first finished version of setup with some updates for notes

further fixes for first two posts, additional link for sidebar

2 files changed, 30 insertions, 5 deletions

diff --git a/content/pages/notes.rst b/content/pages/notes.rst
index 93b4b10..c578a6b 100644
--- a/content/pages/notes.rst
+++ b/content/pages/notes.rst
@@ -34,7 +34,7 @@ When I build a Debian package from its sources, I only sometimes want to make ac
 Emacs
 #####
 
-I do nearly all my text editing in Emacs. I write all my code in Emacs, edit configuration files in Emacs, write Latex documents with the great `AUCTEX <https://www.gnu.org/software/auctex/>`_ package and do my email with `mu4e <https://www.djcbsoftware.nl/code/mu/mu4e.html>`_. The text you are reading right now was also written in Emacs. You can find a partially cleaned up version of my Emacs config file `here <https://code.fossencdi.org/config.git/tree/emacs>`_. I use the `"tomorrow" theme <https://github.com/purcell/color-theme-sanityinc-tomorrow>`_. Packages are maintained with `El-Get <http://tapoueh.org/emacs/el-get.html>`_.
+I do nearly all my text editing in `Emacs <https://www.gnu.org/software/emacs/>`_. I write all my code in Emacs, edit configuration files in Emacs, write LaTeX documents with the great `AUCTEX <https://www.gnu.org/software/auctex/>`_ package and do my email with `mu4e <https://www.djcbsoftware.nl/code/mu/mu4e.html>`_. The text you are reading right now was also written in Emacs. You can find a partially cleaned up version of my Emacs config file `here <https://code.fossencdi.org/config.git/tree/emacs>`_. I use the `"tomorrow" theme <https://github.com/purcell/color-theme-sanityinc-tomorrow>`_. Packages are maintained with `El-Get <http://tapoueh.org/emacs/el-get.html>`_.
 
 To securely send email in Emacs, I do certificate pinning with GnuTLS as described `here <https://blogs.fsfe.org/jens.lechtenboerger/2014/03/10/certificate-pinning-with-gnutls-in-the-mess-of-ssltls/>`__. My mail server uses `Let’s Encrypt <https://letsencrypt.org/>`_, so I have to do the pinning every two months. The procedure is as follows:
 
@@ -55,8 +55,8 @@ Open a file as root in Emacs:
    C-x C-f /sudo::/path/to/file
 
 
-Files
-#####
+Files and storage
+#################
 
 Count number of words in a PDF document:
 
@@ -64,6 +64,7 @@ Count number of words in a PDF document:
 
    pdftotext <FILE> - | tr -d '.' | wc -w -
 
+`pmount <http://linux.die.net/man/1/pmount>`_ can be used to manually mount removable mass storage as normal user.
 
 Network
 #######
@@ -97,7 +98,7 @@ Results can be viewed in KCachegrind.
 Media
 #####
 
-I do all my video editing with the allrounder `Blender <https://www.blender.org/>`_. Vector graphics are created in `Inkscape <https://inkscape.org/en/>`_.
+I do all my video editing and the occasional 3D modeling with the allrounder `Blender <https://www.blender.org/>`_. Vector graphics are created in `Inkscape <https://inkscape.org/en/>`_.
 
 Photos
 ------
diff --git a/content/pages/setup.rst b/content/pages/setup.rst
index ff511b4..9f0a714 100644
--- a/content/pages/setup.rst
+++ b/content/pages/setup.rst
@@ -19,6 +19,8 @@ Furthermore, I own two Samsung Galaxy S III phones. One of them is my daily driv
 Software
 ########
 
+Freedom/security aspects and the operating systems I use
+--------------------------------------------------------
 `I try to use as much free software as possible <{filename}/why_free_software.rst>`_. Unfortunately, we are not yet at the point when we can buy almost any kind of hardware as use it exclusively with free software. My laptop and PC work fine with the free graphics drivers for Intel and Nvidia chips. On the operating system level, I don't depend on nonfree software in the case of the PC, home server and router. However, the laptop needs a nonfree firmware to make the Intel Wireless card work.
 
 My PC, laptop and home server need proprietary hardware initialization software. There isn't a free `BIOS <https://en.wikipedia.org/wiki/BIOS>`_ replacement available yet. I'd like to use hardware that is supported by `Libreboot <https://libreboot.org/>`_ or at least supported by `Coreboot <https://www.coreboot.org/>`_. The `Libreboot website <https://libreboot.org/>`_ explains why it's important that free software boots up your system. It also sums up why security and privacy is only possible on `Intel <https://libreboot.org/faq/#intel>`_ and `AMD <https://libreboot.org/faq/#amd>`_ hardware that is several years old.
@@ -26,4 +28,26 @@ My PC, laptop and home server need proprietary hardware initialization software.
 ..
    A nonfree BIOS causes several issues. Among others, many manufacturers use whitelists to only allow the usage of a certain hardware. This makes it difficult to replace parts of the hardware. The nonfree BIOS is often slow and bloated. It may contain backdoors Security issues are  
 
