experience the GUI (especially its speed, ahem).
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2022/retro-computing-vintage-computer-festival-zurich-2022-lisa-front.jpg" alt="Apple Lisa" >}}
+
+## CP/M
+
+Hidden in a corner were some really nice CP/M-based machines:
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2022/retro-computing-vintage-computer-festival-zurich-2022-cpm-machines.jpg" alt="CP/M machines" >}}
+
+## Important Lessons Learned
+
+My IMC-2001 is still not running and I'm currently fighting all kind of
+broken stuff (keyboard circuit, power supply, broken ROM-chip). Not having
+an exact twin of this machine makes it hard to repair.
+
+..and yes, I know how to create a document on the Apple Lisa now. ;-)
+
+## Links
+
+* general links
+  * [Vintage Computer Festival Zurich](https://vintagecomputerfestival.ch): official webpage
+* Smaky (sadly a lot of the links are broken)
+  * [Smaky Mouse and Keyboard](https://www.informatiquegestion.ch/mouse-and-keyboard): close up images
+  * [Smaky machines](https://www.smaky.ch/chapitre.php?id=lami_4): the timeline of the Smaky computers
+  * [Smaky@museebolo](https://www.museebolo.ch/): where the Smakies can usually be seen outside the VCF
+  * [Video on Smaky](https://www.youtube.com/watch?v=5Vt01NJIy18): on Youtube, shows off various Smakies,
+    history, games, etc. @debConf
+* videos
+  * [Youtube Gamo Tech25](https://youtu.be/rL4lvOuebJE)
+  * [Tomaniac](https://youtu.be/hIb0VxhVU2M)
+  * [The Phintage Collector](https://youtu.be/baWwDEKfXBA)
diff --git a/content/blog/retro-computing-vintage-computer-festival-zurich-2023.md b/content/blog/retro-computing-vintage-computer-festival-zurich-2023.md
new file mode 100644
index 0000000..75a2785
--- /dev/null
+++ b/content/blog/retro-computing-vintage-computer-festival-zurich-2023.md
@@ -0,0 +1,113 @@
++++
+
+title = "Retro Computing - Vintage Computer Festival Zürich 2023"
+categories = [ "Retro Computing", "Vintage Computer Festival", "VCF" ]
+date = "2023-11-12T17:32:22+02:00"
+thumbnail = "/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-scrib.jpg"
++++
+
+## Intro
+
+This time the vintage computer festival in Zürich was held in
+the "EWZ Kraftwerk Selnau". This is a former substation in the middle
+of Zurich which is a museum, event hall and coworking area now.
+The enterior is best described as a bunch of ship containers
+aranged in a middle of a factory hall. In the middle there is a bar
+now. There are corners with couches and a big room upstears which
+looks like the former control room (and most likely was one).
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-selnau1.jpg" alt="EWZ substation at Selnau" >}}
+
+As always I'm not listing all exhibitors and exhibited pieces, I'm
+just pointing out new things, which catched my attention this year
+(the others can be seen on older blog entries of the series).
+
+This year I was not in for challenges, I rather prefer talking to
+people, but everybody can do what he wants.
+
+New this year is a full recording of all the talks, this is nice
+as you don't have to decide whether you are watching the computers
+in the exhibition and having discussions with the exhibitors or whether
+you are watching the talks. This also good for the exhibitors themselves who
+would love to be able to attend to the talks too.
+
+## Portables
+
+A full room upstears was dedicated to a bunch of portable computers
+from the venerable Osborne OCC-1, Commodore SX-64, Amstrad,
+various PC portables, etc.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-portables.jpg" alt="Portable computers" >}}
+
+### OLPCs
+
+It's nice to see two OLPC XO-1 next to each other, with the mesh
+wlan in action. My takeaway is that it's not only the pieces of
+hardware you have and want to show, it's also about the story 
+you tell about them and the way you present them - and where.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-olpcs.jpg" alt="Two 'One Laptop per Child' OLPC XO-1 on a bench" >}}
+
+### IBM PC Convertible (model 5140)
+
+I couldn't resist to play Planet X3 on CGA Composite on a small
