diff --git a/content/about/uses.gmi b/content/about/uses.gmi
index f5bc7ab..d9c16c6 100644
--- a/content/about/uses.gmi
+++ b/content/about/uses.gmi
@@ -6,7 +6,7 @@ My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300
## Environment
-* OS: Fedora 36
+* OS: Fedora, latest stable release.
* Wayland compositor: Sway
* Shell: zsh (interactive), dash (non-interactive/shell-scripts)
* Terminal Emulator: Foot. Sometimes gnome-terminal when I'm using a screen reader.
@@ -16,18 +16,22 @@ My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300
* `$EDITOR`: Neovim
* Browser: Firefox for most pages, Chromium for apps, NetSurf when I'm low on battery.
* Coreutils alternatives: ripgrep, sd (better multiline regexes than sed), fd
-* Music player: mpd, along with my mpd scripts
-* Video player: three builds of mpv, two with a PGO run on different types of video (anime and live-action-with-filmgrain). Often paired with yt-dlp and mpv_sponsorblock
-* Image viewer: mpv (one less program to keep track of), swayimg. Both support AVIF and JPEG-XL now.
* Session manager: tmux (I don't use it for tiling, Sway handles that)
* IRC client: WeeChat. Might use senpai eventually, if I can get it to play well with espeak-ng.
* News: Newsboat. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports WebSub.
+* Containers: Toolbox: Creates quick mutable environments for me to mess around as root. I use Fedora Rawhide for more bleeding-edge packages in these environments. Quick mutable environments to mess around in or use different toolchains are pretty much my only use of containers.
* Screen reader: Orca
=> https://sr.ht/~seirdy/mpd-scripts/ mpd-scripts page
=> https://github.com/po5/mpv_sponsorblock mpv_sponsorblock
=> https://sr.ht/~taiite/senpai/ senpai
+## Multimedia
+
+* Music player: mpd, along with my mpd scripts
+* Video player: three builds of mpv, two with a PGO run on different types of video (anime and live-action-with-filmgrain). Often paired with yt-dlp and mpv_sponsorblock
+* Image viewer: mpv (one less program to keep track of), swayimg. Both support AVIF and JPEG-XL now.
+
## Mail:
* Mail fetcher: mbsync
diff --git a/content/about/uses.md b/content/about/uses.md
index 65966a6..fceb25a 100644
--- a/content/about/uses.md
+++ b/content/about/uses.md
@@ -8,17 +8,15 @@ date: "2022-06-16T17:16:18-07:00"
---
Here's the software I use. I've recently started to reduce my use of TUIs in favor of CLIs for a variety of reasons. When possible, I try to use lightweight programs that can run on any machine, from a single-board computer to a giant desktop. I don't ever want to feel like I need to upgrade my hardware to do the same tasks as before: hardware upgrades should only be justified by my use-cases significantly changing, existing hardware being broken beyond repair, or upstream abandonment of security patches.[^1]
-Hardware
---------
+## Hardware
My main computer is a 2013 HP Elitebook 840 G1. It has a dual-core Intel i5-4300U CPU (Haswell), with simultaneous multithreading disabled.
-Environment
------------
+## Environment
-Fedora 36
-: Primary OS. Uses Linux, Systemd, GNU libc, GNU coreutils, dnf, firewalld, and SELinux.
+Fedora
+: Primary OS, latest stable version. Uses Linux, Systemd, GNU libc, GNU coreutils, dnf, firewalld, and SELinux.
Sway
: Dynamic Wayland compositor that focuses on tiling window management but also supports tabbed and stacking layouts.
@@ -32,8 +30,7 @@ DASH
Foot
: Primary terminal emulator. Sometimes I use gnome-terminal when I'm using a screen reader.
-Basic utilities
----------------
+## Basic utilities
Neovim
@@ -48,6 +45,24 @@ ripgrep
[fd](https://github.com/sharkdp/fd)
: Better parallel execution than `find -exec`. I still use `find` in many situations, though.
+Tmux
+: I typically don't use it for tiling or tabs, except over SSH. Sway has me covered there. I instead use Tmux for session management and for buffer manipulation (regex search, piping the buffer, writing the buffer to a file, etc).
+
+WeeChat
+: IRC client. I might use [senpai](https://sr.ht/~taiite/senpai/) eventually, if I can get it to play well with espeak-ng.
+
+Newsboat
+: Feed reader for RSS and Atom feeds. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports [WebSub](https://websub.net/draft).
+
+Toolbox
+: Creates quick mutable environments for me to mess around as root. I use Fedora Rawhide for more bleeding-edge packages in these environments. Quick mutable environments to mess around in or use different toolchains are pretty much my only use of containers.
+
+Orca
+: Screen reader. Great for when I'm dealing with overstimulation and need to "turn everything off" for a while. I don't actually rely on this to use my machine.
+
+## Multimedia
+
+
mpd
: My music player daemon, paired with [my mpd scripts](https://sr.ht/~seirdy/mpd-scripts/) and [mpd-mpris](https://github.com/natsukagami/mpd-mpris).
@@ -58,20 +73,7 @@ mpv
[swayimg](https://github.com/artemsen/swayimg)
: Secondary image viewer; grabs window dimensions from the currently-focused window in Sway.
