diff --git a/content/notes/doh-in-android.md b/content/notes/doh-in-android.md
index f61f4a5..d30f80e 100644
--- a/content/notes/doh-in-android.md
+++ b/content/notes/doh-in-android.md
@@ -5,7 +5,7 @@ replyURI: "https://vulpine.club/@KitRedgrave/108682844888729785"
 replyTitle: "Thread on concerns about DoH in Android"
 replyType: "SocialMediaPosting"
 replyAuthor: "vx. redgrave"
-replyAuthorURI: "https://vulpine.club/@KitRedgrave"
+replyAuthorURI: "https://firefish.kitredgrave.net/@kit"
 ---
 IMO: the main benefit of DNS-over-HTTPS (DoH) is that it's a stepping stone to [Oblivious DNS over HTTPS (RFC 9230)](https://www.rfc-editor.org/rfc/rfc9230.html).
 
diff --git a/content/notes/self-signed-cert-problems.md b/content/notes/self-signed-cert-problems.md
index 1482beb..2024a89 100644
--- a/content/notes/self-signed-cert-problems.md
+++ b/content/notes/self-signed-cert-problems.md
@@ -6,7 +6,7 @@ replyURI: "https://web.archive.org/web/20230422173223/https://snowdin.town/notic
 replyTitle: "self-signatures should have been treated as something normal"
 replyType: "SocialMediaPosting"
 replyAuthor: "Luna Saphira Dragofelis"
-replyAuthorURI: "https://buff.tomboyfan.club/users/LunaDragofelis"
+replyAuthorURI: "https://pleroma.envs.net/users/Ae1AG6egkhnq6UN1XM"
 ---
 > in my opinion, self-signatures should have been treated as something normal, with a warning only triggered if the site has been visited before and the signing key has changed
 
diff --git a/content/notes/soulless-pride.md b/content/notes/soulless-pride.md
index ca5c08f..b3386a6 100644
--- a/content/notes/soulless-pride.md
+++ b/content/notes/soulless-pride.md
@@ -9,4 +9,4 @@ A good smoke test to see if rainbow-flag/BLM-repping organizations actually give
 
 They don't care about minorities; they're only in if for the branding. When a soulless organization uses your symbols, it remains soulless.
 
-Soulless organizations don't have good or evil intent. {{<mention-work itemtype="VideoObject">}}{{<indieweb-person itemprop="author" first-name="Bryan" last-name="Cantrill" url="http://dtrace.org/blogs/bmc/">}} put this best in his talk {{<cited-work name="Fork Yeah! The Rise and Development of Illumnos" url="https://www.youtube.com/watch?v=-zRN7XLCRhc&t=38m30s">}} (starts at <time datetime="PT38M30S" itemprop="startTime">00:38:30</time>).{{</mention-work>}}
+Soulless organizations don't have good or evil intent. {{<mention-work itemtype="VideoObject">}}{{<indieweb-person itemprop="author" first-name="Bryan" last-name="Cantrill" url="https://bcantrill.dtrace.org/">}} put this best in his talk {{<cited-work name="Fork Yeah! The Rise and Development of Illumnos" url="https://www.youtube.com/watch?v=-zRN7XLCRhc&t=38m30s">}} (starts at <time datetime="PT38M30S" itemprop="startTime">00:38:30</time>).{{</mention-work>}}
diff --git a/content/posts/fediverse-blocklists.md b/content/posts/fediverse-blocklists.md
index c79b775..1c4276f 100644
--- a/content/posts/fediverse-blocklists.md
+++ b/content/posts/fediverse-blocklists.md
@@ -155,7 +155,7 @@ I had reason to be comfortable with the personal nature of this blocklist. This
 
 Unfortunately, the situation was different for Oliphant's unified-max blocklist. Several entries made that list for personal reasons. I focused too much on my `tier0.csv` and failed to notice that anything was off with Oliphant's lists, even though I bore much responsibility for this blunder.
 