+surveilance monitor thingy (sorry, one photo was blurred and the
+other one has now a non-syncing output signal, I promise,
+take my word, it worked just fine in "full" CGA colors).
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-ibm-convertible.jpg" alt="IBM PC Convertible (model 5140) with external monitor" >}}
+
+### Scrib
+
+Thankfully they was a Scrib teletype writer from the Smaky series
+of computers in that room which you could actually touch without
+white glowes. It was the technological equivalent of a Chinese
+fingertrap to me, trying to spin my head around the way you use this
+thing. Unique is the idea of using a mirror on the back to reflect the
+image of the CRT (which is mounted on the back). The image is cristal
+clear compared to other CRT displays of that time.
+
+I managed to print something, but couldn't remember the key combination
+I pressed so I spent far too much time to reproduce printing.
+I managed all kind of "erreurs de casettes" (behind the little
+shiny glas cover on the right the machine can hold two small tapes)
+but sadly not a second print.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-scrib.jpg" alt="Smaky Scrib" >}}
+
+## BBC Acorn Econet school network
+
+It was real joy to see the UKs pride of computing in a series of Acorn
+machines joined in a Econet network. Of course various Raspberry PIs
+were serving as coprocessor emulators, network files servers, etc.
+
+It was really pleasant to talk to Mark Usher and his plans collecting and
+documenting those machines.
+
+Who has the time should see BCC early education series on computing on TV.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-acorns.jpg" alt="Acorns" >}}
+
+## Other nice projects
+
+Especially nice was the Fusix on a Dragon32 (something I can also imagine
+to try on my IMC-2001) and the fully restaurated Sol-20 with wooden borders.
+
+{{< figure src="/images/blog/retro-computing-vintage-computer-festival-zurich-2023/retro-computing-vintage-computer-festival-zurich-2023-others.jpg" alt="Dragon 32 and Sol-20" >}}
+
+## Important Lessons Learned
+
+Fix that darn IMC-2001.. ;-)
+
+## Links
+
+* general links
+  * [Vintage Computer Festival Zurich](https://vintagecomputerfestival.ch): official webpage
+* smaky
+  * [Smaky Scribd](https://www.smaky.ch/chapitre.php?id=lami_6)
+* Acorn, Econet
+  * [Listing of computer models](https://www.retro-kit.co.uk/page.cfm/content/Acorn-Computers-Ltd/index.html)
+  * [Econet manuals](http://www.8bs.com/othrdnld/manuals/econet.shtml)
+* videos
+  * [Youtube video on the IBM PC Convertible (model 5140)](https://www.youtube.com/watch?v=F4fH6iPMxGw)
+  
diff --git a/content/blog/web-search-homepage.md b/content/blog/web-search-homepage.md
index a3a1cc3..98b81c7 100644
--- a/content/blog/web-search-homepage.md
+++ b/content/blog/web-search-homepage.md
@@ -258,10 +258,24 @@ The upload to the remote webserver can be done more elegantly.
 One idea is to use the backup/replication API of strus for this:
 build an index locally and sync it to the strusWebService.
 
-Update March 2018: currently the ARM version of strus is completely broken
+### Update 8.3.2018
+
+Currently the ARM version of strus is completely broken
 and the strusWebService is being rewritten. So there will be an updated
 blog entry when those things are fixed.
 
+### Update 29.4.2018
+
+Replaced the web page search with an [Elasticlunr](http://elasticlunr.com/)
+Javascript search, running 100% on the client for added security and load
+distribution benefits.
+
+### Update 17.12.2023
+
+Replaced the Elasticlunr search with a webassembly version of
+[Sqlite Free Text Search 5](https://www.sqlite.org/fts5.html).
+Also runs completely on the clients browser.
+
 # Sources
 
 As always you can find the sources of the project on my github (also hosted
@@ -271,5 +285,5 @@ http://git.andreasbaumann.cc/cgit/www-andreasbaumann-cc/
 
 The strus specific scripts and configuration are in:
 
-http://git.andreasbaumann.cc/cgit/www-andreasbaumann-cc/tree/strus
+http://git.andreasbaumann.cc/cgit/www-andreasbaumann-cc/tree/search/strus