-More coming soon!
+Unfortunately, my two phones also need proprietary initialization software. The bootloaders are not even replaceable because the hardware only runs bootloaders that are signed by the manufacturer. `There is also a second nonfree operating system running on the modem and various chips need proprietary firmwares for which there are no free replacements yet <https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300PrivacySecurityEvaluation>`_. The `Replicant website <https://www.replicant.us/freedom-privacy-security-issues.php>`_ explains why these issues need our attention. The graphics chip and GPS even need proprietary drivers that run on the main CPU. I use a QSTARZ BT-Q818XT as external GPS receiver over Bluetooth. It is quite accurate, has a long battery life and works nicely with my updated `BlueGPS <https://code.fossencdi.org/BlueGPS.git/>`_ app version. I don't use any proprietary drivers or other software that runs on the main CPU of the phone, but I use some proprietary firmware to get different functionality working.
+
+The two servers, the PC and the laptop are running `Debian Stable <https://www.debian.org/>`_. I tried many different `distributions <http://distrowatch.com/>`_, but I always came back to Debian. It has a huge community, focuses on free software and is just stable and secure. The router is running `Openwrt <https://openwrt.org/>`_. `Replicant 6.0 <https://redmine.replicant.us/boards/21/topics/12057>`_ powers the phones.
+
+I use various tools to make my desktops and servers more secure and to reduce the maintenance burden. For example, I make heavy use of AppArmor to confine critical or Internet-facing applications. `Here <https://code.fossencdi.org/config.git/tree/apparmor-profiles>`_ are some of my customized profiles. My kernels are hardened with `grsecurity <https://grsecurity.net/>`_ including PaX.
+
+Desktop
+-------
+For some time, I switched between `Xfce <https://www.xfce.org/>`_, `KDE's Plasma Desktop <https://www.kde.org/workspaces/plasmadesktop/>`_ and `GNOME 3 <https://www.gnome.org/gnome-3/>`_ as my desktop environment of choice. Quite some time ago, I settled with `i3 <https://i3wm.org/>`_ which is not even a desktop environment but an awesome tiling window manager. It is very lightweight, fast and makes a completely keyboard-driven workflow possible. `Here <https://code.fossencdi.org/config.git/tree/i3-config>`__ is my config file. `LightDM <https://www.freedesktop.org/wiki/Software/LightDM/>`_ is my favorite display manager and `urxvt <http://software.schmorp.de/pkg/rxvt-unicode.html>`_ is my default terminal. `/r/unixporn <https://www.reddit.com/r/unixporn/>`_ is a great source for nice-looking customizations for i3 and urxvt. `I use Emacs for almost all text-related tasks <{filename}/pages/notes.rst#emacs>`_.
+
+Of course, `my photo and video editing workflow only involves free software <{filename}/pages/notes.rst#media>`_, although some of my older `photos <https://fossencdi.org/gallery/index.html>`_ were edited with nonfree software because I wasn't yet aware about free software at the time. Sometimes, I use a Wacom Bamboo tablet for editing photos, creating vector graphics or annotating documents in `Xournal <http://xournal.sourceforge.net/>`_. `qpdfview <https://launchpad.net/qpdfview>`_ is my go-to PDF viewer because it makes it possible to open many PDF files in a tabbed view and it syncs nicely a PDF preview of my `LaTeX <https://www.latex-project.org/>`_ documents.
+
+My music is handled by `MPD <https://www.musicpd.org/>`_. It's a daemon that can be accessed by different interfaces. On the desktop, I use `ncmpcpp <https://rybczak.net/ncmpcpp/>`_. On the phone, I stream music from my PC with `MPDroid <https://github.com/abarisain/dmix>`_. I like about MPD that it practically always plays my music without any hiccups, even when the machine is under full load including heavy disc IO.
+
+`youtube-dl <https://rg3.github.io/youtube-dl/>`_ in combination with `mpv <https://mpv.io/>`_ and `MediathekView <http://zdfmediathk.sourceforge.net/>`_ are used to access videos that are available on the Internet. My IRC setup consists of `WeeChat <https://weechat.org/>`_ and `ZNC <http://wiki.znc.in/ZNC>`_. `pass <https://www.passwordstore.org/>`_ stores all my passwords. The ugly but extremely handy `Ding dictionary lookup program <https://www-user.tu-chemnitz.de/~fri/ding/>`_ is my dictionary and thesaurus interface.
+
+Self-hosting
+------------
+In my experience, setting up email processing is the most difficult part of a self-hosted setup. On the servers, my mail is handled by `Postfix <http://www.postfix.org/>`_, `Dovecot <http://dovecot.org/>`_, `amavisd-new <https://www.amavis.org/>`_, `SpamAssassin <https://spamassassin.apache.org/>`_, `Postgrey <http://postgrey.schweikert.ch/>`_, `Roundcube <https://roundcube.net/>`_ and `ClamAV <https://www.clamav.net/>`_. Everything is glued together with MySQL.
+
+On my home server, `Tiny Tiny RSS <https://tt-rss.org/gitlab/fox/tt-rss/wikis/home>`_ aggregates all my various reading sources including news, blogs, comics and software updates. I also have an `ownCloud <https://owncloud.org/>`_ instance running, but it's only used to share files with others. I do my own file syncing with `git-annex <https://git-annex.branchable.com/>`_. Calendar and contacts are synced with `Radicale <http://radicale.org/>`_. I also maintain an `Etherpad <http://etherpad.org/>`_ instance for notes and to work together with others on documents. `Prosody <https://prosody.im/>`_ works best for me as a Jabber/XMPP server. Besides `Tor <https://www.torproject.org/>`_, I experiment with `I2P <https://geti2p.net/en/>`_, especially with the file sharing part of it. `BIND <https://www.isc.org/downloads/bind/>`_ does my DNS, but shame on me: I still didn't have the time to set up `DNSSEC <https://en.wikipedia.org/wiki/Dnssec>`_ and `DANE <https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities>`_.
+
+Together with the services that are hosted `here <https://fossencdi.org>`__, I am able to self-host every service that I need and that involves my personal data.