-Tmux
-: I typically don't use it for tiling or tabs, except over SSH. Sway has me covered there. I instead use Tmux for session management and for buffer manipulation (regex search, piping the buffer, writing the buffer to a file, etc).
-
-WeeChat
-: IRC client. I might use [senpai](https://sr.ht/~taiite/senpai/) eventually, if I can get it to play well with espeak-ng.
-
-Newsboat
-: Feed reader for RSS and Atom feeds. I'm thinking of switching to a feed-to-IMAP or Maildir setup eventually so I can get sync and use mblaze, and replace a TUI with a CLI. Ideally something that supports [WebSub.](https://websub.net/draft)
-
-Orca
-: Screen reader. Great for when I'm dealing with overstimulation and need to "turn everything off" for a while. I don't actually rely on this to use my machine.
-
-Browsers
---------
+## Browsers
I always disable JavaScript and JIT-compilation unless it's absolutely required.
@@ -88,8 +90,7 @@ Tor Browser
NetSurf
: When I'm low on battery or want to experiment a bit.
-Mail
-----
+## Mail
Email sucks but it's the only lightweight, open, federated protocol for subject-delimited threaded discussions that meets my needs. It also makes working with open-source projects easier: it gives me one place to look for patches and issues so I don't have to open GitHub, Codeberg, GitLab, Sourcehut, etc. in different tabs and check each one.[^2]
@@ -104,13 +105,12 @@ msmtp
: Routine tasks, displaying my inbox or list threads, reading email, organizing my messages
Neomutt
-: My mail user agent, for the tasks that mbsync isn't good for (e.g. manual organization)
+: My mail user agent, for the tasks that mblaze isn't good for (e.g. manual organization)
[w3m-sandbox](https://git.sr.ht/~seirdy/bwrap-scripts/tree/trunk/item/w3m-sandbox)
: Displays HTML mail in a sandboxed environment. Networking and most filesystem access are disabled; using its full unrestricted functionality will involve syscalls I forbid with seccomp and crash the program.
-Networking and penetration testing
-----------------------------------
+## Networking and penetration testing
Every administrator needs some tools to test their servers.
@@ -136,8 +136,7 @@ Every administrator needs some tools to test their servers.
[ssh-audit](https://github.com/jtesta/ssh-audit)
: I check my SSH config against [this SSH policy](../ssh-policy.txt). It's based on the GrapheneOS infrastructure's SSH configs.
-Other tools
------------
+## Other tools
Everyday utilities I can't live without:
@@ -186,8 +185,7 @@ bmake
yt-dlp
: Download videos from hundreds of different sites, including YouTube. Integrates with external downloaders like aria2 and downloads DASH chunks in parallel to max out your connection speed. yt-dlp also integrates with Sponsorblock to add skippable chapters for the segments I'd otherwise have to manually skip (sponsored content, subscription-begging, an ending segment featuring other videos, and other useless bullshit). I've forgotten what it's like to watch a video ad.
-This website
-------------
+## This website
I use multiple aforementioned tools (Neovim, bmake, sd, etc.) for routine tasks when building seirdy.one.
@@ -273,7 +271,7 @@ All my server daemons are statically-linked binaries, which makes sandboxing eas
Nginx
-: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli (static)](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, PCRE2 (non-JIT), and musl libc; patched for dynamic TLS records, basic externally-managed OCSP-stapling support, static HPACK compression, removing server signatures, and enabling dark mode on in-binary error pages. I recommend most people use Caddy instead of Nginx. The only benefits of Nginx are certain modules providing application-server capabilities, the ability to re-load all configs with zero downtime, better requests-per-second on limited hardware (although most sites won't need to handle more than a few hundred requests per second, which Caddy can handle *easily*), and kernel-accelerated TLS for maximizing bandwidth (usually unnecessary).
+: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli (static)](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, PCRE2 (non-JIT), and musl libc; patched for dynamic TLS records, basic externally-managed OCSP-stapling support, static HPACK compression, removing server signatures, and enabling dark mode on in-binary error pages. I recommend most people use Caddy instead of Nginx. The only benefits of Nginx are certain modules providing application-server capabilities, the ability to re-load all configs with zero downtime, better requests-per-second on limited hardware (although most sites won't need to handle more than a few hundred requests per second, which Caddy can handle _easily_), and kernel-accelerated TLS for maximizing bandwidth (usually unnecessary).
[certbot-ocsp-fetcher](https://github.com/tomwassenberg/certbot-ocsp-fetcher)
: Shell script to manage the OCSP cache for Nginx, since Nginx's own implementation shouldn't be used without running a trusted resolver (and is completely non-existent if you build with BoringSSL).
@@ -293,8 +291,7 @@ Agate
[Conduit](https://conduit.rs/)
: Faster and more lightweight Matrix server in a single binary.
-Services
---------
+## Services
I generally try to limit my dependence on services, preferring to run software myself. I do make a few compromises.
@@ -314,8 +311,7 @@ I generally try to limit my dependence on services, preferring to run software m
[Search My Site](https://searchmysite.net/)
: I already pay for it; I might as well use it! Its API powers the site's search functionality, with searches proxied through a tiny Go wrapper on my backend.
-What I don't use
-----------------
+## What I don't use
These are tools that I don't use, or avoid using.