-{{<indieweb-person name="Tyr" url="https://pettingzoo.co/@tyr" itemprop="mentions">}} from pettingzoo.co [raised important issues in a thread](https://pettingzoo.co/@tyr/110289010380366104) after noticing his instance's inclusion in the unified-max blocklist. He pointed out that offering a unified-max list containing these blocks is a form of homophobia: it risks hurting sex-positive queer spaces. Simply claiming that the unified-max list isn't intended to be imported isn't enough; there's a real risk that future admins may import it without reading the documentation. I recommend giving the thread a read.
+{{<indieweb-person name="Tyr" url="https://arf.gay/" itemprop="mentions">}} from pettingzoo.co raised important issues in a now-deleted thread after noticing his instance's inclusion in the unified-max blocklist. He pointed out that offering a unified-max list containing these blocks is a form of homophobia: it risks hurting sex-positive queer spaces. Simply claiming that the unified-max list isn't intended to be imported isn't enough; there's a real risk that future admins may import it without reading the documentation. I recommend giving the thread a read.
 
 Oliphant got understandable push-back for this issue in his blocklists, but it's not fair for all of the criticism to be directed at him and none at me. Many small mistakes from multiple people, including me, cascaded into one big failure.
 
diff --git a/content/posts/floss-security.gmi b/content/posts/floss-security.gmi
index d84f1e0..800d71a 100644
--- a/content/posts/floss-security.gmi
+++ b/content/posts/floss-security.gmi
@@ -144,7 +144,7 @@ Simply monitoring network activity and systematically testing all claims made by
 
 This is where some binary analysis comes in. Neither of Skochinsky's linked presentations seem to enumerate any contradictions with official Intel documentation. Unfortunately, some components are poorly understood due to being obfuscated using Huffman compression with unknown dictionaries:
 
-=> http://io.netgarage.org/me/ Intel ME Huffman algorithm
+=> https://io.netgarage.org/me/ Intel ME Huffman algorithm
 
 Understanding the inner workings of the obfuscated components blurs the line between software reverse-engineering and figuring out how the chips are actually made, the latter of which is nigh-impossible if you don't have access to a chip lab full of cash. However, black-box analysis does tell us about the capabilities of these components: see page 21 of "ME Secrets". Thanks to zdctg for clarifying this.
 
diff --git a/content/posts/floss-security.md b/content/posts/floss-security.md
index e77d711..19e4535 100644
--- a/content/posts/floss-security.md
+++ b/content/posts/floss-security.md
@@ -148,7 +148,7 @@ Simply monitoring network activity and systematically testing all claims made by
 
 This is where some binary analysis comes in. Neither Skochinsky's [ME Secrets](https://recon.cx/2014/slides/Recon%202014%20Skochinsky.pdf) presentation nor <cite>Intel Me: Myths and Reality</cite> seem to enumerate any contradictions with [official Intel documentation](https://link.springer.com/book/10.1007/978-1-4302-6572-6).
 
-Unfortunately, some components are poorly understood due to being obfuscated using [Huffman compression with unknown dictionaries](http://io.netgarage.org/me/). Understanding the inner workings of the obfuscated components blurs the line between software reverse-engineering and figuring out how the chips are actually made, the latter of which is nigh-impossible if you don't have access to a chip lab full of cash. However, black-box analysis does tell us about the capabilities of these components: see page 21 of "ME Secrets". Thanks to zdctg for clarifying this.
+Unfortunately, some components are poorly understood due to being obfuscated using [Huffman compression with unknown dictionaries](https://io.netgarage.org/me/). Understanding the inner workings of the obfuscated components blurs the line between software reverse-engineering and figuring out how the chips are actually made, the latter of which is nigh-impossible if you don't have access to a chip lab full of cash. However, black-box analysis does tell us about the capabilities of these components: see page 21 of "ME Secrets". Thanks to zdctg for clarifying this.
 
 Skochinsky's and Corna's analysis was sufficient to clarify (but not completely contradict) sensationalism claiming that ME can remotely lock any PC (it was a former opt-in feature), can spy on anything the user does (they clarified that access is limited to unblocked parts of the host memory and the integrated GPU, but doesn't include e.g. the framebuffer), etc.
 
diff --git a/content/posts/website-best-practices.md b/content/posts/website-best-practices.md
index 38bce01..78205ae 100644
--- a/content/posts/website-best-practices.md
+++ b/content/posts/website-best-practices.md
@@ -995,7 +995,7 @@ Some image optimization tools I use:
 : Offers more advanced dithering options than gifsicle and pngquant.
 
 [`oxipng`](https://github.com/shssoichiro/oxipng)
-: Lossless PNG compression. It's like a parallelized version of [OptiPNG](http://optipng.sourceforge.net/) that also supports an implementation of [ZopfliPNG](https://github.com/google/zopfli/blob/831773bc28e318b91a3255fa12c9fcde1606058b/README.zopflipng) compression
+: Lossless PNG compression. It's like a parallelized version of [OptiPNG](https://optipng.sourceforge.net/) that also supports an implementation of [ZopfliPNG](https://github.com/google/zopfli/blob/831773bc28e318b91a3255fa12c9fcde1606058b/README.zopflipng) compression
 
 [`jpegoptim`](https://github.com/tjko/jpegoptim)
 : Lossless or lossy JPEG compression. Note that JPEG is an inherently lossy format; the lossless features of `jpegoptim` only shrink the size of existing JPEG files by removing unnecessary metadata.
diff --git a/csv/rewrites.csv b/csv/rewrites.csv
index e0f8c16..b3689c1 100644
--- a/csv/rewrites.csv
+++ b/csv/rewrites.csv
@@ -43,3 +43,10 @@ https://sparkly.uni.horse/@emily/109224061809444742,https://web.archive.org/web/
 https://polarhive.ml/blog/messengers/,https://polarhive.net/blog/messengers/
 https://itnan.ru/post.php?c=1&p=552844,https://web.archive.org/web/20221219060315/https://itnan.ru/post.php?c=1&p=552844#22936344
 https://news.elias.sh/posts/05-2021/,https://web.archive.org/web/20221219060306/https://news.elias.sh/posts/05-2021/
+https://brid.gy/comment/mastodon/@seirdy@pleroma.envs.net/AQs97KWObcsL5o0flw/AQsCYKp7tGdFi8L6Q4,https://web.archive.org/web/20221224182745/https://a11y.info/@todd/109558756036481191
+https://brid.gy/comment/mastodon/@seirdy@pleroma.envs.net/AQs97KWObcsL5o0flw/AQsCj9oz8YDQm0QxrE,https://web.archive.org/web/20230124183651/https://a11y.info/@todd/109558763701454605
+https://brid.gy/comment/reddit/Seirdy/k0dmpj/gdjjtif,https://brid.gy/comment/reddit/seirdy/k0dmpj/gdjjtif
+https://brid.gy/comment/reddit/Seirdy/l921u4/glhc3vj,https://brid.gy/comment/reddit/seirdy/l921u4/glhc3vj
+https://brid.gy/post/reddit/Seirdy/k0a2k3,https://brid.gy/post/reddit/seirdy/k0a2k3
+https://forum.kuketz-blog.de/viewtopic.php?p=78202,https://archive.today/2022.09.26-213559/https://forum.kuketz-blog.de/viewtopic.php?p=78202
+https://devin.masto.host/@devinprater/108384703012524116,https://web.archive.org/web/20221124225201/https://devin.masto.host/@devinprater/108384703012524116
diff --git a/csv/webrings.base.csv b/csv/webrings.base.csv
index a13a3a1..d7cc6e5 100644
--- a/csv/webrings.base.csv
+++ b/csv/webrings.base.csv
@@ -6,7 +6,7 @@ CSS,https://webri.ng/webring/cssjoy/previous?via=https://seirdy.one/,https://cs.
 no ai,https://baccyflap.com/noai/?prv&s=srd,https://baccyflap.com/noai,https://baccyflap.com/noai/?nxt&s=srd,https://baccyflap.com/noai/?rnd
 TheOldNet,https://webring.theoldnet.com/member/ba438275f00f5df1a2e78e547424d05e/previous/navigate,https://webring.theoldnet.com/,https://webring.theoldnet.com/member/ba438275f00f5df1a2e78e547424d05e/next/navigate,https://webring.theoldnet.com/member/ba438275f00f5df1a2e78e547424d05e/random/navigate
 geekring,https://geekring.net/site/167/previous,https://geekring.net/,https://geekring.net/site/167/next,https://geekring.net/site/167/random
-Loop (JS),https://loop.graycot.dev/webring.html?action=prev,https://docs.graycot.dev/s/MFowZsw_F,https://loop.graycot.dev/webring.html?action=next,https://loop.graycot.dev/webring.html?action=rand
+Loop (JS),https://loop.graycot.dev/webring.html?action=prev,https://github.com/Graycot/loop-ring/blob/master/README.md,https://loop.graycot.dev/webring.html?action=next,https://loop.graycot.dev/webring.html?action=rand
 Retronaut,https://webring.dinhe.net/prev/https://seirdy.one/,https://webring.dinhe.net/,https://webring.dinhe.net/next/https://seirdy.one/,null
 Hotline,https://hotlinewebring.club/seirdy/previous,https://hotlinewebring.club,https://hotlinewebring.club/seirdy/next,null
 Bucket (JS),https://webring.bucketfish.me/redirect.html?to=prev&name=seirdy,https://webring.bucketfish.me/,https://webring.bucketfish.me/redirect.html?to=next&name=seirdy,null
diff --git a/linter-configs/htmltest.yml b/linter-configs/htmltest.yml
index 2339e04..55eba11 100644
--- a/linter-configs/htmltest.yml
+++ b/linter-configs/htmltest.yml
@@ -1,7 +1,7 @@
 DirectoryPath: "public"
 IgnoreDirs:
   - "search"
-CacheExpires: "120h" # 1 day
+CacheExpires: "120h" # 5 days
 CheckFavicon: true
 EnforceHTML5: true
 IgnoreAltMissing: false
@@ -14,15 +14,11 @@ IgnoreHTTPS:
   - "http://localhost:"
   - "http://wgq3bd2kqoybhstp77i3wrzbfnsyd27wt34psaja4grqiezqircorkyd.onion"
   - "http://bettermotherfuckingwebsite.com/"
-  - "http://dtrace.org/"
   - "http://www.wall.org/~larry/"
   - "http://herpolhode.com/"
   - "http://io.netgarage.org/me/"
   - "http://linter.structured-data.org/"
-  - "http://optipng.sourceforge.net/"
-  - "http://renaissancechambara.jp/"
   - "http://techrights.org/"
-  - "http://www.nathanmyhrvold.com/"
   - "http://www.tuxmachines.org/"
   - "http://xmlns.com/"
   - "http://nerdlistings.info/"
@@ -45,25 +41,20 @@ IgnoreURLs:
   # - "https://seirdy.one/.well-known/webfinger?resource=acct%3Aseirdy%40seirdy.one"
   - "https://seirdy.one/.well-known/webfinger" # inexplicable false positive
   - "https://strugee.net/" # refuses connection
-  - "https://www.moonshot.forbiddenl0ve.net/index.php" # cert mismatch false positive
   # - "https://forum.palemoon.org/viewtopic.php?f=1&t=25473" # manual check: blocks crawlers
   - "https://forum.palemoon.org/viewtopic.php"
   - "https://queue.acm.org/detail" # manual check: blocks crawlers
-  - "https://plausible.io/blog/google-floc#" # manual check: I block this domain
   # - "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830173" # manual check: 400 for some reason, using curl works fine.
   - "https://bugs.debian.org/cgi-bin/bugreport.cgi"
   - "https://www.science.org/content/blog-post/deliberately-optimizing-harm" # http 413, browser works fine.
-  # - "https://forum.kuketz-blog.de/viewtopic.php?p=78202" # manual check: blocks crawlers
-  - "https://forum.kuketz-blog.de/viewtopic.php"
   - "https://web.archive.org/" # the wayback machine itself.
   - "https://i.reddit.com/r/web_design/comments/k0dmpj/an_opinionated_list_of_best_practices_for_textual/gdmxy4u/"
-  - "https://gitweb.torproject.org/tor-browser.git/tree/browser/components/securitylevel/SecurityLevel.jsm.id=ffdf" # Seems to block htmltest; check manually
   - "https://lnk.dk" # blocks htmltest
   - "https://www.fastcompany.com/90759792/with-google-dominating-search-the-internet-needs-crawl-neutrality" # blocks htmltest
   - "https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy" # my DNS filters block this domain, cbf to work around it just for htmltest
   - "https://doi.org/10.1515/popets-2017-0023" # redirects to a different domain which tends to block requests. DOI is generally good about keeping links alive; it's kinda the point of the service.
-  - "https://docs.graycot.dev/s/MFowZsw_F" # DNSSEC issue
   # user has opted out of archiving
   - "https://herd.bovid.space/@garbados"
   - "https://make.wordpress.org/accessibility/handbook/markup/infinite-scroll/"
+  - "https://www.reddit.com/user/Seirdy/" # reddit blocks htmltest
 OutputDir: "linter-configs/htmltest"